AI and Legal Liability: Preparing for Emerging Risks in Insurance Claims and Litigation

The Rise of AI in Insurance

AI technologies, including machine learning, natural language processing and automation, are now integral to many insurers’ operations. From automated claims assessment to chatbots handling customer queries, AI promises to streamline processes and reduce operational costs. Insurers are harnessing predictive analytics to better price risk, detect fraud and enhance customer experience. Yet as the reliance on AI grows, so too does the potential for legal disputes and regulatory scrutiny.

Understanding Legal Liability in the Context of AI

Legal liability in insurance has traditionally centred on human decision-making and the contractual relationship between the insurer and the insured within the overarching regulatory framework. The advent of AI introduces a new layer of complexity: who is responsible when an AI-driven process leads to an error, a problematic outcome or breach of duty? Potential sources of liability include algorithmic bias, failure to explain AI-driven decisions, data breaches and reliance on flawed data sets.

A key question is whether in any particular case the liability rests with the insurer deploying the AI, the technology provider or both. Globally, jurisdictions are still grappling with how to apportion responsibility, particularly when AI systems exhibit autonomous behaviours that may be difficult to foresee or control. Insurers must, therefore, be proactive in understanding their exposures and ensuring robust and proportionate governance frameworks are in place.

Emerging Risks in AI-driven Claims and Litigation

The use of AI in claims assessment raises several emerging risks. For example, if an automated claims system denies a valid claim due to flawed algorithmic logic or biased data, the insurer could face allegations of unfair treatment or breach of contract. Insurers are also exposed to reputational harm if claimants perceive AI-driven decisions as discriminatory, are not transparently informed about the use of AI in the transaction or are not provided with an accessible redress procedure. Additionally, there are internal risks associated with the use of AI in this context given its significant dependence on training data based on previous performance. This can embed existing inefficiencies and unseen bias behind the ‘black box’ logic of such systems. Equally past performance is no guarantor of future success when circumstances change, and so the performance of such systems in future contexts is difficult to be sure of.

In litigation, parties may challenge the validity of AI-generated evidence or question the transparency and legality of AI decision-making. Courts and regulators are increasingly demanding “explainability”, the ability to understand and justify how an AI system arrived at a particular outcome. Failure to provide such explanations can undermine an insurer’s defence and risk regulatory penalties. It may also fundamentally impact the bottom line.

Regulatory Developments and the Need for Compliance

Regulators in the UK and across Europe are taking a keen interest in the implications of AI for insurance. The EU’s Artificial Intelligence Act which entered into force on 1 August 2024, for example, seeks to introduce risk-based regulation of AI systems, with stringent requirements for high-risk applications such as those used in credit scoring and insurance. Insurers must be prepared to prove compliance with data protection laws (such as the UK GDPR and the EU GDPR), fairness obligations and transparency standards.

Compliance is not merely a box-ticking exercise. Insurers should conduct regular audits of AI systems, ensure robust data governance, and provide clear communication to customers about how AI is used in decisions affecting them. This proactive approach will help mitigate legal risks and foster trust in AI-enabled insurance solutions.

Practical Steps for Insurers

1. AI literacy and training: insurance professionals need to develop a working understanding of AI technologies and their implications and keep up to date with new innovations as they embedded into organisational processes. This includes training on the ethical use of AI, recognising potential biases and understanding the limitations of automated systems.
2. Robust governance frameworks: set up clear policies for the development, deployment and monitoring of AI systems. Assign accountability for AI oversight and ensure there are mechanisms for human review of AI-driven decisions as well as ongoing scrutiny as to the appropriateness of the use of AI in relation to any particular task as circumstances change.
3. Documentation and explainability: maintain comprehensive governance documentation of AI models, including data sources, methodologies and decision logic. Be prepared to explain AI-driven outcomes to claimants, courts, and regulators with a solid evidential basis of compliance and usage records.
4. Data quality and management: ensure that data used to train and operate AI systems is accurate, representative and free from bias. Regularly update and test data sets to avoid drift and unintended consequences as well as applying appropriate mitigations and corrections where necessary.
5. Legal and regulatory monitoring: stay abreast of evolving legal frameworks and regulatory guidance on AI. Engage with industry bodies and legal experts to anticipate changes and adapt practices accordingly.
6. Incident response planning: develop clear protocols for responding to AI-related incidents, such as erroneous claims decisions or data breaches. This includes communication strategies and remediation processes as well as structured regulator engagement.