ACORD 25: The Additional Insured Gap
Your Spreadsheet Can't See
When a risk manager checks the Additional Insured column on a subcontractor's ACORD 25, confirms the checkbox is marked, and enters "Compliant" into the tracking spreadsheet — they have just documented something with zero legal enforceability. The checkbox marking on the ACORD 25 form is not a coverage grant. It is a notation by an insurance producer — a third party who cannot amend the policy — that the producer believes an endorsement exists. Whether the endorsement was actually processed by the insurer is an entirely separate question, and the checkbox answers nothing about it. More than nine out of ten certificates of insurance audited by the International Risk Management Institute failed to meet the coverage specifications in the underlying contract. An entire compliance workflow built around scanning this checkbox is structurally blind to the gap that most commonly produces denied claims.
Key Takeaways
- 1 in 3 subcontractor COIs marked compliant for additional insured in your tracking sheet carries phantom coverage — the checkbox records the agent's belief not the insurer's grant.
- The ACORD 25 warns it 'confers no rights' and 'does not amend coverage' — yet the entire compliance workflow treats the ADDL INSD checkbox as verified protection.
- Extraction and verification as separate steps turn a checked box next to an empty endorsement column into an unmistakeable red flag — and the reviewer becomes the person who finds the gap before a denied claim finds the company.
The Checkbox That Isn't Coverage
The ACORD 25 — the Certificate of Liability Insurance form used by virtually every subcontractor in North American construction — contains a column labeled ADDL INSD. It sits quietly in the coverages grid, between the policy form type and the waiver of subrogation column. When a subcontractor's insurance agent fills out the certificate, they place a checkmark or an "X" in this column for each coverage line where the certificate holder has been added as an additional insured.
The risk management team receives the PDF. They scroll to the coverages grid. They locate the General Liability row. They see "X" in ADDL INSD. They enter "AI: Yes" into the compliance spreadsheet. The certificate moves to the approved pile.
This workflow is logical, standardized, and followed by thousands of construction firms. It is also the mechanism through which uninsured exposure accumulates, certificate by certificate, across every active project in a contractor's portfolio.
The ACORD 25 form itself contains the explanation of why this is dangerous — printed directly on the certificate, in bold text that most reviewers skip because it has become wallpaper:
ACORD 25 Disclaimer (on every certificate issued)
"This certificate is issued as a matter of information only and confers no rights upon the certificate holder. This certificate does not affirmatively or negatively amend, extend or alter the coverage afforded by the policies below."
In plain language: the certificate is a note from an agent, not a contract from an insurer. The agent can check the ADDL INSD box. They can type an endorsement form number into the Description of Operations block. They can attach a copy of a CG 20 10 form. But if the insurer never processed the endorsement — if the underwriter never approved it, if the additional insured was never actually added to the policy — none of that certificate notation provides coverage. The certificate is informational. Only the endorsement on the policy creates the right to defense and indemnity.
Legal precedent has been unambiguous on this point. Georgia statute O.C.G.A. § 33-24-19.1(j) codified what courts in multiple states have held: a certificate of insurance is not a policy and does not amend coverage. When a claim arises and the insurer discovers that no endorsement was actually issued — despite what the certificate says — the insurer's duty to defend and indemnify the additional insured simply does not exist. The spreadsheet entry "AI: Yes" becomes a record of what someone hoped was true.
This is not a theoretical edge case. Bramble, a COI verification platform, examined a dataset of condominium contractor certificates and found that roughly 31% of COIs that claimed additional insured status did not have a corresponding endorsement at the policy level. Nearly one in three certificates that a property manager or GC relied on for coverage was carrying phantom additional insured protection — visible on the COI, absent from the policy.
Three Ways AI Endorsements Appear on an ACORD 25 — and Three Ways They Fail
The additional insured endorsement is not a single binary field. On the ACORD 25 form, it can appear in three distinct locations, each governed by different rules, and each with its own failure mode. Understanding this triad is essential to understanding why spreadsheet-based review is structurally incapable of catching the gap.
The ADDL INSD Checkbox (Most Common, Least Reliable)
This is the column in the coverages grid, one per policy line. A checkmark here is the insurance producer's representation that, to their knowledge, an additional insured endorsement has been added to the named insured's policy for the certificate holder.
Failure mode: the producer's belief has no legal weight. The producer is not the insurer. The producer does not process endorsements — the insurer's underwriting department does. An agent can check the box in good faith based on what the named insured told them or what a blanket endorsement provision theoretically allows, without the insurer having ever issued the endorsement or collected the additional premium. A New York regulatory opinion from the Department of Financial Services explicitly states that an agent may not add terms to a certificate that alter, expand, or otherwise modify the terms of the actual policy. The checkbox falls into exactly this category: it purports to describe a modification that may or may not exist.
Standard insurance agency guidance published by the Independent Insurance Agents & Brokers of America reinforces this: "Never include additional insured status and waiver of subrogation by default. Even if the policy contains automatic 'when required by written contract' endorsements, the agency should not default to showing additional insured." The guidance is clear — the checkbox is conditional on actual processing, not a guarantee.
The Description of Operations Block (Free-Text, Unvalidated)
Beneath the coverages grid on every ACORD 25 sits the DESCRIPTION OF OPERATIONS / LOCATIONS / VEHICLES / EXCLUSIONS ADDED BY ENDORSEMENT / SPECIAL PROVISIONS block. This is a free-text field with no structured schema. An agent can type virtually anything here.
In practice, this block often carries the most specific information about additional insured status. An agent might write: "ABC Construction, Inc. is named as additional insured per CG 20 10 (07/04) and CG 20 37 (07/04)." Or: "Additional insured as required by written contract." Or — and this is where the problem compounds — they might type the specific endorsement form number that the contract requires, without confirming that it was actually attached to the policy.
Failure mode: free text is not machine-verifiable at scale. When a risk manager is reviewing 80 certificates this week, the Description of Operations block becomes a paragraph of dense text that must be read line by line. The difference between "Additional insured per CG 20 10" (coverage exists for ongoing operations) and "Additional insured per CG 20 10 and CG 20 37" (coverage extends to completed operations) is a few characters in the middle of a sentence. The difference between "Additional insured as required by written contract" (conditional — coverage exists only if a contract requires it) and "ABC Construction is named additional insured per endorsement CG 20 10" (specific — coverage exists regardless) is a legal nuance buried in verbiage that looks nearly identical in a fatigue-based scan.
The Attached Endorsement Pages (Most Valuable, Least Checked)
The only legally enforceable evidence of additional insured status is the actual endorsement page — the ISO form or carrier equivalent that was processed by the insurer and attached to the named insured's policy. On a properly prepared certificate, these endorsement pages appear as attachments behind the ACORD 25 form. They carry the policy number, the endorsement form number (CG 20 10, CG 20 37, CG 20 33, etc.), the name of the additional insured, and the effective date.
Failure mode: reviewers rarely request or examine them. The industry norm is to collect the ACORD 25 and proceed. The endorsement pages — if they were even included — sit at the back of the PDF, rarely scrolled to. A compliance coordinator managing 200 subcontractors at the start of a project has approximately 3 to 5 minutes per certificate. That time is consumed by checking policy dates, coverage limits, and verifying the certificate holder name. Scanning attached endorsement pages for form numbers that match the contract's requirements does not fit into a 5-minute review window.
This creates a structural compliance gap: the most legally significant piece of the certificate package is also the piece most likely to be ignored. A COI tracking spreadsheet with 200 rows and a column labeled "AI Verified" can show 100% compliance — with zero endorsements actually verified at the policy level.
The Endorsement Nobody Checks: When AI Exists on the Wrong Policy
There is a subtler failure mode that even a diligent reviewer — someone who does scroll to the endorsement pages — can miss. It occurs when the additional insured endorsement exists, but on a different policy line than what the certificate holder assumes.
Consider a common subcontractor insurance stack:
| Policy | Limit | AI Endorsement |
|---|---|---|
| Commercial General Liability | $1M per occurrence / $2M aggregate | None (CG 20 10 not attached) |
| Commercial Auto | $1M combined single limit | None |
| Umbrella / Excess Liability | $5M | CG 20 10 attached — AI endorsed |
| Workers' Compensation | Statutory | N/A |
At first glance, the COI looks compliant. The ACORD 25's ADDL INSD column is checked. The Description of Operations block reads "ABC Construction named as additional insured." The endorsement pages are attached, and on page three of the PDF, a CG 20 10 endorsement appears with ABC Construction listed in the schedule.
The gap reveals itself only when you trace which policy line the endorsement is attached to. The Umbrella policy carries the CG 20 10. The General Liability policy — the primary layer that responds first to claims — does not. This creates a coverage structure where the additional insured is protected only after the primary limits are exhausted. For a $75,000 general liability claim from a jobsite injury, the Umbrella never triggers. The GC is not an additional insured on the GL policy. The claim hits the GC's own insurance.
This is not a contrived scenario. COI tracking platform Jones documented this exact issue in their compliance enforcement workflows, where different clients had different rules for where the AI endorsement must appear — some requiring it in the Description of Operations block plus the endorsement page, others requiring it across multiple coverage lines simultaneously. The variation in client requirements is itself evidence that the problem is widespread enough to have generated custom verification rules.
The deeper structural problem: an ACORD 25 shows one ADDL INSD column, but that column sits on a grid with five rows (GL, Auto, Umbrella, WC, Other). The checkbox applies to the row it sits in — but the visual simplicity of the form encourages reviewers to treat it as a single yes/no condition. A checkbox in the Umbrella row does not mean the GL row carries the endorsement. But when the reviewer is scanning 50 certificates in a sitting and the ADDL INSD column consistently shows an "X" across multiple rows, visual pattern recognition overrides row-by-row verification. The eye sees a pattern of compliance. The GL row may or may not be part of it.
500 Certificates, One Reviewer: Why Manual Verification Structurally Misses This Gap
A mid-size general contractor managing 20 active projects with an average of 25 subcontractors each carries approximately 500 certificates of insurance in its tracking system at any given time. Each certificate must be verified at onboarding, re-verified at renewal, and re-verified whenever a subcontractor changes insurers mid-project — a common occurrence as policies expire and are replaced.
The verification workload is not linear. Certificates arrive in bursts — 40 certificates in the week before a project breaks ground, 15 certificates when a subcontractor fleet renews at the same time, 8 certificates when an audit deadline approaches and the compliance team discovers expired COIs that were never flagged. The risk manager or compliance coordinator is not processing certificates in a calm, focused environment. They are triaging.
Under triage conditions, the human review process follows a predictable degradation path:
Policy effective and expiration dates — the most visible fields, checked first because expired coverage is a hard stop.
Coverage limits per line — verified against the contract's minimum requirements. A mismatch here is immediately visible: $500K instead of $1M is a red flag that stands out.
Certificate holder name — confirmed matches the contract entity. Spelling errors or parent/subsidiary mismatches are flagged.
ADDL INSD checkbox — scanned for the presence of a checkmark. The checkbox is a binary field: marked or not marked. The brain processes this in milliseconds as pattern recognition, not analytical reading.
Description of Operations block — if time permits, scanned for the presence of "additional insured" language. Verbatim text comparison against the contract's required endorsement form numbers (CG 20 10, CG 20 37) requires concentration that degrades after 10–15 certificates.
Attached endorsement pages — rarely reached. Scroll to the end of the PDF, identify the endorsement form number, confirm it matches the contract, confirm it covers the correct policy line. This step is systematically skipped when volume exceeds capacity.
By step 4, the brain has switched from analytical verification to pattern matching. The ADDL INSD checkbox becomes a visual signal — a green light that says "this section is handled." The difference between a CG 20 10 on the GL line and a CG 20 10 on the Umbrella line is not something the eye catches in pattern-recognition mode. It requires stepping back into analytical mode, tracing the policy line across the grid, cross-referencing with the endorsement page, and confirming the form number matches the contract specification.
This is not a failure of diligence. It is a failure of process design. The human visual system is not engineered to sustain high-accuracy, field-level verification of dense tabular documents across hundreds of repetitions. An error rate of 15–20% in manual insurance data entry has been documented across the insurance compliance industry — not from incompetence, but from the structural mismatch between the task's cognitive demands and the human capacity for sustained analytical attention.
The Reddit thread captures the reality from the trenches: "Subs will send certificates with wrong coverage limits, missing additional insured endorsements, or incorrect project names. Just having a process isn't enough." The process — the spreadsheet, the checklist, the 5-minute review — is the very thing that creates the illusion of control while leaving the most consequential gap unexamined.
How Extraction Changes the Verification Equation
The structural failure of manual COI review is not that the reviewer is careless. It is that the reviewer is being asked to perform two tasks simultaneously — data entry (typing policy numbers, limits, dates into a spreadsheet) and compliance verification (assessing whether what's on the page meets contract requirements) — for a document format where each field demands separate analytical attention. These are two different cognitive operations, and doing both at once degrades both.
Separating them is the threshold where the gap begins to close. The data entry step — extracting what is on the page — gets handled by AI extraction. The compliance verification step — deciding whether what is there meets the contract — remains with the risk manager, now supported by a complete, accurate extract of what every certificate actually says.
When AI reads an ACORD 25, it does not look at the ADDL INSD checkbox alone. It can extract all three sources of endorsement information simultaneously: the checkbox status, every line in the Description of Operations block (including specific form numbers like "CG 20 10" and "CG 20 37"), and the endorsement form numbers from attached pages. These three data points land in three columns in a spreadsheet — AI Checked?, Description Block Text, Endorsement Form Numbers Found — and the risk manager reviews them side by side.
A mismatch jumps off the spreadsheet: the AI column shows "X" but the endorsement form number column is empty. The Description block says "CG 20 10" but the endorsement page attached is a CG 20 33. The GL row has the checkbox but the endorsement is on the Umbrella row. These are the compliance signals that manual review, by its cognitive design, cannot surface at scale.
The approach builds on the same Custom Column Extraction workflow that turns any document into a structured spreadsheet. You define the columns you want — Policy Number, Insured Name, GL Per Occurrence Limit, GL Aggregate Limit, ADDL INSD Checkbox, Description of Operations, Endorsement Form Numbers, Policy Expiration Date — and the AI reads each ACORD 25 PDF by understanding what those fields mean semantically, not by looking for them at fixed coordinates. Format differences between insurers — different font sizes, shifted field positions, agency stamps overlaid on the form — do not break the extraction because the AI is reading by meaning, not by position.
The output is a compliance tracker where every certificate's data is extracted to the same 12-column template. The risk manager's job shifts from "open PDF, read field, type into spreadsheet" to "scan the spreadsheet for mismatches and flag them." This is a fundamentally different cognitive load. Scanning for a red-flag pattern in a column is orders of magnitude faster than extracting individual fields from a PDF, and the error rate drops because the pattern-recognition step now operates on structured data rather than a scanned form.
For the scale problem — 500 certificates, one reviewer — this matters because the time per certificate shifts from 5 minutes of manual extraction-and-review to approximately 10 seconds of AI extraction plus 30 seconds of structured-data review. The reviewer's attention budget, previously consumed by the mechanical task of field transcription, is now available for the analytical task that actually protects the company: identifying which certificates have phantom AI coverage. Detail on the column-by-column workflow is in the ACORD 25 extraction guide; the batch-scale processing strategy across hundreds of certificates at once is covered in the batch ACORD 25 verification walkthrough.
Frequently Asked Questions
Does the ADDL INSD checkbox on an ACORD 25 provide any legal protection?
No. The ACORD 25 form itself states that it "confers no rights upon the certificate holder" and "does not affirmatively or negatively amend, extend or alter the coverage afforded by the policies." The checkbox is a notation by the insurance producer. An additional insured endorsement must be processed by the insurer and attached to the policy for coverage to exist. Without it, the checkbox carries zero legal weight.
What's the difference between CG 20 10 and CG 20 37 — and why do I need both?
CG 20 10 provides additional insured coverage for liability arising from the named insured's ongoing operations — while the subcontractor is actively working on the project. CG 20 37 provides additional insured coverage for liability arising from completed operations — after the subcontractor's work is finished. Without CG 20 37, the GC has no additional insured protection once the subcontractor leaves the site, which means a defect claim surfacing months after project completion hits the GC's own policy. For any project where the statute of repose extends years beyond construction completion, both endorsements are necessary.
Can AI extraction tell the difference between an endorsement form number in the Description block and one on an attached page?
Yes, when the extraction columns are designed to capture source context. By defining separate columns — one for the Description of Operations text block and one for endorsement form numbers found on attached pages — the extracted spreadsheet shows exactly where each piece of information came from. A CG 20 10 form number found in the Description block but not on any attached endorsement page is a signal that the certificate notation may not be backed by an actual processed endorsement.
What if the subcontractor has a blanket additional insured endorsement — does the checkbox need to be verified?
Blanket additional insured endorsements — typically triggered by the phrase "when required by written contract" — automatically extend additional insured status to any entity the named insured has a written contract with that requires it. However, the blanket coverage still has conditions: a written contract must exist, the contract must require additional insured status, and the contractual scope must fall within the endorsement's coverage trigger. The COI checkbox by itself does not confirm that these conditions are satisfied. The underlying contract and the actual endorsement language — not the certificate notation — determine whether coverage applies.
How many additional insured endorsements does ISO publish, and which ones matter for construction?
ISO publishes dozens of additional insured endorsements — CG 20 09 through CG 20 38 and beyond — covering different relationships (owners, lessees, contractors, managers, vendors, grantors) and different coverage triggers (ongoing operations, completed operations, automatic when required by contract). For construction, the three most commonly required are: CG 20 10 (Additional Insured — Ongoing Operations, scheduled), CG 20 37 (Additional Insured — Completed Operations), and CG 20 33 (Automatic Additional Insured Status When Required in Construction Agreement). Each has different edition dates with materially different coverage language — the 04/13 and 12/19 editions of CG 20 10 are narrower than the 10/01 edition because they replaced "arising out of" language with "caused, in whole or in part, by" — which courts have interpreted as requiring a showing of the named insured's fault. The edition date printed on the endorsement matters.
Is there an industry standard for how often COI endorsements don't match the policy?
Multiple independent sources point to a significant gap. Bramble's data from condominium contractor certificates showed approximately 31% of COIs claiming additional insured status lacked the corresponding policy-level endorsement. Industry surveys cited by COI verification platforms report that 23% of manually reviewed construction certificates contain errors or coverage gaps. The IRMI audit finding that 9 out of 10 certificates failed to meet contractual insurance specifications — while being even broader in scope — is consistent with the magnitude of the problem. The data suggests that for every three subcontractors whose COI claims additional insured protection, roughly one does not actually have it.
How does ImageToTable.ai handle this differently from a dedicated COI tracking platform?
Dedicated COI tracking platforms — Jones, myCOI, bcs, Billy, CertFocus — are purpose-built for ongoing compliance management: they collect certificates, send renewal reminders, integrate with project management software, and some offer human review services. They solve the tracking and workflow problem. ImageToTable.ai solves a different problem: the extraction step. It turns a stack of ACORD 25 PDFs into a structured spreadsheet with every field extracted to columns you define, including endorsement form numbers and their source context. For teams that manage COI compliance through spreadsheets — or that use a COI platform but still manually enter certificate data — the extraction step is where the endorsement gap hides. A broader comparison of COI compliance cost exposure is in the COI non-compliance cost analysis; the complete overview of COI data extraction is in the COI extraction guide.
The ACORD 25 certificate is a summary, not a contract. The additional insured checkbox is a notation, not a coverage grant. A compliance process that treats the checkbox as the endpoint of verification is measuring confidence, not coverage — and the gap between the two is what pays for claims.