Deep dives on AI governance.
Plain-English, citation-grounded explainers on the regulations governing AI in insurance, banking, and healthcare — what each rule actually requires, and the evidence regulators expect.
NAIC Model Bulletin: what insurers must prove in 2026
The NAIC Model Bulletin doesn't create new statutory law. It tells insurers how existing unfair-trade-practice and market-conduct authority applies to AI — and adopting states now expect a written AIS program, documented testing, and third-party oversight. Here is what an examiner will actually ask to see.
CMS-0057-F prior-auth turnaround: the audit trail regulators expect
The CMS Interoperability and Prior Authorization final rule compresses decision timeframes, forces public reporting of approval and denial rates, and takes effect in 2026. When AI assists those decisions, the turnaround clock and the audit trail become the same problem. Here is what payers need to capture.
EU AI Act Annex III for US insurers and banks
The EU AI Act reaches US firms whose AI outputs are used in the Union. For insurers and banks, Annex III classifies creditworthiness and life-and-health risk-and-pricing systems as high-risk — pulling in a documentation, logging, and human-oversight regime that bites in August 2026.
SR 11-7 for ML models: conceptual soundness in practice
SR 11-7 was written in 2011, long before today's ML and LLM models, yet it is the framework US banking supervisors apply to them. Its demand for conceptual soundness, effective challenge, and ongoing monitoring translates into specific, testable obligations for machine-learning systems. Here is how.
More explainers are in the works.
We're writing on ISO/IEC 42001, the NIST AI RMF, GDPR Article 22, and disparate-impact measurement. Tell us what your regulators are asking about and we'll prioritize it.
Suggest a topic