What Is a Certificate of Insurance (COI)? The Complete Guide for 2026

A certificate of insurance (COI) is a standardized document that proves a business or individual holds active insurance coverage. Issued by the insured party's insurance agent or broker, a COI summarizes the types of coverage in force, the policy limits, the effective dates, and the named insured. It serves as at-a-glance evidence that a vendor, contractor, or tenant has the insurance protection your contract requires — without having to review the full policy.

If you manage vendors, oversee construction projects, or handle lease administration, COIs are one of the most important documents crossing your desk. Yet they are also one of the most misunderstood. This guide breaks down everything operations teams need to know about certificates of insurance in 2026, from the fields on the form to the compliance pitfalls that put organizations at risk.

Why Certificates of Insurance Matter for Operations Teams

A COI is not a policy, and it does not confer rights or coverage on its own. That distinction is critical. The certificate is a snapshot — it tells you what coverage existed at the moment the certificate was issued. If the underlying policy is canceled the next day, the COI you hold is no longer accurate, even though the paper still looks valid.

Despite that limitation, COIs are the foundation of third-party risk management across nearly every industry. Property managers require them from maintenance vendors. General contractors require them from subcontractors. Hospitals require them from medical device suppliers. Landlords require them from tenants. The pattern is the same: before you allow a third party to work on your premises, deliver goods, or access your systems, you need proof that they carry adequate insurance.

The consequences of failing to collect and verify COIs range from mild to catastrophic. At the mild end, your organization absorbs repair costs that should have been covered by a vendor's policy. At the catastrophic end, a serious injury on your jobsite leads to a lawsuit, and you discover the subcontractor's policy lapsed two months ago — leaving your organization as the deepest pocket in the room.

What a Certificate of Insurance Contains

The vast majority of COIs in the United States follow the ACORD 25 format, a standardized form published by the Association for Cooperative Operations Research and Development. The ACORD 25 has been revised several times, with the most recent editions being 2016/03 and later. Here are the key sections:

1. Producer information — The insurance agency or brokerage that issued the certificate, including their name, address, phone number, and contact details.
2. Insured information — The legal name and address of the entity that holds the insurance policies. This is the party whose coverage is being certified.
3. Insurers affording coverage — A table listing up to five insurance companies (Insurer A through E), each identified by name and NAIC code.
4. Coverages table — The heart of the certificate. Each row covers a different type of insurance: Commercial General Liability, Automobile Liability, Umbrella/Excess Liability, Workers Compensation, and sometimes Professional Liability or other specialty lines. For each coverage, the form shows the policy number, effective date, expiration date, and applicable limits.
5. Description of Operations / Locations / Vehicles — A free-text area where the producer can add project-specific details, endorsement references, and special language such as Additional Insured status, Waiver of Subrogation, or Primary and Non-Contributory wording.
6. Certificate Holder — The entity requesting the certificate. This is typically your organization. The certificate holder's name and address appear in the lower-left section of the form.
7. Cancellation clause — Standard language stating whether the insurer will endeavor to provide notice if the policy is canceled before its expiration date.

Understanding these sections is essential because compliance failures hide in the details. A limit that reads $500,000 instead of the required $1,000,000, an expiration date that has already passed, or a missing endorsement reference can each represent a significant gap in your risk transfer program.

Who Needs a Certificate of Insurance

Almost any organization that engages third parties should be collecting COIs. Here are the most common scenarios:

• Construction projects — General contractors collect COIs from every subcontractor. Owners collect COIs from general contractors. The required limits and endorsements are typically spelled out in the subcontract or master service agreement.
• Property management — Building owners and property managers require COIs from cleaning companies, landscapers, elevator maintenance firms, HVAC contractors, and any other vendor performing work on the property.
• Commercial leases — Landlords require tenants to carry general liability and sometimes property insurance, with the landlord named as an Additional Insured.
• Supply chain and logistics — Manufacturers and distributors require COIs from transportation companies, warehouse operators, and freight brokers.
• Professional services — Clients may require consultants, IT providers, or design firms to carry Professional Liability (Errors & Omissions) insurance.
• Events and venues — Event organizers require COIs from caterers, entertainers, equipment rental companies, and security firms.

The common thread is risk transfer. Whenever one party could be held liable for the actions or negligence of another, the contract should require insurance, and the COI is the proof that the insurance exists.

How to Verify COI Compliance

Collecting a certificate is only half the battle. Verifying that the certificate actually meets your contractual requirements is where most organizations fall short. Here is a step-by-step compliance verification process:

1. Match the insured name — Confirm the Named Insured on the certificate matches the legal entity you contracted with. A mismatch (e.g., the COI shows a parent company but your contract is with a subsidiary) can void your Additional Insured coverage.
2. Check coverage types — Verify that every coverage type required by your contract appears on the certificate. If your contract requires General Liability, Auto Liability, Umbrella, and Workers Compensation, all four must be present.
3. Compare limits — For each coverage type, compare the limits on the certificate against your contractual minimums. Pay attention to both per-occurrence and aggregate limits.
4. Verify dates — Confirm that every policy listed is currently in force. Check both the effective date and the expiration date. Flag any policy expiring within 30 days for proactive renewal tracking.
5. Review endorsements — Look at the Description of Operations section for references to Additional Insured, Waiver of Subrogation, and Primary and Non-Contributory. Note that a reference on the COI is not proof — the actual endorsement document should be obtained and reviewed separately.
6. Confirm certificate holder — Your organization's exact legal name should appear in the Certificate Holder box. An incorrect name may mean you are not properly designated.
7. Check the insurer — Verify that each insurance company has an acceptable financial strength rating (typically A.M. Best rating of A- VII or better). The NAIC code on the certificate helps you look this up.

This process is straightforward in theory but overwhelming in practice when you are managing dozens or hundreds of vendors. Each vendor has multiple coverage lines, each with its own expiration date. Endorsement requirements vary by contract. And certificates arrive as PDFs that must be read, interpreted, and compared manually — unless you use automation.

Common COI Compliance Mistakes

Even experienced risk managers make these mistakes regularly:

• Accepting expired certificates — A certificate with a past expiration date provides zero protection, yet they slip through when volume is high.
• Ignoring the Additional Insured gap — The certificate says "Additional Insured" in the description, but the actual endorsement form (CG 20 10 or CG 20 37) was never attached or verified. The COI language alone does not confer coverage.
• Missing the Completed Operations endorsement — Many contracts require Additional Insured coverage for both ongoing and completed operations. If the certificate only references CG 20 10 (ongoing) without CG 20 37 (completed operations), there is a gap that will surface after the work is done.
• Not tracking renewals — A vendor provides a compliant COI at the start of a project. Six months later, their policy renews with different limits or drops an endorsement. Without expiration tracking, you never know.
• Wrong entity name — Your contract is with "ABC Construction LLC" but the COI lists "ABC Construction Inc." This matters more than you might think in a coverage dispute.

How Technology Is Changing COI Management

Traditional COI management involves a spreadsheet, a file cabinet (physical or digital), and a calendar reminder system. This approach breaks down at scale. When you manage 50 or more vendors, manual tracking becomes a full-time job — and errors are inevitable.

Modern COI compliance tools use AI to extract data from certificate PDFs, compare the extracted data against your requirements, and generate compliance reports automatically. The best tools separate the extraction step (reading the document) from the decision step (applying your rules), which makes the compliance verdict auditable and consistent.

unifi.ai is purpose-built for this workflow. Upload a COI, select your requirement template (or create a custom one), and receive an instant compliance report showing every check that passed, failed, or needs review. The system reads the ACORD 25 form, extracts every field, and applies deterministic compliance rules — no guesswork, no ambiguity. See pricing for plan details.

The ACORD 25 Form: Past, Present, and Future

ACORD has been publishing standardized insurance forms since 1970. The ACORD 25 — Certificate of Liability Insurance — is the most widely used certificate form in the United States. Over the decades, it has been revised to add clarity around cancellation notice provisions, to accommodate new coverage types, and to standardize the layout for electronic processing.

The 2016 revision (ACORD 25 2016/03) is the current standard. Key changes in recent editions include clarification that the certificate confers no rights on the certificate holder and updated cancellation language that removes the "endeavor to" notice commitment that appeared in earlier versions.

Looking ahead, the insurance industry is moving toward digital certificates and real-time verification. Instead of static PDFs that become stale the moment they are issued, the future likely involves API-based certificate verification where the certificate holder can check policy status in real time. Until that infrastructure is widely adopted, PDF-based COIs and the ACORD 25 form remain the standard.

Frequently Asked Questions

Is a certificate of insurance the same as an insurance policy?

No. A COI is a summary document that shows coverage exists. It does not replace the actual policy and does not confer any coverage rights on the certificate holder. The policy itself is the legally binding contract between the insured and the insurance company. If there is a conflict between the certificate and the policy, the policy language governs.

How long is a certificate of insurance valid?

A COI is valid for the policy period shown on the certificate — typically one year. However, the certificate itself is a snapshot in time. If the underlying policy is canceled or materially changed after the certificate is issued, the certificate does not automatically update. This is why expiration tracking and renewal monitoring are essential.

Can I be sued if a vendor's insurance lapses?

Yes. If a vendor's insurance lapses and they cause injury or property damage while working on your behalf, you can be named in the resulting lawsuit. Without valid vendor insurance in place, your organization may bear the full financial exposure. This is precisely why COI compliance programs exist — to ensure continuous coverage from all third parties.

What is the difference between a Named Insured and an Additional Insured?

The Named Insured is the entity that purchased the insurance policy. They appear in the Insured section of the COI and have full rights under the policy. An Additional Insured is a third party (often the certificate holder) who is added to the policy via endorsement, gaining limited coverage for claims arising from the Named Insured's work. Additional Insured status is one of the most important protections in a third-party risk program.

Do I need to collect the actual endorsement, or is the COI enough?

Best practice is to collect both. The COI tells you that the endorsement is supposed to exist, but only the actual endorsement document confirms the specific terms, the named entities, and the scope of coverage. Many claims disputes arise because the COI referenced an endorsement that was never actually issued or did not include the correct entity name.

---

Managing COI compliance manually is time-consuming and error-prone. Whether you handle five vendors or five hundred, automated compliance checking eliminates the guesswork and protects your organization from coverage gaps.

Try unifi.ai free — no signup required.