EU AI ACT
On May 21, 2024, the European Council unanimously approved the adoption of the European Union’s (EU) first-of-its-kind Artificial Intelligence Act (‘the Act’). The Act entered into force on August 1, 2024, with various requirements to be phased in over the following three years. Persons subject to the Act include those who develop, deploy, import, or distribute AI systems in the EU — even if such persons are located elsewhere. The Act classifies and regulates AI with a risk-based approach, outright banning “unacceptable” risky AI systems (e.g., those used for social scoring and emotional recognition) and imposing varying degrees of compliance obligations (e.g., validation and human oversight) with respect to other AI systems.
Perhaps most relevant to insureds, the penalties contemplated by the Act can be levied against companies and individuals. Setting aside the harsher penalties for violating the Act’s ban on unacceptably risky AI systems noted above, even seemingly more mundane violations of some of the Act’s compliance obligations can result in penalties of up to €15M or (if the offender is a business) up to 3 percent of its worldwide annual turnover for the preceding financial year, whichever is higher.
U. S. Federal Securities Class Actions
Cornerstone Research reported its 2024 mid-year assessment of U.S. securities class action filings, spotlighting that D&O litigation arising out of AI disclosures is increasing. Specifically, the report detailed that the six AI-related federal securities class actions filed in the first half of 2024 (6) are consistent with the annual AI class action filing levels of each of the preceding four full calendar years (between 6 and 8). As Cornerstone warned, “[w]hile AI-related filings are not new, the growing prominence of AI in the business models of many companies may lead to an increase of such filings in the future.”
Considering the EU’s new AI regulatory regime, together with the uptick in AI-related securities class actions in the U.S., it is clear that AI-related exposures for D&Os and organizations exist, notwithstanding the opportunities presented by AI. Exposure is likely to grow as lawmakers try to respond to this increasingly prominent and rapidly evolving technology. For example, the State of Colorado recently enacted AI legislation, set to come into effect in 2026, with other U.S. states expected to follow suit.
D&O insurance is one tool that can help organizations and their D&Os mitigate these exposures. Companies using AI should regularly review their D&O policies and consider seeking AI-specific coverage enhancements alongside others tied to other notable exposures, such as cybersecurity.
Consult with your Aon broker for any questions regarding the implications of emerging AI exposures and your D&O insurance. If you have any questions about your coverage or are interested in obtaining coverage, please contact your Aon broker.
Learn more about evolving risks related to AI, the regulatory landscape in Europe and the U.S., and governance and oversight processes with respect to implementing generative AI in Aon’s upcoming webinar, Artificial Intelligence Adoption and Usage — Governance and Risk Management Best Practices, on October 15.