Tender insurance requirements often feel like a box-ticking exercise until the numbers stop you from bidding. You find a perfect public sector opportunity, only to discover the buyer wants £10m in professional indemnity cover for a £50,000 contract. For many UK SMEs, the cost of upgrading insurance policies to meet these thresholds wipes out the profit margin before the work even begins.
The Procurement Act 2023 and updated Crown Commercial Service (CCS) guidance have shifted how buyers approach these limits. The default position is no longer "ask for the maximum just in case." Buyers must now set insurance requirements that are proportionate to the contract value and the actual risk of the services being delivered. But old habits die hard, and many contracting authorities still cut and paste excessive limits from previous tenders.
This guide breaks down the insurance numbers buyers actually expect across different sectors, what the rules say about proportionality, and how to push back when a buyer asks for too much cover.
What this guide covers
- The baseline limits for Employers' Liability, Public Liability, and Professional Indemnity.
- Sector-specific expectations for IT, construction, professional services, and facilities management.
- How the Procurement Act 2023 changes when you need to hold the required cover.
- A worked example of challenging disproportionate insurance requirements.
- Common mistakes bidders make when answering insurance questions in the Selection Questionnaire (SQ).
The core insurance trio
Most UK public sector tenders require three main types of insurance. The exact limits vary by sector and contract size, but the baseline expectations are well established. Buyers use these policies to protect the public purse from supplier negligence, accidents, and financial failure. Understanding what each policy covers and why buyers ask for it is the first step to navigating the requirements.
Employers' Liability (EL)
Employers' Liability is a legal requirement in the UK for any business that employs staff. It covers compensation claims if an employee is injured or becomes ill because of the work they do for you. This applies to full-time staff, part-time workers, temporary contractors, and even apprentices.
The legal minimum cover under the Employers' Liability (Compulsory Insurance) Act 1969 is £5m. However, the standard requirement in almost all public sector tenders is £5m or £10m. Insurers typically offer £10m as standard because the cost difference between £5m and £10m is negligible.
If you are a sole trader with no employees, or a family business where all employees are closely related, you are generally exempt from needing EL insurance. You can state this in the Selection Questionnaire (SQ) and bypass the requirement. But if you plan to hire staff to deliver the contract, you must commit to obtaining EL cover before the contract begins.
Public Liability (PL)
Public Liability covers claims made by third parties (members of the public, clients, or other contractors) for injury or property damage caused by your business activities. If you spill coffee on a server rack at a council office, or a member of the public trips over your equipment, PL covers the legal and compensation costs.
For low-risk, office-based or remote services, the standard public sector expectation is £1m to £5m. For contracts involving physical presence on government sites, the baseline jumps to £5m. High-risk activities, such as construction, groundwork, or heavy facilities management, often see requirements of £10m or £20m.
Buyers calculate PL requirements based on the potential worst-case scenario. If you are delivering a training course online, the risk of causing physical damage is zero. If you are maintaining HVAC systems in a busy hospital, the risk is significant.
Professional Indemnity (PI)
Professional Indemnity covers the cost of compensating clients for loss or damage resulting from negligent services or advice provided by your business. This is the most contentious and expensive insurance requirement in public sector tendering. If your software design fails, or your structural calculations are wrong, PI covers the financial fallout.
Unlike EL and PL, which are usually "any one claim" policies, PI is often written on an "in the aggregate" basis. This means the limit applies to the total of all claims in a policy year. Buyers will specify whether they need the limit on an aggregate or any one claim basis, and failing to spot the difference can result in a failed bid.
Baseline expectations range from £1m for low-risk consultancy up to £5m or £10m for complex IT systems, architecture, or critical infrastructure design. The cost of PI cover has skyrocketed in recent years, particularly in the construction sector following the Grenfell Tower tragedy, making disproportionate PI requirements a major barrier for SMEs.
Sector expectations and contract values
The Sourcing Playbook and the Model Services Contract both stress that insurance limits must be proportionate to the risk. However, specific sectors have established norms that buyers rarely deviate from. Knowing these norms helps you anticipate costs and identify when a buyer is asking for too much.
The table below summarises the typical minimum requirements you will encounter across the four main sectors. These are not absolute rules; individual buyers can set higher or lower limits based on specific risk assessments. But if a tender deviates significantly from these norms, it warrants a clarification question.
| Sector | Employers' Liability | Public Liability | Professional Indemnity |
|---|---|---|---|
| IT Services (standard) | £5m to £10m | £1m to £5m | £1m to £2m |
| IT Services (critical/health) | £5m to £10m | £5m | £5m |
| Professional Services | £5m to £10m | £1m to £5m | £1m to £5m |
| Construction (standard) | £10m | £5m to £10m | £5m |
| Construction (major infrastructure) | £10m | £20m to £50m | £10m |
| Facilities Management (hard FM) | £10m | £5m to £10m | £2m to £5m |
| Facilities Management (soft FM) | £10m | £5m | £1m to £2m |
IT Services and Digital
The digital sector has seen significant pushback against excessive insurance limits. In early 2024, CCS initially proposed raising the PI and PL requirements for the G-Cloud 14 framework to £10m. Following a massive backlash from SME suppliers who argued this would price them out of the market, CCS U-turned.
For standard cloud software and support services (Lots 1-3 on G-Cloud 14), the requirement is now £1m for both PL and PI. However, for complex, large-scale cloud migration projects (Lot 4), the requirement jumps to £25m. This highlights how buyers differentiate between off-the-shelf software and bespoke, high-risk digital transformation.
If you are bidding for standard IT Services contracts outside of major frameworks, expect to see PI requirements of £1m to £2m for software development and £5m if the project involves critical national infrastructure or sensitive health data. Cyber liability insurance is also becoming a mandatory addition, often set at £2m to £5m to cover data breaches and ransomware attacks.
Professional Services
For management consultancy, legal, and advisory roles, the primary risk is financial loss resulting from bad advice. The physical risks are minimal, so PL and EL requirements rarely exceed £5m.
On frameworks like the Management Consultancy Framework Three (MCF3), insurance limits are tailored to the specific call-off contract rather than the framework itself. For a standard advisory contract valued under £100,000, a PI limit of £1m is typical. For larger strategic projects, buyers often ask for £2m to £5m.
If you are providing Professional Services that involve financial auditing, high-stakes policy design, or procurement advice, buyers may push for £10m. This is often disproportionate if the total contract value is only £50,000, and you should challenge it during the clarification period.
Construction and Engineering
Construction carries the highest physical and financial risks, and the insurance requirements reflect this reality. The standard forms of contract, such as JCT and NEC, dictate strict insurance provisions.
Under standard JCT or NEC contracts, Public Liability is rarely accepted below £5m, with £10m being the norm for any project involving significant groundwork or structural alteration. For major infrastructure projects, PL limits of £20m to £50m are common.
For design and build contractors, Professional Indemnity is heavily scrutinized. A PI limit of £5m is standard, but for major infrastructure, buyers will demand £10m. Furthermore, buyers will require "run-off" cover, meaning the PI insurance must be maintained for 6 to 12 years after the project is completed to cover latent defects. This long-tail liability is a massive ongoing cost for construction SMEs.
You can read more about bidding in this sector in our guide to Construction tenders.
Facilities Management
Facilities management combines the physical risks of construction with the ongoing operational risks of service delivery. FM contractors are constantly on-site, interacting with the public and the buyer's staff.
For hard FM (maintenance, HVAC, electrical), Public Liability requirements sit at £5m to £10m. For soft FM (cleaning, security, catering), £5m is standard.
Because FM contractors operate on the buyer's premises, buyers are particularly strict about these limits. If you are bidding for Facilities Management contracts, ensure your PL policy does not contain exclusions for the specific types of work you will be undertaking (e.g., working at height or using heat tools). An exclusion in the small print means you are effectively uninsured for that activity, which will breach the contract terms.
NHS and health sector requirements
The NHS and wider health sector deserves separate treatment because it combines the data sensitivity of IT services with the physical risk of healthcare delivery. Insurance requirements are consistently higher than in other sectors.
For technology suppliers delivering clinical software or AI-assisted diagnostics, NHS commissioners typically require a minimum of £5m in Professional Indemnity, with some trusts asking for £10m for systems that directly inform clinical decisions. This is not disproportionate given the potential consequences of a software failure in a patient-facing context.
Public Liability for any supplier working on NHS premises is usually set at £5m, rising to £10m for contractors carrying out physical works in clinical environments. Cyber liability insurance is increasingly mandatory, with NHS commissioners asking for £2m to £5m to cover the cost of a data breach affecting patient records.
One important nuance for healthcare suppliers: NHS trusts are covered by NHS Resolution for clinical negligence, but this does not extend to their suppliers. If your product or service contributes to a clinical outcome, you need your own PI and medical malpractice cover. Do not assume the trust's indemnity scheme covers you.
The Procurement Act 2023 and timing of cover
One of the most significant changes introduced by the Procurement Act 2023 relates to when you must hold the required insurance.
Historically, many contracting authorities required bidders to have the full specified insurance limits in place at the point of submitting the tender. If the tender asked for £10m PI, and you only had £2m, you had to upgrade your policy before you could even submit your bid. This forced SMEs to purchase expensive cover just for the chance to bid, creating a massive barrier to entry and stifling competition.
Under Section 22 of the Act, contracting authorities are prohibited from requiring insurance relating to the performance of the contract to be in place before the contract is awarded.
This means you no longer have to pay upfront for insurance you might not need. You must still commit to obtaining the required levels of cover if you win, and the buyer will verify this before the contract commences. In the Selection Questionnaire, you can safely select the option stating that you do not currently hold the required cover but will obtain it prior to contract award, without failing the selection stage.
This change levels the playing field for SMEs, allowing them to bid for larger contracts without taking on unacceptable financial risk during the procurement process.
Proportionality and the Sourcing Playbook
The government's Sourcing Playbook provides explicit guidance to contracting authorities on how to set insurance limits. The overarching principle is proportionality.
Buyers are instructed not to ask for unlimited liability or excessive insurance cover "just in case." The limits must be based on a realistic assessment of the risks involved in the specific contract. If a buyer asks for £10m PI for a £20,000 contract to write a report, they are likely in breach of this guidance.
The Playbook states that limits should be arrived at through "some rationale and explicable relationship to the assessed risk level." This gives bidders a powerful tool to challenge excessive requirements. If a limit seems disproportionate, you can ask the buyer to explain their rationale during the clarification period. Often, they cannot justify the figure because it was simply copied from an older, larger procurement.
The Playbook also suggests that Professional Indemnity cover might be set at 150% of the contract value as a starting point for calculation. This is a useful benchmark. A £100,000 contract would therefore warrant a PI limit of around £150,000, not £10m. In practice, buyers round up to the nearest standard market level (typically £500,000, £1m, £2m, or £5m), but the 150% principle gives you a principled basis for a challenge.
The Procurement Act 2023 reinforces this by requiring conditions of participation to be "proportionate means of ensuring the supplier's relevant capacity or ability, having regard to the nature, complexity and cost of the public contract." A requirement that is not proportionate can be challenged formally, and a buyer who cannot justify their insurance threshold is exposed to a legal challenge under Section 22 of the Act.
Worked example
Imagine you are an SME IT consultancy bidding for a £150,000 data migration contract with a local council. The tender documents state a mandatory Professional Indemnity requirement of £10m. Your current PI cover is £2m. Increasing it to £10m will cost you an additional £8,000 per year, severely denting the margin on the contract.
Instead of walking away or absorbing the cost, you submit a clarification question.
The clarification question: "The tender specifies a Professional Indemnity limit of £10m. Given the total contract value is £150,000 and the services involve migrating non-sensitive, publicly available archive data, we believe a £10m limit is disproportionate to the risk and contrary to the guidance in the Sourcing Playbook. Would the Authority consider reducing the PI requirement to £2m, which aligns with standard market practice for a contract of this size and risk profile?"
The outcome: Because the buyer must adhere to proportionality rules, and because they likely copied the £10m figure from a previous, higher-risk procurement, they review the requirement. They issue a clarification response to all bidders reducing the PI requirement to £2m. You save £8,000 and remain competitive.
Common mistakes
- Buying cover too early. Do not upgrade your insurance policies just to submit a bid. Use the self-certification options in the SQ to commit to upgrading your cover only if you win the contract. This preserves your cash flow and aligns with the Procurement Act 2023.
- Ignoring run-off requirements. If a tender requires 6 years of run-off cover for Professional Indemnity, you must factor the cost of maintaining that policy into your pricing for the next six years, even if you never win another public sector contract. This is a hidden cost that catches many SMEs out.
- Accepting disproportionate limits. Do not assume the buyer's stated limits are final. If a requirement seems wildly out of step with the contract value or risk, challenge it during the clarification period citing the Sourcing Playbook's proportionality guidelines.
- Confusing aggregate and any one claim. Check the small print. If a buyer asks for £5m "any one claim" and your policy is £5m "in the aggregate," you do not meet the requirement. You will need to ask your broker to amend the policy basis, which will likely increase the premium.
- Failing to check policy exclusions. Having a £10m Public Liability policy is useless if it contains an exclusion for working on government sites or working at height, and the contract requires exactly that. Buyers will check the policy wording before award.
- Assuming frameworks guarantee work. Joining a framework like G-Cloud or MCF3 does not guarantee you will win any call-off contracts. Do not purchase the maximum framework insurance limits until you actually win a call-off contract that requires them.
Frequently asked questions
Can a buyer reject my bid if I don't have the insurance yet?
Under the Procurement Act 2023, buyers cannot reject your bid at the selection stage simply because you do not currently hold the required insurance limits. As long as you commit to obtaining the cover before the contract starts, you pass this section.
What is the difference between aggregate and any one claim?
"Any one claim" means the insurer will pay up to the limit for every single valid claim made during the policy period, regardless of how many claims there are. "In the aggregate" means the limit is the maximum the insurer will pay out for all claims combined during the policy year.
Why do buyers ask for £10m Employers' Liability when the legal minimum is £5m?
While the Employers' Liability (Compulsory Insurance) Act 1969 sets the minimum at £5m, the insurance market standard for decades has been to issue EL policies with a £10m limit. Buyers ask for £10m because it is standard market practice and usually costs the same as a £5m policy.
Can I pass the insurance requirements down to my subcontractors?
Yes, but you remain ultimately responsible to the buyer. If you rely on subcontractors to deliver the contract, you must ensure they hold adequate insurance that covers their portion of the work, but your own policies must still meet the buyer's overarching requirements for the main contract.
What happens if my insurer refuses to provide the required limit?
If your broker cannot secure the required limit due to the nature of your business or the state of the insurance market, you must raise this during the clarification period. If the buyer refuses to lower the limit, you cannot bid. You cannot self-insure or promise to cover the difference out of pocket.
