COI verification is not universally required by statute in the United States. There is no federal law that mandates every business verify vendor insurance certificates. But that framing misses the point - because the obligation to verify comes from three other sources that are just as binding: your contracts, common law negligence doctrine, and sometimes industry regulation.
In practice, "legally required" is the wrong question. The right question is: what is the cost of not verifying?
Legal Requirement vs. Contractual Obligation
Contractual obligation: If your master service agreement with a vendor requires the vendor to carry insurance and requires you to verify compliance before work begins, you have a contractual duty to verify. Breach of that duty creates liability to your own contracting party if a loss occurs and uninsured exposure results.
Many commercial contracts include language such as: "Contractor shall maintain the insurance coverages set forth in Exhibit A throughout the term of this Agreement. Owner shall have the right to require evidence of such insurance at any time." That language creates an obligation.
Statutory requirement: Some industries have regulatory requirements that effectively mandate insurance verification. Examples:
- Contractors' licensing: Many states require licensed contractors to carry specific insurance as a condition of maintaining their license. Property owners and GCs who hire unlicensed or uninsured contractors may face regulatory penalties.
- Transportation: Motor carrier regulations (FMCSA) require that shippers using registered carriers verify carrier authority and insurance.
- Healthcare: Facilities accredited by The Joint Commission face vendor credentialing standards that include insurance verification for certain vendor types.
If you operate in a regulated industry, check whether your regulatory framework creates an affirmative verification obligation.
The Negligence Doctrine: Duty of Care
This is where most litigation risk actually lives. Even without a contract clause or a statute, the common law doctrine of negligence creates a duty of care in the hiring of vendors.
The doctrine: A business that hires a vendor has a duty to exercise reasonable care in selecting and supervising that vendor. Part of reasonable care is confirming that the vendor carries adequate insurance to cover losses that could arise from their work.
Courts have found hiring parties liable for:
- Hiring uninsured contractors who then injure workers on the premises
- Allowing uninsured vendors to perform work that results in property damage
- Failing to verify that a vendor met required coverage levels before allowing access
The legal theory is straightforward: you had a duty, you could have discovered the problem with reasonable inquiry, you didn't, and someone was harmed as a result.
Case Examples
Construction injury: A property owner hires a contractor who claims to carry workers' comp. The contractor's employee is injured on the job site. The carrier investigates and discovers the WC policy had lapsed. The employee sues both the contractor and the property owner. The owner's failure to verify current coverage is evidence of negligence.
Property damage: A commercial landlord hires a roofing contractor who causes water intrusion damage to a tenant's space. The contractor is underinsured. The tenant sues the landlord. The landlord's failure to require and verify adequate GL coverage is part of the damages argument.
In both cases, the question is the same: did the hiring party exercise reasonable care? Documentation of a verification process - even if imperfect - significantly improves the defense position. No verification documentation is much harder to defend.
- $500,000+ per uninsured incident
- Litigation and defense costs
- Premium increases on your own policy
- Reputational damage and management time
- Staff time and software subscription
- Documented compliance program
- Stronger litigation defense position
- Risk transferred to vendor insurers
When Verification Is Required by Contract
Read your existing contracts. Both your vendor agreements (downstream) and any master contracts with your own clients (upstream) may address insurance verification.
Upstream contracts - where you are the vendor - may require you to ensure your subcontractors meet certain insurance standards. If you've agreed to flow down insurance requirements to subcontractors and verify compliance, you have a contractual obligation to do so.
Downstream contracts - where you are the hiring party - should require vendors to carry insurance and should give you the right to request evidence. If your contracts don't have this language, they should.
What "Required" Means in Practice
For most businesses, the practical standard is: verify before work begins, document the verification, track renewals, and handle non-compliance with a defined process.
This standard isn't derived from a single statute. It's derived from:
- Your contractual commitments to require vendor insurance
- The duty of care you owe to parties who may be harmed by your vendors' actions
- Your own insurer's expectations (many commercial policies and umbrella programs require documented vendor compliance)
- Basic risk management good practice
Meeting this standard doesn't require perfection. It requires a systematic program with documented procedures and execution. Organizations that can show they had a functioning compliance program are in a significantly better litigation position than those who cannot.
The Litigation Risk of Not Verifying
The asymmetry here is important. The cost of verification is measured in staff time and software. The cost of not verifying - when an incident occurs with an uninsured or underinsured vendor - is $500,000+ per incident, plus litigation costs, plus management time, plus the reputational impact.
Bramble provides the systematic verification and documentation that demonstrates reasonable care. See how it works.