When your AI agent makes a costly mistake, is it you or the vendor who pays?
You did not write the model. You did not train it. You bought a tool from a software company, switched it on, and pointed it at your customers. So when that tool makes a mistake that costs real money, the instinct is reasonable: surely the vendor that built it is on the hook. This is the question SME operators ask the moment something goes wrong, and the answer most of them dislike is that the contract they signed has usually already decided it: the vendor's liability is typically capped at the fees you paid in the prior twelve months, so a GBP 1,000-a-month tool that triggers a GBP 60,000 loss may owe you GBP 12,000 at most, with consequential damages excluded on top. Here is how the money actually flows, and where the gaps sit.
Key takeaways
- Most AI vendor contracts cap the vendor's liability to you at the fees paid, often the prior twelve months, and exclude indirect and consequential damages. Independent reviews of AI SaaS terms in 2025 found the large majority of vendors limited their own liability this way. Your recourse against the vendor is frequently a refund, not the real loss.
- Your customer does not care which company built the agent. Because you deployed it in your name, the customer's claim lands on you first. You then try to recover from the vendor, and the contract decides how much, if any, you get back.
- Vendor indemnities usually cover third-party intellectual property claims, sometimes data breaches, and rarely the wrong-advice or wrong-decision losses an agent is most likely to cause. An indemnity is also only as good as the vendor's ability to fund it.
- The EU AI Liability Directive, which would have eased claims against AI deployers and developers, was withdrawn by the European Commission, with the formal Official Journal notice published in October 2025. The dedicated AI fault regime many operators expected does not exist. Contracts and general law govern.
- The gap between the vendor's capped liability and the real loss is, for most SMEs in 2026, uninsured by default. Affirmative AI errors and omissions products from HSB (Munich Re), Armilla, and Counterpart are built to fill it. Governance evidence under ISO/IEC 42001, the NIST AI RMF, or AIUC-1 strengthens both your contract position and your insurance terms.
The three-party problem at the centre of every AI agent claim
When a human employee makes a mistake that harms a customer, the structure is simple. The customer claims against your business, your business is liable as the employer, and your insurance responds if the loss is covered. There is no third party who built the employee.
An AI agent introduces a third party: the software vendor who built and supplies the tool. That creates a triangle. The customer suffers the loss and looks to you, because the agent acted in your name and on your website. You look to the vendor, because the vendor's product produced the faulty output. And the vendor looks to its contract, which it wrote, and which almost always limits what it owes you. The loss does not vanish in this triangle. It comes to rest wherever the contract and the available insurance leave it, and that resting place is far more often the deploying business than operators expect.
Understanding this triangle is the whole game. The customer-facing leg is settled by general law: as the British Columbia Civil Resolution Tribunal confirmed in Moffatt v. Air Canada, you are responsible for what your agent tells a customer, and you cannot disclaim the agent as a separate entity.[1] The vendor-facing leg is settled by the contract you signed. The residual leg, whatever the contract leaves on your books, is settled by your insurance, or by your own balance sheet if you have no cover.
What your AI vendor contract almost certainly says
The reason operators are surprised by the answer is that they have rarely read the limitation of liability clause in their AI software agreement. These clauses are where the money is decided, and they are written by the vendor's lawyers to protect the vendor.
Reviews of AI SaaS agreements through 2025 found a consistent pattern. A large majority of vendors impose a liability cap on themselves, commonly limiting their total liability to the fees paid in a defined recent period, often the previous twelve months.[2] On top of the cap, the contract typically disclaims indirect, incidental, and consequential damages, which is precisely the category most real business loss falls into. Lost revenue, the cost of remediating a customer, regulatory exposure, and reputational repair are usually consequential damages, and usually excluded.
The practical effect is stark. If you pay a vendor GBP 1,000 a month for an AI agent and that agent commits your business to a GBP 60,000 obligation through a wrong quote, your contractual recovery from the vendor may be capped at GBP 12,000, the trailing year of fees, and the consequential losses may be excluded entirely. The remaining exposure is yours.
Where the cap is sometimes softened: the supercap and the carve-out
Better-negotiated contracts include carve-outs from the cap for the highest-risk categories, and sometimes a supercap, an intermediate ceiling set above the general cap but below unlimited liability. A supercap is commonly two to five times the general cap, or a negotiated fixed sum, applied to categories such as data breach, breach of confidentiality, and privacy claims.[2] Standard carve-outs that sit outside any cap include indemnification obligations, gross negligence, and wilful misconduct.
The difficulty for an SME is leverage. Supercaps and broad carve-outs are won by enterprise buyers with negotiating power and legal budgets. A small business clicking through a standard online subscription almost never has them, and almost never knows to ask. The table below shows what each protection actually does for you.
| Contract protection | What it covers | Typical availability to an SME |
|---|---|---|
| General liability cap | Limits total vendor liability, often to trailing 12 months of fees | Always present, and works against you |
| Consequential damages exclusion | Removes lost revenue and downstream loss from the vendor's exposure | Almost always present, against you |
| Supercap on high-risk categories | Higher ceiling (often 2x to 5x) for data, privacy, confidentiality claims | Rarely offered to small subscribers |
| Indemnity carve-out from cap | Lets the indemnity pay above the general cap | Sometimes, if you negotiate it |
| Gross negligence / wilful misconduct carve-out | Removes the cap where the vendor acted egregiously | Common, but a very high bar to prove |
Does the vendor have to indemnify me, and is the indemnity worth anything?
Indemnity is the clause operators hope will save them, and it is more limited than it sounds. A vendor indemnity is a promise to defend and pay for specific categories of third-party claim. In AI software contracts the most common indemnity is for third-party intellectual property infringement, the risk that the vendor's model produces output that infringes someone's copyright or patent. Some contracts extend the indemnity to data breaches or regulatory violations caused by the vendor.[3]
What vendor indemnities very rarely cover is the everyday operational harm an agent causes: the wrong price, the wrong eligibility decision, the commitment your business could not honour. That harm is treated as flowing from your deployment choices, not the vendor's product defect, and it is left with you.
There is a second problem even where an indemnity does apply. An indemnity is only a promise to pay. If the vendor is a small or newly funded company, it may have no insurance standing behind that promise and no balance sheet to honour it. As the insurance commentary on the AI coverage gap notes, a vendor can agree to indemnify you and still have nothing to fund the obligation when a real claim lands.[3] An indemnity from a thinly capitalised vendor can be worth far less than the paper it is written on.
Why you cannot rely on a regulator to fix this for you
Many operators assumed Europe would create a special liability regime that shifts the burden toward AI developers and deployers and away from the harmed party. That assumption is now wrong. The proposed EU AI Liability Directive, which would have introduced fault-based rules and a rebuttable presumption of causation to make claims against AI actors easier, was withdrawn by the European Commission. The withdrawal was signalled in the 2025 Commission work programme and the formal notice was published in the Official Journal in October 2025.[4] As of mid 2026, no replacement directive has been adopted.
What remains is the revised Product Liability Directive, which does treat software, including AI systems, as a product capable of triggering strict liability for a defective product.[4] That route is real, but it is a defective-product claim with its own evidential demands, and it does not give the deploying business the easy fault presumption the withdrawn directive promised. The net effect for an SME is that liability between you and your vendor is governed by your contract and by general national law, not by a bespoke AI statute. The contract you signed is therefore the most important document you have, and most operators have never read its liability section.
So what actually fills the gap?
If the vendor's liability is capped and the regulator has not built a safety net, the residual loss between the cap and the real harm has to be carried by someone. For a business that has not planned for it, that someone is the business itself. The instrument designed to carry it instead is insurance, and the type of insurance matters.
| Cover type | Responds to a costly AI agent mistake? | Conditions |
|---|---|---|
| Professional indemnity / errors and omissions | Most likely, for wrong advice or wrong decisions | AI use disclosed at inception, no AI exclusion endorsement applied |
| Commercial general liability | Rarely, as most AI loss is pure economic loss | May carry an ISO AI exclusion (CG 40 47 broad, CG 40 48 limited) |
| Cyber | Only where a security event caused the error | For example a prompt injection attack as the proximate cause |
| Affirmative AI errors and omissions | Yes, designed for exactly this | Underwriting requires AI governance documentation |
Three carriers now write affirmative AI agent liability cover in the UK and European markets. HSB (Hartford Steam Boiler, a Munich Re company) offers AI liability cover for SMEs as standalone AI errors and omissions protection. Armilla, operating as a Lloyd's coverholder, offers AI performance cover for model errors and the downstream liability they create, with limits raised following a capacity increase in early 2026. Counterpart, backed by Apollo Global Management, writes affirmative AI cover within management liability and errors and omissions products and treats autonomous agent outputs as insured events. Each of these products is built to respond to the residual gap the vendor contract leaves open, which is precisely the exposure your existing policies probably do not address.
The governance evidence that improves both your contract and your cover
There is one move that improves your position on every leg of the triangle at once: being able to show that your AI deployment is governed and documented. Governance evidence gives you something to negotiate with against a vendor, something to disclose credibly to an insurer, and something to point to if a regulator or claimant asks how you ran the system. Three frameworks dominate the conversation.
| Framework | What it is | Status |
|---|---|---|
| ISO/IEC 42001 | First certifiable AI management system standard, published December 2023 | Auditable certification; auditors qualified under ISO/IEC 42006:2025 |
| NIST AI RMF (AI 100-1) | Voluntary AI risk management methodology, published January 2023 | No formal certification; widely referenced by buyers and US agencies |
| AIUC-1 | Audited control standard built specifically for AI agents, launched 2025 | 50+ controls across six domains; built with Stanford, MITRE, Orrick, CSA |
ISO/IEC 42001 is the closest thing to an audited governance badge, and certification depends on auditors who themselves meet ISO/IEC 42006:2025. The NIST AI Risk Management Framework is voluntary but carries weight far beyond its status, because enterprise customers and US regulators use it as the benchmark for vendor maturity. AIUC-1, launched in 2025 by the Artificial Intelligence Underwriting Company, was built with Stanford, MITRE, the law firm Orrick, and the Cloud Security Alliance, and maps its controls to MITRE ATLAS and the OWASP Top 10 for agentic applications.[5] The three are complementary layers rather than competing choices. Alignment with any of them is evidence; alignment with the relevant combination is leverage.
What to do before the mistake happens
Every protection in this article is won before an incident and lost after one. The order of work is straightforward.
First, find and read the limitation of liability and indemnity sections of every AI vendor contract you have signed. Note the cap basis, whether consequential damages are excluded, and exactly which categories the indemnity covers. Most operators discover the answer is worse than they assumed.
Second, locate your professional indemnity, general liability, and cyber policies and search for AI-related language, including the strings "artificial intelligence", "AI exclusion", "CG 40 47", and "CG 40 48". Establish whether your current cover would respond to the residual gap your vendor contract leaves open. If it would not, that gap is currently sitting on your balance sheet.
Third, prepare a one-page AI governance summary describing what each agent does, who oversees it, its incident history, and which framework you align to. That single document does triple duty: it strengthens any contract renegotiation, it is what an insurer needs to confirm or arrange cover, and it is the evidence that protects you if a claim arrives.
The three diagnostic questions on this site structure this review. The Coverage Audit tool produces the document your broker needs, and the Agent Certified assessment builds the governance evidence that makes both your contract and your insurance position credible. None of it takes more than a working day, and it is the difference between knowing where a loss will land and finding out the hard way.
Frequently asked questions
If my AI agent makes a costly mistake, can I just sue the software vendor that built it?
Usually not for the full loss. Most AI vendor contracts cap the vendor's liability at the fees you have paid, often the previous twelve months of subscription charges, and exclude indirect or consequential damages entirely. Independent reviews of AI SaaS terms in 2025 found the large majority of vendors imposed liability caps on themselves. So if your AI agent quotes a wrong price or commits your business to terms you cannot honour, your contractual recourse against the vendor may be limited to a refund of fees, not the actual loss. The customer, meanwhile, looks to you, because you deployed the agent in your name.
What is a liability cap in an AI vendor contract?
A liability cap is a contractual ceiling on how much the vendor can be required to pay you if something goes wrong. In AI software agreements the cap is commonly set at the fees paid in the prior twelve months. The contract usually also disclaims indirect, incidental, and consequential damages, which is where most real business loss sits. A negotiated supercap, typically two to five times the general cap, is sometimes available for high-risk categories such as data breach and confidentiality, but standard SME contracts rarely include one.
Does my AI vendor have to indemnify me when its tool causes harm?
Only if the contract says so, and only for the categories listed. Vendor indemnities most commonly cover third-party intellectual property infringement claims, and sometimes data breaches or regulatory violations caused by the vendor. They rarely cover liability arising from the agent giving a customer wrong advice or making a wrong decision in your business. There is also a funding problem: a vendor can promise to indemnify you and still have no insurance behind that promise, which means an indemnity from a small or thinly capitalised vendor may be worth little if a large claim arrives.
Did the EU create a special law making AI vendors liable for agent mistakes?
No. The proposed EU AI Liability Directive, which would have created fault-based rules and a rebuttable presumption of causation for AI harm, was withdrawn by the European Commission. The withdrawal was announced in the 2025 work programme and the formal notice was published in the Official Journal in October 2025. As of mid 2026 no replacement has been adopted. The revised Product Liability Directive does treat software, including AI, as a product for strict liability purposes, but the dedicated AI fault regime many operators were counting on does not exist. Liability is governed by your contracts and general law.
If the contract caps the vendor's liability and the loss falls on me, what fills the gap?
Insurance is the mechanism that fills the residual gap, but only if you hold the right cover. Professional indemnity or errors and omissions cover is the most likely to respond to a wrong-advice or wrong-decision loss, provided you disclosed AI use and no AI exclusion applies. Cyber cover responds only where a security event caused the error. New affirmative AI liability products from carriers such as HSB (a Munich Re company), Armilla, and Counterpart are designed specifically for AI agent errors. For most SMEs in 2026 the gap between the vendor cap and the real loss is currently uninsured unless they have deliberately arranged cover for it.
What standards can I point to that show my AI deployment is well governed?
Three are widely recognised. ISO/IEC 42001, published in December 2023, is the first certifiable management system standard for AI. The NIST AI Risk Management Framework (AI 100-1), published in January 2023, is a voluntary risk methodology that many enterprise buyers and US regulators reference. AIUC-1, launched in 2025 by the Artificial Intelligence Underwriting Company with Stanford, MITRE, Orrick, and the Cloud Security Alliance, is an audited control standard built specifically for AI agents, with more than fifty controls across six domains. Evidence of alignment strengthens both your contract negotiating position and your insurance submission.
Related reading
Run the Coverage Audit
Before you renegotiate a vendor contract or talk to a broker, use the Coverage Audit tool to map where a loss would actually land between you, your vendor, and your insurer. It takes ten minutes and produces the document your broker needs to review your position.
Start the Coverage AuditReferences
- Moffatt v. Air Canada, 2024 BCCRT 149 (British Columbia Civil Resolution Tribunal, 14 February 2024). The tribunal held Air Canada responsible for representations made by its chatbot and rejected the argument that the chatbot was a separate legal entity.
- Reviews of limitation of liability clauses in AI SaaS agreements through 2025, including analyses noting that the large majority of AI vendors cap their own liability (commonly to trailing fees) and disclaim consequential damages, and describing the negotiated "supercap" of typically 2x to 5x the general cap for high-risk categories. See for example SaaS Law Firm Andrew S. Bosin LLC, "Limitation of Liability Clauses in AI SaaS Agreements" (2026), and Internet Lawyer Blog, "Drafting AI Vendor Contracts: The 10 Clauses That Protect Your Business" (20 October 2025).
- Commentary on AI vendor indemnity scope and the funding problem, including Honigman LLP, "The AI Insurance Gap and What It Means for Technology Contracts," and Clifford Chance Talking Tech, "Agentic AI: The liability gap your contracts may not cover" (February 2026), which note that an indemnity is only as good as the vendor's ability to fund it.
- European Commission withdrawal of the proposed AI Liability Directive, signalled in the Commission's 2025 work programme (11 February 2025) and formally notified in the Official Journal of the European Union in October 2025. The revised Product Liability Directive treats software, including AI, as a product for strict liability purposes. See Bird & Bird, "Proposed EU AI liability rules withdrawn" (2025), and the European Parliament Legislative Train Schedule entry for the AI Liability Directive.
- ISO/IEC 42001:2023, AI management systems (published December 2023), with auditor qualification under ISO/IEC 42006:2025; NIST AI Risk Management Framework (AI 100-1), published January 2023 (voluntary, no formal certification); and AIUC-1, launched in 2025 by the Artificial Intelligence Underwriting Company, developed with Orrick, Stanford, the Cloud Security Alliance, and MITRE, comprising 50+ controls across six domains and mapping to MITRE ATLAS and the OWASP Top 10 for agentic applications.