The Big Data and Artificial Intelligence (H) Working Group is moving to operationalize the NAIC Model Bulletin on AI and piloting an AI System Evaluation Tool with 12 regulators and a diverse mix of insurers, running March through September 2026, with updates and refinements planned for the Fall 2026 meeting.

TPDM Group narrowed its consumer-impact focus to pricing and underwriting while planning iterative expansion and continuing oversight of registry development and governance standards.

Looking ahead, alignment with a federal AI framework is prioritized, including child protection, community safeguards, IP, and innovation, plus scrutiny of AI-enabled claim handling for transparency and bias risk.

CyberCube presented rising ransomware threats and the way generative AI could enhance attacker capabilities, underscoring resilience needs and potential new AI-related coverage considerations for cyber (re)insurers.

A four-tier AI risk taxonomy (unacceptable, high, medium, low) was proposed to guide regulator focus and risk assessment, along with a Compliance Report structure for insurers to demonstrate Model Bulletin compliance.

The Third-Party Data and Models (H) Working Group explored revisions to the Risk-Based Regulatory Framework, proposing a centralized NAIC registry for third-party data and model vendors to standardize governance and consumer protection, with ongoing questions on mandatory versus voluntary registration, framework versus model law, and scope beyond pricing and underwriting.

The 2023-adopted Model Bulletin aims to standardize regulator expectations on AI governance, data handling, model cards, drift testing, and bias testing to shield consumers from AI-driven harms.

The Cybersecurity (H) Working Group adopted its recent meeting minutes and advanced the Cybersecurity Event Notification Portal to centralize state-level cyber-event reporting as part of implementing Insurance Data Security Model Law #668.

AI governance trends highlighted cross-functional governance, vendor transparency, scoped use-case reviews, lifecycle risk management, potential burdens on smaller firms, and the need for ongoing training to prevent skill atrophy.

SupTech/GovTech Subgroup and Data Call Study Group report progress building state data analytics capabilities, including a regulator access pilot to high-quality data and a data elements inventory for market regulation data like MCAS and complaints, with ad hoc data calls and educational opportunities planned for 2026.

Privacy Protections (H) Working Group progress on Model 672 revisions with a public draft expected by late 2026 after feedback on Articles VI and VII.

The US NAIC Innovation, Cybersecurity, and Technology (H) Committee met in spring 2026 in San Diego to review and adopt reports from its working groups and subgroups.