Trust Foundations

Research for AI work that has to survive production.

Regulation, insurance, governance, and deployment analysis organized around the controls that make managed AI operations usable in the real world.

11states tracked
4carrier forms
8common answers
16research articles
Operating Map

The research is organized by the questions teams ask before AI work reaches customers, candidates, clients, or policy language.

Use the hub as a decision surface: find the regulation, locate the coverage constraint, then translate it into workflow controls.

Coverage AI insurance exclusions Carrier filings and coverage changes that affect AI-related claims Use Case AI in hiring and recruiting State requirements for candidate-facing employment decisions Controls AI governance framework Documentation, review points, and accountability for deployed AI work

Browse by state

View all state regulations
CA California 1 law tracked Verified 2026-03-20 CO Colorado 1 law tracked Verified 2026-05-31 CT Connecticut 1 law tracked Verified 2026-03-20 IL Illinois 2 laws tracked Verified 2026-03-20 MD Maryland 1 law tracked Verified 2026-03-24 MN Minnesota 1 law tracked Verified 2026-03-24 NY New York 1 law tracked Verified 2026-03-20 TN Tennessee 1 law tracked Verified 2026-03-24 TX Texas 2 laws tracked Verified 2026-03-24 UT Utah 1 law tracked Verified 2026-03-24 VA Virginia 3 laws tracked Verified 2026-03-24

Browse by industry

View all industries
4 use cases Education & EdTech Schools, universities, EdTech platforms, and learning management providers that deploy AI for admissions screening, student assessment, academic proctoring, and personalized learning. These firms face regulatory scrutiny because AI in education affects access to educational opportunities — education is explicitly listed as a consequential decision domain in multiple state AI laws alongside employment, healthcare, and housing. E&O, Cyber, D&O, CGL 4 use cases Financial Services & Fintech Banks, credit unions, investment firms, fintech companies, and financial advisors that deploy AI for credit decisioning, underwriting, portfolio management, fraud detection, and customer engagement. These firms face overlapping state AI obligations and federal financial regulations (ECOA, FCRA, Dodd-Frank), creating a layered compliance environment where state AI laws add requirements on top of — not in place of — existing federal frameworks. D&O, E&O, Cyber, Fiduciary 4 use cases Healthcare Providers & Health Tech Hospitals, physician practices, telemedicine platforms, and health technology companies that deploy AI for clinical decision support, patient triage, diagnostic assistance, and patient communication. These firms operate under heightened regulatory scrutiny because AI errors can directly affect patient safety and health outcomes, and because healthcare is explicitly listed as a high-risk decision domain in multiple state AI laws. Medical Malpractice, E&O, Cyber, D&O 4 use cases HR & Recruiting Firms Staffing agencies, recruiting firms, and HR technology providers that use AI for candidate sourcing, resume screening, interview analysis, and employment decision support. These firms face heightened regulatory scrutiny because AI in hiring directly affects individuals' economic opportunities. EPL, E&O, Cyber, D&O 4 use cases Insurance Brokers Insurance brokers and agents increasingly use AI for underwriting support, client risk assessment, claims triage, and policy recommendation — work that sits squarely inside their professional duty of care. The exposure runs two ways. First, the brokerage's own AI use creates errors-and-omissions (E&O) risk: an AI-suggested coverage gap, a misclassified risk, or a chatbot that misstates policy terms can become a negligence claim. Second, brokers must understand the AI exclusion endorsements now appearing in the policies they place — Verisk's CG 40 47 and Berkley's PC 51380 both apply broadly to AI-related claims, including unsanctioned "shadow AI" use that the insured may not even know about. The NAIC Model Bulletin on the Use of Artificial Intelligence Systems by Insurers (adopted December 2023 and issued by many states since) sets the expectation of a documented AI governance program, while state unfair-trade-practices and rating laws constrain how AI may influence pricing, eligibility, and claims decisions. E&O, CGL, Cyber, D&O 4 use cases Law Firms Law firms use AI for legal research, document review, contract analysis, drafting, and client intake — uses that intersect directly with the rules of professional conduct. ABA Formal Opinion 512 (July 2024) confirms that the duty of competence (Model Rule 1.1, Comment 8) requires lawyers to understand the benefits and risks of the generative AI tools they use, while the duty of confidentiality (Model Rule 1.6) constrains submitting client information to AI systems that may retain it or train on it. The risk is not theoretical: in Mata v. Avianca, a federal court sanctioned lawyers who filed AI-hallucinated case citations, and a growing list of courts now require disclosure or certification of AI use in filings. Beyond the ethics rules, AI errors in research or drafting create direct malpractice exposure — and most lawyers' professional liability policies do not yet contemplate AI-specific risk. E&O, Cyber, D&O 4 use cases Marketing Agencies Marketing and creative agencies use AI across content creation, image and video generation, client-facing chatbots, and audience targeting — often embedding AI output directly into client deliverables. That creates layered exposure. The FTC has made clear under Section 5 of the FTC Act that deceptive AI claims and undisclosed AI-generated endorsements are enforceable "unfair or deceptive practices," and its 2024 "Operation AI Comply" sweep signals active scrutiny of AI-washing. Generative output carries IP risk: under Thaler v. Perlmutter, a purely AI-generated work is not copyrightable, so a deliverable the agency believes it "owns" may carry no protectable rights for the client, and image models can reproduce protected material from training data. Client-facing chatbots add contractual risk — in Moffatt v. Air Canada, a tribunal held the company liable for its chatbot's misstatements. Most agency E&O and CGL policies were never priced for these exposures, and AI exclusion endorsements are now narrowing what they cover. E&O, CGL, Cyber 4 use cases Real Estate & Property Management Real estate brokerages, property management firms, proptech platforms, and real estate investment companies that deploy AI for property valuation, tenant screening, listing optimization, and client engagement. These firms face regulatory scrutiny because AI in housing directly intersects with fair housing obligations, and algorithmic bias in property valuations or tenant screening can produce discriminatory outcomes at scale. E&O, CGL, Cyber, D&O

Endorsement tracker

View full tracker
PC-51380 W.R. Berkley 5 state filings tracked PC 51380 CG-35-08 Verisk 5 state filings tracked CG 35 08 CG-40-47 Verisk 5 state filings tracked CG 40 47 01 26 CG-40-48 Verisk 5 state filings tracked CG 40 48

Common questions

View all answers
  • Do AI-driven adverse actions require fair lending notices? Yes. Federal fair lending laws require adverse action notices regardless of whether the decision was made by AI. Under ECOA and Regulation B, lenders must provide written adverse action notices with specific reasons for credit denials — regulators have clarified this applies even when an AI model is the proximate decision-maker. FCRA similarly requires adverse action notices when a consumer report influences a credit or employment decision. Colorado's AI Act (SB 26-189, which repealed and reenacted SB 24-205) adds a state-level layer: financial services is a consequential decision, so lenders using an automated decision-making technology (ADMT) must give interaction notice, explain an adverse decision within 30 days, allow correction of inaccurate personal data, and provide meaningful human review — creating overlapping obligations for Colorado lenders.
  • Who is liable when an AI agent causes harm? Liability for an AI agent's actions tends to resolve in layers. Default — deployer or operator: the business that puts the agent into operation is generally answerable for the harm it causes, much as it would be for an employee or a tool it chose to use, under established agency, vicarious-liability, and negligence principles. Vendor or developer: responsibility can extend upstream through product-liability, professional-liability (E&O), or misrepresentation theories where the harm traces to a defect or an overstated capability rather than the deployer's own setup. Contract and indemnity: master service agreements, warranties, limitation-of-liability clauses, and indemnities reallocate that risk between the parties and often decide who actually bears a loss. Insurance and exclusions: a policy may respond, but AI-specific exclusions such as Verisk's CG 40 47 can strip coverage a deployer assumed it had — changing who pays without changing who is legally liable. Human review and audit trail: where a person reviews the agent's decisions and every action is logged, that record shapes whether the deployer is found negligent and whether coverage responds. Outcomes vary by jurisdiction and the agent's degree of autonomy, and newer rules such as Colorado's AI Act (SB 26-189, deployer and developer duties effective January 1, 2027) can add obligations whose breach supports a claim. This is general business and insurance-risk analysis, not legal advice.
  • What AI compliance requirements apply to insurance brokers? Insurance brokers using AI for quoting, risk assessment, or client recommendations fall under Colorado's AI Act (SB 26-189, which repealed and reenacted SB 24-205), which treats insurance as a consequential decision: brokers must give interaction notice, explain adverse AI-driven decisions within 30 days, allow data corrections, and provide meaningful human review — plus potential E&O exposure if AI exclusion endorsements affect their own coverage.
  • What AI compliance requirements apply to law firms? Law firms using AI for document review, legal research, or client communication face state-specific disclosure obligations and risk malpractice claims if AI generates incorrect legal advice. Colorado and Illinois regulations apply when AI touches client matters.
  • Which states give consumers the right to appeal AI decisions? Colorado's AI Act (SB 26-189, which repealed and reenacted SB 24-205) gives consumers meaningful human review and reconsideration after an adverse consequential decision made or substantially influenced by an automated decision-making technology (ADMT). Connecticut SB-1103 similarly provides the right to appeal adverse decisions made by high-risk AI systems and request human review.
  • Which states require AI disclosure to consumers? Several states require AI disclosure, but the scope differs sharply. Colorado's AI Act (SB 26-189, obligations from January 1, 2027) requires deployers to give consumers notice when automated decision-making technology is used in a consequential decision, plus a plain-language explanation after an adverse outcome. California's AI Transparency Act (SB 942, operative January 1, 2026) requires large generative-AI providers to offer an AI-detection tool and to watermark AI-generated content. Illinois requires employers to notify employees and applicants when AI is used in employment decisions (HB-3773, effective January 1, 2026) and to disclose and obtain consent for AI analysis of video interviews (Artificial Intelligence Video Interview Act, 820 ILCS 42). Connecticut's AI law (SB-1103 / Public Act 23-16) is narrower — it governs Connecticut state agencies' own use of AI (impact assessments and a public AI inventory), not private-sector consumer disclosure.
  • Which states actively regulate AI in employment as of 2026? Illinois and Colorado have the most prescriptive AI employment regimes as of 2026. Minnesota can reach employment profiling through privacy and data-protection-assessment rules. Texas should be monitored for TRAIGA prohibited practices, especially intentional discrimination and biometric identification, but HB-2060 is a state-agency AI advisory and inventory law, not a private-employer hiring disclosure rule. Connecticut's enacted AI law is government-only; private employers should monitor successor bills and generally applicable employment, privacy, and civil-rights law.
  • Are D&O and E&O policies affected by AI endorsements? Yes. Berkley PC 51380 specifically targets D&O, E&O, and Fiduciary liability policies with an absolute AI exclusion. Any claim arising from AI use, including board-level AI governance decisions, can be excluded.
Research Library

Current analysis for AI work, coverage, and governance.

The articles below connect operational AI decisions to the risk, documentation, and insurance questions that show up once the work reaches production.

Resources Architecture & Engineering 11 min

What Should Stay Human in AI-Assisted Proposal Work?

No federal rule bans AI from proposal work — but Section K, the pricing certification, past-performance claims, and the professional seal can never be delegated. The legal line, verified June 2026.

June 2026 Read
Resources Architecture & Engineering 8 min

Can AI Help with RFP Responses Without Writing the Whole Proposal?

AI can prepare the compliance matrix and surface past performance. Your team certifies, signs, and submits. Here's exactly where the line sits.

June 2026 Read
Resources Architecture & Engineering 6 min

Why Proposal Teams Keep Rebuilding the Same Materials

The content exists; the capacity to keep it reusable doesn't. Why A&E and govcon proposal teams rebuild Section E, F, and G on every pursuit — and what review-ready materials change.

June 2026 Read
Resources Accounting 9 min

Why CPA Firms Lose So Much Time Chasing Client Documents

CPA firms waste time chasing late, scattered client documents. Here's why portals move the bottleneck, and how review-ready intake packets change the work.

June 2026 Read
Resources Accounting 7 min

What Can AI Actually Do for a CPA Firm?

AI won't replace your reviewers. But it can prepare client documents, missing-item queues, and review-ready briefs — so your team spends time on judgment, not sorting.

June 2026 Read
Resources Regulatory 13 min

Candidate Notice Is Not Enough: The Operating Controls Behind AI Hiring Compliance

AI hiring laws in Illinois, Colorado, Texas, and NYC require more than a disclosure email. The real obligations — vendor intake, bias monitoring, human review, record retention — are workflow controls, not notice.

June 2026 Read
Resources Analysis 7 min

AI Agents, Shadow AI, and Insurance Readiness: What Companies Need to Know in 2026

AI agents and shadow AI are creating uninsured liability across enterprises. A comprehensive analysis of how these technologies affect insurance coverage, carrier exclusions, and what companies should do before their next renewal.

March 2026 Read
Resources Commentary 10 min

The AI Insurance Market Is Splitting in Two

The AI insurance market is bifurcating: companies with documented, governed AI deployments are insurable. Those without are facing exclusions, sublimits, and declining coverage. Here's what's driving the split — and what it means.

March 2026 Read
Resources Market Analysis 7 min

Every Company Needs an AI Agent Strategy. Who Insures It?

As AI agents become standard enterprise infrastructure, the gap between what's deployed and what's insured is widening. Analysis of three critical insurance gaps and emerging coverage options.

March 2026 Read
Resources Broker Briefing 6 min

How Brokers Should Review AI Agent Exposure Before Renewal

A practical guide for insurance brokers: how to assess AI agent exposure in client portfolios, audit policies for AI exclusions, and negotiate better terms at renewal.

March 2026 Read
Resources Risk Framework 6 min

Security Controls vs. Insurance Readiness for AI Agents

Security controls and insurance readiness are not the same thing for AI agents. Analysis of where they overlap, where they diverge, and how to bridge the documentation gap.

March 2026 Read
Resources Commentary 9 min

Shadow AI Is Becoming an Insurance Problem, Not Just a Security Problem

Shadow AI is typically framed as a security concern. But the real exposure is on the insurance side: undocumented AI tools create liability that carriers can't see, can't price, and increasingly won't cover. Here's why the framing matters.

March 2026 Read
Tools & Checklists Practical Guide 7 min

Shadow AI Discovery Checklist for Mid-Market Companies

Step-by-step shadow AI discovery checklist for mid-market companies. Department-by-department guide to finding unsanctioned AI tools, classifying risk, and building an insurance-ready inventory.

March 2026 Read
Resources Commentary 11 min

What Carrier Filings Actually Tell You (That the Headlines Don't)

Most coverage of AI insurance exclusions oversimplifies the story. We've read every major filing — Verisk CG 40 47, Berkley PC 51380, Hamilton Select's platform-naming exclusion. Here's what the actual form language tells you that the headlines don't.

March 2026 Read
Resources Risk Framework 7 min

AI Workflow Risk Classification: A Framework for Brokers and Risk Managers

How to categorize enterprise AI deployments by risk level — from internal knowledge queries to autonomous business execution — and what each category means for coverage.

March 2026 Read
Resources Broker Briefing 8 min

Verisk CG 40 47: What the New AI Exclusions Mean for Your Commercial Clients

A technical briefing on the standardized AI exclusion endorsements now available to carriers, their scope, and practical implications for enterprises using AI in their operations.

March 2026 Read