3D Printing, Sharing Economy, and Other Emerging Industries

Issue 1: Who Is the Insured And Who Has the Risk?

The first major coverage issue faced by insureds in the 3D printing and sharing economies, and their respective insurers, is the issue of who the coverage is designed to protect, and the related issue of who actually has the risk. For example, consider the products liability risks of property damage or bodily injury as a result of 3D printing activities. Commercial general liability (CGL) policies typically provide coverage (including payment of defense costs) for liability incurred as a result of bodily injury or property damage caused by the insured's product or completed work. In the 3D printing industry, however, the insured may be the entity creating or distributing the digital design, rather than the company actually printing the “product.” This begs the coverage question of whether alleged liability stemming from the resulting product still triggers the digital file creator's or distributor's CGL coverage.

Because these upstream entities may be named in consumer lawsuits or in regulatory investigations, digital design creators and distributors should attempt to contractually shift these risks and an insurance coverage obligation to the downstream manufacturer through the use of carefully drafted indemnity provisions and insurance requirements that require the manufacturer to name the designer and distributor as additional insureds. These entities may also consider requesting a manuscript endorsement to their CGL policy that explicitly provides coverage for this situation as part of the policy's “products-completed operations hazard” coverage.

Businesses involved in the sharing economy, and their insurers, also are confronted with the issues of what risks their existing policies are designed to cover, and what coverage was applied for. For many individuals sharing their homes or vehicles through these services, their individual insurers often may not even be aware of these commercial uses, and thus certainly did not contemplate these uses during policy underwriting. Indeed, many personal policies already explicitly exclude commercial use, such as many homeowners insurance policies. Fortunately for users, many of the businesses facilitating this peer-to-peer market offer insurance to users that is specifically designed for these risks.

Nonetheless, to the extent a commercial use is not properly disclosed in the homeowner's, renter's, or driver's personal policy application, the insurer may seek to rescind coverage even for losses unrelated to the commercial sharing use. Insurance underwriters will no doubt argue that these commercial uses materially change the risk, and any failure to disclose, even if innocent, voids coverage. Accordingly, individuals participating in the peer-to-peer marketplace should take care to properly disclose any commercial uses on their insurance policies and evaluate how their personal coverage interacts with coverage afforded by the peer-to-peer service.

Issue 2: Ensuring Coverage for Management Liability Risks

Second, directors and officers of companies in these emerging industries routinely face novel regulatory and liability issues, and should thus ensure adequate directors and officers (D&O) coverage for not only the company's executives and directors, but the entity itself. In particular, these entities should ensure that “entity coverage” includes broad coverage for lawsuits, investigations, regulatory actions, alternative dispute resolution, criminal proceedings, and administrative actions. Importantly, because these entities may be the target of increased regulatory scrutiny due to their unique and evolving risks, insureds should seek broad coverage for both formal and informal investigations, including investigation coverage that does not require that an “insured person” be a “target” of the investigation.

In addition, emerging risk insureds, particularly those in the 3D printing realm, should ensure that they are covered for damages or economic loss arising from errors or omissions tied to their product or services. Because most D&O policies exclude loss resulting from the insured's rendering of a “professional service,” these insureds should procure errors and omissions (E&O) insurance to cover these risks. Finally, these insureds should also consider using protective language in end-user licensing agreements to protect against these risks, as well as contractual risk transfer through well-crafted indemnity agreements with vendors, clients, and distributors.

Issue 3: Cyberliability Coverage for Emerging Risks Is Not One Size Fits All

Insureds in emerging and evolving industries also should procure a robust cyber insurance program as they may be even more prone to cyber risks than other industries. For example, hackers could steal or alter the digital files used for 3D printing, could shut down 3D printing production, or could take control of 3D printers, among other threats. The consequences can range from subtle or trace defects in manufactured parts to complete production shutdown — both with the potential for catastrophic impact on the affected company or end-user.

While 3D printing insureds, such as manufacturers, may seek to rely on their existing CGL coverage, this coverage is insufficient for the range of cyberliability risks this industry faces. For example, while a few courts have found that loss or damage to data constitutes “direct physical loss or damage” so as to trigger CGL coverage, other courts have disagreed. Compare Eyeblaster v. Federal Insurance, 613 F.3d797 (8th Cir. 2010), (finding that computer “freezing,” pop-up ads, and “hijacked” browsers constituted “property damage”) with Camp's Grocery v. State Farm Fire & Casualty, No. 4:16-cv-0204-JEO, (N.D. Ala. Oct. 25, 2016) (finding no coverage where the claimants alleged harm to “intangible” data). Further, many CGL policies now contain a cyberliability or electronic data exclusion that would limit or bar coverage for loss arising out of the loss of, loss of use of, or damage to electronic data, thus precluding coverage for such an incident.

These insureds should thus ensure that they have a robust cyberinsurance program in place to fill in the gaps left by their legacy insurance products. Such products purport to provide coverage for all cyber-related liabilities, and may offer reputational coverage, network interruption, and even contingent business interruption coverage. Nevertheless, without revisions in the form of a manuscript policy or adequate endorsements, these cyberproducts may too fail to provide adequate coverage. For example, many typical cyberliability policies exclude all “loss” arising out of bodily injury or property damage. This exclusion would prevent coverage for bodily injury or property damage caused by code that causes a 3D printing system to malfunction and injure life or property of a customer or the insured.

Similarly, sharing economy insureds face significant cyberliability and may find that even their cyber-specific policies fail to provide adequate coverage for all risks, such as payment card fines or assessments. For example, in one of the few examples of cyber-specific policy interpretation, a federal court in Arizona considered whether payments made by P.F. Chang's to its third-party credit card processor as indemnification for Payment Card Industry Data Security Standards (PCI-DSS) fines or assessments arising out of a major breach and disclosure of customer credit card numbers constituted a claim for “privacy injury.” P.F. Chang's China Bistro v. Federal Insurance, 2016 WL 3055111 (D. Ariz. May 31, 2016), appeal dismissed, (9th Cir. Jan. 27, 2017). Because the restaurant was seeking coverage for payments to the credit card processor (who reimbursed customers) and not to the customers, the court held the payments were not covered.

Conclusion

The lesson for insureds in these emerging risk industries is that they should carefully scrutinize coverage provided by their legacy and cyber-specific policies to ensure that the coverage procured reflects their unique (and often evolving) risk profile. It is highly unlikely that any single insurance product is going to adequately protect a new or evolving business that was not even imaginable, much less in existence, when the policy form was drafted. Insureds should consult with knowledgeable brokers who specialize in emerging technologies and with experienced coverage counsel who may help guide them through the policy procurement and modification process in order to avoid emerging coverage issues for these and other emerging and evolving risks.

*****
Michael S. Levine is a partner at Hunton & Williams and Andrea L. Defield is an associate with the firm. This article also appeared in Corporate Counsel, an ALM sibling publication of this newsletter.

In an industry predicated on stability and predictability, new industries and technologies test industry tolerances and procedures. When loss occurs, policyholders in new or evolving industries often discover — by chance — gaps in the coverage offered by their legacy products, leading to costly disputes with their insurers. For example, 3D printing has evolved from emerging risk to manufacturing staple. As the industry grows however, it faces increased risk exposures including professional liability, products liability, workers' compensation and employers liability, business interruption and supply chain risks, intellectual property challenges, and, like all businesses, an increasing cyber risk. However, most traditional or “legacy” insurance products fail to provide sufficient coverage for these risk exposures vis-à-vis the 3D printing industry, just as they fail to adequately protect businesses in other emerging industries that, along with their concomitant risks, simply did not exist when the legacy insurance products covering them were formulated.

Another example subject to similar coverage challenges involves the “sharing economy,” such as ridesharing or home-sharing services. Here, too, policyholders and additional insureds face significant coverage issues and gaps in coverage as their risk profiles grow and evolve.

This article addresses three key coverage concerns related to these and other emerging and evolving industries. Policyholders should consider these issues now, when procuring or renewing their insurance policies, to ensure that these potential gaps are adequately filled prior to a claim.

Issue 1: Who Is the Insured And Who Has the Risk?

The first major coverage issue faced by insureds in the 3D printing and sharing economies, and their respective insurers, is the issue of who the coverage is designed to protect, and the related issue of who actually has the risk. For example, consider the products liability risks of property damage or bodily injury as a result of 3D printing activities. Commercial general liability (CGL) policies typically provide coverage (including payment of defense costs) for liability incurred as a result of bodily injury or property damage caused by the insured's product or completed work. In the 3D printing industry, however, the insured may be the entity creating or distributing the digital design, rather than the company actually printing the “product.” This begs the coverage question of whether alleged liability stemming from the resulting product still triggers the digital file creator's or distributor's CGL coverage.

Because these upstream entities may be named in consumer lawsuits or in regulatory investigations, digital design creators and distributors should attempt to contractually shift these risks and an insurance coverage obligation to the downstream manufacturer through the use of carefully drafted indemnity provisions and insurance requirements that require the manufacturer to name the designer and distributor as additional insureds. These entities may also consider requesting a manuscript endorsement to their CGL policy that explicitly provides coverage for this situation as part of the policy's “products-completed operations hazard” coverage.

Businesses involved in the sharing economy, and their insurers, also are confronted with the issues of what risks their existing policies are designed to cover, and what coverage was applied for. For many individuals sharing their homes or vehicles through these services, their individual insurers often may not even be aware of these commercial uses, and thus certainly did not contemplate these uses during policy underwriting. Indeed, many personal policies already explicitly exclude commercial use, such as many homeowners insurance policies. Fortunately for users, many of the businesses facilitating this peer-to-peer market offer insurance to users that is specifically designed for these risks.

Nonetheless, to the extent a commercial use is not properly disclosed in the homeowner's, renter's, or driver's personal policy application, the insurer may seek to rescind coverage even for losses unrelated to the commercial sharing use. Insurance underwriters will no doubt argue that these commercial uses materially change the risk, and any failure to disclose, even if innocent, voids coverage. Accordingly, individuals participating in the peer-to-peer marketplace should take care to properly disclose any commercial uses on their insurance policies and evaluate how their personal coverage interacts with coverage afforded by the peer-to-peer service.

Issue 2: Ensuring Coverage for Management Liability Risks

Second, directors and officers of companies in these emerging industries routinely face novel regulatory and liability issues, and should thus ensure adequate directors and officers (D&O) coverage for not only the company's executives and directors, but the entity itself. In particular, these entities should ensure that “entity coverage” includes broad coverage for lawsuits, investigations, regulatory actions, alternative dispute resolution, criminal proceedings, and administrative actions. Importantly, because these entities may be the target of increased regulatory scrutiny due to their unique and evolving risks, insureds should seek broad coverage for both formal and informal investigations, including investigation coverage that does not require that an “insured person” be a “target” of the investigation.

In addition, emerging risk insureds, particularly those in the 3D printing realm, should ensure that they are covered for damages or economic loss arising from errors or omissions tied to their product or services. Because most D&O policies exclude loss resulting from the insured's rendering of a “professional service,” these insureds should procure errors and omissions (E&O) insurance to cover these risks. Finally, these insureds should also consider using protective language in end-user licensing agreements to protect against these risks, as well as contractual risk transfer through well-crafted indemnity agreements with vendors, clients, and distributors.

Issue 3: Cyberliability Coverage for Emerging Risks Is Not One Size Fits All

Insureds in emerging and evolving industries also should procure a robust cyber insurance program as they may be even more prone to cyber risks than other industries. For example, hackers could steal or alter the digital files used for 3D printing, could shut down 3D printing production, or could take control of 3D printers, among other threats. The consequences can range from subtle or trace defects in manufactured parts to complete production shutdown — both with the potential for catastrophic impact on the affected company or end-user.

While 3D printing insureds, such as manufacturers, may seek to rely on their existing CGL coverage, this coverage is insufficient for the range of cyberliability risks this industry faces. For example, while a few courts have found that loss or damage to data constitutes “direct physical loss or damage” so as to trigger CGL coverage, other courts have disagreed. Compare Eyeblaster v. Federal Insurance, 613 F.3d797 (8th Cir. 2010), (finding that computer “freezing,” pop-up ads, and “hijacked” browsers constituted “property damage”) with Camp's Grocery v. State Farm Fire & Casualty, No. 4:16-cv-0204-JEO, (N.D. Ala. Oct. 25, 2016) (finding no coverage where the claimants alleged harm to “intangible” data). Further, many CGL policies now contain a cyberliability or electronic data exclusion that would limit or bar coverage for loss arising out of the loss of, loss of use of, or damage to electronic data, thus precluding coverage for such an incident.

These insureds should thus ensure that they have a robust cyberinsurance program in place to fill in the gaps left by their legacy insurance products. Such products purport to provide coverage for all cyber-related liabilities, and may offer reputational coverage, network interruption, and even contingent business interruption coverage. Nevertheless, without revisions in the form of a manuscript policy or adequate endorsements, these cyberproducts may too fail to provide adequate coverage. For example, many typical cyberliability policies exclude all “loss” arising out of bodily injury or property damage. This exclusion would prevent coverage for bodily injury or property damage caused by code that causes a 3D printing system to malfunction and injure life or property of a customer or the insured.

Similarly, sharing economy insureds face significant cyberliability and may find that even their cyber-specific policies fail to provide adequate coverage for all risks, such as payment card fines or assessments. For example, in one of the few examples of cyber-specific policy interpretation, a federal court in Arizona considered whether payments made by P.F. Chang's to its third-party credit card processor as indemnification for Payment Card Industry Data Security Standards (PCI-DSS) fines or assessments arising out of a major breach and disclosure of customer credit card numbers constituted a claim for “privacy injury.” P.F. Chang's China Bistro v. Federal Insurance, 2016 WL 3055111 (D. Ariz. May 31, 2016), appeal dismissed, (9th Cir. Jan. 27, 2017). Because the restaurant was seeking coverage for payments to the credit card processor (who reimbursed customers) and not to the customers, the court held the payments were not covered.

Conclusion

The lesson for insureds in these emerging risk industries is that they should carefully scrutinize coverage provided by their legacy and cyber-specific policies to ensure that the coverage procured reflects their unique (and often evolving) risk profile. It is highly unlikely that any single insurance product is going to adequately protect a new or evolving business that was not even imaginable, much less in existence, when the policy form was drafted. Insureds should consult with knowledgeable brokers who specialize in emerging technologies and with experienced coverage counsel who may help guide them through the policy procurement and modification process in order to avoid emerging coverage issues for these and other emerging and evolving risks.

*****
Michael S. Levine is a partner at Hunton & Williams and Andrea L. Defield is an associate with the firm. This article also appeared in Corporate Counsel, an ALM sibling publication of this newsletter.