First-party vs third-party AI liability coverage. Understanding the split that defines your programme.

Every conversation about AI insurance eventually arrives at the same question: what exactly are you insuring against? The answer is more structured than it first appears. AI liability exposure divides cleanly into two categories that the insurance market has always treated separately: the losses you suffer yourself when something goes wrong, and the claims made against you by others who were harmed by what went wrong. These are first-party and third-party exposures, and understanding which is which is the foundational step in designing an AI insurance programme that actually covers what it needs to cover.

Most European enterprises currently have no AI-specific coverage of any kind. What they have is a collection of legacy policies (cyber, professional indemnity, product liability, directors and officers) that were not written with autonomous AI systems in mind and are being progressively amended to exclude AI-specific exposures. Filling the gap requires understanding what each legacy policy does and does not cover, and what new AI-specific products address. That exercise only makes sense if you start with the first-party and third-party distinction.

What first-party AI losses look like

First-party losses are the costs your organisation incurs as a direct result of an AI agent failure, before anyone else brings a claim. These are internal costs, and they are often significant and immediate. They include the cost of investigating what went wrong, which requires engineering time, legal time, and sometimes third-party forensic analysis. They include the cost of remediating the failure: correcting AI outputs that were wrong, restoring systems that failed, reconfiguring or retraining the AI agent. They include business interruption losses if the AI system was providing a critical function that had to be suspended during the investigation and remediation period. They include reputational management costs: PR advice, customer communication, and in some cases proactive outreach to customers who received incorrect information before the issue was discovered.

A specific first-party cost category relevant to EU AI Act deployers is regulatory response. When a supervisory authority opens an investigation, the costs of responding (legal representation, documentation preparation, responding to information requests, potential audit costs) are first-party costs. The investigation itself may not result in a fine, but it will produce legal fees regardless. If it does result in a fine, the fine amount is also technically a first-party cost, although administrative fines are generally non-insurable in EU member states because their deterrent purpose requires that the entity bears the cost.

First-party coverage in the AI context is most directly addressed by parametric-style products like Munich Re aiSure. The aiSure framework provides coverage that triggers when an AI system's measured performance falls below a declared threshold: accuracy rates, error rates, or similar performance metrics agreed at policy inception. When the trigger is met, the policy pays a predetermined benefit to cover the operational costs of the underperformance event. This structure is genuinely new in insurance terms: it does not require a third-party claim or even a specific identifiable loss event. It requires a performance measurement.

What third-party AI claims look like

Third-party losses are claims made against your organisation by other parties who suffered harm because of your AI agent's actions. The four most common categories in the European context are these.

Customer compensation claims. A customer who received incorrect information from an AI chatbot, received an incorrect decision from an AI scoring system, or suffered financial loss because an AI tool gave wrong advice has a claim against your organisation. In the EU context, this claim may be framed under contract law, consumer protection law, or after December 2026 under the revised Product Liability Directive 2024/2853, which classifies AI software as a product and imposes strict liability for defects. The Moffatt v. Air Canada case (British Columbia Civil Resolution Tribunal, February 2024), while decided outside the EU, is the most cited precedent: Air Canada was ordered to pay compensation for harm caused by its chatbot's incorrect bereavement fare information, regardless of the chatbot's autonomous nature.

Business partner claims. When an AI agent deployed in a B2B context makes an error that causes harm to a business partner (incorrect data, wrong instructions, unauthorised action taken on the partner's systems), the partner may bring a contractual or tortious claim. These claims can be large, because the AI agent may be embedded in an operational workflow where a single error cascades into significant downstream costs.

Regulatory enforcement actions with compensation components. Under the EU AI Act, national market surveillance authorities can initiate proceedings that result not only in fines but in orders to compensate affected parties. Under the AI Liability Directive (currently under development following the Commission's 2022 proposal), courts will be able to order disclosure of AI system documentation to support claimants in establishing causation in AI-related harm cases. Both create third-party financial exposure.

Employee claims. AI systems used in employment decisions (recruitment screening, performance evaluation, scheduling, workload allocation) that produce decisions with discriminatory or harmful effects on employees create employment law claims. These are a specific category of third-party exposure that sits at the intersection of AI liability and employment law.

How existing policies treat AI exposures

The honest starting point for any review of AI insurance programmes is acknowledging that most existing policies were written before autonomous AI agents were a significant operational risk, and many are being actively amended to exclude AI-specific exposures rather than extend to cover them.

Cyber liability policies cover data-related first-party costs (notification costs, forensic investigation, business interruption from system failure) and data-related third-party costs (compensation to individuals whose data was compromised, regulatory investigation defence for data protection violations). They do not cover financial harm claims from incorrect AI advice, incorrect AI decisions, or AI agent errors that do not involve personal data. A cyber policy responds to the data breach. It does not respond to the wrong credit score, the hallucinated contract term, or the AI scheduling error that costs a business partner a significant contract.

Professional indemnity and errors and omissions policies cover claims arising from negligent professional advice or service provision. For organisations that provide AI tools or AI-augmented services to clients as part of their professional service, E&O policies may cover third-party claims arising from AI-generated outputs, subject to the policy's definition of professional services and its AI exclusions. Many E&O policies are now being amended to include AI exclusions that require a specific AI endorsement to reinstate. If your E&O policy does not have an AI endorsement, the assumption that it covers AI-related professional liability claims should be verified rather than assumed.

Product liability insurance covers claims for physical injury or property damage caused by defective products. Traditional product liability policies do not typically cover pure financial harm claims arising from AI software decisions. The revised Product Liability Directive 2024/2853, entering into force in December 2026, reclassifies AI software as a product for strict liability purposes. This creates a new category of third-party exposure for AI system defects that extends to financial harm in certain circumstances. Whether existing product liability policies respond to this new exposure requires careful review of policy wording against the new directive's scope.

Munich Re aiSure and the first-party model

Munich Re's aiSure product, developed through the Special Enterprise Risks (SER) division, is the most prominent first-party AI insurance product currently available at scale. The product structure is based on a performance warranty: the insured declares the AI system's performance parameters at inception (accuracy thresholds, reliability metrics, error rate limits), the system is monitored against those parameters during the policy period, and the policy pays when measured performance falls below the agreed threshold.

The aiSure model was developed initially for AI systems in medical diagnostics, financial risk assessment, and manufacturing quality control, where AI system performance can be objectively measured against validated benchmarks. The February 2026 Mosaic partnership, providing up to EUR 15 million in AI developer coverage, extended the model toward a broader enterprise AI context. The key underwriting requirement for aiSure coverage is a documented, measurable performance baseline that both the insured and the insurer can reference during the policy period. An AI system without documented performance metrics cannot be placed on an aiSure-type product, because there is no agreed trigger level to reference.

For EU AI Act deployers, the accuracy and performance monitoring requirements of Article 15 (accuracy, robustness, cybersecurity) and Article 72 (post-market monitoring) produce exactly the kind of performance documentation that aiSure-type underwriters need. An enterprise that maintains its Article 15 compliance documentation in a form accessible to an underwriter is simultaneously building its insurability record for first-party performance coverage.

Armilla, AIUC, and the third-party liability model

Armilla AI's coverage product, operating as a Lloyd's coverholder backed by Chaucer and Axis Capital, focuses on the third-party liability side of AI exposure. Armilla's product form indemnifies the insured against third-party claims arising from AI model failures, including claims for financial harm, reputational damage, and professional liability arising from AI-generated outputs. The January 2026 funding round of USD 25 million and the partnership with Trustible (an AI governance platform) position Armilla as the primary third-party AI liability carrier in the North American and, increasingly, European market.

AIUC (AI Underwriting Company) has published the AIUC-1 standard, which functions as a reference certification framework for AI agent coverage. AIUC-1 certifies AI agents against eight categories of assessment, and AIUC-licensed insurers use AIUC-1 certification as a factor in setting premium and coverage limits for third-party AI liability policies. The ElevenLabs partnership, which produced the first AIUC-1 certified AI agent policy, demonstrated the practical application: a technology company uses AIUC-1 certification to access third-party liability coverage for its AI voice agent platform, with the certification providing underwriting confidence in the agent's governance and testing standards.

The Armilla and AIUC models are currently more accessible to technology companies building AI products than to enterprises deploying AI systems built by others. An enterprise deploying a third-party AI agent under Article 26 of the EU AI Act may not be able to obtain direct AIUC-1 certification for that agent if the underlying model provider has not participated in the certification process. The European market gap that these products do not yet address is the third-party liability exposure of enterprise deployers who are users of AI systems, not developers of them. For a European deployer wanting third-party liability coverage for claims arising from their use of a commercially licensed AI system, the available products are currently limited to AI endorsements on professional indemnity policies rather than standalone AI liability products.

Building a complete programme

A complete AI insurance programme for a European enterprise deployer covers both first-party and third-party exposures, using a combination of products. The structure looks like this. For first-party operational and remediation costs: a cyber policy with robust business interruption coverage for AI system failures, supplemented by an AI performance warranty product (aiSure-type) where the AI systems involved have measurable performance baselines. For third-party liability from data incidents: cyber policy third-party liability components, covering compensation claims from data subjects for AI-related data processing violations. For third-party liability from non-data AI errors: a professional indemnity policy with an AI endorsement reinstating coverage for AI-generated outputs, or a standalone AI liability endorsement where available. For regulatory defence: first-party regulatory investigation defence coverage, which most cyber and PI policies include. This does not cover the administrative fine itself, which is non-insurable, but covers the legal costs of responding.

The gap that most European enterprises currently have is the third-party liability component for non-data AI errors. This is the exposure that arises when an AI agent gives wrong information, makes a wrong decision, or takes an unintended action that causes financial harm to a customer or partner, where the harm is not about their personal data. This category is growing as AI agents are deployed in higher-consequence contexts (financial advice, medical pre-screening, legal information, employment decisions), and the coverage market for it in Europe is currently thin. For the broader picture of how AI-specific coverage products are developing in the European market, see the European AI insurance market map. For the coverage framework of the waitlist programme, see the coverage overview.

Enterprises preparing for coverage placement in the 2026 and 2027 window should structure their documentation around both coverage types from the start. First-party underwriters need performance metrics, monitoring records, and remediation procedures. Third-party underwriters need compliance documentation, governance frameworks, and incident history. Both sets of documentation also satisfy EU AI Act requirements. Building them to serve both purposes simultaneously is the most efficient approach. For the documentation an underwriting submission requires in detail, the guide on preparing an AI agent underwriting submission provides the specific formats and evidence categories that European underwriters are requesting.

Frequently asked questions