advanta

HomeModule LibraryGovernance

Module INS-01 sigil: Governance pillar, Strategy layer, maturity bands 1 to 3.Deterministic sigil for Module INS-01. The Pillar geometry encodes Governance (Pillar 4); the top-right marker S encodes the Strategy layer; the baseline meter encodes maturity bands 1 to 3.SINS-01
P4· L-E· Bands FoundationalOperationalIntegratedOptimisedDefensible

· INS-01

AI Liability & Insurance Posture

Professional liability policies were written for human-rendered legal services. AI-assisted output sits in the gap between covered services and excluded tooling failure — and most carriers haven't decided how to underwrite that risk yet, leaving the firm exposed in ways that only surface during claim adjudication. The AI Liability and Insurance Checklist runs a structured review of professional liability coverage, cyber coverage, errors-and-omissions exposure, and vendor indemnification adequacy across the Risk Taxonomy 2026 nine-class framework — surfacing the gaps before they become claim disputes. Methodology v2026.1.

strategic

·

Annual

·

1–2 days initial per tool; 2–4 hours per tool at renewal or quarterly review

Methodology v2026.1·Verified 23 May 2026·Reviewed 23 May 2026

Executive Summary

This Module provides a structured, end‑to‑end checklist for managing AI liability, insurance coverage, and vendor accountability across the legal function. It operationalises the Risk Taxonomy 2026 nine‑class framework, mapping each class to malpractice exposure, insurance requirements, and governance controls. The checklist ensures ABA Model Rules compliance (1.1, 1.6, 5.3), closes “Silent AI” coverage gaps, and embeds AI Bill of Materials (AI BoM) registration as the primary evidentiary spine for both insurers and regulators. It guides legal teams through professional liability assessment, cyber and technology E&O coverage review, vendor indemnification and insurance verification, Agentic Tier (Level 4) liability gates, and Class 6 Shadow AI escalation. The Module also defines quarterly and annual review cadences, DPS Defensibility evidence requirements, and retention schedules so that every AI‑assisted matter can withstand regulatory, disciplinary, and carrier scrutiny.

Defensibility Evidence Produced

All completed AI Liability and Insurance Checklist assessment reports, AI BoM verification records, Class 6 Shadow AI incident logs, STR-07 notification records, Agentic Tier Liability Gate confirmations, vendor indemnification clause assessments, insurance certificate records, client disclosure and consent documentation, and governance committee decision records retained 7 years as DPS Defensibility lens evidence. Quarterly risk assessment completion logs, annual review records, Risk Taxonomy 2026 training scores, and vendor AI BoM currency verification records retained 5 years as DPS Adoption lens evidence.

Elements:

Evidence frameworkGovernance posture

Purpose and Scope

This Module operationalises the AI Liability and Insurance Checklist for legal departments. It provides a repeatable process to:

  • Assess professional liability exposure from AI use.
  • Analyse insurance coverage adequacy across professional, cyber, tech E&O, EPL, and D&O lines.
  • Embed AI Bill of Materials (AI BoM) registration as a contractual and evidentiary control.
  • Structure vendor indemnification, warranties, and insurance requirements.
  • Implement governance, escalation, and documentation practices that satisfy DPS Defensibility standards.

The checklist applies from AI tool intake through decommissioning and is mandatory for any tool processing DAT-02 Level 3–4 data or operating at Agentic Tier Level 4 (AI as Executor).

Metric 0 Pre‑Check (Gates M0.1–M0.5)

Before any liability or insurance assessment proceeds, confirm all five gates:

  1. Gate M0.1 — GOV‑02 consulted
    • Verify the AI Use Policy has been reviewed.
    • Confirm the tool falls within a GOV‑02‑approved category.
  2. Gate M0.2 — AI BoM verified
    • Confirm the tool is registered in the AI BoM with active status.
    • Ensure a current DPA and classification level are recorded.
  3. Gate M0.3 — GOV‑03 checked
    • Review the AI Vendor Risk Register.
    • Confirm vendor risk rating and DPA currency before indemnity or insurance work.
  4. Gate M0.4 — STR‑07 notified for Class 6
    • If any unregistered or unapproved tool is discovered, classify as Class 6 Shadow AI.
    • Notify STR‑07 (AI Task Force) and halt assessment until GC authorises continuation.
  5. Gate M0.5 — DAT‑02 classification confirmed
    • Verify data classification for all data processed.
    • Scale liability and insurance controls to the highest DAT‑02 level involved.

No assessment proceeds on gate failure without explicit General Counsel authorisation.

Operational Signals

ins-01.coverage-gap-inventory

Defensibility Posture Statement

Identified coverage gaps tracked per Risk Taxonomy 2026 class — DE-3 Evidence framework record.

Annual

ins-01.vendor-indemnification-adequacy

Annual Legal AI OS Index

Vendor indemnification adequacy scored per active engagement feeds Annual Index defensibility-discipline signal.

Quarterly

ins-01.renewal-readiness-record

Console

Insurance renewal evidence record maintained for Console intelligence substrate.

Annual

Inputs · Outputs

Inputs

  • · Current AI Bill of Materials (AI BoM) with status, DPA, and DAT-02 classifications
  • · GOV-02 AI Use Policy and GOV-03 Vendor Risk Register
  • · Existing professional liability, cyber, tech E&O, EPL, and D&O policies
  • · Vendor contracts, indemnification clauses, and insurance certificates
  • · TAL-02 training records and TAL-05 simulation scores
  • · Incident logs, especially Class 6 Shadow AI and Class 9 resilience events

Outputs

  • · Completed AI Liability and Insurance Checklist for each AI system
  • · Documented ABA Model Rules (1.1, 1.6, 5.3) compliance assessment
  • · Insurance coverage gap analysis mapped to Risk Taxonomy 2026 classes
  • · Vendor indemnification and insurance verification summary
  • · Agentic Tier Liability Gate confirmation records where applicable
  • · Class 6 Shadow AI escalation and post-incident documentation
  • · DPS Defensibility evidence package with retention schedule applied

Framework Crosswalk

ABA Model Rules of Professional Conduct (Rules 1.1, 1.6, 5.3)

American Bar Association

Maps technology competence, confidentiality, and supervision duties to AI risk controls, AI BoM evidence, and oversight documentation.

NIST AI Risk Management Framework

NIST

Aligns identification, measurement, and treatment of AI risks with Risk Taxonomy 2026 classes and insurance coverage strategies.

EU AI Act

European Union

Supports governance, documentation, and risk management obligations for high-risk and general-purpose AI systems used in legal services.

GDPR

European Union

Informs privacy, data protection, and DPA requirements for AI tools, especially Classes 2 and 4 risks.

ISO/IEC 42001 AI Management System

ISO

Provides a management-system backbone for AI governance, incident handling, and continuous improvement reflected in this checklist.

Operational Artefacts

  • AI Liability and Insurance Checklist Workbook

    xlsx · v2026.1

    Gated
  • AI Liability and Insurance Playbook

    pdf · v2026.1

    Gated
  • Class 6 Shadow AI Incident Report Template

    docx · v2026.1

    Gated
  • Agentic Tier Liability Gate Checklist

    checklist · v2026.1

    Gated

Diagnostic Relevance

Running the AI Liability and Insurance Checklist strengthens the Defensibility lens — expected Band progression: Foundational → Operational.

Confidence: high

Key Takeaways

  • Translate AI risks into insurable, contractually allocated obligations using Risk Taxonomy 2026.

  • Use AI BoM registration as a contractual and insurance evidence prerequisite for all AI tools.

  • Map ABA Model Rules 1.1, 1.6, and 5.3 directly to AI risk controls and documentation.

  • Identify and remediate AI-specific and Silent AI coverage gaps in professional and cyber policies.

  • Negotiate vendor indemnities and insurance with explicit AI, IP, and data protection coverage.

  • Apply strict Class 6 Shadow AI escalation with STR-07 notification and seven-year record retention.

  • Enforce Agentic Tier kill-switch, logging, and bias monitoring before autonomous AI deployment.

Run this Module

Operational artefacts available to Practitioner Membership members. Methodology v2026.1.

View Membership

Targeting

Audience

GC / CLOLegal Operations

Strengthens

Defensibility lensSophistication lens

Module Details

Format
Module
Difficulty
Foundational
Pillar
P4
Owner
General Counsel + Legal Operations
Access
Practitioner Membership
Certification
Practitioner

Maturity Bands

FoundationalOperationalIntegratedOptimisedDefensible

Where this Module lives

The Liability and Insurance Checklist sits at the intersection of governance and procurement — it consumes the AI Use Policy (GOV-02) approved-use list as the coverage perimeter and feeds the Vendor RFP Methodology (VEN-02) with the indemnification clauses that must appear in vendor contracts. The Module produces DE-3 (Evidence framework) and DE-4 (Governance posture) records into the DPS. Without it, insurance gaps surface during claim notice rather than during renewal.

Advisory

When this Module sits inside a Programme.

Modules are operated in-house by GC and Legal Operations teams. When the capability transformation is multi-Pillar — or when the regulator timeline tightens — Advanta operates the canonical Module sequence as a Programme.