Coalition is a US cyber insurer that introduced explicit affirmative AI language into its Active Insurance product. That language names AI-caused losses as covered perils rather than leaving them in the ambiguous territory most cyber and tech E&O policies occupy. This analysis reads what the coverage triggers on, examines the governance evidence Coalition requires, and maps the gap between Coalition's US product and what European operators can actually access today.

Key takeaways

  • Coalition's affirmative AI endorsement (US) names AI-generated output failures, autonomous AI decision errors, and AI-driven data manipulation as explicit covered perils within its cyber product. This is affirmative coverage: it does not rely on the absence of an exclusion. US-specific.
  • European enterprises cannot access Coalition's product through standard direct placement. The functional European equivalents are Armilla as a Lloyd's coverholder, Munich Re aiSure for parametric performance coverage, and specialist Lloyd's market cyber products with explicit AI language.
  • Coalition's underwriting governance requirements overlap significantly with what EU AI Act compliance under Regulation (EU) 2024/1689 Articles 9 and 26 already demands. An enterprise with a complete EU AI Act compliance file is well positioned for Coalition-equivalent underwriting elsewhere.
  • No admitted domestic European carrier had published a comparably structured affirmative AI endorsement as of June 2026. European operators are purchasing implicit coverage or bespoke placement, not a standard admitted product with published trigger language.
  • The EU AI Act high-risk provisions were provisionally deferred from 2 August 2026 to 2 December 2027 under the Digital Omnibus package agreed 7 May 2026, but that deferral is not yet formally adopted. The original date remains binding until the formal legislative process concludes. Operators building governance now reduce exposure regardless of the adoption timeline.
  • Five questions every European operator should put to their broker: Is coverage affirmative or implicit? Which AI failure modes are named triggers? What governance documentation is required at underwriting and at claim stage? Is the trigger occurrence-based or claims-made? Does the policy contain a silent AI exposure clause?

What Coalition is and why its AI language matters

Coalition was founded in 2017 as a cyber insurance managing general agent and has since obtained admitted carrier status in most US states, writing on surplus lines paper where admitted placement is not available. Its Active Cyber Insurance product is underwritten on its own paper backed by reinsurance from Swiss Re, among others. Coalition positions itself as an active risk management partner rather than a passive indemnifier, providing attack surface monitoring and threat intelligence to policyholders alongside traditional coverage.

Coalition's AI-related coverage language emerged from the same market problem that drove Counterpart's November 2025 affirmative endorsement: standard cyber and tech E&O policies were written for a world in which the primary insured technology risk was network intrusion, data breach, and ransomware. When AI systems became consequential participants in professional decisions, financial outputs, and customer-facing interactions, the standard policy language produced coverage uncertainty. Carriers and insureds disagreed at claim time about whether an AI-generated output error was a covered cyber event, a professional liability error, or an uninsured technology performance failure.

Coalition's response was to introduce affirmative AI language into its cyber product rather than address the gap through a separate standalone endorsement. The practical effect is that AI-caused losses in Coalition's covered categories are cyber claims, not a distinct product. This is a structural choice that differs from Counterpart's approach of adding a Tech E&O insuring agreement, and it has implications for how claims are routed and how limits interact.

What the affirmative AI language covers (US product)

Note: The following coverage description refers to Coalition's US product. This coverage is not available to European-domiciled enterprises through standard direct placement.

Coalition's affirmative AI language, as disclosed in its product documentation and market communications, covers three categories of AI-caused loss as named perils within the cyber coverage structure.

AI-generated output failures. This category covers financial loss caused by an AI system producing an incorrect, fabricated, or misleading output on which the insured or a third party relied. The clearest examples are hallucinations in professional or transactional contexts: an AI legal research tool inventing citations that an attorney then filed (Mata v. Avianca, 22-cv-1461, S.D.N.Y. 2023), an AI travel assistant misrepresenting fare rules to a customer (Moffatt v. Air Canada, Civil Resolution Tribunal, British Columbia, 2024), or an AI financial planning tool generating fabricated product terms. Coalition's coverage applies where the output failure causes a covered loss to the insured.

Autonomous AI decision errors. This category covers losses caused by AI systems making consequential decisions without adequate human review. The trigger applies where an AI system operating in an automated or semi-automated mode makes an error in a decision that causes financial loss, such as an AI pricing algorithm producing incorrect quotes, an AI fraud detection system blocking legitimate transactions, or an AI underwriting system misclassifying risk. The key distinction is that the decision must have been made by the AI system in a mode where human oversight was not part of the documented workflow.

AI-driven data manipulation. This category covers losses caused by AI systems that incorrectly modify, corrupt, or misroute data as part of an automated process. It differs from the ransomware and data destruction coverage that standard cyber policies include because it covers unintentional AI-caused data errors rather than adversarial attacks. In high-volume automated processing environments, including financial services, logistics, and healthcare administration, AI data manipulation errors can cause significant loss before they are detected.

Coalition's cyber policy structure means these three AI perils sit within the cyber coverage limits rather than in a separate standalone limit. This has implications for how an insured with both cyber and tech E&O coverage manages their limits: an AI-caused loss claimed as a cyber event under Coalition's product will erode the cyber limit, which may or may not be the most efficient outcome depending on the total coverage structure.

What the coverage does not cover

Coalition's affirmative AI language addresses AI failures in the insured's own technology operations. It does not extend to losses caused by AI systems the insured does not operate, third-party AI infrastructure failures, or losses that arise from the AI system's intended outputs rather than its unintended errors. If an AI system performs exactly as designed but the design was legally non-compliant with EU AI Act requirements, the resulting regulatory fine is unlikely to be a covered loss under the AI peril clauses.

Physical injury and property damage arising from AI system failures are not within the cyber framework and would require separate product liability placement. For European enterprises deploying AI systems in high-risk categories under Regulation (EU) 2024/1689 Annex III, including systems used in safety components of products, infrastructure management, or employment decisions, the product liability exposure under Directive 2024/2853 runs separately from any cyber coverage.

AI systems used in medical diagnostics, mental health applications, and autonomous safety-critical systems typically fall outside standard carrier appetite for AI endorsements, including Coalition's. This exclusion pattern is consistent across Counterpart, Armilla, and Munich Re aiSure. For a detailed map of what current AI insurance products do and do not cover across all these providers, see the full guide to what AI agent insurance covers and costs.

The governance evidence Coalition requires

Coalition's underwriting process for accounts where AI coverage is material includes supplemental questions directed at the AI governance posture of the applicant. The questions are structured around the same evidence categories that well-designed AI compliance programmes produce. The practical overlap with EU AI Act compliance documentation is substantial.

Coalition asks for an inventory of AI systems the applicant operates. This maps directly to the technical documentation requirement under EU AI Act Article 11, which requires providers of high-risk AI systems to maintain technical files covering system purpose, architecture, and training data. For deployers of high-risk systems, Article 26 of Regulation (EU) 2024/1689 requires maintaining logs, monitoring plans, and human oversight procedures. Both the regulation and the underwriting application want the same starting point: a documented list of what AI systems exist and what they do.

Coalition asks about output monitoring. Article 9(1)(d) of Regulation (EU) 2024/1689 requires a risk management system that includes evaluation of the AI system in light of data obtained from post-market monitoring. Coalition's underwriting equivalent asks whether the applicant monitors AI outputs for accuracy, drift, and anomalous behaviour. An enterprise with a functioning post-market monitoring programme as required by the EU AI Act has the documentation to answer this question with specificity.

Coalition asks about incident response for AI failures. The EU AI Act under Article 73 requires providers and certain deployers of high-risk systems to report serious incidents to national market surveillance authorities. A reporting procedure requires an internal incident detection and escalation process to exist before the report can be made. Coalition's question on incident response asks whether that process exists.

The overlap is not coincidental. Both the EU AI Act compliance framework and insurance underwriting for AI coverage are attempting to answer the same question: does this enterprise understand what its AI systems are doing, monitor whether they are doing it correctly, and have a process for responding when they fail? An enterprise that can answer yes with documentation is both a better compliance subject and a better insurance risk.

The European market gap

Coalition's affirmative AI language has been available as part of its US cyber product since the product documentation was updated in 2024 and 2025. As of June 2026, no admitted domestic European carrier has published a comparably structured affirmative AI endorsement with named peril language, published trigger conditions, and standard policy terms available to European-domiciled enterprises through normal broker distribution.

This is the European market gap. It is not that European enterprises cannot obtain any coverage for AI-caused losses. They can, through three current routes.

Armilla, as a Lloyd's coverholder backed by Chaucer and Axis Capital, offers affirmative AI coverage to enterprises including those domiciled in Europe. Armilla's evaluation process involves technical testing of the AI system as well as governance documentation review. Coverage limits reached USD 25 million following capacity expansion in January 2026. Access is through Lloyd's broker channels, not through standard direct domestic placement. Armilla explicitly excludes medical diagnostics, mental health, and autonomous vehicle applications, consistent with the sector-wide pattern.

Munich Re aiSure offers parametric AI performance insurance. Unlike Coalition's occurrence-based trigger model, aiSure settles claims on measured performance data: if an AI system's accuracy or output quality drops below a defined threshold for a defined period, the parametric payment triggers without requiring the insured to prove causal loss from a specific incident. This is a materially different coverage architecture. It removes the causation proof problem but requires the insured to define measurable performance metrics at underwriting. Munich Re's European market presence makes aiSure accessible to EU enterprises; access routes and availability for SME accounts vary and should be confirmed with a specialist broker.

Lloyd's market cyber products with bespoke AI language, placed through specialist London market brokers, can be tailored to include explicit AI coverage provisions for larger European accounts. This is not a standard product with published trigger language. It is a manuscript policy drafted to the account's specific needs, which requires a minimum account size and specialist broker involvement to be practical.

The gap Coalition's product illustrates is the absence of a standard admitted domestic European cyber or tech E&O product with published affirmative AI trigger language, available through normal broker distribution, at SME-relevant premium levels. European insurers are aware of the market need. EIOPA's February 2026 survey on AI governance in insurance documented that European carriers are developing AI-specific coverage but have not yet reached product launch in the standard admitted market. The gap is expected to close by 2027, but that expectation is not a current product.

For a current tracker of which AI insurance providers are active in the European market and what they offer, see the European AI agent insurance market tracker, June 2026.

The regulatory pressure that is driving demand

The European demand for Coalition-equivalent coverage is not hypothetical. It is driven by two converging regulatory instruments.

Regulation (EU) 2024/1689, the EU AI Act, creates a tiered compliance framework that imposes the heaviest obligations on high-risk AI systems defined in Annex III. These include AI systems used in critical infrastructure management, education and vocational training, employment and workforce management, access to essential private and public services, law enforcement, migration and border control, administration of justice, and democratic processes. Deployers of high-risk systems face obligations under Article 26 that include implementing monitoring plans, maintaining logs, and reporting serious incidents to national competent authorities. Non-compliance exposes deployers to fines of up to EUR 15 million or 3% of global annual turnover.

The high-risk provisions were originally scheduled to apply from 2 August 2026. A provisional deferral to 2 December 2027 was agreed under the Digital Omnibus legislative package on 7 May 2026. This deferral is not yet formally adopted: the legislative process must conclude before the new date binds. Until formal adoption, the original 2 August 2026 date remains in force. Enterprises that are waiting for the deferral to be formally confirmed before beginning compliance work are taking regulatory risk that may not materialise into enforcement, but also may.

Directive 2024/2853 on liability for defective products, which entered into force on 9 December 2024 with a three-year transposition deadline, extends strict product liability to software and AI systems. Under the revised directive, a damaged party does not need to prove fault, only damage, a defect, and a causal link. The rebuttable presumption of defect provisions further reduce the evidentiary burden for plaintiffs. For European enterprises deploying AI systems in contexts where a software defect could cause harm to consumers, the Product Liability Directive creates a direct financial exposure that affirmative AI coverage in a liability product would address.

The combination of EU AI Act enforcement obligations and Product Liability Directive exposure creates a specific need for European affirmative AI coverage that maps to the compliance framework. Coalition's US product illustrates what that coverage looks like at the product level. The question for European operators is when a domestic admitted product with equivalent trigger language will be available, and what they do in the interim.

For the current state of how professional indemnity and cyber products in Europe are addressing this space, and where the gaps remain, see the analysis of AI exclusions in cyber and E&O policies.

For how Coalition's approach compares to the Lloyd's market capacity being built through specialist coverholders for European accounts, see the Lloyd's London AI insurance capacity analysis for Europe 2026 on Agent Liability.

Five questions every European operator must put to their broker

In the absence of a standard admitted European product with Coalition-equivalent affirmative AI language, European operators purchasing cyber or tech E&O coverage need to verify the coverage position themselves. The following five questions should be put to any broker placing AI-adjacent coverage for a European enterprise in 2026.

Question one: Is AI coverage affirmative or implicit? Ask the broker to identify the specific policy clause or endorsement that covers AI-caused losses. If the answer is that AI losses are covered because there is no AI exclusion, the coverage is implicit. Implicit coverage means the coverage position will be litigated at claim time. Affirmative coverage means there is a named peril clause. Only accept the answer that identifies a specific clause.

Question two: Which AI failure modes are named triggers? Affirmative AI coverage that only covers AI hallucinations does not cover autonomous decision errors or AI data manipulation. Ask for the complete list of AI failure modes that are named as covered triggers. Any failure mode not named should be treated as potentially excluded or ambiguous.

Question three: What governance documentation is required at underwriting and at claim stage? Many coverage disputes arise because the insured provided different information at underwriting and at claim time. Ask the broker to confirm what governance documentation will be required if an AI claim is made, and verify that the enterprise has that documentation now. If the claim will require evidence of pre-deployment testing and the enterprise does not have pre-deployment testing records, the claim is at risk regardless of what the policy language says.

Question four: Is the trigger occurrence-based or claims-made, and how does it interact with AI system updates? AI systems are updated continuously. An occurrence-based trigger requires the loss-causing AI failure to occur during the policy period. A claims-made trigger requires the claim to be made during the policy period. If the AI system was updated between the failure and the claim, the question of which policy period applies becomes contested. Ask the broker how the carrier treats AI system version history in claim disputes.

Question five: Does the policy contain a silent AI exposure clause? Some cyber policies include broad technology exclusions or AI-adjacent language that could be invoked to dispute AI claims even where no explicit AI exclusion exists. Ask the broker to confirm that there is no policy language that could be read to exclude losses where an AI system was involved, other than named exclusions clearly communicated at placement. Silent exclusions that are invoked at claim time are among the most commercially damaging coverage outcomes.

What Coalition's position signals about where the market is going

Coalition is not alone among US insurtechs in moving toward affirmative AI language. Counterpart's November 2025 endorsement, AIUC-1's certification-backed coverage structure first deployed with ElevenLabs in February 2026, and the growing Lloyd's market capacity for European accounts through Armilla all reflect the same structural shift: AI coverage is becoming a named product category rather than an ambiguous gap in existing products.

The AIUC market size estimate for AI insurance, published by the Artificial Intelligence Underwriting Company and cited by multiple Lloyd's market briefings, projects the AI insurance category at near-zero in 2023 and growing toward USD 500 billion by 2030. This projection is contested, but the directional claim that AI coverage is a growing category rather than a niche product appears consistent with observable market behaviour. New products are being introduced. Capacity is growing. Underwriting standards are being codified.

For European operators, the signal is time-sensitive. The US market is approximately 18 to 24 months ahead of the European market in developing standard affirmative AI coverage products. The governance documentation required to access US-market products through Lloyd's broker channels is the same documentation that EU AI Act compliance requires. European enterprises that spend 2026 building AI governance documentation are not only preparing for regulatory compliance; they are also building the underwriting submission that will qualify them for coverage when domestic European products become available.

The window in which "no standard AI-specific coverage exists in Europe" is closing. The window in which enterprises can build governance documentation ahead of regulatory deadlines is also narrowing, whether the high-risk AI provisions apply in August 2026 or December 2027. Both timelines favour starting now.

Frequently asked questions

What does Coalition's affirmative AI coverage trigger on?

Coalition's affirmative AI endorsement (US) names AI-generated output failures, autonomous AI decision errors, and AI-driven data manipulation as explicit covered perils within its cyber product. This is affirmative coverage: named AI failures are covered perils, not inferred from the absence of exclusions. Coalition's product is US-specific and not available to European enterprises through standard direct placement.

How does Coalition's AI coverage language differ from standard cyber and E&O policies?

Standard cyber insurance was written for network intrusion, ransomware, and data breach. Most policies either exclude AI-generated losses by name or leave them in ambiguous territory. Coalition's affirmative AI language names AI failures as covered perils within the cyber policy, so policyholders do not face a coverage dispute about whether an AI output error is a covered cause of loss.

Is Coalition's affirmative AI coverage available to European enterprises?

Coalition is a US carrier and MGA. European enterprises cannot access its product through standard direct placement. The functional European equivalents are Armilla as a Lloyd's coverholder, Munich Re aiSure for parametric performance coverage, and bespoke Lloyd's market cyber products. No admitted domestic European carrier had published equivalent standard affirmative AI trigger language as of June 2026.

What governance evidence does Coalition require to write affirmative AI coverage?

Coalition's underwriting supplement asks for an AI system inventory, output monitoring documentation, incident response procedures for AI failures, and evidence of named governance accountability. This overlaps substantially with what EU AI Act compliance under Articles 9 and 26 of Regulation (EU) 2024/1689 requires. An enterprise with a complete EU AI Act compliance file is well positioned for Coalition-equivalent underwriting elsewhere in the market.

What should a European operator ask a broker when seeking affirmative AI coverage?

European operators should ask five questions: Is coverage affirmative or implicit? Which AI failure modes are named triggers? What governance documentation is required at underwriting and at claim stage? Is the trigger occurrence-based or claims-made, and how does it interact with AI system updates? Does the policy contain a silent AI exposure clause? A policy that cannot answer all five with specific policy language should be treated as providing potentially only implicit coverage.

What is the European market gap that Coalition's product illustrates?

Coalition's affirmative AI cyber language has been available in the US since 2024 and 2025. As of June 2026, no admitted domestic European carrier had published a comparably structured affirmative AI endorsement with named peril language, published trigger conditions, and standard policy terms accessible through normal broker distribution at SME-relevant premium levels. European operators must currently use Lloyd's market channels, Armilla, or Munich Re aiSure to obtain AI-specific coverage.

How does the EU AI Act change the insurance demand for Coalition-style affirmative coverage?

Regulation (EU) 2024/1689 creates compliance obligations with fines up to EUR 35 million or 7% of global annual turnover for high-risk AI violations. The revised Product Liability Directive (2024/2853) extends strict product liability to AI software. The EU AI Act high-risk provisions were provisionally deferred from 2 August 2026 to 2 December 2027 under the Digital Omnibus agreement of 7 May 2026, but that deferral is not yet formally adopted and the original date remains binding until formal adoption concludes. Both instruments create exposures that Coalition-style affirmative AI coverage would directly address.

References

  1. Coalition, Inc. Active Cyber Insurance product documentation, including AI coverage provisions. 2024 and 2025 policy versions.
  2. Coalition capacity and reinsurance arrangements: Swiss Re and other leading markets.
  3. Counterpart Insurance. Affirmative AI Coverage endorsement launch. November 2025.
  4. AIUC-1 AI Agent Certification Standard. Artificial Intelligence Underwriting Company, 2025.
  5. ElevenLabs. First AIUC-1-backed AI agent insurance policy, backed by HSB. February 2026.
  6. Armilla AI. Coverage capacity expansion to USD 25 million. January 2026. Chaucer and Axis Capital capacity.
  7. Munich Re aiSure. Parametric AI performance insurance product documentation. Mosaic partnership capacity EUR 15 million. 2025.
  8. Lloyd's of London. AI and cyber capacity market briefing. 2025.
  9. Mata v. Avianca, Inc., 22-cv-1461 (S.D.N.Y. 2023). AI-hallucinated legal citations case.
  10. Moffatt v. Air Canada, Civil Resolution Tribunal, British Columbia, 2024. AI chatbot misrepresentation of bereavement fare policy.
  11. Regulation (EU) 2024/1689 (EU AI Act), Articles 9 (risk management), 11 (technical documentation), 26 (deployer obligations), 73 (serious incident reporting).
  12. Regulation (EU) 2024/1689, Annex III (high-risk AI system categories).
  13. Directive 2024/2853 on liability for defective products, entered into force 9 December 2024.
  14. European Insurance and Occupational Pensions Authority (EIOPA). Survey on AI governance in insurance. February 2026.
  15. Digital Omnibus package. Provisional political agreement deferring EU AI Act high-risk provisions to 2 December 2027. 7 May 2026. Not yet formally adopted.
  16. Artificial Intelligence Underwriting Company (AIUC). AI insurance market size projections, 2023 to 2030.
  17. NIST AI Risk Management Framework (AI RMF). National Institute of Standards and Technology, 2023.
  18. ISO/IEC 42001:2023. Artificial Intelligence Management Systems standard.