Robotics Insurance: Coverage for Autonomous Patrol Units

An autonomous patrol unit is neither a classic asset nor a classic guard post. It is both at once. That produces a risk structure standard policies do not capture. Risk managers who want to set up robotics insurance properly must separate three risk classes, understand the contract structure in the RaaS model, and document the KRITIS requirements before underwriting.

Robotics Insurance: What an Autonomous Patrol Unit Must Cover

Insurance for autonomous systems splits into three risk classes. First: property damage to the robot itself, meaning machine breakdown, electronic damage, theft, vandalism. Second: third-party damage caused by the robot, meaning personal injury and property damage to employees, visitors or installations. Third: cyber incident on the robot, meaning manipulation of the sensors, takeover of the control system, data exfiltration from the OT network.

The degree of autonomy determines coverage logic. A partly autonomous patrol with remote monitoring is treated differently in liability terms than a fully autonomous unit with independent intervention logic. Insurers ask precisely about intervention thresholds, escalation paths and human final control before underwriting.

The site type significantly affects the premium. Indoor warehouse (QR-1), outdoor perimeter (QR-2) and KRITIS site (QR-3) produce different damage scenarios. An indoor robot rarely encounters weather and vandalism, but faces closer personnel contact. An outdoor robot is exposed to hail, storms and sabotage.

Operating windows matter. 24/7 operation increases exposure to weather, vandalism and unintended personnel contact linearly with operating hours. The sum insured should not be based on acquisition cost, since in the Robotics-as-a-Service model no CapEx sits with the customer. The relevant figures are guard service restoration cost and potential third-party damages.

Liability: Personal Injury, Property Damage, Financial Loss

Operator liability applies when the robot injures a third party or damages property. The keeper position must be contractually clarified. In the RaaS model, Quarero remains owner of the device. The customer becomes contractual operator and therefore carries the operational traffic safety obligation on its site.

EN ISO 13482 is the international safety standard for personal care robots and forms the basis for conformity assessment in the insurance context. Insurers explicitly refer to this standard when assessing liability questions.

The EU Machinery Regulation 2023/1230 replaces the Machinery Directive and defines conformity obligations for autonomous machines from 2027. Insurers check compliance before underwriting. Operating without documented conformity risks coverage exclusion in the event of a claim.

The minimum coverage sum in the DACH market is €5 million combined for personal injury and property damage in outdoor use [source to add]. For KRITIS sites and industrial parks we recommend €10 million [source to add]. Financial loss coverage must be negotiated separately when the robot has access to production facilities or data networks. A sensor failure that triggers a production stoppage does not fall under personal injury or property damage. It falls under financial loss.

Next step: mirror the keeper position in the RaaS contract and in the operator liability policy. Contract model details at Robotics-as-a-Service model.

Machine Breakdown and Electronics: Damage to the Robot Itself

Machine breakdown insurance for robots covers internal operating damage, operator error, short circuit and overvoltage. Electronics insurance complements this policy with theft, vandalism, storm, hail and water damage. Both modules belong together, otherwise gaps arise between internal and external causes.

The sensor suite is the most expensive single component. LiDAR and thermal camera cost between a four- and five-digit amount per unit depending on configuration. Both should be explicitly listed in the policy. Blanket equipment policies without a sensor clause regularly lead to disputes about replacement value in the event of a claim.

In RaaS contracts, Quarero bears the asset risk on the device. The customer insures only gross negligence and third-party fault. That is the decisive dividing line for risk managers. Anyone taking out additional comprehensive cover is buying double insurance. The deductible typically sits at €1,000 to €2,500 per claim, depending on the sensor package [source to add]. For QR-3 at KRITIS sites with extended sensors, the deductible can be higher.

Cyber Coverage: When the Robot Becomes an Attack Vector

The NIS-2 Directive obliges essential and important entities to documented cyber risk management, which also includes networked patrol robotics. Anyone subject to NIS-2 who operates a networked robot without listing it in the risk register has a documentation problem first. The insurance problem comes after.

Classic cyber policies cover data breaches, extortion and business interruption from IT incidents. Robotics additionally requires OT clauses for manipulation of the sensors. A spoofed LiDAR or a manipulated patrol path is not a classic IT incident, but an OT security incident with physical consequences.

Insurers ask about BSI-Grundschutz level, firmware patch cycle and network segmentation before underwriting. Anyone running the robot in the same VLAN as office IT receives either surcharges or exclusions.

For drone-based attacks on the robot (jamming, spoofing), standard policies usually do not respond. These scenarios belong in a separate sabotage or cyber-physical clause. Business interruption after a cyber incident must be negotiated separately when guard service operationally depends on the robotics. Details on regulatory obligations at NIS-2 Compliance and NIS-2 and Board Liability.

KRITIS-specific Clauses and Obligations

The KRITIS-Dachgesetz obliges operators to physical resilience. Insurers check the protection concept as a basis for underwriting. Anyone with KRITIS status who cannot show a documented protection architecture pays surcharges or receives no coverage for sabotage-like scenarios.

BBK-registered facilities often receive lower premiums because of the documented security architecture. Registration is not an end in itself, it is an underwriting criterion.

The BSI-KritisV defines sectoral requirements that feed into underwriting practice for KRITIS-related policies. Energy, water and health have different thresholds and different requirement profiles, which translate into coverage conditions.

Sabotage and terror coverage must be explicitly included for KRITIS sites. In standard policies, both are excluded. Official orders after an incident (shutdown, retrofit, investigation) likewise belong in the coverage scope, otherwise the operator bears these costs alone. Full overview at KRITIS requirements.

Contract Structure in the RaaS Model: Who Insures What

The RaaS insurance model distributes risk by contract. Quarero insures the device itself (hull, machine breakdown, electronics) within the monthly service price. The customer insures operator liability towards third parties on its site. That is the basic split from which all further clauses derive.

The cyber risk is shared. Quarero secures firmware, OTA updates and the backend platform. The customer secures the network in which the robot operates. Anyone who fails to document the interface between robot and plant network in a responsibility matrix risks a jurisdiction dispute in the event of a claim. Both insurers will then point at each other.

Subsidiarity clauses in the policy prevent double insurance. Without them, in the event of a claim neither insurer pays first. Both refer to the other. The interface to the existing plant or industrial policy must be set out in writing. A broker email is not sufficient. Both insurers must confirm in writing.

With a 24-month contract term, a premium adjustment clause should apply only with a documented loss ratio. A blanket adjustment based on market development enables annual increases with no factual basis.

Premium Calculation: What Insurers Actually Check

Site risk is the first lever. Industrial park, KRITIS facility and logistics hub have different loss ratios in reinsurer statistics. A logistics hub with high personnel turnover and 24/7 operation is riskier than a closed industrial site with low visitor traffic.

The sensor package is the second lever. QR-3 with LiDAR and drone detection causes a higher property premium but reduces third-party risk through better detection. This trade-off must be made visible in the calculation. Otherwise the customer pays twice: more for the sensors and at the same time the premium of a robot without sensors.

Operating hours per year and kilometres travelled feed into rating. A robot with 8 hours of daytime operation has a different risk base than a 24/7 patroller. Loss history at the site over the past three years is requested, not just the robot's. Anyone with regular sabotage or vandalism at the site before robotics operation pays higher premiums. This applies regardless of the specific device.

Operator training records and a service contract with the manufacturer are minimum requirements. Without these records, underwriting generally does not proceed. BDSW industry data show the cost structure of conventional 24/7 guard posts and provide the benchmark. A conventional 24/7 guard post costs €15,000 to €25,000 per month. Robotics sits well below. It reduces personnel risk, which also feeds through into the liability premium. Detailed cost comparison at TCO comparison guard service.

Five Mandatory Points Before Contract Signing

Five points must be worked through before contract signing. First: request conformity documentation under the EU Machinery Regulation and EN ISO 13482 from the manufacturer. Without these documents, no serious insurer underwrites.

Second: align the site risk assessment with the insurer, not on your own. An internally produced risk assessment without insurer feedback offers little protective effect in the event of a claim.

Third: bring the interface between plant security, IT security and insurance together in one document. Three separate documents create three different responsibilities. In the event of a claim, three different attributions of blame follow. A practical example at perimeter protection in the industrial park.

Fourth: clarify claim reporting channels. Who calls whom when the robot fails or collides at 03:00? This question must be answered before the first deployment. Phone numbers, escalation levels and time windows belong in writing.

Fifth: schedule a fixed annual policy review in the KRITIS context, in parallel with BBK reporting. That keeps insurance, regulatory reporting and protection concept synchronised. Anyone letting these three strands drift apart discovers gaps only in the event of a claim.

For the concrete split between Quarero coverage on the device and customer coverage on the site, we recommend a structured initial call. The contract structure and the included insurance modules are documented in the Robotics-as-a-Service model.