Third-Party AI
AI systems, models, or components built or operated by an outside vendor. The insurer stays responsible for outcomes even when the algorithm is rented.
Third-party AI refers to artificial intelligence systems, models, data sources, or platforms that an insurer licenses or buys from an outside vendor rather than building internally. The NAIC found that 55% of responding health insurers use third-party components in their AI systems, and 15% rely entirely on third-party solutions.
The NAIC Model Bulletin is explicit: insurers remain responsible for compliance with insurance laws even when they use AI developed or operated by a third party. When a regulator arrives, the carrier must produce the documentation, explain the model, and show that the system did not produce unfairly discriminatory outcomes. The vendor’s office is not where the examiner will sit.
A strong third-party AI program includes due diligence before signing, contract clauses for audit rights and regulatory cooperation, and ongoing monitoring after deployment. See our AI vendor risk assessment checklist and glossary entry on vendor oversight.