At the Fall 2022 National Meeting of the US National Association of Insurance Commissioners (“NAIC”), the Innovation, Cybersecurity, and Technology (H) Committee (“H Committee”) met. Below are highlights from the meeting.1
The H Committee met on December 13, 2022, and adopted its working group reports and 2023 charges. Commissioner Dana Popish Severinghaus, co-vice chair of the H Committee, then provided an update on model law development efforts:
- The Insurance Data Security Model Law (#668), the NAIC’s model cybersecurity law, has been adopted in 21 states and is pending in two states;
- Revisions to the Unfair Trade Practices Act (#880), which introduced the value-added products or services exemption to the anti-rebating rules, have been adopted in 10 states and is being considered in one state; and
- Five states have insurance regulatory sandbox laws in place with nine additional states having indicated that they have innovation regulatory initiatives.
The H Committee also heard updates on initiatives such as development of:
- the Innovations, Cybersecurity, and Technology (“ICT”) Hub, which will be a resource to coordinate the work of the NAIC committees on issues related to innovation, technology, cybersecurity and data privacy (expected to be completed in late spring or early summer of 2023);
- the working group activity page, which will be a webpage listing the work of H committee groups (expected to be completed in early 2023);
- the vocabulary project, which is an effort to define foundational terms related to innovation, cybersecurity and technology (with a drafting group likely formed to lead this initiative); and
- the Collaboration Forum on Algorithmic Bias regulators resource guide, which will be a webpage that includes presentations and materials related to the Collaboration Forum on Algorithmic Bias and Big Data/AI regulatory frameworks.
Commissioner Kathleen Birrane, chair of the H Committee, then announced that work on this year’s Collaboration Forum on Algorithmic Bias will culminate in a regulatory framework, in the form of a model bulletin, for the use of AI by the insurance industry. This guidance will be principles-based and focused on governance requirements and AI use protocols that rely on external objective standards. With respect to the use of third-party data and model vendors, there is a strong preference to place responsibility on licensees for conducting appropriate diligence instead of attempting to regulate unlicensed third parties that are not regulated under the insurance laws.
Big data, AI, data privacy and cybersecurity continue to be significant topics for discussion at the NAIC. While much of the work on data privacy and AI/ML in recent years has been focused on information gathering and discussion of general principles, it appears that in the coming year, various NAIC groups will move to develop and release regulatory guidance on these topics. We will continue to track and report on these developments.
To view additional updates from the US NAIC Fall 2022 National Meeting and the H Committee’s subgroups, visit our meeting highlights page.
1 For highlights from the Innovation, Cybersecurity, and Technology (H) Committee during the Summer 2022 National Meeting, see our Legal Update “US NAIC Summer 2022 National Meeting Key Takeaways: Innovation, Cybersecurity, and Technology,” August 23, 2022.