Insurance AI Pricing Under the EU AI Act and NAIC Bulletin: The High-Risk Architecture

The EU AI Act Annex III point 5(c) classifies AI systems used for risk assessment and pricing in life and health insurance as high-risk. The obligations apply from August 2, 2026. The National Association of Insurance Commissioners adopted Model Bulletin 2023-3 on the Use of Artificial Intelligence Systems by Insurers in December 2023, and twenty-five US state insurance regulators have incorporated it into supervisory expectations as of 2025. Colorado's SB21-169 added concrete testing obligations for life insurers using external consumer data and predictive models. The combined regime sets specific architectural expectations that most insurer AI deployments cannot satisfy from the records they currently keep.

I want to walk through what the insurance AI regime actually requires, where carrier deployments are exposed today, and the inspection architecture that closes the gap.

What the EU AI Act requires of insurance pricing AI

Annex III point 5(c) of the EU AI Act covers AI systems intended to be used for risk assessment and pricing in relation to natural persons in the case of life and health insurance. Classification as high-risk triggers Articles 8 through 17 on the provider side and Article 26 on the deployer side.

For an EU carrier deploying an internally built underwriting model, the carrier is both the provider and the deployer. For a carrier deploying a vendor model from RGA, Munich Re, SCOR, or a software provider like Earnix, RGAX, or Akur8, the carrier is the deployer and the vendor is the provider. Both sets of obligations apply.

The relevant articles in operational terms:

• Article 9 requires a documented risk management system with identified risks, mitigations, and residual risk acceptance, maintained over the system lifetime.
• Article 10 requires data governance including representativeness, statistical properties, identification of data gaps, and bias examination.
• Article 12 requires automatic event logging over the system lifetime, with sufficient detail to identify risk situations and support post-market monitoring.
• Article 13 requires transparency to deployers so they can interpret outputs and exercise oversight. Generic model cards fail this test.
• Article 14 requires human oversight measures appropriate to the risk.
• Article 19 retains the Article 12 logs for at least six months, with specified minimum content (period of use, reference databases, input data, identification of natural persons involved in result verification).
• Article 26 puts operational obligations on the deployer, including monitoring, log retention, and notification of serious incidents.
• Article 99 sets penalties for high-risk non-compliance at €15 million or 3% of global annual turnover, whichever is higher.

For a major EU carrier with multi-billion euro premium income, the percentage tier reaches into the hundreds of millions of euros.

What the NAIC Model Bulletin adds

The NAIC Model Bulletin 2023-3, adopted December 4, 2023, sets supervisory expectations for insurers using AI systems in any function affecting insurance practices. As of late 2025, twenty-five state insurance departments have adopted or incorporated the bulletin including Connecticut, Illinois, Pennsylvania, Maryland, New Hampshire, Rhode Island, Vermont, Washington, Nevada, New York, New Jersey, Texas, Alaska, Arkansas, California, Colorado, Idaho, Iowa, Kentucky, Maine, Michigan, Minnesota, Oklahoma, Oregon, and the District of Columbia.

The bulletin requires insurers to maintain a written AI Systems Program covering:

• Governance roles and accountability for AI use, including senior management and board oversight where appropriate to the risk profile.
• Risk management and internal controls including bias testing, documentation, ongoing monitoring, and validation of AI systems used in adverse decisions for consumers.
• Third-party AI Systems and third-party data governance, including due diligence on vendors, contractual rights to audit, and remediation processes when third-party systems behave anomalously.

Commissioners conducting market conduct examinations under the bulletin expect insurers to produce evidence that the AI Systems Program operates as documented. The evidence base sits in the audit records the AI systems produce. Insurers that operate AI without per-decision audit records cannot satisfy the bulletin's evidence expectations under examination.

How Colorado SB21-169 layers on top

Colorado SB21-169, signed in 2021, applies to life insurers using external consumer data and information sources or algorithms or predictive models that incorporate external consumer data. The Colorado Division of Insurance issued implementing regulation 10-1-1 in late 2023 setting out the testing requirements.

The regulation requires that life insurers using these systems test for unfair discrimination based on race, color, national or ethnic origin, religion, sex, sexual orientation, disability, gender identity, or gender expression. The testing has to follow specific methodology, has to be repeated at defined intervals, and has to be documented to a standard that supports examination. Carriers have to file a quantitative testing report covering the prior calendar year.

The architectural requirement underneath the testing is that the insurer can reconstruct, per decision, what data the AI received, what classification result the AI produced, and what action the insurer took based on that result. Without that record, the testing rests on samples and inference rather than per-decision evidence.

Where carrier AI deployments are exposed

The exposure pattern across carriers running underwriting, claims, fraud detection, and customer service AI repeats with small variations.

The carrier is using a vendor AI service for underwriting score adjustment or fraud signal classification, but the carrier does not maintain a per-request audit record at the carrier side. The carrier holds the vendor's outputs in the policy administration system or the claims system, but lacks the request-side record that captures the data sent to the vendor and the policy context that governed the request. Article 12 expects this record to exist automatically. Colorado regulation 10-1-1 expects this record to support the testing. The carrier cannot produce it.

The shadow AI surface is uninventoried. Underwriters, claims handlers, and customer service staff use ChatGPT, Claude, Copilot, and Gemini for tasks the carrier has not formally sanctioned. Cloud Radix's 78% employee unauthorized AI use figure applies to insurance staff. The data classes at risk include PII, PHI for health insurance, claimant medical records, and underwriting decision context. None of this surfaces in the AI Systems Program inventory the NAIC bulletin expects.

The agent-and-broker channel is a second uninventoried surface. Independent agents and brokers using AI tools to assist with quote-and-bind workflows touch carrier data outside the carrier's enterprise environment. The carrier is responsible for the AI system under the bulletin if the system is used in connection with the carrier's insurance practices, regardless of where it runs.

The natural person involved in result verification is not identified in the audit record. The AI request was made by a shared service account at the gateway layer. Article 19's identification requirement is unmet.

The inspection architecture that closes the gap

The architecture has the same shape as the architecture for any high-risk Annex III use case. Insurance calibration adds specific data classes and protected-class testing support.

Inline inspection sits at the HTTP AI request boundary between the carrier's authenticated users and agents and any LLM endpoint. The inspection includes detection for the data classes relevant to insurance: applicant PII, PHI for health and life lines, underwriting indicators, claims context, financial information, and the protected-class attributes that Colorado regulation 10-1-1 requires the carrier to track for disparate impact testing.

Identity attribution names the underwriter, the claims handler, or the customer service representative behind each request. For agent-based workflows, the agent identity and delegated authority appear in the record. For vendor AI service calls initiated by carrier-side workflows, the carrier-side user, the data class, and the policy version that governed the request all sit in the record.

Per-decision audit records satisfy Article 12, Article 19, and the NAIC bulletin's evidence expectations from a single infrastructure. Each record contains timestamp, identity, data classification, policy version, decision outcome, and a tamper-evident signature. The records support the Colorado testing methodology because they preserve, per decision, the data the AI saw and the action the carrier took. Retention runs at the longer of the EU AI Act six-month floor, the state-level retention obligations under producer and policy records rules, and the carrier's own legal hold expectations.

Third-party AI risk management benefits from the inspection layer because the carrier's own records exist independent of the vendor's cooperation. The audit-right contractual provision the NAIC bulletin expects becomes operationally meaningful when the carrier can already produce evidence of what its environment sent the vendor and what the vendor returned.

Where this connects to the broader US insurance regulatory stack

The EU AI Act and the NAIC bulletin do not stand alone for US insurers. Other regimes apply in parallel:

• New York DFS Insurance Circular Letter No. 7 (2024) sets expectations on the use of external consumer data and information sources by life insurers authorized in New York.
• California's SB 1120, signed 2024, addresses AI use in utilization review for health insurance and adds disclosure and human oversight requirements.
• The federal NIST AI Risk Management Framework, while voluntary, is increasingly cited by state regulators as the baseline framework for the AI Systems Program documentation.
• HIPAA applies to health insurance carriers handling PHI in AI workflows, with the audit controls expectation under 45 CFR 164.312(b) applying to AI processing.
• The Affordable Care Act non-discrimination provisions and ACA Section 1557 add specific protections for ACA-marketplace health plans.

The infrastructure that satisfies the EU AI Act and the NAIC bulletin produces records that contribute to the New York DFS expectations, California SB 1120 evidence, HIPAA audit controls, and the ACA non-discrimination examinations. The infrastructure is shared. The vocabulary differs by regulator.

DeepInspect

This is the architecture DeepInspect was built to provide for insurance AI compliance. DeepInspect sits inline between authenticated users, agents, and applications and any HTTP-based LLM endpoint. The inspection includes detection for applicant PII, PHI for health and life lines, underwriting decision context, claims information, and the protected-class attributes carriers track for disparate impact analysis.

Every decision produces a per-decision audit record containing identity, timestamp, data class, policy version, outcome, and a tamper-evident signature. The records support EU AI Act Article 12 and Article 19 expectations, the NAIC Model Bulletin's evidence expectations under market conduct examination, the Colorado regulation 10-1-1 testing methodology, and the HIPAA audit controls applicable to health insurance carriers. For carriers facing the August 2, 2026 EU AI Act enforcement date layered onto in-force state bulletins and Colorado testing obligations, the inspection layer is the architectural component that produces the evidence each regime expects from the same infrastructure. Book a demo today.