AI Risk Transfer

Does your insurance still cover AI?

For years, AI-related risk sat quietly inside policies that were never written with it in mind — neither clearly covered nor clearly excluded. That ambiguity is now being resolved, and not always in your favour. This is a plain-English guide to the AI insurance shift, what it means at renewal, and how governance is becoming an insurability question.

The coverage gap is becoming explicit

Insurers call it the “silent AI” problem — by analogy with the “silent cyber” exposure the market spent years cleaning up. AI-related risk has been embedded across professional indemnity, public liability, cyber, and directors-and-officers cover without ever being named. Having learned that lesson, insurers are now addressing AI deliberately: some by excluding it, others by offering cover built for it.

For a definition of the underlying concept, see AI insurance in the glossary. Note too that the EU AI Act treats insurance pricing and underwriting AI as high-risk, so insurers face this shift from both sides.

One side: exclusions

Insurers carving AI out

Through 2025–2026 carriers moved to remove ambiguity by excluding AI. In January 2026 the Insurance Services Office (ISO)/Verisk introduced optional generative-AI exclusion endorsements for US general-liability policies, and parallel exclusion wording began appearing in directors-and-officers (D&O) and errors-and-omissions (E&O) forms. Definitions of “AI” in these endorsements are often broad.

·New exclusions in general liability, D&O, and E&O
·Broadly worded “generative AI” definitions
·The effect usually lands at renewal

Other side: affirmative cover

A specialist market filling the gap

As exclusions spread, a small but growing specialist market emerged offering purpose-built AI cover — including standalone AI liability policies and excess “drop-down” layers that sit over existing D&O, E&O, and cyber programs and respond where AI is excluded or sub-limited. Some are offered through Lloyd’s-backed structures.

·Standalone AI liability policies
·Excess / drop-down layers over existing cover
·Underwriting that rewards demonstrable assurance

What tends to be covered — and carved out

Often within affirmative AI cover

+Inaccurate or hallucinated outputs causing financial loss
+Performance degradation and model drift
+IP, defamation, and advertising-injury claims from AI output
+Data leakage and confidentiality breaches

Often excluded or uncertain

−Bodily injury and property damage (often excluded or separate)
−Regulatory fines and penalties (frequently uninsurable by law)
−Deliberate, reckless, or already-known issues
−Systemic events concentrated on a single model provider

Illustrative only. What any policy covers turns entirely on its wording and the facts of the claim.

How this is playing out around the world

The shift from silent to explicit AI cover is global, but it is arriving through different doors — exclusions in the US, liability law in the EU, the London market in the UK, and regulators in Australia.

United States

The most explicit market. ISO/Verisk optional generative-AI exclusion endorsements took effect in January 2026, and major carriers have added AI exclusions to general-liability, D&O, and E&O policies — alongside the nascent standalone AI-liability market.

European Union

Liability-led. The EU AI Act makes insurance pricing and underwriting AI high-risk from August 2026, and a revised Product Liability Directive eases proof for AI-caused harm — pushing insurers toward explicit AI terms and regulatory-cost endorsements where insurable.

United Kingdom

London-market driven. Lloyd's pioneered the shift from silent to explicit cover with its 2019 silent-cyber mandate, and London syndicates and coverholders now underpin much of the world's specialist AI cover; UK research is openly linking AI assurance to insurability.

Australia

Regulator-sharpened. APRA's 30 April 2026 letter and ASIC's May 2026 focus put AI governance and assurance in scope, while the silent-AI gap runs through the same professional-indemnity, D&O, and cyber covers used locally (more below).

Elsewhere the pattern rhymes: across Asia-Pacific, regulators stress fairness in insurers’ own pricing and claims AI (for example Singapore’s MAS FEAT principles), while the specialist market that actually transfers AI risk remains anchored in London. Wherever you operate, the live question is the same — read your wordings, and treat assurance as the thing that keeps you insurable.

The Australian lens

Silent AI is an Australian board issue too

The same coverage classes used in Australia — professional indemnity, management and D&O liability, public liability, and cyber — carry the same silent-AI ambiguity, and the global specialist market is reachable through Australian brokers. Whether an existing policy responds to an AI-related loss will depend on its wording and the facts.

Regulators have sharpened the question. APRA’s 30 April 2026 letter to regulated entities warned that governance, risk management, assurance, and operational resilience are not keeping pace with AI adoption, and ASIC reinforced its focus in May 2026. For boards, that makes how AI exposure is governed and transferred a live question — best handled as part of operational risk management rather than left to chance. Our regulator profiles set out who is watching.

APRA’s review also singled out concentration risk — heavy reliance on one or two AI providers — and boards leaning on vendor summaries without testing the risks underneath. Existing Australian covers such as management and professional-indemnity liability, D&O, and cyber may or may not respond to an AI-related loss depending on their wording, so the prudent move is to map AI exposure into your risk register and CPS 230 operational-risk and third-party arrangements rather than assume a policy will answer. For Australian insurers themselves, the same scrutiny applies to the pricing and claims models they run.

Governance as a lever

Assurance is becoming an insurability question

Insurers price what they can measure. Demonstrable assurance — a working model risk management program, testing and red-teaming, clear documentation, and recognised frameworks such as ISO/IEC 42001 — is increasingly what underwriters look for, and is being linked to both insurability and price. The practical implication is that good AI governance is no longer only a compliance matter; it is starting to determine whether, and on what terms, your AI risk can be transferred at all.

Questions to ask before your next renewal

Does any of our cover — general/public liability, professional indemnity, D&O, E&O, cyber — now exclude AI or automated decision-making?

How does each policy define “artificial intelligence” or “generative AI”? Broad wording can reach more than you expect.

Where AI is excluded or sub-limited, is affirmative or excess “drop-down” AI cover available to us?

Can we evidence our AI assurance — model risk management, testing, documentation — to underwriters?

Who owns AI insurance internally, and is it joined up with our AI governance and risk register?

Frequently asked questions

Is AI covered by our existing insurance?

Often it is unclear — the “silent AI” problem. AI-related exposure has sat across professional indemnity, public liability, cyber, and D&O policies that neither clearly cover nor clearly exclude it, leaving a potential gap at the moment of claim. Through 2025–2026 insurers began making AI explicit, mostly by excluding it. Whether a given loss is covered depends entirely on the policy wording and the facts.

What is “silent AI”?

By analogy with “silent cyber,” it refers to AI-related risks that are neither explicitly covered nor excluded under existing policy wordings. Insurers learned from the silent-cyber experience and are now moving to address AI deliberately — either by excluding it or by offering affirmative AI cover — rather than leaving it unpriced and ambiguous.

Can we buy dedicated AI insurance?

Yes, though the market is still small and evolving. Specialist providers offer standalone AI liability policies, and excess “drop-down” structures that sit over existing D&O, E&O, and cyber cover and respond where AI is excluded. Cover and appetite vary widely, so terms should be checked with a broker who knows this market.

Are regulatory fines insurable?

Frequently not. In many jurisdictions, fines and penalties are uninsurable as a matter of public policy, and AI-specific regulatory exposure may be excluded even where affirmative AI cover exists. This is one reason insurance is a complement to — not a substitute for — strong governance.

Does this apply to Australian organisations?

Yes. The “silent AI” gap spans the same classes of cover used in Australia, and the global specialist market is accessible to Australian insureds through brokers. APRA’s 30 April 2026 letter and ASIC’s communications in May 2026 put AI governance, assurance, and operational resilience squarely in regulators’ sights, which sharpens the board-level question of how AI exposure is managed and transferred.

Does good AI governance affect our insurance?

Increasingly, yes. Insurers price what they can measure, so demonstrable assurance — model risk management, testing and red-teaming, documentation, and recognised frameworks such as ISO/IEC 42001 — is becoming what underwriters look for, and is being linked to insurability and premiums. Governance is shifting from a pure compliance question toward an insurability one.

Related glossary terms

AI Insurance Model Risk Management AI Assurance Data Leakage Safety Case Three Lines of Defence

Turning AI risk into something you can stand behind

Whether AI risk can be insured — and on what terms — increasingly tracks how well you can evidence your governance. A clear-eyed look at where your exposure sits is a good place to start.

Free assessment How we help

This page is general information about a fast-moving insurance market, not legal, financial, or insurance advice, and not a substitute for advice from a licensed broker or adviser. Market terms, exclusions, and available products change quickly and vary by insurer and jurisdiction. Always confirm your current cover with your broker and verify specifics against the policy wording.