By the Editors · Published 7 June 2026 · Last updated 7 June 2026 · 14 minute read

What does AI insurance actually pay out for?

Every week, more small businesses deploy AI agents and then purchase something called AI liability insurance without fully understanding what a payout looks like in practice. This guide answers that question directly: five categories of loss that covered policies respond to, the exclusions that kill most claims before they start, and three realistic scenarios showing where coverage responds and where it does not.

Why this question matters more than operators realise

The AI insurance market is expanding fast and in several directions at once. HSB (a Munich Re subsidiary) launched an SME-specific AI Liability product in the United States in March 2026. Armilla, backed by Chaucer and Axis Capital and operating as a Lloyd's coverholder, raised USD 25 million in January 2026 and expanded its coverage limits to USD 25 million per occurrence. Testudo, backed by Apollo, Atrium, and QBE, entered the market in January 2026. At the same time, standard general liability policies are adding AI exclusion endorsements at renewal, narrowing the coverage that SMEs previously assumed they had.^[1]

The result is a market where operators face mounting pressure to buy dedicated AI coverage while having limited visibility into what that coverage actually delivers. Most insurance brokers are themselves working through this in real time. This guide is a starting point for the conversation you need to have with yours, with specific enough language to help you evaluate what you are being offered.

The five payout categories

1. Third-party bodily injury and property damage

The most straightforward category covers physical harm or property loss caused by an AI system operated by the insured. This is primarily relevant to operators of AI in physical contexts: AI-controlled industrial equipment, autonomous navigation systems, AI-assisted medical devices, or AI systems directing physical actions. The trigger is an AI agent taking or recommending an action that results in a person being injured or property being damaged.

For most SMEs, this category has limited immediate relevance unless the AI system interacts with the physical world. A customer service chatbot, a content generation tool, or an AI assistant for internal use does not typically create bodily injury or property damage exposure. The coverage matters most for operators in logistics, construction, healthcare support, and any sector where AI recommendations translate into physical actions.^[2]

Coverage note: most policies require that the bodily injury or property damage was unintended and unexpected. An operator who deploys an AI system in a context where physical harm is a foreseeable and unaddressed risk will find this coverage harder to access at claim time.

2. Errors and omissions: financial harm from incorrect AI output

This is the category most directly relevant to SMEs. It covers financial loss suffered by a third party because an AI system operated by the insured provided incorrect information, made an incorrect recommendation, or failed to perform a task accurately, and the third party relied on that output to their detriment.

The Air Canada chatbot case is the clearest illustration of this category in practice. Jake Moffatt contacted Air Canada's chatbot and received information about a bereavement discount policy that turned out to be incorrect. He purchased flights in reliance on the chatbot's statement and was then refused the discount. The BC Civil Resolution Tribunal awarded him CAD 812.02 in damages plus additional compensation.^[3] Under an AI errors and omissions policy with a third-party financial harm trigger, the defence costs and the damages award would both have responded.

For an SME deploying an AI agent to answer customer questions, process orders, provide product recommendations, or give guidance on anything from tax treatment to medical protocols, this coverage category is the most important one on the policy. The trigger is: a customer suffered financial harm because they relied on your agent's output and the output was wrong.

The exclusions in this category are also the ones operators most commonly fail to read. Most policies exclude: losses where the operator was aware of the failure mode before deployment; losses from AI systems operating outside the scope defined at underwriting; and losses from professional services in regulated categories such as legal advice or medical treatment unless the operator holds the required professional licence and the policy is specifically structured for that sector.^[4]

3. Regulatory defence costs and civil fines

As AI regulation has developed, so have the regulatory risks operators face. The EU AI Act (Regulation 2024/1689) creates a penalty regime of up to EUR 35 million or 7% of global annual turnover for the most serious violations, and up to EUR 15 million or 3% of turnover for deployer non-compliance with Article 26 obligations.^[5] Colorado's AI Act (C.R.S. section 6-1-1701 et seq.), in force from 1 February 2026, gives the state attorney general enforcement authority over algorithmic discrimination claims.

AI liability policies can cover the legal defence costs incurred in responding to a regulatory investigation, even where no fine ultimately results. Defence costs coverage is often the most valuable element for SMEs, where the cost of legal representation in a regulatory enquiry can exceed the eventual penalty.

An important limitation: most jurisdictions prohibit insuring against the fines themselves in certain categories, particularly criminal penalties and fines specifically excluded by statute from being the subject of insurance contracts. Your policy wording will specify whether civil regulatory penalties are covered, defence costs only, or both. Read this clause before the investigation begins, not after.^[6]

4. Data incident notification and crisis management costs

Where an AI system processes personal data and a data incident occurs, costs accumulate fast: forensic investigation, regulatory notification requirements under the GDPR's 72-hour supervisory authority notification obligation (Article 33 of Regulation 2016/679), individual notification where required, credit monitoring services, and public relations management. AI-specific policies increasingly include a data incident response cost trigger that does not require a formal third-party claim before coverage responds.

This category overlaps significantly with cyber insurance. Operators who already hold a cyber policy should review it alongside any AI-specific coverage to identify both gaps and duplication. The risk of a coverage gap is typically in the AI-specific failure mode, where an AI system's error caused the data incident rather than a conventional network intrusion. Some cyber policies exclude losses arising from AI system failures that were not caused by an external threat actor.^[7]

5. Intellectual property claims from AI-generated content

Where an AI system generates content that infringes a third party's copyright, trademark, or other intellectual property right, the resulting claim falls on the operator, not the model provider. Model providers including Microsoft (via its Azure OpenAI Copilot Copyright Commitment), Google, and Amazon Bedrock have each committed to defend customers against copyright infringement claims arising directly from the model's training data, subject to usage policy compliance. However, these commitments have limits and do not cover operators who have modified outputs, combined them with other content, or used them outside the terms of the provider's commitment.^[8]

An AI liability policy with an IP infringement endorsement covers the defence costs and damages from a copyright or trademark claim where your AI agent produced the infringing content. This is particularly relevant for operators using AI to generate marketing copy, code, images, or other creative output that is published externally.

The three exclusions that end most claims

Understanding what a policy covers is only half the analysis. The exclusions are where most AI-related claims encounter resistance. Three exclusions account for the majority of denied AI claims at SME scale.

Exclusion 1: Expected or intended outcomes

ISO endorsement CG 40 47 (now widely adopted across the US casualty market) and the W.R. Berkley affirmative AI form PC 51380 both contain language excluding losses arising from outcomes that the operator expected or should have expected given the information available at deployment. In practice, this exclusion operates as follows: if you reviewed your AI system's performance before deployment and identified a category of errors that then caused a loss, the resulting claim is excluded because the outcome was, in the policy's terms, expected.^[9]

The practical implication is significant. An operator who runs careful pre-deployment testing, identifies a failure pattern, documents it, and then deploys anyway has created a record that the outcome was expected. The solution is not to skip testing. It is to fix the identified failure patterns before deployment and document that you did so. A clean pre-deployment audit, properly documented, is both a risk management tool and an insurance document.

Exclusion 2: Systems outside the scope disclosed at underwriting

Insurers price AI liability coverage based on what the operator disclosed at underwriting: the types of AI systems in use, the categories of decision they support, the sectors they operate in, and the volume of interactions they handle. If a claim arises from an AI system or deployment category that was not disclosed, or that has materially changed since disclosure, the claim may be denied on the basis of material misrepresentation or non-disclosure.

This exclusion catches operators who add AI tools during the policy period without notifying their carrier, deploy an existing AI tool in a new higher-risk category (for example, moving from internal use to customer-facing use), or exceed the deployment volumes or geographic scope disclosed at underwriting. Most AI policies include a mid-term notification obligation for material changes to the AI systems they cover. Treat this obligation seriously.^[4]

Exclusion 3: Regulatory categories where coverage is prohibited

Certain categories of AI deployment attract regulatory restrictions that also affect insurability. An operator who deploys AI in a regulated professional context without the required authorisation (medical diagnosis without regulatory clearance, legal advice without a practising certificate, financial advice without FCA or equivalent authorisation) will find that claims arising from that deployment fall outside coverage, both because the activity itself was prohibited and because the insurer did not price for a regulated professional liability risk.

The EU AI Act's Article 5 prohibited practices are a particularly important boundary. Any AI system that falls within the Article 5 prohibitions (subliminal manipulation, social scoring, real-time biometric surveillance in public spaces except in defined law enforcement contexts) cannot be deployed legally, and claims arising from it will not be covered by any legitimate insurer.^[5]

Three realistic claim scenarios

Scenario A: Customer service agent gives wrong pricing. Coverage responds.

A retail SME deploys an AI customer service agent that has access to a product database. The database contains a pricing error for a limited period. The agent quotes 200 customers the incorrect price during that window. Thirty customers place orders at the quoted price and then receive invoices at the correct (higher) price. Twenty of the thirty dispute the charge or request refunds. The SME incurs legal review costs for five formal complaints and refunds eight customers totalling EUR 3,400.

Under an AI errors and omissions policy with a third-party financial harm trigger: the defence costs and the refunds respond, subject to the policy's retention (excess). The trigger is met: the AI system provided incorrect information and customers suffered financial harm by relying on it. The exclusions are not engaged: the pricing error was not a known failure mode at deployment, the system was operating within the scope disclosed at underwriting, and the activity is not in a prohibited category. This is the scenario AI E&O coverage is designed for.

Scenario B: AI hiring screener applies discriminatory criteria. Partially covered.

An SME uses a third-party AI hiring tool to screen applications for a customer service role. The tool, without the operator's explicit instruction, ranks candidates below 25 and above 55 lower than others in the same qualification bracket. Three rejected applicants file age discrimination complaints with the national equality body. The SME incurs legal representation costs of EUR 18,000 over nine months before the complaints are resolved with a finding of no deliberate discrimination but inadequate oversight.

Coverage position: the defence costs are likely covered under a policy with a regulatory defence cost endorsement, because the trigger is a regulatory investigation rather than a direct civil claim. The outcome (no discrimination finding) does not negate the defence cost claim. However, if the insurer can demonstrate that the operator had access to the tool's demographic performance data and failed to review it before deployment, the expected or intended outcome exclusion may partially apply. The lesson for SMEs: review the bias and fairness performance documentation for any AI tool you use in employment decisions before deploying it, and keep a record of having done so.^[10]

Scenario C: AI content tool generates copyright-infringing marketing copy. Coverage depends on disclosure.

A marketing agency uses an AI writing tool to generate social media content for clients. A client campaign uses generated copy that closely resembles a competitor's branded slogan. The competitor issues a cease and desist and then files a trademark infringement claim seeking EUR 50,000. The agency's legal costs in responding are EUR 12,000 before a settlement of EUR 8,000 is reached.

Coverage position: if the agency disclosed its use of AI content generation tools at underwriting and the policy includes an IP endorsement, the legal costs and the settlement may both respond subject to the retention. If the AI tool was added after the policy was bound and the carrier was not notified, the claim may fail on the non-disclosure exclusion. This scenario illustrates why the mid-term notification obligation for new AI tools is not administrative overhead. It is a precondition to coverage.^[8]

What documentation strengthens a claim

The practical outcome of an AI insurance claim depends significantly on the documentation an operator can produce. Insurers examining AI-related claims look for four categories of evidence that were assembled before the incident occurred, not afterwards.

First, system documentation: a written description of what the AI agent is designed to do, what it is designed not to do, the data sources it accesses, and the constraints applied at deployment. This is the baseline document that establishes what the operator intended the system to do and what the operator considered to be outside scope.

Second, pre-deployment review: records of any testing conducted before deployment, the results of that testing, the failure modes identified, the steps taken to address them, and the sign-off process before go-live. This documentation directly addresses the expected or intended outcome exclusion: it demonstrates that the failure that caused the claim was not identified in pre-deployment testing and was therefore not expected.

Third, oversight and monitoring: records of how the AI system was monitored after deployment, what review process was applied to its outputs, and whether any anomalies were escalated. Regular human review of AI outputs is both a risk management measure and a coverage documentation tool.

Fourth, the incident record: a contemporaneous log of when the operator became aware of the incident, what steps were taken, and when the carrier was notified. The timestamp on carrier notification is often the first document an insurer reviews when a claim is filed. Late notification that cannot be explained will typically result in a coverage dispute.^[6]

The structured framework for building this documentation before any claim arises is available at agentcertified.eu, where the seven-dimension AI agent certification methodology maps directly to the evidence categories insurers examine at claim time.

How to read your policy before a claim happens

Three clauses determine most AI-related claim outcomes. Read them before you need them.

The insuring agreement defines the trigger. Look for whether the policy requires a formal claim to be made against you during the policy period (claims-made) or whether it requires only that the incident occurred during the period (occurrence). Most professional liability and E&O policies are claims-made, which means the policy in force when the claim is first made against you is the one that responds, regardless of when the incident occurred. If you change carriers, maintain tail coverage for incidents that may emerge from prior deployment periods.

The definition of AI systems tells you what is covered. Some policies cover only AI systems specifically listed at underwriting. Others use broader language covering any automated decision-making or machine learning system. If the definition is narrow, an AI tool you deploy after binding that was not listed at underwriting is likely outside coverage. If the definition is broad, ensure you understand what it includes because broad coverage may come with broader exclusion language.

The notification condition sets the clock. Most claims-made policies require prompt written notice to the carrier upon becoming aware of any claim or circumstance that could give rise to a claim. Some policies specify a number of days, typically 30 to 60. Others use broader language. In either case, the standard advice applies: notify your carrier on the day you become aware of an incident, in writing, with a brief factual summary. A detailed investigation is not required for notification. The notification can precede the investigation.

For more detail on how policy language maps to specific AI failure scenarios, see the SME policy exclusions guide and the European market coverage analysis at agentinsured.eu, which tracks how European insurers are structuring AI liability products in 2026.

Frequently asked questions

Related reading

• The SME guide to AI policy exclusions. A clause-by-clause walkthrough of the exclusions that most commonly deny AI-related claims.
• How to choose an AI insurance product. Comparing the current SME-accessible AI liability products by coverage structure, trigger, and price.
• Who is liable when an AI agent makes a mistake? The 2026 decision tree for operators, with six real cases and the 48-hour incident playbook.
• AI agent incident response: the SME guide. What to do in the first 48 hours after an AI agent causes harm, in sequence.
• Documenting AI decisions for insurance purposes. The four document categories that determine claim outcomes, and how to build them before a claim arises.

References

1. HSB (Hartford Steam Boiler, a Munich Re company) SME AI Liability product launch, March 2026. Armilla AI Series A of USD 25 million, January 2026. Testudo AI liability product launch, January 2026. See also ISO CG 40 47 and W.R. Berkley PC 51380 endorsements, both of which began widespread adoption in US casualty policies from 2024 and have appeared in UK and European equivalents from 2025.
2. For AI liability in physical systems see: NIST AI 100-1 (AI Risk Management Framework, January 2023), Section 6 on physical harm categories. See also ISO/IEC TR 5469:2024 on AI functional safety for physical AI systems.
3. Moffatt v. Air Canada, 2024 BCCRT 149 (BC Civil Resolution Tribunal, February 14, 2024). Tribunal member Christopher Rivers. Full decision available at crt.bc.ca. Damages of CAD 812.02 awarded for reliance on incorrect chatbot information about the airline's bereavement fare policy.
4. For AI policy structure and underwriting disclosure requirements see: Armilla AI Policy Documentation (armilla.ai); Munich Re aiSure underwriting guidance; AIUC-1 standard version 1.0, coverage eligibility chapter. Standard professional indemnity policy terms from Hiscox, Chubb, and AXA XL all contain mid-term notification clauses for material changes to AI systems disclosed at underwriting.
5. Regulation (EU) 2024/1689 of the European Parliament and of the Council (EU AI Act). Article 5: prohibited AI practices. Article 26: obligations of deployers of high-risk AI systems. Article 99: penalties, including up to EUR 35 million or 7% of global annual turnover for Article 5 violations and up to EUR 15 million or 3% for deployer non-compliance.
6. On insurability of regulatory penalties: under English law, see Askey v. Golden Wine Co Ltd [1948] 2 All ER 35 on insuring against fines. Under EU law, the general principle that criminal fines are uninsurable applies across member states; civil administrative penalties may be insurable where not excluded by statute. Policy wording determines whether defence costs, penalties, or both are within scope.
7. For AI and cyber policy interaction see: Lloyd's of London Market Bulletin Y5381 (July 2023) on cyber war exclusions and AI systems. Cyber policies underwritten on Lloyd's paper increasingly distinguish between AI-generated incidents and external threat actor incidents in their trigger language from 2025 policy year.
8. Microsoft Copilot Copyright Commitment (applicable to Azure OpenAI Service and Microsoft 365 Copilot), extended December 2023. Google Cloud Generative AI Indemnification, announced September 2023. Amazon Bedrock IP indemnification terms. All three programs are subject to compliance with the respective provider's usage policies and have carve-outs for operator modifications to model outputs.
9. ISO CG 40 47 04 19 (Exclusion: Expected or Intended Injury). W.R. Berkley PC 51380 (Affirmative AI Coverage Endorsement) Section IV exclusions. Both forms use substantively similar language excluding coverage for bodily injury, property damage, or financial loss that the insured expected or intended from the standpoint of the insured at the time the AI system was deployed.
10. EEOC v. iTutorGroup Inc., Consent Decree approved September 8, 2023. USD 365,000 settlement for discriminatory AI hiring filters. For European equivalents see: EDPB Guidelines 05/2022 on the use of personal data in the employment context, Section 3 on automated decision-making; and Article 22 of Regulation (EU) 2016/679 (GDPR) on automated individual decision-making including profiling.