Traditional product liability law was built around physical products with deterministic behaviour. If a product fails in a foreseeable way and causes harm, liability flows up the supply chain to the manufacturer.

AI systems break most of those assumptions. A machine learning model does not have a single identifiable defect when it produces a harmful output - it produces that output because of the interaction between its training data, its architecture, its fine-tuning, and the context in which it is deployed. Multiple parties contributed to that outcome, and none of them may have done anything "wrong" in the conventional sense.

The UK's Product Liability Directive (as retained post-Brexit) was not designed with AI in mind. The EU has responded by updating its Product Liability Directive to extend explicitly to AI systems and digital products, effective 2026. In the meantime, AI liability in the UK is navigated through a patchwork of product liability, negligence, contract law, and sector-specific regulation.

The AI Developer or Software Company

The developer of an AI system is the most obvious candidate for liability. If the model was poorly trained, inadequately tested, deployed without appropriate safeguards, or built on data that should not have been used, the developer bears responsibility for those choices.

AI liability insurance UK for developers sits primarily within technology professional indemnity (Tech E&O) and technology products liability. Some specialist Tech E&O products now explicitly include AI liability coverage - extending to claims arising from model failures, algorithmic outputs, and AI-driven decisions. Not all do, and policy wording must be checked.

The Deploying Business

The business that integrates an AI system into its operations and uses it to make decisions about customers, patients, or other parties is also a potential defendant. A bank deploying an AI credit scoring system, a healthcare provider using an AI diagnostic tool, or an employer using AI to screen job applications - each has made a decision to rely on that system.

The line between developer and deployer is not always clear. Many AI companies both build and deploy their systems - selling AI-powered services rather than raw software. In that scenario, the company wears both hats and carries both categories of liability.

The Data Provider

The quality and legality of training data is a foundational element of AI risk. If a model was trained on data that contained errors, biases, or content used without authorisation, the data provider may bear some responsibility for downstream harms.

Data provider liability is also relevant in the context of IP claims. Rights holders alleging their content was used to train AI models without licence are, in effect, suing for a form of contributory liability.

The EU AI Act entered into force in August 2024. For UK companies supplying AI systems placed on the EU market or whose outputs are used in the EU, the Act's requirements apply.

The Act classifies AI systems by risk level:

• Unacceptable risk - systems banned outright, including AI-driven social scoring by public authorities and real-time biometric surveillance.
• High risk - systems subject to stringent compliance requirements before deployment. High-risk categories include AI in recruitment, credit scoring, medical devices, critical infrastructure, law enforcement, and education. Under the Act, providers are required to implement risk management systems, ensure data governance, maintain technical documentation, enable human oversight, and register systems in a public EU database.
• Limited risk - transparency obligations, such as AI chatbots being required to identify themselves as AI.
• Minimal risk - no specific regulatory requirements beyond existing law.

For UK AI developers supplying into the EU market, non-compliance with the Act carries significant financial consequences: fines of up to €35m or 7% of global annual turnover for the most serious violations.

For AI companies selling into both UK and EU markets, the compliance picture is materially complex. Directors should ensure they understand which AI Act risk category their products fall into. D&OD&O insurance, as part of a broader AI liability insurance UK programme, protects directors against personal liability arising from regulatory non-compliance.

Technology Professional Indemnity (Tech E&O)

Technology professional indemnity insurance is the primary cover for AI developer liability. The critical point - as discussed in detail in our guide to Professional Indemnity Insurance for Software Companies and AI Developers - is that not all Tech E&O products cover AI-specific liability.

Some specialist products in the UK market have now explicitly extended their coverage to include AI liability: model failure, algorithmic outputs, AI-driven decisions, and the downstream consequences of those outputs. Others have not, and the distinction is in the policy wording.

For any AI company reviewing its PI cover, the question is not "do I have a technology PI policy?" but "does my technology PI policy cover the specific risks my AI systems create?"

Technology Products Liability

Where an AI system contributes to physical harm - injury, property damage, or harm caused by an autonomous system - technology products liability insurance responds. It covers claims for bodily injury and property damage caused by a defective technology product.

Technology products liability is also relevant for AI systems in safety-critical digital contexts - financial trading systems, medical AI, or infrastructure control systems - where harm, though not physical, may be characterised as product liability rather than professional negligence.

Cyber Liability

Cyber liability insurance responds when AI liability arises from a cybersecurity failure - a breach, data theft, or a cyber event that causes the AI system to produce harmful outputs or exposes sensitive data. The intersection of cybersecurity and AI liability is a growing area of risk.

For a full guide to cyber cover for AI businesses, see: Cyber Insurance for AI Companies.

AI Hiring Tool Producing Discriminatory Shortlists

An AI recruitment platform, built by a UK developer and licensed to enterprise clients, produces shortlists for job applications. Analysis reveals the model systematically disadvantages candidates from certain demographic groups - traceable to biases in historic training data.

Affected candidates bring claims against the deploying employer under the Equality Act 2010. The employer claims against the AI developer under the indemnity clause in their software licence agreement.

Cover that applies: Technology professional indemnity with AI liability extension responds to the developer's third-party liability claim. An AI liability extension explicitly covering algorithmic bias claims is the difference between a covered claim and a policy dispute.

Medical AI Missing a Diagnosis

A UK healthtech company develops an AI diagnostic support tool used by NHS clinicians. In a number of cases, the model fails to flag a malignancy visible in the images. Patients suffer harm from delayed diagnosis.

Claims are brought against the NHS trust and, via subrogation, against the AI developer, alleging negligent design and inadequate validation.

Cover that applies: Technology PI with AI liability extension covers the professional negligence element. Technology products liability may also respond if the harm is characterised as a product defect. This is precisely the high-risk AI scenario where both covers, and specialist wording, matter most.

Generative AI Producing Infringing Content

A UK company builds a generative AI platform for enterprise content creation. A client uses the platform to generate marketing copy. The output closely reproduces a passage from a copyrighted work. The rights holder brings a claim against both the client and the AI developer, alleging the model was trained on copyrighted content without licence.

Cover that applies: Technology professional indemnity insurance, specifically the IP infringement coverage within the policy, responds to the claim. Whether training data IP disputes are covered depends on policy wording - specialist wording that has kept pace with generative AI risk is significant here.

The common thread across all three scenarios is that generic insurance products may not respond to claims arising from AI-specific risks. The market has developed specialist products that do, but navigating to those products requires broker expertise.

• Audit your current policy wording. Have a specialist broker review the policy definitions, coverage extensions, and exclusions with AI liability specifically in mind.
• Identify your high-risk exposure. Which of your AI systems operates in high-risk sectors or use cases? Those systems drive your coverage requirements.
• Ensure continuity of retroactive date. When you renew or switch PI policies, protecting the retroactive date ensures historic AI development work remains covered.
• Match indemnity limits to contractual obligations. Enterprise contracts and regulated sector requirements often specify minimum PI limits of £1m, £2m, or £5m.
• Consider your full programme. AI liability insurance UK is not a single product - it is a programme combining PI, products liability, cyber, and potentially D&O. The policies need to work together without gaps.

For the full overview of every policy an AI company needs, see: What Insurance Does an AI Software Company Need?

For guidance on generative AI products specifically, see: Insurance for Generative AI Products

Taurus Risk are AI liability insurance specialists with direct experience placing cover for AI software developers across the UK.

AI liability is being decided in real time by courts, regulators, and contract negotiators. A programme structured around the realities of AI - PI with AI liability extensions, products liability where relevant, cyber, and D&O - is what stands between an AI company and an uninsured claim.