What AI compliance requirements apply to insurance brokers?

Last verified: May 28, 2026

Answer

Insurance brokers using AI for quoting, risk assessment, or client recommendations fall under Colorado's AI Act (SB 26-189, which repealed and reenacted SB 24-205), which treats insurance as a consequential decision: brokers must give interaction notice, explain adverse AI-driven decisions within 30 days, allow data corrections, and provide meaningful human review — plus potential E&O exposure if AI exclusion endorsements affect their own coverage.

Applicable Regulations

SB-26-189

Colorado AI Act — Automated Decision-Making Technology (SB 26-189, repeal & reenactment of SB 24-205)

enacted

On 2026-05-14 Governor Polis signed SB 26-189, which repeals and reenacts the Colorado AI Act (originally SB 24-205). The new law abandons the risk-management / annual-impact-assessment model and replaces it with a disclosure-and-notice framework governing "automated decision-making technology" (ADMT) that makes or substantially influences "consequential decisions" (education, employment, housing, financial services, insurance, healthcare, government services). The statute formally takes effect 2026-08-12 (no safety clause), but all substantive compliance obligations — for both deployers and developers — begin 2027-01-01, which is the operative date for regulated businesses; the Attorney General's implementing rules are also due by 2027-01-01. The AG has stated he will not enforce until the mandatory rulemaking process concludes.

Key Requirements

Interaction Notice Deployers must give clear notice at the point of interaction when a consumer interacts with an automated decision-making technology (ADMT)
Adverse-Outcome Disclosure Provide a plain-language explanation within 30 days of an adverse consequential decision made or substantially influenced by an ADMT
Data Correction Right Allow consumers to request correction of factually incorrect personal data used by the ADMT
Meaningful Human Review Provide meaningful human review and reconsideration after an adverse consequential decision
Developer Documentation Developers must supply technical documentation (intended uses, known harmful uses, training-data categories, known limitations and risks, and instructions enabling meaningful human review), notify deployers of material updates, and retain compliance records for 3+ years. Like all duties under the act, these obligations begin 2027-01-01
Effective: 2027-01-01 Penalties: Enforced exclusively by the Colorado Attorney General; violations are treated as deceptive trade practices under the Colorado Consumer Protection Act. Before enforcement the AG must give 60 days' written notice and an opportunity to cure; this cure right sunsets 2030-01-01, after which enforcement may be immediate. The AG has stated no enforcement will occur until the mandatory rulemaking process concludes.

Carrier Endorsement Details

PC-51380

W.R. Berkley — PC 51380

Absolute AI exclusion for D&O, E&O, and Fiduciary Liability — eliminates coverage for any claim "based upon, arising out of, or attributable to" AI use.

Key Provisions

Absolute exclusion — no coverage for any AI-related claim
Applies to claims 'based upon, arising out of, or attributable to' AI
Covers owned, licensed, and third-party AI systems
No carve-back for incidental AI use
Type: exclusion Policies: D&O, E&O, Fiduciary

Industry Context

Insurance Brokers

Insurance brokers and agents increasingly use AI for underwriting support, client risk assessment, claims triage, and policy recommendation — work that sits squarely inside their professional duty of care. The exposure runs two ways. First, the brokerage's own AI use creates errors-and-omissions (E&O) risk: an AI-suggested coverage gap, a misclassified risk, or a chatbot that misstates policy terms can become a negligence claim. Second, brokers must understand the AI exclusion endorsements now appearing in the policies they place — Verisk's CG 40 47 and Berkley's PC 51380 both apply broadly to AI-related claims, including unsanctioned "shadow AI" use that the insured may not even know about. The NAIC Model Bulletin on the Use of Artificial Intelligence Systems by Insurers (adopted December 2023 and issued by many states since) sets the expectation of a documented AI governance program, while state unfair-trade-practices and rating laws constrain how AI may influence pricing, eligibility, and claims decisions.

Typical Compliance Gaps

No AI governance policy for underwriting tools
Lack of human oversight in AI-driven coverage recommendations
No documentation of AI vendor risk assessments
Unaware of AI exclusion endorsements in own E&O coverage
No process to check placed policies for AI exclusion endorsements before binding
No E&O review of the brokerage's own AI tools against NAIC Model Bulletin expectations

Full State Analysis

Colorado AI Regulations

Where this lands operationally

Gridex turns the compliance or coverage question into operated workflow controls: intake, review points, audit trails, and the places a person stays in the decision.

Managed Intake & QualificationCapture, qualify, and route incoming work with disclosure, consent, and human review built into the intake step.Governed AI DeploymentRun AI inside real work with audit trails, human review points, and the operating controls underwriters and regulators expect.

Discuss Broker Risk Intake

Use this research to identify the workflow, review points, and operating controls that would matter in your organization.

Discuss Broker Risk Intake

Related Questions

  • Are there regulations on AI in insurance underwriting? Yes. Colorado's AI Act (SB 26-189, which repealed and reenacted SB 24-205) treats insurance as a covered 'consequential decision' area: a carrier using automated decision-making technology in underwriting or claims must give interaction notice, disclose an adverse decision in plain language within 30 days, let consumers correct inaccurate personal data, and provide meaningful human review — replacing the prior high-risk impact-assessment model. The Colorado Division of Insurance has separately issued guidance requiring carriers to demonstrate that AI underwriting models do not produce unfairly discriminatory outcomes. Multiple other state insurance departments — including California, New York, and Illinois — have issued AI guidance bulletins, and the NAIC has adopted model AI governance principles that many states are incorporating into their regulatory frameworks.
  • What does Berkley PC 51380 exclude? Berkley PC 51380 is an absolute AI exclusion for professional and management liability (D&O, E&O, Fiduciary) that eliminates coverage for any claim based upon, arising out of, or attributable to AI use.
Disclaimer: This content is provided for informational purposes only and does not constitute legal advice. AI regulations and insurance policy terms change frequently. Consult with a qualified attorney or insurance professional for advice specific to your situation. Gridex makes no warranties regarding the accuracy or completeness of this information.