Advanta is currently undergoing final system calibration ahead of launch. Selected infrastructure and experiences may still be in active refinement.

advanta

HomeModule Library

Module INS-01 sigil: Governance pillar, Strategy layer, maturity bands 1 to 3.Deterministic sigil for Module INS-01. The Pillar geometry encodes Governance (Pillar 4); the top-right marker S encodes the Strategy layer; the baseline meter encodes maturity bands 1 to 3.SINS-01

P4

L-E

INS-01

AI Liability and Insurance Checklist

Assess professional liability exposure, insurance coverage gaps, and vendor indemnification adequacy for AI tools across the Risk Taxonomy 2026 nine-class framework.

ModuleFoundationalAnnualAdoption lensDefensibility lens

Audience

GC / CLOLegal Operations

·

1–2 days initial per tool; 2–4 hours per tool at renewal or quarterly review

Executive Summary

This Module provides a structured, end‑to‑end checklist for managing AI liability, insurance coverage, and vendor accountability across the legal function. It operationalises the Risk Taxonomy 2026 nine‑class framework, mapping each class to malpractice exposure, insurance requirements, and governance controls. The checklist ensures ABA Model Rules compliance (1.1, 1.6, 5.3), closes “Silent AI” coverage gaps, and embeds AI Bill of Materials (AI BoM) registration as the primary evidentiary spine for both insurers and regulators. It guides legal teams through professional liability assessment, cyber and technology E&O coverage review, vendor indemnification and insurance verification, Agentic Tier (Level 4) liability gates, and Class 6 Shadow AI escalation. The Module also defines quarterly and annual review cadences, DPS Defensibility evidence requirements, and retention schedules so that every AI‑assisted matter can withstand regulatory, disciplinary, and carrier scrutiny.

Purpose and Scope

This Module operationalises the AI Liability and Insurance Checklist for legal departments. It provides a repeatable process to:

  • Assess professional liability exposure from AI use.
  • Analyse insurance coverage adequacy across professional, cyber, tech E&O, EPL, and D&O lines.
  • Embed AI Bill of Materials (AI BoM) registration as a contractual and evidentiary control.
  • Structure vendor indemnification, warranties, and insurance requirements.
  • Implement governance, escalation, and documentation practices that satisfy DPS Defensibility standards.

The checklist applies from AI tool intake through decommissioning and is mandatory for any tool processing DAT-02 Level 3–4 data or operating at Agentic Tier Level 4 (AI as Executor).

---

Metric 0 Pre‑Check (Gates M0.1–M0.5)

Before any liability or insurance assessment proceeds, confirm all five gates:

  1. Gate M0.1 — GOV‑02 consulted
    • Verify the AI Use Policy has been reviewed.
    • Confirm the tool falls within a GOV‑02‑approved category.
  2. Gate M0.2 — AI BoM verified
    • Confirm the tool is registered in the AI BoM with active status.
    • Ensure a current DPA and classification level are recorded.
  3. Gate M0.3 — GOV‑03 checked
    • Review the AI Vendor Risk Register.
    • Confirm vendor risk rating and DPA currency before indemnity or insurance work.
  4. Gate M0.4 — STR‑07 notified for Class 6
    • If any unregistered or unapproved tool is discovered, classify as Class 6 Shadow AI.
    • Notify STR‑07 (AI Task Force) and halt assessment until GC authorises continuation.
  5. Gate M0.5 — DAT‑02 classification confirmed
    • Verify data classification for all data processed.
    • Scale liability and insurance controls to the highest DAT‑02 level involved.

No assessment proceeds on gate failure without explicit General Counsel authorisation.

Defensibility Evidence

All completed AI Liability and Insurance Checklist assessment reports, AI BoM verification records, Class 6 Shadow AI incident logs, STR-07 notification records, Agentic Tier Liability Gate confirmations, vendor indemnification clause assessments, insurance certificate records, client disclosure and consent documentation, and governance committee decision records retained 7 years as DPS Defensibility lens evidence. Quarterly risk assessment completion logs, annual review records, Risk Taxonomy 2026 training scores, and vendor AI BoM currency verification records retained 5 years as DPS Adoption lens evidence.

Operational Artefacts

  • AI Liability and Insurance Checklist Workbook

    xlsx · v2026.1

    Gated

  • AI Liability and Insurance Playbook

    pdf · v2026.1

    Gated

  • Class 6 Shadow AI Incident Report Template

    docx · v2026.1

    Gated

  • Agentic Tier Liability Gate Checklist

    checklist · v2026.1

    Gated

Framework Crosswalk

ABA Model Rules of Professional Conduct (Rules 1.1, 1.6, 5.3)

American Bar Association

Maps technology competence, confidentiality, and supervision duties to AI risk controls, AI BoM evidence, and oversight documentation.

NIST AI Risk Management Framework

NIST

Aligns identification, measurement, and treatment of AI risks with Risk Taxonomy 2026 classes and insurance coverage strategies.

EU AI Act

European Union

Supports governance, documentation, and risk management obligations for high-risk and general-purpose AI systems used in legal services.

GDPR

European Union

Informs privacy, data protection, and DPA requirements for AI tools, especially Classes 2 and 4 risks.

ISO/IEC 42001 AI Management System

ISO

Provides a management-system backbone for AI governance, incident handling, and continuous improvement reflected in this checklist.

Operational Details

Inputs

  • · Current AI Bill of Materials (AI BoM) with status, DPA, and DAT-02 classifications
  • · GOV-02 AI Use Policy and GOV-03 Vendor Risk Register
  • · Existing professional liability, cyber, tech E&O, EPL, and D&O policies
  • · Vendor contracts, indemnification clauses, and insurance certificates
  • · TAL-02 training records and TAL-05 simulation scores
  • · Incident logs, especially Class 6 Shadow AI and Class 9 resilience events

Outputs

  • · Completed AI Liability and Insurance Checklist for each AI system
  • · Documented ABA Model Rules (1.1, 1.6, 5.3) compliance assessment
  • · Insurance coverage gap analysis mapped to Risk Taxonomy 2026 classes
  • · Vendor indemnification and insurance verification summary
  • · Agentic Tier Liability Gate confirmation records where applicable
  • · Class 6 Shadow AI escalation and post-incident documentation
  • · DPS Defensibility evidence package with retention schedule applied

Owner

General Counsel + Legal Operations

Telemetry & Observability

Telemetry-ready

Key Takeaways

  • Translate AI risks into insurable, contractually allocated obligations using Risk Taxonomy 2026.

  • Use AI BoM registration as a contractual and insurance evidence prerequisite for all AI tools.

  • Map ABA Model Rules 1.1, 1.6, and 5.3 directly to AI risk controls and documentation.

  • Identify and remediate AI-specific and Silent AI coverage gaps in professional and cyber policies.

  • Negotiate vendor indemnities and insurance with explicit AI, IP, and data protection coverage.

  • Apply strict Class 6 Shadow AI escalation with STR-07 notification and seven-year record retention.

  • Enforce Agentic Tier kill-switch, logging, and bias monitoring before autonomous AI deployment.

Get This Module

This module is available as part of an Advanta Advisory engagement.

Explore Advisory

Module Details

Type

Pillar

P4

Layer

E · Execution

Duration

1–2 days initial per tool; 2–4 hours per tool at renewal or quarterly review

Advisory

Yes

Access

Member access

Certification

Practitioner

Maturity Bands

FoundationalOperationalIntegratedOptimisedDefensible

Risk Classes Mitigated

Available Through

Related Resources

P4 · GovernanceModule Library →Take the Free Baseline Diagnostic →

Governance

Methodology
v2026.1
Last reviewed
23 May 2026
Verified
23 May 2026

ADVISORY

Need help implementing this — and the 49 modules around it?

Advanta Advisory works with legal departments to deploy the full Legal AI OS framework — governance design, implementation roadmap, and team capability — structured around your maturity baseline.

Explore Advisory →Run the Diagnostic first
← Back to Module Library