The emerging risk for design firms, IT consultancies and marketing agencies. Where does cover sit when AI-generated output produced by your firm allegedly infringes a third party’s intellectual property rights?
A 32-person marketing agency in Bristol is engaged by a consumer brand for a major rebrand and campaign launch. The brief is broad: identity refresh, six campaign images, three short-form videos and a website redesign. The agency’s creative director, under deadline pressure, uses a commercial image-generation model (the agency has a paid subscription with commercial-use rights) to generate visual variants. One of the chosen variants, after light retouching, becomes the campaign hero image. It launches across the client’s channels in late October.
In December a freelance photographer from Berlin discovers that the hero image is substantially similar to a series of compositions she published in 2021 — a particular framing of a coastal scene with distinctive colour grading, lighting and subject placement. She instructs solicitors. A letter before action is sent to the client and the agency demanding take-down, damages and an account of profits.
Forensic analysis of the model’s training corpus is impossible. The model provider’s terms of service include an indemnity in favour of paying subscribers for IP claims arising from model output, but that indemnity is subject to limits and exclusions; the provider’s litigation team is reviewing.
The agency’s PI policy excludes some forms of IP infringement. The agency’s cyber policy has a media liability head. The agency’s client wants to know who is paying.
Copyright in the UK. Copyright subsists in original artistic works (Copyright, Designs and Patents Act 1988, section 1). Infringement requires copying of a substantial part. Designers Guild v Russell Williams [2000] UKHL 58 establishes the substantial-part test as qualitative not quantitative. Where an AI-generated image is substantially similar to a copyrighted work, the question of whether substantial copying has occurred is fact-dependent and turns on whether the AI model has effectively reproduced protected expression rather than unprotected ideas.
The training data question. The UK position on whether training a generative model on copyrighted works is itself infringement is unsettled. Getty Images v Stability AI (proceedings in the High Court since 2023) has tested the question at scale; the outcome will shape UK doctrine for years. As at June 2026 the position is that training without licence is potentially infringing, that text and data mining exceptions in CDPA 1988 section 29A apply only to non-commercial research, and that broader commercial-use exceptions have not been adopted in UK law (the UK government’s 2023 consultation on a broader TDM exception was paused).
Output similarity vs training data infringement. The agency’s exposure relates to output — the campaign image as published. The output’s similarity to the photographer’s work is the operative question for the infringement claim. The training data dimension is the model provider’s exposure, not directly the agency’s.
Liability cascade. The client (brand owner) is the primary infringer in publishing the image. The agency is the secondary infringer in producing and supplying it. The agency may also have given contractual warranties to the client about non-infringement. The client may have a direct claim against the model provider via terms of service.
Damages. Statutory damages, account of profits, and injunctive relief. Account of profits attributable to the campaign — for a major consumer brand — can be substantial. Reasonable royalty estimates start at a few thousand for an editorial use and climb to mid-six-figures for major campaign use.
The agency’s PI policy is a creative services form with a £5m limit.
IP exclusion. Many creative services PI policies exclude or sub-limit IP infringement, often via an exclusion for “infringement of intellectual property rights” with a carve-back for unintentional infringement of copyright. The carve-back is critical for AI use cases — the agency did not intend to copy the photographer’s work, but the substantial similarity is alleged regardless.
Where the carve-back applies, the agency’s PI responds to the unintentional copyright infringement. The defence and indemnity flow through PI. The limit may be a sub-limit (£250k–£1m is common); the agency in our scenario has a £1m IP sub-limit.
Contractual indemnity to client. The agency’s terms with the client typically include an indemnity in respect of IP infringement of materials supplied by the agency. The PI policy may or may not respond to contractual indemnities — many do, subject to a liability that would have arisen at common law qualification. Read the wording.
Professional negligence dimension. A separate cause of action is available to the client against the agency in professional negligence: the agency owes a duty to take reasonable care to avoid supplying infringing material. The PI policy responds to this directly under the civil liability head.
The agency’s cyber policy is a fairly standard mid-market form with a media liability head sub-limited to £500k.
Media liability. The media liability head responds to claims arising from content published or supplied by the insured, including IP infringement, defamation, breach of privacy and similar publication-based exposures. The agency’s PI policy may exclude these; the cyber media head may include them.
Sub-limit. The £500k cap on the media liability head may exhaust quickly given the claim quantum.
Cyber event trigger. Some cyber policies’ media liability heads require the underlying claim to arise from a cyber event — that is, the publication was via electronic media. For a published campaign image, this is usually satisfied. For a print campaign it may not be.
The model provider’s terms of service include a customer indemnity for IP claims arising from output, subject to:
The model provider’s indemnity is the cleanest single recovery in many of these scenarios, but is contingent on the customer behaving as required by the terms. The agency must invoke the indemnity formally and quickly.
The overlap is the IP infringement claim itself. PI (subject to its IP carve-back), cyber (under media liability) and the model provider’s contractual indemnity all potentially respond.
The gap is several layers deep:
Sub-limit gap. The aggregate of PI’s IP sub-limit (£1m) and cyber’s media liability sub-limit (£500k) is £1.5m. The claim quantum may exceed this if the campaign is large and the photographer’s claim is well-pleaded.
Coverage gap on training data claims. If the photographer’s claim is framed as training data infringement (which is unusual for output cases but is the doctrine’s frontier), neither PI nor cyber typically responds. The model provider becomes the only defendant.
Reputational and relationship gap. The client’s relationship with the agency is damaged. The client may move some or all work to competitors. The future revenue loss is uninsured.
Account of profits gap. Some PI policies exclude account of profits or disgorgement on the basis that disgorgement is not damages in the conventional sense. Confirm the wording.
A plausible quantum and recovery:
| Head | Quantum | Source |
|---|---|---|
| Damages — reasonable royalty | £180,000 | PI (subject to IP carve-back) |
| Account of profits — agreed | £420,000 | PI or cyber media; or model provider indemnity |
| Photographer’s costs | £140,000 | PI defence allocation |
| Agency defence costs | £210,000 | PI defence |
| Client’s pass-through claim (contractual indemnity) | £180,000 | PI |
| Take-down and re-shoot of campaign | £140,000 | Agency uninsured (or client uninsured) |
| Total | £1,270,000 | mixed |
With the £1m PI IP sub-limit exhausted, the residual £270,000 sits in cyber media (sub-limited to £500k, available capacity £500k) — so cyber media absorbs it. The model provider’s indemnity may pick up a portion subject to the indemnity terms.
Net result: agency out of pocket for the PI excess (£25k) and the cyber excess (£25k), plus uninsured productivity loss. Full quantum covered by the combination of policies plus the model provider indemnity.
This is a good outcome by current market standards. Many agencies in this position discover too late that their PI excludes IP infringement entirely.
AI-generated content claims are the fastest-growing professional liability exposure for creative industries. Three factors are driving this:
The shift in client briefs to require AI-assisted production. Most agency proposals now explicitly contemplate AI use; the client’s expectation is that the agency takes responsibility for the output.
The shift in model provider terms to push IP risk back onto users. Early provider terms accepted broad IP risk; current terms are tighter and indemnify only narrowly.
The growth of automated detection. Tools that identify substantial similarity at scale (reverse image search, fingerprinting) have made claim discovery faster and cheaper for rights-holders.
The market response from insurers is uneven. Some PI insurers have introduced explicit AI use questionnaires at renewal. Some have excluded AI-generated content entirely. Some cyber insurers have expanded media liability to absorb the exposure. The result is a patchwork.
For any firm using generative AI in client deliverables:
Read the IP exclusion in your PI policy. If it does not carve back for unintentional copyright infringement, negotiate. If your insurer will not, look at the cyber media liability head.
Confirm your cyber policy’s media liability head responds to IP infringement and is not restricted to defamation only.
Map the model provider indemnities you rely on. Document the version, the date and the conditions. Some providers’ indemnities are contingent on enterprise-tier subscriptions that you don’t have on the free tier.
Disclose AI use accurately at PI proposal. Section 3 of the Insurance Act 2015 makes this a material circumstance. Hiding it is the worst possible move.
Maintain a provenance log of AI-generated content. Which model, which prompt, which version, which date. This evidence is decisive in dispute.
Include AI-use indemnity language in your client engagement letters. Allocate the risk explicitly between agency and client.
Ensure your client warranties about non-infringement are consistent with what your PI policy covers. If your contract gives a stronger warranty than your insurance covers, you have created a gap.
Train your creative team in basic copyright awareness — especially the difference between unprotected ideas and protected expression.
Q1. If the model provider pays under its indemnity, do my insurers still respond? The model provider indemnity is typically primary for IP claims attributable to model output. Your insurers respond only to the residual. Most policies recognise this without dispute.
Q2. Is “substantial similarity” assessed by a court or by an algorithm? Ultimately by a court. Algorithms can flag candidates; the legal question remains qualitative.
Q3. Does it matter that I had commercial-use rights to the model? Yes — it makes the use of the output non-infringing per the model provider’s licence. It does not extinguish the rights-holder’s claim against you if the output reproduces protected expression.
Q4. Can I rely on a “we used AI in good faith” defence? Not against the rights-holder. Innocence is relevant to damages quantum and to the availability of an account of profits but not to liability for the primary infringement claim.
Q5. What about deepfakes and AI-generated voice / video impersonations of real people? Different exposure — passing off, misuse of private information, image rights, defamation. Not strictly IP but a parallel exposure. Many cyber media policies extend to these.
Q6. Does my client’s PI cover the same claim? The client may have separate cover, but the agency is primarily liable as the supplier. The client typically passes the claim back to the agency under the contractual indemnity.
Q7. What if I’m an IT consultancy using AI to generate code? Same doctrine, different evidence. Copyright in code; potentially patent exposure; potentially trade secret exposure. The PI and cyber treatments mirror those for creative output, but the technical analysis is harder.
Q8. What’s the typical AI proposal-form question now? “Does the firm use generative AI in the delivery of client services?” with sub-questions on training, controls, attribution, and indemnity. Answer accurately.
Copyright, Designs and Patents Act 1988. Designers Guild Ltd v Russell Williams (Textiles) Ltd [2000] UKHL 58. Getty Images (US) Inc v Stability AI Ltd (current proceedings, High Court). UK government 2023 consultation on text and data mining exceptions. Insurance Act 2015, section 3. Major model provider customer terms and indemnity provisions (publicly available). EU AI Act (Regulation (EU) 2024/1689) — relevant for firms supplying to EU customers.
Hub: Cyber vs PI — where cover ends and begins Spoke 8: Reputational damage post-breach Spoke 10: Broker due diligence at PI renewal
Disclaimer: Insurance and legal commentary, not advice on your specific cover. Cyber and PI policy wordings vary materially across insurers — always read your specific policy or ask your broker. Apex Insurance Brokers Limited is authorised and regulated by the Financial Conduct Authority, FRN 724952.
Apex Insurance Brokers serves UK professional services firms and commercial businesses. Call 0117 325 0027, email hello@apexinsurancebrokers.co.uk, or request a quotation.
Get a quote