A consultancy renewing its professional indemnity this spring found a new section on the renewal form. Questions about AI use, automated decision-making, and whether any AI system contributed to client decisions. The founder was unsure how to answer. They did not want to downplay AI use and risk a voidance claim later, but they did not know whether their existing cover already addressed any of this.
That uncertainty is where many AI insurance conversations stall. The right question is whether your current cover stack responds correctly to the risks AI introduces, and if not, what needs to change.
What choice are you actually facing?
For UK SMEs, AI insurance is better understood as a configuration question: do your existing professional indemnity, cyber liability, and technology covers respond correctly when an AI tool contributes to an error, a data breach, or an IP dispute? Specialist broker Latent puts it plainly: a sound AI insurance programme typically needs four or five policies working together, not a single purpose-built one.
The practical split is between two different positions. If you are using AI tools from third-party vendors, such as research assistants, document drafters, or client management software with AI features, you need to know whether those tools sit inside your existing wording. If you are building AI into your own products, fine-tuning models, or using AI to make decisions that directly affect clients, you are in a materially different position that calls for different cover and a different conversation with your broker. That one distinction drives the rest of the comparison.
When extending your existing covers is the right call
If your firm is primarily a non-technical services business using AI tools from third parties rather than building or reselling models, extending your existing professional indemnity and cyber covers with AI endorsements is often sufficient for now. That applies to agencies, accountancy practices, consultancies, and similar firms with revenues below roughly £5 million and no large regulated-sector clients demanding bespoke contractual wording.
The critical task is reading the wording, not just the headline limits. Renewal forms increasingly include AI-specific questions, and some policies quietly narrow cover through exclusions for automated decision-making, algorithmic errors, or use of unapproved tools. If your PI policy does not explicitly state that it covers work produced with AI assistance, including generative AI and third-party APIs, you may have a gap you have not noticed. The FSB Insurance Service notes that many off-the-shelf covers add AI-related exclusions at renewal without drawing attention to them.
Cyber cover warrants the same scrutiny. The NCSC’s 2023 guidelines on secure AI system development treat AI services as internet-connected SaaS with supply-chain risk. If staff paste client data into AI platforms, or if client data sits in a third-party AI tool, your cyber policy needs to cover those scenarios explicitly, not just traditional IT incidents.
When you need a dedicated tech or AI policy
If you build, fine-tune, or resell AI models, or if AI-enabled software is central to your service, standard PI and cyber endorsements are unlikely to cover your actual risk profile. The same applies if you serve regulated-sector clients in financial services or healthcare, where contracts typically require minimum limits and indemnity terms that off-the-shelf policies do not reach.
In that position, technology errors and omissions cover addresses model errors, downtime, and integration failures. Media and IP cover handles training data disputes and content generation claims. Law firms including Pinsent Masons publish useful introductory guidance on how the regulatory framework applies in this territory.
Two regulatory points sharpen this. The FCA’s Consumer Duty guidance confirms that using a third-party AI system does not reduce a regulated firm’s obligations to its customers. Regulated firms cannot pass liability to the model. The EU AI Act, which reached political agreement in March 2024, classifies high-risk AI systems, including many HR tools, credit scoring applications, and some insurance underwriting systems, as carrying obligations around risk management, data quality, and documentation. Fines reach €35 million or 7% of global turnover. For UK SMEs supplying EU clients, that exposure commonly sits outside standard policies.
The ICO also requires meaningful human involvement for automated decisions with legal or significant effects on individuals. Some policies now explicitly exclude liability where decisions are made solely by algorithms, with no genuine human check. If your workflow has that gap and your policy has that exclusion, a single contested decision could fall entirely outside your cover.
What does it cost to get this wrong?
The two failure modes look different on paper but feel the same when you are facing them. The first is a client claim your PI policy does not cover because an AI-specific exclusion quietly bars it. The second is a regulatory investigation where your cyber or legal expenses cover does not pick up the defence costs. Either way, the bill lands personally.
On the client side, a single matter involving AI-influenced advice can exceed a £1 million PI limit when errors affect multiple clients or cascade across a portfolio. For UK SMEs under £10 million in revenue, combined cyber and tech E&O limits of £1 million to £2 million typically cost in the low-to-mid four figures annually. Weak governance or prior incidents can double those premiums, according to broker data.
On the regulatory side, the ICO fined TikTok £12.7 million in April 2023 for failing to protect children’s data, a case explicitly linked to opaque algorithmic processing. For a small firm, a proportionately smaller fine plus remediation costs could be existential, particularly where the fine falls outside cover as a regulatory penalty. Cyber and PI policies commonly exclude statutory fines and regulatory penalties, including those under UK GDPR. If your policy is silent on this point, you are likely unprotected for the exposure that AI use most directly creates.
What to ask your broker before renewal
Premiums and headline limits are the wrong place to start the comparison. The questions that matter are which exclusions will bite first and whether your human oversight processes are strong enough to keep you on the right side of them. A broker who cannot answer specific questions about AI wording is the wrong broker for this conversation.
Ask whether your current PI and cyber policy explicitly covers work where AI tools contributed to advice or deliverables. Ask for any exclusions referencing algorithms, automated decision-making, machine learning, or discrimination, in writing, before you sign. Ask which parts of an ICO or FCA investigation into your AI use are covered, and under which policy.
For a first pass on the wording itself, AI-driven comparison tools such as Sonant AI can produce side-by-side summaries of exclusions and limits from uploaded policy documents. Browne Jacobson has written usefully on how these tools are shifting the insurance distribution market. They are a reasonable starting point, but they do not assess regulatory fit. No AI comparison tool will tell you whether your oversight processes satisfy the ICO’s meaningful human involvement standard, or whether EU client contracts bring AI Act obligations into scope.
The CMA’s April 2024 review of AI Foundation Models flagged concerns about opaque models and intermediary accountability. Insurers are watching the same picture. Wording will tighten as enforcement steps up. The time to compare carefully is at renewal, not after a claim reveals what you thought was covered.
