Insuring the Emerging AI Regulatory Landscape

The lack of a comprehensive federal framework governing business use of artificial intelligence (AI) has resulted in a patchwork of state regulations addressing AI-related risks. Multi-state and national companies of different sizes and within diverse industries must navigate this increasingly complex and fragmented risk landscape.

Although Utah was the first state to pass AI-focused consumer protection legislation in March 2024, Colorado was the first to enact comprehensive AI-related legislation two months later. California soon followed with its own set of AI regulations.

Since then, most states have introduced a range of legislative proposals, with 38 states adopting or enacting AI measures this year, according to the National Conference of State Legislatures. In many cases, the various AI regulations differ in terms of focus, scope, enforcement and timing.

The combination of inconsistent AI regulations and varying cyber insurance policies creates potential financial risk for businesses. Companies face the threat of severe financial losses from incidents that may not be covered by their insurance. To address these challenges, QBE North America recently introduced an AI-focused cyber insurance endorsement to address emerging risks. The endorsement provides affirmative regulatory coverage absorbing the costs of fines, penalties and legal defense for AI violations emanating from evolving regulations.

As businesses adopt more AI solutions, they are increasingly exposed to risks across multiple fronts. An example is LLMjacking, a cyberattack where stolen credentials are used to access cloud-hosted large language models (LLMs). Once accessed, threat actors exploit the host entity’s computing resources for malicious purposes. The endorsement provides coverage for the increased cloud service fees and the costs to retrain damaged models.

It is critical that businesses thoroughly review the security posture of the AI tools that are being implemented. The World Economic Forum recently stated that the implementation of AI tools and solutions is occurring in most organizations “without the necessary security safeguards,” with only 37% of companies assessing AI risks prior to deployment.

The federal government likely will need to pass wide-ranging legislation that balances innovation with managing the potential risks. The European Union has drafted such comprehensive regulations in its Artificial Intelligence Act, which comes into effect in 2026 in varying stages, with compliance for high-risk AI systems due by August 2027.

It’s crucial that corporate risk managers work closely with their insurance partners to assess and manage the breadth of their organization’s AI compliance risks, securing comprehensive cyber insurance solutions that keep pace with rapid AI innovations and regulations.  

QBE makes no warranty, representation, or guarantee regarding the information herein or the suitability of these suggestions or information for any particular purpose. QBE hereby disclaims any and all liability concerning the information contained herein and the suggestions herein made. Moreover, it cannot be assumed that every acceptable risk transfer procedure is contained herein or that unusual or abnormal circumstances may not warrant or require further or additional risk transfer policies and/or procedures. The use of any of the information or suggestions described herein does not amend, modify, or supplement any insurance policy. Consult the actual policy or your agent for details about your coverage. QBE and the links logo are registered service marks of QBE Insurance Group Limited. © 2025 QBE Holdings, Inc.