AI Liability: The next silent risk for
New Zealand businesses

What makes AI different is the speed at which that pattern is unfolding.

In New Zealand, adoption is already well advanced. Datacom research shows that around 87% of organisations are already using AI in some capacity, with many reporting improvements in productivity, efficiency and decision-making. However, while the benefits are immediate, the supporting frameworks around governance, regulation and insurance, are still catching up.

A familiar pattern, evolving faster

The insurance market has seen this before. In the early stages of cyber risk, many exposures sat ‘silently’ within traditional policies. Coverage was not absent but it was often unclear. When losses occurred, that lack of clarity became highly visible.

AI is now tracking along a similar path.

The risks are already present within business operations, whether through automated decision-making, customer-facing tools or internally generated insights. However, the way those risks translate into liability, and how they are treated within insurance programmes, is not always well defined.

The key learning from global markets is that risk tends to emerge first, with clarity on the true impact following later. For New Zealand businesses, this means the question is no longer whether AI introduces liability exposure, but whether that exposure is understood.

New Zealand’s regulatory context

Globally, regulation is still evolving. In New Zealand, the approach has been intentionally light-touch, with a focus on principles rather than AI-specific laws.

Existing frameworks, most notably the Privacy Act, continue to apply and regulators are increasingly enforcing this. The Office of the Privacy Commissioner has also made it clear that privacy obligations extend across the entire AI lifecycle, from data inputs through to outputs and decisions. At the same time the Reserve Bank of New Zealand has signalled concerns around how AI may amplify financial, operational and cyber risks, particularly where third-party providers are involved.

This approach supports innovation but it also changes the risk dynamic. In the absence of detailed regulation, accountability sits more firmly with the business itself. They are required to make judgement calls about how AI is used, governed and controlled, often without definitive external benchmarks.

Where liability is most likely to emerge

One of the defining characteristics of AI risk is that it does not sit neatly in one place.

Unlike traditional risks that align to clear categories, AI creates exposure across multiple parts of the business. A single issue, such as an incorrect output or flawed recommendation, can have implications for professional advice, customer outcomes, operational performance, and governance simultaneously.

From an insurance perspective, this means potential triggers span multiple policies, from professional indemnity through to cyber and directors’ and officers’ liability. The complexity is not just in the risk itself, but in how different policies may respond.

Adding to this complexity is the way AI is typically deployed. Most businesses are not building systems in isolation. They’re relying on a network of external providers, platforms and data sources. This creates an ecosystem where accountability is shared and, at times, unclear.

When something goes wrong, responsibility may not sit with a single party. Instead, it can be distributed across developers, vendors and users, often across jurisdictions. Global experience shows that this is where disputes are most likely to arise, particularly when contractual protections and insurance responses have not been clearly aligned in advance.

The gap between use and control

For many businesses, the most immediate risk does not stem from the technology itself, but from the pace at which it is being adopted.

AI is increasingly being used to support decision-making, streamline processes and enhance customer interactions. However, governance frameworks, internal controls and oversight mechanisms are still developing. This creates a gap between how AI is used and how well it is understood or managed.

It is within this gap that liability is most likely to emerge.

Early indicators from global markets suggest that issues often arise not from system failure, but from over-reliance on AI outputs without sufficient challenge, validation or accountability. Inaccurate insights, biased outcomes or unintended consequences can quickly translate into financial loss, reputational damage or regulatory scrutiny.

Insurance in a period of transition

As with cyber risks, the insurance market is evolving in response to AI.

Insurers are beginning to refine policy wordings and clarify their positions on AI-related exposures. However, this is still a developing area. In many cases, businesses are operating in a period where risk is advancing faster than certainty around coverage.

This creates an environment where exposures may exist, but how they are treated under insurance programmes is not always clear until tested.

The lesson from cyber is that this period does not last indefinitely. As claims emerge and understanding improves, policies tend to become more explicit often with more defined terms, conditions and exclusions. Businesses that engage early are typically better positioned to navigate that transition.

Moving forward with clarity

AI presents a significant opportunity for New Zealand businesses, but it also introduces a new and evolving layer of liability.

The most effective response is not to slow adoption, but to ensure that risk, governance and insurance strategies evolve alongside it. This means understanding where AI is being used, how decisions are being made, and how potential exposures flow through the organisation and into your insurance programme.

Gallagher works with our clients to bring clarity to this complexity by helping identify where risk exists, how it may materialise, and how your insurance can respond.

In a landscape changing this quickly, early insight is a critical advantage.

Click here to download this article.