California Bulletin 2022-5 Targets AI Bias in Insurance
California Insurance Commissioner Ricardo Lara issued Bulletin 2022-5 on June 30, 2022, reminding insurers and licensees that they are responsible for both conscious and unconscious bias or discrimination resulting from the use of artificial intelligence and big data. The bulletin applies to marketing, rating, underwriting, claims handling, and fraud investigation across all lines of insurance that affect California residents, businesses, and policyholders.
The bulletin does not create new law. It restates existing obligations under the California Unruh Civil Rights Act and related insurance laws. But it was significant because it explicitly connected traditional fair-discrimination obligations to modern data sources and algorithmic models. The department warned that insurers cannot avoid responsibility by pointing to a vendor, a third-party data broker, or a neutral-sounding algorithm. If a model or data source produces a discriminatory outcome, the insurer is responsible for it.
The bulletin identifies several concrete examples of concern. These include allegations that insurers unfairly flag claims from certain ZIP codes for special investigation, use biometric data from facial recognition to influence claim decisions, and collect personal information unrelated to risk in marketing and underwriting. It also notes that external data sources such as geography, homeownership, credit information, education, civil judgments, and social media can disguise bias and discrimination even when they do not explicitly reference protected characteristics.
For insurers, the practical impact is that California expects fair outcome testing, not just fair intent. A model that is built without protected-class variables can still produce disparate impact, and the department made clear that it will investigate such outcomes. The bulletin also requires that insurers be able to explain and defend the data and models they use. This means documentation of data sources, model design, testing results, and ongoing monitoring is not just a best practice; it is an enforcement defense.
California has followed Bulletin 2022-5 with additional enforcement and rulemaking, including rules on testing external consumer data and complex algorithms under SB 21-169 and the newer SB 26-189 requirements taking effect in 2027. The bulletin remains the foundational statement of the department’s position on AI and discrimination, and it is frequently cited by regulators and litigators in other states.
Carriers should also audit whether their current model testing meets the bulletin’s expectations. Testing for disparate impact across protected classes is not a one-time exercise; it must be repeated when models are retrained, when new data sources are added, and when market conditions change. The bulletin makes clear that the department will look at outcomes, not just intent. A model that passes a fairness test at launch can still produce discriminatory results in production if the underlying data distribution shifts. This is why documentation of testing methodology, dates, and responsible parties is now a standard expectation in California examinations. The same rigor should apply to any external data source used for marketing, rating, or claims triage. If a vendor cannot explain how a data element is derived, or if the carrier cannot reproduce the score with its own records, the data should not be used in a decision that affects a consumer until the gap is closed.
For a framework on how to test AI systems for discriminatory outcomes, see our guide to AI governance in insurance.