Fully Automated Claims Decisions Draw Regulatory Pushback as States Rewrite the Rules

From reviewing unfair claims settlement acts across 30 states, a consistent gap emerges: none explicitly address algorithmic decision-making in claims adjudication. The NAIC's Unfair Claims Settlement Practices Model Act (Model Law 900-1) requires insurers to adopt "reasonable standards for the prompt investigation and settlement of claims" and prohibits "refusing to pay claims without conducting a reasonable investigation." Those standards were drafted decades before any insurer ran a claim through a neural network. Whether an AI system's pattern matching constitutes a "reasonable investigation" is the central legal question now facing the industry.

This is not a hypothetical. Travelers launched an agentic AI voice assistant for live auto claims calls in February 2026, built with OpenAI's Realtime API, achieving 50%+ straight-through processing rates within its first quarter. Across the industry, STP rates have jumped from 10-15% to 70-90% for simple personal auto claims at AI-deployed carriers, according to IDC projections and carrier-level disclosures we analyzed in our coverage of AI claims cycle time compression. Meanwhile, regulators in at least 24 jurisdictions have adopted the NAIC's December 2023 Model Bulletin on insurer AI use, and Colorado has signed a comprehensive automated decision-making law that takes effect January 1, 2027. The gap between deployment velocity and regulatory clarity is where the legal risk sits.

The Legal Standard: What "Reasonable Investigation" Means for AI

The NAIC's Unfair Claims Settlement Practices Model Act, adopted in some form by nearly every state, establishes several prohibitions that bear directly on automated claims handling. Section 4 of Model Law 900-1 defines the following as unfair claims practices:

• Failing to adopt and implement reasonable standards for the prompt investigation and settlement of claims
• Refusing to pay claims without conducting a reasonable investigation
• Failing to promptly provide a reasonable and accurate explanation of the basis for claim denials or compromise settlement offers
• Failing to acknowledge and act promptly upon communications regarding claims

Each of these standards implicitly assumes a human claims adjuster who reads documents, interviews parties, inspects damage, and exercises judgment. When an AI system processes a claim in seconds, what constitutes "investigation"? When the system produces a denial based on pattern matching against millions of historical claims, can the insurer articulate a "reasonable and accurate explanation" of the basis for that decision? These questions have moved from law review articles to active litigation and legislative action.

A legal analysis published in May 2026 by Taft Stettinius & Hollister, covered in Mondaq, warned that "fully automated claims decision-making may violate state unfair claims settlement practices acts." The analysis highlighted three specific state statutes that have already addressed the gap between AI capabilities and human-judgment requirements in claims decisions.

The Explainability Problem

The "reasonable and accurate explanation" requirement is where fully automated claims decisions face their steepest legal challenge. In a traditional claims denial, the adjuster documents what was reviewed, what the policy terms require, and why the facts do not meet those terms. That paper trail is the insurer's defense in any subsequent bad faith litigation.

When an algorithm denies a claim, the decision trace must show what data the system ingested, what rules or model weights it applied, and the reasoning chain that produced the outcome. As the Decerto 2026 guide for US carriers noted, "without this documentation, there is no defensible AI claims process." The problem is that many production AI systems, particularly those using deep learning for damage assessment or fraud scoring, cannot produce that level of interpretable reasoning. The model outputs a probability score or a recommended action, but the path from input to output passes through layers of abstraction that resist plain-language explanation.

This creates a structural tension. The same AI architectures that enable 70%+ STP rates and 75% cycle time reductions are inherently less explainable than the rule-based systems they replaced. Regulators are not asking carriers to stop using AI. They are asking carriers to prove that their AI satisfies the same legal standards that applied to the human adjusters the AI replaced.

The NAIC Framework: Model Bulletin and Spring 2026 Actions

The NAIC's December 2023 Model Bulletin on the Use of Artificial Intelligence Systems by Insurers remains the most significant federal-level guidance document (though itself non-binding until adopted by individual states). The bulletin requires insurers to develop a written "AIS Program" detailing responsible AI use, with particular emphasis on decisions that affect policyholders. As of spring 2026, 24 US jurisdictions have adopted the bulletin's framework, according to Decerto's compliance tracking.

The bulletin's core principle is that existing regulatory standards, including the Unfair Trade Practices Act and the Unfair Claims Settlement Practices Model Act, apply fully to AI-assisted decisions. This is not a new regulatory standard; it is a clarification that the old standards never stopped applying simply because the decision-maker changed from human to algorithm.

The AI Evaluation Tool Pilot

At the NAIC's Spring 2026 National Meeting in Louisville, the Big Data and Artificial Intelligence (BDAI) Working Group provided an update on its AI Systems Evaluation Tool pilot, launched in March 2026. The pilot involves 11 participating states: Colorado, Connecticut, Florida, Iowa, Louisiana, Maryland, Pennsylvania, Rhode Island, Vermont, Virginia, and Wisconsin. Participating regulators are sending inquiries to companies and holding weekly calls to share insights, according to the Sidley Austin regulatory update from the meeting.

The evaluation tool provides a structured framework for state regulators to examine how insurers use AI across business operations, including claims. Each participating domestic regulator makes independent decisions on which companies to include. The tool is being deployed across market conduct examinations, financial examinations, and regulatory inquiries, meaning claims-handling AI is within scope even if the examination was not specifically triggered by an AI complaint.

Separately, the NAIC's Market Regulation and Consumer Affairs (D) Committee established a new Market Conduct Regulation Modernization Working Group at the Spring Meeting. While not AI-specific, the working group's charge includes assessing whether current market conduct examination frameworks adequately address "evolving markets, business models, and consumer expectations." Initial recommendations are expected at the NAIC Fall 2026 National Meeting. For carriers deploying AI claims systems, this signals that market conduct examiners will increasingly expect to see AI governance documentation as part of routine examinations.

Third-Party Vendor Oversight

The NAIC's Third-Party Data and Models (TPDM) Working Group revised its proposed framework at the Spring Meeting to limit initial scope to pricing and underwriting functions. Claims AI was not included in the initial scope, but the framework establishes a registration system that requires "direct access through registration to third-party vendors." For carriers using claims AI from vendors like CCC Intelligent Solutions, Verisk, Tractable, or CLARA Analytics, the eventual extension of this framework to claims represents a significant compliance obligation. An AM Best survey of 150 carriers found that 68% outsource AI development while only 18% actively track vendor risk, a gap we examined in our analysis of the insurer AI vendor accountability gap.

State Legislative Action: Three Models Emerge

While the NAIC provides model guidance, binding requirements come from state legislatures and insurance departments. Three distinct legislative approaches to AI claims regulation have emerged in 2026, each reflecting different assumptions about the appropriate role of automation in claims decisions.

Model 1: Mandatory Human Review (Florida HB 527)

Florida's HB 527, filed in the 2026 session, represented the most restrictive approach. The bill would have prohibited workers' compensation carriers, insurers, and HMOs from "reducing a claim payment, denying a claim, or denying a portion of a claim based solely on the output of an AI system, algorithm, or machine learning system." Instead, a qualified human professional would be required to make all denial and claim payment reduction decisions after analyzing the claim independently of any AI system.

The bill defined "qualified human professional" as an individual who, under the Florida Insurance Code, has the authority to adjust or deny that specific category of claim and may exercise that authority over the specific claim at issue. The reviewing professional would have been required to sign off on the denial and document how AI tools were used in reaching the decision, if at all.

HB 527 died in the Rules Committee in March 2026 with a proposed effective date of July 1, 2026. Its failure to advance does not diminish its significance as a template. The bill's language explicitly contemplated AI-assisted claims processes (permissible) versus AI-determined claims outcomes (prohibited), a distinction that will recur across state legislatures. An amendment expanded the bill beyond property and casualty to include workers' compensation and health maintenance organizations, indicating legislative appetite for broad application.

Model 2: Sector-Specific AI Prohibitions (Nebraska, Georgia)

Nebraska's "Ensuring Transparency in Prior Authorization Act" prohibits utilization review agents from basing coverage decisions "solely on an artificial intelligence-based algorithm." The statute requires disclosure to the Department of Insurance, providers, enrollees, and the public website about AI use in coverage determinations. Georgia's SB 444 goes further, expressly prohibiting AI systems from issuing "an adverse determination to a patient" until a qualified natural person conducts utilization review with clinical peer participation. Georgia's statute mandates that "artificial intelligence systems shall not supersede the judgment of such clinical peer."

These laws focus on health insurance prior authorization rather than P&C claims adjustment, but they establish the legal principle that algorithmic outputs cannot substitute for human professional judgment in coverage decisions. For P&C actuaries, the health insurance precedent matters because state legislatures increasingly draft AI regulations that span all insurance lines, as Florida's HB 527 demonstrated with its amendment expanding from P&C to workers' compensation and HMOs.

Model 3: Comprehensive ADMT Disclosure (Colorado SB 26-189)

Colorado Governor Polis signed SB 26-189 on May 14, 2026, repealing and replacing the state's 2024 AI Act (SB 24-205). The new law takes effect January 1, 2027, and represents the most comprehensive state-level framework for automated decision-making technology (ADMT) in the United States.

Insurance is explicitly listed among the sectors where ADMT decisions trigger the law's requirements. Unlike the Florida model, Colorado does not prohibit automated decisions. Instead, it imposes disclosure obligations and consumer rights that make fully opaque automated decisions functionally untenable:

• Pre-interaction notice: Deployers must provide clear and conspicuous notice at the point of consumer interaction with a covered ADMT
• Post-adverse-outcome disclosure: Within 30 days of an adverse outcome, deployers must provide a plain-language description of the ADMT's role in the decision
• Right to human review: Consumers may request meaningful human review and reconsideration following an adverse automated decision
• Right to data correction: Consumers can request and correct personal data used by the ADMT
• Record retention: Three years of documentation on ADMT decision-making processes

SB 26-189 differs from its predecessor in several important ways. It narrows scope from "high-risk AI systems" to "covered ADMT," shifts from broad governance mandates to targeted consumer disclosures, and eliminates a private right of action. Enforcement rests exclusively with the Colorado Attorney General under the Colorado Consumer Protection Act, with a 60-day cure period before enforcement action (expiring January 1, 2030). The AG must complete mandatory rulemaking by January 1, 2027.

For carriers operating in Colorado, the practical impact is significant. A claim denied by an AI system triggers the 30-day disclosure requirement, the right to human review, and the data correction right. This does not prevent automation, but it requires that every automated denial be backed by a documentable, explainable process that can withstand consumer challenge and regulatory scrutiny. Carriers running opaque deep learning models for claims decisions will need to build explainability layers or route Colorado claims through human-in-the-loop workflows.

The Bad Faith Liability Chain

Beyond statutory compliance, carriers face expanding bad faith exposure from AI-driven claims decisions. The legal framework for bad faith claims against insurers generally requires the claimant to prove that the insurer's conduct was unreasonable, frivolous, or unfounded. When a human adjuster denies a claim, the insurer defends by showing the adjuster followed established procedures, reviewed relevant evidence, and reached a supportable conclusion. When an AI system denies a claim, the evidentiary foundation shifts.

In Estate of Lokken v. UnitedHealth Group, the claimant alleged that UnitedHealth's use of an AI program called "nH Predict" to deny a claim amounted to a breach of good faith and fair dealing. The allegation was that the company used a predictive algorithm to deny the claim rather than having documentation reviewed by a physician. This case, along with several pending matters, is testing whether reliance on algorithmic output, without independent human review, constitutes the kind of unreasonable conduct that supports a bad faith finding.

Courts have begun allowing discovery into insurers' AI systems in the claims context. The Hunton Andrews Kurth analysis documented cases where courts permitted claimants to obtain information about the algorithms, training data, and decision criteria used in AI-driven claims handling. For carriers, this means AI claims systems must be built with litigation discovery in mind. Every model version, every training dataset, every decision threshold becomes potentially discoverable.

The Liability Attribution Problem

When an AI agent denies a claim, the liability chain is less clear than when a licensed adjuster makes the same decision. Consider the participants in a typical AI claims workflow:

• The carrier that deployed the system and bears regulatory responsibility
• The AI vendor that built the model (CCC, Verisk, Tractable, or an internal team)
• The cloud provider hosting the inference infrastructure
• The data providers whose historical claims data trained the model
• The human supervisor who set the model's decision thresholds but did not review the individual claim

Under existing insurance law, the carrier cannot delegate its claims-handling obligations through outsourcing. The carrier remains responsible regardless of whether the denial came from a human employee, a contracted TPA, or an AI system. But the carrier's ability to seek contribution or indemnification from AI vendors depends on contract terms that many early-adopter carriers negotiated before the regulatory and litigation landscape clarified. Carriers that signed AI vendor agreements without audit rights, model change notification requirements, and regulatory examination cooperation clauses face a gap between their regulatory exposure and their contractual protections.

The Deployment Spectrum: Where Regulators Draw the Line

Not all AI claims automation raises the same regulatory concerns. The industry deployment spectrum ranges from AI-assisted workflows where algorithms support human decision-makers to fully autonomous pipelines where claims flow from FNOL to payment without human intervention. Regulators are increasingly distinguishing between these approaches.

Human-in-the-Loop: Travelers AI Claim Assistant

Travelers' AI Claim Assistant, launched in February 2026 with OpenAI, represents the human-in-the-loop model. The voice AI handles the customer interaction: gathering claim details, providing policy information, answering questions, and guiding the customer through the filing process. It then transitions the customer to a digital experience for photo uploads, appraisal scheduling, and repair coordination. The system achieved 66% customer opt-in rates and 50%+ STP on auto damage claims.

Critically, Travelers positions the AI as an assistant rather than a decision-maker. The system gathers and organizes information, but coverage decisions and payment determinations flow through established adjuster workflows. As we analyzed in our coverage of Travelers' agentic AI deployment, the carrier consolidated from four to two call centers and cut staffing by a third, but retained human adjusters in the decision chain for coverage determinations. This architecture aligns with the emerging regulatory consensus that AI can process claims as long as humans decide claims.

Fully Autonomous STP: The Regulatory Frontier

At the other end of the spectrum, several carriers and vendors have built pipelines where simple claims move from first notice through payment without any human touchpoint. CCC Intelligent Solutions' Estimate-STP product processes claims for 40 insurer clients, including seven of the top 10 carriers by direct written premium. One large national carrier routes 20% of volume through the product. Sedgwick's Omni platform consolidates document summarization, digital triage, severity modeling, automated reserving, fraud detection, and quality oversight into a single ecosystem.

These systems deliver the 70%+ STP rates and 75% cycle time reductions that justify carrier AI investment. They also represent the deployment model most vulnerable to regulatory challenge under existing unfair claims settlement practices acts. When a claim is denied without any human having reviewed the specific facts of that claim, the "reasonable investigation" standard becomes a question for the courts rather than a compliance checklist.

The practical distinction regulators appear to be drawing is between approval automation and denial automation. A claim that is fully processed and paid through STP raises fewer regulatory concerns than one that is denied or reduced through automation. Payment is the outcome the policyholder sought; denial triggers the statutory protections that unfair claims settlement acts were designed to enforce. Carriers building AI claims systems should anticipate that automated approvals will face less scrutiny than automated denials, and structure their workflows accordingly.

Actuarial Implications: Modeling Regulatory and Litigation Risk

For reserving actuaries, the regulatory pushback against automated claims decisions creates a quantifiable risk that should be reflected in reserve analysis. This is not speculative; the risk vectors are identifiable and, in some cases, already observable in claims data.

Reserve Development From Regulatory Action

Carriers deploying fully automated claims denial systems face potential reserve development from three regulatory sources:

Reopened claims from mandatory human review. If a state adopts Colorado-style right-to-human-review requirements, a percentage of AI-denied claims will be challenged and reopened. The reopening rate depends on the specificity of the automated denial explanation and the policyholder's awareness of review rights. Early data from health insurance prior authorization suggests that overturned denial rates increase meaningfully when AI-generated denials are subjected to independent human review.

Market conduct examination findings. The NAIC's 11-state AI evaluation pilot is examining claims AI as part of routine market conduct exams. Examination findings that identify systemic AI claims-handling deficiencies could trigger remediation requirements, including re-adjudication of denied claims across affected policy periods. The reserve impact depends on the examination scope and the number of claims affected, but the risk is concentrated in the most recent accident years where AI claims systems were deployed at scale.

Bad faith and class action litigation. The Lokken v. UnitedHealth pattern, alleging that AI-driven denials constitute bad faith, is replicable across carriers and lines of business. Class certification for AI claims denials is arguably easier than for traditional bad faith claims because the algorithmic process is uniform across all affected claimants, eliminating the individualized assessment that typically defeats class treatment.

Expense Ratio Impact

The regulatory response to AI claims automation affects expense ratios in both directions. Compliance with disclosure requirements, human review mandates, and documentation standards adds cost to AI-processed claims. Colorado's SB 26-189 alone requires pre-interaction notice, 30-day post-adverse-outcome disclosure, and three-year record retention for every ADMT-processed claim. Carriers that priced their AI claims investment case on the assumption of fully autonomous processing must revise expense projections to include compliance overhead.

At the same time, regulatory compliance creates a floor under claims staffing reductions. Carriers that planned to cut claims adjuster headcount by 40-50% based on STP rates may find that human-in-the-loop requirements for denials preserve a larger share of the existing workforce than initially projected. Morgan Stanley's $9.3 billion industry savings projection from AI deployment, which we examined in our analysis of the insurance AI J-curve, did not fully account for the compliance cost layer that is now materializing.

Pricing and Rate Filing Considerations

Actuaries preparing rate filings should consider whether regulatory risk from AI claims automation belongs in the loss trend, the expense projection, or as a separate provision. The loss component captures the potential for reopened or re-adjudicated claims. The expense component captures compliance costs. A separate provision may be warranted if the actuary concludes that the probability of material regulatory action is high enough to justify explicit recognition but too uncertain to allocate between loss and expense categories.

ASOP No. 12 (Risk Classification) and ASOP No. 56 (Modeling) both apply when AI systems influence claims outcomes that feed back into pricing. If an AI claims system systematically under-investigates certain claim types or policyholder segments, the resulting claims data used in pricing reflects the AI's decision patterns rather than the underlying loss experience. Actuaries relying on AI-influenced claims data for pricing should document the potential bias and consider whether adjustments are warranted.

What Carriers Should Do Now

The regulatory trajectory is clear enough that carriers can take concrete steps to reduce exposure, even as the specific requirements continue to evolve across states.

Separate approval automation from denial automation. Build AI claims workflows that route approvals through STP but escalate denials to human review. This preserves the efficiency gains that justify AI investment while reducing regulatory and bad faith exposure on the decisions most likely to generate complaints, litigation, and market conduct findings.

Build explainability into the architecture. Every AI-generated claims decision should produce a human-readable decision trace documenting what data was reviewed, what model was applied, what threshold triggered the outcome, and what the alternative outcome would have been under different assumptions. This documentation satisfies the "reasonable and accurate explanation" requirement under existing unfair claims settlement practices acts and positions the carrier for compliance with Colorado-style disclosure mandates.

Audit vendor contracts. Carriers using third-party AI claims systems should review contract terms for audit rights, model change notification, regulatory examination cooperation, and indemnification for regulatory or litigation losses arising from the vendor's model. The NAIC TPDM framework, while initially limited to pricing and underwriting, signals the direction for claims vendor oversight.

Document the human overlay. For claims processed through AI systems, document the human oversight mechanism: who set the model's operating parameters, when those parameters were last reviewed, what percentage of AI decisions are sampled for human quality review, and what the override rate is. This documentation becomes the carrier's evidence that AI was used as a tool, not as a substitute for the "reasonable investigation" the statute requires.

Why This Matters for Actuaries

Patterns we have seen across regulatory actions in 2026 point to a consistent trajectory: regulators are not opposed to AI in claims, but they are insisting that carriers cannot use efficiency as a justification for eliminating the investigative judgment that unfair claims settlement acts were designed to protect. The 24-jurisdiction adoption of the NAIC Model Bulletin, the 11-state AI evaluation pilot, Colorado's SB 26-189, and the bad faith litigation pattern in Lokken all reinforce the same principle: the legal standards that governed human claims handling apply with equal force to algorithmic claims handling.

For actuaries, this creates measurable work. Reserve analysis must account for the probability of reopened claims, regulatory remediation, and bad faith judgments arising from automated denials. Expense projections must incorporate the compliance overhead that human-in-the-loop requirements and disclosure mandates add to AI claims workflows. Pricing models must consider whether AI-influenced claims data accurately reflects loss experience or reflects the AI's decision biases. And model validation under ASOP No. 56 must extend to the claims AI systems that increasingly determine what data the actuary uses for reserving and pricing.

The carriers that have invested most heavily in AI claims automation, Travelers at $1.5 billion in annual technology spend, CCC processing claims for seven of the top 10 carriers, Chubb building toward 85% claims automation, are also the carriers with the most to lose from regulatory non-compliance. The investment case for AI claims automation remains strong. But the assumption that automation would replace human judgment entirely, rather than augment it within a regulatory framework designed for human judgment, is the assumption that 2026 regulatory action has definitively corrected.