Who insures AI agents in Europe? The 2026 market, read plainly.

By the Agent Insured Editorial Desk 14 June 2026 Reading time: 14 minutes

Short answer

As of June 2026 there is no licensed European-native carrier selling an off-the-shelf AI agent liability policy to small and mid-sized operators. What exists is early, enterprise-first, and often US or London distributed. The names a European operator will actually meet are Munich Re (aiSure, for AI model performance), HSB (a Munich Re group company that launched a standalone small-business AI liability product in the United States in March 2026), Armilla (a managing general agent and Lloyd's coverholder writing AI liability and performance cover with London market capacity), and the AIUC-1 certification standard that sits behind the first AI agent policy, secured by ElevenLabs in February 2026.

For most operators the realistic route is a professional indemnity, cyber, or product liability programme with affirmative AI wording, placed by a broker, after the agent has been assessed. A documented agent is both more insurable and cheaper to insure. Future Proof Intelligence publishes this as an independent reading of the market and is not an insurer or a broker.

Key takeaways

  • The category is no longer empty, but it is narrow. No EU-domiciled licensed carrier sells a standardised AI agent liability policy to SMEs off the shelf. The live cover is enterprise-first and arranged, not bought from a website.
  • What each name really is matters. Munich Re aiSure is performance cover. HSB is a Munich Re group small-business product, first launched in the United States. Armilla is an MGA and Lloyd's coverholder, not a balance-sheet carrier. AIUC-1 is a certification standard, not an insurer.
  • The first true AI agent policy is real: ElevenLabs secured an AIUC-1-backed policy in February 2026 for its voice agents. It proves the model. An agent is independently assessed against a standard, and that assessment is what makes an insurer willing to write.
  • Existing policies probably do not respond. Errors and omissions, cyber, and general liability were written before autonomous agents, and AI exclusions are being added at renewal, including the Verisk ISO generative AI endorsements with a January 2026 edition date on general liability forms.
  • Exposure is widening as cover tightens. The EU AI Act (Regulation (EU) 2024/1689) loads deployer duties and the revised Product Liability Directive (Directive (EU) 2024/2853, from 9 December 2026) brings AI inside strict liability. Readiness assessment is how an operator turns that pressure into insurability.

The honest state of the market

The question sounds like it should have a tidy answer: name the insurer, buy the policy. It does not, and the reason is worth stating plainly because most pages on this topic either overstate the market or pretend it does not exist. Both are wrong. The defensible position in mid-2026 is narrow and specific. No licensed insurer domiciled in the European Union sells a standardised, off-the-shelf AI agent liability policy that an operator can buy directly. What exists is early, mostly enterprise-first, frequently structured through the Lloyd's market or a managing general agent, and in several cases distributed first in the United States. That is not the same as saying nobody insures AI agents. It is saying the cover that exists has to be arranged, and an operator needs to know who the real parties are before approaching them.

Underwriters are cautious for one reason above all others: they lack claims data. AI agents are new, most deployments are recent, and a carrier cannot price a risk it has no loss history for. The market has three ways of managing that uncertainty, and every product below is an expression of one of them. Either the product uses a performance trigger to avoid arguing about legal fault (the Munich Re aiSure approach), or it demands detailed governance evidence to reduce how often a loss occurs (the Armilla and Lloyd's approach), or it applies conservative exclusions to limit exposure to the scenarios nobody can yet price. Understanding which lever a given product pulls tells an operator more than any marketing line.

Who actually writes it, and what each one is

The single most useful thing to fix first is the type of each party, because the names get used loosely. A carrier holds risk on its own balance sheet. A managing general agent (MGA) underwrites with delegated authority on behalf of someone else's capacity. A Lloyd's coverholder is an MGA writing on Lloyd's syndicate capacity. A certification standard is not an insurer at all; it is the assessment an insurer relies on. The table below reads each name through that lens.

Name What it really is Live now or developing What it covers European reach
Munich Re aiSure Carrier (global reinsurer and specialty insurer) Live, enterprise AI model performance. Pays when an AI system performs below an agreed level, on a measurable trigger Available through Munich Re specialty teams and delegated brokers
HSB (Hartford Steam Boiler) Carrier, Munich Re group company Live, small business; United States first (March 2026) Standalone small-business AI liability. A signal that an affordable standardised product is feasible US distributed at launch. EU availability not confirmed [VERIFY]
Armilla Managing general agent and Lloyd's coverholder Live, enterprise and mid-market AI liability and AI performance cover, paired with governance evaluation. Reported limits up to about USD 25M [VERIFY] Reachable in Europe via the Lloyd's market through a specialist broker
AIUC-1 Certification standard (Artificial Intelligence Underwriting Company) Live as a standard; the basis of the first AI agent policy Not cover itself. Adversarial assessment of an agent that underwriters rely on to write a policy Standard is jurisdiction-neutral; the capacity behind it is London market and US
ElevenLabs policy The first AI agent policy, structured on AIUC-1 (February 2026) Live, single named buyer (voice agents) The proof point, not a product an operator can buy. Establishes the assess-then-insure model Reference point rather than an EU-available product
AXA, Allianz, Zurich and peers Large European carriers Developing, no dedicated AI agent line yet Monitoring the line; AI exposure today sits inside existing PI, cyber, and product wordings EU-domiciled, but not yet selling a dedicated AI agent product [VERIFY]

Two things follow from the table. First, the EU-domiciled carriers an operator might expect to lead, the AXA and Allianz tier, are not yet writing a dedicated product, which is why the live cover routes through Munich Re, the Munich Re group, and the Lloyd's market. Second, the most cited names in the category are not all the same kind of thing: ElevenLabs is a buyer, AIUC-1 is a standard, Armilla is an intermediary, and Munich Re and HSB are the carriers. Treating them as interchangeable insurers is the most common error in coverage of this topic.

Munich Re aiSure and HSB: the Munich Re group position

Munich Re is the most developed name in AI insurance and approaches it from two angles. aiSure, written through Munich Re's specialty operations, is performance insurance. It attaches when an AI system underperforms against a specification agreed at the point of placement, rather than asking the buyer to prove that an AI failure legally caused a third party's loss. That structure makes aiSure cleaner to claim than ordinary liability cover, but it puts the work up front: the buyer has to define and agree the performance the policy measures against. For an operator running an autonomous agent, aiSure is a first-party performance layer. It does not, on its own, answer for the claim a harmed customer brings, which is third-party liability and a separate piece.

HSB (Hartford Steam Boiler) is part of the Munich Re group and, in March 2026, launched a standalone small-business AI liability product, first available in the United States. Its importance for a European reader is what it signals rather than what it currently sells here. A Munich Re group entity has decided that AI liability can be packaged as an affordable, standardised small-business product. That is the shape the European market is most likely to grow toward. As of June 2026, though, it is not an EU off-the-shelf purchase, and territorial availability should be confirmed with a broker rather than assumed [VERIFY].

Armilla and the Lloyd's route

Armilla is the clearest example of how AI agent cover actually reaches a European operator today, and it is worth understanding the structure because it explains both the access and the conditions. Armilla is a managing general agent and a Lloyd's coverholder. It does not carry the risk on its own balance sheet; it underwrites with delegated authority on behalf of Lloyd's syndicate capacity. Reported limits reach up to around USD 25 million for larger placements, though that figure should be reconfirmed before anyone relies on it [VERIFY]. Because the Lloyd's market writes across Europe on a cross-border basis, this London-structured capacity is reachable by EU operators through a broker with the right relationships, even though Armilla itself is not an EU-domiciled carrier.

The condition attached is governance evidence. Armilla pairs cover with an assessment of the agent, and the AIUC-1 standard tends to form the baseline for that assessment. An operator without documented governance is likely to face either a declination or a quote loaded with AI-specific exclusions. This is the practical link between readiness and insurability, made concrete: the assessment is not a nicety, it is part of getting a price at all. The same pattern holds for the Lloyd's syndicates writing bespoke AI programmes outside Armilla, which are typically arranged individually above a meaningful minimum premium and are not published as off-the-shelf products.

AIUC-1 and the ElevenLabs policy: the model the market is settling on

AIUC-1 is a certification standard for AI agents, developed by the Artificial Intelligence Underwriting Company. It evaluates an agent through adversarial testing across data and privacy, safety, security, reliability, accountability, and societal impact. It is positioned to sit on top of existing controls such as SOC 2 and ISO 27001 rather than to replace them, and it carries a regular update cadence as agent risks evolve. AIUC-1 is not an insurer. It is the assessment that an insurer uses to decide whether, and on what terms, to write cover.

In February 2026 ElevenLabs secured the first AI agent insurance policy structured around AIUC-1, for its voice agents. The detail of that single policy matters less than the template it establishes, which is the model the rest of the market is converging on: an agent is independently assessed against a published standard, the assessment produces structured evidence, and the evidence is what unlocks an insurer's willingness to write. For a European operator, the lesson is portable even though the policy is not. The path to cover runs through assessment, and the same assessment that satisfies an underwriter also produces much of what the EU AI Act expects.

The market is settling on a simple sequence. Assess the agent against a standard, document what it does and how it is controlled, then take that evidence to the carriers. The operators who have done the assessment are the ones who can be insured at a sensible price.

What is, and is not, covered

The cover that exists in Europe in 2026 separates into four categories, and the gaps between them are as important as the categories themselves.

Third-party errors and omissions. This responds when an AI agent gives advice or takes an action that causes financial harm to a customer or counterparty: a recommendation relied on, a wrongful commitment, a decision the customer suffers from. This is the core of what purpose-built AI agent cover addresses and the exact gap that traditional E&O is increasingly excluding.

Regulatory defence costs. Cover can respond to the cost of defending an investigation under the EU AI Act (Regulation (EU) 2024/1689). A crucial limit applies here: administrative fines under the Act are generally not insurable as a matter of public policy in most EU member states, while the cost of legal representation during a supervisory investigation usually is. An operator should not assume a policy pays the fine; it more realistically pays to defend the process.

First-party performance. This is the aiSure shape. It pays the operator's own costs when an AI system underperforms against an agreed specification, independent of any third-party claim. It is the cleanest cover to trigger and the one that asks the most precise work at placement.

Privacy and data liability. Where an agent exposes or mishandles personal data, this overlaps with cyber cover. The well-known failure mode is that cyber responds to the data event but not to a purely financial loss from a wrong answer that involved no data breach.

What is largely absent is standalone cover for AI-caused physical harm, which, if it is reached at all, tends to be reached through product liability rather than a dedicated AI policy. And the single most common surprise is what an operator's existing policies already remove. Many errors and omissions, cyber, and general liability wordings now carry explicit AI exclusions added at renewal. On general liability specifically, the Verisk ISO generative AI endorsements (the CG 40 47 and CG 40 48 forms, carrying a January 2026 edition date) exclude bodily injury, property damage, and, in the broader form, personal and advertising injury arising out of generative AI. The first task for most operators is therefore not buying a new product. It is reading what the current cover has quietly carved out.

Why the law widens exposure as cover narrows

The uncomfortable timing of this market is that an operator's legal exposure is widening at the same moment insurers are tightening wording. Three real instruments drive that, and they are worth citing precisely.

Under the EU AI Act (Regulation (EU) 2024/1689), the deployer of an AI system carries operating duties. The literacy and prohibited-practice obligations (Articles 4 and 5) have applied since 2 February 2025. The transparency duty under Article 50, telling people they are dealing with AI and labelling AI-generated content, applies from 2 August 2026 and is not deferred by the Digital Omnibus. For high-risk uses, the duties in Articles 9 to 17 (risk management, data governance, documentation, logging, transparency, human oversight, and accuracy and robustness) and the deployer obligations in Article 26 apply, including a specific human-oversight requirement under Article 14. Penalties under Article 99 reach up to EUR 35 million or 7% of global turnover for prohibited-practice breaches.

The high-risk timing is genuinely in flux, and it should be stated accurately. The binding dates today are 2 August 2026 for standalone high-risk systems (Annex III) and 2 August 2027 for high-risk systems embedded in regulated products (Annex I). On 7 May 2026 the Council and Parliament reached a provisional political agreement under the Digital Omnibus to move these to 2 December 2027 and 2 August 2028. As of June 2026 that agreement is not adopted and not published in the Official Journal, so it is a proposal, not law. Until it is formally adopted, the original August 2026 date remains binding. No page should present December 2027 as settled.

Separately, the revised Product Liability Directive (Directive (EU) 2024/2853) brings software and AI systems inside strict product liability for products placed on the market after 9 December 2026, with national transposition due the same day. It eases a claimant's burden of proof for opaque systems through rebuttable presumptions of defectiveness. For insurance-sector context, the EIOPA Opinion on AI governance and risk management (EIOPA-BoS-25-360, 6 August 2025) situates AI within existing law (Solvency II, IDD, DORA, GDPR) and, in practice, is why underwriters increasingly ask for governance evidence. And the existing case law already shows the direction of liability: in Moffatt v. Air Canada (2024) a tribunal held an airline liable for its chatbot's misstatement, and in Mata v. Avianca (2023) a court sanctioned reliance on fabricated AI-generated citations. Neither is an AI Act ruling, but both show that organisations answer for what their AI outputs do.

How readiness maps to insurability

Put the market and the law together and a clear operating logic emerges. Insurers price uncertainty, and a documented agent reduces it, which is why readiness shows up twice: as access to cover and as a lower premium. The decision aid below sets out where an operator stands and what the realistic coverage path is, based on how far the agent has been assessed and documented.

Where the agent stands What an underwriter sees Realistic coverage path
No documentation. Agent deployed, nothing recorded about behaviour, oversight, or testing Unpriceable. High likelihood of declination or heavy AI exclusions Start with a readiness assessment before approaching any market. Check existing policies for AI exclusions in parallel
Partial. Some testing and an incident log, no structured governance assessment Insurable with conditions. Cover likely, with sublimits or carve-outs and a higher rate Close the assessment gaps, then place affirmative AI wording on PI or cyber through a broker
Assessed. Structured governance aligned to ISO/IEC 42001, NIST AI RMF, or AIUC-1, with oversight and incident evidence Priceable. The evidence underwriters and the AI Act both want Eligible for purpose-built AI cover (Armilla, Lloyd's programmes) and better terms on existing lines
High-risk under Annex III, assessed Priceable but scrutinised. Conformity and oversight evidence examined closely Full AI liability programme, often combining first-party performance and third-party liability layers

The evidence an underwriter asks for and the evidence a regulator expects have largely converged. Both want a description of what the agent does and who it affects, the model behind it, pre-deployment testing, the human-oversight mechanism, an incident history, and a structured governance assessment aligned to a recognised standard. Built once, that documentation serves the insurance submission and the EU AI Act obligations at the same time. The financial signal in the current market is blunt: the same enterprise, with and without documented governance, faces a materially different premium for equivalent cover. Investment in readiness is not only risk reduction. It has a measurable return at the next renewal.

This is where an independent reading layer is useful, and where Future Proof Intelligence positions itself: not as an insurer or a broker, but as the place that maps the market neutrally and turns an agent into the documented, assessable form that both underwriters and regulators are asking for. For the structured assessment that produces that evidence, the Agent Certified readiness assessment is the starting point, and its seven-dimension framework maps directly onto the AI Act obligation clusters above. For the live carrier picture, the European AI agent insurance market tracker on this site tracks who is writing what, and the coverage overview sets out the programme this platform is preparing for the Q3 2026 window.

Frequently asked questions

Who insures AI agents in Europe?

As of June 2026, no licensed European-native carrier sells an off-the-shelf AI agent liability policy to SMEs. The names a European operator will actually meet are Munich Re (aiSure, for AI model performance), HSB (a Munich Re group company that launched a standalone small-business AI liability product in the United States in March 2026), Armilla (a managing general agent and Lloyd's coverholder writing AI liability and performance cover with London market capacity), and the AIUC-1 certification standard behind the first AI agent policy, secured by ElevenLabs in February 2026. Large EU carriers such as AXA, Allianz, and Zurich are studying the line but have not launched a dedicated product. For most operators the realistic route is a professional indemnity, cyber, or product liability programme with affirmative AI wording, placed by a broker, after the agent has been assessed.

Is there a European insurer that sells AI agent cover off the shelf?

No. There is no EU-domiciled licensed insurer selling a standardised AI agent liability policy that an operator can buy directly. The cover that exists is arranged through brokers, written via Lloyd's syndicates and managing general agents, or distributed first in the United States. European operators can still obtain meaningful protection by adding affirmative AI wording to PI, cyber, or product liability lines, but that is a negotiated programme, not a product bought from a website.

What is Munich Re aiSure and does it cover AI agents?

aiSure is Munich Re's AI performance insurance. It responds when an AI system performs below a defined and agreed level, on a measurable trigger, rather than requiring proof of legal fault. It covers the AI model's performance, not the operator's third-party liability when an agent harms a customer. It is enterprise-oriented and arranged through Munich Re specialty teams and delegated brokers. For an operator running an autonomous agent, aiSure can sit inside a wider programme but does not by itself replace third-party liability cover.

What is Armilla and how does its Lloyd's backing work?

Armilla is a managing general agent (MGA) that writes AI liability and performance cover. It is a Lloyd's coverholder, meaning it underwrites with delegated authority on Lloyd's capacity rather than carrying risk on its own balance sheet. Reported limits reach up to around USD 25 million for larger placements (verify before relying on it). Armilla pairs cover with AI governance evaluation, so documented assessment of the agent is typically part of getting a quote. Because Lloyd's writes across Europe on a cross-border basis, the capacity is reachable by European operators through a specialist broker.

Does HSB offer AI insurance for small businesses in Europe?

HSB (Hartford Steam Boiler), part of the Munich Re group, launched a standalone small-business AI liability product in March 2026, first available in the United States. For European SMEs it matters as a signal that an affordable, standardised product is feasible and that a Munich Re group entity has built one, but as of June 2026 it is not an EU off-the-shelf purchase. Confirm current territorial availability with a broker.

What is AIUC-1 and what did ElevenLabs actually buy?

AIUC-1 is a certification standard for AI agents built by the Artificial Intelligence Underwriting Company. It assesses an agent through adversarial testing across data and privacy, safety, security, reliability, accountability, and societal impact. In February 2026 ElevenLabs secured the first AI agent insurance policy structured around AIUC-1, for its voice agents. The significance is the model it proves: an agent is independently assessed against a standard, and that assessment becomes the basis on which an insurer writes cover. AIUC-1 is a standard and an assessment, not an insurer.

What does AI agent insurance actually cover in Europe?

Available cover in 2026 falls into four buckets: third-party errors and omissions for AI-generated advice or actions that financially harm a customer; regulatory defence costs for an EU AI Act investigation (noting administrative fines are generally not insurable while defence costs usually are); first-party performance cover for an AI system underperforming against an agreed specification (the aiSure shape); and privacy and data liability where an agent mishandles personal data. Pure AI-caused physical harm is rarely available as a standalone product and is more likely to be reached, if at all, through product liability.

What is usually excluded from AI agent insurance?

Common exclusions are: outputs the system was designed to produce that a claimant later calls harmful (expected or intended outputs); losses from an undisclosed or materially modified agent that was not described accurately at underwriting; use of the agent outside the scope stated in the policy; criminal or fraudulent acts; war, terrorism, and state-sponsored cyberattack; and losses the operator already knew about before the policy began. Administrative fines under the AI Act are generally uninsurable as a matter of public policy in most EU member states, even where defence costs are covered. Many traditional policies now also carry explicit AI exclusions added at renewal, so the first task is often to read what your existing cover already removes.

Why does my existing business insurance probably not cover an AI agent?

Most errors and omissions, cyber, and general liability policies were written before autonomous agents existed, and through 2025 and 2026 insurers are adding explicit AI exclusions at renewal. Cyber covers data breaches but not a financial loss from an agent giving wrong advice with no data event. General liability covers bodily injury and property damage, and the Verisk ISO generative AI endorsements (January 2026 edition) remove exactly that. Errors and omissions or professional indemnity is usually the best existing chance, often only where a human stayed in the loop. Check each policy for an AI exclusion before the next renewal.

How does the EU AI Act change who is liable, and what to insure?

Under the EU AI Act (Regulation (EU) 2024/1689) the deployer carries operating duties: human oversight (Article 14), transparency where Article 50 applies, and, for high-risk uses, the obligations in Articles 9 to 17 and Article 26. Literacy and prohibited-practice rules (Articles 4 and 5) have applied since 2 February 2025; Article 50 transparency applies from 2 August 2026. The revised Product Liability Directive (Directive (EU) 2024/2853) brings AI inside strict liability for products placed on the market after 9 December 2026. These widen exposure as insurers tighten wording, which is why a documented agent and a deliberate coverage programme matter.

When is the EU AI Act high-risk deadline, given the proposed delay?

The binding dates today are 2 August 2026 for standalone high-risk systems (Annex III) and 2 August 2027 for product-embedded high-risk systems (Annex I). On 7 May 2026 the Council and Parliament reached a provisional political agreement under the Digital Omnibus to move these to 2 December 2027 and 2 August 2028. As of June 2026 that agreement is not adopted and not published in the Official Journal, so it is a proposal, not law. The original August 2026 deadline remains binding until the deferral is formally adopted. Article 50 transparency and the Product Liability Directive timeline are not deferred by the Omnibus.

How does a readiness assessment map to insurability?

Underwriters price uncertainty, and a documented agent reduces it, which shows up as both access to cover and a lower premium. The market is converging on the same evidence an insurer wants and a regulator expects: what the agent does and who it affects, the model behind it, pre-deployment testing, human oversight, an incident history, and a structured governance assessment aligned to ISO/IEC 42001, the NIST AI Risk Management Framework, or AIUC-1. Armilla and the Lloyd's syndicates writing under AIUC-1 require this evidence to quote. The same documentation supports EU AI Act compliance, so building it once serves both. A readiness assessment is the structured way to produce that evidence before approaching the market.

References

  1. Regulation (EU) 2024/1689 of the European Parliament and of the Council (the Artificial Intelligence Act), in force 1 August 2024. Articles 4, 5, 9 to 17, 14, 26, 50, and the penalty provisions in Article 99. Literacy and prohibited practices apply from 2 February 2025; Article 50 transparency from 2 August 2026.
  2. Digital Omnibus on AI: provisional political agreement reached by the Council and Parliament on 7 May 2026 to move high-risk Annex III obligations to 2 December 2027 and Annex I to 2 August 2028. Not adopted and not published in the Official Journal as of June 2026; the original 2 August 2026 and 2 August 2027 dates remain binding until adoption.
  3. Directive (EU) 2024/2853 on liability for defective products (revised Product Liability Directive). Applies to products placed on the market after 9 December 2026; national transposition due 9 December 2026. Brings software and AI systems inside strict product liability with rebuttable presumptions of defectiveness.
  4. EIOPA Opinion on Artificial Intelligence governance and risk management, EIOPA-BoS-25-360, 6 August 2025. Interpretive guidance situating AI within Solvency II, IDD, DORA, and GDPR; not new rules.
  5. Munich Re aiSure, AI performance insurance written through Munich Re specialty operations [VERIFY any specific partner attribution and limits].
  6. HSB (Hartford Steam Boiler), Munich Re group. Standalone small-business AI liability product launched March 2026, United States distributed at launch [VERIFY current territorial availability].
  7. Armilla, managing general agent and Lloyd's coverholder. AI liability and performance cover with London market capacity; reported limits up to about USD 25 million for larger placements [VERIFY current figure].
  8. AIUC-1, the Artificial Intelligence Underwriting Company standard for AI agents, launched mid-2025. Adversarial assessment across data and privacy, safety, security, reliability, accountability, and societal impact. ElevenLabs secured the first AI agent policy structured on AIUC-1 in February 2026 (voice agents). See aiuc.com and the AIUC-1 specification.
  9. Verisk Insurance Services Office generative AI endorsements CG 40 47 and CG 40 48, January 2026 edition, on commercial general liability forms. CG 40 47 excludes Coverage A and Coverage B; CG 40 48 limits the exclusion to Coverage B.
  10. Moffatt v. Air Canada, Civil Resolution Tribunal, British Columbia, 2024 (airline held liable for its chatbot's misstatement). Mata v. Avianca, 22-cv-1461, Southern District of New York, 2023 (sanctions for reliance on fabricated AI-generated citations). Illustrations of existing-law liability for AI outputs, not AI Act rulings.
  11. For the readiness assessment and seven-dimension framework referenced above, see agentcertified.eu. Future Proof Intelligence publishes this analysis as an independent reading of the market and is not an insurer or a broker.