What Good Vendor Contract Insurance Language Actually Looks Like
A certificate of insurance is only as useful as the contract behind it. The COI tells you what coverage a vendor has. The contract tells you what coverage they were supposed to have. When those two things do not match, you have a compliance problem. When the contract language is vague, you often cannot tell whether they match at all.
Most vendor contracts include some kind of insurance clause. The quality of that language varies enormously. A clause that says “vendor shall maintain adequate insurance” is not the same as one that specifies coverage types, minimum limits, required endorsements, and what happens if the vendor fails to comply. The first creates an obligation that sounds meaningful but is difficult to enforce. The second gives your compliance team something concrete to verify.
This post walks through the most common gaps between weak and strong contract insurance language so you know what to look for when reviewing a vendor agreement.
The Coverage Types Section
Weak language:
Vendor shall maintain general liability insurance and such other insurance as is customary for businesses of its type.
This clause has two problems. First, “customary for businesses of its type” is undefined and unverifiable. What is customary for a facilities vendor is not what is customary for a software consultant. Second, it leaves out coverage types that may be critical for the specific engagement: automobile liability, workers’ compensation, professional liability, umbrella coverage. If a coverage type is not named, there is no contractual basis to require it.
Strong language:
Vendor shall obtain and maintain, at its sole expense, the following insurance coverage throughout the term of this Agreement: (a) Commercial General Liability on an occurrence form, with limits of not less than $1,000,000 per occurrence and $2,000,000 in the aggregate; (b) Automobile Liability covering all owned, hired, and non-owned vehicles with a combined single limit of not less than $1,000,000 per accident; (c) Workers’ Compensation in amounts required by applicable law, and Employers’ Liability with limits of not less than $1,000,000 per occurrence; and (d) Umbrella or Excess Liability with limits of not less than $2,000,000 per occurrence and in the aggregate, following form over the underlying coverages listed above.
The strong version names every required coverage type, specifies the form (occurrence versus claims-made for CGL matters significantly), states minimum limits clearly, and confirms that umbrella coverage follows form over underlying policies rather than potentially excluding coverage types you are relying on.
The Additional Insured Requirement
Weak language:
Vendor’s insurance policies shall name Client as an additional insured where applicable.
“Where applicable” does the opposite of what it appears to do. It sounds like a requirement but it gives the vendor discretion to decide when the requirement applies. It also says nothing about which policies must carry the additional insured designation, what endorsement form is required, or whether completed operations coverage is included.
Strong language:
Vendor shall cause Client to be named as an additional insured on Vendor’s Commercial General Liability policy, including coverage for both ongoing and completed operations, by endorsement. Vendor shall provide Client with copies of all applicable endorsements prior to commencement of services and upon each policy renewal.
The strong version removes discretion entirely. It specifies the policy, requires both ongoing and completed operations coverage (which are separate endorsements under ISO forms CG 20 10 and CG 20 37), and requires the endorsement documents themselves to be delivered, not just referenced on a COI.
The Primary and Noncontributory Requirement
Weak language:
Vendor’s insurance shall be primary with respect to any claims arising out of Vendor’s performance under this Agreement.
Stating that coverage shall be “primary” without the noncontributory component leaves a gap. An insurer can acknowledge primary status while still seeking contribution from your organization’s own coverage. The full protection requires both terms together.
Strong language:
Vendor’s insurance shall be primary and noncontributory with respect to any insurance or self-insurance maintained by Client. Vendor’s insurers shall have no right of contribution against Client’s insurance.
The addition of “noncontributory” and the explicit waiver of contribution rights closes the gap. The second sentence reinforces it in plain terms so there is no interpretive ambiguity.
The Waiver of Subrogation
Weak language:
Vendor agrees to waive subrogation against Client to the extent permitted by Vendor’s insurer.
The phrase “to the extent permitted” makes this provision conditional on the insurer’s cooperation rather than the vendor’s obligation. If the insurer does not agree to the waiver, the contract language provides no protection and the vendor has technically complied with the clause by trying.
Strong language:
Vendor shall obtain from each of its insurers a waiver of all rights of subrogation against Client, its officers, directors, employees, and agents. Vendor shall ensure that each applicable policy is endorsed to reflect this waiver prior to the commencement of services.
The strong version makes the endorsement a contractual requirement rather than a best effort. The vendor cannot satisfy this obligation without actually obtaining the endorsement. If they cannot get the endorsement, that is a material issue to resolve before the engagement begins, not after a loss occurs.
The Certificate Delivery Requirement
Weak language:
Vendor shall provide proof of insurance upon request.
“Upon request” means you have to ask. It means there is no obligation to provide updated certificates when policies renew. It means an engagement can run for months with lapsed coverage and the vendor has no obligation to tell you. This language describes a passive file-and-forget compliance model.
Strong language:
Prior to commencement of services, Vendor shall deliver to Client certificates of insurance and copies of all endorsements required under this Agreement. Vendor shall provide renewal certificates no later than fifteen (15) days prior to the expiration of any policy required hereunder. Vendor shall provide Client with thirty (30) days’ prior written notice of any cancellation, material modification, or non-renewal of any required policy.
The strong version creates three distinct obligations: delivery before work starts, proactive renewal before expiration, and advance notice of any changes. Each obligation is enforceable independently. Compliance teams working from contracts with this language have a defined trigger for action rather than relying on manual monitoring to catch lapses.
The Subcontractor Flow-Down
Weak language:
Vendor shall ensure that any subcontractors it uses are appropriately insured.
“Appropriately” is undefined, and there is no mechanism to verify it. A vendor can engage a subcontractor with minimal coverage, believe in good faith that it is appropriate, and your organization has no visibility or recourse under this clause.
Strong language:
Vendor shall require all subcontractors performing services under this Agreement to maintain insurance coverage equivalent to the requirements set forth in this Section. Vendor shall obtain and maintain certificates of insurance from all subcontractors prior to their commencement of work and shall provide copies to Client upon request. Vendor’s failure to enforce these requirements shall not relieve Vendor of any liability under this Agreement.
The strong version creates a chain of accountability. The vendor is responsible for their subcontractors’ compliance, must collect certificates as evidence, and cannot escape liability by pointing to a subcontractor’s inadequate coverage.
The Failure to Maintain Provision
Weak language:
Client reserves the right to terminate this Agreement in the event Vendor fails to maintain required insurance.
Termination is a remedy of last resort. It is rarely exercised over an insurance lapse, particularly in long-standing vendor relationships, which means this clause has almost no practical effect on vendor behavior.
Strong language:
Vendor’s failure to obtain or maintain any insurance required under this Agreement shall constitute a material breach. In addition to any other remedies available at law or in equity, Client may, at its option: (a) obtain such insurance at Vendor’s expense; (b) withhold payment until Vendor demonstrates compliance; or (c) terminate this Agreement immediately upon written notice. Vendor’s obligation to indemnify Client shall not be limited or affected by the adequacy or inadequacy of any insurance coverage.
The strong version gives your organization practical remedies short of termination and makes clear that the indemnification obligation survives regardless of whether coverage was in place. The last sentence is particularly important: it prevents a vendor from arguing that inadequate insurance limits their liability exposure under the contract.
Putting It All Together: A Strong Insurance Clause
The sections above address each element individually. In practice, they belong together in a single, cohesive insurance clause. Here is what that looks like when the language is drafted well:
INSURANCE
Coverage Requirements. Vendor shall obtain and maintain, at its sole expense, the following insurance coverage throughout the term of this Agreement and for a period of three (3) years following its expiration or termination:
(a) Commercial General Liability on an occurrence form, including bodily injury and property damage liability, personal and advertising injury, products and completed operations, and contractual liability, with limits of not less than $1,000,000 per occurrence and $2,000,000 in the aggregate;
(b) Automobile Liability covering all owned, hired, and non-owned vehicles, with a combined single limit of not less than $1,000,000 per accident;
(c) Workers’ Compensation in amounts required by applicable law, and Employers’ Liability with limits of not less than $1,000,000 per occurrence;
(d) Professional Liability (Errors and Omissions) with limits of not less than $1,000,000 per claim and in the aggregate, if Vendor is providing professional, technical, or consulting services under this Agreement; and
(e) Umbrella or Excess Liability with limits of not less than $2,000,000 per occurrence and in the aggregate, following form over all underlying coverages listed above.
Additional Insured. Vendor shall cause Client to be named as an additional insured on Vendor’s Commercial General Liability policy for both ongoing and completed operations by endorsement. Vendor shall provide copies of all applicable endorsements to Client prior to commencement of services and upon each policy renewal.
Primary and Noncontributory. All insurance required under this Agreement shall be primary and noncontributory with respect to any insurance or self-insurance maintained by Client. Vendor’s insurers shall have no right of contribution against Client’s insurance.
Waiver of Subrogation. Vendor shall obtain from each of its insurers a waiver of all rights of subrogation against Client, its officers, directors, employees, and agents. Each applicable policy shall be endorsed to reflect this waiver prior to commencement of services.
Certificate Delivery and Renewal. Prior to commencement of services, Vendor shall deliver to Client certificates of insurance and copies of all endorsements required under this Agreement. Vendor shall provide renewal certificates no later than fifteen (15) days prior to the expiration of any required policy. Vendor shall provide Client with thirty (30) days’ prior written notice of any cancellation, material modification, or non-renewal of any required policy.
Subcontractors. Vendor shall require all subcontractors performing services under this Agreement to maintain insurance coverage equivalent to the requirements set forth in this Section. Vendor shall obtain certificates of insurance from all subcontractors prior to their commencement of work and shall provide copies to Client upon request. Vendor’s failure to enforce these requirements shall not relieve Vendor of any liability under this Agreement.
Failure to Maintain. Vendor’s failure to obtain or maintain any insurance required under this Agreement shall constitute a material breach. In addition to any other remedies available at law or in equity, Client may, at its option: (a) obtain such insurance at Vendor’s expense; (b) withhold payment until Vendor demonstrates compliance; or (c) terminate this Agreement immediately upon written notice. Vendor’s obligation to indemnify Client shall not be limited or affected by the adequacy or inadequacy of any insurance coverage.
Carrier Requirements. All insurance shall be placed with insurers licensed to do business in the jurisdiction where services are performed and rated no less than A-VII by A.M. Best.
No single clause template works for every vendor relationship. Coverage types and limits should be calibrated to the nature of the engagement and your organization’s risk tolerance. A facilities vendor operating on your premises warrants different requirements than a remote software consultant. The structure above is a strong starting point, not a one-size-fits-all solution. Legal counsel should review any insurance clause before it is incorporated into a contract.
What This Means for Compliance Teams
Compliance managers often receive vendor contracts they did not draft and have limited influence over redlining. But understanding what strong contract language looks like serves two purposes.
First, it gives you a basis for escalating concerns. When you identify a material gap in insurance language, you can articulate specifically what is missing and why it matters rather than raising a general concern that is easy to dismiss.
Second, it calibrates your review process. A vendor contract with robust insurance language tells you what to verify on the COI and endorsements. A contract with weak language tells you that the COI alone is unlikely to give you full visibility into the coverage actually in place, and that additional verification may be warranted.
The contract, the certificate, and the endorsements are three layers of the same protection. When all three are aligned and well-drafted, your organization has a defensible compliance position. When any one of them is weak, the others carry more weight than they should.
Clarita helps compliance teams track vendor certificates against the requirements that actually matter for each relationship. If your team is managing COI compliance at scale, request early access to get early access.