On August 20, 2025, the Colorado Division of Insurance (Division) amended Regulation 10-1-1 to expand its existing limited applicability to insurers offering individual life insurance to apply to insurers offering private passenger auto and health benefit plans effective October 15, 2025. Evidence of compliance with the amended regulation must be made available to the Division upon request for private passenger auto and health benefit plan insurers beginning on July 1, 2026.
Section 5 of the amended Regulation, titled “Governance and Risk Management Framework” requires:
- Documented governing principles ensuring that: a. external consumer data and information sources (ECDIS), and algorithms and predictive models that use ECDIS, are designed, developed, used, and monitored in a manner that achieves effective oversight and management; and b. The use of ECDIS, and the algorithms and predictive models that use ECDIS, are reasonably designed to prevent unfair discrimination.
- Oversight by the board of directors or a committee of the board.
- Senior management responsibility and accountability for the use of ECDIS, and algorithms and predictive models that use ECDIS.
- Cross-functional ECDIS, algorithm, and predictive model governance group.
- Health benefit plan insurers must ensure that their providers are ultimately responsible for the decisions made when ECDIS, or algorithms or predictive models that use ECDIS, are used to for authorization prior to, or concurrent with, the provision of health care services.
- Documented testing policies, processes, and procedures.
- Documented complaint processes and protocols. Carriers may use existing procedures for grievances and appeals.
- Documented policies, procedures, and processes for assessing and prioritizing risks associated with the deployment of ECDIS, as well as algorithms and predictive models that use ECDIS.
- Documented up-to-date inventory, including version control and explanations of any material changes.
- Documented description of quantitative testing to detect unfair discrimination.
- Documented description of ongoing monitoring regarding the performance of algorithms and predictive models that use ECDIS including accounting for model drift.
- Documented description of the process used for selecting external resources, including third-party vendors that supply ECDIS, algorithms, and/or predictive models that use ECDIS.
- Documented comprehensive annual reviews of the governance structure and risk management framework and related updates.
- If an insurer uses third-party vendors and other external resources with respect to ECDIS, as well as algorithms and predictive models that use ECDIS, the insurer remains responsible for ensuring all requirements in Section 5 above are met.
Private passenger auto and health benefit plan insurers must submit to the Division a narrative report due December 1, 2025, summarizing progress toward complying with the requirements specified in Section 5.
