COI Requirements by Industry: Minimum Coverage Standards
Industry-specific COI requirements for construction, commercial real estate, property management, healthcare, technology, and more.
18 min read
Insurance requirements are not one-size-fits-all. The coverages, limits, and provisions you require from a roofing subcontractor are fundamentally different from what you need from a janitorial service or a SaaS vendor. Getting this wrong in either direction creates problems: require too little, and you are exposed to uninsured losses; require too much, and you price out qualified vendors who cannot obtain or afford the coverage you demand.
This guide provides minimum coverage standards for eight industries and vendor categories. These are baseline requirements — the floor, not the ceiling. Your specific risk profile, contract values, regulatory environment, and loss history should all inform your final requirement sets. But these standards represent the insurance industry consensus on what constitutes adequate protection for each category.
Every table in this guide follows the same structure: coverage type, minimum limit, whether the coverage is required or recommended, and key provisions (additional insured, waiver of subrogation, primary and non-contributory language, and per-project aggregate where applicable).
Coverage Verification Scope
Inori verifies GL, WC, Auto, and Umbrella — the four core coverage types. Specialty coverages listed in this guide (Professional Liability, Cyber Liability, EPLI, Crime/Fidelity, etc.) are industry best practices provided as educational references for designing your vendor requirements.
Construction: General Contractors
Construction is the most demanding industry for COI requirements, and for good reason. The combination of physical hazards, high contract values, multiple parties working simultaneously, and long-tail liability from completed operations creates a risk environment where insurance is not just important — it is existential. A single catastrophic loss on a construction site can generate claims exceeding $50 million.
General contractors sit at the top of the contractual chain on most projects. They are responsible not only for their own operations but for the work of every subcontractor on the job. This dual exposure — direct operational risk plus vicarious liability for subs — drives the requirement for higher limits and more comprehensive provisions.
GC Minimum Requirements
| Coverage | Minimum Limit | Required | Key Provisions |
|---|---|---|---|
| Commercial General Liability | $1,000,000 per occurrence / $2,000,000 aggregate | Yes | Additional Insured (ongoing + completed ops), Waiver of Subrogation, Primary & Non-Contributory, Per-Project Aggregate |
| Workers' Compensation | Statutory limits | Yes | Waiver of Subrogation |
| Employers' Liability | $1,000,000 / $1,000,000 / $1,000,000 | Yes | — |
| Commercial Auto Liability | $1,000,000 combined single limit | Yes | Additional Insured, Waiver of Subrogation |
| Umbrella / Excess Liability | $5,000,000 – $10,000,000 | Yes | Follow-form over GL, Auto, and Employers' Liability |
| Builders Risk | Project value | Project-specific | — |
| Professional Liability (if design-build) | $2,000,000 | Conditional | — |
| Pollution Liability (if applicable) | $1,000,000 | Conditional | Additional Insured |
The per-project aggregate endorsement is critical for GCs who work on multiple projects simultaneously. Without it, claims on one project can erode the aggregate available for another. On projects valued above $5 million, many owners require a dedicated per-project aggregate equal to at least twice the per-occurrence limit.
Completed operations coverage must extend for the statute of repose in the applicable jurisdiction — typically between 6 and 10 years after project completion. The additional insured endorsement for completed operations (CG 20 37 or equivalent) is non-negotiable on any project where latent defects could emerge after the GC leaves the site.
Construction: Subcontractors
Subcontractors carry the same core coverages as GCs but often at lower umbrella limits, since the contract value of a subcontract is typically a fraction of the overall project. However, the base GL requirement remains the same because the per-occurrence exposure from a sub's work — a scaffolding collapse, a fire caused by welding — can easily reach the $1 million per-occurrence limit regardless of contract size.
Subcontractor Minimum Requirements
| Coverage | Minimum Limit | Required | Key Provisions |
|---|---|---|---|
| Commercial General Liability | $1,000,000 per occurrence / $2,000,000 aggregate | Yes | Additional Insured (ongoing + completed ops), Waiver of Subrogation, Primary & Non-Contributory |
| Workers' Compensation | Statutory limits | Yes | Waiver of Subrogation |
| Employers' Liability | $500,000 / $500,000 / $500,000 | Yes | — |
| Commercial Auto Liability | $1,000,000 combined single limit | Yes (if vehicles used) | Additional Insured |
| Umbrella / Excess Liability | $2,000,000 – $5,000,000 | Yes | Follow-form |
Subcontractors in high-risk trades — demolition, structural steel erection, roofing, asbestos abatement, blasting, crane operation — should carry significantly higher limits. It is standard practice to require $2,000,000 per occurrence GL and $10,000,000 umbrella for these trades. Some project owners push umbrella requirements to $25 million for demolition contractors working on occupied buildings or in dense urban areas.
Flow-down provisions are essential. The GC's subcontract should require subs to carry the same additional insured, waiver of subrogation, and primary/non-contributory provisions that the owner requires of the GC. Without flow-down, a gap exists: the owner is protected against the GC's negligence but not directly protected under the sub's policy.
Commercial Real Estate
Commercial real estate (CRE) encompasses office buildings, retail centers, mixed-use developments, and industrial properties. The COI landscape in CRE is complex because multiple vendor types interact with the same property: property managers, janitorial services, HVAC contractors, security firms, landscapers, elevator maintenance companies, and the tenants themselves.
The building owner or asset manager typically sets the baseline requirements, which flow through the property manager to every vendor and tenant.
CRE Vendor Minimum Requirements
| Coverage | Minimum Limit | Required | Key Provisions |
|---|---|---|---|
| Commercial General Liability | $1,000,000 per occurrence / $2,000,000 aggregate | Yes | Additional Insured (owner + manager as AI), Waiver of Subrogation, Primary & Non-Contributory |
| Workers' Compensation | Statutory limits | Yes | Waiver of Subrogation |
| Employers' Liability | $500,000 / $500,000 / $500,000 | Yes | — |
| Commercial Auto Liability | $1,000,000 combined single limit | Yes (if vehicles used on premises) | Additional Insured |
| Umbrella / Excess Liability | $5,000,000 | Yes | Follow-form |
A distinguishing feature of CRE requirements is the certificate holder and additional insured chain. It is common for the certificate to name the building owner, the property management company, and the asset manager as additional insureds. Some institutional owners (REITs, pension funds) also require their parent entity and affiliated entities to be named. Verify that all required parties appear on the certificate — missing one is a compliance gap.
Damage to Rented Premises limits in CRE are often pushed above the standard $100,000 to $300,000 or $500,000, particularly for tenants and vendors who occupy or work inside the building for extended periods.
Property Management
Property management companies occupy a unique position in the insurance chain. They are both a vendor (to the building owner) and a certificate requester (from the vendors and tenants they manage). Their own insurance requirements reflect this dual role.
Property Management Company Requirements
| Coverage | Minimum Limit | Required | Key Provisions |
|---|---|---|---|
| Commercial General Liability | $1,000,000 per occurrence / $2,000,000 aggregate | Yes | Additional Insured (building owner), Waiver of Subrogation, Primary & Non-Contributory |
| Workers' Compensation | Statutory limits | Yes | Waiver of Subrogation |
| Employers' Liability | $500,000 / $500,000 / $500,000 | Yes | — |
| Commercial Auto Liability | $1,000,000 combined single limit | Conditional (if vehicles used) | Additional Insured |
| Errors & Omissions (Professional Liability) | $1,000,000 per claim / $2,000,000 aggregate | Yes | — |
| Cyber Liability | $1,000,000 | Recommended | — |
| Umbrella / Excess Liability | $5,000,000 | Yes | Follow-form |
| Fidelity / Crime | $500,000 | Recommended | — |
Errors & Omissions (E&O) coverage is essential for property managers because their core service is professional advice and management decisions. A failure to properly vet a contractor, a negligent property inspection, or an error in lease administration can all give rise to professional liability claims that are excluded from the CGL policy.
Cyber liability is increasingly required because property management companies handle tenant personal information, process rent payments, and manage building automation systems that are vulnerable to cyberattack. A data breach exposing tenant Social Security numbers or financial information creates liability that no other policy covers.
Fidelity/Crime coverage protects against employee theft and dishonesty — a real concern when property management staff handle security deposits, rent collections, and vendor payments on behalf of the owner.
Healthcare
Healthcare organizations face a unique risk profile driven by the severity of bodily injury claims, the sensitivity of protected health information (PHI), and the dense regulatory environment (HIPAA, state licensing requirements, CMS conditions of participation). Vendors working in healthcare settings must carry coverages that address these specific exposures.
Healthcare Vendor Requirements
| Coverage | Minimum Limit | Required | Key Provisions |
|---|---|---|---|
| Commercial General Liability | $1,000,000 per occurrence / $2,000,000 aggregate | Yes | Additional Insured, Waiver of Subrogation, Primary & Non-Contributory |
| Workers' Compensation | Statutory limits | Yes | Waiver of Subrogation |
| Employers' Liability | $500,000 / $500,000 / $500,000 | Yes | — |
| Professional Liability (Malpractice) | $1,000,000 per claim / $3,000,000 aggregate | Yes (for clinical vendors) | — |
| Cyber Liability | $1,000,000 | Yes (for vendors with PHI access) | — |
| Commercial Auto Liability | $1,000,000 combined single limit | Conditional | Additional Insured |
| Umbrella / Excess Liability | $5,000,000 | Recommended | Follow-form |
Professional Liability in healthcare is the equivalent of medical malpractice insurance. Any vendor providing clinical services — staffing agencies placing nurses, therapists, or technicians; telehealth platform providers; medical device companies with field service engineers — must carry professional liability. The $1M/$3M minimum is standard, but some hospital systems require $2M/$6M for high-acuity specialties (surgery, anesthesiology, obstetrics).
Cyber liability is not optional for any vendor that touches PHI. Under HIPAA, a covered entity can be held responsible for a breach caused by a business associate. Requiring cyber liability from vendors who access, store, transmit, or process PHI transfers that financial risk back to the party that caused the breach. The $1 million minimum should be treated as a floor — vendors with access to large patient databases should carry $2 million or more.
The Business Associate Agreement (BAA) is not an insurance document, but it is part of the compliance package. Healthcare organizations should track BAA status alongside COI status for every vendor with PHI access.
Technology Vendors
Technology vendors — SaaS providers, cloud infrastructure companies, systems integrators, managed service providers, and IT consultants — present a risk profile dominated by professional errors, data breaches, and intellectual property disputes rather than physical hazards. The insurance requirements reflect this: professional liability and cyber coverage are primary, while auto and umbrella requirements are less prominent.
Technology Vendor Requirements
| Coverage | Minimum Limit | Required | Key Provisions |
|---|---|---|---|
| Commercial General Liability | $1,000,000 per occurrence / $2,000,000 aggregate | Yes | Additional Insured, Waiver of Subrogation |
| Workers' Compensation | Statutory limits | Yes | Waiver of Subrogation |
| Employers' Liability | $500,000 / $500,000 / $500,000 | Yes | — |
| Technology Errors & Omissions | $2,000,000 per claim / $2,000,000 aggregate | Yes | — |
| Cyber Liability | $2,000,000 | Yes | — |
| Commercial Auto Liability | $1,000,000 combined single limit | Rarely required | — |
| Umbrella / Excess Liability | $2,000,000 – $5,000,000 | Recommended | — |
Technology E&O covers financial losses your organization suffers because of the vendor's professional failure: a software bug that corrupts your data, a system integration error that causes downtime, or a failure to deliver contracted services. This is fundamentally different from general liability, which covers bodily injury and property damage. Many technology vendors carry a combined Tech E&O / Cyber policy, which is acceptable as long as the limits are sufficient to cover both types of claims without one eroding the other.
Cyber liability must include both first-party and third-party coverage. First-party coverage pays for the vendor's own breach response costs (forensics, notification, credit monitoring). Third-party coverage pays for claims by your organization and your customers arising from the breach. Verify that the policy covers regulatory fines and penalties, which is not always included by default.
For vendors processing payment card data, verify PCI DSS compliance alongside insurance. A cyber policy is not a substitute for proper security controls — and many cyber policies exclude losses arising from known non-compliance with security standards.
Retail Tenants
Retail tenants present the simplest requirement set. Their primary exposure is slip-and-fall claims from customers and damage to the leased premises. Unless the tenant operates a high-risk business (restaurant, gym, daycare), a basic GL package is sufficient.
Retail Tenant Requirements
| Coverage | Minimum Limit | Required | Key Provisions |
|---|---|---|---|
| Commercial General Liability | $1,000,000 per occurrence / $2,000,000 aggregate | Yes | Additional Insured (landlord + manager), Waiver of Subrogation |
| Workers' Compensation | Statutory limits | Yes (if employees) | — |
| Damage to Rented Premises | $300,000 – $500,000 | Yes | — |
| Business Personal Property | Tenant's discretion | Recommended | — |
| Umbrella / Excess Liability | $1,000,000 – $2,000,000 | Recommended | — |
Retail tenants with liquor exposure (bars, restaurants with liquor licenses) must carry liquor liability coverage, which is either included in the CGL via endorsement or written as a separate policy. Standard limits are $1,000,000 per occurrence. Do not accept a restaurant tenant's COI without verifying liquor liability if they serve alcohol.
Tenants operating fitness centers, daycare facilities, or trampoline parks should be required to carry higher GL limits ($2M per occurrence) and may need abuse and molestation coverage for operations involving children.
Janitorial and Maintenance Services
Janitorial and maintenance vendors work on-site regularly, often during off-hours when they are the only personnel in the building. Their exposure includes slip-and-fall (both their employees and building occupants encountering wet floors), property damage (chemical damage to finishes, broken equipment), and theft.
Janitorial / Maintenance Requirements
| Coverage | Minimum Limit | Required | Key Provisions |
|---|---|---|---|
| Commercial General Liability | $1,000,000 per occurrence / $2,000,000 aggregate | Yes | Additional Insured, Waiver of Subrogation, Primary & Non-Contributory |
| Workers' Compensation | Statutory limits | Yes | Waiver of Subrogation |
| Employers' Liability | $500,000 / $500,000 / $500,000 | Yes | — |
| Commercial Auto Liability | $1,000,000 combined single limit | Conditional (if vehicles used) | Additional Insured |
| Fidelity / Crime (Employee Dishonesty) | $100,000 – $500,000 | Recommended | Client named as loss payee |
| Umbrella / Excess Liability | $1,000,000 – $2,000,000 | Recommended | Follow-form |
Fidelity / Crime coverage is particularly important for janitorial vendors because their employees have unsupervised access to the building after hours. Employee dishonesty bonds protect against theft by the vendor's employees. Ensure the bond names your organization as a loss payee so you can make a direct claim.
For vendors using chemical cleaning products, verify that the CGL policy does not contain a pollution exclusion that would bar claims from chemical spills or fume exposure. Some janitorial vendors carry a separate pollution liability policy for this exposure, which is appropriate for vendors handling industrial-strength solvents or performing specialty cleaning (mold remediation, biohazard cleanup).
Transportation and Logistics
Transportation vendors present a risk profile driven almost entirely by automobile and cargo exposures. The severity of commercial vehicle accidents — particularly involving large trucks — drives significantly higher auto liability requirements than any other industry.
Transportation Vendor Requirements
| Coverage | Minimum Limit | Required | Key Provisions |
|---|---|---|---|
| Commercial General Liability | $1,000,000 per occurrence / $2,000,000 aggregate | Yes | Additional Insured, Waiver of Subrogation |
| Workers' Compensation | Statutory limits | Yes | Waiver of Subrogation |
| Employers' Liability | $500,000 / $500,000 / $500,000 | Yes | — |
| Commercial Auto Liability | $1,000,000 – $5,000,000 combined single limit | Yes | Additional Insured, MCS-90 endorsement (if applicable) |
| Motor Truck Cargo | $100,000 – $500,000 (based on cargo value) | Yes (for carriers) | — |
| Umbrella / Excess Liability | $5,000,000 – $10,000,000 | Yes | Follow-form over GL + Auto |
Federal Motor Carrier Safety Administration (FMCSA) requirements set the legal minimum for interstate carriers: $750,000 for general freight, $1,000,000 for hazardous materials (non-bulk), and $5,000,000 for certain hazmat categories. These are regulatory minimums — contract requirements typically exceed them.
The MCS-90 endorsement is required by federal law for interstate carriers. It guarantees that the insurer will pay claims even if the policy would otherwise not respond (for example, if the carrier violated a policy condition). Verify the MCS-90 endorsement is listed on certificates from any vendor operating across state lines.
Motor Truck Cargo insurance protects the goods being transported. The appropriate limit depends on the value of the cargo. Verify that the cargo policy covers the specific type of goods being shipped — many cargo policies exclude perishables, live animals, or high-value electronics without a specific endorsement.
For transportation vendors with hired and non-owned auto exposure (companies whose employees drive personal vehicles for business purposes), verify that the commercial auto policy includes hired and non-owned auto coverage or that the vendor requires personal auto liability from its employees.
Master Comparison Table
The following table provides a side-by-side comparison of minimum requirements across all eight industry categories. Use this as a starting point for building your requirement sets.
| Coverage | Construction (GC) | Construction (Sub) | Commercial RE | Property Mgmt | Healthcare | Technology | Retail Tenant | Janitorial | Transportation |
|---|---|---|---|---|---|---|---|---|---|
| GL (Occ/Agg) | $1M / $2M | $1M / $2M | $1M / $2M | $1M / $2M | $1M / $2M | $1M / $2M | $1M / $2M | $1M / $2M | $1M / $2M |
| Workers' Comp | Statutory | Statutory | Statutory | Statutory | Statutory | Statutory | Statutory* | Statutory | Statutory |
| Employers' Liability | $1M | $500K | $500K | $500K | $500K | $500K | — | $500K | $500K |
| Commercial Auto | $1M CSL | $1M CSL | $1M CSL† | $1M CSL† | $1M CSL† | Rare | — | $1M CSL† | $1M–$5M CSL |
| Umbrella / Excess | $5M–$10M | $2M–$5M | $5M | $5M | $5M | $2M–$5M | $1M–$2M | $1M–$2M | $5M–$10M |
| Professional / E&O | Conditional | — | — | $1M/$2M | $1M/$3M | $2M/$2M | — | — | — |
| Cyber Liability | — | — | — | $1M | $1M | $2M | — | — | — |
| Cargo | — | — | — | — | — | — | — | — | $100K–$500K |
| Add'l Insured | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Waiver of Sub | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Primary & Non-Contrib | Yes | Yes | Yes | Yes | Yes | — | — | Yes | — |
| Per-Project Aggregate | Yes | — | — | — | — | — | — | — | — |
*Statutory Workers' Comp required only if the tenant has employees. †Auto required only if vehicles are used on premises or in performance of the contract.
Building Your Requirement Sets
These tables are starting points. To build requirement sets that fit your specific program, follow this process:
Step 1: Identify your vendor categories. Map every vendor type you work with to the closest industry category above. Most organizations have 4 to 8 distinct vendor categories.
Step 2: Adjust limits based on contract value and risk. For contracts exceeding $1 million, consider increasing umbrella requirements. For vendors performing high-risk work, increase GL per-occurrence limits. For vendors with access to sensitive data, increase cyber limits.
Step 3: Define required provisions. At minimum, require additional insured status and waiver of subrogation from every vendor. Add primary and non-contributory language for vendors working on your premises. Add per-project aggregate for construction.
Step 4: Document everything. Your requirement sets should be written into a formal standard that references specific coverage types, limits, and provisions. Ambiguity in requirements creates ambiguity in compliance — and ambiguity in compliance creates uninsured exposure.
Step 5: Review annually. Insurance markets shift, new risks emerge, and your portfolio changes. Review your requirement sets at least once per year, and adjust based on claims experience, market conditions, and changes in your operations.
Conclusion
Industry-specific COI requirements exist because different industries create different risks. A technology vendor's primary exposure is a data breach; a construction subcontractor's primary exposure is a catastrophic jobsite accident. Setting the same requirements for both wastes everyone's time and leaves gaps where they matter most.
Use the standards in this guide as your foundation. Customize them to your operations, your contracts, and your risk tolerance. And remember that requirements are only as good as the compliance program that enforces them — collecting certificates is the beginning, not the end.
Put this guide into practice
Try our free COI checker first, or start a free trial of the full platform.