Colorado · Colorado Division of Insurance
Colorado SB 21-169 and Regulation 10-1-1 (3 CCR 702-10): Governance and Risk Management for Insurers' Use of External Consumer Data, Algorithms, and Predictive Models
Colorado is the quantitative-testing outlier. SB 21-169 prohibits insurers from using external consumer data, algorithms, and predictive models in a way that unfairly discriminates against protected classes, and directs the Division of Insurance to require testing. Regulation 10-1-1 (3 CCR 702-10) builds the governance and risk-management framework that implements it; the amended regulation took effect October 15, 2025 and reaches life, private passenger auto, and health benefit plan insurers using such models.
What it covers
Colorado Senate Bill 21-169 prohibits insurers from using external consumer data and information sources (ECDIS), algorithms, and predictive models in a way that unfairly discriminates against consumers based on race, color, national or ethnic origin, religion, sex, sexual orientation, disability, gender identity, or gender expression. It directs the Colorado Division of Insurance to adopt rules establishing governance, risk-management, and testing requirements.
Regulation 10-1-1 (3 CCR 702-10) requires covered insurers to establish a documented governance and risk-management framework for ECDIS, algorithms, and predictive models, including a comprehensive annual review of that framework. The amended regulation, effective October 15, 2025, applies to insurers offering individual life insurance, private passenger automobile insurance, and health benefit plans. Colorado pairs the framework with quantitative testing for unfair discrimination, which distinguishes it from principle-based state regimes.
MandateMap stages primary regulatory information and does not provide legal or compliance advice. Verify against the linked primary source and consult qualified counsel.