AI Liability Insurance Has Arrived: What to Buy in 2026

Standard CGL and E&O policies are quietly carving out AI harm. Here is the new affirmative market, who needs it, and how it ties to AB 316 and the EU PLD.

Why AI liability insurance suddenly became its own market

AI liability insurance became a standalone product category in 2026 because the standard policies most enterprises already own — commercial general liability (CGL), errors and omissions (E&O), and tech E&O — are being actively rewritten to exclude AI-caused harm. The coverage you assumed was implicit is being deleted at renewal, and a new set of specialist insurers has stepped in to sell it back to you explicitly.

The trigger was the death of what underwriters call “silent AI” — the gray zone where a general policy might or might not respond to an AI-driven loss. Through 2025 and into 2026, large carriers moved to remove that ambiguity in their own favor. According to reporting by CSO Online, Berkshire Hathaway, Chubb, and Travelers asked state regulators to exclude AI-related damages from general liability policies, and regulators approved more than 80% of those requests; AIG, W. R. Berkley, and Great American Insurance filed similar requests to constrain liability for claims arising from chatbots and other automated products.

At the same time, the industry‘s standards bodies handed carriers the language to do it cleanly. The result is a structural gap: the more an enterprise relies on AI, the less its legacy policies cover the exposure that matters most. That gap — and the regulatory pressure described later in this piece — is precisely what the new affirmative AI liability insurance products exist to fill.

How CGL and E&O exclusions actually strip out AI cover

Standard policies now exclude AI harm through named endorsements that bolt onto your CGL or E&O policy and carve out anything “arising out of” generative AI. In the U.S., the most widely adopted are the Verisk/ISO forms with a January 2026 edition date, which give carriers a ready-made way to delete the exposure during ordinary renewals.

The endorsements are sweeping. As detailed by Hunton’s Policyholder Pulse, three core CGL forms do most of the work: CG 40 47 applies a full generative-AI exclusion (in both occurrence and claims-made versions), CG 40 48 strips generative-AI claims out of Coverage B (personal and advertising injury), and CG 35 08 removes it from products and completed-operations liability. The forms define generative AI broadly — “systems that produce text, imagery, audio or synthetic data in response to user prompts,” naming tools like ChatGPT and Midjourney by example.

The practical danger is the phrase “arising out of.” That is some of the broadest causal language in insurance, and it can reach claims with only a loose connection to an AI system. Policyholder Pulse cautions that even broadly phrased exclusions “are not interpreted in a vacuum,” so coverage fights will still happen — but you do not want to discover the boundary of your policy in litigation. Read your renewal endorsement schedule line by line.

What affirmative AI liability insurance actually covers

Affirmative AI liability insurance is a policy that explicitly names AI-caused harm as a covered peril, rather than leaving it to the silence-or-exclusion lottery of a general policy. The leading products group the coverage into a recognizable set of AI-specific harms instead of generic “bodily injury and property damage” buckets.

Armilla AI — which became the first Lloyd’s Coverholder dedicated exclusively to AI liability in 2024 and launched its standalone policy in April 2025 — illustrates the template. Its affirmative cover, raised to limits of up to $25 million per organization (announced January 2025) and underwritten by Lloyd’s syndicates including Chaucer, names categories such as AI Model Error Liability (hallucination, inaccuracy, drift, underperformance), AI Model Output Liability (defamation, trade-secret and confidentiality exposure), AI Agent Failures (incorrect decisions, improper tool use), non-breach privacy and data-leakage liability, AI-driven property damage, and defense costs and insurable fines tied to AI regulation including the EU AI Act and Colorado AI Act.

Two design principles matter for buyers. First, this is third-party liability cover — it responds when your AI’s output harms a customer, a counterparty, or the public, which is exactly the zone the CGL exclusions vacate. Second, the better policies wrap regulatory defense and fines into the same product, acknowledging that in 2026 an AI loss is as likely to start with a regulator as with a plaintiff. As Armilla CEO Karthik Ramakrishnan put it, “Most insurance policies weren’t designed for generative AI or AI agents. But companies are already deploying these systems at scale.”

Who is writing AI liability insurance and what the policies cost

The supply side of AI liability insurance is concentrated in Lloyd’s-backed specialists and a handful of reinsurer-led programs, with per-risk limits today running roughly from $1 million to $25 million. This is a young, capacity-constrained market — closer to cyber insurance in 2015 than to a mature line — so limits, appetite, and pricing are still moving quickly. Treat every figure below as a snapshot, not a fixed quote.

Three players define the current landscape. Armilla AI offers the broadest standalone affirmative limits at up to $25 million via Lloyd’s. Testudo, an MGA founded by former Goldman Sachs technologist George Lewin-Smith and insurance veteran Mark Titmarsh, launched its Lloyd’s-backed generative-AI liability product in January 2026 immediately after the January 1 CGL exclusions took hold; its limits run from $1 million to $10 million, and reporting indicates it expanded capacity to roughly $9.25 million per risk by March 2026 with Lloyd’s support including Apollo. Munich Re’s aiSure takes a different angle — performance-guarantee cover for AI errors, a line Munich Re says it pioneered in 2018 — and in February 2026 partnered with Mosaic to offer up to $15 million of AI performance cover to AI developers and vendors.

The distinction between Armilla/Testudo and aiSure is worth internalizing. The former are liability products that respond to third-party claims; aiSure is closer to a parametric performance guarantee that pays when measurable AI performance falls below an agreed threshold. Many enterprises will eventually want both: liability cover for when the output hurts someone else, and performance cover for when the model simply underdelivers against its promised accuracy.

How AB 316 and the EU PLD turn AI liability insurance from optional to urgent

Two legal changes — California’s AB 316 and the EU’s revised Product Liability Directive — remove the legal escape hatches enterprises were quietly relying on, which is what converts AI liability insurance from a nice-to-have into a board-level priority. When the law makes it harder to dodge a claim, the insurance that pays the claim stops being optional.

California’s AB 316, signed by Governor Newsom on October 13, 2025 and effective January 1, 2026, eliminates the “autonomous AI” defense: in any civil action against a defendant who “developed, modified, or used” an AI system alleged to have caused harm, the defendant may no longer argue that the AI acted on its own. It does not create strict liability — plaintiffs still must prove causation and foreseeability — but it closes the most attractive deflection and reaches the entire AI supply chain, from foundation-model developer to enterprise deployer.

In Europe, the revised Product Liability Directive (2024/2853) — in force since December 8, 2024, with member-state transposition due by December 9, 2026 — explicitly classifies software, and therefore AI, as a “product” that can be defective. It even contemplates that a manufacturer’s duty can extend to post-sale updates. Put together, AB 316 says you cannot blame the model, and the PLD says the model is a product you are liable for. That is exactly the exposure the new affirmative policies underwrite. For a deeper map of who holds the bag across the stack, see our companion guide on AI agent liability in 2026.

What enterprises should actually buy in 2026

In 2026, an enterprise deploying AI at any meaningful scale should buy a standalone affirmative AI liability policy and stop assuming its CGL, E&O, or cyber tower will respond. The minimum viable posture is: confirm the exclusion, buy back the cover affirmatively, and assemble the governance evidence underwriters now demand to price you.

Start with a coverage audit. Identify every place an AI exclusion endorsement has attached and quantify the gap against your most plausible AI loss scenarios — a defamatory chatbot output, a hallucinated financial recommendation, an agent that takes a damaging action via a connected tool. Then size affirmative limits to that exposure, not to a generic revenue multiple. Gartner has advised general counsel to assess AI insurance as part of AI risk mitigation, a signal that this is moving onto legal and risk agendas, not just procurement’s.

Underwriting is now evidence-driven. The same governance artifacts that satisfy a security review — model cards, evaluation and red-team results, human-in-the-loop controls, audit logs, and incident runbooks — are what get you affirmative cover at a sane price; firms without them increasingly face absolute exclusions at renewal. Finally, layer the products to fit your role: third-party liability cover (Armilla, Testudo) for harm your AI causes others, and performance cover (aiSure) if you are a vendor guaranteeing accuracy. Buy before your enterprise customers make it a contract requirement, because that day is coming fast.

Builder’s take

I run Cyntr, an agent orchestration runtime, and I started reading insurance binders the way I read SOC 2 reports the moment a customer’s procurement team asked for our affirmative AI endorsement. The uncomfortable truth is that the policy you bought in 2024 probably no longer covers the thing you are most worried about. The market repriced AI risk faster than most engineering leaders noticed.

• Pull your current CGL, E&O, and tech-E&O policies and search for the words ‘artificial intelligence’ and ‘generative’ — if you find a new exclusion endorsement at your last renewal, you are likely uninsured for your core product risk right now.
• Underwriters for affirmative AI cover want evidence, not promises. Keep your eval logs, model cards, human-in-the-loop sign-offs, and incident runbooks as underwriting artifacts, the same way you keep them for security audits. At Cyntr we treat per-decision audit logs as a first-class output for exactly this reason.
• Map your contracts to AB 316 before your renewal. If you ‘developed, modified, or used’ an AI system, you can no longer point at the model and say it acted on its own — so your indemnities and your insurance both need to assume you are on the hook.
• Treat affirmative AI insurance like cyber insurance circa 2016: small standalone limits today, table stakes in your enterprise sales motion within 18 months. Buy before your customers require it, not after a claim.

Frequently asked questions

Primary sources

• Armilla raises Lloyd’s-backed AI liability coverage to $25M — Armilla AI
• AI exclusions in insurance policies: broad language, uncertain impact — Policyholder Pulse (Hunton)
• Insurance carriers quietly back away from covering AI outputs — CSO Online
• Testudo launches Lloyd’s-backed generative AI liability coverage — Testudo
• Mosaic partners with Munich Re’s aiSure to launch AI performance cover — The Insurer
• California eliminates the ‘Autonomous AI’ defense: what AB 316 means — Baker Botts
• EU Product Liability Directive 2024/2853 — EUR-Lex (European Union)

Last updated: May 31, 2026. Related: Governance.