‘Mandate to dictate whether AI should be covered or not’ via insurance on the cards – Lockton

Regulatory action mandating whether artificial intelligence (AI) related activities or processes are covered – or not – within certain insurance policies is expected “sooner or later” because this risk has the potential to “touch every single line of insurance”, according to Carlo Ramadoro, head of cyber and technology insurance at broker Lockton.

Speaking at trade association Airmic’s The Risk Forum conference on 11 February 2026, Ramadoro unpicked the current confusion that risk managers may experience when checking whether cover for AI related activities is included within their existing risk transfer programme.

He said: “The common perception is that AI is a technology risk and it’s covered by a technology errors and omission (E&O) policy or a cyber policy. However, AI is present in every line of insurance.

“[For example,] property may be affected by AI – there are some sprinklers that are powered by AI. What if they don’t go off, then you have a fire? Does the [property] policy cover [this risk] or not? It’s technically a fire that originated from the unavailability of the AI system.

“AI is present in product liability, in professional indemnity (PI). If you’re a law firm and you use AI to do contract reviews, what if it doesn’t pick up something? Is [this a PI risk or not?]

“And then you have the big, broad brush of cyber. There’s an element of AI covered in cyber [policies], which relates to data and the unavailability of systems and downtime, business interruption, supply chain management – so there’s definitely [some coverage available], but [AI risks have the potential to impact] a lot of policies.”

Lloyd’s of London attempted to nip this grey area in the bud back in 2019 when it issued a mandate for all syndicates to remove silent cyber from their policies – where cover may unintentionally be provided within non-cyber-centric policies due to looser terms and conditions.

Instead, the market required syndicates to clearly affirm or exclude cyber risks within policies wordings. The implementation of this mandate commenced from January 2020.

Ramadoro continued: “Sooner or later, there’s going to be some mandate to dictate whether AI should be covered or not in certain policies because it could touch every single line of insurance.

“In my opinion, [carriers] shouldn’t exclude [AI] from policies. It should affirmatively state whether and what coverage is available under certain policies.”

Despite this stance, Ramadoro believes the London market is still “a bit far away” from the provision of a standalone “all risk AI policy” – although there is undoubtedly “room” for such coverage.

He added: “There’s no real exclusion [of AI] on each policy at the moment. There are some, but not on every single line of business. So, when [AI exclusions start] creeping in, I think [then] there’s going to be room to create something different [in terms of a standalone AI policy]. A multiline product [will] not necessarily [be] easy to create, but I think [this is doable] in the future as [AI] becomes more prominent in everyone’s lives.”

Setting boundaries

Describing the AI risks within the life sciences sector – which includes pharmaceutical businesses, medical facilities, research and development centres and manufacturing plants, for example – Ramadoro referenced data privacy, data processes and data analytics as all being high on the risk agenda.

Other potential risks include robotics being used in manufacturing processes, regulatory requirements around AI, supply chain failure linked to a partner’s use of AI and overdependency on AI tools overall, with humans being taken too far out of the loop.

Data privacy is a particular risk for health and pharmaceutical related businesses because of the potential for AI to ingest personal health data.

This threat brings governance practices into sharp focus, Ramadoro said.

“The governance of companies around the utilisation of AI is possibly the most important thing in any industry, but especially in an industry that touches a lot of data,” he added. “Understanding where AI is utilised within the company and [understanding] the governance around this [is] key.

“In large organisations, there’s many different departments, many different people that have access to AI software [and] tools. The communication between those departments of people is going to be absolutely key because you can have AI in marketing and legal, you can have it literally wherever. It’s important for communication and collaboration within companies.

“The risk management function is probably the quarterback around the whole of the company in managing that risk and making sure that people communicate within companies and there’s a general awareness of risk [around] AI.”