The directive that turned brokers into attesting entities
IRDAI's Information and Cyber Security Guidelines 2026 replaced the earlier 2023 framework and took effect in the first half of the year. The headline most intermediaries missed is not a new control. It is the scope. The 2026 guidelines apply to insurers and foreign reinsurance branches, and explicitly to intermediaries: brokers, corporate agents, web aggregators, third-party administrators (TPAs), insurance repositories and the Insurance Information Bureau. If you touch an insurer's systems, you are inside the perimeter.
The follow-on directive that pushed this from policy to filing was the action-taken report on AI cyber readiness, with regulated entities asked to confirm by mid-May 2026 what they had done to assess exposure to AI-driven attacks. That is the part many broking houses are unprepared for. Most have a privacy policy and a firewall. Very few have written down which of their tools are AI-enabled, where customer data flows, and what happens when a deepfake voice call instructs a finance executive to release a premium remittance to a new account.
For a broking principal, the practical translation is this. The regulator now treats AI as two things at once: a threat surface that can be weaponised against you, and a controlled asset you must govern when you deploy it yourself. The action-taken report forces you to evidence both. This piece walks through what the guidelines actually require, what the AI-readiness attestation is testing, and where the answers flow straight into your own cyber insurance and professional indemnity placement.
What 'frontier AI threat' means in an insurance back office
The phrase frontier AI threat sounds abstract until you map it onto how an Indian broking or TPA back office actually operates. Three attack patterns matter most, and the action-taken report is essentially asking whether you have considered each.
Deepfake and synthetic-identity fraud
Voice-cloning and synthetic video are now cheap enough to target mid-sized firms, not just banks. The classic insurance vector is a cloned instruction to release funds: a premium refund, a claim payout, a brokerage remittance redirected to a mule account. A TPA settling cashless health claims is an obvious target because payment authority sits with operations staff, not treasury.
AI-accelerated reconnaissance and intrusion
Attackers use models to scan exposed assets, write tailored phishing in fluent Hindi and English, and generate working malware variants faster than signature-based defences update. Internet-facing assets (your client portal, your quote engine) are the first probe.
Data poisoning and model abuse in your own tools
If you run an AI policy-comparison engine or a claims-triage model, the threat is internal too: poisoned training data, prompt injection through a customer document, or a model that quietly leaks one client's data into another's output. This is why the guidelines treat your own AI as a controlled asset.
The regulator is not asking you to defeat these threats single-handedly. It is asking whether you have identified them, assessed your exposure, and documented a response. An honest action-taken report can say a control is in progress, provided the assessment behind it is real. A blank or boilerplate response is the failure mode that invites scrutiny.
The hard controls: six-hour CERT-In reporting and half-yearly pen testing
Two operational obligations in the 2026 guidelines are non-negotiable and time-bound, and they are where most intermediaries are quietly non-compliant.
Six-hour incident reporting to CERT-In. Any cyber incident must be reported to CERT-In within six hours of detection, with copies to IRDAI and other relevant regulators. Six hours is not generous. It means you need a pre-agreed definition of what counts as a reportable incident, a named person who can file outside business hours, and a template ready to go. Our companion note on CERT-In incident reporting for insurers breaks down the filing mechanics. The practical failure is not refusing to report. It is discovering at hour five that nobody knows who signs off.
External grey-box or white-box penetration testing every six months. For all internet-facing information assets, the guidelines require penetration testing at least once every six months, conducted by a CERT-In empanelled auditor. Annual is no longer enough for exposed systems. For a broker running a client-facing portal, this is a recurring procurement line, a remediation tracker, and an audit trail, not a one-off certificate to frame on the wall.
Remediation is the part auditors actually test. Finding a vulnerability and ignoring it is worse than not testing, because it evidences a known, unaddressed exposure. Build a tracker with owners and timelines from day one.
Governance changes reinforce this. The Information Security Risk Management Committee is expected to meet more frequently, with a quarterly rhythm now the practical baseline rather than an occasional sitting. The Chief Information Security Officer must not report to the Head of IT and must not carry business targets, a deliberate separation so that security is not overruled by sales. For a smaller intermediary that cannot fund a dedicated CISO, the realistic answer is a designated, independent security owner with board-level reporting, plus a documented rationale for the structure you have chosen.
Vendor due diligence: your AI stack is now your liability
The single biggest gap we see in broker readiness is the vendor map. The 2026 guidelines require cybersecurity due diligence before engaging any vendor, plus periodic security assessments of vendors including vulnerability scans and penetration testing. For an intermediary, the vendor list is longer than people assume.
Walk your own stack. The customer relationship platform. The cloud-hosted broking software. The e-signature provider. The KYC and document-verification API. The AI tools your team has quietly adopted: a drafting assistant, a policy-wording extraction tool, a renewal-pricing model, a chatbot on the website. Each of these touches client data, and under the guidelines each is your responsibility to vet.
The action-taken report effectively asks for this inventory. A workable approach has three columns:
- Vendor and data flow. What does this tool process, where does it sit, and what client data leaves your perimeter to reach it?
- AI status. Is the tool AI-enabled? If so, does the provider train on your inputs, where is the model hosted, and what contractual protection do you hold on data use?
- Assurance evidence. Do you hold a current security certification, a pen-test summary, a data-processing agreement, and breach-notification terms from the vendor?
The contractual angle matters for your own balance sheet. If a vendor breach exposes your clients, your professional indemnity and the firm's directors face the question of whether you did adequate diligence. Weak vendor contracts shift loss back to you. Strong ones, with clear indemnities and a right to audit, are now a compliance artefact, not just commercial hygiene. Treat the AI clause in every vendor contract as a board-level item, because under these guidelines it is.
How the attestation reads across to your cyber and PI placement
Here is the part that turns a compliance chore into a placement advantage. The same evidence you assemble for the IRDAI action-taken report is, almost line for line, what a cyber underwriter wants to see. The regulator and the market have converged on the same questions.
When you place cyber insurance for your own firm or a corporate client, underwriters now ask about multi-factor authentication coverage, endpoint detection, backup immutability, incident-response retainers, and increasingly about AI exposure: deepfake and social-engineering controls, and governance over any AI the insured deploys. The cyber pricing softening through 2026 has not made underwriters less curious; it has made them more selective on controls in exchange for rate. A firm that can hand over a clean self-assessment, a current pen-test, a vendor register and a tested incident-response plan negotiates from strength.
The read-across also exposes a coverage gap brokers should flag to clients now. Deepfake-instructed fund transfer is frequently a social-engineering fraud, and whether it triggers under a cyber policy, a crime policy, or neither depends entirely on the wording. Our analysis of deepfake payment fraud and crime cover sets out where the lines fall. The broker who raises this before a loss looks like an adviser. The one who raises it during a claim looks negligent.
There is a directors' angle too. A board that fails to govern AI and cyber exposure after an explicit regulatory directive carries a cleaner negligence narrative against it. That feeds directly into directors and officers liability underwriting and into how a D&O claim would be defended. Documented diligence is the best defence, and the guidelines now hand you the template for it.
A filing-ready checklist for brokers, corporate agents and TPAs
Translate the guidelines into a sequence you can actually execute before your next ISRMC meeting. This is the order we would run it for a mid-sized broking house or TPA.
- Confirm your applicability tier. Map your gross insurance revenue and your mode of access to insurer systems (view-only versus upload or edit). This determines which sub-chapters bind you and how heavy your obligations are. Document the assessment.
- Name an independent security owner. Whether a CISO or a designated officer, ensure they do not report to the Head of IT and carry no sales target. Record board-level reporting.
- Build the AI and vendor register. List every tool touching client data, flag which are AI-enabled, and capture data-flow, hosting and contractual data-use terms for each.
- Run the AI-threat exposure assessment. Document your position on deepfake fraud, AI-accelerated intrusion and model abuse, with the controls in place or planned for each.
- Stand up the six-hour CERT-In process. Define reportable incidents, name an out-of-hours filer, prepare the template, and run one tabletop exercise against it.
- Schedule half-yearly pen testing. Procure a CERT-In empanelled auditor for internet-facing assets and open a remediation tracker with owners and dates.
- Align the audit and reporting calendar. Insurers face defined post-year-end windows for filing their security audit report; map the equivalent timeline your tier carries and build a calendar that meets it rather than scrambling after the financial year closes.
The action-taken report is not a one-time event. It is the start of a standing governance cycle that the quarterly ISRMC rhythm is designed to sustain. The broking houses that treat the May filing as a project will repeat the scramble next year. The ones that treat it as the founding document of a permanent AI and cyber governance function will find the next attestation, and the next cyber renewal, materially easier.
Where this sits alongside DPDP and the wider 2026 regime
The cyber guidelines do not stand alone. They sit beside the Digital Personal Data Protection framework, and the two reinforce each other. The 2026 guidelines were updated partly to align insurers and intermediaries with DPDP obligations, which means the data inventory you build for cyber readiness is the same inventory you need for data-protection compliance. Doing them as separate projects is wasted motion.
For brokers handling cross-border client programmes, the overlap deepens. Where client data moves outside India to a global insurer, reinsurer or shared-service centre, the cross-border transfer rules and the cyber-control expectations stack. Our note on cross-border data transfer and cyber cover covers the placement implications for multinational programmes. A broker servicing an Indian subsidiary of a foreign group should expect to evidence both the data-flow map and the cyber controls to the parent's risk function as well as to IRDAI.
There is a strategic point in all of this. IRDAI's 2026 direction, read together with its AI model-risk governance expectations and its broader AI governance framework for insurers and brokers, signals that AI in insurance will be supervised, not waved through. The regulator is comfortable with AI deployment, but only inside a documented control environment. That is a workable bargain for serious firms and a hard wall for casual ones.
The brokers who win the next three years are the ones who treat governance as a service they offer clients, not just a burden they carry. If you can sit across from a corporate risk manager and explain their AI cyber exposure, their CERT-In obligations, their vendor liability and the matching coverage in one conversation, you are no longer a price taker on the panel. You are the adviser they keep. The May action-taken report is the cheapest opportunity you will get this year to build exactly that capability.