What’s the Verisk AI Exclusion Policy? What you need before your next renewal.

Feb 5, 2026Risk Management

Key Takeaways

The Verisk AI exclusion is a set of three ISO endorsement forms (CG 40 47, CG 40 48, and CG 35 08) effective January 1, 2026.
CG 40 47 is the broad version. It removes coverage for bodily injury, property damage, and personal and advertising injury arising
out of generative AI.
CG 40 48 is narrower. It only carves out personal and advertising injury, leaving bodily injury and property damage intact.
CG 35 08 Bodily injury and property damage in the products/completed ops hazard arising out of generative AI.
Most in-force CGL policies don’t have it yet. Firms pick it up at renewal, one carrier at a time.
The language can be negotiated. Documented AI governance, narrower definitions, and alternative markets all change the outcome.

Design firm owner searching a policy PDF for endorsement form numbers CG 40 47 and CG 40 48

What Is the Verisk AI Exclusion Policy Language?

The Verisk AI exclusion policy is a family of three optional endorsement forms that insurers can attach to a Commercial General Liability policy to remove coverage for claims tied to generative AI. Verisk, through its ISO subsidiary, publishes the standardized policy language that most US commercial insurers use. The three forms (CG 40 47, CG 40 48, and CG 35 08) became available on January 1, 2026, and carriers adopt them at each policy’s renewal.

Verisk defines generative AI inside the forms as “a machine-based learning system or model that is trained on data with the ability to create content or responses, including but not limited to text, images, audio, video or code.” That definition is broad enough to capture ChatGPT, Midjourney, DALL-E, CAD plugins with generative features, and any automated system producing design output. A design firm using any of those tools sits inside the definition.

For a design firm’s day-to-day general liability insurance coverage, the practical question is whether the carrier has attached one of these endorsements at the last renewal. If yes, certain AI-related claims no longer fall inside coverage. If no, the policy still responds under the standard terms.

Since the General Liability policy is less likely to be triggered in a claim involving Professional Services (as the E&O policy would be), this is not a big deal for Design Firms at this time. However, this sets a precedent that could carry over to other E&O carriers.

How Does CG 40 47 Differ From CG 40 48?

The three Verisk forms target different parts of the CGL policy, and that difference matters in determining how much coverage is lost.

CG 40 47 (the full exclusion):

Excludes Coverage A (bodily injury and property damage) and Coverage B (personal and advertising injury).
Broadest scope of the three forms.
Works with occurrence and claims-made versions.
Most likely to close coverage completely on AI-adjacent claims.

CG 40 48 (Coverage B only):

Excludes only personal and advertising injury (libel, slander, copyright).
Preserves Coverage A for bodily injury and property damage.
Targets the content-generation risks that have driven recent lawsuits.
Less disruptive for design firms whose exposure is physical-harm focused.

A third form, CG 35 08, applies to the Products/Completed Operations Liability part. It removes bodily injury and property damage coverage for completed-project claims with an AI connection. For design firms whose deliverables include AI-assisted drawings or specifications that later cause construction issues, this is the form completed after the project closes.

All three forms use the same trigger phrase: “arising out of generative artificial intelligence.” According to IIABA’s summary of the rollout, Verisk built the definition on existing government and NAIC language, which means state regulators aren’t likely to reject it on definition grounds. The battleground at renewal isn’t the definition itself. It’s the form (if any) the carrier decides to attach.

Two insurance endorsement forms side by side comparing CG 40 47 broad exclusion against CG 40 48 narrow exclusion

How to Tell If a Policy Is Already Affected

For most design firms in early 2026, the answer is no. The exclusion applies at renewal, and most architecture and engineering firms haven’t yet reached their first renewal after January 2026. Policies in force right now generally don’t carry any of the three forms.

That answer has a shelf life. Industry analysts expect rapid carrier adoption through 2026 and into 2027. The decisive factor for a specific firm is which carrier writes the policy. Some carriers have filed to attach CG 40 47 automatically at every renewal. Others will apply it selectively based on the firm’s AI disclosure. A handful are still deciding.

Three scenarios cover most design firms:

Policy in force from 2025, renewal date not yet reached. The Verisk AI exclusion is not on the policy. Coverage responds under the pre-2026 terms for any AI-related claim.
Policy renewed in Q1 or Q2 2026. The firm needs to check the endorsement schedule. Some carriers attached the form by default. Others haven’t moved yet.
Policy renewing in Q3 or Q4 2026. Assume the exclusion will appear with some carriers and plan a renewal meeting specifically to discuss any relevant language.

Risk Specialty Group’s 2026 AI liability insurance guide for architects covers the broader market shift across E&O, D&O, and GL lines. For CGL specifically, the Verisk forms are the immediate pressure point.

How Does a Design Firm Find the Verisk AI Exclusion on Its Policy?

Open the full policy PDF and run a four-step check.

Pull up the declarations page. Look at the endorsement schedule. It’s a list of every form number attached to the policy, usually on page one or two.
Search for the form numbers directly. Type “CG 40 47,” “CG 40 48,” or “CG 35 08” into the PDF search bar. Any hit means the form is attached and the exclusion is live.
Search for the phrase “generative artificial intelligence.” If none of the three form numbers appear but the phrase does, the carrier may have modified the Verisk language or added its own version.
Read the exclusions section of the main CGL form. Some carriers embed AI exclusions directly into the base policy wording rather than use a separate endorsement.

If none of the three forms appear and the phrase “generative artificial intelligence” doesn’t surface anywhere, the policy is silent on AI. Coverage then follows the pre-2026 default: AI-related claims are handled the same as any other claim.

Silence isn’t permanent. Carriers can introduce the exclusion at any renewal, and a few have sent notices mid-term announcing future changes. Every renewal meeting from 2026 onward should include a direct question about the intent to exclude AI.

Design firm owner searching a policy PDF for endorsement form numbers CG 40 47 and CG 40 48<br />

Negotiation Options at Renewal

Sometimes the Verisk AI exclusion can be negotiated, and the firms most likely to succeed share three characteristics. They document their AI governance in writing. They work with an independent broker who places coverage across multiple carriers. And they ask for specific, narrower language rather than demanding the whole endorsement be dropped.

Three negotiation approaches tend to work:

Carve-back for supervised AI use. The exclusion stays in place for autonomous or unsupervised AI output. Coverage is restored for tools used under licensed professional review and sign-off. Many carriers accept this language when the firm provides a written governance document that aligns with NAIC Model AI Bulletin governance expectations.
Narrow the definition. Verisk’s definition is broad. Some carriers will tighten it to cover only external generative AI products (ChatGPT, Midjourney) rather than AI features embedded in approved software tools.
Place coverage elsewhere. If the incumbent carrier won’t move, an independent broker with access across multiple markets can often find a carrier that hasn’t yet adopted the form or uses softer language.

Legal commentators tracking the rollout add a fourth point worth knowing. Pillsbury’s Policyholder Pulse analysis notes that even broadly-worded AI exclusions have limits under well-established insurance-law doctrines. Courts construe exclusions narrowly against the insurer, reject interpretations that would “swallow” the coverage, and require a clear connection between the excluded conduct and the claim before denying defense. The exclusion matters, but it isn’t always the final word on a specific claim.

Design firms approaching renewal should treat the exclusion as an opening position rather than a conclusion. A fifteen-minute conversation with an independent agent usually reveals options that a direct-writer conversation does not. Risk Specialty Group works with more than twenty “A” rated carriers, and carrier appetite for AI coverage varies meaningfully across that panel.

The parallel question, on the E&O side, is whether professional liability policies are picking up similar language. Some are, but through different endorsements. Firms should audit professional liability (E&O) insurance coverage during the same renewal cycle because the two lines now need to work together to address AI-related exposure.

Cyber exposure is a separate line entirely. Cyber liability insurance covers first-party costs the firm itself incurs after a breach, such as forensic investigations and ransom demands. Some E&O policies include “Network Security,” which can help address third-party client claims.

Frequently Asked Questions

What is the Verisk AI exclusion policy endorsement?

The Verisk AI exclusion is a set of three ISO endorsement forms (CG 40 47, CG 40 48, and CG 35 08) published by Verisk’s ISO subsidiary and effective January 1, 2026. Insurers attach them to a Commercial General Liability policy to remove coverage for claims arising out of generative artificial intelligence.

What's the difference between CG 40 47 and CG 40 48?

CG 40 47 is the broader exclusion. It removes coverage under both Coverage A (bodily injury and property damage) and Coverage B (personal and advertising injury). CG 40 48 is narrower. It applies only to Coverage B, preserving bodily injury and property damage coverage while carving out the advertising and content-generation risks.

How can a firm tell if the exclusion is on its current policy?

Open the policy PDF and check the endorsement schedule on the declarations page. Search for form numbers CG 40 47, CG 40 48, or CG 35 08. Also search for the phrase “generative artificial intelligence.” If none of those appear, the policy is silent on AI, and standard coverage applies.

Can the Verisk AI exclusion be negotiated?

Sometimes, with the right preparation. Firms with documented AI governance, verification workflows that catch hallucinations, and licensed professional sign-off may secure carve-backs for supervised AI use or narrower definitions. An independent broker with access to multiple carriers has additional bargaining power because carriers’ appetites vary across the market.

Does the Verisk AI exclusion affect professional liability coverage?

Not directly. The Verisk forms apply to Commercial General Liability coverage. Professional liability and E&O policies are separate and often carrier-specific rather than ISO-standard. Some E&O carriers have adopted their own AI exclusions that run parallel to the Verisk GL forms, so both policies need to be audited at renewal.

What should design professionals do now?

The AIA Trust offers clear guidance: “Firms should treat AI as a support tool—not a replacement—for sound professional judgment.” Effective risk management services start with understanding your actual exposure. Here’s where to begin:

Review your current E&O policy for AI-related exclusions, especially if your policy renews this quarter
Document which AI tools your employees use and how outputs are verified
Update client contracts to address AI use, disclosure requirements, and liability allocation
Establish QA/QC procedures ensuring licensed professionals review all AI-generated work
Consider supplemental coverage for risks your standard E&O policy now excludes

At Risk Specialty Group, we work with design professionals navigating emerging risks like AI liability. We’re not just another insurance vendor. We’re your guide in navigating how these changes affect your firm. We work with over 20 “A” rated carriers who specialize in architects, engineers and other design firms. Ready to understand where you stand? Just a Quote — For those who know what coverage they need Conversation & Quote — For those unsure about AI coverage gaps Full 360° Review — Comprehensive risk analysis including emerging AI exposures Contact Risk Specialty Group: 713-552-1900 | info@riskspecialtygroup.com

About the Author

Travis Landers, ARM, is the President and Founder of Risk Specialty Group, a Houston-based insurance and risk management firm serving design professionals. A UT Austin McCombs School of Business graduate with over 25 years of entrepreneurial experience, Travis founded RSG in 2010 to help architects, engineers, and consultants navigate the complex world of insurance and risk management. Under his leadership, RSG has earned the IIABA Best Practices Agency designation multiple years running. Risk Specialty Group serves design professionals across Texas, Arizona, Arkansas, California, New Mexico, and Oklahoma.

Are your firm's Cyber risks actually covered? If you're like most design professionals, the answer might surprise you.

According to the World Econo

Does your E&O policy cover cyber attacks?

For most design professionals, the answer is no.

The most common coverage in Professional Liability policies regarding any type of virus transmission is called "network security" liability. But this is only for "3rd party" expenses, such as when a design firm gets sued by one of their clients for the transmission of a virus. It covers the cost of defense and any "3rd party" costs that the client incurs. However, it does not provide any "1st party" coverage for the design firm itself in the event of a cyber attack or breach. Also, these endorsements typically offer sublimits that cap payouts at a fraction of actual incident costs.

Only true Cyber Liability covers 1st party costs associated with a cyber attack or breach on the design firm. That is why the coverage within a Professional Liability is called "network security" and not "cyber liability".

What about a major ransom demand? What about two weeks of system downtime? What about paying a fake invoice for $85,000?

That's a different category of loss entirely. The vast majority of design firms enter 2026 without true cyber coverage.

The FTC's cyber insurance guidance recommends standalone cyber coverage for businesses.

Why are engineering firms prime targets?

Fifty-nine percent of AEC firms experienced a cybersecurity threat in the past two years, according to Dodge Data & Analytics. Cyberattacks on construction companies doubled in Q1 2024 compared to Q1 2023.

The reasons are structural. Engineering firms hold exactly what attackers want:

Time-sensitive projects where delays cost real money
Critical infrastructure plans of interest to nation-state actors
Detailed client information across multiple projects
Smaller IT budgets than the data they protect would suggest

Design professionals are more than twice as likely to face ransomware attacks compared to other industries, according to research from CyberPress and FalconFeeds.

DragonForce, a ransomware group that attacked O&S Engineers & Architects in February 2025, specifically targets architecture and engineering firms. They kn

Frequently Asked Questions

Does my professional liability policy cover cyber attacks?

Just 3rd party claims, if at all. Typical coverage within an E&O policy that is associated with cyber threats are usually called "Network & Security" Liability endorsements and these only cover 3rd party claims. These are claims from your clients alleging you (the design firm) spread a virus to them and would cover the costs to restore your client. There is usually no coverage for the design firm itself for a cyber breach it experiences and the internal expenses associated with it. That's why a standalone Cyber Liability policy is needed to cover these 1st Party expenses. Review your policy language carefully.

Is the cyber add-on to my E&O policy enough protection?

Usually not. Cyber endorsements tend to offer lower limits, narrower coverage, and more exclusions. And they usually only cover the expenses to restore a client or other 3rd party. Not the Design Firm itself.

Why are engineering firms prime targets for ransomware?

Three reasons: deadline pressure, valuable data, and inadequate defenses. Attackers know engineering firms can't afford extended downtime. That pressure makes engineering firms more likely to pay ransoms quickly.

What happens if client data or CAD files are breached?

You face immediate costs for forensic investigation, legal counsel, and notification. Longer term, you may face lawsuits, regulatory penalties, and reputational damage. Cyber insurance covers these costs. Your E&O likely won't.

How much does cyber insurance cost for design firms?

Premiums vary based on firm size, revenue, and security measures. Many design firms find coverage more affordable than expected, especially compared to the potential cost of an uninsured breach. For firms with Revenues of $1M to $5M the annual premiums can range from $1,000 to $3,000 depending on the limits and coverages selected.

What should design professionals do now?

Effective risk management services start with understanding your actual exposure.

Don't assume your current coverage is adequate. Pull your policy. Read the cyber-related language. Look for exclusions, sublimits, and gaps.

Then ask yourself:

What would two weeks of downtime cost in lost revenue?
What would you do if you paid out $50,000 to a fake invoice?
What would you do if you could no longer access your design plans and email account?

If those questions concern you, it's time for a real conversation about standalone cyber coverage.

At Risk Specialty Group, we're not just another insurance provider. We're your guide in navigating the complex world of cyber risk for design professionals.

We work with over 20 "A" rated carriers who specialize in architects, engineers, and design firms. We know what questions to ask because we've seen what happens when firms don't have the right coverage.

Ready to understand where you stand?
Just a Quote — For those who know what coverage they need
Conversation & Quote — For those unsure about cyber coverage gaps
Full 360° Review — Comprehensive risk analysis including emerging cyber exposures

Contact Risk Specialty Group: 713-552-1900 | info@riskspecialtygroup.com

About the Author

← Why Engineering Firms Are Prime Targets for Cyber Attacks in 2026 Does My E&O Policy Still Cover AI-Assisted Design Work in 2026? →

Google Rating

5.0

Quick Links

Our Services

Contact Info



Address

675 Bering Dr., Suite 175
Houston, TX 77057



Email

info@riskspecialtygroup.com



Phone

713-552-1900



Fax

713-513-5411

| Sitemap

David Nelson

15:10 01 Apr 19

Risk Specialty Group has handled my micro-company's insurance for almost three years. They have consistently provided prompt, professional, friendly, and effective customer service. I am always sure that I have access to their "A" team and that they are in my corner. Of all my service providers, they are #1 in that department. 6 stars if I could.

Todd McMakin

16:00 04 Dec 18

We have been using the Risk Specialty Group for our company insurance for two years and have been very happy with our rates and with the customer service that we have received. They are always quick to respond to questions and requests. Highly recommended!

Su Young

18:52 04 Dec 18

Risk Specialty's owner is great to work with, excellent knowledge of the marketplace and clients' insurance needs. The staff is thorough, experienced and friendly. Great shop to consider for your insurance needs.

Elizabeth Schlitzberger

15:23 17 Jan 19

Very professional group with great attention to detail. They care about their customers! I highly recommend them!

Parallax Consulting Group

01:30 19 Dec 18

I am currently renewing my coverage for year (2) of my business. Everyone at RSG has been extremely helpful, while also being clear and concise with all my options and/or questions through every step of my growth, risk management and company success. I would highly advise and/or recommend RSG to anyone looking to find a firm you can count on...but most importantly, trust!