Author: Jeffrey J. Meagher, Andrew D. Connelly of K&L Gates - K&L Gates HUB
Original Article here.
On 27 December 2023, The New York Times filed a lawsuit against OpenAI and Microsoft alleging copyright infringement in connection with OpenAI’s popular ChatGPT technology. This lawsuit is part of the first wave of artificial-intelligence-related lawsuits that have targeted some of the biggest technology companies in the world and some of the best-known artificial intelligence (AI) products on the market. The next wave of AI-related lawsuits will likely target companies and products that are less well known as businesses around the world race to incorporate AI into their products and services. This article discusses the new frontier of insurance for AI risks with that next wave of litigation in mind.
The first wave of AI-related lawsuits has primarily alleged invasion of privacy, copyright infringement, and defamation claims. This was discussed in our alert Recent Trends in Generative Artificial Intelligence Litigation in the United States | HUB | K&L Gates (klgates.com). The next wave of lawsuits will likely involve a different set of risks. The use of generative AI by cybercriminals, for example, is expected to lead to a significant increase in highly sophisticated cyberattacks. The use of generative AI in the healthcare sector is expected to lead to privacy litigation and regulatory enforcement actions. And the use of generative AI in other sectors of the economy will inevitably lead to mistakes that cause economic harm, property damage, and bodily injury.
The good news for policyholders is that existing insurance policies may protect them against many of the risks posed by AI.
Cyber insurance policies provide coverage for first-party losses and third-party liabilities arising out of cyber incidents like network security events, data breaches, and ransomware attacks, but many cyber policies also provide coverage for lesser-known exposures like regulatory liability and media liability that could prove important in our new AI-powered world. While the specific terms vary from policy to policy, regulatory liability insuring agreements generally provide coverage for defense costs and penalties arising out of regulatory investigations and enforcement actions related to privacy violations. Media liability insuring agreements typically provide coverage for defense costs and damages arising out of third-party claims that allege defamation, invasion of privacy, and copyright infringement.
One issue that may arise for companies that provide AI-powered products or services is whether their cyber insurance policies provide coverage for liability assumed by contract. Many of the companies currently racing to incorporate AI into their products and services will eventually sell those products and services to other companies that will demand contractual indemnity protection from the selling companies. Cyber policies typically exclude coverage for contractual liability, but some cyber policies have exceptions for certain contractual liabilities, while other cyber policies expressly provide coverage for liability assumed by contract. These contractual liability provisions could prove important for companies that assume AI-related liability via contractual indemnity agreements.
Technology errors and omissions (Tech E&O) insurance policies provide coverage for third-party claims that allege a wrongful act, error, or omission in the performance of technology services or the failure of a technology product to perform as intended. Unlike cyber policies, Tech E&O policies generally provide coverage for breach of contract claims. Tech E&O policies, however, typically exclude coverage for liability arising out of bodily injury or property damage. While this type of coverage limitation may not be an issue for a company that provides web design services in the education sector, it may be more of an issue for a company that provides AI-powered products or services in the healthcare or energy sectors where mistakes may lead to bodily injury or property damage claims. The key question for companies that provide AI-powered products or services that expose them to bodily injury or property damage liability will be whether their general liability insurance policies provide coverage for bodily injury or property damage claims arising out of AI-powered products or services.
Commercial general liability (CGL) insurance policies generally provide coverage for third-party claims that allege bodily injury or property damage. CGL policies, however, often exclude coverage for professional liability claims. There is, for example, a standard professional liability exclusion that excludes coverage for third-party claims that allege bodily injury or property damage arising out of the selling, licensing, or furnishing of computer software. As a result, there may be a potential gap in coverage for companies that sell AI-powered software products or services that lead to bodily injury or property damage claims.
It is too early to predict how insurers will respond to the new opportunities and risks posed by AI. Insurers may continue to cover AI-related risks in existing insurance policies, or they may add endorsements or exclusions that expressly address AI-related risks. In the near term, insurers may simply ask more questions about a prospective policyholder’s use of AI during the underwriting process. Over the longer term, the answer will likely depend on the type and number of claims that policyholders make under existing insurance policies. In the meantime, policyholders should review their existing insurance policies to determine whether they have adequate insurance coverage for emerging AI risks, carefully consider any AI-related policy changes at renewal, and reach out to experienced insurance recovery attorneys for assistance.