By the Editors · Published 14 June 2026 · Last updated 14 June 2026 · 12 minute read

AI liability for law firms: what legal practices need to know

Q: Does professional indemnity insurance cover an AI hallucination in a legal document or court filing?

It depends on the policy wording and on what verification the solicitor or barrister performed before submitting the document. Standard PI policies cover negligent acts, errors, and omissions by the insured. If you used an AI tool to draft a filing and then submitted it without verifying citations or legal propositions independently, the claim against you runs on your negligence in failing to verify, not on the AI's independent failure. Whether the policy responds then depends on whether the wording contains an AI exclusion or a reckless-disregard exclusion, and whether you disclosed your AI use to the insurer at renewal. The Mata v. Avianca sanctions order (SDNY, 2023) established that submitting unverified AI output is a professional failure attributable to the lawyer, not the tool.

Q: What do the SRA and the Bar Council expect of legal professionals using AI?

The Solicitors Regulation Authority's AI guidance (updated 2024) confirms that using AI tools does not reduce the solicitor's duty of competence under SRA Code of Conduct 2019 Principle 4. Solicitors remain responsible for the accuracy and legal appropriateness of work product regardless of how it was generated. The Bar Council AI Guidance (2023) similarly states that barristers using AI to assist in drafting must apply the same independent judgment they would apply to any other research source. Neither body currently prohibits AI use, but both require that the professional verify AI output before relying on it in any client matter or court submission. A firm that cannot demonstrate verification procedures is exposed both to regulatory sanction and to a gap in PI coverage.

Q: Are AI exclusions appearing in legal sector professional indemnity policies?

Yes. Insurers writing PI for the legal sector have begun adding AI-specific language at renewal in the 2024 and 2025 policy years. The most common formulations are an exclusion for claims arising from the use of automated or AI-generated outputs without adequate independent human review, and a sublimit capping the recoverable amount for AI-related claims below the main policy limit. Some insurers have also added proposal form questions requiring firms to describe their AI tool usage and verification procedures, with misrepresentation voiding the policy. Because the SRA Minimum Terms and Conditions for solicitors' PII set a floor on coverage, outright AI exclusions in the mandatory PII layer are constrained, but they can appear in excess layer policies and may affect the overall programme structure. Ask your broker to compare the new wording with the prior year explicitly.

Q: What five questions should a law firm ask its broker about AI and professional indemnity?

First: does the current policy wording contain any exclusion, sublimit, or condition that applies to AI-generated content or automated outputs? Second: if a solicitor uses an AI tool to draft a document and submits it to a court or client after review, and the content contains an error, would the policy respond to the resulting claim? Third: has the insurer added any new AI-related language to the renewal wording compared to the prior year? Fourth: does the proposal form include any warranty or question about AI tool usage, and if so, does the firm's current disclosure accurately reflect its practice? Fifth: is there a specialist AI liability policy or endorsement that would provide cleaner coverage for AI-assisted legal work beyond what the standard PII programme covers?

Law firms are using AI to draft documents, research case law, review contracts, and prepare client correspondence. The professional liability picture that follows is specific to legal practice: verification duties under Mata v. Avianca, SRA and Bar Council expectations, confidentiality obligations when client data enters an AI tool, AI exclusions appearing in professional indemnity renewals, and the five broker questions that will determine whether your PII programme actually responds to an AI-related claim. This guide sets out the analysis in plain English for solicitors, barristers, and legal support firms operating without a dedicated risk function.

Key takeaways

The Mata v. Avianca sanctions order (SDNY, 2023) established a direct precedent: submitting AI-generated content without independent verification is a professional failure attributable to the lawyer, not the AI tool. Judge Kevin Castel sanctioned the attorneys under Federal Rule of Civil Procedure 11 for submitting fabricated case citations that they had not verified. The principle transfers directly to any legal professional who relies on AI output in court filings, client advice, or legal documents without independent checking.^[1]
The SRA Code of Conduct 2019 does not prohibit AI use, but Principle 4 (competence) and Principle 6 (confidentiality) apply without modification. The SRA's 2024 AI guidance confirms that solicitors remain responsible for the accuracy and legal appropriateness of all work product, regardless of how it was generated. The Bar Council AI Guidance (2023) takes the same position for barristers.^[2]
Professional indemnity policies for law firms are subject to the SRA Minimum Terms and Conditions, which set a coverage floor. However, AI exclusions and sublimits are appearing in excess layer policies and in non-SRA-required coverage. Ask your broker to confirm the AI position in every layer of your programme, not just the primary layer.^[3]
Client confidentiality under the SRA Code and UK GDPR Article 28 applies whenever client data is processed by a third-party AI tool. A firm that submits client-identifiable information to a cloud AI service without a Data Processing Agreement and without having assessed the provider's data retention and training terms is in breach of two separate obligations, regardless of whether any claim arises.^[4]
The EU AI Act (Regulation 2024/1689) classifies AI systems used to administer justice or interpret law as high-risk under Annex III. Firms in EU member states deploying such systems have operator obligations under Article 26 from 2 August 2026, subject to the proposed Digital Omnibus deferral to 2 December 2027 (agreed at trilogue 7 May 2026, not yet adopted).^[5]
Five broker questions matter at renewal: the presence of any AI exclusion or sublimit in any layer of the programme, the policy's response to a claim arising from verified versus unverified AI use, changes to the renewal wording versus the prior year, whether the proposal form contains any AI warranty, and whether specialist AI liability coverage is available as a complement to the PII programme.^[6]

The verification duty: what Mata v. Avianca means for legal practice

On 22 June 2023, Judge Kevin Castel of the Southern District of New York issued a sanctions order against attorneys Robert Mata, Steven Schwartz, and their supervising partner at Levidow, Levidow and Oberman. They had filed a brief in a personal injury case against Avianca Airlines that cited multiple cases that did not exist. The citations had been generated by ChatGPT. When the opposing party challenged the citations, the attorneys first insisted they were real before ultimately acknowledging the error. The court found that the attorneys had violated Federal Rule of Civil Procedure 11 by signing and submitting a document containing representations they had not verified and could not verify, and imposed financial sanctions.^[1]

The sanctions order is routinely cited as an AI cautionary tale, but its professional liability implications are more precise than the general lesson about "checking AI output." The court's analysis turned on the attorney's duty to independently confirm that citations existed and accurately stood for the propositions they were cited for, before signing and submitting the document. The AI tool's failure to produce accurate citations was the mechanism of the error. The attorney's failure to verify was the professional breach. These are different things, and the distinction matters for insurance purposes.

In PI terms, the claim against a lawyer who submits unverified AI output is a negligence claim: the lawyer failed to exercise the standard of care that a competent practitioner would apply to research, drafting, or advice in the circumstances. The AI is not the defendant and the AI's terms of service are not a defence. If the standard of care required independent verification, and you did not verify, the claim is straightforward professional negligence.

The PI risk compounds when the failure is characterised not merely as negligence but as reckless disregard of a known risk. By 2024, the risks of AI hallucination in legal research were publicly documented through the Mata sanctions order itself, the Law Society's guidance on AI tools, and extensive legal press coverage. An insurer writing a renewal in 2025 or 2026 may take the position that a solicitor who relied on unverified AI output for legal citations was not making an inadvertent error but was knowingly disregarding a risk that the profession had been publicly warned about. Some PI policy wordings exclude or limit claims arising from deliberate or reckless disregard of known risks. Whether a specific claim falls into this category depends on the facts and the policy wording, but the risk exists and is not theoretical.

The practical response is documented verification. When you use an AI tool to draft or research legal content, record what you checked, against what source, and when. The record does not need to be elaborate: a case note or matter file entry noting that AI-generated citations were cross-checked against a named legal database at a specific date is sufficient for most purposes. This record serves two functions: it provides evidence of reasonable care if a claim arises, and it helps the insurer characterise a claim as inadvertent error rather than reckless reliance on a known-unreliable tool.

For the broader framework on what documentation an AI-using business should maintain for insurance purposes, see the documentation guide for SME operators, which sets out the minimum record structure applicable to any professional services use case.

SRA and Bar Council expectations: what the regulators actually require

Neither the SRA nor the Bar Council has prohibited AI use in legal practice. Both have issued guidance that confirms AI use is permitted subject to the application of existing professional duties without modification. The practical effect is that the same standards of competence, accuracy, and client care that govern a solicitor drafting a document manually apply equally when an AI tool is used to produce a first draft.

The SRA's 2024 AI guidance states that solicitors must ensure that any AI tool they use in client matters does not produce output that is inaccurate, biased, or otherwise unsuitable for the purpose, and that they must apply the same judgment and quality control to AI-generated content as they would to any other source. The SRA links this to Principle 4 of the Code of Conduct 2019, which requires solicitors to act with competence, skill, and diligence. The SRA has also noted that firms should have clear policies on AI use, including who can authorise the use of AI tools in client matters, what verification is required before AI-generated content is relied upon, and how AI tool usage is documented in the matter file.^[2]

The Bar Council's AI Guidance (2023) addresses barristers specifically and focuses on three areas: research and case preparation, drafting, and court submissions. For research, the Bar Council guidance requires that a barrister using AI to identify cases or statutes independently verify the existence and accuracy of any citation before relying on it, citing Mata v. Avianca explicitly as the illustrative failure case. For drafting, the guidance requires that barristers apply the same independent legal judgment to AI-generated drafts as they would to drafts produced by a junior, treating AI output as a starting point rather than a finished product. For court submissions, the guidance notes that a barrister's duty to the court (cab rank rule and duty of candour) applies regardless of how the submission was prepared, and that submitting AI-generated content without verification risks breach of that duty.^[7]

For PI purposes, the regulatory guidance matters in two ways. First, it establishes what the professional standard of care requires when AI tools are used, which is the benchmark against which a negligence claim will be assessed. A solicitor who followed the SRA AI guidance, documented their verification process, and maintained a clear firm policy on AI use is in a substantially stronger position on a negligence analysis than one who used AI without any governance framework. Second, a finding by the SRA that a firm breached its professional duties in connection with AI use would be relevant evidence in a subsequent PI claim or coverage dispute, and could affect the insurer's willingness to defend and settle the claim.

Client confidentiality and AI tools: the data processing question

Every legal professional using a cloud AI tool for client work faces a confidentiality question that is separate from, and prior to, the PI liability question. The SRA Code of Conduct 2019, Chapter 6, requires solicitors to keep confidential information about clients and their matters. This obligation applies to all client information, not only formally privileged material, and it applies to data shared with third parties, including technology providers.

When a solicitor inputs client information, case facts, contract terms, or any other client-identifiable data into a cloud AI tool, that data is processed by the AI provider on their infrastructure under their terms of service. Whether this processing is lawful depends on three things that many firms have not systematically checked.

First, does the AI provider's data processing agreement confirm that client data submitted to the tool will not be retained beyond the session, used to train future models, or accessible to the provider's staff? The public-facing terms of consumer AI products (the free tier of ChatGPT, for example) historically permitted training on submitted content. Enterprise agreements for the same tools typically do not, but the firm must have the enterprise agreement in place and must have confirmed its terms before using the tool with client data.^[4]

Second, does the firm have a Data Processing Agreement with the AI provider as required by UK GDPR Article 28 and, for EU matters, EU GDPR Article 28? A controller (the law firm) that transfers personal data to a processor (the AI provider) without a compliant DPA is in breach of the GDPR independently of any harm to the data subject. The ICO has confirmed that law firms processing client personal data must have DPAs in place with all technology service providers who process that data on their behalf.

Third, has the client consented to their data being processed by third-party AI tools, or is there another lawful basis for the processing? Under the GDPR, processing client personal data for the purpose of preparing legal advice may be lawful under Article 6(1)(b) (necessary for the performance of a contract) or Article 6(1)(f) (legitimate interests). Whether the specific processing of inputting client data into an AI tool falls within these bases depends on the scope of the retainer and whether this use was reasonably within the client's expectations. Many firms now include an AI tool disclosure in their engagement letters for this reason.

The confidentiality and data protection analysis is a pre-condition to any AI tool use in client matters. A breach of client confidentiality does not necessarily generate a PI claim, but it can generate a separate SRA disciplinary complaint, an ICO enforcement action, and a client claim for breach of the retainer. These run in parallel to the PI liability exposure, and none of them are covered by the same policy structures.

AI exclusions in legal sector PI policies: what to look for

The SRA Minimum Terms and Conditions for solicitors' professional indemnity insurance set a coverage floor that insurers writing PII for English and Welsh solicitors must meet. The MTC requires cover for claims arising from private legal practice without listed exclusions that would permit an outright AI exclusion in the primary PII layer for matters within the definition of "private legal practice." This provides a degree of protection that professionals in unregulated sectors do not have.

However, the MTC floor does not extend to excess layer policies, to specialist coverage for matters outside the MTC scope, or to the coverage structures of Scottish or Northern Irish practices, which operate under different regulatory frameworks. AI exclusions and sublimits are appearing in the market in several places that legal sector brokers may not flag proactively.^[3]

In the excess layer, insurers writing cover above the MTC primary layer are not bound by the MTC terms and can apply AI exclusions or sublimits. A firm with a primary layer of GBP 2 million under MTC terms and an excess layer of GBP 3 million may find that the excess layer excludes or sublimits AI-related claims. This creates a net coverage gap in larger claims where the total exposure exceeds the primary limit.

Some insurers are adding AI warranty questions to proposal forms at renewal. The question typically asks the firm to confirm whether it uses AI tools in client matters, to describe the tools, and to describe the verification procedures in place. An answer that does not accurately reflect the firm's actual practice is a misrepresentation of a material fact. If a claim subsequently arises from AI use and the insurer discovers the proposal form answer was inaccurate, this provides grounds to decline the claim on misrepresentation grounds, even under the primary MTC layer, since the MTC does not protect against fraud or deliberate misrepresentation by the insured.

For legal practices that use AI agents rather than AI tools, the exposure is structurally different. An AI agent that autonomously drafts and sends client communications, reviews documents, or takes consequential actions without a solicitor's review at each step is not performing professional services under the solicitor's direct oversight. The PI policy covers the solicitor's professional work. An AI agent's independent actions may fall outside the professional services definition entirely, leaving the firm exposed without any coverage. For this reason, legal practices deploying AI agents rather than AI drafting assistants should specifically ask their broker about technology errors and omissions coverage as a complement to their PII programme. See the related analysis of AI policy exclusions for SME operators for the full landscape of exclusion language types across policy categories.

The EU AI Act and law firms in EU member states

The EU AI Act (Regulation 2024/1689, entered into force 1 August 2024) classifies AI systems used to administer justice, interpret the law, or assist judicial authorities in resolving legal disputes as high-risk AI systems under Annex III, Category 8. Law firms in EU member states that operate as deployers (operators) of such systems, rather than as developers, are subject to the operator obligations in Article 26 of the Regulation.^[5]

Article 26 obligations for operators of high-risk AI systems include: using the system in accordance with the instructions provided by the provider, ensuring that natural persons overseeing the system have the necessary competence and authority to intervene and override AI decisions, conducting a Fundamental Rights Impact Assessment before deploying the system in certain contexts, maintaining logs of the system's operation to the extent permitted by the provider's architecture, and reporting serious incidents to the relevant national market surveillance authority.

Not every AI tool used by a law firm will be classified as high-risk under Annex III Category 8. The classification applies to AI systems specifically designed to assist in judicial or quasi-judicial decision-making, legal research within those contexts, or document review and analysis where the output directly influences a legal determination. General-purpose AI models used as drafting assistants are not automatically high-risk systems under this classification, though the boundary is fact-specific and will require regulatory clarification in each member state.

The high-risk obligations were due to apply from 2 August 2026. The Digital Omnibus package, agreed at trilogue on 7 May 2026, proposes to defer the high-risk obligations deadline to 2 December 2027. This proposal has not been formally adopted as of the date of this article. The 2 August 2026 date remains the applicable deadline until the Digital Omnibus text is published in the Official Journal. EU-based law firms should not treat the proposed deferral as a confirmed delay and should continue compliance preparation under the 2 August 2026 timeline pending formal adoption.

UK law firms are not directly subject to the EU AI Act following the UK's departure from the EU. The UK AI Regulation White Paper (published March 2023) proposed a principles-based approach applied through sector regulators rather than a cross-sector AI statute. The SRA and the Bar Council are the relevant sector regulators for UK legal professionals, and their existing guidance on AI competence and verification reflects the principles-based approach the White Paper anticipated.

What the market provides: carriers and products relevant to legal sector AI

The SRA Minimum Terms and Conditions require solicitors to obtain PII from a participating insurer on the SRA's published list. Within that market, the AI position varies by insurer and requires explicit broker inquiry at renewal. The following market participants and products are relevant to legal practices seeking cleaner AI coverage beyond the baseline PII programme.

Armilla AI, a Lloyd's coverholder backed by Chaucer, underwrites AI-specific liability coverage including coverage for professional liability arising from AI-assisted work product. This can be structured as an endorsement to an existing PI programme or as a standalone policy. Armilla's coverage model requires disclosure of the AI tools used and the verification procedures in place, and the coverage responds to claims arising from AI-assisted work where the insured can demonstrate reasonable verification steps were taken.^[8]

Munich Re's aiSure product is positioned as affirmative AI performance coverage that guarantees specified AI system outputs against defined performance benchmarks. This is more relevant to firms that have built or deployed proprietary AI tools than to firms using general-purpose commercial AI models in client work, but for firms developing AI-powered legal products, aiSure provides coverage that standard PII does not contemplate.^[8]

Counterpart Insurance launched affirmative AI coverage for miscellaneous professional liability in late 2025, including coverage for claims arising from AI-assisted professional work product where the professional can demonstrate a defined verification standard was met. Counterpart's coverage model is designed for exactly the professional services AI use case that standard PII addresses incompletely.^[8]

AIUC (Artificial Intelligence Underwriting Company) links coverage eligibility to the AIUC-1 certification standard. Firms using AI systems that have been certified under AIUC-1 have access to coverage at terms that are not available for uncertified systems. For legal practices that have adopted specific AI legal research or document review platforms that carry AIUC-1 certification, this path may be more efficient than negotiating bespoke endorsements with a standard PII insurer; availability for specific legal sector tools should be confirmed with AIUC directly.^[8]

Lloyd's of London market syndicates are the broadest source of specialist AI liability coverage for legal practices, given the Lloyd's market's history with professional liability coverage for professional services generally. The question is not whether Lloyd's can write the coverage but whether your broker has access to the relevant syndicates and product lines. This is a specialist placement that not all commercial PI brokers handle. If your current broker cannot access specialist AI liability coverage at Lloyd's, that is relevant information for your programme review.

Five questions to ask your broker at renewal

A general question about "AI coverage" will produce a general answer. The following five specific questions will produce the information you actually need to understand your position.

First: Does the current programme contain any exclusion, sublimit, or condition that applies specifically to AI-generated content, automated outputs, or machine learning tools, in any layer of the programme? Ask the broker to check the actual policy wording in both the primary layer and any excess layers, not just the product summaries.

Second: If a solicitor uses an AI tool to draft a legal document or research case law, reviews and verifies the AI output against independent sources, and then the client claims the advice was wrong, would the policy respond to that claim? This is a specific factual scenario designed to elicit a specific coverage position, not a general assurance.

Third: Has the insurer added any new AI-related language to the renewal wording compared to the prior year? Request a side-by-side comparison of the previous year's insuring clause and exclusions against the new wording if the broker cannot confirm there are no changes.

Fourth: Does the proposal form include any warranty or question about AI tool usage or automated systems, and if so, does the firm's current disclosure in the proposal form accurately reflect its practice? A mismatch here is a material misrepresentation risk that can affect the entire programme.

Fifth: Is there a specialist AI liability policy or endorsement available from Armilla, Counterpart, AIUC, or Lloyd's market syndicates that would provide cleaner affirmative coverage for AI-assisted legal work beyond what the standard PII programme provides, and what would adding this to the programme cost?

Frequently asked questions

Does professional indemnity insurance cover an AI hallucination in a legal document or court filing?

It depends on the policy wording and what verification the solicitor or barrister performed before submitting the document. Standard PI policies cover negligent acts, errors, and omissions by the insured. If you used an AI tool to draft a filing and submitted it without verifying citations or legal propositions independently, the claim against you runs on your negligence in failing to verify. Whether the policy responds depends on whether the wording contains an AI exclusion or a reckless-disregard exclusion, and whether you disclosed your AI use to the insurer at renewal. The Mata v. Avianca sanctions order (SDNY, 2023) established that submitting unverified AI output is a professional failure attributable to the lawyer, not the tool.

What do the SRA and the Bar Council expect of legal professionals using AI?

The SRA's AI guidance (updated 2024) confirms that using AI tools does not reduce the solicitor's duty of competence under SRA Code of Conduct 2019 Principle 4. Solicitors remain responsible for the accuracy and legal appropriateness of work product regardless of how it was generated. The Bar Council AI Guidance (2023) states that barristers using AI to assist in drafting must apply the same independent judgment they would apply to any other research source. Neither body currently prohibits AI use, but both require that the professional verify AI output before relying on it in any client matter or court submission.

Does using AI in client work breach solicitor-client confidentiality?

It can, if client data is processed by a cloud AI tool whose terms permit the provider to retain, train on, or access submitted content. Under SRA Code of Conduct 2019 Principle 6 and Chapter 6, solicitors have a duty of confidentiality that extends to data shared with third-party technology providers. Before submitting any client-identifiable information to an AI tool, solicitors should review the provider's data processing terms, confirm that a Data Processing Agreement is in place as required under UK GDPR Article 28, and assess whether the client has consented to this processing. Many firms use anonymised or synthetic data with AI tools for this reason.

Are AI exclusions appearing in legal sector professional indemnity policies?

Yes. The SRA Minimum Terms and Conditions constrain outright AI exclusions in the primary PII layer for solicitors in England and Wales, but AI exclusions and sublimits are appearing in excess layer policies and in non-MTC coverage. Some insurers are also adding AI warranty questions to proposal forms at renewal: an inaccurate answer to a proposal form warranty can create grounds to decline a claim even in the primary MTC layer. Ask your broker to confirm the AI position in every layer of your programme, not just the primary layer.

What five questions should a law firm ask its broker about AI and professional indemnity?

First: does the current programme contain any exclusion, sublimit, or condition that applies to AI-generated content in any layer? Second: if a solicitor uses and verifies AI output before submitting to a client or court, and a claim arises from an error in that output, would the policy respond? Third: has the insurer added any new AI-related language to the renewal wording versus the prior year? Fourth: does the proposal form contain any warranty about AI tool usage, and does the firm's current disclosure accurately reflect its practice? Fifth: is there a specialist AI liability policy or endorsement available that would provide cleaner coverage for AI-assisted legal work beyond the standard PII programme?

How does the EU AI Act apply to law firms using AI in 2026?

The EU AI Act (Regulation 2024/1689) classifies AI systems used to administer justice or interpret law as high-risk under Annex III. Law firms in EU member states deploying such systems have operator obligations under Article 26, including fundamental rights impact assessments, human oversight requirements, and incident reporting. The original deadline was 2 August 2026. The Digital Omnibus package agreed at trilogue on 7 May 2026 proposes deferral to 2 December 2027, but this has not been formally adopted. The 2 August 2026 date remains binding until adoption. UK firms are not directly subject to the EU AI Act but should monitor SRA and Bar Council positions as UK AI regulation develops.

Footnotes

Mata v. Avianca Inc., Case No. 22-cv-01461 (PKC) (SDNY). Order re: sanctions, 22 June 2023 (Judge Kevin P. Castel). Sanctions imposed under Federal Rule of Civil Procedure 11 on Robert Mata, Steven Schwartz, and their supervising partner at Levidow, Levidow and Oberman for submitting AI-generated fabricated case citations without verification. The order is available in full on the SDNY docket.
Solicitors Regulation Authority, "SRA approach to the use of AI" (2024 update). The guidance links AI use to existing SRA Code of Conduct 2019 principles, particularly Principle 4 (competence), Principle 5 (integrity), and Principle 6 (client confidentiality). Bar Council of England and Wales, "AI in Legal Practice: Bar Council Guidance" (2023). The guidance addresses AI use in research, drafting, and court submissions by barristers, with specific reference to Mata v. Avianca as the illustrative case on verification duties.
SRA Minimum Terms and Conditions for Professional Indemnity Insurance (2013, as amended). The MTC establishes minimum cover requirements for solicitors' PII including minimum indemnity limits and the scope of the insuring clause. The MTC does not permit participating insurers to apply exclusions that would remove cover for claims arising from private legal practice as defined under the MTC, but this constraint applies only to the primary layer written to the MTC standard. Excess layer policies are not subject to the MTC requirements.
SRA Code of Conduct for Solicitors, RELs and RFLs (2019), Principle 6 and Chapter 6 (Confidentiality and disclosure). UK General Data Protection Regulation (UK GDPR), Article 28 (processor obligations), as retained in UK law by the European Union (Withdrawal) Act 2018. For EU-based practices: Regulation (EU) 2016/679 (GDPR), Article 28.
Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence (EU AI Act). Annex III, Category 8: AI systems intended to be used to administer justice and democratic processes. Article 26: obligations for deployers of high-risk AI systems. Article 6(2): classification rules for high-risk AI systems listed in Annex III. The Digital Omnibus proposal, agreed at trilogue 7 May 2026, proposes deferral of high-risk obligations to 2 December 2027 pending formal adoption.
For the framework for broker conversations about AI coverage across policy types, see also: Lloyd's of London, "Artificial Intelligence: Underwriting Considerations" (2023), and Chartered Insurance Institute, "AI and Professional Liability: A Guidance Note for Brokers" (2025).
Bar Council of England and Wales, "Guidance on Use of Artificial Intelligence in Legal Practice" (2023). Section 4 (research and case preparation), Section 5 (drafting), Section 6 (court submissions). The Bar Council guidance is available on the Bar Council website at barcouncil.org.uk.
Armilla AI is a Lloyd's coverholder backed by Chaucer Syndicate. Armilla's AI liability coverage includes professional liability components for AI-assisted work product. Munich Re aiSure is Munich Re's affirmative AI performance coverage product, designed for AI system operators who can define and warrant the performance characteristics of their AI systems. Counterpart Insurance launched affirmative AI coverage for miscellaneous professional liability in late 2025, including coverage for AI-assisted professional work product subject to a defined verification standard. AIUC (Artificial Intelligence Underwriting Company) links coverage to the AIUC-1 certification standard. Current product availability and terms should be confirmed directly with the carriers or through a specialist AI insurance broker.