Back

Certificates of Insurance: The Complete Construction Guide (2026)

Quick answer

A certificate of insurance (COI) is a one-page summary document proving that a contractor, vendor, or subcontractor has active insurance coverage. It is not an insurance policy — it is evidence that a policy exists. In construction, COIs are required from every subcontractor before work begins and must be current, compliant with contract requirements, and reviewed for the right endorsements — not just collected and filed.

What is a certificate of insurance?

A certificate of insurance is a standardized document issued by an insurance broker on behalf of their client. It summarizes the types of coverage the client carries, the coverage limits, the policy effective and expiration dates, and who holds the policy.

In the United States, the standard form is the ACORD 25 — maintained by ACORD (Association for Cooperative Operations Research and Development) and used by virtually every U.S. insurance broker. When someone asks for a COI, they’re almost always asking for an ACORD 25.

It’s worth being precise about what a COI is not:

  • It is not an insurance policy. The COI summarizes coverage; it does not establish it.
  • It is not a guarantee of coverage. Only the actual policy determines what is and isn’t covered.
  • It is not a substitute for endorsements. A COI that says “additional insured” in the description box doesn’t provide additional insured coverage — only an attached endorsement does.

These distinctions matter because many construction teams treat COI collection as a compliance checkbox. Collecting a COI and having a compliant vendor are not the same thing.

How to read a certificate of insurance

The ACORD 25 is divided into several sections. Here’s what each one means and what to look for:

ACORD 25 — section by section
Producer (top left)
The insurance broker who issued the certificate on behalf of their client. Not the insurance company. If you need to verify coverage or request an endorsement, contact the producer. The insurer name and NAIC number are listed separately in the coverages section.
Insured (middle left)
The business or individual holding the policy — typically your subcontractor or vendor. The name here must match the exact legal entity you’re contracting with. A subsidiary, DBA, or parent company is a different entity. Mismatches are one of the most common compliance issues.
Insurer (right column)
The actual insurance company providing coverage. For high-value contracts, verify the insurer’s AM Best rating to confirm financial strength. An A- or better rating is the standard minimum most contracts require.
Coverages section
The most important part of the document. Lists each type of insurance, policy number, effective and expiration dates, and coverage limits. This is where you check limits against your contract requirements and confirm the right policy types are present.
Description of Operations
Free-text field that should reference the project, additional insured language, and endorsement types. Many compliance issues are either hidden here or missing from here. Never skip this section.
Certificate Holder (bottom left)
The party requiring the COI — typically your company. Being listed here means you’re notified of cancellations. It does NOT mean you’re an additional insured. Those are separate designations with very different protections.

Types of coverage on a COI

Construction COIs typically include several coverage types. Knowing what each one covers helps you verify that the right protection is in place for your specific project.

Commercial General Liability (CGL)
Covers bodily injury and property damage caused during operations. The most commonly required coverage. Standard minimums: $1M per occurrence / $2M aggregate. Higher limits for larger projects.
Automobile Liability
Covers vehicles used in business operations, including hired and non-owned auto. Required for any vendor that operates vehicles on or around your project sites.
Workers Compensation
Covers employees injured on the job. Statutory limits vary by state. Most contracts require this for any vendor with employees. Employers Liability coverage is typically included.
Umbrella / Excess Liability
Extends limits above the CGL, auto, and workers compensation policies. Effectively increases total coverage for large claims. Common requirement on projects over $5M.
Professional Liability (E&O)
Covers errors and omissions in professional services — design, engineering, consulting. Required for design-build contractors, architects, and engineers. Not on standard CGL policies.
Builders Risk
Covers property under construction against damage from fire, vandalism, weather, and other perils. Typically held by the GC or project owner, not subcontractors. May appear on a COI for large specialty contractors.

Certificate holder vs additional insured: the most important distinction in COI compliance

This is the distinction that causes the most claims exposure in construction. Many GCs believe that collecting a COI with their name on it as certificate holder protects them. It doesn’t.

A certificate holder receives a copy of the certificate and is notified if the policy is cancelled. That’s it. No coverage, no protection, no ability to file a claim under the vendor’s policy.

An additional insured is a party that has been added to the vendor’s insurance policy and can file claims under it. This means that if the vendor causes an injury or property damage while working on your project, you can seek coverage under their policy rather than your own.

Why this matters in practice

A COI can say “additional insured” in the description box, but if the actual endorsement isn’t attached to the policy, that designation has no legal weight. The only thing that creates additional insured protection is an endorsement on the underlying policy. This is why collecting a COI isn’t enough — the endorsements behind it must be verified. See our full breakdown: certificate holder vs additional insured.

Endorsements: what they are and which ones matter

An endorsement is a modification to an insurance policy. It adds, removes, or changes coverage beyond what the standard policy provides. For construction COI compliance, endorsements are often more important than the base policy — and they’re where most compliance gaps hide.

The endorsements you’ll encounter most often in construction contracts:

  • CG 20 10 (Additional Insured — Ongoing Operations): Adds the GC as an additional insured under the subcontractor’s CGL policy for claims arising from ongoing work on the project. This is the most commonly required endorsement in construction subcontracts.
  • CG 20 37 (Additional Insured — Completed Operations): Extends additional insured protection to cover claims arising after the project is complete — typically for 1–10 years after closeout. Required by most general contractors for any project with a defect liability period.
  • Primary and Non-Contributory (P&NC): Makes the subcontractor’s policy the primary payer in a claim, rather than sharing costs with the GC’s policy. Without this, your own insurance gets pulled into claims caused by your subcontractors.
  • Waiver of Subrogation: Prevents the vendor’s insurer from pursuing claims against your company after paying out a claim. Commonly required to avoid being sued by your own subcontractor’s insurer.

For a complete guide to these endorsements, see: CG 20 10, CG 20 37, and Primary & Non-Contributory explained.

What to check when you receive a COI

Most construction teams accept COIs without reviewing them. That’s the root cause of most COI-related claims exposure. Here’s what an actual review looks like:

COI review checklist
Insured name matches: The legal entity on the COI must exactly match the entity you’re contracting with. DBA names and parent companies are different legal entities.
Coverage is currently active: Check effective and expiration dates on every policy listed. A COI that expired last week provides no protection today.
Limits meet contract minimums: Compare per-occurrence and aggregate limits against what your contract specifies. A $1M per-occurrence limit on a project that requires $2M is non-compliant.
Required coverage types are present: Confirm all coverage types your contract requires are listed — CGL, auto, workers comp, umbrella if required.
Additional insured endorsement is referenced: The description of operations should reference the additional insured endorsement (CG 20 10 and/or CG 20 37) and name your company. Verify the endorsement is actually attached to the policy, not just mentioned on the COI.
Primary and non-contributory language is present if required by your contract.
Your company is listed as certificate holder: Your name and address in the certificate holder box ensures cancellation notifications reach you.
Project or scope is referenced: The description of operations should reference your project name or scope where required by your contract.

The most common COI compliance gaps in construction

These are the gaps that come up repeatedly in claims investigations and compliance audits:

Expired certificates

The single most common gap. A certificate was collected when the vendor started, but nobody tracked the expiration date or requested a renewal. By the time it comes up, the vendor has been working uninsured for months.

Missing or wrong endorsements

A COI shows coverage, but the CG 20 10 endorsement isn’t attached. The description box says “additional insured” but there’s no actual endorsement on the policy. The protection that matters is in the endorsement, not the COI.

Insufficient coverage limits

A COI is on file, but the limits are below what the subcontract requires. This is almost never caught in manual review because reviewers compare the COI to what they received, not to what the contract requires.

Insured name mismatch

The contract is with ABC Concrete LLC. The COI is for ABC Concrete Inc. Those are technically different legal entities. In a claim, this distinction matters — and insurers will notice it.

No completed operations coverage

CG 20 10 covers ongoing operations but not completed operations. If a defect is discovered after project closeout and CG 20 37 wasn’t required or verified, the protection for that period may not exist.

COI collected, never reviewed

The most systemic gap. A COI arrives via email, gets filed in a shared folder, and is marked as collected. No one checked the limits, the endorsements, or the insured name. It’s in the system but not actually compliant.

Managing certificates of insurance at scale

When you’re managing COIs for dozens or hundreds of vendors, the manual process described above — request, receive, review, file, remind — breaks down at every stage. The volume of incoming certificates, combined with the ongoing renewal cycle, creates a compliance operation that one or two people cannot run effectively without automation.

The challenges that appear at scale:

  • 15–25 certificate expirations per month per 200 active vendors
  • Multiple concurrent projects with different contract requirements
  • Vendors with multiple insurance agents for different coverage types
  • AP holds that fire at payment time rather than being caught in advance
  • Audit requests requiring historical compliance records, not just current status

Automating the COI lifecycle — collection, review, renewal outreach, ERP sync — reduces the operational burden to exception handling rather than full management. For a step-by-step guide to building that process, see: certificate of insurance tracking at scale.

For teams running Viewpoint Vista, Sage 300, Sage Intacct, Procore, Autodesk, or JD Edwards, Billy’s COI tracking software integrates directly with each platform — so compliance status lives in the system where payment decisions are made, not in a separate tool your AP team has to check separately.

Free starting point

If you’re managing fewer than 25 vendors and want to start with a structured manual process, our free COI tracking template for Excel covers the basics. For teams past that threshold, it has real limits — but it’s a useful baseline for structuring what you collect and when you follow up.

Frequently asked questions

How long does it take to get a certificate of insurance?
Most brokers can issue a COI within a few hours or the same business day. For urgent requests, a responsive broker can turn one around in under an hour. If a vendor consistently delays providing COIs, that’s worth noting — sometimes it indicates a coverage issue they’re trying to work around.
Does a COI expire?
Yes. A COI reflects coverage in force on a specific date. When the underlying policy renews — typically annually — the old certificate is no longer current. You should request updated certificates before each policy renewal date, not just when the old one expires.
Can a vendor change their coverage after issuing a COI?
Yes. A vendor can modify, reduce, or cancel their coverage at any time. The COI only reflects coverage at the time it was issued. This is why ongoing tracking — not just initial collection — is necessary. Certificate holders are supposed to receive cancellation notices, but those don’t always arrive reliably.
What’s the difference between a COI and an endorsement?
A COI summarizes what coverage exists. An endorsement modifies the underlying policy — adding additional insured status, changing coverage terms, or extending protection. The COI can reference endorsements, but only the endorsement itself creates coverage. A COI that says “additional insured” without an attached endorsement provides no additional insured protection. See our full explainer: COI vs endorsement.
Who pays for the additional insured endorsement?
The subcontractor or vendor, as the policyholder, bears the cost. Some insurers charge a small additional premium; others include it at no charge. It’s standard practice in construction subcontracts to require vendors to bear this cost as a condition of work.
What is ACORD 25?
ACORD 25 is the standardized form for certificates of liability insurance in the U.S., maintained by ACORD and used by virtually all U.S. brokers. ACORD 28 is the equivalent for property insurance. When someone asks for a COI, they’re almost always asking for an ACORD 25.
How many COIs should I collect from each vendor?
At minimum, one current COI per vendor per policy year. For project-specific requirements — where your contract requires coverage referencing a specific project name — you may need a project-specific COI in addition to the vendor’s standard certificate. Some large GCs require project-specific COIs for every new project engagement.
What happens if a subcontractor causes damage and their COI was expired?
The short answer: you bear the risk. If the vendor’s policy lapsed, there may be no coverage to transfer the claim to — and your own general liability or umbrella policy may be your only recourse. Courts have found GCs responsible for incidents involving subcontractors whose coverage wasn’t current. This is why expiration tracking is the most operationally critical part of COI management.

Stop managing COIs manually

Billy automates the entire COI lifecycle — collection, review, renewals, and ERP sync — so your team focuses on exceptions, not paperwork.

Book a Demo →

Summary

Certificates of insurance are the foundation of vendor risk management in construction. A COI proves that a vendor has coverage — but collecting one is not the same as having a compliant vendor. The most important distinctions: certificate holders get notifications, additional insureds get coverage; endorsements create protection, COIs only summarize it; and a filed COI that hasn’t been reviewed for limits, endorsements, and insured name is a gap that often doesn’t surface until a claim or audit.

Managing COIs at scale requires automating the collection, review, and renewal cycle rather than running it manually. For teams past 25–50 active vendors, the operational cost and risk exposure of manual tracking consistently outweigh the investment in a structured compliance system.

Similar Posts