Whether you’re facing challenges or looking for tailored solutions, our team is here to help. Get in touch with us today and take the next step towards securing your business’s future.
By mid-2026, almost every SA professional services firm has integrated some form of generative AI into the work they deliver to clients. Drafts are produced with AI assistance. Research is augmented by AI summary tools. Code reviews, contract reviews, design iterations, financial models, and client communications all routinely involve AI somewhere in the workflow. The productivity gains have been real. The legal, regulatory, and indemnity implications, however, are only now starting to surface in claim conversations and renewal discussions with insurers.
Three forces are converging in 2026. South Africa’s Department of Communications and Digital Technologies has signalled forthcoming AI governance requirements. The Information Regulator continues to interpret POPIA in ways that touch AI-driven processing. And EU regulators are enforcing extraterritorial AI rules that catch SA firms serving EU clients. For SA professional services firms, the question is no longer whether AI changes their liability profile. It does. The question is what they need to disclose, document, and insure to protect themselves and their clients. All cover discussed here is subject to underwriting and final policy wording.
South Africa does not yet have a single dedicated AI statute, but the regulatory environment in 2026 is more shaped than it was 18 months ago. Several developments matter for professional services firms.
POPIA enforcement is sharpening on AI processing. The Information Regulator has issued multiple enforcement notices in late 2025 and early 2026 relating to automated decision-making, AI-driven profiling, and the use of personal information as AI training data. POPIA section 71 specifically restricts automated decision-making that has legal or significant effect on a data subject, and the Regulator’s interpretation is now actively applied to AI-assisted professional advice, particularly in financial services, healthcare, and legal services.
Sector regulators are issuing AI guidance. The FSCA has issued draft principles for AI use in financial services. The Health Professions Council is consulting on AI-assisted clinical decision support. The Legal Practice Council has issued ethics circulars on AI in legal practice. Each sector’s guidance differs in detail but shares common themes: human oversight, disclosure, accuracy verification, and accountability.
Department of Communications and Digital Technologies signals. The Department has publicly committed to publishing an AI policy framework in 2026, with consultative draft already circulated. The framework is expected to introduce AI risk categorisation, transparency requirements, and possibly mandatory disclosure for AI use in high-stakes decisions.
The cumulative effect is that SA professional services firms cannot wait for a single law to crystallise. The regulatory exposure is already present through POPIA, sector regulators, and contractual obligations.
“Disclosure” in the AI context covers several distinct audiences and obligations. Each matters for different reasons.
Where AI tools have materially contributed to deliverables provided to a client (legal opinion, medical report, engineering calculation, financial model, marketing copy), the prudent position is to disclose this in writing. The disclosure protects the firm in three ways. First, it prevents the client from later arguing that they assumed the work was fully human-produced. Second, it shifts the conversation about residual risk to a documented baseline. Third, where a claim arises, the disclosure establishes that the AI involvement was not concealed.
The form of disclosure varies by service. A short clause in the engagement letter setting out the firm’s AI use policy is one approach. A specific notation on each AI-assisted deliverable is another. The choice depends on the type and frequency of AI involvement.
Where AI is used in a way that triggers sector regulatory obligations (FSCA financial advice, HPCSA clinical assessment, LPC legal advice), the firm must follow the disclosure rules of the regulator concerned. These are evolving, and the safe default is to over-disclose rather than under-disclose pending clearer guidance.
At renewal, professional indemnity insurers are increasingly asking about AI use in the proposal form. Honest, specific disclosure protects the cover. Generic answers (“we use AI tools sometimes”) risk being interpreted as material non-disclosure if a claim later arises involving an undisclosed AI workflow.
POPIA requires data subjects to be informed when their personal information is being processed for automated decision-making. If your AI workflow processes client data to generate advice or decisions, the data subject (your client, or in some cases your client’s customers) needs to be informed in a manner consistent with POPIA section 18.
Professional indemnity policies issued before 2024 generally do not address AI explicitly. Whether they respond to an AI-related claim depends on five questions that every SA professional services firm should answer this quarter.
1. Does the policy define “professional services” broadly enough to include AI-assisted work? If the definition references specific services or activities, AI-augmented versions of those services should fall within the definition. If the definition is silent or ambiguous, this needs clarification at renewal.
2. Does the policy exclude “automated processes” or “algorithmic decision-making”? Some older PI wordings have exclusions written in a pre-AI context that could be read to exclude AI-assisted work. Where this exclusion exists, an explicit AI carve-back is needed.
3. Does the policy cover liability arising from third-party AI tools? Where the firm’s AI workflow uses third-party AI APIs (OpenAI, Anthropic, Google, Microsoft Copilot), the firm may face liability for outputs that originated from those tools. The policy needs to respond to errors that arise even where the firm itself used the tool properly.
4. Are intellectual property claims arising from AI-generated content covered? AI-generated text, images, code, and designs can inadvertently reproduce training data, creating copyright or trademark claims. Where the firm delivers such content to a client, the firm may face indemnity claims from the client if a third party sues for infringement. PI policies vary in how they address this; explicit AI-specific IP cover is becoming a recommended endorsement.
5. Does the policy address regulatory investigations triggered by AI use? POPIA investigations, FSCA inquiries, HPCSA proceedings, and LPC reviews can all be triggered by AI-related complaints. Whether the PI policy responds to defence costs in regulatory matters depends on the wording. Many SA PI policies have regulatory defence extensions; check whether AI-related regulatory matters fall within the scope.
See our existing guidance on professional indemnity for engineers and consultants and PI for allied health and telemedicine for related limit and retro-date considerations.
Most SA professional firms are still using engagement letters drafted before 2024. These letters typically do not address AI in any form. The addition of a short AI clause closes a gap that may matter at claim time.
A balanced AI clause typically addresses:
The exact wording must reflect the firm’s regulatory environment (legal, medical, engineering, financial advice). A generic AI clause will not satisfy sector-specific obligations.
Different professions face different AI exposures. Common 2026 examples by sector:
AI-drafted contracts containing references to non-existent case law (a documented failure mode of generative AI). AI-generated due diligence reports missing material adverse information. AI-summarised expert reports omitting critical findings. The Legal Practice Council’s 2026 ethics guidance specifically addresses the duty of independent verification of AI output.
AI-augmented diagnosis tools missing differential diagnoses. AI-generated clinical notes mischaracterising patient histories. AI-supported triage misclassifying urgency. The HPCSA’s draft AI guidance emphasises the requirement for documented human clinical judgement on AI-supported decisions, particularly in high-acuity contexts.
AI-generated structural calculations omitting load cases. AI-generated geotechnical reports using inappropriate analogues. AI-augmented design tools producing outputs that breach building code requirements. ECSA‘s professional conduct guidance now expects independent verification of AI-augmented engineering output, particularly on safety-critical work.
AI-generated financial planning advice using outdated tax rules. AI-augmented audit procedures missing material misstatements. AI-summarised regulatory filings missing required disclosures. The FSCA’s draft AI principles emphasise the fiduciary duty to verify AI-driven advice before delivery.
AI-generated security assessments missing known vulnerabilities. AI-augmented penetration test reports including false positives or false negatives. AI-driven incident response advice that does not reflect the specific environment. See related cyber insurance considerations for IT consultancies.
The EU AI Act has extraterritorial reach. SA firms providing AI-driven services to EU clients, or whose AI-driven outputs are placed on the EU market, fall within scope. The Act categorises AI systems into risk tiers (unacceptable, high-risk, limited risk, minimal risk), each with different obligations.
For SA professional services firms, the most relevant categories typically include:
SA firms unsure whether their EU-facing work falls within scope should obtain specific legal advice. The fines for non-compliance are substantial, and the regulatory reach is being actively tested by EU authorities.
From an insurance perspective, the firms with the lowest claim exposure are the ones with documented internal AI use policies. The policies need not be elaborate, but they need to exist and be followed. Key elements:
For SA firms requesting professional indemnity insurance renewals in 2026, having a documented AI use policy is increasingly expected by underwriters and may favourably affect terms.
It depends on the specific wording. Most SA PI policies issued before 2024 do not address AI explicitly. Whether an AI-related claim is covered depends on how “professional services” is defined, whether exclusions for “automated processes” appear, and how third-party tool errors are treated. A targeted policy review by a broker can identify any AI-related gaps in your current cover.
In most professional contexts, yes. The form and detail of disclosure varies by profession and by how material the AI use is to the deliverable. A short clause in the engagement letter is typically sufficient for routine AI assistance. More prominent disclosure is appropriate where AI is central to the deliverable. Where personal information is processed through AI, POPIA disclosure obligations apply separately.
The EU AI Act is a regulatory framework for AI systems placed on the EU market or affecting persons in the EU. It has extraterritorial reach, meaning SA firms providing AI-driven services to EU clients or whose AI outputs reach the EU can fall within scope. The Act categorises AI use into risk tiers with different compliance obligations. SA firms with EU-facing AI use should obtain specific legal advice about applicability.
Yes, AI-generated content can reproduce training data, raising copyright concerns. Where the firm delivers AI-generated content to a client, the firm may face indemnity claims from the client if a third party sues for infringement. Most SA PI policies do not address this exposure explicitly. An AI-specific IP cover endorsement is becoming a recommended addition to PI programmes for firms whose AI use produces client deliverables.
Claims involving AI-augmented research or drafting where the AI tool produced an inaccuracy that the human reviewer did not catch. Examples include legal opinions citing non-existent cases, financial models using outdated assumptions, engineering calculations with embedded errors, and medical reports with mischaracterised history. The defence to these claims is documented human verification, which underscores the importance of an internal AI use policy and audit trail.
No. The productivity advantages of AI in professional services are large and growing, and firms that refuse to use AI will lose competitiveness. The correct response is to use AI thoughtfully with documented controls, disclose appropriately, structure engagement letters to address AI, and ensure professional indemnity cover is updated to respond to AI-related exposures. The combination delivers the productivity gain while managing the liability profile.
Key features include an explicit definition of “professional services” that captures AI-assisted work; carve-back from “automated process” exclusions; explicit cover for liability arising from third-party AI tools; AI-specific IP infringement cover; regulatory defence cover extending to AI-related investigations; and reasonable claims handling provisions for novel claim types. A broker review identifies which of these features your current policy includes and which need to be negotiated at renewal.
AI is now embedded in how SA professional firms do work. The legal, regulatory, and insurance implications are still catching up, and the firms that act now will be ahead of the curve when the first major AI-related claims start to test policy wordings in 2026 and beyond. Contact Berkley Risk or call 011-702-8250 to arrange a professional indemnity review that addresses your AI use, engagement letter alignment, and regulatory exposure, subject to underwriting and insurer appetite.
Berkley Risk (Pty) Ltd arranges/places/co-ordinates insurance with licensed insurers. FSP #54407. This article is general information only and does not constitute legal, financial, or regulatory advice. All cover is subject to underwriting acceptance and final policy wording.
Berkley Risk (Pty) Limited (Registration Number 2017/412000/07)
Authorised Financial Services Provider under the Financial Advisory and Intermediary Services Act No 37 of 2002 – FSP#54407