D&O Insurance in the age of AI

Dear Friends of Trewstar,

We continue our work on our new concept, Trewtech: technology oversight for corporate boards. Note: no lengthy and challenging board refreshment required. One often overlooked aspect to the fast-changing technology landscape is the board’s D&O policy. It is awkward in the middle of a packed board meeting agenda to take time to ask probing questions about D&O coverage. After all, it's not a riveting topic and most directors assume they'll never need their D&O policy, or that the General Counsel has it handled.

But things are changing... It has not gone unnoticed by insurers that technology risk is one of the harder topics for boards to get their arms around.

For an up to date look at some of the trends in the D&O world, we asked our friend Kate Sampson a few questions…
 
1. Are directors protected under their current policies if shareholders sue over AI‑related decisions?
 
Kate: Historically yes, but the window of assumed coverage is closing. Traditional D&O policies generally cover allegations that a board failed to oversee management, failed to disclose material risks, or mismanaged the business. Right now, that typically includes AI oversight.
 
However, that protection is eroding fast. Carriers have introduced absolute AI exclusions in General Liability policies and we are seeing AI exclusions in Directors & Officer (D&O) policies—exclusions that can eliminate coverage for any claim arising out of AI development, deployment, or oversight.For example, a company whose AI model produces a flawed output that injures a customer, or whose board failed to disclose known AI risks to shareholders, could find that a newly-added exclusion leaves them without coverage when they need it. The market is evolving. On the flip side, we are also seeing carriers introduce D&O and E&O (Error & Omissions) coverage forms with favorable, affirmative AI language.
  
Directors should be diligent. New endorsements (written amendments that modify the terms of a policy) may be included at renewal carving out coverage. Good Brokers and insurance advisors are typically addressing this developing trend, but now is a great time to ensure the GC and the board is scrutinizing every renewal.
 
2. How do boards prove proper AI oversight?
 
Kate: Documentation is everything. From a defensibility standpoint, good intentions don’t matter nearly as much as records. Boards demonstrate proper governance through:

• Clear risk disclosure about how AI is used and what could go wrong
• Board or committee minutes reflecting regular discussions of AI’s use and risks
• Evidence of expertise, including when outside advisors are engaged
• Consistency between public disclosure and actual practice: Disclosure tells investors what could go wrong. Oversight is what keeps it from going wrong. Boards need both.

3. What type of insurance should companies have for AI risk?
 
Kate: Until recently, there was no such thing as “an AI policy.” AI doesn’t sit neatly in one bucket and its risks cut across the entire enterprise. Boards should expect it to cut across multiple insurance lines as well, including:

• D&O insurance for shareholder claims tied to oversight and disclosure
• Cyber insurance for AI‑enabled data breaches or misuse
• E&O / Professional Liability insurance for AI‑driven products or services
• Employment Practices Liability Insurance (EPLI) if AI is used in hiring, promotion, or termination decisions

Standalone AI Liability policies, with limits from $2M to $50M are starting to emerge for companies that need affirmative AI coverage to fill the gap should standard policies exclude AI. Special attention must be paid to the priority of coverage and other insurance clauses to make sure the policies will interact as intended. Note: Keep in mind, Side A coverage — which protects individual directors directly when the company is unable to indemnify them — should be a non-negotiable part of any D&O program.

Directors need to make sure the company is buying insurance that actually maps to their AI exposures and that its advisors are current on the affirmative AI coverage available and exclusions being introduced. The pace of market change means additional diligence is warranted. It might be prudent to invite the broker to present directly to the board at D&O renewal time.

4. Are there real‑world examples boards should be watching?
 
Kate: The litigation phase has started. Workday faced a federal class action alleging its AI-driven hiring tools discriminated against applicants by race, age, and disability. Getty Images sued Stability AI for training its image-generation model on millions of copyrighted photographs without permission. And multiple AI companies have faced securities class actions from shareholders alleging they overstated their AI capabilities in public disclosures.
 
AI-related securities class actions have also been filed, alleging misleading statements about AI capabilities. Copyright cases involving LLM training data have already settled for significant sums. Discrimination class actions over algorithmic bias in hiring are moving through federal courts. Historically, governance failures surface first, and liability follows.
 
5. Are policies related to AI evolving the way they did for other new concepts, say, cyber risk?
 
Kate: Yes—but faster, and with more serious consequences. Like cyber, AI is a fast‑moving innovation, where underwriters are struggling to price exposure. The crucial difference is systemic risk. If one model is used everywhere and something goes wrong, it could be an unquantifiable exposure for insurers.
 
Gartner predicts that by 2030, insurers will require companies to demonstrate mature AI governance practices before granting affirmative AI coverage. This means good governance won’t just protect you from liability, it will determine whether you can get insurance at all, and at what price.
 

We are grateful to Kate for spending time with us on this tricky topic.

Our takeaway from conversations with Kate and other insurance experts is that proper AI risk oversight comes back to process. Management teams need the ability to surface, evaluate, and disclose risks to the board. And boards need sufficient expertise to engage in thoughtful discussions which demonstrate their ability to oversee evolving AI risks and opportunities. 

 All the best,

Beth Stewart & The Trewstar Team