D&O insurance and the AI-supervision claim: where Caremark meets agentic AI in 2026

If you sit on a board, on an audit committee, or on a risk committee at a public or PE-backed company in 2026, the question we keep getting is whether the board’s existing oversight posture for “mission-critical” AI is adequate under the Caremark line. The honest answer is: the case law has not yet produced a definitive AI-Caremark ruling, but the structural conditions for one are now in place, and the D&O insurance market is already pricing the anticipated risk into renewal terms.

Three things have shifted in the last twelve months that most boards have not fully internalised. First, agentic AI is moving from an experimental category to a mission-critical one in many enterprises, which is the threshold that triggers the elevated Caremark standard for board oversight. Second, the documented in-the-wild failure cases (covered in our agentic AI failure case studies) are now substantial enough that “we did not foresee this” stops being a credible board defence. Third, D&O insurance markets are tightening AI-specific terms at renewal, and the policy language buyers receive in 2026 differs materially from what they signed in 2024.

The board-level question is no longer “does our AI strategy exist.” It is “does our AI oversight system exist, is it documented, and would it satisfy a Delaware Chancery Court reading the record after an incident.”

The Caremark line, briefly

The doctrine traces to In re Caremark International Inc. Derivative Litigation, 698 A.2d 959 (Del. Ch. 1996), which established that a director’s duty of loyalty includes a good-faith obligation to ensure that an information and reporting system exists for matters central to the company’s operations. The standard was substantially elevated in Marchand v. Barnhill, 212 A.3d 805 (Del. 2019), which held that boards must actively monitor “mission-critical” risks and that the absence of a board-level reporting system on such risks can sustain a derivative claim past a motion to dismiss.

The post-Marchand line has been consistent in 2020-2025: when an issue is mission-critical and the record shows no board-level oversight system, plaintiffs survive dismissal. The cases have involved food safety (Marchand itself), opioid distribution (Clovis Oncology), and most recently AI-adjacent technology decisions in 2024-2025 derivative actions.

The pattern that matters for AI: courts evaluate whether the board demonstrated an oversight system that was “good-faith and reasonable,” not whether the board prevented the failure. Boards that can show documented committee oversight, regular reporting from management, and named accountability typically clear the bar even when something goes wrong. Boards that show only general AI policies without operating mechanics typically do not.

Why agentic AI now meets the Caremark “mission-critical” threshold

The threshold question for elevated oversight is whether the function is mission-critical to the enterprise. Three signals indicate that agentic AI now crosses that threshold for many companies:

Customer-facing irreversibility. When an agent takes irreversible action on customer accounts (refund, cancellation, escalation), the surface is mission-critical by definition. The PocketOS incident showed a 9-second deletion of production data via a single agent action; the directional signal is that destructive scope is material.

Revenue-system dependency. Agents now operate in pricing, fraud detection, compliance routing, and claim adjudication at enough enterprises that the failure mode “agent makes a wrong call at scale” is a Q3-earnings-call event, not a department-level issue.

Regulatory exposure under the EU AI Act. Article 9 of Regulation (EU) 2024/1689 requires a documented risk-management system for high-risk AI deployments, with enforcement beginning August 2026. A high-risk AI system the board does not oversee is a structural Caremark gap: the regulator has named the obligation, the company has the deployment, and the board has no oversight artefact.

The combination produces the conditions for Caremark exposure that did not exist for the same companies in 2022. Boards reading their oversight artefacts against this 2026 baseline find gaps that were acceptable two years ago and are not acceptable now.

The D&O market response: renewal terms in 2026

The D&O insurance market reads the same emerging case law and prices accordingly. Three patterns are becoming visible at renewal in 2026:

AI-specific application questions. Marsh’s quarterly D&O market reports, Aon’s commercial insurance updates, and Willis Towers Watson’s directors-and-officers commentary have flagged AI-related questions appearing in renewal applications. The questions typically address: which AI deployments are classified as material, who oversees them at board level, and whether the company has a documented AI risk-management system.

Exclusionary language for AI-caused losses. Some carriers in 2026 are adding endorsements that exclude or sub-limit losses arising from autonomous AI actions, particularly where the loss flows from an agent acting beyond defined operational boundaries. The exclusion language varies; the risk is that a broker-distributed renewal renews on tighter terms without the buyer reading the new exclusion carefully.

Higher retentions for AI-mature buyers. Counter-intuitively, buyers with the most AI deployment exposure are sometimes seeing higher retention requirements rather than lower premiums, because the carrier prices the tail-risk of the deployment portfolio. The retention is the deductible that sits with the company before insurance attaches; an elevated retention shifts the first dollar of any incident back onto the balance sheet.

We are not claiming that any specific carrier has issued blanket AI exclusions; the market posture is fragmented and policy-by-policy. What is claimable is that the renewal-cycle questions, language, and pricing have moved enough that boards reviewing their existing policies find different protection than they think they have.

What the audit-committee read looks like

For boards considering whether their oversight posture would satisfy a post-incident Caremark review, four artefacts make the difference between a defensible record and a vulnerable one.

A documented AI inventory. Not a vendor list. An inventory of AI deployments by mission-criticality, with each material deployment named, its operational boundary defined, and the responsible executive named. The inventory is the baseline from which oversight is built.

Named board-level oversight. Either the audit committee, the risk committee, or a dedicated AI committee should have AI on its standing agenda. The committee charter should reference AI explicitly. Minutes should reflect substantive review, not check-box reception of management updates.

Regular reporting from management. Quarterly at minimum for material deployments. Reports should include: incident log, KPI vs threshold, regulatory-status update (especially EU AI Act readiness), and material vendor changes. The reporting cadence is the operating mechanic that distinguishes a documented system from a documented policy.

An incident-response artefact. When an agent fails materially, the board needs a process that produces a record. Who is notified, what is the remediation timeline, when does the board itself review. The artefact is what the plaintiff’s bar will look for in the post-incident discovery.

These four are the audit evidence Article 12 requires at the regulatory level and what a post-Marchand court will look for at the litigation level. The audit and the litigation use the same record.

What this means for your D&O renewal

The practical action before your next D&O renewal is a three-document review.

Read the renewal application carefully. AI questions are appearing where they did not appear before. Honest answers, supported by the four artefacts above, produce defensible records. Vague answers produce policies with gaps the buyer did not know they bought.

Read the policy form and any new endorsements. Specifically check for: definitions of “loss” that exclude or sub-limit AI-caused outcomes, definitions of “wrongful act” that may or may not encompass autonomous-agent failure, and any new AI-specific endorsements added at this renewal cycle. The endorsements are where the protection changes; the policy form has often not changed.

Reconcile policy assumptions with the actual AI inventory. The most common failure is the buyer’s assumption that they have AI exposure X, while the actual AI inventory shows exposure Y. The reconciliation is the audit conversation that needs to happen between the General Counsel, the Head of AI, and the broker before the policy binds.

What we are not claiming

We are not claiming that a definitive AI-Caremark ruling has been issued. The case law is anticipatory; the doctrine applies on its terms; specific AI-context rulings will arrive in 2026-2027 as the documented incidents accumulate.

We are not claiming any specific carrier has adopted any specific exclusion. The D&O market in 2026 is fragmented and the policy-by-policy view varies. The pattern is real; the per-carrier specifics need to be read at renewal.

We are not claiming the four audit-committee artefacts are sufficient defence. They are necessary; whether they are sufficient depends on the specific board’s documented operating discipline and the specific incident.

What changes this read

Cadence on this piece is 60 days because both the case law and the D&O market language move on a multi-quarter timescale. The three things that would change the verdict:

A first-instance Delaware Chancery ruling on AI-Caremark would crystallise the standard and shift the framing from “anticipated” to “established.” Major carrier-level AI exclusion language adopted across the broader D&O market would shift the renewal conversation from “watch the language” to “negotiate the language back.” EU AI Act enforcement actions producing material penalties would convert the regulatory exposure from theoretical to priced.

We will re-test against the Delaware Chancery docket and the Marsh / Aon / WTW D&O market commentary on or before 30 Jun 2026.