Downloadable resources

Free, practical tools for getting a grip on AI risk. Use them on this page, download the Markdown to keep or adapt, or print the page to PDF. All are offered under a Creative Commons Attribution (CC BY 4.0) license, so reuse them with attribution.

AI assurance readiness checklist

A checklist to assess whether your organization can show its AI is trustworthy, organized by the five layers of the AI risk stack. Work top to bottom; the lower layers are foundational.

1. Model risk

• Every AI system has a documented evaluation covering accuracy, bias, and known failure modes
• You red-team for prompt injection, jailbreaks, and unsafe outputs before deployment
• You test against a recognized catalog of failure modes (for example the OWASP Top 10 for LLM Applications)
• You re-evaluate on a schedule, not only at launch, to catch model drift
• Runtime guardrails filter or block unsafe inputs and outputs in production

2. Operational risk

• Each AI system has an owner and a defined business process it sits in
• You monitor live behavior and have alerting for anomalies
• You have an incident response plan specific to AI failures
• You track which foundation-model providers you depend on and your concentration risk
• Human-in-the-loop checks exist where automation operates at scale

3. Governance risk

• There is a named accountable owner for AI governance
• You maintain an inventory or register of AI systems in use
• AI use is covered by written policy mapped to the regulations that apply to you
• You are aligned to, or certified against, a recognized standard (ISO/IEC 42001 or the NIST AI RMF)
• Leadership receives regular reporting on AI risk

4. Liability and legal risk

• Contracts allocate responsibility for AI harm across providers, integrators, and customers
• You retain documentation and assurance evidence sufficient to defend a claim
• You have assessed regulatory exposure (for example the EU AI Act) for the markets you serve
• You have considered intellectual-property risk in AI outputs

5. Reputation and trust risk

• You can detect and respond to a visible AI failure quickly
• You disclose AI use where appropriate and where regulation requires it
• You have prepared communications for an AI incident

AI insurance buyer's checklist

Questions to work through before you assume you are covered for AI risk, or buy a product to fill the gap. Pairs with What Is AI Insurance?

Know your exposure

• You have mapped where AI can cause you financial loss (bad outputs, failures, downstream liability)
• You know which of your AI systems are highest risk and why
• You have quantified, even roughly, the size of a plausible AI loss

Check existing policies for silent AI

• You have read your PI, technology E&O, D&O, and cyber wordings for AI language
• You know whether each policy covers, excludes, or is silent on AI-caused loss
• You have asked your broker or insurer to confirm AI treatment in writing
• You have checked for new AI exclusions added at the last renewal

Evaluate AI-specific products

• You understand what each candidate product actually covers and excludes
• You know whether it is indemnity, parametric, warranty, or embedded cover
• You have checked the limits and the carrier or MGA standing behind it
• You understand how a claim would be triggered and proven

Connect assurance to cover

• You can produce the assurance evidence an underwriter will ask for
• You understand that stronger assurance should mean better terms and availability
• You have aligned to a standard insurers recognize (for example ISO/IEC 42001)

The buying decision

• You have weighed transferring the risk against reducing it, and chosen a mix
• You have a view on whether to act now or wait, given mandates or a major loss could move the market quickly
• You have a named owner for AI insurance decisions
• You will re-check cover as your AI footprint and the regulatory picture change

Tip: use your browser's Print, then "Save as PDF", to keep a clean copy of either tool. More machine-readable resources are listed on the About page.