What is SB21-169?

SB21-169 is Colorado’s groundbreaking insurance regulation requiring insurers to govern their use of external consumer data and algorithms, including artificial intelligence, to prevent unfair discrimination in insurance practices.

Why was it introduced?

To ensure that the increasing use of AI, machine learning, and big data in insurance underwriting, pricing, and claims does not result in bias, unfair discrimination, or harm to consumers—particularly protected classes.

Who does it affect?

All life insurers operating in Colorado who use external consumer data and information sources (ECDIS), algorithms, and predictive models to make decisions about consumers. Other lines of insurance may follow.

How does it work?

• Requires insurers to establish a governance and risk management framework for ECDIS and algorithms.

• Insurers must demonstrate that their systems do not result in unfair discrimination.

• Applies to third-party models and vendor tools used in decision-making.

• Insurers must submit reports and documentation to Colorado’s Division of Insurance (DOI).

When is it enforced?

Rulemaking was finalized in 2023.

• Insurers must begin compliance activities and submit their compliance plan in 2024.

• Enforcement and evaluation of plans begin shortly after submissions.

Where is it applied?

Only in the state of Colorado, but it sets a precedent that other U.S. states may follow, especially as AI regulation gains traction.

Penalties for non-compliance

• Regulatory action from the Colorado Division of Insurance

• Potential suspension or revocation of licenses

• Civil penalties or financial enforcement actions, depending on the violation severity

How does it affect AI systems?

• AI used in underwriting, pricing, marketing, or claims must be explainable and auditable.

• Requires documentation of data sources, model design, training, testing, and monitoring.

• Bias audits and fairness assessments must be conducted.

What should organizations do now to comply?

• Inventory all models and ECDIS in use—especially those affecting consumer outcomes.

• Develop a governance framework – include oversight committees, testing protocols, and bias detection methods.

• Document model development lifecycle – training data, assumptions, limitations, and testing.

• Conduct bias impact assessments – ensure fairness and non-discrimination.

• Review contracts with third-party vendors – ensure they meet the Act’s compliance standards.

• Submit required documentation – align with DOI reporting deadlines and formats.

Finally, Colorado’s SB21-169 is a signal to the insurance industry that AI and algorithmic systems must be fair, transparent, and accountable. Proactive compliance today can position organizations as trustworthy leaders in a rapidly evolving regulatory environment.

For more 5-minute reads that matter, stay tuned for more insights on AI, risk, and governance from Obi Ogbanufe, PhD