AI Regulation Tracker / Monitoring signal
IAIS Flags AI as a Cyber and Underwriting Theme in Its Mid-Year Insurance Market Report
On July 9, 2026, the International Association of Insurance Supervisors, the global standard-setter for insurance regulation, published its mid-year Global Insurance Market Report. It names AI as a sector-wide theme to watch, both for its effect on cyber resilience and, later this year, for how insurers underwrite AI liabilities. This is a non-binding monitoring report, not a rule.
On July 9, 2026, the International Association of Insurance Supervisors published the mid-year update to its Global Insurance Market Report. The headline of the report is that the global insurance sector remains broadly stable amid an uncertain macro backdrop. Sitting inside that assessment, though, is a set of themes the IAIS says it is watching, and AI is one of them.
A word on what the IAIS is, because the name matters for how much weight to give this. The IAIS is the global standard-setter for insurance supervision. It brings together insurance regulators from around the world, including US state regulators through the National Association of Insurance Commissioners, to coordinate how the sector is watched and stress-tested. Its Global Monitoring Exercise is an annual surveillance program, and GIMAR is the report that comes out of it. That is the key thing to hold onto here: GIMAR is a monitoring document. It describes and flags. It does not command.
Where AI shows up in the report
The IAIS raises AI in two distinct places, and they are worth keeping separate.
The first is cyber. The report notes, in its own words, that "the growing complexity of cyber risks, particularly with the adoption of frontier AI models, poses challenges for insurers." The point there is about resilience. As frontier AI models get woven into how businesses operate, the cyber-risk picture that insurers have to model and price becomes harder to read. The IAIS is flagging this as a theme for its 2026 Global Monitoring Exercise, meaning it is something supervisors want to keep an eye on across the sector, not a finding that any single insurer has a problem.
The second is underwriting, and this one is a preview. The IAIS signals that its full-year GIMAR, due in December 2026, will look at "insurers' underwriting of AI liabilities and underwriting of liabilities from digital assets, as well as their investments in these digital assets." Read plainly, that means two things are coming under the monitoring lens later this year: how insurers are pricing and taking on the liability risk tied to AI, and how exposed they are, on the investment side, to AI and digital assets. The mid-year report does not resolve any of that. It tells you the analysis is on the way.
What this is, and what it is not
I want to be careful with the language here, because it is easy to turn a supervisor's report into something it is not.
This is a monitoring report. The IAIS runs a surveillance exercise, and GIMAR is where it writes up what it sees and what it plans to look at next. It is not a rule. It is not a standard. It does not impose a capital charge, a disclosure obligation, or a filing requirement on any insurer. No insurer's legal duties changed on July 9 because this update came out.
What the report does is set the agenda for supervisory attention. When the global body that coordinates insurance regulators names AI-cyber resilience and AI-liability underwriting as themes, and says it will analyze the underwriting piece in December, that is a clear signal of where scrutiny is heading. It is a weathervane for insurers and for the accountants and finance teams who support them. It is not a wind anyone is legally required to turn into yet.
So if you see this framed as the IAIS imposing new AI rules on insurers, that is a misread. It has flagged themes and previewed forthcoming monitoring. That is the ceiling of what happened here.
What this means for finance teams
For anyone working in or around the insurance sector, the value of this report is early warning. The IAIS is telling you which AI risks it is going to be studying, and the December GIMAR will put more structure around the underwriting and investment-exposure angles. If your work touches an insurer's AI-liability book, its cyber underwriting, or its digital-asset exposure, this is the moment to make sure you can describe those positions cleanly, because supervisors are about to look at them more closely.
For US CPAs and finance leaders, the relevance is real even though the IAIS is not a US regulator. US-domiciled global insurers sit inside the IAIS monitoring perimeter, and US state regulators participate through the NAIC. Themes that surface at the IAIS level tend to find their way into how domestic supervisors frame their own questions. Treat this as a data point for anticipating where AI-cyber and AI-underwriting scrutiny is going, not as anything that binds a US filing today.
The practical thread is documentation. When a supervisor signals it will analyze how insurers underwrite AI liabilities, the useful move is to be able to show your work on those exposures before anyone asks: how the risk was assessed, what assumptions sit behind the pricing, and where the digital-asset exposure actually is. The report does not tell you to build that. It tells you where the attention is going.
Questions professionals are asking
Did the IAIS issue a new rule about AI in insurance?
No. The mid-year GIMAR is a monitoring and surveillance report published July 9, 2026. It flags AI as a theme to watch and previews forthcoming analysis. It does not create, change, or remove any rule, standard, capital charge, or filing requirement.
What did the report actually say about AI?
Two things. On cyber, that the growing complexity of cyber risk, particularly with the adoption of frontier AI models, poses challenges for insurers. On underwriting, that the full-year December 2026 GIMAR will examine insurers' underwriting of AI liabilities and liabilities from digital assets, along with their investments in those digital assets.
Does this affect US insurers or US CPAs?
Indirectly. The IAIS is the global insurance standard-setter, not a US regulator, so nothing here binds a US filing. But US-domiciled global insurers sit within the IAIS monitoring perimeter and US state regulators participate through the NAIC, so it is a useful early read on where AI-cyber and AI-underwriting scrutiny is heading.
What is GIMAR?
The Global Insurance Market Report is the output of the IAIS Global Monitoring Exercise, an annual surveillance program that tracks risks across the global insurance sector. The mid-year update is a snapshot; the fuller analysis comes in the year-end report, expected December 2026.
Should we change anything because of this report?
Not as a legal matter. There is no requirement to meet. The sensible response is to make sure any AI-liability underwriting, AI-cyber exposure, or digital-asset exposure you touch is documented and defensible, since that is where supervisors have signaled they are looking next.
RELATED BRIEFINGS
Browse the full AI Regulation News tracker
Informational analysis for working professionals, not legal, accounting, or audit advice. Confirm how any standard or requirement applies to your situation with qualified professionals in the relevant jurisdiction.