New Draft Regulations Place Restrictions on Insurers’ Use of AI 

Recent CPPA draft regulations may have a major impact on insurers’ use of AI.

The California Privacy Protection Agency recently released draft regulations that would place significant restrictions on companies’ use of automated decision-making technology, including requirements for transparency, access rights, and opt-out rights for consumers. These draft rules could have a major impact on insurance providers that rely on algorithms and predictive modeling tools in areas like underwriting, claims processing, and pricing decisions. 

Key Aspects and Impact

The draft regulations seek to limit the use of automated systems, particularly for decisions that carry legal or similar significance for consumers, such as access to insurance. Insurers would have to provide detailed transparency to consumers on the logic and key parameters behind algorithms and get consent. The draft also proposes extensive opt-out and access rights that could enable consumers to object to or get information on algorithmic decisions. 

If finalized in their current form, these rules would require most insurers to overhaul existing practices on using automated decision systems. They would also need to invest more resources in compliance activities around transparency, access management, and providing consumer rights controls. Leaving algorithms unchecked raises fairness issues, but more restrictions also risk limiting innovation and efficiency.

Steps for Insurance Providers

Insurers have time to assess these regulations and prepare for additional oversight of automated decisions. Here are some proactive steps carriers can take:

  • Review existing automated decision systems and document usage, logic, data inputs, and role in decisions. Assess validity, fairness, and process rigor. 
  • Enhance transparency for consumers on your use of algorithms and develop a compliance strategy for meeting notice, access, and opt-out requirements. 
  • Evaluate restricting automated decisions for higher-risk processing like underwriting eligibility until the regulatory environment is clearer.
  • Engage industry groups in shaping final rules to find the right balance between protecting consumers and enabling responsible innovation.

Regulatory oversight of algorithms is clearly increasing. Taking early action to align practices with emerging expectations will put insurers in a stronger compliance position. Monitoring developments and participating in policy discussions can also help secure favorable outcomes.

If you’d like to discuss our recommendations for staying ahead of regulatory requirements for AI, please read our report Explaining AI and ML Algorithm Outcomes to Insurance Regulators: CIO/CTO Checklist, or contact me or Mitch Wein to continue the conversation.