One uninsured subcontractor incident can erase the profit margin on an entire project. It sounds like an exaggeration until you see it happen: a framing crew sustains a serious jobsite injury, their workers comp policy lapsed three weeks before the incident, and the claim lands on the general contractor's policy. The deductible alone can be $100,000. Legal fees compound it. Your carrier may non-renew you afterward, or reprice your coverage at a rate that affects every future bid.
This is the real stakes of COI compliance. It is not a paperwork formality. GCs carry vicarious liability for subcontractors who work under their direction - and when a sub's coverage fails, the financial exposure flows upstream. The COI you collected at the start of the project is the only documented evidence that your sub was insured when work began. If you collected the wrong one, accepted an expired one, or missed a coverage gap, that document protects nobody.
This guide covers exactly what insurance requirements to set by trade type, what must appear on every certificate, how to write those requirements into your subcontracts, and how to manage compliance when you're running multiple active projects with dozens of subs simultaneously.
Why GCs Are Responsible for Sub Insurance
The liability exposure runs on several parallel tracks at once, and understanding all of them explains why COI requirements need to be detailed rather than generic.
Contractual indemnification. Most subcontracts include an indemnification clause where the sub agrees to hold the GC harmless from claims arising from the sub's work. This clause is only as strong as the sub's ability to pay. If a claim exceeds the sub's policy limits - or the policy was never valid - the indemnification becomes a worthless promise from a company that may not survive the claim. The GC is left exposed regardless of the contractual language.
Additional insured status. Your subcontract should require that you be named as an additional insured on the sub's general liability policy. This is not just a nice-to-have - it means the sub's insurer defends you directly if a third party (a project owner, a passerby, an adjacent property owner) brings a claim arising from the sub's work. Without additional insured status, you're defending a claim with your own policy and your own legal team, even though someone else caused the incident.
Downstream liability chain. On larger projects, the project owner often requires the GC to be additionally insured on all sub policies, and the GC's contract with the owner may include provisions that pass through if the GC fails to properly insure its subcontractors. A deficiency in your sub's coverage can directly breach your contract with the owner - not just expose you to liability, but void your right to payment under the contract.
OSHA and workers compensation exposure. Workers compensation operates differently from general liability. A sub's employee injured on your site files a workers comp claim with their employer's carrier - but if that coverage doesn't exist or has lapsed, OSHA investigations can extend to the GC for failing to maintain a safe site. In states with contractor liability statutes, the GC may be directly liable for injured workers of uninsured subs as if they were GC employees. The exposure is not theoretical.
Standard Minimum COI Requirements by Trade
Coverage requirements should be scaled to the risk profile of the work. A framing crew working at height with heavy equipment is not the same risk as a landscaping sub doing final grade. Applying the same flat requirement to everyone either under-insures your high-risk trades or creates unnecessary friction with low-risk vendors.
The following table reflects market norms for commercial construction in the $5M-$50M project value range. Adjust upward for high-rise, large multi-family, or projects with unusual hazard profiles. These are minimums - your owner's contract requirements or your carrier's recommendations may be higher.
| Trade / Risk Tier | GL Per Occ | GL Aggregate | Auto CSL | Umbrella / Excess | WC Statutory |
|---|---|---|---|---|---|
| High Risk - Structural framing, concrete, steel erection, roofing, excavation, demolition | $2M | $4M | $1M | $10M | Required |
| Elevated Risk - MEP (mechanical, electrical, plumbing), HVAC, curtain wall, glazing, elevators | $2M | $4M | $1M | $5M | Required |
| Moderate Risk - Drywall, insulation, flooring, painting, millwork, masonry | $1M | $2M | $1M | $5M | Required |
| Standard Risk - Specialty finishes, tile, cabinetry, signage, low-voltage | $1M | $2M | $1M | $2M | Required |
| Lower Risk - Site cleanup, landscaping, final cleaning, temporary facilities | $1M | $2M | $1M | $2M | Required (if employees on site) |
Umbrella / excess coverage fills the gap above primary GL, auto, and employer's liability limits. Always require the umbrella to be "follow form" - meaning it follows the terms and conditions of the underlying policies rather than having its own exclusions. A non-follow-form umbrella may deny a claim that the primary policy would have covered if the primary limits were higher.
Note on professional liability: Design-build subs, engineers of record, and specialty contractors providing stamped drawings need separate professional liability (errors and omissions) coverage. This is not captured on an ACORD 25 and should be confirmed via a separate ACORD 25E or certificate from their E&O carrier.
What Must Be on Every Subcontractor COI
A COI that lists adequate coverage limits is still worthless if the critical endorsements and designations are missing. Every subcontractor certificate you accept should include all of the following - not some of them, all of them:
Your company named as additional insured on GL and umbrella. This is the single most important item. The additional insured designation must appear on the certificate - either in the description of operations box or via endorsement reference. "Blanket additional insured per endorsement CG 20 10 / CG 20 37" is acceptable language. A certificate that says "XYZ Construction to be named as additional insured if required by written contract" is not sufficient - that conditional language is not a guarantee of AI status and has been rejected by courts.
Certificate holder equals the project owner or you - per your contract. Who appears in the certificate holder box matters. Your owner contract will typically specify who the certificate holder should be. If the contract requires the owner to be listed and you're listed instead, the owner may object - and the certificate may need to be reissued before work can start.
Waiver of subrogation on all applicable lines. A waiver of subrogation prevents the sub's insurer from suing you to recover what it paid the sub's employee or a third party. Without it, the sub's carrier can accept a workers comp claim, then turn around and sue the GC for contribution toward the loss. The waiver must appear on GL, auto, and workers comp lines. Check the waiver of subrogation box on the certificate and verify the underlying policy has the endorsement.
Policy effective date before work start date. An obvious check that gets missed in volume. If a sub's GL policy effective date is October 1 and they broke ground September 28, there is a three-day gap with no coverage. The project owner's contract almost certainly prohibits work during coverage gaps. Document the check - if you approved work that preceded policy inception, that decision needs to be on record.
No coverage gaps during the full project duration. Policy expiration dates must extend through the anticipated project completion date, including the typical extensions for punchlist and closeout. If a project is scheduled to wrap in November and a sub's policy expires in September, you need an updated certificate before that expiration date - not after work ends, before.
Understanding the difference between ACORD 25 and ACORD 28 certificates matters here - most subcontractor COIs should be ACORD 25 (liability), but if a sub is also providing builder's risk coverage or property insurance, you may receive an ACORD 28. See the guide on ACORD 25 vs ACORD 28 differences for the full breakdown of which form covers what.
Common Contract Language for COI Requirements
The subcontract is where COI requirements become enforceable. A verbal agreement or a pre-bid checklist item does not give you legal standing to withhold payment or remove a sub from the project for non-compliance. The insurance requirements section of your subcontract needs to be specific enough that a sub's broker can write the policy without needing to call you for clarification.
A well-drafted insurance requirements section should include:
- Specific coverage types and minimum limits for each, matched to the sub's trade risk tier
- A requirement that all policies be placed with insurers rated A- VII or better by AM Best
- Explicit additional insured language: "Subcontractor shall name [GC Name], [Owner Name], and [Lender Name if applicable] as additional insureds on a primary and non-contributory basis on all commercial general liability and umbrella policies for both ongoing operations and completed operations"
- Primary and non-contributory language: "Such insurance shall be primary and non-contributory with respect to any other insurance or self-insurance maintained by the additional insureds"
- Waiver of subrogation on all applicable lines
- 30-day notice of cancellation requirement (10 days for non-payment)
- A requirement to provide updated certificates before each policy renewal date
- A provision that work may not commence until compliant certificates are received and approved
Blanket AI vs. named AI endorsements: Blanket additional insured endorsements (CG 20 10 04 13 for ongoing operations, CG 20 37 04 13 for completed operations) automatically extend AI status to any party the named insured is contractually required to cover. This is the preferred format because it doesn't require the insurer to issue a specific endorsement for every project. Named AI endorsements work too but require the specific entity name to appear on the endorsement itself - if there's a name mismatch, coverage can be denied.
Tier 2 and Tier 3 Subcontractors
Your named sub may in turn hire their own subs for specialized work. An electrical sub brings in a fire alarm specialist. A concrete sub brings in a pump truck operator. These tier-2 subs are working on your site under your general conditions, and their insurance gaps create the same exposure as a direct sub's gaps - except you may not even know they're there.
Address this in two ways. First, your subcontract should include a flow-down requirement: "Subcontractor shall impose insurance requirements on all sub-subcontractors not less restrictive than those set forth herein, and shall provide evidence of such coverage upon request." Second, require your direct subs to submit COIs for any sub-sub they bring on site before that sub-sub begins work. This is the practical enforcement mechanism - without it, the flow-down clause is unenforceable in practice even if it's valid on paper.
The difficulty with tier-2 enforcement is that your direct sub may resist the administrative burden. Build it into your pre-qualification process: subs who can't demonstrate that they have a compliant sub-sub COI program are a risk indicator. The subs who push back hardest on insurance requirements are often the ones with coverage gaps.
Managing COIs Across Multiple Active Projects
The complexity of COI management scales exponentially with project volume. A single active project with 20 subs is manageable. Six simultaneous projects each with different insurance requirements, different owner-specified certificate holders, and different completion dates creates a tracking problem that spreadsheets genuinely cannot solve reliably.
The core challenge is that the same sub may work on multiple projects with different requirements. Your electrical sub might be on a light commercial build that requires $1M GL and on a high-rise that requires $2M GL with a $10M umbrella. Their policy either meets the higher standard or it doesn't. But you need to know which projects they're on and which requirements apply to each, and you need to know when any of those policies expires relative to each project's schedule.
Per-sub tracking tells you "this sub has a valid COI" but not "this sub's COI meets the requirements for each project they're currently on." Per-project tracking tells you "all subs on this project have compliant COIs as of today" - which is actually what your owner and your insurer want to know.
Automated COI parsing solves the data extraction problem - instead of manually reading every certificate and entering the limits, dates, and endorsements, you get structured JSON from the API and run your compliance logic programmatically against your per-project requirements. For the operational workflow that sits on top of that - routing, approvals, escalations, expiration alerts - see our guide on building a COI compliance workflow.
Integrating COI Verification into Your Bid Process
The cheapest time to identify an insurance problem with a subcontractor is before you award them work. Once a sub is on your schedule and their mobilization is coordinated with other trades, removing them for a COI deficiency creates real project delay and cost. Front-loading the insurance check eliminates that leverage problem.
Require COI submission as part of the bid package. Your invitation to bid should explicitly state that a compliant COI is a prerequisite for bid evaluation - not for contract award, for evaluation. If a sub can't produce a compliant certificate during the bid phase, they almost certainly won't have one ready when you need to start work three weeks after award.
A practical pre-qualification checklist for COI review at bid time should verify:
- Coverage types are present and limits meet your trade-tier minimum requirements
- Insurer is rated A- VII or better (verify at ambest.com - the NAIC code on the certificate makes this lookup fast)
- Policy dates extend through your expected project completion date, or the sub confirms renewals are automatic and they will provide updated certificates on renewal
- Waiver of subrogation is present on GL, auto, and WC lines
- Additional insured endorsement language is present (blanket is preferred)
- Certificate holder field matches what your owner contract requires
For teams using Procore, the project management platform has a built-in COI tracking module that can hold certificates against requirements. Where the workflow breaks down is the data entry step - someone still has to read each PDF and type in the limits, dates, and endorsement details. Connecting Procore's COI requirement fields to an API-parsed data source eliminates that manual step entirely and allows you to automate the compliant / non-compliant flag in Procore rather than relying on a coordinator to make that judgment call by eye.
What to Do When a Sub's COI Lapses Mid-Project
Policy expirations during active work are the most common COI compliance failure. The sub's policy renews automatically most of the time - but sometimes it doesn't: the sub missed a premium payment, switched carriers without coordinating the renewal timeline, or their broker dropped the ball on issuing an updated certificate. Your system should catch this before work resumes after the lapse date, not after.
When a lapse is identified:
- Issue a stop work notice immediately. This is not punitive - it's contractually required under most owner agreements and it documents that you took action when you discovered the lapse. Continuing to allow work after a known lapse exposes you to a coverage denial argument if a claim occurs during that gap period.
- Document the date the lapse was discovered, not just the date work stopped. The gap between expiration and discovery is important for your own records and potentially for your insurer.
- Contact the sub and their broker simultaneously. The sub may not even know their policy lapsed. Most brokers can issue a binder or updated certificate same-day once the renewal is confirmed - the problem is usually administrative, not a substantive coverage gap. Get the binder first, resume work, get the formal certificate within 5 business days.
- If the sub cannot produce renewed coverage within 2 business days, escalate. At that point you need to assess whether you have another sub who can perform the work during the gap, or whether the schedule can accommodate the delay. Document the decision either way.
- Update your COI records with the renewed certificate and note the lapse period. If the project owner requests a compliance certification at closeout, this documentation shows you identified and remediated the gap rather than letting it go unnoticed.
Prevention is far simpler than remediation. A system that sends automated renewal requests to subs 60 and 30 days before policy expiration - rather than waiting for the certificate to actually expire - catches the vast majority of lapses before they happen. This is the kind of workflow that automated COI verification enables at scale without requiring a full-time compliance coordinator to manage.
Putting It All Together
The GCs who have the fewest COI problems in practice share a common approach: they treat insurance verification as a system rather than a task. Requirements are defined by trade tier and written into subcontracts. Pre-qualification happens at bid time. Certificates are parsed and checked against requirements programmatically rather than by eye. Expiration monitoring runs automatically and triggers renewal requests in advance. Lapses trigger documented stop work notices with a clear remediation path.
None of this requires a large compliance team. It requires consistent process and the right tools. Manual COI tracking - whether on spreadsheets or in file folders - creates the illusion of compliance without the substance. You have a certificate on file, but you may not know whether it's still valid, whether it meets the requirements for the specific project the sub is currently on, or whether the additional insured endorsement language will actually hold up if you need to trigger it.
Automated parsing turns the certificate from a static PDF into queryable data. That data can drive your compliance checks, your expiration alerts, your Procore integrations, and your closeout documentation - without anyone reading a PDF by hand. For teams processing more than 20 certificates per month, the ROI of automation is measured in hours per week, not months per year.
If you're building or improving a COI compliance program, COI ParseAPI is designed to be the data layer that makes the rest of the system work. You define the requirements per project and per trade tier. The API handles the extraction and compliance scoring. Your workflow handles the routing and approvals.