Does standard product liability insurance cover AI systems?

Most standard product liability policies were written before AI systems were classified as products. Under the revised EU Product Liability Directive 2024/2853, software qualifies as a product, but your policy may need specific endorsements to cover algorithmic decisions and AI-specific failure modes.

What is the AI Liability Directive and how does it affect insurance needs?

The EU AI Liability Directive introduces a rebuttable presumption of causation when an AI provider or deployer fails to comply with AI Act obligations. This shifts the burden of proof, making claims easier to establish and increasing the importance of adequate liability coverage.

Can regulatory fines under the EU AI Act be insured?

In most EU jurisdictions, regulatory fines and administrative penalties cannot be insured as a matter of public policy. Insurance can cover defense costs associated with regulatory proceedings, but the fines themselves, up to 35 million euros or 7 percent of global turnover, are typically excluded.

Who is liable when a third-party AI model causes harm?

Under the EU AI Act, the deployer who integrates a third-party model retains obligations for human oversight and monitoring. The provider of the model retains obligations for its design and training. Contractual indemnification and clear liability allocation between provider and deployer are essential.

How do insurers assess AI risk for underwriting purposes?

Insurers increasingly evaluate AI governance maturity, including risk management documentation per EU AI Act Article 9, conformity assessment results, incident history, and the organization's AI inventory and classification. Stronger governance practices typically result in more favorable premiums and broader coverage.

Quick answer

AI insurance policies must cover product liability, professional indemnity, and cyber risks specific to AI systems, with coverage gaps addressed through tailored endorsements as the EU AI Liability Directive shifts the burden of proof toward providers and deployers.

Updated June 2026 · MmowW AI Compliance

AI Insurance and Liability Policy: Coverage Requirements and Risk Transfer

The AI Liability Landscape

Traditional insurance products were not designed for AI-specific risks. An AI system that produces a discriminatory lending decision, a faulty medical diagnosis, or a flawed autonomous vehicle maneuver creates liability patterns that cut across product liability, professional indemnity, and cyber insurance. The EU AI Liability Directive (proposed 2022, expected adoption 2024-2025) and the revised Product Liability Directive (Directive 2024/2853) reshape how fault is established and damages are allocated.

Under the revised Product Liability Directive, software including AI systems qualifies as a product. This means strict liability applies to AI providers for defective AI outputs, without the injured party needing to prove fault. The AI Liability Directive introduces a rebuttable presumption of causation when a deployer or provider fails to comply with obligations such as those in the EU AI Act.

Key Liability Frameworks by Jurisdiction

Jurisdiction	Primary Instrument	Liability Standard	Burden of Proof
EU	Product Liability Directive 2024/2853 + AI Liability Directive	Strict liability for defective products; fault-based with presumption for AI	Reversed/eased for claimants when AI Act obligations breached
United States	State tort law + Section 230 (limited AI scope)	Negligence and product liability (varies by state)	Claimant bears burden; discovery of AI internals contested
United Kingdom	Consumer Protection Act 1987 + common law	Strict liability for products; negligence for services	Claimant bears burden; AI-specific reforms under consultation
China	Civil Code Articles 1202-1207 + algorithm regulations	Strict liability for defective products; fault-based for services	Manufacturer bears burden for product defects

Insurance Coverage Categories for AI Systems

Product Liability Insurance

Covers claims arising from defective AI outputs that cause physical injury or property damage. Under the revised Product Liability Directive, AI providers face strict liability for defective AI systems placed on the EU market. Deployers may be treated as providers if they substantially modify the system or put their name on it (EU AI Act Article 28). Standard product liability policies may exclude software or algorithmic decisions; endorsements are needed.

Professional Indemnity / Errors and Omissions

Covers financial losses arising from negligent advice or services delivered through AI. Critical for AI-assisted professional services such as medical diagnostics (AI as medical device under MDR 2017/745), legal document review, or financial advisory. Insurers increasingly require disclosure of AI use in professional services.

Cyber Liability Insurance

Covers data breaches, adversarial attacks on AI models, and privacy violations. GDPR Article 82 establishes the right to compensation for data protection violations. AI systems processing personal data are exposed to both cyber attack vectors and data protection claims. Model poisoning and prompt injection attacks create novel cyber risks.

Directors and Officers Liability

Covers personal liability of directors for failures in AI governance. As AI governance becomes a board-level responsibility under frameworks like ISO/IEC 42001 and the EU AI Act Article 4 (AI literacy), directors face personal exposure for inadequate oversight of AI risk.

Coverage Gaps and Emerging Solutions

Several AI-specific risks remain poorly covered by traditional insurance:

Algorithmic discrimination claims under the EU AI Act Article 10 (data governance) and Article 9 (risk management)
Gradual performance degradation causing cumulative harm, which falls between sudden-event triggers in standard policies
Supply chain liability when third-party AI models (foundation models, APIs) cause downstream harm
Regulatory fines and penalties, which are typically excluded from insurance coverage in most jurisdictions

Specialist AI insurers such as Munich Re, Coalition, and emerging insurtechs now offer parametric AI insurance products and algorithmic auditing as pre-conditions for coverage. Lloyd's of London has published guidance on AI-specific underwriting considerations.

Risk Transfer Strategies

Contractual Allocation

AI service agreements should explicitly address liability allocation. Key clauses include indemnification for AI-caused harm, representations about AI system compliance with applicable regulations, limitation of liability provisions that account for AI-specific risks, and audit rights to verify AI system performance. Under the EU AI Act, deployers retain obligations that cannot be fully transferred contractually, including human oversight (Article 14) and incident reporting (Article 62).

Insurance Program Design

Structure AI insurance as a layered program: primary product liability and professional indemnity at the base, cyber liability as a complement, and excess/umbrella coverage for catastrophic AI failure scenarios. Maintain documentation of AI risk management practices, as insurers increasingly require evidence of governance maturity for favorable terms.

Compliance-Linked Insurance Requirements

For high-risk AI systems under EU AI Act Annex III, insurers are beginning to require evidence of: conformity assessment completion (Article 43), quality management system implementation (Article 17), post-market monitoring plans (Article 72), and incident reporting procedures (Article 62). Failure to maintain these compliance elements may void coverage or trigger policy exclusions.

Building an AI Insurance Strategy

Start by mapping each AI system to its liability exposure, identifying applicable regulatory requirements, and assessing current insurance coverage against AI-specific risk scenarios. Engage specialized AI insurance brokers who understand the intersection of technology risk and regulatory compliance. Review coverage annually as the regulatory environment and AI deployment landscape evolve.

Check your AI compliance readiness — free.

Take the Readiness Check 3 minutes · 10 questions · no signup required

This article is for informational purposes only and does not constitute legal advice. Regulatory requirements change frequently — verify current rules with official sources. Built by Sawai Gyoseishoshi Office, Hiroshima, Japan.