Coverage deep dives

Reading an MSA insurance exhibit: a 10-minute crash course

A practical guide to the insurance schedule on the back of a customer master services agreement — what every clause means, which to push back on, and which to bind to.

Stanley Cieslak Founding Head of Brokerage March 30, 2026

Every B2B vendor eventually ends up looking at an insurance exhibit at the back of a customer master services agreement. It’s the boilerplate page with limits, additional-insured language, certificate requirements and a list of policy types. Most operators sign it without reading it. Most brokers don’t read it either. Both are mistakes.

Here’s the 10-minute version.

The five things every exhibit specifies

1. Required policy types and limits

A typical enterprise MSA exhibit specifies:

  • General liability — usually $1M / $2M aggregate, sometimes $2M / $4M
  • Workers’ compensation — statutory, with $1M employer’s liability
  • Commercial auto — $1M combined single limit
  • Umbrella — varies, often $3M – $10M
  • Professional liability / Tech E&O — $1M – $5M for most professional firms; $5M+ for tech and consulting
  • Cyber liability — $1M – $5M, increasingly $5M+

What to do: Check that you have each line at the required limit before signing. Note that umbrella stacks on top of underlying limits — a $5M umbrella plus $1M GL primary clears the “$5M required” hurdle only if the contract permits stacking.

2. Additional insured (AI) requirements

The customer typically asks to be named as an additional insured on your GL (and sometimes umbrella and auto). Look for:

  • Whether completed operations is included (it should be — your finished work is where most claims arise)
  • Whether primary and non-contributory language is required (means your policy pays first, before the customer’s own coverage)
  • Whether the AI status applies to affiliates and subsidiaries

What to do: Confirm your GL form will support the exact wording. Most modern GL forms include automatic AI for required-by-contract scenarios — but the wording has to match. A specialty broker reads this and confirms.

3. Waiver of subrogation

This says you (and your insurer) won’t pursue the customer to recover what your insurer paid out. Standard ask. Usually fine.

What to do: Confirm your form supports it — most do. Some workers’ comp forms charge a small premium for the waiver endorsement.

4. Certificate requirements

How they want the certificate delivered, in what format, with what notice provisions for cancellation. ACORD 25 is the standard form. Watch for:

  • 30-day notice of cancellation — common ask, your carrier may only support 10-day, requiring negotiation
  • Renewal certificates auto-delivered — your broker should handle this
  • Specific endorsement attachments — some customers want the AI endorsement attached, not just listed

What to do: Make sure your broker’s COI system can deliver in the format and cadence the customer wants. Failed certificate delivery is the silent way contracts get suspended.

5. Indemnity and limitation of liability

Less an insurance question than a legal one, but inseparable from it. The indemnity clause says who pays whom when something goes wrong. The limitation of liability caps how much.

The combination determines what insurance you actually need:

  • Mutual indemnity, capped at fees → modest E&O exposure
  • One-way indemnity (you indemnify them), uncapped, including consequentials → catastrophic E&O exposure regardless of your policy

What to do: Get legal review on indemnity and LoL before signing. If the contract is one-way and uncapped, your E&O sizing has to follow.

What to push back on

A few clauses are worth negotiating even when the customer pushes:

  • Excessive limits not tied to contract value ($10M cyber for a $50k engagement is theatre)
  • Uncapped indemnity for the customer’s own negligence (push for mutual or with carve-outs)
  • Notice-of-cancellation periods longer than your carrier supports (negotiate to 10 days or “endeavor to provide”)
  • AI requirements covering affiliates and subsidiaries not specifically identified (asks the same of your insurer)

The broker’s job on this

A specialty broker should read the MSA before you sign — not after. The right ones do this as a normal part of pre-contract review and don’t charge extra for it. The wrong ones bind to whatever you tell them the requirements are, never see the contract, and you find out at first claim that the wording doesn’t match.

A 10-minute read by the right broker saves a multiple of that in claim disputes and uncovered losses. Use it.

Related on Nomos

Where this lives on the site.

General liability Professional liability Cyber liability MSPs & IT services Professional services Tech & AI startups
About the author

Stanley Cieslak

Founding Head of Brokerage

Stanley brings more than 20 years in wholesale and retail insurance brokerage, and has placed over $500 million in premium across his career. He has held senior roles at AmWINS, WestRope and Jencap, building exclusive insurance programs.

LinkedIn →
Get a quote

One programme,
for the whole firm.

Tell us about your firm. We'll come back with cover sized to your real risk — and we respond within an hour, any time.

Whole-firm view across every line
Quotes in days, not weeks
Reply within 1 hour, any time
Specialty and admitted markets, one programme

Request a quote

We'll get back to you with options.

We respond within 1 hour — any time, not 24.

No obligations. No spam.