Auto and Commercial Vehicle Insurance

Clarification on minimum liability insurance for motor carriers

Effective 1 July 2024, the New Jersey Department of Banking and Insurance (NJDOBI) clarified that commercial motor vehicles garaged in New Jersey and travelling interstate must carry higher minimum liability coverage. Vehicles weighing 26,001 pounds or more require USD1.5 million for injury, death or property damage per accident, while those weighing between 10,001 and 26,000 pounds need USD300,000. This corrects earlier interpretations, limiting the liability to intrastate carriers and exceeding the federal minimum of USD750,000. Governor Phil Murphy signed the law on 16 January 2024.

Supreme Court ruling on low-speed electric scooters and PIP benefits

In a November 2024 decision (Goyco v Progressive Insurance Company), the New Jersey Supreme Court ruled that users of low-speed electric scooters do not qualify as “pedestrians” under the state’s no-fault law. This means scooter riders injured in accidents may not be eligible for personal injury protection (PIP) benefits, as scooters are classified as motorised vehicles rather than as being akin to bicycles. The ruling emphasises the scooter’s features (eg, electric motor, handlebars, lights) and upholds denials of such claims.

Health Insurance and Pharmacy Benefits

Pharmacy Benefit Managers (PBM) Act (Bulletin No 24-18)

Effective 1 January 2025, this bulletin implements New Jersey Statutes Annotated (NJSA) 17B:27F-1 et seq, which requires the licensing and oversight of PBMs. Key requirements include registration for pharmacy service administrative organisations (PSAOs) by 31 March 2025 (for retroactive effect to 1 January), contract provisions for pricing transparency (eg, updates every seven days, appeal mechanisms) and treating uncollected rebates as non-admitted assets in accounting. Penalties for violations can reach USD10,000 or aggregate receipts, with possible licence suspension.

Ensuring Transparency in Prior Authorization Act (ETPAA) (Bulletin No 24-17)

Also effective 1 January 2025, this Act replaces the prior Health Claims Authorization Act, mandating greater transparency in utilisation management. Carriers must post prior authorisation information online, adhere to strict response timelines, provide appeal processes (including arbitration) and ensure prompt payments with interest on overdue claims. The Act aims to reduce inefficiencies in healthcare delivery and applies to hospitals, physicians and insurers.

Rising health insurance costs for public workers

In 2025, public employees (especially educators) faced significant premium hikes due to cost overruns in the State Health Benefits Program (USD254 million for school employees in 2025). While not a new law, this stems from ongoing regulatory oversight and has sparked calls for state intervention to improve affordability.

Data Privacy and Consumer Protection

New Jersey Data Privacy Act (NJDPA)

Signed on 16 January 2024, and effective 15 January 2025, this comprehensive law (Senate Bill 332) regulates controllers processing the personal data of at least 100,000 New Jersey residents (or 25,000 if deriving revenue from data sales). Consumers have the right to access, correct, delete and opt out of data use for advertising or profiling purposes. Insurers must obtain express consent for sensitive data (eg, health or financial info), conduct impact assessments, limit collection to necessary purposes and support universal opt-out mechanisms by 15 July 2025. This increases compliance costs for insurers but provides no private right of action – enforcement is by the Attorney General, with a 30-day cure period (expiring after 18 months).

Exemption for insurance-support organisations (A5017)

Introduced in 2024 and engrossed in May 2025, this bill exempts certain personal information collected by insurance-support organisations from data notification and disclosure requirements under P.L.2023, c.266. It was referred to the Senate Commerce Committee, potentially easing burdens on insurers while maintaining privacy standards.

Annuities and Producer Standards

Adoption of the “best interest” standard for annuity transactions

Effective 21 April 2025, New Jersey became the 50th state to adopt this National Association of Insurance Commissioners (NAIC)-based standard, requiring producers to act in the best interests of consumers. It includes duties of care, disclosure of conflicts and documentation, aligning with SEC regulations to enhance protections for retirement products without overly restricting insurers.

Workers Compensation

Increase in attorney fee cap (S2822/A3986)

Signed 22 August 2024, this law raises the maximum attorney fee in workers’ compensation cases from 20% to 25% of awards, effective immediately for pending claims. Judges retain discretion, but it applies to medical, temporary disability and permanency benefits.

Emerging Technologies

Bulletin on AI use in insurance (No 25-03)

Issued on 11 February 2025, this bulletin adopts the NAIC Model Act, which requires insurers to govern AI systems in a responsible manner. While specific requirements (eg, bias mitigation, transparency) align with the model, it emphasises ethical use in underwriting and claims.

Arbitration-Focused Mechanisms

New Jersey has seen significant judicial developments regarding the arbitrability of insurance-related claims, particularly under the Insurance Fraud Prevention Act (IFPA; NJSA 17:33A-1 et seq) and in connection with PIP benefits. These rulings highlight the tensions between state and federal interpretations and aim to clarify the scope of arbitration versus court litigation in cases involving fraud. Additionally, new health insurance regulations incorporate arbitration mechanisms.

Disagreement on the arbitrability of IFPA claims

In April 2024, the US Court of Appeals for the Third Circuit ruled in Gov’t Emps. Ins. Co. v Mount Prospect Chiropractic Ctr., P.A. (98 F.4th 463) that claims under the IFPA are subject to arbitration under New Jersey’s Automobile Insurance Cost Reduction Act (AICRA). The court reasoned that nothing in the IFPA’s text or history prohibits arbitration, and the claims involved efforts to recover PIP benefits, which fall under mandatory arbitration provisions in no-fault laws and insurers’ decision point review plans. This decision made it challenging for insurers to litigate fraud claims in federal court.

However, on 9 January 2025, the New Jersey Appellate Division reversed course in Allstate v Carteret Comprehensive Medical Care (No A-0778-23), holding that IFPA and New Jersey Anti-Racketeering Act (RICO) claims are not subject to PIP arbitration. The case involved Allstate alleging a conspiracy to fraudulently obtain over USD1.7 million in PIP benefits through the submission of misleading claims. The Appellate Division emphasised that PIP arbitration is limited to disputes over medical expense payments and lacks the capacity for broad damages, discovery or third-party joinder available in court. It also noted that arbitration could hinder the New Jersey Commissioner of Banking and Insurance from intervening in the matter. The court explicitly disagreed with the Third Circuit’s interpretation, prioritising legislative goals and the right to a jury trial for complex fraud claims, as affirmed in prior state precedent like Allstate N.J. Ins. Co. v Lajara (2015). This ruling allows insurers to pursue such claims in the Law Division, potentially leading to an appeal to the New Jersey Supreme Court for final resolution.

Arbitration in health insurance appeals (ETPAA)

As part of the ETPAA(Bulletin No 24-17), effective 1 January 2025, health carriers must provide robust appeal processes for prior authorisation denials, including arbitration options. This enhances transparency and efficiency in resolving disputes over utilisation management, applying to hospitals, physicians and insurers.

Ongoing No-Fault PIP Arbitration Program

Administered by Forthright under AICRA, this programme continues to handle PIP disputes, with no significant structural changes reported in 2024–25. It focuses on quick resolution of medical expense claims, though the above rulings clarify that broader fraud allegations may bypass it for court proceedings.

Cyber-Fraud

In the past year, New Jersey has advanced protections against cyber fraud in the insurance sector through enhanced data privacy regulations, enforcement actions by the Cyber Fraud Unit and court decisions clarifying cyber insurance coverage. Cyber fraud here encompasses fraudulent activities enabled by digital means (eg, data breaches leading to false claims) and insurance claims arising from cyber-attacks. While no major new statutes specifically target cyber insurance fraud, the focus has been on preventing data misuse that could facilitate fraud and resolving coverage disputes for cyber incidents. Key developments include the following.

Implementation of the NJDPA (Section 332)

Effective 15 January 2025, this comprehensive law regulates entities, including insurers, that process the personal data of New Jersey residents. It applies to businesses controlling or processing data for at least 100,000 consumers (or 25,000 if deriving revenue from data sales), requiring data minimisation, security practices, consent for sensitive data (eg, health or financial information common in insurance), privacy notices and data protection assessments for high-risk activities like profiling. This directly combats cyber fraud by limiting data exposure that could be exploited for fraudulent claims or identity theft in insurance contexts. Non-compliance can result in fines up to USD10,000 per violation (enforced by the Attorney General), with a 30-day cure period until 15 July 2026. The Division of Consumer Affairs’ Cyber Fraud Unit released FAQs on 6 January 2025, clarifying applicability to non-profits and small businesses acting as data processors, which may include insurance entities. Proposed draft regulations were issued on 2 June 2025, to further implement consumer rights and consent mechanisms, with a comment period ending 1 August 2025.

Enforcement and initiatives by the Cyber Fraud Unit

The Cyber Fraud Unit, within the Division of Consumer Affairs, enforces laws like the Consumer Fraud Act, Identity Theft Protection Act, and Health Insurance Portability and Accountability Act (HIPAA), focusing on digital privacy violations that intersect with insurance (eg, health data breaches). In July 2024, it advised consumers impacted by the Change Healthcare data breach – a major incident affecting medical claims and insurance processing – to protect their information, highlighting risks of downstream fraud in health insurance claims. In August 2024, Attorney General Platkin secured a USD4.5 million multistate settlement with Enzo Biochem for inadequate health data safeguards, underscoring the importance of protections for data used in insurance underwriting and claims. These actions reinforce regulatory oversight to prevent cyber-enabled fraud in the insurance ecosystem.

Court rulings on cyber insurance coverage

Merck & Co. v ACE American Insurance Co. (App. Div., 2024)

In a November 2024 decision, the New Jersey Appellate Division ruled that a “hostile/warlike action” exclusion in property insurance policies does not apply to the 2017 NotPetya cyber-attack, attributed to Russian state actors. Merck sought USD1.4 billion in coverage for losses from malware that disrupted 40,000 computers. The court limited the exclusion to traditional armed conflicts, not cyber-attacks, potentially expanding coverage under “all-risks” property policies for similar incidents. The New Jersey Supreme Court initially granted certification but dismissed the appeal in 2024 after a settlement, leaving the appellate ruling intact. This development influences how insurers assess and cover cyber risks, encouraging more explicit policy language to address fraud or losses from state-sponsored hacks.

Amendments to the IFPA via Bill S2558

Introduced on 8 February 2024, this bill extends IFPA protections to self-insured entities and plans, allowing them to pursue damages for fraudulent claims and enabling the sharing of evidence with the Commissioner of Banking and Insurance. While not cyber-specific, it could apply to cyber-facilitated fraud (eg, digitally falsified claims under self-insured health plans). The bill’s status as of August 2025 is unclear from available sources, but it represents ongoing efforts to broaden anti-fraud measures in insurance.

General trends in data breach and fraud litigation

While no standout court cases directly involved cyber fraud in insurance claims (eg, phishing for benefits), 2024 reviews of data breach litigation noted increased scrutiny of standing in such cases, potentially affecting insurance recoveries for breach-related losses. Existing statutes like NJSA 2C:21-4.6 criminalise insurance fraud via false statements (including electronic submissions), but no 2024–25 amendments or cyber-specific rulings were identified.