What Does AI Agent Insurance Cover, and What Does It Cost?

Two questions arrive together whenever a European operator looks at AI agent insurance: what does it actually pay for, and what will it cost. The answers are now specific enough to set out plainly. The cover has settled around four loss triggers rather than one, the limits available in the market are visible, and the pricing, while still underwriting-led rather than list-priced, follows a logic that a buyer can read and influence. This page covers all three: the triggers, the limits, and the pricing logic, with the real instruments and cases named, and a clear next step at the end.

None of this is speculative. It draws on wordings already in the market, including the AIUC-1 reference standard, the Munich Re aiSure product schedules, Armilla's AI policy form, and the AI exclusion endorsements now standard on general liability paper. The specifics will keep moving. The structure has settled.

Why AI agents need a separate class of cover

An AI agent is an autonomous software system that can take action on behalf of a person or organisation inside a defined operational scope. That definition is the reason the existing policy lines do not fit. Professional indemnity and errors and omissions cover attach to the work of a professional. Cyber cover attaches to the unauthorised acts of a third party. General liability covers bodily injury and property damage. An autonomous agent is none of those cleanly: it is not a professional, it is not an outside attacker, and it is often not software sold to a customer. It is a decision-making system acting on its own authority inside the insured's own business.

When it causes loss, the policy question is not only who pays but who decided and what the decision was made against. That is the gap purpose-built cover is designed to fill. The emerging wordings separate the underlying technology risk from the action risk and let insurers price them independently. The practical proof that the market treats this as a distinct class is the ElevenLabs policy backed by the AIUC-1 standard, announced on 11 February 2026, the first AI-agent-specific cover of its kind.^[5]

The four coverage triggers

Across the published wordings, cover groups into four loss triggers. Each is set out below with what it pays for, the real reference points that shape it, and the exclusions that decide a claim. A fifth section, regulatory penalty defence and indemnity, is covered separately because its availability depends on national law.

The fifth section: regulatory penalty defence and indemnity

Most European compliance officers ask about this first. Where offered, it covers the cost of defending a supervisory investigation and any insurable penalty under the AI Act, the GDPR, and the revised Product Liability Directive. The catch is that indemnity for a regulatory fine is only available where the underlying law permits a fine to be insured, and in several member states it does not, so the wording has to be read against each national implementation. The AI Act provides for administrative fines up to EUR 35 million or seven per cent of global annual turnover for prohibited-practice breaches under Article 5, and up to EUR 15 million or three per cent for other breaches; the GDPR provides for fines up to EUR 20 million or four per cent of global turnover.^[1] A fully drafted section covers supervisory investigations, notice-of-intent proceedings, defence counsel, technical expert witnesses, and corrective-action planning.

The failure mode is rarely the total absence of cover. It is the seam between an extension that excludes the faulty action and a standalone policy nobody bought, with the claim sitting in the gap.

What the cover costs, and the logic underneath the number

There is no rate card for AI agent insurance in 2026, and any page that quotes a single clean figure is guessing. Pricing is set by underwriting review of the specific deployment, because the loss data that would let insurers price from experience does not yet exist at volume. What can be stated honestly is a set of indicative market observations and the variables that move the number. The figures below are illustrative observations, not guaranteed quotes.

The limits available in the market follow the same shape. Cover runs from around EUR 1 million at the lower end of errors and omissions extensions up to about USD 25 million through Armilla's Lloyd's capacity, with Munich Re aiSure observed offering limits in the region of USD 15 million for initial placements. Carrier-specific limit figures should be verified before reliance, as they change with appetite. Sublimits frequently apply to intellectual property infringement, defamation, and privacy breach. Aggregate annual limits are typically set at two to three times the per-occurrence limit, and defence costs may sit inside or outside the limit depending on the product.

The five factors that move the premium

The number is not arbitrary. Five underwriting factors drive it, and four of the five are within the operator's control.

1. Deployment scope

The number of agents, the decision volume they handle, and the jurisdictions they touch. Broader scope, more exposure, higher premium.

2. Autonomy envelope

How independently the agent acts without human review. The faulty-tool-actions trigger is priced almost entirely off this. A human-in-the-loop workflow prices very differently from a fully autonomous one.

3. Certification posture

Whether the deployment is documented against a recognised framework. This is the single largest lever the buyer controls, and the subject of the next section.

4. Sector

High-risk categories under Annex III of the EU AI Act attract sector loadings. An agent in a regulated decision context prices above one drafting internal documents.

5. Claims history

Limited in value today because the loss record is short, but rising in weight as data accumulates. The one factor a new buyer cannot influence.

Why certification is the lever that moves the price

The broadest AI carve-outs in the 2026 market exist for one reason: underwriters cannot yet price AI risk with confidence, so they default to exclusions and sublimits to contain what they cannot measure. The way a buyer changes that is by reducing the underwriter's uncertainty, and the instrument for doing so is documented evidence against a recognised governance framework. Evidence is what lets an underwriter narrow a carve-out, raise a sublimit, or move a line from exclusion toward affirmative cover. Indicative market observations suggest the effect is material, in the order of 10 to 25 percentage points of base premium, depending on the framework, the tier, and the carrier writing the line.

Three frameworks are referenced most often, and they layer rather than compete. ISO/IEC 42001:2023 is the certifiable management-system standard for AI, showing a governed, auditable system around the technology.^[4] The NIST AI Risk Management Framework 1.0 is a voluntary lifecycle framework that many programmes run inside an ISO 42001 system, showing risk identification and mitigation across the agent's life. AIUC-1 is narrower and newer: an AI-agent-specific certification from the Artificial Intelligence Underwriting Company, built with technical input from institutions including Stanford, MIT and MITRE, audited first by Schellman, with ElevenLabs as the first certified company. It updates on a quarterly cadence and sits on top of, rather than replacing, standards such as SOC 2 and ISO 27001.^[5]

The European supervisory backdrop reinforces the same direction. EIOPA published its Opinion on Artificial Intelligence governance and risk management (reference EIOPA-BoS-25-360) on 6 August 2025. It is addressed to national supervisors, takes a risk-based and proportionate approach, and grounds its expectations in existing law such as Solvency II and the Insurance Distribution Directive rather than creating new rules.^[3] The indirect effect on buyers is real: insurers formalising how they use AI also formalise how they assess the AI risk they take on through policies, which increasingly means underwriters ask for governance evidence at submission. Operators who have completed an Agent Certified assessment have already produced much of what an AI underwriter asks for, which shortens the path from a defensive renewal to genuine cover.

Extension or standalone: the shape decides what is covered

The cover reaches the market in two shapes, and the choice between them is not only about price. An extension or endorsement bolted onto an existing errors and omissions or cyber policy is cheaper and faster, but it is usually narrower and capped by an AI sublimit, which preserves cover but limits recovery to a figure below the policy's overall limit. A cyber policy might carry a EUR 5 million aggregate while AI-related losses are subject to a EUR 500,000 sublimit inside it; the claim is covered, but recovery stops at the sublimit. A standalone affirmative AI agent policy addresses the four triggers directly with its own limit and wording.

The deciding factor is usually the faulty-tool-actions trigger. An autonomous agent that executes a transaction in error is the exposure an extension is least likely to reach, because the extension inherits the assumptions of the host policy, which was written for a human decision-maker. An operator running agents that act without human approval should treat standalone cover as the default and an extension as the fallback. The reverse holds for an operator whose agents only draft and recommend, with a person committing every action.

Who is liable, and why the cover matters now

The reason any of this is urgent is that liability already sits with the deployer, and the legal exposure is widening at the same moment insurers are tightening wordings. When an AI agent causes loss, liability falls on the business that deployed it, not on the model provider, because the deployer authorised the agent to act and under ordinary agency principles answers for what it did. The clearest authority is Moffatt v. Air Canada (2024), where the airline was held liable for a discount its chatbot invented.^[6] Mata v. Avianca (2023) made the same point in a different register, sanctioning lawyers who relied on fabricated AI-generated case citations.^[6]

In the EU the deployer also carries duties under the AI Act, and a defective AI system can trigger strict liability under the revised Product Liability Directive (Directive (EU) 2024/2853), which entered into force on 8 December 2024, must be transposed by member states by 9 December 2026, and applies to products placed on the market or put into service after that date.^[2] The directive expressly treats software, including AI, as a product, eases the claimant's burden of proof through rebuttable presumptions of defectiveness, and can make a failure to supply security updates a defect. The transparency duties under Article 50 of the AI Act, which require telling people they are interacting with an AI system and labelling AI-generated content, apply from 2 August 2026 and are not deferred by the Digital Omnibus proposal.^[1] The heaviest high-risk obligations carry a more contested timeline: the original date is 2 August 2026, and a deferral to 2 December 2027 was provisionally agreed on 7 May 2026 but, as of mid-June 2026, has not been adopted or published, so the original date remains the law for now.^[1]

The net effect is a widening gap. The deployer's exposure is expanding while standard policy wordings are contracting, and AI agent insurance is the instrument that closes the gap, but only for an operator who can show an underwriter how the agent is governed.

What to do now

For any European operator with agents in production, the practical move is to prepare the underwriting evidence before approaching the market, because an underwriting review is an expensive moment to discover that nobody wrote down the scope, kept the telemetry, or mapped the agents to a framework. Four artefacts carry most of the weight: a written definition of each agent's authorised scope, a named governance owner and escalation path, retained audit telemetry of inputs, decisions and outputs, and documentation against a recognised framework. Operators who arrive with those get meaningful quotations. Operators who arrive without them spend the quarter preparing to submit rather than preparing to buy.

The fastest way to produce that evidence is a structured readiness assessment. The Agent Certified readiness pathway maps a deployment against the dimensions an AI underwriter reviews and produces the documentation a submission needs. On this site, the coverage framework sets out the four triggers in more detail, the pre-launch registration places an organisation in the queue for underwriting review, and the weekly Agentic Liability Monitor tracks the carriers writing this risk in Europe. For the underlying liability regime, the sister desks agentliability.eu and agentliability.co track the AI Act, the revised Product Liability Directive, and their implementation across member states.