Q Quark
← Guides
Pre-insurance checklist

AI Risk Assessment Checklist Before Applying for Coverage

What underwriters actually need to know about your AI deployment, and how to document it before you apply. This covers all eight risk dimensions Quark scores during assessment.

Updated: April 2026 Read time: 10 min Topics: Underwriting · Risk assessment · Checklist

Most companies approaching AI liability coverage for the first time have already done some of this thinking — they just have not documented it in the form underwriters need. This checklist is designed to close that gap. Work through each dimension before submitting an intake form and you will move through underwriting significantly faster.

How to use this checklist

Each item below is interactive — check it off as you confirm you have the documentation in place. Your score is a rough signal of coverage-readiness, not a formal assessment.

Checklist progress 0 / 24 items

Why documentation quality changes your terms

Underwriting AI risk is fundamentally a documentation exercise before it is a pricing exercise. A carrier cannot accurately price what it cannot see. Companies with structured documentation of their AI deployment consistently receive broader coverage and better terms than companies with identical technical footprints but no documentation.

The eight dimensions below correspond to how Quark's platform scores AI deployments during the automated risk assessment phase. Being prepared on these dimensions before you apply means assessment completes faster, remediation needs are smaller, and the path to a bound policy is shorter.

Dimension 1: Deployment scope

01

What your AI does and where it is deployed

Written description of the AI system's intended purpose and primary use cases
List of all customer-facing deployments, including third-party integrations that use the system
Identification of any high-risk verticals (healthcare, finance, legal, employment, education)

Dimension 2: Data handling

02

What data your AI touches and how it is managed

Data classification inventory: categories of data the model processes (PII, PHI, financial, proprietary)
Data retention policy with documented deletion schedules
Confirmation of whether customer data is used to retrain or fine-tune models, and customer consent documentation

Dimension 3: Model governance

03

How the model is managed over time

Documentation of the model(s) in use: provider, version, fine-tuning status
Change management process for model updates and version control
Evaluation benchmarks run before each production deployment

Dimension 4: Human oversight

04

Where humans remain in the loop

Decision inventory: which decisions are advisory (human approves), which are automated (AI acts directly)
Override procedure: how operators or end users can override or escalate an AI decision
Monitoring cadence: how often outputs are reviewed by humans for quality and accuracy

Dimension 5: Agentic actions

05

Whether your AI can take autonomous actions

List of tools, APIs, or systems the AI can call without human approval
Maximum impact of a single autonomous action (financial cap, data scope, communication reach)
Reversibility assessment: which autonomous actions can be undone and which cannot

Dimension 6: Security controls

06

Guardrails and adversarial defenses

Input/output filtering: documented controls preventing harmful or policy-violating content
Prompt injection testing: evidence that the system has been tested against adversarial inputs
Rate limiting and abuse controls on API access

Dimension 7: Incident response

07

What happens when something goes wrong

AI-specific incident response plan, separate from or extending your general IR plan
Kill switch or degraded-mode procedure: how you disable or constrain the AI in an emergency
Customer notification process for AI-related incidents under your contractual obligations

Dimension 8: Regulatory exposure

08

Which regulations apply to your deployment

Regulatory mapping: which of EU AI Act, Colorado AI Act, or California AB 316 apply based on your customer base
Contractual liability review: identification of customer contracts that include AI performance warranties or indemnification clauses
Compliance evidence: any certifications, audits, or assessments completed in the last 12 months

What comes next

If you have worked through this checklist and have most of these items in place, you are in a strong position to move through underwriting quickly. The intake form on Quark's main page will ask for this information in a structured format. Having the answers ready typically cuts the time from submission to a first underwriting view from days to hours.

If gaps exist, particularly in human oversight documentation or security testing, the remediation phase of Quark's process will surface those specifically and guide you through what is needed to close them before coverage is bound.

Ready to start your assessment?

Submit your intake and get a first underwriting view within 72 hours.

Start a coverage review