AI Risk Atlas

Analysis

When Does AI Insurance Become Required?

Andrew McPherson · June 27, 2026

Good for: Leaders · Insurance

AI insurance is optional until something makes it unavoidable. Today, with narrow exceptions, no one is obliged to buy it, and the cover that exists is bought defensively, often because an insurer has just carved AI out of a policy a business assumed it had. The interesting question is not whether AI insurance exists. It does, as the companion page on AI insurance lays out. The question is when it stops being a nice-to-have and becomes table stakes. The argument here is that the shift is decided by one of two catalysts, and that watching for them is more useful than watching product launches.

This is an analysis piece, a reasoned view rather than a settled fact, and it ends with the case against its own thesis.

The pattern in emerging insurance

New lines of insurance tend to follow the same arc. They begin as a niche product few buyers take seriously, sit quietly for years while the risk is debated, and then cross rapidly into the mainstream when a specific trigger arrives. Cyber insurance is the clearest modern example: it existed for two decades as a specialty curiosity before a wave of high-profile breaches and ransomware, combined with tightening expectations from regulators and counterparties, turned it into something most serious organizations are now expected to carry. The model that defined modern cyber underwriting, pricing on live risk data rather than an annual form, has since proven durable enough that in 2026 Allianz Commercial moved much of its standalone cyber book to Coalition, the company most associated with that approach.

The lesson is that categories do not drift into being required. They are pushed, by an identifiable event. For AI insurance, there are two candidate pushes.

Catalyst one: regulation that compels it

The cleanest trigger is a rule that requires AI cover for some defined activity, the way professional indemnity is mandatory for certain licensed professions, or motor third-party cover is mandatory to drive. A regulator deciding that organizations deploying high-risk AI must carry insurance against the harm it causes would convert the entire addressable market overnight from voluntary to obligatory.

Nothing of that kind exists yet. The most developed AI regulation, the EU AI Act, governs how AI may be built and deployed but does not mandate insurance, and the EU went the other way on liability, withdrawing its proposed AI Liability Directive in 2025. But the building blocks are accumulating: prudential regulators are already treating AI as operational risk, and the more that high-risk AI obligations bite, the smaller the step to requiring financial backing for the residual risk. This catalyst would most likely arrive sector by sector, in regulated industries first.

Catalyst two: a loss that reprices the risk

The second trigger is behavioral rather than legal: a large, public, clearly attributable AI loss. Not a near-miss or a quiet settlement, but an incident visible enough that boards, customers, and counterparties start treating AI cover as essential without waiting to be told. One such event resets the perceived probability of AI harm for everyone, and demand follows fear faster than it follows regulation.

What is striking about the market in 2026 is that this has not yet happened. The growth in AI cover so far is driven not by a famous loss but by carriers retreating, adding AI exclusions to existing policies and leaving buyers to plug the gap. That is real demand, but it is the cautious kind. A genuine headline loss would be a different order of catalyst.

What to watch

If the thesis is right, the useful signals are not product announcements but precursors to the two catalysts: regulators consulting on AI financial-assurance or insurance requirements, especially in regulated sectors; standardized AI exclusions spreading across mainstream policy wordings; reinsurers publishing accumulation and “silent AI” guidance that tightens what primary carriers will write; and, of course, any large AI incident that crosses from trade press into general news. The first organizations to treat AI insurance as required will be those most exposed to whichever catalyst fires first.

The case against

In the interest of not believing my own argument too easily, here is the counter-case. AI insurance may never become a discrete “requirement” at all. It could instead be absorbed silently into existing lines, so that AI risk ends up covered, or excluded, inside cyber and professional indemnity policies without anyone buying a product called AI insurance. It could become embedded by default, bundled into AI platforms and services the way the AIUC-1-backed cover for ElevenLabs is attached to a product rather than purchased separately, in which case the buyer never makes a deliberate decision to be insured. Or the risk could prove more manageable than feared, with assurance controls maturing fast enough that the residual exposure stays small and cover stays genuinely optional. Each of these is plausible, and each would make “when does it become required” the wrong question.

The practical takeaway

For most organizations the honest answer today is: not yet, but watch the catalysts, not the brochures. AI insurance becomes required the moment a regulator says so or a loss makes the case for them, and the gap between those events and a scramble for cover is usually measured in weeks. The organizations that come through it well will be the ones that already understand their AI risk stack and can show the assurance evidence underwriters will suddenly want, because the time to get insurable is before everyone else is trying to.

Common questions

Is AI insurance required today? Generally no. With narrow exceptions, AI insurance is optional, and adoption is driven more by carriers excluding AI from existing policies than by any mandate. That changes when one of two catalysts fires: a regulation that compels cover, or a high-profile loss that reprices the risk for buyers.

What would make AI insurance mandatory? Two paths. The first is regulatory: a rule that requires AI insurance for a market segment, the way professional indemnity is mandatory for some licensed professions. The second is behavioral: a large, public AI loss that makes boards and counterparties treat cover as essential even without a mandate. Historically, emerging insurance categories cross into table stakes on one of these triggers.

Primary sources

  1. Coalition and Allianz Commercial expand global cyber partnership · Coalition, 2026
  2. AI risk and insurance (coverage gaps and AI exclusions) · HUB International, 2025
  3. ElevenLabs secures first-of-its-kind AI agent insurance · AIUC, 2026
  4. Regulatory framework for AI (EU AI Act) · European Commission