Skip to main content
Featured Topics
Featured Insights
View All Services
View All Industries
About Us Overview
    • Home
    • Insights
    • US NAIC Spring 2025 National Meeting Highlights: Innovation, Cybersecurity, and Technology (H) Committee
      April 10, 2025

      US NAIC Spring 2025 National Meeting Highlights: Innovation, Cybersecurity, and Technology (H) Committee

      Authors:
      Generate PDF
      Share

      On March 26, 2025, the Innovation, Cybersecurity, and Technology (H) Committee (“H Committee”) met at the Spring 2025 US National Meeting of the National Association of Insurance Commissioners (“NAIC”). The meeting covered the following matters.

      Adoption of Task Force and Working Group Reports

      The H Committee received reports on the recent activities of its working groups, including the Big Data and Artificial Intelligence (H) Working Group, the Privacy Protections (H) Working Group, and the Cybersecurity (H) Working Group.

      Big Data and Artificial Intelligence (H) Working Group

      The Big Data and Artificial Intelligence (H) Working Group (“BDAI WG”) received a report on the health Artificial Intelligence (“AI”)/Machine Learning (“ML”) survey, which focused on major medical coverage and student health plan coverage. This survey was conducted in 16 states and collected data from 93 health insurers meeting the following criteria: (1) business written in one or more of the participating 16 states; (2) countrywide 2023 earned premiums of at least $250 million; or (3) significant market share in one or more of the participating states. The survey’s findings include:

      • 92% of survey respondents use, plan to use, or are exploring the use of AI/ML.
      • 79% of survey respondents use AI for the purpose of strategic operations, including updating and reviewing strategic goals. Other popular uses of AI/ML include utilization/severity/quality management, fraud detection, sales and marketing, claims adjudication, and data processing.
      • A majority of survey respondents are developing their own models and are using third-party components.
      • With respect to testing AI models in place, 80-82% of survey recipients are documenting the accuracy and reliability of AI/ML model outcomes, and 70-76% test for model drift and bias.
      • Over 90% of survey respondents have governance principles in place relating to the use of AI/ML.

      The BDAI WG aims to publish a detailed report of the survey results in early April.

      The BDAI WG then received an update on the NAIC’s Regulatory Framework for the Use of AI Systems, which consists of four fundamental steps:

      • Step 1: Define principles and assess insurers’ use of AI
      • Step 2: Develop AI risk evaluation tools
      • Step 3: Regulatory oversight and accountability
      • Step 4: Identify and address gaps in AI evaluation.

      The NAIC’s work in furtherance of these steps continues. Tasks identified for 2025 include:

      • Develop new regulatory tool(s) and guidance, and identify if additional Market Conduct Annual Statement data is needed
      • Coordinate the development of review and enforcement tools, resources, guidelines, and training
      • Create a self-audit questionnaire for insurers that aligns to regulator evaluation tools and guidance

      Finally, Kevin Burke of the NAIC staff gave a presentation on missing data and its implications in ratemaking. Mr. Burke noted that the issue of missing data is becoming more prevalent in the industry, with certain risk characteristics/classes being missing 30-50% of the time. Issues arising from third-party data integration have led to an incongruence in risk classification and actuarial principles. The treatment of missing data has significant implications for ratemaking because recognizing a “missing” category changes relationships in pricing models. This underscores the importance of improving data hygiene practices to ensure accurate and reliable actuarial models.

      Privacy Protections (H) Working Group

      The Privacy Protections (H) Working Group is continuing its work on developing amendments to the Privacy of Consumer Financial and Health Information Regulation (#672) by working through the model regulation section by section. The goal is to release a full draft by the end of 2025.

      Cybersecurity (H) Working Group

      The Cybersecurity (H) Working Group is working to develop a cyber data wish list, to improve regulators’ understanding of cyber risk and to assess the development of a centralized portal to receive cybersecurity incident notifications. The working group is also working to develop a tabletop exercise. Finally, the working group received a referral from the NAIC Chief Financial Regulators Forum to help develop guidance on how regulators assess compliance with the Insurance Data Security Model Law (#668).

      Update on Federal Activities Related to AI, Cybersecurity, and Technology

      Shana Oppenheim of the NAIC staff presented an update on federal activities related to AI, cybersecurity, and technology. The new administration has nominated Sean Plankey to lead the Cybersecurity and Infrastructure Security Agency, signaling a focus on risk reduction and addressing threats from China, amidst calls to downsize the agency. A review is also being undertaken to determine whether the activities of the Department of Government Efficiency have created any cybersecurity vulnerabilities. Lawmakers have continued to push for harmonization of cybersecurity regulation to ease compliance burdens. The Insurance Cybersecurity Act of 2025 has been reintroduced in Congress, which would mandate the National Telecommunications and Information Administration to establish a working group on cyber insurance to provide guidance to issuers, customers, and state regulators. Data privacy and AI-driven risk assessment continue to draw congressional action, as regulators seek to strike a balance between regulatory simplification and security imperatives.

      To view additional updates from the US NAIC Spring 2025 National Meeting, visit our meeting highlights page.

      Authors

      Related Content

      Stay Up To Date With Our Insights

      See how we use a multidisciplinary, integrated approach to meet our clients' needs.
      Subscribe

      Follow us

      © 2025 Mayer Brown

       

       

      Mayer Brown is a global legal services provider comprising associated legal practices that are separate entities, including Mayer Brown LLP (Illinois, USA), Mayer Brown International LLP (England & Wales), Mayer Brown Hong Kong LLP (a Hong Kong limited liability partnership) and Tauil & Chequer Advogados (a Brazilian law partnership) (collectively, the “Mayer Brown Practices”). The Mayer Brown Practices are established in various jurisdictions and may be a legal person or a partnership. PK Wong & Nair LLC (“PKWN”) is the constituent Singapore law practice of our licensed joint law venture in Singapore, Mayer Brown PK Wong & Nair Pte. Ltd. Mayer Brown Hong Kong LLP operates in temporary association with Johnson Stokes & Master (“JSM”). More information about the individual Mayer Brown Practices, PKWN and the association between Mayer Brown Hong Kong LLP and JSM (including how information may be shared) can be found in the Legal Notices section of our website.

      “Mayer Brown” and the Mayer Brown logo are trademarks of Mayer Brown.

      Attorney Advertising. Prior results do not guarantee a similar outcome.