ISO AI Exclusions
What are ISO AI Exclusions?
ISO AI exclusions refer to a suite of highly restrictive, standardized endorsements introduced by the Insurance Services Office (ISO) to explicitly strip generative AI coverage out of standard Commercial General Liability (CGL) policies.The definition of these forms—specifically endorsements like CG 40 47 and CG 40 48—marks a structural turning point in commercial insurance, giving carriers a turn-key mechanism to deny claims for bodily injury, property damage, or personal and advertising injury if automated tools are anywhere in the causal chain.
ISO AI Exclusions in More Detail
The immediate meaning of these endorsements is that the insurance market has officially stopped gambling on the unpredictable risks of generative AI. By utilizing the broad legal phrase “arising out of,” these exclusions allow legacy carriers to walk away from a claim if an AI-generated output, recommendation, or decision leads to a lawsuit. This term may refer to a reality where everyday startup operations are suddenly completely uninsured under a standard general liability policy. For instance, if an AI chatbot gives a bad recommendation that results in a user’s financial or physical harm, or if your automated marketing engine inadvertently pulls copyrighted imagery for a major campaign, a CGL policy carrying these ISO endorsements will offer zero protection.
For founders, the rollout of these forms provides hard proof that the legacy insurance market is actively running away from autonomous risk. It shatters the myth that a generic general liability policy will act as an all-encompassing safety net for a tech platform. Because ISO forms dictate the baseline language for most of the U.S. property and casualty market, carriers are rapidly applying these exclusions across renewals. This shifts the financial burden of AI errors entirely onto the company’s balance sheet, validating why securing standalone, specialized AI liability or Tech E&O coverage is no longer an optional luxury—it is an immediate operational requirement to prevent a single algorithmic hiccup from triggering an uncovered, company-ending lawsuit.