India insurers require companies to disclose AI use for cyber insurance
Insurers in India are introducing new requirements for companies to disclose their use of AI, reflecting growing concerns over AI-related cybersecurity risks.
Companies in India are increasingly being required to disclose how they use AI when applying for cyber insurance, as insurers adjust to new and less predictable digital risks.
The shift, reported on 19 March 2026, reflects concerns that AI systems can introduce vulnerabilities not captured by traditional cybersecurity assessments. Insurers are now issuing detailed questionnaires asking companies about their AI tools, data handling practices and risk mitigation measures.
Previously, cyber insurance underwriting relied on established standards such as ISO 27001 and the NIST Cybersecurity Framework, which focus on conventional risks like data breaches and access control. These frameworks did not address risks linked to AI systems.
Industry experts note that AI introduces new challenges for risk modelling, including issues related to data integrity, model behaviour, third-party dependencies and system unpredictability. Insurers are therefore requesting more detailed information on governance, security controls and oversight.
The disclosures have direct financial implications. Companies with weaker AI risk management may face higher premiums or stricter policy terms, while those with stronger safeguards could benefit from more favourable coverage.
