Back to Blog
December 12, 2025

The Insurance Industry Just Became AI’s Most Powerful Regulator

By Modulos5 min read
The Insurance Industry Just Became AI’s Most Powerful Regulator

When insurers refuse to price a risk, that risk doesn’t disappear, it lands on your balance sheet.

Last week, the Financial Times reported that major insurers including AIG, Great American, and WR Berkley are seeking regulatory approval to exclude AI-related liabilities from corporate policies. This isn’t a minor policy adjustment. It’s a fundamental repricing of enterprise AI risk and it takes effect at your next policy renewal.

No legislative process. No implementation period. Immediate.

What’s Actually Happening

Insurance works by pooling predictable risks across many parties. When insurers encounter risks they cannot model, they don’t offer coverage at higher premiums. They refuse to cover them at all.

That’s precisely what’s happening with AI.

WR Berkley’s proposed exclusion language covers “any actual or alleged use” of AI, including products or services “incorporating” the technology. Read that again: any use. AIG told US regulators that generative AI is a “wide-ranging technology” where the possibility of claims will “likely increase over time.”

The specific concern isn’t individual AI failures,insurers handle unpredictable individual events routinely. The problem is systemic, correlated risk. As Aon’s cyber head Kevin Kalinich told the FT: insurers can absorb a $400-500 million loss from one company’s AI deployment going wrong. What they cannot absorb is “a 1,000 or 10,000 losses,a systemic, correlated, aggregated risk.”

One bug in a foundation model. Ten thousand claims. That’s not insurable.

The Liability Vacuum

Here’s the situation most enterprises haven’t internalized:

AI developers disclaim virtually all liability in their terms of service. OpenAI, Anthropic, Google,read the fine print. You assume the risk.

Deployers (that’s you, if you’re using AI in your operations) have traditionally transferred residual risk to insurers through E&O, D&O, and cyber policies.

Insurers are now carving out AI from those policies entirely.

The result: liability with nowhere to go. It stays with the deploying organization,your balance sheet, your executives’ personal exposure, your board’s fiduciary obligations.

As one AI insurance specialist observed: “Nobody knows who’s liable if things go wrong.” That uncertainty is precisely what insurers are refusing to price.

A flowchart detailing liability responsibilities for AI developers and insurers, highlighting exclusions and liabilities.

Why This Matters More Than Regulation

Regulatory frameworks like the EU AI Act operate on legislative timelines, require enforcement infrastructure, and vary by jurisdiction. Insurance exclusions work differently:

Immediate effect. These changes apply at your next policy renewal. No transition phase.

Universal application. A Swiss company with US insurance, a German manufacturer with Lloyd’s coverage, jurisdiction is irrelevant to your policy terms.

Board-level visibility. CFOs and General Counsel understand “uninsured liability” in ways they may not understand “AI ethics.” This translates abstract governance concerns into concrete financial exposure.

Here’s the twist: insurers are already linking coverage to governance frameworks. QBE has introduced an endorsement covering (limited) fines under the EU AI Act,the first major insurer to explicitly reference the regulation as a coverage criterion. The direction is clear: governance frameworks will become prerequisites for coverage, not optional additions.

The Governance Imperative

If liability cannot be transferred, it must be managed.

“Managed” doesn’t mean eliminated,AI systems will produce errors, hallucinations, and unexpected outputs. Managed means having the documentation, processes, and controls to demonstrate due diligence, limit exposure, and respond effectively when incidents occur.

Consider what insurers will require to offer any AI coverage. Documentation. Risk assessments. Audit trails. Demonstrable oversight. Organizations with mature AI governance will be insurable. Organizations without it will carry unlimited liability directly.

This isn’t speculation. It’s the same pattern we saw with cyber insurance a decade ago,what started as optional best practices became mandatory prerequisites for coverage.

What This Means for Your Organization

Immediate actions:

Review your current insurance policies. Understand what AI-related exclusions exist today and what renewals are approaching. (Spoiler: many organizations will discover they’re already exposed.)

Assess your AI deployment inventory. You cannot govern what you cannot see. Many enterprises have AI embedded in vendor tools, internal applications, and business processes without centralized visibility.

Establish documentation practices now. When insurers do offer AI coverage,likely with governance requirements attached,you’ll need audit trails, risk assessments, and oversight records. Building these retroactively is expensive and often impossible.

Strategic positioning:

Organizations that treat AI governance as risk infrastructure rather than compliance burden will have structural advantages: insurability, defensible positions in litigation, and demonstrated due diligence to boards and regulators.

This isn’t about slowing AI adoption. It’s about ensuring AI deployment is sustainable,legally, financially, and operationally.

The Path Forward

The insurance industry’s retreat from AI coverage isn’t temporary. It reflects genuine uncertainty about how to price systemic, opaque, rapidly-evolving technology risks.

That uncertainty will resolve in one of two ways: either AI systems become sufficiently transparent and governable that insurers can model their risks, or the liability vacuum persists and enterprises carry exposure directly.

The EU AI Act, for all its complexity, attempts to create the transparency and accountability frameworks that would enable the first outcome. Organizations that adopt robust governance now,whether driven by regulatory compliance or risk management,are positioning themselves for an insurable future.

Those that don’t are betting their balance sheet on technology they cannot fully control, cannot insure, and may not fully understand.

The insurers have done their analysis. The question is whether your organization will do the same.

Ready to assess your AI governance readiness? of the Modulos AI Governance Platform and see how we help organizations document, assess, and demonstrate oversight of AI systems,building the audit trails that regulators and insurers increasingly require.

Source: “Insurers retreat from AI cover as risk of multibillion-dollar claims mounts”, Financial Times, November 2025