Additional insured verification is where most COI compliance programs have a false sense of security. An organization collects a certificate, sees "Additional Insured" mentioned somewhere in the Description of Operations, checks the box, and moves on. Then a claim happens - and they discover that the language on the certificate was either too vague to be enforceable, did not cover the type of claim that occurred, or was never actually backed by a policy endorsement at all.
This guide covers what additional insured status actually means, how to distinguish meaningful AI endorsements from certificate boilerplate, and what to do when you need to verify coverage you can actually rely on.
Certificate Holder vs. Additional Insured: Not Even Close to the Same Thing
The certificate holder (Box 3 of the ACORD 25) is simply the party who receives a copy of the certificate and gets notified if the policy is cancelled. That is the full extent of their relationship to the policy. A certificate holder has no rights under the policy, cannot make a claim, and is not defended by the carrier if sued in connection with the vendor's work.
An additional insured is an actual party to the insurance contract for specified purposes. The carrier's duty to defend and indemnify extends to the AI within the scope of the endorsement. This is the protection that matters when an injured party sues you because your vendor's employee caused the injury.
The confusion arises because most COI request processes ask for "certificate holder" information without distinguishing it from "additional insured" requirements. A vendor who lists you as the certificate holder has technically complied with a poorly worded request - but you have no coverage protection at all.
For a full walkthrough of how to structure the initial request to avoid this confusion, see our guide on how to request a certificate of insurance from a vendor.
How Additional Insured Status Appears on ACORD 25
The ACORD 25 does not have a dedicated field for additional insured status. It appears in one of two ways:
Description of Operations (Box 6): The broker types language here referencing the AI endorsement and naming the additional insured entity. This might read: "ABC Corp, 123 Main Street, Anytown, NY 10001 is included as Additional Insured on the Commercial General Liability policy per endorsement CG 20 10 11 85 on a primary and non-contributory basis."
Checkboxes in the coverage sections: The ACORD 25 has a small "ADDL INSR" column next to each coverage line. A check in this column is a signal that an AI endorsement exists for that line - but it is not proof. It is the broker's assertion, not the endorsement itself.
The gold standard for AI verification is not the certificate at all - it is the actual endorsement form attached to the policy. The COI is a summary document. It is explicitly stated in the ACORD 25 disclaimer that the certificate "does not amend, extend or alter the coverage afforded by the policies." If you need enforceable proof of AI status, request the endorsement page.
CG 20 10 vs. CG 20 37: Why the Distinction Matters
The two most important ISO endorsements for additional insured status are CG 20 10 and CG 20 37. They cover different phases of the vendor's work, and requiring only one when you need both is a meaningful coverage gap.
CG 20 10 - Ongoing Operations
CG 20 10 11 85 (and its various revision dates) extends additional insured status for liability arising out of the named insured's ongoing operations performed for you. This covers incidents that happen while the vendor is actively working - a contractor's employee injures a visitor to your site during construction, for example.
The key limitation: once the vendor's work is complete, this endorsement no longer responds. A claim that surfaces after project completion - a structural failure that was not discovered until months after the contractor left - falls outside the scope of CG 20 10.
CG 20 37 - Completed Operations
CG 20 37 extends AI status for liability arising out of the vendor's completed operations - work that has already been finished. This is the endorsement you need for the post-completion claims scenario. For construction projects especially, this is not optional. Many significant liability claims from construction work surface years after completion when building defects manifest.
The standard practice is to require both CG 20 10 and CG 20 37 for any vendor performing physical work on your behalf. The Description of Operations should reference both forms explicitly. If it references only one, you have a gap.
Watch for this pattern: A broker writes "Additional Insured per CG 20 10" in the description and stops there. For ongoing work this seems complete, but the moment the job finishes, coverage for completed operations liability evaporates unless CG 20 37 is also on the policy.
Blanket AI Endorsements: What They Cover and What They Miss
A blanket additional insured endorsement - sometimes written as CG 20 10 with a blanket version (CG 20 33, or carrier-proprietary equivalents) - extends AI status to "any person or organization" that the named insured is required by contract to name as an additional insured. This is administratively convenient because the vendor does not need a separate endorsement for each client.
The catch is that blanket AI endorsements are contract-triggered. Coverage only extends to an additional insured if there is a written contract between the vendor and that party requiring AI status. Verbal agreements do not activate a blanket endorsement. An expired contract may not activate it either, depending on carrier interpretation.
This means that when you see blanket AI language on a certificate, you should confirm:
- There is a signed contract between your organization and the vendor that explicitly requires AI status.
- The contract was in effect at the time of the incident - not just at the time of the certificate issuance.
- The endorsement on the policy is actually a blanket form, not a specific scheduled endorsement that names other parties.
For higher-risk engagements, request a scheduled endorsement that names your entity specifically rather than relying on the blanket form. A scheduled endorsement removes the contract-dependency ambiguity.
Requesting the Actual Endorsement Form
This is the step most organizations skip because they do not want to push back on vendors. It is also the step that makes the difference between verified coverage and assumed coverage.
When stakes are high - a major construction project, a long-term facility management contract, any engagement where a significant injury claim is plausible - request a copy of the actual endorsement form attached to the GL policy. The endorsement will show:
- The exact form number and edition date (CG 20 10 07 04, CG 20 37 10 01, etc.)
- The named additional insured entity and address
- Any conditions or limitations on the AI coverage
- Whether primary and non-contributory language is incorporated
If a broker or vendor declines to provide the endorsement, that is a red flag. A legitimate endorsement is not confidential. A broker who is uncomfortable providing the actual form may be issuing certificates that overstate the underlying policy terms.
"Per Contract" Endorsements and Enforceability
Some endorsements use language like "Additional Insured status applies only as required by written contract." This is the blanket endorsement language described above, but it also appears on some scheduled endorsements as a limiting condition.
The enforceability question turns on whether the underlying contract's AI requirement is clearly worded. Courts have generally upheld blanket and per-contract AI endorsements when the written contract includes explicit AI language. Where the contract is silent or vague on AI requirements, courts have sometimes declined to activate coverage even where the certificate reflected AI status.
The practical implication: your vendor agreements must explicitly require additional insured status. A certificate that says "per contract" is only as good as the contract language behind it. If your standard vendor agreement does not include AI language, fix that first.
Primary and Non-Contributory: How to Verify It Is Actually There
Primary and non-contributory (P&NC) language is often required alongside AI status. It means that the vendor's policy responds first to a claim before your own insurance, and the vendor's carrier will not seek contribution from your policy.
Without P&NC language, a scenario can arise where your carrier and the vendor's carrier dispute who has to pay first - and you end up involved in a coverage dispute even though you are the additional insured.
P&NC must appear in the Description of Operations box or in a specific endorsement. Simply being named as an AI does not automatically grant P&NC status - it is a separate requirement that must be requested explicitly and endorsed separately.
When reviewing a certificate, look for language such as: "Coverage is primary and non-contributory with respect to any other insurance maintained by the Additional Insured." If this language is absent and P&NC is required by your contract, the certificate is deficient.
Waiver of Subrogation vs. Additional Insured Status
These are two different protections that often travel together but serve different purposes.
Additional insured status means you are covered under the vendor's policy for claims arising from the vendor's operations. You can make a claim against the vendor's carrier as an insured.
Waiver of subrogation means the vendor's carrier agrees not to pursue you - or your carrier - to recover money it pays out on a claim, even if it believes you were partially at fault. Without a waiver of subrogation, a vendor's carrier that pays a claim arising partly from your negligence may turn around and sue you to recover what it paid.
For most vendor relationships, you want both. They address different exposure pathways. On the ACORD 25, look for the "SUBR WVD" checkbox in the coverage section, and confirm that the Description of Operations includes explicit waiver of subrogation language naming your entity.
Red Flags to Watch For
After reviewing certificates at scale, these are the patterns that most commonly indicate a problem:
- Vague AI language: "Additional Insured as required by contract" without naming your entity or referencing a specific endorsement form. This is the certificate equivalent of "we'll figure it out later."
- Wrong entity name: The AI notation names a parent company, a DBA, or a misspelling of your legal entity name. Carriers can and do deny coverage based on named insured discrepancies when the policy terms are specific.
- AI checked for GL but not Auto: If a vendor operates vehicles that create exposure for your organization, you need AI status on the auto policy as well, not just GL.
- Endorsement date later than policy effective date: An endorsement added mid-policy only protects you from the endorsement date forward, not from the policy inception date. A claim that arose before the endorsement was added may not be covered.
- No mention of completed operations: For any vendor who performs physical work, the absence of CG 20 37 (or its equivalent) means no coverage after the job is done.
- AI language buried in general boilerplate: Some brokers include standard language like "10 days notice of cancellation - 30 days for non-payment" as filler and then list AI language immediately after, hoping a quick reviewer treats it as standard. Read the description box word for word.
- Certificate issued by vendor's employee rather than broker: Certificates must be issued by the insurer or an authorized agent. A certificate printed from a generic template by the vendor's office manager is not a valid certificate and carries no authority.
How Automated Parsing Catches AI Status That Humans Miss
Manual AI verification is inconsistent because it depends on the reviewer knowing what to look for and actually reading the Description of Operations carefully on every certificate. When reviewing volume - dozens of vendors per week - that standard degrades quickly.
Automated parsing addresses this by extracting the Description of Operations text and applying structured rules. A parsing API can identify whether the description includes AI language, whether it references a specific endorsement form number, whether your entity name appears in the AI designation, and whether P&NC and waiver of subrogation language is present - across every certificate in the queue, every time, in seconds.
This is especially valuable for detecting the "AI checked but no description language" pattern, where a broker has ticked the ADDL INSR checkbox but the Description box is blank or generic. A human reviewer sometimes accepts the checkbox as sufficient. An automated rule that requires both the checkbox and substantive description language will flag the gap every time.
For organizations building out a broader COI compliance program, AI endorsement verification is one of the highest-value steps to automate because the errors are subtle and the stakes are high.
For construction-specific requirements around AI endorsements and completed operations coverage, see our guide on construction subcontractor COI requirements.
Key takeaway: Being named as certificate holder is not the same as being named as an additional insured. Request both CG 20 10 and CG 20 37 for vendors performing physical work. When the stakes are high, request the actual endorsement form - not just the COI. Verify that P&NC language is present, not just AI status. And treat any AI notation that does not name your specific entity as deficient until corrected.