AI insurance sublimits and aggregate caps: what they actually limit

Key Takeaways

  • A sublimit caps payment for a specific category of loss within a policy, set below the overall limit. An aggregate cap caps total payment across every claim during the policy period, regardless of how many separate events occur.
  • Operators who read only the headline policy limit and not the attached sublimit schedule are the most common source of underinsurance surprises in the emerging AI agent liability class.
  • Armilla offers coverage limits of up to USD 25 million per company; Munich Re's aiSure provides EUR, USD, or CAD 15 million of initial capacity through its Mosaic partnership. Neither figure describes what any single loss category actually pays out.
  • Autonomous action liability and regulatory defence costs are the two categories most likely to carry restrictive sublimits in current market wordings, because insurers still have the least loss data against which to price them.
  • The right question to ask a broker is not "what is the limit," but "what is the limit for the specific category of loss my agents are actually exposed to, and how many of those events could plausibly occur in one policy year."

A headline policy limit is the number every operator remembers and the number that matters least on its own. What actually determines whether an AI agent insurance policy pays a meaningful amount toward a real loss is the combination of sublimits attached to specific trigger categories and the aggregate cap governing total payment across the policy period. This article explains both mechanisms, why they exist, how they interact with the five trigger categories that define the emerging AI agent liability class, and what to check before signing.

Why insurers use sublimits at all

A sublimit exists because an insurer is willing to accept a broad overall limit for a policy while remaining unwilling to expose that full limit to a specific category of loss it considers harder to price, more prone to severe or correlated outcomes, or simply less understood. In conventional commercial insurance, sublimits are common for categories such as data breach notification costs, business interruption, or crime coverage within a broader package policy. AI agent insurance inherits this structure and applies it to categories the market is still calibrating.

The practical effect is that a policy with an appealing headline number, EUR 10 million, for example, may in practice cap the specific category of loss an operator is actually exposed to at a small fraction of that figure. An operator whose primary exposure is autonomous action liability, the gap identified in the trigger analysis published on this site, needs to know the sublimit attached to that specific category, not the headline number on the policy schedule's first page.

Where sublimits are currently tightest

Two categories consistently carry the tightest sublimits in current market wordings, reflecting where insurers have the least loss history to draw on.

Autonomous action liability. Because this trigger category addresses losses arising from an agent acting entirely within its authorised scope, with no breach, no negligent advice, and no product defect involved, insurers have limited actuarial basis for pricing severity. Munich Re's aiSure Schedule D, which addresses this category directly, structures capacity separately from the broader aiSure programme limit, reflecting the insurer's caution in exposing its full capacity to a novel and still-developing trigger. Operators with agents that take meaningful autonomous action, procurement agents committing to purchase orders, scheduling agents making binding commitments, should expect this category to carry the tightest sublimit relative to their actual exposure, and should size their cover accordingly rather than assuming the headline limit applies.

Regulatory defence and penalty-adjacent costs. Coverage for the legal costs of responding to an AI Act or GDPR supervisory proceeding, discussed in the claims triggers article's regulatory enforcement category, is frequently subject to its own defence cost sublimit, distinct from the indemnity limit that applies to a third-party liability claim. This matters because a supervisory investigation can generate substantial legal and technical expert costs even where no fine is ultimately imposed, and operators who assume their broad liability limit applies to a regulatory investigation may find the relevant sublimit considerably smaller.

How aggregate caps change the calculation

An aggregate cap governs the total amount a policy will pay across every covered claim during the policy period, as distinct from a per-claim or per-occurrence limit, which governs a single event. A policy with a EUR 10 million per-claim limit and a EUR 10 million aggregate cap effectively has one full payout available for the entire year: after a single claim exhausts the aggregate, the policy provides no further indemnity for the remainder of the term even if additional, unrelated covered events occur.

This distinction matters disproportionately for operators running AI agents at volume. A business operating a single, low-volume advisory agent faces a meaningfully different realistic claims frequency than a business running a high-volume customer-facing agent across multiple markets, where the operator should model the plausible number of claims-worthy events across an entire policy year against the aggregate cap, not simply confirm that any one event falls under the per-claim limit. Armilla's up to USD 25 million per-company limit structure, introduced following its January 2026 capital raise, is priced against exactly this kind of volume and frequency analysis during underwriting, and operators should expect underwriters to ask directly about transaction or interaction volume as part of any submission.[1]

Reading the schedule, not the headline

Munich Re's aiSure product illustrates why the schedule-level detail, not the single limit figure on the cover page, is where the real coverage picture lives. aiSure structures cover across separate schedules, with Schedule B addressing hallucination-driven output loss and Schedule D addressing autonomous action liability, each of which can carry its own capacity allocation within the EUR, USD, or CAD 15 million of initial capacity made available via the February 2026 Mosaic partnership.[2] An operator whose primary exposure sits in Schedule D cannot assume the full 15 million figure is available to that category; the schedule-specific allocation is the number that actually governs a Schedule D claim.

The practical process for an operator is to obtain the full schedule of sublimits attached to any AI agent policy before signing, not just the headline limit, and to map each sublimit against the specific trigger categories identified in the operator's own risk profile. The underwriting submission preparation guide on this site sets out the documentation an operator should have ready to support this conversation with a broker or underwriter.

Questions to ask before signing

First, for each of the five trigger categories described in the claims triggers analysis, hallucination loss, autonomous action liability, agent-caused data leakage, intellectual property infringement, and regulatory enforcement, what specific sublimit applies, and is it a shared sublimit across more than one category or a dedicated one.

Second, is the aggregate cap equal to the per-claim limit, meaning the policy effectively pays out in full only once per year, or is the aggregate meaningfully higher than any single per-claim limit, allowing for multiple covered events within the same term.

Third, do sublimits reset separately if the policy is endorsed mid-term to add a new agent or a new authorised action class, or does adding exposure mid-term draw against the same fixed aggregate established at inception.

Fourth, does the regulatory enforcement sublimit cover defence costs only, or does it also extend to any element of an administrative fine that is legally indemnifiable in the relevant jurisdiction, noting that fine indemnity is not permitted in every EU member state.

For the underlying trigger mechanics that these sublimits attach to, see the AI agent claims triggers and coverage gap analysis on this site. For how a certification assessment can strengthen the underwriting conversation around these limits, see agentcertified.eu's analysis of certification and underwriting. For the EU regulatory obligations that drive the regulatory enforcement category specifically, see agentliability.eu's guide to Article 99 penalties and fines.

Frequently Asked Questions

What is a sublimit in an AI agent insurance policy?

A sublimit is a cap on how much a policy will pay for a specific category of loss, set lower than the overall policy limit. An AI agent policy with an overall limit of EUR 10 million might carry a sublimit of EUR 2 million for intellectual property infringement claims, meaning IP claims specifically are capped at EUR 2 million regardless of how large the actual loss is. Sublimits are how insurers price categories of risk they consider harder to quantify without restricting the entire policy.

What is an aggregate cap and how does it differ from a per-claim limit?

A per-claim limit is the maximum the policy pays for a single covered event. An aggregate cap is the maximum the policy pays in total across all covered events during the policy period, regardless of how many separate claims occur. A policy with a EUR 10 million per-claim limit and a EUR 10 million aggregate cap effectively pays out only once at full value before the policy is exhausted for the remainder of the term.

Why do Armilla and Munich Re set different limit structures?

Armilla, operating as a Lloyd's of London coverholder, offers coverage limits of up to USD 25 million per company following its January 2026 funding round, reflecting a per-company underwriting model. Munich Re's aiSure product provides EUR, USD, or CAD 15 million of initial capacity via the Mosaic partnership announced in February 2026, reflecting a parametric, schedule-based structure where different loss categories can carry separate sub-structures within the same overall capacity.

What is the most common mistake operators make when reading AI insurance limits?

Treating the headline policy limit as the number that matters and not reading the sublimit schedule attached to it. An operator with a EUR 10 million headline limit may discover, only after a claim, that the specific loss category involved is capped at a fraction of that figure. The second most common mistake is not distinguishing a per-claim limit from an aggregate cap, which matters for any operator whose agents generate a realistic possibility of more than one claims-worthy event per policy year.

References

  1. Armilla, coverage limit and capital announcement following its January 2026 funding round, up to USD 25 million per company. Armilla operates as a Lloyd's of London coverholder.
  2. Munich Re, aiSure product documentation, Schedules B and D, and the Mosaic partnership announced February 2026 providing EUR, USD, or CAD 15 million of initial capacity.
  3. AI Underwriting Company (AIUC), AIUC-1 reference standard, 2025, coverage structure and limit conventions.
  4. Regulation (EU) 2024/1689, Article 99, tiered penalty structure referenced for regulatory enforcement sublimit context.
  5. Lloyd's Market Association, LMA5566, artificial intelligence exclusion clause, 2023, referenced for standard market limit and exclusion drafting conventions.