For the past several years, standard commercial general liability (CGL) policies neither mentioned AI nor excluded it. If an AI system caused harm, the claim fell into existing coverage categories: defamation, privacy violations, bodily injury, advertising injury. Carriers paid claims they never priced for. Enterprises collected coverage they never specifically purchased.
That ambiguity existed because carriers had not yet addressed AI in their policy language. Coverage was neither explicitly granted nor explicitly denied. Now carriers are resolving that ambiguity, and they are resolving it by excluding AI.
The exclusions are already appearing in 2026 renewals.
The CGL Endorsements
The Insurance Services Office (ISO) introduced two endorsements in early 2026 that allow carriers to explicitly address AI-related claims in standard CGL policies.
CG 40 47: Artificial Intelligence Exclusion. This endorsement gives carriers the option to exclude all claims arising from generative AI outputs. Defamation from AI-generated content, privacy violations from AI data handling, copyright infringement from AI-produced material, bodily injury or property damage caused by AI recommendations: a single endorsement carves out all of it.
CG 40 48: Generative Artificial Intelligence Exclusion (Coverage B Only). A narrower exclusion. While CG 40 47 excludes AI claims from both Coverage A (bodily injury and property damage) and Coverage B (personal and advertising injury), CG 40 48 applies the exclusion only to Coverage B. Carriers using CG 40 48 exclude AI-related personal and advertising injury claims while retaining Coverage A for bodily injury or property damage.
Before these endorsements, AI claims fell into general coverage by default. Now carriers choose: exclude AI broadly across both coverage parts, exclude it from personal and advertising injury only, or develop standalone AI coverage products. Industry analysts expect that the majority of carriers will adopt some form of these exclusions.
The practical consequence for enterprises is straightforward. Check your 2026 CGL renewal. If your carrier has adopted CG 40 47, all AI-related claims under your CGL are excluded. If they have adopted CG 40 48, your personal and advertising injury coverage for AI is excluded while bodily injury and property damage coverage remains intact.
The Pattern Extends Beyond CGL
The CGL endorsements are the most visible change, but the same correction is happening across D&O and E&O coverage lines. AIG, W.R. Berkley, and Great American are among carriers that have sought regulatory clearance for AI-specific exclusions in management liability policies. W.R. Berkley's exclusion language is broad enough to bar coverage for any claim arising from the use, deployment, or development of artificial intelligence, regardless of whether the model was company-owned or third-party. E&O carriers are beginning to scrutinize AI-assisted professional services, with some excluding or sublimiting AI-related claims. The pattern is consistent: carriers that priced these policies before AI deployment became common have no actuarial basis for absorbing AI-related losses, so they are carving them out.
The Vendor Liability Gap
Most enterprises do not build their own AI models. They license them from OpenAI, Anthropic, Google, or industry-specific providers. The liability chain that results is where coverage gaps become most painful.
An enterprise deploys a vendor's model for customer-facing decisions. The model produces a discriminatory outcome. The affected customer sues the enterprise, not the vendor. The enterprise's E&O carrier reviews the claim, finds the enterprise relied on a third-party model without independent validation or ongoing supervision, and denies the claim under the third-party AI exclusion.
The enterprise holds liability for a model it did not build, trained on data it did not select, producing outputs it did not fully understand. Vendor contracts typically limit liability to the contract value. Enterprise exposure has no such ceiling.
Governance as an Underwriting Requirement
The convergence of these exclusions with the emergence of governance-based underwriting creates a clear incentive structure. Enterprises with documented AI governance programs, including model registries, continuous monitoring, bias audits, and incident response protocols, gain access to coverage that ungoverned enterprises cannot obtain. They qualify for higher limits and face fewer exclusions.
The evidence that carriers evaluate:
- Model inventory and classification. What AI systems does the enterprise operate? What decisions does each system influence? An enterprise that cannot produce a current model inventory signals unmanaged risk.
- Supervision and monitoring. Continuous monitoring of model performance, drift, bias, and usage patterns demonstrates operational governance. Quarterly batch reports do not meet the standard that governance-aware carriers expect.
- Audit trails. When a claim arises, the enterprise needs evidence of what the model did, why it did it, and what supervision was in place at the time. Without audit trails, the enterprise cannot prove it met the conditions for coverage.
- Incident response. Documented procedures for detecting, escalating, and remediating AI failures. Carriers view incident response capability as evidence that the enterprise takes AI risk seriously in operations, not just on paper.
What to Do Now
Review your current coverage. CGL, D&O, and E&O policies renewed in 2026 may contain AI exclusions that prior renewals did not. If your carrier has attached CG 40 47 or CG 40 48, understand exactly which coverage parts are affected and what exposure remains uninsured.
Build the governance infrastructure that coverage now requires. Model registries, continuous monitoring, bias testing, and audit trails are no longer optional elements of a mature AI program. They are prerequisites for obtaining and maintaining coverage.
Address the vendor liability gap. If your AI systems depend on third-party models, your insurance strategy must account for the coverage gap between vendor contract limitations and your enterprise exposure. Independent validation and supervision of vendor models is both a governance best practice and an insurance requirement.
The transition from ambiguous AI coverage to explicit AI underwriting is happening now. Carriers are pricing AI risk, and governance is the primary variable that determines whether that pricing works in your favor. Enterprises still operating without governance infrastructure will find, when an AI-related claim arrives, that the coverage they assumed they had does not exist.
