Vendor Insurance Requirements: What Coverage and Limits to Require
Read any certificate of insurance free. Upload an ACORD 25 and let AI pull the data in seconds.
PDF, JPG, PNG, BMP, HEIC, TIFF
Upload your certificates of insurance
Drop files here or click to upload
Up to 50 files
Uploading...
Vendor insurance requirements are the coverage types and dollar limits you require a vendor or subcontractor to carry before they work for you, proven with a certificate of insurance (COI). A common baseline is commercial general liability of $1M per occurrence and $2M aggregate, workers compensation at statutory limits, commercial auto where vehicles are used, and your company named as additional insured. Higher-risk work usually adds umbrella, professional liability, or cyber coverage. The right numbers depend on the work, the contract, and your own risk tolerance.
Setting requirements is only half the job. The other half is collecting a certificate from every vendor, checking it against what you actually require, and catching the policy that lapses three months later. This guide covers what to require, how much, and how to enforce it without drowning in paperwork.
What are vendor insurance requirements?
Vendor insurance requirements are the minimum coverages and limits you ask a third party to carry as a condition of doing business. They live in your contract or vendor agreement, and the vendor proves compliance by sending a certificate of insurance issued by their agent or broker. The point is contractual risk transfer: if the vendor causes injury or damage while working for you, their policy pays, not yours.
Two things make requirements real rather than decorative. First, you have to verify the certificate actually matches what you asked for, because a large share of certificates fall short on the first pass. Second, you have to keep checking, because a certificate is a snapshot from the day it was issued and coverage can lapse at the next renewal.
What types of insurance should you require from vendors?
The coverage you require should match the risk the vendor brings. A landscaper and a software vendor that stores your customer data create very different exposures. Here are the coverages that come up most often and when each one matters.
| Coverage | What it covers | Require it when |
|---|---|---|
| Commercial general liability (CGL) | Third-party bodily injury and property damage the vendor causes | Almost always, for any vendor on your premises or doing physical work |
| Workers compensation | Injury to the vendor's own employees | Any vendor with employees, especially on-site; required by most states |
| Commercial auto | Accidents involving the vendor's vehicles | Delivery, mobile service, or any vendor driving for the job |
| Professional liability (E&O) | Financial loss from the vendor's advice, design, or services | Consultants, designers, IT, accounting, clinical and other service vendors |
| Cyber liability | Data breach and privacy costs | Any vendor that handles, stores, or can access your data or systems |
| Umbrella / excess liability | Extra limit stacked on top of CGL and auto | Higher-risk work or when contract limits exceed the primary policy |
| Pollution / environmental | Cleanup and claims from contamination | Waste handling, fuel, chemicals, demolition, and similar trades |
Beyond the coverage itself, two endorsements do most of the heavy lifting. Being named as additional insured on the vendor's general liability policy lets you tender a claim to their carrier instead of your own. A waiver of subrogation stops the vendor's insurer from coming after you to recover what it paid. Both should be required in the contract and confirmed on the certificate, not assumed from a checked box.
What insurance limits should you require from vendors?
For most vendors, $1M per occurrence and $2M aggregate in general liability is the standard floor, with workers compensation at statutory limits and $1M combined single limit on auto where vehicles are involved. Raise the limits with the risk: a vendor working around the public, in occupied buildings, or on high-value projects warrants an umbrella of $1M to $5M on top. Match the number to the exposure and the contract, not to a generic template.
| Vendor risk level | Example vendors | Common limit starting point |
|---|---|---|
| Lower risk | Office supplies, light cleaning, remote services | $1M / $2M general liability, workers comp at statutory limits |
| Moderate risk | On-site maintenance, landscaping, delivery, IT services | $1M / $2M general liability, $1M auto, professional or cyber where data or advice is involved |
| Higher risk | Construction, contractors in occupied space, waste handling | $1M / $2M general liability plus $1M to $5M umbrella, workers comp, auto, pollution where applicable |
These are common starting points, not legal or insurance advice. Your contract terms, industry, and counsel guidance should set the final numbers. If you operate in a regulated field, your requirements may also need to satisfy a third party such as a lender, a landlord, or a regulator.
How much insurance should I require from a vendor?
Require enough to cover a realistic worst-case claim from that vendor's work, which usually means $1M per occurrence and $2M aggregate in general liability as a baseline, plus an umbrella for higher-risk jobs. Anchor the number to the size of the loss the vendor could cause and to what your contract or counsel specifies, not to whatever the vendor already happens to carry.
Should I require vendors to name me as additional insured?
Yes, for most vendors doing physical work or providing services on your behalf. Additional insured status on the vendor's general liability policy lets you tender a claim directly to their insurer when their work leads to a claim against you, which protects your own loss history and limits. Require it in the contract, then confirm the endorsement is actually in force, because a notation on the certificate is not the same as the endorsement form.
What is a certificate of insurance and why request one?
A certificate of insurance, usually the ACORD 25 form, is a one-page summary issued by the vendor's agent that lists their active policies, coverage types, limits, and effective and expiration dates. You request one to verify, on paper, that a vendor meets your requirements before they start work. Keep in mind it reflects coverage on the issue date only, so it has to be re-verified at each renewal.
How do I verify a vendor meets my insurance requirements?
Compare each line on the certificate against your written requirements: confirm the coverage types are present, the limits meet or exceed your minimums, the policy dates are current, your company is listed as additional insured where required, and the named insured matches the legal entity you contracted with. Anything short, missing, or expired gets sent back before work begins. Then track the expiration dates so you re-check at renewal.
How to enforce vendor insurance requirements without the spreadsheet
Writing the requirement into a contract is easy. Enforcing it across dozens or hundreds of vendors is where programs break down, because every vendor renews on a different date and certificates arrive as scattered PDFs and email attachments. The work is repetitive and rules-based, which is exactly what software is good at.
A practical workflow looks like this. Set your requirements once, by vendor type if they differ. Collect a certificate from every vendor at onboarding. Read each certificate and check it against the rule automatically. Then monitor expiration dates so a lapse is caught before it becomes a coverage gap. That is the job vendor insurance compliance software does: it reads each ACORD 25 with AI, checks coverage and additional insured status against your rules, and sends renewal reminders before policies expire.
The exact rules vary by who your vendors are. General contractors managing trades lean on subcontractor COI tracking, while hospitals and clinics use COI tracking for healthcare to verify coverage for medical device reps, IT vendors, and construction crews working in occupied space. Whatever the vendor mix, the verification step itself is the same, and certificate of insurance verification covers how to confirm a certificate is genuine and current.
Fitting insurance checks into the rest of vendor onboarding
Insurance is rarely the only thing you collect when you bring on a vendor. Certificates usually arrive by email alongside W-9s and signed agreements, so a tool that can pull structured data out of incoming emails keeps those attachments from piling up in an inbox. If you are onboarding the vendor for payment at the same time, routing the approved vendor into your accounts payable automation and your purchase order workflow keeps insurance status, payment terms, and POs in step instead of living in three different places. The goal is one clean onboarding path where the insurance check is a step, not an afterthought.
The bottom line on vendor insurance requirements
Decide your coverage and limits by the risk each vendor brings, write them into the contract, require additional insured and waiver of subrogation where they matter, and prove compliance with a current certificate. Then keep checking, because the certificate you approved today says nothing about coverage after the next renewal. Get the requirements right and the tracking automated, and one uninsured vendor stops being a loss your business has to absorb.