AI Regulatory Intelligence — by YRproject

factual analysis · traceable to primary sources

Compliance platform Work with us LinkedIn NL·EN·DE
Explainer

AI and insurability: covering AI risks and liability

Adopted 2026-06-22 · ≈ 2 min read · Dirk Baaijen

Whether AI harm is insured depends on the policy, not the AI Act. The revised Product Liability Directive widens liability exposure, while insurers struggle with opaque, self-learning and agentic systems.

Short answer: The AI Act does not require insurance and does not govern cover. Whether harm caused by AI is insured depends on the policy terms. At the same time the revised Product Liability Directive (PLD, Directive (EU) 2024/2853) widens liability exposure, while insurers find AI risk hard to model. The gap between exposure and cover is the real risk.

The AI Act does not mandate insurance

Unlike, say, road traffic, the AI Act has no general insurance obligation. It sets ex-ante safety and conformity requirements but leaves the financial settlement of harm to liability and insurance law. Being AI Act compliant therefore says nothing about whether you are covered.

Greater liability exposure

The revised PLD increases the chance that an organisation is liable. Software and AI count expressly as products, updates and self-learning behaviour can constitute a defect, and the burden of proof for claimants is eased. See the explainer on AI liability.

More liability means a greater need for cover — precisely when that cover is harder to obtain.

Why AI risk is hard to insure

Insurance runs on predictability: an insurer prices risk on historical loss patterns. AI undermines that in three ways:

  • Opacity. With a black-box model the cause of harm is hard to establish, and so hard to attribute.
  • Self-learning behaviour. A system that changes after deployment also changes its risk profile — out of sight of the policy.
  • Correlation and scale. A single fault in a widely used model can cause harm to many users at once; risks stack rather than average out.

The result: exclusions for AI harm, higher premiums or quieter "silent AI" exposure in existing policies that were never designed for it.

The coverage gap

The practical risk is a gap: liability grows (PLD), but the policy excludes AI behaviour or covers it unclearly. Many business and product liability policies were drafted before AI became common. With agentic AI, where a system acts independently, that gap is largest.

What to do

  • Read the policy for AI exclusions and for "silent AI" exposure in existing cover.
  • Align cover with PLD exposure: does the policy cover harm from self-learning or agentic behaviour?
  • Document risk controls (logging, testing, oversight); this will feed both claims and pricing.
  • Allocate risk contractually with model and system suppliers, so cover and liability line up.
  • Reassess periodically: a self-learning system changes its own risk profile.

Insurability is not an AI Act question but a policy and liability question. Steering on compliance alone leaves the coverage gap unseen.

Sources

  1. https://eur-lex.europa.eu/eli/dir/2024/2853/oj
    Directive (EU) 2024/2853 (revised Product Liability Directive): software and AI as products, lighter burden of proof — widening liability exposure.
  2. https://eur-lex.europa.eu/eli/reg/2024/1689/oj
    Regulation (EU) 2024/1689 (AI Act): ex-ante safety requirements; no insurance obligation and no rules on cover.

Share on LinkedIn

Read next

U

AI liability: who pays when AI causes harm?

The AI Act governs safety up front, not compensation after the fact. That question shifts to the revised Product Liability Directive (PLD), which treats software and AI explicitly as products and eases the burden of proof — while the separate AI Liability Directive was withdrawn in 2025.

U

Agentic AI: how do autonomous AI agents fall under the rules?

Agentic AI — systems that plan, use tools and take actions on their own — has no dedicated category in the AI Act. Yet it is covered: through the GPAI regime, risk classification that follows the use, and the transparency and human-oversight duties. Open question: liability for autonomous actions.

A

The interplay of the AI Act and DORA: one AI system, two supervisory frameworks

Financial institutions deploying AI fall under DORA (since January 2025) and the AI Act at the same time. This analysis maps where the frameworks meet, where the AI Act explicitly defers to financial services law, and where duplicate work looms.

Dirk Baaijen

About this knowledge base

Compiled and maintained by YRproject — programme and project direction at the intersection of digital transformation, AI and regulation. Every factual claim is traceable to its primary source. YRproject is led by Dirk Baaijen About & method →

A project or programme? Work with YRproject →

The monthly briefing

AI regulation in five minutes: what changed, what is coming and what it means. No spam, unsubscribe anytime.

Your address is used for this only and stored on our own servers.