AIS Program IR — Formal Specification, v0.1
A deterministic, signed, telemetry-grounded representation of an insurer's AI Systems Program. Compiles to: signed AIS Program PDF/HTML, NAIC AI Evaluation Tool Exhibits A/B/C/D, Colorado Reg 10-1-1 annual report, NY DFS Circular Letter 7 adverse-effects pack, per-state addenda, and a gap report.
1. Status
This specification is at v0.1 — draft. Spec text is licensed CC-BY-4.0. Reference code is Apache-2.0. Breaking changes are expected before v1.0.
v1.0 ships once a pilot carrier files the Colorado Reg 10-1-1 annual report and a NAIC AI Evaluation Tool exhibit pack generated end-to-end from this IR, and at least one third-party generator passes the conformance suite.
2. Conformance
A generator is conformant with v0.1 if and only if it satisfies all of the following:
- Accepts AIS Program IR documents conforming to the schema in §3.
- Emits the six artifacts described in §7, each carrying the signing envelope
(content_hash, regulation_version_hash, ir_hash, template_hash, signing_key_id, timestamp). - Produces byte-reproducible output given identical IR + template_hash + regulation_version_hash + telemetry snapshot.
- Refuses to publish when any field's telemetry is stale beyond the configured threshold (default 30 days for high-risk systems).
- Emits a gap report enumerating fields with missing or stale evidence and validation-rule failures.
- Uses bounded LLM calls only in designated
<narrative>slots, behind a diff-review gate.
3. AIS Program IR — formal schema
The canonical representation is YAML. Equivalent JSON-Schema and Protobuf representations are derived from this document and ship in the reference repository.
ais_program:
meta:
insurer_id: NAIC-CoCode-XXXXX
jurisdictions: [CO, CT, NY, ...] # drives addendum selection
regulation_version_hash: sha256(...) # binds doc to specific reg snapshot
effective_date: 2026-07-01
signing_key_id: did:...
revision: semver
governance:
board_oversight:
committee_id: required
charter_doc_hash: required # evidence: signed PDF
meeting_cadence: enum[monthly|quarterly]
ai_review_minutes: [hash, ...] # signed attestation
ai_committee:
members: [{role, name, raci}] # R/A/C/I per system
chair: required
accountable_officer:
title: required # CISO / Chief AI Officer / equivalent
reporting_line: required
policies:
ai_policy_doc_hash: required
acceptable_use_doc_hash: required
escalation_protocol_hash: required
validation_rules:
- "board minutes must be hash-anchored within 90d"
- "RACI must cover every system in inventory"
inventory:
systems:
- system_id: required
name: required
function: enum[underwriting|rating|claims|fraud|marketing|servicing|other]
risk_tier: enum[high|medium|low] # NAIC Exhibit C trigger if high
deployment_status: enum[production|pilot|retired]
owner_team: required
in_house_or_vendor: enum
model_card_uri: required # telemetry-pulled, hash-pinned
last_validated_at: timestamp # telemetry
last_bias_test_at: timestamp # telemetry
decisions_per_month: int # telemetry — auto-pulled
validation_rules:
- "every high-risk system needs Exhibit C entry"
- "no system >180d since last_bias_test in CO/NY"
lifecycle: # per system
- system_id: ref
design:
purpose_statement: text # template-rendered
intended_use: text
out_of_scope: text
development:
training_data_manifest_hash: required
feature_set_hash: required
code_commit_sha: required
validation:
method: enum[holdout|cv|backtest|stress]
results_doc_hash: required
threshold_decisions: [{metric, threshold, observed}]
deployment:
approval_record_hash: required
rollback_plan_hash: required
monitoring:
drift_alerts: [telemetry_stream_id]
performance_kpis: [{name, threshold, current}]
recalibration_cadence: duration
retirement:
sunset_protocol_hash: optional
data:
sources:
- source_id: required
provider: required
ecdis_flag: bool # Colorado trigger
third_party_flag: bool
lineage_graph_hash: required
retention_period_days: int
consent_basis: enum
validation_rules:
- "every ECDIS source needs CO bias-test linkage"
fairness_testing:
- system_id: ref
protected_classes: [race, color, ethnicity, religion, sex,
sexual_orientation, disability,
gender_identity, gender_expression]
tests:
- method: enum[four_fifths|proxy_audit|intersectional|counterfactual]
run_id: telemetry_ref # links to validation pipeline run
executed_at: timestamp
result: { passed: bool, metric_value: float, threshold: float }
artifact_hash: required # signed bias-report PDF
ny_dfs_assessment: # NY-specific
adverse_effect_finding: bool
business_necessity_rationale: text_hash
less_discriminatory_alt_search: doc_hash
vendor_management:
- vendor_id: required
systems_provided: [system_id]
contract_hash: required
soc2_evidence_hash: optional
iso27001_evidence_hash: optional
bias_audit_right_clause: bool
regulator_access_clause: bool
last_vendor_review_at: timestamp
incident_log:
definitions_doc_hash: required # what counts as an AI incident
reporting_protocol_hash: required
incidents:
- incident_id: required
system_id: ref
opened_at: timestamp
severity: enum
adverse_consumer_outcome_flag: bool
remediation_doc_hash: required
closed_at: timestamp
consumer_disclosures:
notice_templates: [{jurisdiction, language, doc_hash}]
delivery_channels: [{system_id, channel, audit_log_hash}]
adverse_decision_notice_sla_days: 15 # NY DFS default
opt_out_mechanism_doc_hash: required 4. Evidence-type taxonomy
Each field carries an evidence type. The generator validates evidence at publish time.
5. Validation rules
Validation rules are declared inline in the schema. A non-exhaustive list of examples:
- Board minutes must be hash-anchored within 90 days for high-risk systems.
- RACI must cover every system listed in inventory.
- Every system with
risk_tier == highrequires an Exhibit C entry. - No system may exceed 180 days since
last_bias_test_atin CO or NY. - Every data source with
ecdis_flag == truemust link to a Colorado bias-test artifact. - Every adverse-decision channel must declare a 15-day notice SLA for NY-licensed lines.
- Every vendor providing a high-risk system must have
bias_audit_right_clause == trueandregulator_access_clause == true.
6. Generator pipeline
The pipeline merges IR + telemetry + org-config into a deterministic template renderer. A bounded LLM may polish designated narrative slots through a diff-review gate — never the control plane. The validator emits a gap report regardless of publish outcome.
┌─────────────────────────────────────┐
│ AIS Program IR (YAML/Proto) │
└────────────────┬────────────────────┘
│
┌────────────────────────────────────────┼─────────────────────────────────┐
│ │ │
▼ ▼ ▼
┌──────────────┐ ┌─────────────────────┐ ┌──────────────────┐
│ Telemetry │ │ Deterministic │ │ Org-config │
│ adapters │──────merge────▶│ template renderer │◀──boilerplate│ (logos, RACI, │
│ (registry, │ │ (Handlebars/Tera + │ │ charters, etc.) │
│ lineage, │ │ hash-pinned tmpls) │ └──────────────────┘
│ pipelines, │ └──────────┬──────────┘
│ incidents) │ │
└──────────────┘ │ optional bounded LLM call
│ (paragraph polish only,
│ diff-review gate required)
▼
┌──────────────────────────────┐
│ Validator (rules engine) │
│ emits gap_report.json │
└──────────────┬───────────────┘
│
┌────────────┬───────────────┼─────────────────┬────────────────┐
▼ ▼ ▼ ▼ ▼
┌──────────┐ ┌────────────┐ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐
│ AIS PDF │ │ NAIC AI ET │ │ Colorado │ │ NY DFS │ │ Per-state │
│ + HTML │ │ Exhibits │ │ Annual │ │ adverse- │ │ addendum │
│ (signed) │ │ A/B/C/D │ │ Compliance │ │ effects pack │ │ packs │
│ │ │ (signed) │ │ Report │ │ │ │ │
└──────────┘ └────────────┘ └──────────────┘ └──────────────┘ └──────────────┘ 7. Outputs
The generator emits six signed artifacts per publish:
- AIS Program PDF + HTML — the canonical document, signed.
- NAIC AI Evaluation Tool Exhibits A/B/C/D — canonical response pack for state inquiries.
- Colorado annual compliance report — Reg 10-1-1, with attached bias-test artifacts.
- NY DFS adverse-effects pack — Circular Letter 7 three-step assessment + less-discriminatory-alt search log.
- Per-state addendum packs — state-specific deltas keyed to
regulation_version_hash. - Gap report — missing-telemetry diagnostic + stale-evidence list + threshold exceedances.
Every artifact carries the signing envelope:
(content_hash, regulation_version_hash, ir_hash, template_hash, signing_key_id, timestamp).
8. Versioning
IR documents are semver-versioned. Each published document is signed and carries
regulation_version_hash, so when NAIC or
a state regulator updates rules, the gap report regenerates against the new hash.
Breaking schema changes increment the major version. Conformant generators must declare which IR major versions they support.
9. Acknowledgments
References:
- NAIC Model Bulletin on the Use of Artificial Intelligence Systems by Insurers (December 4, 2023)
- NAIC AI Systems Evaluation Tool (multistate pilot, March–September 2026)
- Colorado Division of Insurance — Amended Regulation 10-1-1 (effective October 2025)
- New York Department of Financial Services — Circular Letter No. 7 (July 2024)
- California Department of Insurance — Bulletin 2022-5