Insurance AI compliance in Colorado — what insurers must do now
Colorado’s SB21-169 and Regulation 10-1-1 are live and expanding. Life insurers have been under full compliance obligations since 2023. Auto and health insurers joined in October 2025. Fruggr gives your organization the governance infrastructure to inventory AI systems, run bias testing, and produce the attestations regulators require — without rebuilding your compliance program from scratch.
What SB21-169 prohibits and who it covers
Signed in July 2021, Colorado SB21-169 prohibits insurers from using external consumer data and information sources (ECDIS), algorithms, or predictive models in ways that result in unfair discrimination against policyholders based on race, color, national or ethnic origin, religion, sex, sexual orientation, disability, gender identity, or gender expression.
The practical obligations sit in Regulation 10-1-1, written by the Colorado Division of Insurance. The statute itself is too general to comply with directly — Regulation 10-1-1 is the rulebook your legal and compliance teams need to work from.
Who is in scope
All insurers licensed to operate in Colorado that use ECDIS, algorithms, or predictive models in underwriting, pricing, claims, or any other insurance practice. Vendors supplying algorithms or data to Colorado insurers face downstream contractual diligence obligations.
What counts as ECDIS
Broader than most teams expect. Vendor-supplied scores, data broker feeds, consortium data, and credit-based insurance scores are all in scope — even if they have been part of your pricing for years. If it did not come directly from the consumer, it is likely ECDIS.
Key obligations under Regulation 10-1-1
Insurers in scope must establish a board-overseen governance and risk management framework covering the full lifecycle of any ECDIS, algorithm, or predictive model used in insurance practices — from acquisition and vendor selection through deployment and ongoing monitoring. This includes maintaining a complete, up-to-date inventory of all external data sources and downstream models, along with documented testing results and remediation activities for any identified discriminatory outcomes.
Reporting obligations are continuous: life insurers must submit a progress report to the Colorado Division of Insurance and file an annual attestation signed by a senior officer confirming that the risk management framework is fully implemented. The first full attestation was due December 1, 2024, with annual renewals required thereafter.
Not sure where your program stands?
Fruggr can run a rapid gap assessment against Regulation 10-1-1 requirements and show you exactly what your compliance posture looks like today.
How Fruggr supports your compliance with SB21-169
With Fruggr’s Sustainable AI cockpit, insurance companies can build and document their AI governance program directly within the platform mapping all algorithms and external data sources, assigning ownership, tracking review cycles, and maintaining the audit trail required by Regulation 10-1-1. Our automated data collection connects to your existing IT ecosystem, making the initial inventory a matter of hours rather than weeks.
Fruggr’s reporting module transforms your governance data into structured, exportable compliance documentation reducing manual reporting effort by over 60% and giving your compliance and risk teams the evidence they need for annual attestations, board-level oversight, and regulatory examinations by the Colorado Division of Insurance.
Your SB21-169 obligations are live. Is your program?
Whether you are building your governance framework from scratch or strengthening an existing one ahead of annual attestation, Fruggr gives your team the infrastructure to comply with confidence.