AI Governance Expectations on the Rise for Insurers Amid New Regulatory Activity

Staff Editor 2026-06-05
AI Governance Expectations on the Rise for Insurers Amid New Regulatory Activity

AI Governance Expectations on the Rise for Insurers Amid New Regulatory Activity

https://www.hinshawlaw.com/en/insights/privacy-cyber-and-ai-decoded-alert/ai-governance-expectations-on-the-rise-for-insurers-amid-new-regulatory-activity

Publish Date: 2026-06-05 19:37:00

Source Domain: www.hinshawlaw.com

Insurance companies should treat recent developments in artificial intelligence (AI), privacy, and cybersecurity regulation as more than just policy signals. Regulators are moving toward examination-ready expectations for insurers’ use of AI and automated decision-making technology, while cybersecurity regulators are warning that frontier AI may materially increase the speed and scale of cyber threats.

For insurers, the practical message is straightforward: AI governance is becoming part of cybersecurity and privacy compliance, market conduct oversight, claims handling, unfair discrimination analysis, and third-party risk management.

Key Developments

NYDFS Warns about Frontier AI Model Cybersecurity Risk

On May 21, 2026, the New York Department of Financial Services (NYDFS) issued an Advisory warning DFS-regulated entities that frontier AI models may amplify the “potency, scale, and speed” with which threat actors identify vulnerabilities and exploits in information systems.

DFS stated that the advisory does not impose new requirements. Still, it urged regulated entities to update risk assessments, accelerate vulnerability management, coordinate with critical third-party service providers, validate AI-generated code, strengthen monitoring, and ensure compliance with 23 NYCRR Part 500.

A key element of the advisory is that NYSDFS advised that regulated entities should assess whether additional cybersecurity measures are warranted to address heightened risks associated with Frontier AI Models. At the same time, DFS issued additional guidance on Measures Regulated Entities Should Consider in a Heightened Cybersecurity Threat Environment. This new Guidance provides key best practices on when to adopt a heightened risk posture due to such cybersecurity risks caused by technological changes and geopolitical risks.

NYDFS Enforcement Remains Focused on Operational Cybersecurity Compliance

The advisory follows a DFS April 2026 cybersecurity settlement involving…

Source

More Stories

HHS Restructuring and New Enforcement Signal Increased Focus on Privacy, Security, and Health Plans

HHS Restructuring and New Enforcement Signal Increased Focus on Privacy, Security, and Health Plans

Staff Editor 2026-06-05
Trump mandates military AI use while emphasizing oversight and privacy

Trump mandates military AI use while emphasizing oversight and privacy

Staff Editor 2026-06-05
Ill. Class Gets Cert. In Apple Photos Biometric Privacy Suit

Ill. Class Gets Cert. In Apple Photos Biometric Privacy Suit

Staff Editor 2026-06-05

Terms and Conditions - Privacy Policy