AI Agent Startup Liability Insurance in India: Underwriting Autonomous Actions and Downstream Customer Losses

Indian AI agent startups have closed roughly USD 480 million in disclosed funding between Q1 2024 and Q1 2026, across categories that include autonomous coding assistants (analogues of Cursor and Devin built for Indian enterprise environments), multi-agent workflow platforms (the CrewAI and AutoGen segment), and vertical agents for sales, recruitment, finance ops, and customer support. The volume is small relative to the SaaS cohort, but the underwriting question they raise is materially different from anything Indian insurers have written before.

When a SaaS product produces an incorrect output and the customer suffers loss, the chain of causation passes through a human user who reviewed, approved, or relied on that output. Tech E&O policies were drafted around this chain. When an AI agent takes an autonomous action, the chain is shorter and in some configurations absent entirely. The agent commits a transaction, sends an email to a counterparty, modifies a production database, deploys code to a customer environment, or makes a hiring recommendation that the customer's automated pipeline acts on without further human gating. The customer's loss can arise without any natural person between the agent's decision and the damage.

Indian non-life insurers writing Professional Indemnity for technology vendors have not adjusted their wordings to address this scenario. The standard PI wording covers 'errors, omissions or negligent acts in the rendering of professional services'. Whether the autonomous action of an AI agent constitutes a 'professional service rendered' by the vendor, or whether it is the customer's own activity facilitated by the vendor's tool, becomes a live coverage dispute. The few Indian agentic-AI startups that have approached the market for coverage in 2025 and 2026 have generally been offered standard SaaS PI wordings with no agent-specific drafting, leaving the coverage question for a future claim. That is not a workable position for a company shipping a product that books trades, files purchase orders, or modifies production infrastructure on a customer's behalf.

The substantive coverage offered by an IRDAI-filed Professional Indemnity policy for a technology vendor responds to three categories of loss: financial loss to a third party arising from a covered error in the vendor's professional services, defence costs to investigate and defend a claim made by a third party against the vendor, and certain regulatory investigation costs subject to sublimits.

For an AI agent startup, the most common loss scenarios that should be inside coverage are: an autonomous coding agent commits a code change that breaks the customer's production system causing measurable business interruption to the customer, a finance-ops agent miscategorises GST input credits and the customer incurs penalties on assessment, a recruitment agent sends offer letters with terms not authorised by the customer's HR function, and a customer support agent issues refunds or commitments outside the customer's policy limits.

The coverage gaps that Indian agent startups should expect on a standard PI wording are: claims arising from the agent's decision-making capability being below the standard the customer's contract promised (a performance dispute rather than a negligence claim), claims arising from a hallucinated output that is technically not an error in service delivery but a known limitation of the underlying model, claims where the loss arises because the customer chose not to implement available human-review controls, and claims where the customer's own system acted on the agent's output without the contractually required validation step.

The single most material drafting question for an agentic-AI vendor is the definition of 'covered service' in the policy. A definition limited to 'software provided for use by the insured's customers' does not clearly capture autonomous actions taken by software on the customer's systems. A broader definition referencing 'professional services rendered through software or automated means including artificial intelligence systems' captures the exposure more cleanly. Indian PI products with this drafting are rare; one or two underwriters offered customised wordings for AI risks in late 2025 at premium loadings of 30 to 60 percent over standard SaaS PI rates. Most agent startups will need their broker to negotiate a manuscript wording or place coverage in the Lloyd's market where AI-specific endorsements are now common.

Enterprise contracts with AI agent vendors typically include a specific indemnification clause that the customer's procurement team has added to a previously generic SaaS MSA. The clause runs broadly: the vendor indemnifies the customer against all losses, damages, costs, and expenses arising from the agent's autonomous actions or recommendations that cause harm to the customer or to third parties dealing with the customer. Some clauses explicitly include downstream losses to the customer's own customers (a chain-of-indemnity construction). The dollar figures attached to these clauses are climbing: USD 5 million is now standard in enterprise agentic-AI contracts seen in 2025 and 2026, with USD 10 million appearing in deals where the agent operates on financial systems or production infrastructure.

The insurance translation problem is direct. The vendor's PI policy responds to claims of third-party loss arising from the vendor's professional negligence. The contractual indemnity may be broader than the policy responds to in two ways: it may cover loss without proof of negligence (strict liability under contract), and it may cover loss to the customer's customers (a category sometimes excluded under PI as remote consequential loss). The gap is uncovered exposure that the vendor has assumed by signing the contract.

For Indian agent startups negotiating these clauses, the practical position is to:

• limit the indemnity to losses caused by the agent's negligent or wilful failure rather than strict liability for any action
• exclude indirect, consequential, and chain-of-indemnity losses to the customer's downstream parties
• cap the indemnity at the policy's effective per-occurrence limit
• carve out losses caused by the customer's own systems acting on agent outputs without contractually agreed validation

The broker's role here is to review the indemnity clause against the policy wording before signing. A clause that says 'vendor will indemnify customer for any loss caused by agent actions' creates exposure that no standard Indian PI policy will fully cover. A clause that says 'vendor will indemnify customer for loss caused by agent's negligent or grossly negligent performance, capped at vendor's professional liability policy limit, excluding indirect and consequential damages' is largely matched by available insurance.

Customer downstream losses, where the customer's own customer suffers harm because of an agent action taken in the vendor's product, are the hardest category. An IRDAI-filed PI policy generally does not respond to such losses unless the chain of causation runs directly through a covered service and the loss is reasonably foreseeable. Vendors operating in industries where downstream losses are common, such as agents that interact with the customer's end-users on contractual matters, should consider purchasing a media liability extension or specific contractual liability cover where available.

Indian agent startups largely build on third-party foundation models, including OpenAI's GPT-4 class, Anthropic's Claude family, Google's Gemini, and increasingly open-weight models hosted on the startup's own infrastructure. The legal question of liability for a hallucinated or factually wrong output remains substantially open under Indian law. There is no specific statute that addresses model-output liability, and the existing legal framework forces the analysis through three doctrines: contract (what the vendor promised about output quality), negligence (whether the vendor exercised reasonable care in deploying and tuning the model), and the Information Technology Act 2000 (whether the vendor is an intermediary entitled to safe harbour).

The contractual analysis is the most direct. If the vendor's contract or marketing claims that the agent will produce accurate outputs, and an output materially misstates a fact that the customer relied on, the customer has a breach claim. Most current Indian vendor contracts have shifted to a more defensive position: outputs are described as advisory, the customer is responsible for verification before reliance, and the vendor disclaims warranty as to factual accuracy. This contractual position is becoming standard but it is not absolute; courts may still find that for a paid product marketed to enterprises, complete disclaimer of output accuracy is unreasonable.

The negligence analysis depends on industry standards that are still forming. The current emerging standard for agentic AI deployment includes: documented evaluation of model outputs against benchmarks before deployment, ongoing monitoring of output quality, retrieval-augmented generation patterns for factual queries, human-in-the-loop review for high-impact actions, and incident response procedures for known failure modes. A vendor who has implemented these is in a stronger position to defend a negligence claim than one who has shipped an agent on top of a public model with minimal additional engineering.

The Information Technology Act 2000, Section 79 safe harbour for intermediaries is the most contested element. The provision shields intermediaries from liability for third-party content under defined conditions, including that the intermediary does not initiate the transmission, does not select the receiver, and does not select or modify the information. An AI agent that generates content does initiate transmission and does select information, which means the safe harbour does not cleanly apply. The Ministry of Electronics and Information Technology's draft Digital India Act, which has been under discussion in various forms since 2023 and is expected to be reintroduced, is likely to address AI-generated content with a different liability framework. Until that legislation is enacted, agent vendors are operating without specific safe harbour and the residual liability flows through general negligence and contract law.

Insurance treatment of model output liability is unsettled. Indian PI policies do not specifically exclude or include hallucinated outputs. The position likely turns on whether the hallucination constitutes an 'error or omission' in the vendor's service (potentially covered) or a known limitation of the underlying technology that the vendor disclosed (potentially excluded). Lloyd's wordings are beginning to incorporate explicit AI output endorsements; these can be added to an Indian programme as part of a layered tower.

The Digital Personal Data Protection Act 2023 took effect for substantive provisions in 2024 and 2025 with the Data Protection Board operational from mid-2025. For AI agent vendors that process personal data on behalf of customers, the DPDP Act creates obligations as either data fiduciaries or data processors, with penalty exposure up to INR 250 crore for significant breaches.

An AI agent that operates on customer data is almost always a data processor under the DPDP framework, with the customer (the deploying enterprise) as the data fiduciary. The processor's obligations under Section 8 include processing personal data only on the fiduciary's instructions, implementing reasonable security safeguards, and assisting the fiduciary with breach notification and individual rights requests. The penalty exposure for a processor is direct and substantial: the Data Protection Board can impose penalties for failure to implement security safeguards, with the schedule providing penalties up to INR 250 crore for the most serious breaches.

The specific risk for agent vendors is that the agent's autonomous decision-making creates personal data processing that the customer may not have specifically instructed. An agent that decides to query an additional data source to complete a task, or that retains conversation history beyond what the customer contemplated, may have processed personal data outside the scope of the fiduciary's documented instructions. This creates direct DPDP exposure for the vendor.

The interplay with IT Act 79 is that the safe harbour was originally drafted for passive intermediaries (hosting platforms, ISPs) and its application to active AI systems is contested. In a contested DPDP enforcement action, the vendor would not be able to rely on Section 79 to escape processor liability under DPDP because the two statutes operate on different theories. DPDP processor liability is contractual and statutory under DPDP itself; the Section 79 safe harbour is a separate intermediary liability shield primarily relevant to defamation, copyright, and other content-based claims.

For insurance, the DPDP exposure is normally addressed through Cyber Liability rather than PI. Indian cyber policies, filed under IRDAI's cyber circular framework, now routinely include DPDP regulatory fines coverage subject to sublimits, with sublimits typically running INR 5 crore to INR 25 crore for mid-market technology companies. The coverage trigger and the question of whether wilful or grossly negligent processing is excluded is wording-specific. Agent vendors should ensure their cyber policy:

• explicitly covers DPDP penalties (not just generic regulatory fines)
• has a defence cost component for Data Protection Board investigations
• includes coverage for breach notification, individual rights response, and forensic investigation
• does not exclude AI-driven data processing or autonomous data collection

Premium benchmarks for AI agent startups are being established case by case, with insufficient claims history in the segment to support standardised rating. The data points available from market placements between mid-2024 and Q1 2026 suggest the following ranges for Indian agentic AI startups.

For a seed to Series A agent startup with INR 5 crore to INR 25 crore in revenue, fewer than 20 enterprise clients, and an agent operating in a low-risk domain (sales or marketing automation, content workflows), an IRDAI-filed PI policy with USD 2 million aggregate limit is typically priced between INR 14 lakh and INR 28 lakh annually. This is a premium loading of approximately 30 to 50 percent over a comparable non-agent SaaS company, reflecting underwriter uncertainty about the risk.

For a Series B agent startup with INR 40 crore to INR 150 crore in revenue operating across higher-risk domains (financial workflows, infrastructure automation, autonomous coding into customer production environments), the programme will typically combine USD 5 million IRDAI-filed PI with a USD 5 million Lloyd's excess layer carrying AI-specific endorsements. Total programme cost typically runs INR 70 lakh to INR 180 lakh annually. The Lloyd's excess is critical at this scale because Indian domestic capacity for an AI agent risk written on the standard PI wording rarely exceeds USD 5 million on a single-carrier basis.

For late-stage agent companies operating at scale across multiple customers with mission-critical agent deployments, total tower limits of USD 15 million to USD 25 million are increasingly demanded by enterprise customers. These programmes are placed through global brokers, involve four to six carriers, and require detailed risk submissions including model evaluation reports, deployment architecture documentation, customer use-case categorisation by risk level, and incident history. Annual costs are in the range of USD 350,000 to USD 900,000.

A specific structuring decision for agent startups is the relationship between the PI tower and a separate Cyber tower. The two policies must be reviewed together for overlap and gap. A cyber incident that causes an agent to malfunction and that malfunction causes downstream customer losses can trigger both policies. Without careful coordination, the insurers will dispute which policy responds first, leaving the vendor exposed to the gap. Standard practice now is to specify in both policies which is primary for AI-related losses (typically PI is primary, Cyber is excess) and to negotiate consistent definitions of 'claim' and 'occurrence' across both wordings.

Enterprise customer contracts for AI agent products typically include an insurance schedule that procurement has adapted from a generic SaaS template, sometimes inadequately for the agent's actual risk profile. The standard schedule specifies Professional Liability or Tech E&O limits (commonly USD 2 million to USD 10 million), Cyber Liability limits (commonly USD 5 million to USD 10 million), and General Liability limits (commonly USD 1 million per occurrence).

The vendor's negotiation positions should address three specific points relevant to agent risks.

First, the per-occurrence versus aggregate distinction. US procurement teams frequently use 'USD 5 million Tech E&O' to mean per occurrence. Indian PI products default to aggregate. A USD 5 million aggregate limit may not satisfy a per-occurrence requirement if multiple claims arise in the policy year. Verify and document the construction before signing.

Second, additional insured status. Customer contracts increasingly request that the customer be named as additional insured on the vendor's PI policy. Indian PI products historically do not accommodate additional insureds on professional liability coverage because the coverage is structured around the insured's own professional services. Some carriers will provide a broad waiver of subrogation as an alternative, which protects the customer from a subrogation claim by the insurer following a covered loss. This is generally acceptable to enterprise customers as an equivalent to the additional insured request.

Third, the agent-specific representations and warranties. Customer contracts increasingly include vendor representations such as 'vendor warrants that the agent will not take any action that materially harms customer's systems', 'vendor warrants that all agent decisions are logged and auditable', and 'vendor warrants that the agent's failure rate will not exceed X percent'. These are contractual obligations independent of the insurance discussion, but they create exposure that flows back into the indemnity and therefore the insurance need. A specific failure-rate warranty creates strict liability for performance which no PI policy will cover. Negotiate these warranties to reasonable best-efforts language wherever possible.

VC term sheets at Series A and beyond for agentic AI companies are starting to include specific insurance covenants. Several term sheets reviewed in 2025 included covenants requiring USD 5 million in Professional Liability and USD 5 million in Cyber Liability at closing, with limits scaling with revenue per a specified schedule. Insurance adequacy is increasingly a closing condition rather than a post-close obligation.

A practical insurance stack for an Indian agentic-AI startup in 2026, structured by stage and revenue:

At seed stage, before significant enterprise revenue, the priority lines are: Directors and Officers Liability for the company at limits of INR 5 crore to INR 10 crore, basic Cyber Liability at INR 10 crore limit, and Employment Practices Liability if the headcount has reached 25 or more. Tech E&O or PI can be deferred until the first enterprise contract requires it, though buying it earlier establishes a clean claims history that benefits later renewals. Typical total annual spend at this stage: INR 8 lakh to INR 18 lakh.

At Series A, with INR 5 crore to INR 25 crore in revenue and a small enterprise customer base, the stack expands to include PI at USD 2 million aggregate (INR 14 lakh to INR 28 lakh), Cyber at INR 15 crore to INR 25 crore limit (INR 10 lakh to INR 20 lakh), D&O at INR 15 crore to INR 25 crore (INR 6 lakh to INR 12 lakh), and General Liability and Employment Practices at appropriate levels. Total spend: INR 40 lakh to INR 75 lakh annually.

At Series B, with INR 40 crore to INR 150 crore in revenue, the structure typically becomes a layered tower for PI (USD 5M Indian + USD 5M Lloyd's), upgraded Cyber, increased D&O for an enlarged board and ESOP exposure, and the addition of specific covers depending on the agent's operating domain. A finance-ops agent vendor will add fidelity and crime cover; an agent operating on production infrastructure will add specific contractual liability for downstream customer losses. Total spend: INR 1 crore to INR 2.2 crore annually.

The pre-IPO and late-stage structure adds international layers, increases all limits to support enterprise customer requirements at the USD 20 million plus level, and may include specialised endorsements such as media liability for agent outputs, regulatory investigation cover beyond standard sublimits, and reputation risk for incidents that draw public attention.

Broker selection for agentic AI risks is more material than for commodity insurance. The right broker has direct relationships with at least two Indian PI underwriters who have written AI-specific risks, Lloyd's coverholder access for excess layer placements, and an in-house technology practice that understands the difference between an LLM wrapper and a deployed autonomous agent. Global composite brokers (Marsh, Aon, WTW, Gallagher) operate in this space, as do several Indian specialist brokers with composite licences and technology client practices. The brokerage discussion is not commodity; the value comes from wording negotiation and claims advocacy, not from premium discount.