Increase in generative AI-related lawsuits in the U.S. from 2021 to 2025, per Gallagher Re — the direct trigger for carrier action
Of state regulatory requests to exclude AI damages from commercial liability policies have been approved — exclusions are now taking legal effect
Of enterprises have at least one AI use case in production — most went live without a mature AI governance program or any thought given to insurance renewal
Here is a question your clients need answered before their next policy renewal: Does your general liability policy still cover damages caused by artificial intelligence? For a growing number of businesses, the answer is no — and most of them have no idea.
In early 2026, three of the largest commercial insurers in the United States moved simultaneously to remove AI liability from standard commercial policies. Berkshire Hathaway, Chubb, and Travelers have all won approval to largely drop AI liability protection in recent months, adding "AI exclusion clauses" to their standard commercial liability policies. State regulators approved more than 80% of those requests. In several states, the exclusions began taking effect as early as January.
This is not a footnote change buried in an endorsement schedule. It is the most consequential commercial lines policy development of 2026 — and for ARM™ and CPCU® candidates, it is a live case study in exactly how new risk categories enter and exit the insurance market.
What the Exclusions Actually Cover — and the ISO Endorsements Behind Them
In January 2026, ISO issued three new generative AI exclusions for commercial general liability: endorsements CG 40 47, CG 40 48, and CG 35 08. Several carriers adopted them within weeks. Understanding exactly what each endorsement removes from coverage is essential knowledge for any broker, agent, or risk manager advising commercial accounts.
| ISO Endorsement | What It Excludes | Lines Affected | Status |
|---|---|---|---|
| CG 40 47 | Bodily injury, property damage, and personal/advertising injury arising from the use of generative AI systems — including outputs, recommendations, and decisions made by AI | Commercial General Liability | Effective Jan 2026 |
| CG 40 48 | Intellectual property violations, copyright infringement, and privacy claims arising from AI-generated content — including marketing material, code, and communications | Commercial General Liability — Personal & Advertising Injury | Effective Jan 2026 |
| CG 35 08 | Property damage caused by autonomous systems, robotics, and AI-directed physical operations — including delivery drones, automated machinery, and self-directing vehicles | Commercial General Liability — Property Damage | Effective Jan 2026 |
| Berkley Absolute AI Exclusion | "Any actual or alleged use, deployment, or development of Artificial Intelligence" — no exceptions, no carve-backs, applies across all covered claims | D&O, E&O, Fiduciary — all lines | Absolute / Broadest |
The AI exclusion clauses cover a wide range of issues, including employees alleging AI-driven discrimination, intellectual property violations such as AI using copyrighted material without a company's knowledge, and property damage caused by autonomous or robotic systems. The practical scope is sweeping: virtually any claim in which an AI system played a role in producing the harm.
Before and After: What Your GL Policy Now Does and Does Not Cover
Employee alleges AI-driven hiring discrimination by your HR software
Same claim — AI exclusion removes coverage for AI-driven discrimination allegations
AI-generated marketing copy uses copyrighted text; IP infringement claim filed
CG 40 48 explicitly removes IP claims arising from AI-generated content
AI-directed warehouse robot injures a visitor to your facility
CG 35 08 removes property damage from autonomous systems from coverage
AI customer service chatbot gives incorrect medical or financial advice causing harm
CG 40 47 removes BI/PD arising from AI outputs, recommendations, and decisions
D&O claim alleging inadequate AI governance caused shareholder harm
Berkley absolute exclusion removes all D&O coverage touching AI use, deployment, or development
42% of insurers track no AI metrics at all. When underwriters can't price a risk, they exclude it. This means policyholders are not receiving a premium reduction in exchange for losing coverage — the exclusion is being added at renewal with no offsetting benefit. Organizations that assumed AI risks were implicitly covered under existing GL policies are discovering significant gaps, and the burden falls on brokers and agents to identify and remediate those gaps proactively.
We Have Seen This Before: The Cyber Insurance Parallel
The most important frame for understanding what is happening right now is not panic — it is pattern recognition. In the early 1990s, many insurers carved out exceptions for online activities as the internet became a standard part of daily life. That led to the rise of "cyber insurance." Initially aimed at IT companies, those policies focused on issues like errors in data processing and online media risks before evolving into a broader specialty category.
The AI exclusion story is following the same arc — but faster, because the playbook already exists.
Silent Coverage: Internet Activity Inside GL
Internet-related losses initially fell under standard GL and E&O policies — unpriced, unintended, and increasingly expensive. Carriers had no loss data, no pricing model, and no underwriting framework for the exposure.
Mass Exclusions: Carriers Remove the Risk
As breach losses mounted, insurers began carving cyber out of standard policies. Lloyd's mandated affirmative cyber language in 2020. Policyholders who assumed coverage found they had none.
Premium Bolt-Ons: Expensive Standalone Products Emerge
Demand for affirmative coverage rose as exclusions became standard. Cyber-specific policies emerged at steep prices, with MFA and EDR requirements rapidly becoming table stakes for obtaining any coverage at all.
Controls-Based Underwriting: Prove Your Program or Get No Quote
By 2022, documented security controls were mandatory for cyber coverage. No MFA, no quote. Cyber became a $15 billion standalone market. AI insurance is entering the bolt-on phase right now — standalone AI liability products from Munich Re, Armilla, and Corgi Insurance are filling the gap the major carriers created.
Silent-to-Excluded Transition: The Window Every Broker Needs to Understand
AI is at the inflection point between "silently covered under legacy policy" and "explicitly excluded, standalone coverage required." The brokers who built early cyber MGA relationships in 2012–2013 captured structural positions in a $15B market. The same window is open for AI liability right now.
Who Is Pulling Back — and Who Is Stepping In
Carriers Adding AI Exclusions
Removing AI from standard policies — effective now
- Berkshire Hathaway — AI exclusions in GL policies; state approvals secured
- Chubb — AI exclusions across GL, D&O, and E&O lines
- Travelers — AI exclusions in GL; state approvals across FL, CT, MD and more
- Berkley Insurance — Absolute AI exclusion in D&O, E&O, and fiduciary lines
- Hamilton Select — Comparable absolute AI exclusion language filed
- ISO — CG 40 47, CG 40 48, CG 35 08 now the default for 70% of the U.S. market
Standalone AI Liability Emerging
New products filling the gap — limits $2M–$50M
- Munich Re (aiSure) — Model performance failures, hallucinations, AI-driven decisions; established reinsurance capacity
- Armilla AI — Backed by Chaucer Group and Axis Capital; Lloyd's syndicate underwriting
- Corgi Insurance — YC-backed, $108M funded; full-stack carrier; designed for companies deploying AI in place of human judgment
- Embroker — Surplus lines AI liability; tech E&O with AI affirmative coverage
- HSB (Munich Re subsidiary) — AI liability for small businesses; launched March 2026
- Mayflower Specialty — Surplus lines AI product; limits to $50M
The main thing is to evaluate the company offering AI insurance. What is their capitalization? If they're selling $10 million or $20 million in insurance, how much money does that company actually have? If the insurance is used, will you actually be reasonably confident of a payout?
Ifeoma Yvonne Ajunwa, Professor, Emory University School of Law — Fast Company, May 2026
The ARM™ and CPCU® Curriculum — Applied in Real Time
What the AI Exclusion Story Teaches Across the Curriculum
The AI exclusion is a textbook ARM 401 risk identification failure: organizations deployed AI at scale without assessing how it changed their insurance risk profile. The exposure existed before the exclusion — the exclusion simply made it visible. ARM 401's scenario-based risk assessment framework, applied rigorously to AI adoption decisions, would have surfaced this gap before renewal.
ISO endorsement authority, exclusion clause construction, and the legal effect of policy endorsements on coverage are all CPCU 530 content. The three ISO AI exclusions — CG 40 47, 40 48, and 35 08 — are exercises in policy decoding: understanding exactly what the exclusion language removes, what carve-backs might exist, and what legal standard a court would apply when a carrier denies a claim under the exclusion. The unsettled question of whether AI failures land in product liability, professional negligence, or algorithmic discrimination frameworks is also active CPCU 530 territory — the legal category determines which policy responds.
The GL policy structure, the role of ISO in setting standard form language, the E&O and D&O coverage towers, and how exclusions interact across multiple policy lines simultaneously — all CPCU 552 core content. The critical CPCU 552 insight here is that AI exclusions are being added to CGL, E&O, and D&O simultaneously, meaning a commercial account with AI exposure may have gaps across all three coverage lines at once. The broker who identifies this three-layer gap and connects the client to appropriate standalone AI liability coverage is delivering the highest-value risk management advice their client will receive in 2026.
When a risk can no longer be transferred through insurance, the treatment options shift: avoid the activity, reduce the exposure through controls, or accept the residual risk consciously. ARM 402's risk treatment framework directly applies to organizations now facing AI liability gaps. Documenting AI systems, implementing governance controls, and building the evidence trail that future AI insurers will require are all ARM 402 risk reduction strategies — and they are also the precondition for accessing the emerging standalone AI liability market at defensible premiums.
The EU AI Act Deadline: An Additional Forcing Function
Overlaid on the U.S. insurance market shift is an imminent regulatory deadline. The EU AI Act enforces in August 2026. For any organization with EU operations, EU customers, or EU data subjects, the AI Act creates legal compliance obligations that intersect directly with the insurance gap. An AI system that violates EU AI Act requirements — and produces a harm — is not just an uninsured risk. It is an uninsured risk with a regulatory penalty on top of it, in a jurisdiction that has already demonstrated its willingness to impose nine-figure fines for data protection failures.
The convergence of U.S. carrier exclusions and EU regulatory enforcement in the same twelve-month window is not a coincidence. Both are responses to the same underlying reality: AI systems are producing real-world harms at scale, and neither the legal framework nor the insurance market was built to handle them cleanly under the existing architecture.
What Risk Managers and Brokers Must Do Before the Next Renewal
- Pull every commercial policy and search for AI exclusion endorsements immediately. Look specifically for ISO endorsements CG 40 47, CG 40 48, and CG 35 08 in your CGL policy. Check your D&O, E&O, and professional liability policies for absolute AI exclusion language. If you find these endorsements and no corresponding standalone AI coverage, you have an open gap that needs to be quantified and addressed before the next claim arrives.
- Build your AI inventory before underwriters ask for it. Document every AI system your organization uses — what it does, what data it accesses, what decisions it makes or influences, and what external-facing outputs it produces. Without this inventory, you cannot answer the first round of AI liability underwriting questions, and you cannot accurately represent your risk to a standalone AI carrier.
- Identify your highest AI liability exposure scenarios. Employee-facing AI (HR, scheduling, performance evaluation) creates discrimination claims. Customer-facing AI (chatbots, recommendation engines, medical or financial advice tools) creates professional liability and product claims. Autonomous physical systems (robots, drones, automated vehicles) create property damage and bodily injury claims. Each category has different coverage implications and different standalone product options.
- Evaluate the standalone AI liability market with appropriate due diligence. Munich Re and Armilla have the deepest balance sheets in the emerging AI liability space. Corgi and other funded startups offer purpose-built products but require carrier financial strength assessment before being recommended to clients. The question every broker should ask: if a $10M or $20M AI liability claim is tendered, will this carrier pay it?
- Connect AI risk management controls to insurance program design. The carriers who will eventually offer AI liability coverage at reasonable terms will require documented governance controls — much like cyber insurers required MFA. Begin implementing and documenting those controls now: AI system audits, model performance monitoring, human oversight protocols, and incident response procedures. Organizations that build this documentation today will access better terms in the maturing AI insurance market than those who scramble after exclusions bite.
- Brief your clients and board on the three-policy gap. CGL, E&O, and D&O are all being modified simultaneously. An executive team that understands they have simultaneous AI liability gaps across all three coverage towers will make better AI governance decisions than one that assumes they are covered. Bringing this analysis to the board — before a claim surfaces it — is one of the highest-value deliverables an insurance professional can provide in 2026.
The Bottom Line
Twenty years ago, the organizations that understood the cyber exclusion trend early — before the claims came, before the standalone market matured, before the underwriting controls requirements hardened — built defensible coverage programs at favorable terms. The organizations that ignored it until a breach forced the conversation paid far more for far less.
The AI liability exclusion story is in its early chapters. Only a relatively small number of companies provide AI services to corporate clients, and a critical flaw in a widely adopted AI model could result in hundreds, or even thousands, of claims — which could keep major insurers on the sidelines for a while. But the policyholders who act now — who know what their policies cover, who have inventoried their AI systems, and who have documented their governance controls — will be the ones with options when the market eventually matures and the AI insurance playbook looks exactly like the cyber insurance playbook does today.
The window to get ahead of this is open. Not for long.
