# AI Risk Atlas: full reference > The neutral reference for AI risk, assurance, and insurance: the standards, the regulations, the carriers and MGAs, the assurance vendors, and what they mean for boards, risk and security leaders, and insurers. Source: https://airiskatlas.com. Independent, vendor-neutral. You may quote this content with attribution to AI Risk Atlas. Each section below is one page; the canonical URL and primary sources are included. --- # Introducing AI Assurance and AI Insurance URL: https://airiskatlas.com/learn/introducing-ai-assurance-and-ai-insurance Section: learn As organizations hand real decisions and actions to AI, two distinct disciplines have grown up to manage the downside. **AI assurance** is the set of controls and evidence that show an AI system is safe, accurate, and compliant enough to trust. **AI insurance** is a policy that pays out when an AI system causes financial loss anyway. Assurance lowers the chance that something goes wrong; insurance covers the cost when it does. Most organizations adopting AI at any scale end up wanting both, and the two are starting to connect: the evidence assurance produces is becoming what insurers price on. This page is the plain-language on-ramp. It explains what each term means, why both have become real commercial questions, and where they meet. The rest of this reference goes deeper into each one. ## Why this is suddenly a question For years, AI mostly advised. A model scored a loan application or suggested a product, and a person made the call. That is changing. AI systems and autonomous agents now act on people's behalf: they draft and send communications, approve or decline transactions, move through multi-step tasks, and increasingly do so without a human checking each step. When software acts rather than advises, the question of what happens when it gets something wrong stops being academic. Four features of modern AI make this risk different in kind, not just degree: - **It acts autonomously, at scale.** A single fault, a flawed instruction or a manipulated input, does not happen once. It can repeat across thousands of interactions before anyone notices. - **Most systems rest on a few foundation models.** A change or outage at one major model provider can affect many organizations at the same time, so problems tend to arrive together rather than independently. - **It is fast.** An agent can take thousands of actions a minute. Traditional oversight assumes a human making a manageable number of decisions. - **Blame is hard to assign.** When an AI causes harm, the chain runs through the model provider, the tools and frameworks around it, the company that deployed it, and the user. Working out who is responsible is genuinely difficult. Those features are why a worry that used to sit with engineers now reaches boards, regulators, and insurers. ## What AI assurance covers Assurance is everything that gives you justified confidence an AI system will behave acceptably, before you switch it on and while it runs. In practice it breaks into a few recognizable activities: - **Testing and red-teaming:** checking how a system performs on accuracy, bias, and resistance to manipulation, including deliberately trying to make it fail. - **Monitoring:** watching the system's behavior in production, so drift or new failure modes are caught early rather than after a loss. - **Governance:** the organizational layer, who owns the system, what policies apply, and how it maps to regulations. - **Audit and certification:** independent checks against a recognized benchmark. The clearest example is ISO/IEC 42001, published in December 2023 as the first certifiable international standard for managing AI, on a path to become for AI what SOC 2 is for security. The common thread is evidence. Assurance produces artifacts, a test report, a monitoring dashboard, a risk register, a certificate, that let other people trust the system without taking your word for it. For the full category map and the main players, see [What Is AI Assurance?](/learn/what-is-ai-assurance). ## What AI insurance covers Insurance handles the loss that controls do not prevent. The complication is that almost no existing business policy was written with autonomous AI in mind. Professional indemnity, technology errors and omissions, directors and officers, cyber, and product liability cover were all designed around human mistakes or conventional software, and they tend to respond awkwardly, or not at all, to an AI that hallucinates, is manipulated, or drifts over time. Many insurers have responded by adding explicit AI exclusions, which widens the gap rather than closing it. Into that gap, a small set of AI-specific products has appeared. Munich Re has offered its aiSure performance guarantee since 2018, paying out when a model's measured performance falls below an agreed threshold. More recently the pace has picked up: in 2026, ElevenLabs went live with AI-agent cover backed by certification to the AIUC-1 standard, and managing general agents such as Armilla began writing standalone AI liability policies through Lloyd's. This is an early market, and the cover available today is narrower than the risk, but it is real and growing. ## How the two fit together Assurance and insurance are not alternatives; they are two layers of the same response. Assurance reduces how often things go wrong and how badly. Insurance absorbs the financial hit when they go wrong anyway. The interesting development is the link forming between them. There is a well-worn precedent. In cyber insurance, a generation of insurers learned to price policies using live data about a customer's security posture rather than a once-a-year questionnaire. The company that most defined that model, Coalition, built a large cyber business on continuously measuring risk and feeding it straight into underwriting. The same logic is now being applied to AI: the continuous evidence that assurance produces about how a system behaves is exactly the input an insurer needs to price cover intelligently. As that link matures, good assurance is likely to mean better, cheaper, and more available insurance. ## Where to go next This reference is organized around who you are and what you need to do with AI risk: - If you are a board member or executive deciding whether this matters for your organization, start with the [business leaders path](/start/leaders). - If you have to implement controls, prepare for regulation, or procure cover, start with the [risk and security operators path](/start/operators). - If you buy, sell, or underwrite insurance, start with the [insurance market path](/start/insurance). From there, the [Learn](/learn) section explains [AI assurance](/learn/what-is-ai-assurance) and [AI insurance](/learn/what-is-ai-insurance) in their own right and breaks down [the layers of AI risk](/learn/the-ai-risk-stack), and the [Landscape](/landscape) maps the standards, regulations, carriers, and vendors by category and by region. ## Common questions **What is the difference between AI assurance and AI insurance?** AI assurance is the set of controls and evidence that show an AI system is safe, accurate, and compliant enough to trust. AI insurance is a policy that pays out when an AI system causes financial loss anyway. Assurance reduces the chance of harm; insurance transfers the cost of the harm that still occurs. **Do I need both?** Usually yes. They address different parts of the same problem. Assurance lowers the likelihood and severity of AI failures, and insurance covers the losses that controls cannot prevent. Increasingly the two are linked, because the evidence assurance produces is what insurers use to price cover. **Is AI insurance actually available today?** Yes, though the market is young. Munich Re has offered its aiSure performance guarantee since 2018, and in 2026 newer products appeared, including AIUC-1-backed cover used by ElevenLabs and standalone AI liability policies from MGAs such as Armilla. Much wider cover is still emerging, and many standard business policies now exclude AI rather than cover it. Primary sources: - ISO/IEC 42001, AI Management System Standard: https://www.iso.org/standard/42001 - AI Risk Management Framework: https://www.nist.gov/itl/ai-risk-management-framework - Insure AI (aiSure): https://www.munichre.com/en/solutions/for-industry-clients/insure-ai.html - ElevenLabs secures first-of-its-kind AI agent insurance: https://aiuc.com/research/elevenlabs-secures-first-of-its-kind-ai-agent-insurance - Coalition closes USD 250 million Series F: https://www.coalitioninc.com/announcements/coalition-closes-250-million-in-series-f-funding --- # The AI Risk Stack URL: https://airiskatlas.com/learn/the-ai-risk-stack Section: learn **AI risk is not one thing; it stacks in layers.** A hallucinating model, an agent that floods a process with bad transactions, an unowned system nobody is accountable for, an unanswerable question about who pays when harm occurs, and the slow erosion of customer trust are all "AI risk", but they are different problems with different fixes. Naming the layers turns a vague worry into a set of addressable parts, and lets you ask two concrete questions of each: what control reduces it, and what insurance transfers the loss when it happens anyway. That mapping, layer to [assurance](/learn/what-is-ai-assurance) and layer to [insurance](/learn/what-is-ai-insurance), is the organizing idea behind this whole reference. This page sets out the five layers. ## Why a stack Treating AI risk as a single category leads to either paralysis or false comfort. A layered model does two useful things. It shows that a control which addresses one layer, say a strong evaluation suite, does little for another, say unclear governance. And it shows where assurance and insurance each attach: most layers can be both reduced by controls and, increasingly, transferred by cover. The five layers below run from the most technical to the most human. ## The five layers ### 1. Model risk The AI itself. This is the layer of hallucination, bias, model drift over time, prompt injection and jailbreaks, and plain capability limits. The canonical catalog of these technical failure modes is the OWASP Top 10 for LLM Applications. - **Assurance:** evaluation and red-teaming before deployment, runtime guardrails, and production monitoring to catch drift. - **Insurance:** the most directly addressed layer so far. Munich Re's aiSure performance guarantee pays out when measured model performance drops below a threshold, and AIUC-1-backed agent cover responds to failures such as hallucination and prompt injection. ### 2. Operational risk The AI inside a business process. Here the concern is not the model in isolation but what happens when it is wired into real workflows: integration faults, automation running at a speed and scale no human reviews, broken human-in-the-loop checks, and dependence on a handful of foundation-model providers, which concentrates risk so that one provider's outage or regression affects many users at once. - **Assurance:** operational monitoring, incident response, change management, and third-party and model-provider risk management. - **Insurance:** technology errors and omissions, business interruption, and cyber lines are the closest fit. This is also the layer that prudential regulators reach through operational-risk rules such as APRA's CPS 230, which does not name AI but captures it as operational and service-provider risk. ### 3. Governance risk The organizational layer. The risk that no one owns a given AI system, that there is no policy governing its use, that decisions are undocumented, or more broadly that the organization fails to govern AI and cannot show otherwise. - **Assurance:** governance platforms, an AI management system certified to ISO/IEC 42001, clear ownership, policy, and risk registers, and independent audit. - **Insurance:** directors and officers cover is the exposed line, as "failure to govern AI" claims emerge and securities regulators treat AI as a potential material disclosure issue. ### 4. Liability and legal risk Who is on the hook, and to whom. When an AI causes harm, the causation chain runs through the model provider, the tools and frameworks around it, the integrator, the deployer, and the user, and traditional wordings assume a single negligent party. On top of distributed causation sit regulatory exposure (most concretely the EU AI Act) and questions such as liability for AI output that infringes intellectual property. - **Assurance:** contracts that allocate responsibility, documentation and assurance evidence that establish what was done, and alignment to recognized standards. - **Insurance:** professional indemnity and technology errors and omissions, the new standalone AI liability policies from MGAs such as Armilla, and product liability. Note that the EU withdrew its proposed AI Liability Directive in October 2025, so the burden-of-proof question it would have eased remains open in Europe. ### 5. Reputation and trust risk The loss that does not appear directly on a balance sheet but shows up anyway: brand damage, lost customer trust, and churn after a visible AI failure. It is the hardest layer to quantify and the hardest to transfer. - **Assurance:** monitoring, transparency and disclosure (the direction the EU AI Act's transparency rules push), strong governance, and prepared communications. - **Insurance:** largely uninsurable as a direct loss. Some reputational-harm endorsements exist, but this layer is managed and mitigated far more than it is transferred. It is the clearest case for investing in the lower layers, because the cheapest way to protect trust is to not fail visibly in the first place. ## The stack at a glance | Layer | Example failure modes | Assurance controls | Exposed insurance | | --- | --- | --- | --- | | Model | Hallucination, bias, drift, prompt injection | Evals, red-teaming, guardrails, monitoring | aiSure performance guarantee, AIUC-1 agent cover | | Operational | Integration faults, automation at scale, provider concentration | Monitoring, incident response, vendor management | Tech E&O, business interruption, cyber | | Governance | No owner, no policy, failure to govern | Governance platforms, ISO 42001, audit | Directors and officers | | Liability and legal | Distributed causation, regulatory breach, IP infringement | Contracts, documentation, standards alignment | PI/Tech E&O, AI liability policies, product liability | | Reputation and trust | Brand damage, lost trust, churn | Monitoring, transparency, governance, comms | Largely uninsurable; manage, do not transfer | ## How the layers interact The layers are not independent; risk flows upward through them. A model-layer fault, a hallucinated answer, becomes an operational incident when an agent acts on it thousands of times, becomes a governance failure if no one owned the check that should have caught it, becomes a liability claim when a customer is harmed, and ends as reputation damage when the story spreads. The practical lesson is that controls are cheapest and most effective low in the stack, while the costs land high in it. Investing in model and operational assurance is, in effect, the most reliable protection for the governance, liability, and reputation layers above. ## Where this connects Each layer points outward to the rest of this reference. The controls in every row are covered in [What Is AI Assurance?](/learn/what-is-ai-assurance), the cover in every row in [What Is AI Insurance?](/learn/what-is-ai-insurance), and the standards and regulations that set the baseline, ISO/IEC 42001, the NIST AI RMF, the EU AI Act, and the regional rules, are explained in [The Standards Landscape Explained](/learn/the-standards-landscape-explained). The [Landscape](/landscape) section maps the specific players across all of them. ## Common questions **What is the AI risk stack?** The AI risk stack is a way of organizing AI risk into layers rather than treating it as one undifferentiated worry. This reference uses five layers: model, operational, governance, liability and legal, and reputation and trust. Each layer can be mapped to the controls that address it (assurance) and the cover that transfers its losses (insurance). **What are the layers of AI risk?** Five layers. Model risk is the AI itself (hallucination, bias, drift, prompt injection). Operational risk is the AI inside a process (integration faults, automation at scale, provider dependency). Governance risk is organizational (unclear ownership, missing policy). Liability and legal risk is about who is on the hook and regulatory exposure. Reputation and trust risk is the damage to standing that does not show up directly on a balance sheet. **How does the risk stack help with assurance and insurance?** It turns a vague worry into addressable parts. For each layer you can ask two concrete questions: what control reduces this risk, and what insurance transfers the loss if it happens anyway. That mapping is the organizing idea behind this whole reference. **Which AI risks can be insured?** Model, operational, governance, and liability risks all have at least emerging insurance options, from performance guarantees to AI liability policies and directors and officers cover. Reputation and trust risk is the hardest to transfer and is usually managed through controls and disclosure rather than insured directly. Primary sources: - AI Risk Management Framework: https://www.nist.gov/itl/ai-risk-management-framework - OWASP Top 10 for LLM Applications: https://genai.owasp.org/llm-top-10/ - ISO/IEC 42001, AI Management System Standard: https://www.iso.org/standard/42001 - Prudential Standard CPS 230, Operational Risk Management: https://www.apra.gov.au/standards/cps-230 - Regulatory framework for AI (EU AI Act): https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai - Insure AI (aiSure): https://www.munichre.com/en/solutions/for-industry-clients/insure-ai.html --- # The Standards Landscape Explained URL: https://airiskatlas.com/learn/the-standards-landscape-explained Section: learn Updated: 2026-06-27 **There is no single AI rulebook.** What exists is a patchwork of two different kinds of instrument: voluntary **standards and frameworks** you choose to adopt, and binding **regulations** you must obey where they apply. The difference matters. A standard such as ISO/IEC 42001 is something you opt into and can be certified against; a regulation such as the EU AI Act applies whether you opt in or not, with penalties attached. The practical task is not to memorize all of them but to know which actually bite where you operate, and how they line up. That patchwork is exactly what an assurance program has to satisfy and what insurance underwriting maps to, which is why it sits in the [Learn](/learn) section rather than buried in a directory. This page explains the major instruments; the [Landscape](/landscape) maps the full set by region. ## The certifiable standard: ISO/IEC 42001 Published in December 2023, ISO/IEC 42001 is the first certifiable international standard for managing AI. It specifies an AI management system, the organizational machinery for governing AI across its lifecycle, in the same way ISO 27001 specifies one for information security. Because it can be independently audited and certified, it is on a path to become for AI what SOC 2 is for security: the credential a buyer or regulator asks for as shorthand for "this organization governs its AI properly." Early certified organizations include IBM, Anthropic, Microsoft, KPMG, and Changi Airport. For most organizations, this is the natural anchor for an assurance program. ## The dominant framework: NIST AI RMF The NIST AI Risk Management Framework, released in the United States in 2023, is voluntary but widely used as the shared vocabulary for AI risk. Its functions, govern, map, measure, and manage, give teams a common language, and a Generative AI Profile added in 2024 extended it to generative systems. It is increasingly referenced in US federal procurement and state-level rulemaking, so while it carries no penalties of its own, adopting it is fast becoming a practical expectation. ## The binding regulation: the EU AI Act The EU AI Act is the world's first binding, horizontal AI law, in force since August 2024 and applying in stages by risk level. Its early milestones have already landed: prohibited practices and AI literacy obligations from February 2025, and obligations for general-purpose AI models from August 2025. The later and more demanding milestones, however, have moved. A 2025 to 2026 reform package known as the Digital Omnibus deferred them: the Article 50 transparency rules (including watermarking of synthetic content) to December 2026, the high-risk obligations for Annex III stand-alone systems to December 2027, and the high-risk obligations for AI in regulated products to August 2028. As of late June 2026, these revised dates had been agreed by the European Parliament and were awaiting formal adoption and publication in the Official Journal. > Editor's note: EU AI Act dates verified 27 June 2026. The Digital Omnibus revisions were approved by the European Parliament on 16 June 2026 and await formal adoption and Official Journal publication, expected in July 2026. Treat the deferred dates as agreed but not yet final. ## The gap: the withdrawn AI Liability Directive Alongside the Act, the EU had proposed an AI Liability Directive that would have eased the burden of proving causation when a high-risk AI system caused harm, through a rebuttable presumption of causation. The Commission withdrew that proposal in October 2025, and no replacement has been tabled. The practical effect is that, even as the EU regulates how AI may be built and deployed, the question of who is liable when it causes harm remains governed by existing national law rather than a harmonized AI-specific regime. ## The regional patchwork Outside the EU, most jurisdictions have so far preferred guidance and frameworks to binding AI statutes. - **United Kingdom.** A principles-led, regulator-by-regulator "pro-innovation" approach rather than a single AI Act. There is no binding AI law as of mid-2026; in October 2025 the government published a regulation "Blueprint" centered on an AI Growth Lab sandbox. - **Singapore.** AI Verify, a voluntary governance testing framework and open-source toolkit combining technical tests and process checks, widely used by vendors selling across ASEAN. - **Australia.** The National AI Centre's Guidance for AI Adoption, released in October 2025 with six essential practices (the "AI6"), updating the earlier Voluntary AI Safety Standard. The 2024 mandatory-guardrails proposal was not legislated; the December 2025 National AI Plan relies on existing law plus voluntary guidance and a new AI Safety Institute. - **Australia, prudential.** APRA's CPS 230 operational risk standard, effective 1 July 2025, does not name AI but captures it as operational and material service-provider risk, which is already driving internal demand for AI controls at Australian banks and insurers. - **New Zealand.** The Privacy Act 2020 governs AI that handles personal data, the voluntary Algorithm Charter covers public-sector use, and the national AI strategy "Investing with Confidence" (July 2025) sets an adoption-focused, principles-based direction with no new prescriptive regime. ## At a glance | Instrument | Type | Where | Status | | --- | --- | --- | --- | | ISO/IEC 42001 | Certifiable standard | Global | Published Dec 2023 | | NIST AI RMF | Voluntary framework | US | Active; GenAI Profile 2024 | | EU AI Act | Binding regulation | EU | In force; later dates deferred to 2026 to 2028 | | EU AI Liability Directive | Proposed regulation | EU | Withdrawn Oct 2025 | | UK approach | Non-statutory guidance | UK | Active; no binding Act | | AI Verify | Voluntary framework | Singapore | Active | | Guidance for AI Adoption (AI6) | Voluntary guidance | Australia | Released Oct 2025 | | APRA CPS 230 | Binding prudential standard | Australia | Effective 1 Jul 2025 | | NZ AI Strategy | Non-prescriptive strategy | New Zealand | Released Jul 2025 | ## How to use them The instruments are not alternatives to choose between; they layer. A workable approach for most organizations is to anchor on ISO/IEC 42001 because it is certifiable and globally recognized, use the NIST AI RMF for shared vocabulary and structure, and then, for each market you operate in, add the binding rule that applies, the EU AI Act in Europe, APRA CPS 230 for Australian prudential entities, and so on. Doing that well is also what makes the underlying AI systems insurable: the same evidence that demonstrates compliance is what underwriters increasingly want to see. Standards and regulation set the baseline that the rest of this reference builds on. The controls that satisfy them are covered in [What Is AI Assurance?](/learn/what-is-ai-assurance), the cover that sits on top in [What Is AI Insurance?](/learn/what-is-ai-insurance), and the way regulatory exposure fits the broader picture in [The AI Risk Stack](/learn/the-ai-risk-stack). ## Common questions **Is there a single AI standard or law to follow?** No. AI governance is a patchwork of voluntary standards and frameworks you can adopt, such as ISO/IEC 42001 and the NIST AI RMF, and binding regulations you must obey where they apply, most notably the EU AI Act. The practical task is knowing which actually bite where you operate and how they line up. **What is the difference between a standard and a regulation here?** A standard or framework is voluntary: you adopt it to organize and demonstrate good practice, and some, like ISO/IEC 42001, can be independently certified. A regulation is binding law that applies whether or not you opt in, with penalties for non-compliance. The EU AI Act is the leading example of binding AI regulation. **When does the EU AI Act take effect?** It entered into force in August 2024 and applies in stages. Prohibited practices applied from February 2025 and general-purpose AI obligations from August 2025. The 2025 to 2026 Digital Omnibus deferred the later milestones: transparency rules to December 2026, high-risk Annex III systems to December 2027, and high-risk AI in regulated products to August 2028. As of late June 2026 these revised dates were agreed by the European Parliament and awaiting Official Journal publication. **Which standard should I anchor an assurance program on?** For most organizations, ISO/IEC 42001 is the natural anchor because it is certifiable and internationally recognized, with the NIST AI RMF providing shared vocabulary. If you operate in the EU or sell into it, map those controls to the EU AI Act's binding requirements, and add the relevant regional rules for the markets you serve. Primary sources: - ISO/IEC 42001, AI Management System Standard: https://www.iso.org/standard/42001 - AI Risk Management Framework: https://www.nist.gov/itl/ai-risk-management-framework - Regulatory framework for AI (EU AI Act): https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai - AI Act, delayed application (Digital Omnibus, Parliament vote): https://www.europarl.europa.eu/news/en/press-room/20260323IPR38829/artificial-intelligence-act-delayed-application-ban-on-nudifier-apps - AI Liability Directive (withdrawn): https://www.europarl.europa.eu/legislative-train/theme-a-europe-fit-for-the-digital-age/file-ai-liability-directive - What is AI Verify: https://aiverifyfoundation.sg/what-is-ai-verify/ - Voluntary AI Safety Standard and Guidance for AI Adoption: https://www.industry.gov.au/publications/voluntary-ai-safety-standard - Prudential Standard CPS 230, Operational Risk Management: https://www.apra.gov.au/standards/cps-230 - Algorithm Charter for Aotearoa New Zealand: https://data.govt.nz/toolkit/data-ethics/government-algorithm-transparency-and-accountability/algorithm-charter --- # What Is AI Assurance? URL: https://airiskatlas.com/learn/what-is-ai-assurance Section: learn **AI assurance is the set of controls and evidence that justify trust in an AI system across its lifecycle.** It is the discipline that answers a simple question, "how do we know this AI is safe, accurate, and compliant enough to use?", with something better than a promise. Where [AI insurance](/learn/introducing-ai-assurance-and-ai-insurance) transfers the cost of failure, assurance works to prevent failure and to prove the system is trustworthy in the first place. In practice, "AI assurance" is an umbrella over several related activities, and a recognizable market has formed under it. This page maps the categories, names representative players in each, and explains where the market is heading. The vendor lists below are illustrative rather than exhaustive, and accurate as of mid-2026; this is a fast-moving category, and listings here are editorial, never paid. ## The five categories Most AI assurance tools and services fall into one of five buckets. Real products often span more than one, but the categories are a useful map. ### Evaluation and red-teaming The testing layer. Evaluations measure how a model performs on the things that matter: accuracy, bias, hallucination, and resistance to manipulation such as prompt injection and jailbreaks. Red-teaming is the adversarial version, deliberately trying to make a system misbehave so the weaknesses are found before an attacker or an accident finds them. Independent specialists here include Patronus AI and HiddenLayer. Notably, several of the security-focused names in this space have been bought by large cybersecurity vendors, a point we return to below. ### Governance platforms The organizational layer. Governance platforms keep track of which AI systems an organization runs, what policies apply, who is accountable, and how each system maps to regulations such as the EU AI Act or to a standard such as ISO/IEC 42001. They turn governance from a spreadsheet into a managed system. Examples include Credo AI, Holistic AI, Modulos, Saidot, and IBM's watsonx.governance, with established governance, risk, and compliance vendors such as OneTrust and ModelOp moving into the same territory. ### Observability and monitoring The production layer. Models do not stay still: their behavior drifts as the world and the data around them change, and new failure modes appear in live use. Observability tools watch a system in production and surface problems early, rather than after a loss. Fiddler, Arize, and Arthur are representative. This category has also seen consolidation, with TruEra absorbed into Snowflake and WhyLabs moving largely to an open-source model. ### Runtime guardrails The live-control layer. Guardrails sit between the user and the model and enforce rules in real time: blocking unsafe inputs, filtering or correcting unsafe outputs, and keeping an agent within agreed bounds. Where evaluation tests a system before deployment, guardrails act during every interaction. Guardrails AI, NVIDIA's NeMo Guardrails, and Trust3.ai are examples. ### Audit and certification The independent-verification layer. This is where an outside party checks a system or an organization against a recognized benchmark and issues a result others can rely on. The anchor is ISO/IEC 42001, the first certifiable international AI management standard, audited by accredited certification bodies such as BSI, Schellman, A-LIGN, and SGS. The Big 4 firms run substantial AI assurance practices, specialist algorithmic auditors such as BABL.ai operate here, and AIUC has introduced AIUC-1, which it positions as a "SOC 2 for AI agents" and pairs with insurance. ## What each category produces, and who buys it The categories differ less in subject than in the artifact they produce and the buyer they serve. Evaluations produce a test report, bought by the team shipping the model. Governance platforms produce a register and a compliance mapping, bought by risk, legal, and compliance functions. Observability produces a live dashboard and alerts, bought by the operations team that owns the system in production. Guardrails produce enforced policy at runtime, bought by the product team. Audit and certification produce an independent result, a certificate or an audit opinion, bought by leadership and shown to customers, regulators, and increasingly insurers. The unifying idea is evidence. Each category, in its own way, generates a record that lets someone outside the team trust the system without simply believing the people who built it. ## Where the market is heading: consolidation The clearest trend of the last two years is that security for AI is being absorbed into the major cybersecurity platforms rather than remaining a field of standalone tools. Cisco acquired Robust Intelligence in 2024 and folded it into its AI Defense product. Check Point acquired Lakera in 2025. Palo Alto Networks acquired Protect AI in 2025 and built it into its AI security portfolio. On the observability side, Snowflake acquired TruEra in 2024. For buyers, the signal is twofold. First, the category is maturing: assurance is becoming a feature of the platforms organizations already run, not only a set of point tools. Second, the independent specialists that remain, especially in evaluation, governance, and audit, are differentiating on neutrality and depth rather than on being the only option. Both points matter when you choose what to rely on. ## How assurance connects to insurance Assurance and insurance are two layers of the same response to AI risk. Assurance lowers how often and how badly things go wrong; insurance covers the loss when they go wrong anyway. The link between them is the evidence. The continuous record assurance produces, from pre-deployment evaluations through live monitoring, is exactly the input an insurer needs to price cover with confidence. This is the pattern that reshaped cyber insurance, where live security data became the basis for underwriting, and it is now being applied to AI. As the connection matures, strong assurance should translate into better and more available insurance. The companion pillar, [What Is AI Insurance?](/learn/what-is-ai-insurance), covers the risk-transfer side in detail, and [The AI Risk Stack](/learn/the-ai-risk-stack) shows how both map to each layer of risk. ## Common questions **What is AI assurance?** AI assurance is the set of controls and evidence that justify trust in an AI system across its lifecycle. In practice it spans evaluation and red-teaming, security, production monitoring, governance, and independent audit or certification. The common output is evidence that lets others rely on the system without taking the operator's word for it. **What are the main categories of AI assurance?** Five recurring categories: evaluation and red-teaming (testing accuracy, bias, and resistance to manipulation), governance platforms (policy, risk registers, and regulatory mapping), observability and monitoring (watching behavior in production), runtime guardrails (blocking unsafe inputs and outputs live), and audit and certification (independent checks against a benchmark such as ISO/IEC 42001). **Is AI assurance the same as AI security?** No, but they overlap. AI security focuses on protecting a system from attack and misuse, such as prompt injection or model theft, and is one input to assurance. Assurance is broader: it also covers accuracy, bias, governance, and compliance. Much of the security-focused tooling has recently been absorbed into larger cybersecurity platforms. **How does AI assurance relate to AI insurance?** Assurance produces the evidence that insurers increasingly use to price cover. The continuous record of how a system behaves, from evaluations through monitoring, is the underwriting input for AI insurance, much as security telemetry became the basis for modern cyber insurance. Primary sources: - ISO/IEC 42001, AI Management System Standard: https://www.iso.org/standard/42001 - AI Risk Management Framework: https://www.nist.gov/itl/ai-risk-management-framework - IBM watsonx.governance: https://www.ibm.com/products/watsonx-governance - Robust Intelligence is part of Cisco: https://www.cisco.com/site/us/en/products/security/ai-defense/robust-intelligence-is-part-of-cisco/index.html - Check Point acquires Lakera to deliver end-to-end AI security: https://www.checkpoint.com/press-releases/check-point-acquires-lakera-to-deliver-end-to-end-ai-security-for-enterprises/ - Palo Alto Networks completes acquisition of Protect AI: https://investors.paloaltonetworks.com/news-releases/news-release-details/palo-alto-networks-completes-acquisition-protect-ai - Snowflake acquires TruEra: https://www.snowflake.com/en/blog/snowflake-acquires-truera-to-bring-llm-ml-observability-to-data-cloud/ - AIUC and the AIUC-1 standard: https://aiuc.com/ --- # What Is AI Insurance? URL: https://airiskatlas.com/learn/what-is-ai-insurance Section: learn **AI insurance is cover for financial loss caused by an AI system.** That includes a bad output, an outright failure, or the liabilities that follow when an AI acts on someone's behalf and something goes wrong. It is the risk-transfer counterpart to [AI assurance](/learn/what-is-ai-assurance): assurance works to prevent and detect failures, while insurance pays for the ones that happen anyway. As covered in the [introduction](/learn/introducing-ai-assurance-and-ai-insurance), most organizations adopting AI at scale end up wanting both. The complication is that almost no existing line of insurance was designed for autonomous AI. So "AI insurance" today is really two things at once: the awkward way traditional policies respond when AI is involved, and a small, fast-growing set of products built specifically for AI risk. This page covers both, plus the gap between them. ## How AI breaks the existing lines Every major line of commercial cover was written for human mistakes or conventional software, and each responds uneasily to AI. - **Professional indemnity and technology errors and omissions.** These respond to negligent acts in providing professional services. They cannot cleanly answer whether operating an AI agent counts as providing a professional service, or whether a hallucinated output is a negligent act, a product defect, or neither. - **Directors and officers.** A new class of "failure to govern AI" claims is emerging, and securities regulators have signaled that AI can be a material disclosure issue. Some carriers are adding AI-specific carve-outs at renewal. - **Cyber.** Most cyber wordings are silent on AI misbehavior. This "silent AI" exposure is openly discussed in the reinsurance market, and newer wordings increasingly add explicit AI carve-outs. - **Product liability and general liability.** Jurisdictionally messy. The EU had proposed an AI Liability Directive to ease the burden of proving causation for high-risk AI, but the Commission withdrew that proposal in October 2025, leaving the question unsettled at EU level. - **Trade credit and surety.** Less obvious, but emerging as agents begin to initiate financial transactions autonomously. The thread running through all of these is **silent AI**: exposure hidden inside policies that were never priced or worded for it. Faced with that uncertainty, many insurers are doing the cautious thing and adding explicit AI exclusions, which protects the insurer but widens the gap in cover for the buyer. ## The new AI-specific products Into that gap, a distinct set of products has appeared. They are still narrower than the full risk, but they are real and the pace is picking up. - **Munich Re aiSure.** The longest-running example, offered since 2018. It is a performance guarantee that pays out when a model's measured performance falls below an agreed threshold, a parametric approach rather than traditional indemnity. In February 2026, Munich Re extended aiSure to AI vendors through a partnership with Mosaic Insurance, with up to USD 15 million in capacity, explicitly covering generative-AI errors and hallucinations. - **Armilla.** A managing general agent and the first Lloyd's coverholder dedicated to AI liability. Its standalone AI liability policy, launched in 2025, was expanded in January 2026 to limits of up to USD 25 million per organization. Armilla also launched "Vanguard AI" with Chaucer, a coordinated structure that combines cyber, technology errors and omissions, and standalone AI liability in a single placement to remove gaps and overlaps between them. - **AIUC and ElevenLabs.** The clearest public example of embedded AI cover. In February 2026, ElevenLabs went live with insurance for its AI agents enabled by certification to AIUC's AIUC-1 standard, covering failures such as hallucinations, prompt injection, unauthorized actions, and incorrect advice. This is the pattern where assurance and insurance fuse: the certificate is what unlocks the cover. - **Vouch.** A standalone AI insurance product aimed at startups and AI companies, covering areas such as AI errors and omissions, bias and discrimination, hallucinations, intellectual property infringement, and regulatory exposure. - **Hyperscaler-led programs.** A distinct model in which a cloud provider arranges affirmative AI cover for failures of its own AI services, with capacity from established carriers. These programs point to a future where cover travels with the platform rather than being bought separately. ## The shape of the gap Two things stand out about the market as it exists today. First, the most valuable product is still largely missing: cover that wraps assurance evidence directly, and that prices on the continuous data about how a system behaves rather than on an annual proposal form. The building blocks exist, the AIUC-1 and aiSure models point at it, but a mature, widely available version does not yet. Second, and revealingly, demand right now is driven less by a single famous AI loss than by carriers retreating. As insurers add AI exclusions to existing policies, buyers discover gaps in cover they assumed they had, and go looking for something to fill them. The gap, in other words, is being created from the supply side as much as the demand side. That is a familiar pattern in emerging insurance categories, and it usually precedes a faster build-out once a high-profile loss or a regulatory trigger arrives. ## Who underwrites and who distributes AI insurance runs through the same machinery as any specialty line. Primary carriers and managing general agents write the cover; Lloyd's syndicates and coverholders provide a structured route to capacity; reinsurers stand behind the carriers and increasingly shape the terms through treaty language on AI and accumulation; and brokers place the risk. What is new is how often assurance providers sit alongside this chain, supplying the evidence that makes a risk underwritable in the first place. The [Landscape](/landscape) maps these players by category and by region. ## Where this connects AI insurance is one layer of a larger picture. The risks it prices are organized in [the AI risk stack](/learn/the-ai-risk-stack), and what an insurer will cover and at what price increasingly depends on the assurance evidence described in [What Is AI Assurance?](/learn/what-is-ai-assurance) and on the [standards and regulations](/learn/the-standards-landscape-explained) that set the baseline. Those companion pillars go deeper on each. ## Common questions **What is AI insurance?** AI insurance is cover for financial loss caused by an AI system, whether from a bad output, a failure, or the liabilities that follow. It includes both AI-specific products and the way existing lines such as professional indemnity, cyber, and directors and officers respond, or fail to respond, when AI is involved. **Does my existing business insurance cover AI?** Often not cleanly. Most traditional policies were written for human error or conventional software and respond awkwardly to AI failures. Many insurers have added explicit AI exclusions to cyber and other lines, so cover that buyers assume exists may have been carved out. Check the wordings rather than assume. **What AI-specific insurance products exist today?** A small but growing set. Munich Re's aiSure has offered AI performance guarantees since 2018. In 2026, AIUC-1-backed cover went live with ElevenLabs, and managing general agents such as Armilla write standalone AI liability policies through Lloyd's. Vouch offers AI cover aimed at startups, and hyperscaler-led programs are emerging. Available cover is still narrower than the risk. **What is the silent AI problem?** Silent AI is AI-related exposure hidden inside policies that were never priced or worded for it. A cyber or professional indemnity policy may neither clearly cover nor clearly exclude an AI failure, leaving insurers with unintended exposure and buyers with uncertain protection. Insurers are responding by adding explicit AI language, often exclusions. Primary sources: - Insure AI (aiSure): https://www.munichre.com/en/solutions/for-industry-clients/insure-ai.html - Mosaic partners with Munich Re's aiSure to cover AI vendors: https://www.mosaicinsurance.com/underwriting/aisure/ - Armilla raises Lloyd's-backed coverage to USD 25M: https://www.armilla.ai/resources/armilla-ai-raises-lloyds-backed-coverage-to-25m-as-traditional-insurers-retreat-from-ai-risk - Chaucer and Armilla launch Vanguard AI coordinated insurance structure: https://www.chaucergroup.com/news/press-release-chaucer-and-armilla-ai-launch-vanguard-ai-coordinated-insurance-structure - ElevenLabs secures first-of-its-kind AI agent insurance: https://aiuc.com/research/elevenlabs-secures-first-of-its-kind-ai-agent-insurance - AI Insurance for startups: https://www.vouch.us/coverages/ai-insurance - EU AI Liability Directive (withdrawn): https://www.europarl.europa.eu/legislative-train/theme-a-europe-fit-for-the-digital-age/file-ai-liability-directive --- # The AI Risk Timeline URL: https://airiskatlas.com/landscape/the-timeline Section: landscape Updated: 2026-06-27 **This is a dated map of how AI risk became a discipline.** It tracks the moments that built the field across three threads, assurance and standards, regulation, and insurance, from the first AI cover in 2018 to the regulatory deadlines staged out to 2028. Dates are verified to primary sources as of June 2026; forward-looking dates are marked as scheduled. ## The foundations (2018 to 2023) - **2018.** Munich Re launches **aiSure**, an insurance-backed performance guarantee for AI models. It is the earliest widely cited AI insurance product and, for years, close to the only one. - **January 2023.** NIST releases the **AI Risk Management Framework** in the United States, giving the field its first widely adopted shared vocabulary for AI risk. - **December 2023.** **ISO/IEC 42001** is published, the first certifiable international standard for managing AI. It sets the trajectory toward AI governance becoming an auditable credential. ## The frameworks land (2024) - **February 2024.** Armilla raises a seed round to build AI-specific insurance, an early signal of venture interest in the category. - **July 2024.** NIST adds a **Generative AI Profile** to the AI RMF, extending it to the systems then driving adoption. - **August 2024.** The **EU AI Act** enters into force, the world's first binding, horizontal AI law, with obligations staged over the following years. - **September 2024.** Cisco acquires Robust Intelligence, an early move in what becomes a wave of security-for-AI consolidation. ## Regulation and the market take shape (2025) - **February 2025.** The EU AI Act's **prohibited practices** and AI literacy obligations begin to apply. - **April 2025.** Armilla launches a **standalone AI liability policy** as a Lloyd's coverholder, one of the first of its kind. - **1 July 2025.** Australia's **APRA CPS 230** operational risk standard takes effect, capturing AI as operational and service-provider risk. - **July 2025.** **AIUC** emerges from stealth to build a standard-plus-insurance stack for AI agents; New Zealand publishes its national AI strategy, "Investing with Confidence." - **August 2025.** The EU AI Act's obligations for **general-purpose AI models** begin to apply. - **Q4 2025.** Security-for-AI consolidation accelerates: Palo Alto Networks completes its acquisition of Protect AI, and Check Point acquires Lakera. - **October 2025.** The EU **withdraws its proposed AI Liability Directive**, leaving the question of liability for AI harm to existing national law. Australia releases its **Guidance for AI Adoption** (the "AI6"), and the UK publishes a regulation "Blueprint" centered on an AI Growth Lab. ## The market accelerates (2026) - **January 2026.** Armilla expands its AI liability cover to limits of **up to USD 25 million** per organization. - **February 2026.** **ElevenLabs** goes live with AI-agent insurance backed by certification to the **AIUC-1** standard, the clearest public example of embedded AI cover. In the same month, Munich Re extends aiSure to AI vendors through a partnership with **Mosaic Insurance**. - **May 2026.** **Coalition and Allianz Commercial** expand their partnership, with Allianz transferring portions of its standalone cyber book to Coalition, a reminder of the active-risk-intelligence model that AI insurance is now borrowing. - **June 2026.** The European Parliament approves the **Digital Omnibus** package, deferring the EU AI Act's later deadlines. ## What is ahead (scheduled) These dates reflect the EU AI Act as revised by the Digital Omnibus, agreed by the European Parliament in June 2026 and awaiting Official Journal publication. - **December 2026 (scheduled).** EU AI Act **transparency obligations** (Article 50), including watermarking of synthetic content. - **December 2027 (scheduled).** EU AI Act **high-risk obligations for Annex III** stand-alone systems. - **August 2028 (scheduled).** EU AI Act **high-risk obligations for AI in regulated products** (Annex I). Either of two events, a regulatory change that compels AI insurance or a high-profile reported AI loss, would likely accelerate the market well ahead of these dates. That is the pattern across every emerging insurance category of the last fifty years. ## How to read this The three threads move together. Standards and regulation set the baseline; assurance tooling matures to meet it; and insurance follows once the risk is measurable and the demand is real. For the disciplines behind the dates, see [What Is AI Assurance?](/learn/what-is-ai-assurance), [What Is AI Insurance?](/learn/what-is-ai-insurance), and [The Standards Landscape Explained](/learn/the-standards-landscape-explained). The [Landscape](/landscape) directory maps the players by category and region. ## Common questions **When did AI insurance start?** Munich Re launched its aiSure AI performance guarantee in 2018, making it the earliest widely cited AI insurance product. The market stayed small until 2025 and 2026, when standalone AI liability policies, embedded agent cover, and hyperscaler-led programs appeared in quick succession. **What are the key upcoming AI risk dates?** The main scheduled milestones are EU AI Act deadlines, as revised by the Digital Omnibus: transparency rules in December 2026, high-risk Annex III systems in December 2027, and high-risk AI in regulated products in August 2028. These dates were agreed by the European Parliament in June 2026 and await Official Journal publication. Primary sources: - Insure AI (aiSure): https://www.munichre.com/en/solutions/for-industry-clients/insure-ai.html - ISO/IEC 42001, AI Management System Standard: https://www.iso.org/standard/42001 - Regulatory framework for AI (EU AI Act): https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai - AI Act delayed application (Digital Omnibus): https://www.europarl.europa.eu/news/en/press-room/20260323IPR38829/artificial-intelligence-act-delayed-application-ban-on-nudifier-apps - ElevenLabs secures first-of-its-kind AI agent insurance: https://aiuc.com/research/elevenlabs-secures-first-of-its-kind-ai-agent-insurance - Coalition and Allianz Commercial expand global cyber partnership: https://www.coalitioninc.com/announcements/coalition-and-allianz-commercial-expand-strategic-global-cyber-insurance-partnership --- # When Does AI Insurance Become Required? URL: https://airiskatlas.com/analysis/when-does-ai-insurance-become-required Section: analysis **AI insurance is optional until something makes it unavoidable.** Today, with narrow exceptions, no one is obliged to buy it, and the cover that exists is bought defensively, often because an insurer has just carved AI out of a policy a business assumed it had. The interesting question is not whether AI insurance exists. It does, as the companion page on [AI insurance](/learn/what-is-ai-insurance) lays out. The question is when it stops being a nice-to-have and becomes table stakes. The argument here is that the shift is decided by one of two catalysts, and that watching for them is more useful than watching product launches. This is an analysis piece, a reasoned view rather than a settled fact, and it ends with the case against its own thesis. ## The pattern in emerging insurance New lines of insurance tend to follow the same arc. They begin as a niche product few buyers take seriously, sit quietly for years while the risk is debated, and then cross rapidly into the mainstream when a specific trigger arrives. Cyber insurance is the clearest modern example: it existed for two decades as a specialty curiosity before a wave of high-profile breaches and ransomware, combined with tightening expectations from regulators and counterparties, turned it into something most serious organizations are now expected to carry. The model that defined modern cyber underwriting, pricing on live risk data rather than an annual form, has since proven durable enough that in 2026 Allianz Commercial moved much of its standalone cyber book to Coalition, the company most associated with that approach. The lesson is that categories do not drift into being required. They are pushed, by an identifiable event. For AI insurance, there are two candidate pushes. ## Catalyst one: regulation that compels it The cleanest trigger is a rule that requires AI cover for some defined activity, the way professional indemnity is mandatory for certain licensed professions, or motor third-party cover is mandatory to drive. A regulator deciding that organizations deploying high-risk AI must carry insurance against the harm it causes would convert the entire addressable market overnight from voluntary to obligatory. Nothing of that kind exists yet. The most developed AI regulation, the EU AI Act, governs how AI may be built and deployed but does not mandate insurance, and the EU went the other way on liability, withdrawing its proposed AI Liability Directive in 2025. But the building blocks are accumulating: prudential regulators are already treating AI as operational risk, and the more that high-risk AI obligations bite, the smaller the step to requiring financial backing for the residual risk. This catalyst would most likely arrive sector by sector, in regulated industries first. ## Catalyst two: a loss that reprices the risk The second trigger is behavioral rather than legal: a large, public, clearly attributable AI loss. Not a near-miss or a quiet settlement, but an incident visible enough that boards, customers, and counterparties start treating AI cover as essential without waiting to be told. One such event resets the perceived probability of AI harm for everyone, and demand follows fear faster than it follows regulation. What is striking about the market in 2026 is that this has not yet happened. The growth in AI cover so far is driven not by a famous loss but by carriers retreating, adding AI exclusions to existing policies and leaving buyers to plug the gap. That is real demand, but it is the cautious kind. A genuine headline loss would be a different order of catalyst. ## What to watch If the thesis is right, the useful signals are not product announcements but precursors to the two catalysts: regulators consulting on AI financial-assurance or insurance requirements, especially in regulated sectors; standardized AI exclusions spreading across mainstream policy wordings; reinsurers publishing accumulation and "silent AI" guidance that tightens what primary carriers will write; and, of course, any large AI incident that crosses from trade press into general news. The first organizations to treat AI insurance as required will be those most exposed to whichever catalyst fires first. ## The case against In the interest of not believing my own argument too easily, here is the counter-case. AI insurance may never become a discrete "requirement" at all. It could instead be absorbed silently into existing lines, so that AI risk ends up covered, or excluded, inside cyber and professional indemnity policies without anyone buying a product called AI insurance. It could become embedded by default, bundled into AI platforms and services the way the [AIUC-1-backed cover for ElevenLabs](/learn/what-is-ai-insurance) is attached to a product rather than purchased separately, in which case the buyer never makes a deliberate decision to be insured. Or the risk could prove more manageable than feared, with [assurance](/learn/what-is-ai-assurance) controls maturing fast enough that the residual exposure stays small and cover stays genuinely optional. Each of these is plausible, and each would make "when does it become required" the wrong question. ## The practical takeaway For most organizations the honest answer today is: not yet, but watch the catalysts, not the brochures. AI insurance becomes required the moment a regulator says so or a loss makes the case for them, and the gap between those events and a scramble for cover is usually measured in weeks. The organizations that come through it well will be the ones that already understand their [AI risk stack](/learn/the-ai-risk-stack) and can show the assurance evidence underwriters will suddenly want, because the time to get insurable is before everyone else is trying to. ## Common questions **Is AI insurance required today?** Generally no. With narrow exceptions, AI insurance is optional, and adoption is driven more by carriers excluding AI from existing policies than by any mandate. That changes when one of two catalysts fires: a regulation that compels cover, or a high-profile loss that reprices the risk for buyers. **What would make AI insurance mandatory?** Two paths. The first is regulatory: a rule that requires AI insurance for a market segment, the way professional indemnity is mandatory for some licensed professions. The second is behavioral: a large, public AI loss that makes boards and counterparties treat cover as essential even without a mandate. Historically, emerging insurance categories cross into table stakes on one of these triggers. Primary sources: - Coalition and Allianz Commercial expand global cyber partnership: https://www.coalitioninc.com/announcements/coalition-and-allianz-commercial-expand-strategic-global-cyber-insurance-partnership - AI risk and insurance (coverage gaps and AI exclusions): https://www.hubinternational.com/products/proex/the-advocate/2025/12/ai-risk-and-insurance/ - ElevenLabs secures first-of-its-kind AI agent insurance: https://aiuc.com/research/elevenlabs-secures-first-of-its-kind-ai-agent-insurance - Regulatory framework for AI (EU AI Act): https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai --- # Site pages These pages complement the reference above and can be read directly: - About: https://airiskatlas.com/about - Editorial standards and how we verify: https://airiskatlas.com/editorial-standards - Downloadable resources (checklists): https://airiskatlas.com/resources - MCP server (query the Atlas live): https://airiskatlas.com/mcp - Machine-readable protocol data: https://airiskatlas.com/data/protocols.json