It is increasingly evident that artificial intelligence (AI) is reshaping all facets of business, and its impact on employee benefit plans is no exception. From automating plan administration to personalizing participant communications, AI introduces both new opportunities and new responsibilities for those overseeing Employee Retirement Income Security Act of 1974 (ERISA)-covered retirement and health plans (Plans).

Plan sponsors and fiduciaries should understand how AI intersects with their legal obligations under ERISA and take proactive steps to leverage this technology responsibly to improve participant outcomes.

How AI is Already Impacting Plan Operations

AI technologies are already being integrated into various aspects of Plan management and operations. Fiduciaries should understand how these technologies can benefit participants and beneficiaries—and how to mitigate associated risks. Ignoring AI is no longer a prudent option.

For example, AI-driven platforms can analyze individual participant data to deliver tailored communications that support retirement readiness. AI-automated systems also streamline manual and repetitive tasks, reducing processing time, limiting errors, and improving compliance. These systems can process loans, hardship withdrawals, and domestic relations orders.

However, because AI is not infallible, regular validation is essential. To comply with ERISA’s prudence requirements, fiduciaries should not delegate critical responsibilities to AI without implementing ongoing oversight and monitoring protocols.

Cybersecurity and Fraud Detection

Fiduciaries have an obligation to protect participants’ personal and financial data, which includes adopting and maintaining robust cybersecurity practices. (See: Compliance Assistance Release 2024-01.)

AI-based fraud detection systems can identify anomalies in account access and distribution activity, helping protect participants from unauthorized transactions. Given AI’s capabilities, fiduciaries may face increased scrutiny if they fail to explore AI solutions that bolster account security.

At the same time, integrating AI can introduce new cybersecurity vulnerabilities. Fiduciaries should understand how AI tools operate to strengthen Plan cybersecurity without inadvertently creating risks that harm participants.

Investment Management Tools

Most fiduciaries engage professional advisors to assist with Plan investment options. As a best practice, fiduciaries should ask prospective advisors whether—and how—they use AI-enabled tools to help participants optimize their investment decisions. Similarly, fiduciaries should evaluate how advisors use AI to assess Plan investment performance and strategy.

Vendor Selection and Monitoring

Diligence in vendor selection is critical when working with AI-driven services. Fiduciaries should understand how the AI models are built, what data they use, how results are validated, and whether cybersecurity and privacy controls are adequate.

Vendor contracts should specifically address:

  • Data usage rights and limitations
  • Indemnification provisions
  • Insurance requirements
  • Audit rights and transparency obligations

Transparency and Explainability

Fiduciaries should understand how AI-based decisions are made. Reliance on “black box” AI systems—where the internal logic is opaque—could run afoul of ERISA’s prudence standards. Ongoing monitoring of AI vendors, including thorough audits and performance reviews, is essential to ensuring continued compliance.

AI Data Sources and Governance

AI outputs are only as reliable as the data they rely on. Fiduciaries should make sure the data driving AI tools is accurate, current, complete, and secure. Implementing robust processes for data validation and correction is a key governance priority.

Actionable Steps for Plan Sponsors and Fiduciaries

While AI presents significant opportunities, its deployment should be subject to rigorous oversight. AI should complement, not replace, traditional methods of Plan management. Fiduciaries should evaluate and monitor AI through the lens of ERISA’s fiduciary standards.

Recommended action items include:

  • Integrate AI risk management into the Plan’s overall governance strategy
  • Evaluate and document how AI tools impact investment selection, recordkeeping, and participant advice
  • Review and revise service provider contracts to include AI-specific clauses
  • Conduct initial and periodic due diligence on vendors, involving technical experts as needed

The Jackson Lewis Employee Benefits Practice Group members can assist if you have questions or need assistance. Please contact a Jackson Lewis employee benefits team member or the Jackson Lewis attorney with whom you regularly work. Subscribe to the Benefits Law Advisor Blog.

Tags: AI, cybersecurity, DOL, ERISA, Fiduciary Duty
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Melissa Ostrower Melissa Ostrower

Melissa Ostrower is a principal in the New York City, New York, office of Jackson Lewis P.C. and co-leader of the firm’s Employee Benefits practice group. She counsels clients in a broad range of employee benefit matters, including general compliance and administration of…

Melissa Ostrower is a principal in the New York City, New York, office of Jackson Lewis P.C. and co-leader of the firm’s Employee Benefits practice group. She counsels clients in a broad range of employee benefit matters, including general compliance and administration of qualified retirement plans and nonqualified retirement plans.

Melissa assists clients with welfare plan issues involving cafeteria plans, health plans, flexible spending accounts, COBRA and the Affordable Care Act. She regularly speaks on all benefits issues including federal health care reform, fiduciary compliance and executive compensation.

Melissa regularly advises on executive compensation matters, including issues related to compliance with Section 409A, 162(m) and 280G of the Internal Revenue Code.

Melissa represents clients in connection with Internal Revenue Service and the Department of Labor audits and information requests. She also regularly assists clients in fixing plan operational and document errors. Melissa negotiates with benefits providers, volume submitter and prototype vendors, TPAs, insurers and auditors.

Melissa also advises clients in connection with phantom and equity based compensation arrangements.

Read more about Melissa Ostrower
Show more Show less
Photo of Joseph J. Lazzarotti Joseph J. Lazzarotti

Joseph J. Lazzarotti is a principal in the Tampa, Florida, office of Jackson Lewis P.C. He founded and currently co-leads the firm’s Privacy, Data and Cybersecurity practice group, edits the firm’s Privacy Blog, and is a Certified Information Privacy Professional (CIPP) with the…

Joseph J. Lazzarotti is a principal in the Tampa, Florida, office of Jackson Lewis P.C. He founded and currently co-leads the firm’s Privacy, Data and Cybersecurity practice group, edits the firm’s Privacy Blog, and is a Certified Information Privacy Professional (CIPP) with the International Association of Privacy Professionals. Trained as an employee benefits lawyer, focused on compliance, Joe also is a member of the firm’s Employee Benefits practice group.

In short, his practice focuses on the matrix of laws governing the privacy, security, and management of data, as well as the impact and regulation of social media. He also counsels companies on compliance, fiduciary, taxation, and administrative matters with respect to employee benefit plans.

Read more about Joseph J. Lazzarotti
Show more Show less
Related Posts
A Fiduciary’s Next Steps After Trump’s August 2025 Executive Order: Opening the 401(k) Door to Alternative Investments
August 18, 2025
Cryptocurrency in 401(k): A Balanced Approach Returns
June 2, 2025
Health and Welfare Plans: Recent Topics in Year-End Compliance
December 31, 2024