An independent UK IT contractor — a database specialist trading through her own limited company — is two months into a six-month engagement with a multinational manufacturer through a recruitment agency. The agency contract requires £2m of Professional Indemnity Insurance, £5m of public liability, employers' liability cover, and a separate cyber liability policy at £1m. The end-client also asks for evidence of compliance with the agency's IR35 status determination, which has classified the role as "outside IR35" on the basis of substitution rights, control levels and the absence of mutuality of obligation. Three weeks in, a database migration she has been running drops an indexed field used by the client's downstream reporting; the field is reconstructed within forty-eight hours but the client estimates the disruption cost at £42,000. The agency notifies her. She phones her broker.
That kind of engagement — and that kind of incident — is the daily reality for tens of thousands of UK IT contractors operating through personal service companies. It sits at the intersection of two areas that contractors often think about separately but which interact directly: Professional Indemnity Insurance and the IR35 / off-payroll working rules. This guide explains how PI works for an IT contractor operating through a limited company, what end clients and agencies are currently asking for in 2026, and how the contractor's IR35 status influences (or, more accurately, doesn't influence) the insurance position — with an important caveat about how the way the contractor presents themselves to the market can cut the other way.
This piece is for IT contractors and one- to three-person consultancy companies. For the broader picture on PI for IT firms generally, see the IT professionals pillar guide. For the PI/cyber boundary specifically, see the software development PI vs cyber cover cluster.
Why an IT contractor needs PI at all
There is no UK statute requiring an independent IT contractor to hold Professional Indemnity Insurance. Unlike solicitors, architects, accountants or chartered surveyors, IT contractors are not bound by a regulator's PII regulations. As a matter of law you can take on a contract and trade without PI.
In commercial practice that simply isn't an option for most contractors. The reasons are three:
First, agency and end-client contracts. Almost every major UK recruitment agency operating in the IT contractor market — and almost every direct end-client of any significance — requires the contractor's limited company to maintain PI cover for the duration of the engagement, at a stated minimum limit. The most common bar in 2026 is £1m or £2m, sometimes £5m for higher-value engagements with regulated end-clients. The contractor without PI cannot complete the agency on-boarding process and cannot sign the engagement.
Second, English contract and tort law. The contractor's personal service company is a separate legal person from the contractor as an individual, but the company contracts as principal and bears the contractual liability. If the company causes the client loss through negligent performance, the client can sue the company under the contract and in tort. The company has assets (cash, receivables, equipment), and increasingly the modern enterprise client knows it. A claim that the contractor would once have walked away from is increasingly pursued.
Third, personal exposure through directors' duties and joint liability. Where the contractor is the sole director and shareholder of the personal service company, a claim against the company that the company cannot meet can in some circumstances lead to claims against the director personally — for example where there are allegations of personal negligence, deceit, or breach of director's duties. PI cover for the company, when properly structured to include named individuals where appropriate, is the primary protection against this risk crystallising as a personal financial exposure.
The result is that PI is effectively mandatory for any IT contractor who wants to engage with serious clients through serious channels — but the obligation is contractual and commercial, not statutory.
What PI actually covers for a contractor
The cover is the same in principle as for a larger IT consultancy, scaled to the contractor's profile. A PI policy written for an IT contractor will respond to a civil claim made by a client or third party alleging that the contractor's professional services caused financial loss.
For an IT contractor that envelope typically includes:
Allegations of negligent design, development, testing, deployment, configuration or operation of software or systems. Errors in coding, integration, migration or rollback. Failure to deliver to specification within the contractual cover. Negligent advice on technology choice, architecture or vendor selection. Mistakes in database work, data migration, or data quality. Failures in project management or technical leadership. Negligent training or knowledge transfer to client teams. Intellectual property infringement in deliverables. Breach of confidence relating to client information.
In the opening scenario the dropped index falls squarely in the database-work-with-data-loss-consequences category. PI defence costs would respond to the threatened claim, and the £42,000 disruption cost — assuming the claim is established — would respond up to the policy limit subject to the excess.
What PI does not cover for a contractor includes deliberate or fraudulent acts, the contractor's own remedial work to fix a defective deliverable (the "rework exclusion", unless extended), regulatory fines and penalties, the contractor's own first-party cyber incident costs (which would sit on a cyber policy), bodily injury and property damage (which sit on public liability), employment-related matters (which would sit on employers' liability or D&O if held), and liabilities the contractor has assumed by contract beyond the general legal duty of skill and care — including fitness-for-purpose warranties that are not qualified by reasonable skill and care.
What end clients and agencies actually ask for in 2026
The agency on-boarding insurance requirements have evolved in a recognisable pattern over the last five years. In 2026 a typical agency-mediated engagement for an IT contractor through one of the major UK technology agencies will require:
Professional Indemnity Insurance at £1m or £2m any one claim — sometimes higher for engagements with regulated end-clients, sometimes lower for purely advisory or short engagements but rarely below £500,000. Some agencies require the cover to be held in the name of the personal service company; some accept the contractor's individual name; the right answer is for the policy to name the company (since the company is the contracting party) with the individual identified as the relevant professional.
Public liability insurance at £2m or £5m. This is a separate product from PI and responds to claims for bodily injury or property damage caused on a client site or in the course of work — historically less relevant for IT but still required as a baseline.
Employers' liability insurance, at the statutory minimum £5m. This is mandatory under the Employers' Liability (Compulsory Insurance) Act 1969 for any UK business with employees, and most major agencies require it on the contractor's policy schedule even where the contractor has no employees other than themselves. The reason is partly contractual habit, partly recognition that the contractor may bring in temporary help. Where the contractor is a sole director with no employees and no expectation of taking any on, technically the statutory requirement does not apply, but most agencies require the cover anyway.
Cyber liability insurance, increasingly at £1m, sometimes higher for engagements that involve client personal data or production system access. Cyber requirements were rare in IT contractor agency on-boarding five years ago; they are now almost universal in engagements above modest value.
Some agencies and some end-clients also require: evidence of cover at on-boarding (a certificate from the broker), notice of any material change in cover during the engagement, and the right to require continued cover for a tail period after the engagement ends — typically six years to match the limitation period for breach of contract under English law. Tail-period requirements are increasingly common in 2026 and were rare in IT contractor contracts a decade ago.
How IR35 actually intersects with PI
This is where the question gets interesting, and where the prevailing folk-understanding among contractors is sometimes wrong.
The IR35 rules — formally the off-payroll working rules in Chapters 8 and 10 of the Income Tax (Earnings and Pensions) Act 2003, as amended by Finance Act 2017 and Finance Act 2020 — determine whether a contractor engaged through an intermediary (typically the contractor's own personal service company) should be treated for tax and National Insurance purposes as a deemed employee of the end client. The rules have evolved significantly: since April 2017 in the public sector and since April 2021 in most of the private sector, the responsibility for making the status determination has sat with the end client rather than with the contractor, except where the end client is "small" within the meaning of the Companies Act 2006.
The status determination has substantial tax consequences for the contractor — an "inside IR35" determination broadly means PAYE and NI are deducted at source by the fee-payer, the contractor's company effectively cannot retain the income after payroll, and the dividend-and-salary tax planning advantage of the personal service company structure is materially reduced.
The intersection with PI is more subtle than is often appreciated. The IR35 status determination does not, in itself, change what insurance is required. An "outside IR35" contract requires the same PI cover as an "inside IR35" contract — the agency or end-client insurance schedule is normally a separate condition of engagement that applies regardless of status determination, and breach of that schedule has nothing to do with the tax position.
However, the way the contractor presents themselves to the market — which directly affects the IR35 status determination — also indirectly bears on insurance. A genuine outside-IR35 engagement typically features substitution rights, control by the contractor over how the work is done, lack of mutuality of obligation, business-on-own-account indicators (the contractor invests in equipment and training, takes financial risk, can suffer loss), and contractual terms consistent with a business-to-business engagement. Those same business-on-own-account indicators are exactly the indicators that mean the contractor's personal service company is genuinely trading as a business — and a business that trades carries professional liability that needs insuring.
Three specific points of intersection are worth being awake to.
HMRC's Check Employment Status for Tax (CEST) tool and the substitution question. Holding PI in the contractor's company name is often cited as a "business on own account" factor in IR35 determinations — alongside provision of own equipment, business insurance more broadly, a website, marketing, multiple clients, and so on. It is not on its own determinative — the case law (notably Atholl House Productions v HMRC, PGMOL v HMRC and the long line of media-personality cases) makes clear that the multifactorial test cannot be reduced to a single indicator — but it is a cumulative factor. A contractor presenting as a business with its own PI cover, its own cyber cover, its own pension arrangements and its own brand identity is meaningfully different from a contractor who looks indistinguishable from an employee except for the invoice.
The "inside IR35" engagement and the personal service company that still carries liability. Where an end client determines a particular contract as inside IR35, the contractor's company is paid net of PAYE and NI by the fee-payer. The company still contracts with the client, still owes the client a duty of skill and care, and still carries the legal liability for negligent performance. Inside-IR35 status does not transfer liability to the end client and does not make the contractor a true employee for civil liability purposes. The PI requirement therefore continues to apply — the contractor's company still needs cover, and the agency or end-client insurance schedule will still require it.
The umbrella company alternative. Where a contractor decides to work through an umbrella company rather than a personal service company — sometimes as a response to an inside-IR35 determination, sometimes as a personal preference for administrative simplicity — the picture changes. An umbrella company employee is, contractually, an employee of the umbrella company; the umbrella company is the supplier of services to the agency or end client; the umbrella company holds the PI cover for the assignments. In this structure the individual contractor does not need their own PI policy. However, contractors moving between umbrella and personal service company structures within a tax year, or holding some inside-IR35 engagements through umbrella and some outside-IR35 engagements through their own company, need their own PI cover in respect of the outside-IR35 engagements regardless of the umbrella arrangement for the inside ones.
Common claim patterns specific to contractor engagements
The categories of claim that recur for IT contractors operating through personal service companies cluster differently from those affecting larger consultancies, in part because the engagements are typically shorter, more focused, and more often delivered as part of a wider programme run by the end client.
The recurring categories include:
Errors in specific deliverables. The contractor is engaged for a defined piece of work — a database migration, a particular module of code, a security review, a system integration — and an error in that specific deliverable causes downstream loss. This is the category from the opening scenario.
Allegations of failure to flag risks the contractor should have flagged. Particularly where the contractor is engaged as a technical specialist and the end client's own team did not have the expertise to spot the issue, the claim takes the form of "you were the expert, you should have warned us". Defence depends heavily on the file record — what was raised in writing, what was discussed verbally, what risk register entries were made.
Disputes over scope and acceptance. Whether the contractor delivered what was agreed, whether changes during the engagement were properly authorised, whether acceptance criteria were met. These disputes more often involve fees being withheld and counterclaims escalating than full-scale negligence litigation, but the threatened claim still triggers PI notification.
Confidentiality and IP issues. Where the contractor moves between similar end clients in the same sector, occasionally a dispute arises over alleged carry-over of confidential information or IP. PI policies generally respond to breach-of-confidence claims; deliberate misuse is excluded as a fraudulent act.
Cyber-incident-derived claims. Where the contractor's access credentials, equipment or work product is implicated in a cyber incident at the end client — for example through a phishing compromise of the contractor's laptop, or through inadequate handling of access tokens — the resulting end-client losses can become the contractor's PI exposure. This is one of the more rapidly increasing claim categories in the IT contractor market and is a reason most modern contractor insurance programmes include cyber alongside PI.
Limits, structure and excess for a contractor
For an IT contractor in 2026 the practical sizing of PI cover is driven primarily by what the contractor's engagement contracts require. The agency or end-client insurance schedule typically sets the floor; the practical ceiling is the worst-case engagement exposure.
A representative pattern:
A contractor doing short-term technical work for SME end clients with engagement values under £50,000 typically holds £1m of PI cover. A contractor on enterprise engagements through a major agency typically holds £2m. A contractor working with regulated end-clients (financial services, healthcare, regulated utilities) or in public sector framework engagements typically holds £2m to £5m. Cover above £5m is unusual for a single-person personal service company.
The "any one claim" basis is the standard structure — meaning each individual claim is covered up to the policy limit and there is typically no aggregate cap. This is one area where the contractor market differs from the larger-firm market, where aggregate caps are more common.
Excesses are usually modest — £500 to £2,500 is typical for contractor-scale policies — reflecting the smaller-scale nature of the cover and the fact that the contractor's personal service company does not have the resilience of a larger firm to absorb a large excess on a small claim.
Cyber excesses, where cover is bought, tend to be slightly higher in percentage terms — £1,000 to £5,000 is common — because cyber events tend to involve more first-party cost regardless of the eventual third-party outcome.
Run-off cover for the contractor closing down or going on PAYE
If the contractor decides to wind down the personal service company — to take a permanent PAYE role, to move to umbrella for the next phase of career, to retire, to emigrate — the question of run-off arises. PI is claims-made; once the company stops paying premium the cover stops responding to new notifications, regardless of when the underlying work was done. Claims can arise for several years after the engagement ends under English contract and tort law (six years for ordinary contracts, twelve years for contracts executed as deeds, although deed-form engagements are uncommon in IT contracting).
There is no statutory minimum run-off period for an IT contractor. Six years is the practical standard, matching the limitation period for breach of contract under English law, and most modern agency contracts now require six years of run-off as a continuing obligation surviving termination. Run-off is normally priced as a single up-front premium calculated as a multiple of the last working premium — commonly 100% to 200% of the annual premium spread across the run-off period.
For a contractor moving to a permanent PAYE role, the practical question is whether the cost of six years of run-off is justified by the realistic risk of a late-arising claim. The answer depends on the engagement history — a contractor whose last six years of engagements were straightforward maintenance work for SME clients has a meaningfully lower late-claim risk than one whose last six years included large enterprise transformation programmes. The honest answer is that most contractors should hold run-off; some, on advice, take the calculated risk of not holding it.
How Apex helps an IT contractor
Apex Insurance Brokers Limited is an independent FCA-authorised insurance broker. For IT contractors specifically we place PI, cyber, public liability, employers' liability and combined contractor insurance programmes designed to meet the requirements of UK technology agencies and end clients. We do not have a tied arrangement with any one insurer, we do not have quotas, and we do not have our own contractor scheme that we are paid to push — we act as the broker for our clients in the market.
The work we do for a contractor is typically: review the agency or end-client insurance schedule, identify which cover types and limits are required (and which are not, despite what the schedule appears to require), place cover with insurers we think will price the particular profile sensibly, issue the certificate of insurance the agency needs, and walk the contractor through what to do if a notification arises. Information on how we are remunerated and on our regulatory status is on our Terms of Business page; how we handle personal data is in our Privacy notice; and the route for raising any concerns is on our Complaints page.
If you have a new contract starting and an agency schedule to meet, or if your existing PI is approaching renewal, see our IT professionals sector page or contact us for a no-commitment conversation.
Frequently asked questions
Do I need PI insurance as an IT contractor through my own limited company?
There is no UK statute requiring IT contractors to hold Professional Indemnity Insurance. In commercial practice almost every UK recruitment agency and most direct end-clients require PI cover at a stated minimum limit — most commonly £1m or £2m — as a condition of engagement. The personal service company is a separate legal person from the contractor as an individual but contracts as principal and bears contractual liability for the work, so the cover protects the company's assets and indirectly the contractor's economic position. For any contractor working through serious channels with serious clients, PI is effectively mandatory.
Does IR35 status change what PI cover I need?
The IR35 status determination — inside or outside the off-payroll working rules — does not change the contractual or commercial requirement for PI. An outside-IR35 contract and an inside-IR35 contract typically require the same insurance schedule, because the insurance requirement is separate from the tax position. However, the underlying business-on-own-account factors that support an outside-IR35 determination (substitution rights, own equipment, business insurance, multiple clients) are the same factors that mean the contractor's company is genuinely trading as a business and therefore carries professional liability that needs insuring. Holding PI in the company's name is sometimes cited in IR35 evidence as a business-on-own-account indicator, though it is one factor in a multifactorial test and not determinative.
If my contract is inside IR35 do I still need PI?
Yes. Inside-IR35 status changes the tax treatment of the contractor's income but does not transfer civil liability to the end client and does not make the contractor a true employee for liability purposes. The personal service company still contracts with the client (directly or through an agency), still owes the client a duty of skill and care, and still carries legal liability for negligent performance. The agency or end-client insurance schedule typically continues to apply regardless of status determination.
What insurance does a UK agency typically require from an IT contractor in 2026?
The typical agency schedule in 2026 requires Professional Indemnity Insurance at £1m or £2m (sometimes higher for regulated end-clients), public liability insurance at £2m or £5m, employers' liability insurance at the statutory £5m minimum, and increasingly a cyber liability policy at £1m or higher. The contractor's personal service company is normally the named insured. Some agencies require evidence of cover at on-boarding and the right to require continued cover for a tail period (commonly six years) after the engagement ends.
Do I need employers' liability if my limited company has no employees?
Strictly, the Employers' Liability (Compulsory Insurance) Act 1969 requires cover for any UK business with employees. A sole-director personal service company with no employees other than the director themselves does not, technically, have to hold the cover. In practice most UK recruitment agencies require it on the contractor's policy schedule regardless, partly out of contractual habit and partly because the contractor may bring in temporary help during an engagement. The cost is modest and meeting the requirement avoids on-boarding friction.
Can I use an umbrella company's PI cover instead of buying my own?
If you work through an umbrella company you are contractually an employee of the umbrella, the umbrella is the supplier of services to the agency or end client, and the umbrella's PI cover responds to your work under that engagement. You do not need a separate personal service company PI policy for umbrella engagements. However, contractors who hold some engagements through umbrella and others through their own personal service company need their own PI cover for the company engagements regardless of the umbrella arrangement.
Do I need run-off cover if I move from contracting to a permanent role?
Almost always, yes. PI is claims-made — the policy only responds if it is in force at the date the claim is notified, not the date the work was done. Once the personal service company stops paying premium, claims can still arise for up to six years under English contract law (or twelve where the contract was executed as a deed, rare in IT contracting). The practical standard is six years of run-off, and many modern agency contracts now require it as a contractual continuing obligation. Run-off is typically priced as a single up-front premium calculated as a multiple of the last annual premium.
Are AI tools I use in my contractor work covered by my PI policy?
Most UK tech PI wordings in 2025 and 2026 do not have express exclusions for AI-generated output, but several insurers have introduced clarifying endorsements that should be read carefully. If you make material use of generative AI in your delivery — code generation assistants, AI-assisted documentation, AI-driven testing tools — declare it at renewal so the wording and any endorsements respond as intended. The risk areas are intellectual property infringement, warranties of originality in your contract, and errors flowing from undetected AI hallucinations entering production work.
Related guides
- IT professionals PI insurance — UK guide 2026
- Software development PI vs cyber cover — where the line falls
- IT professionals sector page — speak to a broker
About Apex Insurance Brokers
Apex Insurance Brokers Limited is authorised and regulated by the Financial Conduct Authority, FCA firm reference 724952. Registered in England and Wales, Companies House 07014570. Last reviewed: May 2026.
This guide is general information about Professional Indemnity Insurance for UK IT contractors and is not advice tailored to any individual contractor's circumstances. It is not tax advice — for IR35 status determinations or tax planning please speak to a qualified tax adviser. For advice on your own insurance placement, please contact us.
FAQPage JSON-LD (hand-rolled — add via Yoast Custom Field or theme injection)
{
"@context": "https://schema.org",
"@type": "FAQPage",
"mainEntity": [
{
"@type": "Question",
"name": "Do I need PI insurance as an IT contractor through my own limited company?",
"acceptedAnswer": {
"@type": "Answer",
"text": "There is no UK statute requiring IT contractors to hold Professional Indemnity Insurance. In commercial practice almost every UK recruitment agency and most direct end-clients require PI cover — most commonly £1m or £2m — as a condition of engagement. The personal service company contracts as principal and bears contractual liability, so the cover protects the company's assets and the contractor's economic position. For any contractor working through serious channels with serious clients, PI is effectively mandatory."
}
},
{
"@type": "Question",
"name": "Does IR35 status change what PI cover I need?",
"acceptedAnswer": {
"@type": "Answer",
"text": "The IR35 status determination does not change the contractual or commercial requirement for PI. Outside-IR35 and inside-IR35 contracts typically require the same insurance schedule. However, the business-on-own-account factors that support an outside-IR35 determination are the same factors that mean the contractor's company is genuinely trading and carries professional liability that needs insuring. Holding PI in the company's name is sometimes cited as a business-on-own-account indicator, though it is one factor in a multifactorial test."
}
},
{
"@type": "Question",
"name": "If my contract is inside IR35 do I still need PI?",
"acceptedAnswer": {
"@type": "Answer",
"text": "Yes. Inside-IR35 status changes the tax treatment of the contractor's income but does not transfer civil liability to the end client and does not make the contractor a true employee for liability purposes. The personal service company still contracts with the client, still owes a duty of skill and care, and still carries legal liability for negligent performance. The agency or end-client insurance schedule typically continues to apply regardless of status determination."
}
},
{
"@type": "Question",
"name": "What insurance does a UK agency typically require from an IT contractor in 2026?",
"acceptedAnswer": {
"@type": "Answer",
"text": "The typical agency schedule requires PI at £1m or £2m (sometimes higher for regulated end-clients), public liability at £2m or £5m, employers' liability at the statutory £5m minimum, and increasingly a cyber liability policy at £1m or higher. The contractor's personal service company is normally the named insured. Some agencies require evidence of cover at on-boarding and the right to require continued cover for a tail period (commonly six years) after the engagement ends."
}
},
{
"@type": "Question",
"name": "Do I need employers' liability if my limited company has no employees?",
"acceptedAnswer": {
"@type": "Answer",
"text": "Strictly, the Employers' Liability (Compulsory Insurance) Act 1969 requires cover for any UK business with employees. A sole-director personal service company with no employees does not technically have to hold the cover. In practice most UK recruitment agencies require it on the contractor's policy schedule regardless. The cost is modest and meeting the requirement avoids on-boarding friction."
}
},
{
"@type": "Question",
"name": "Can I use an umbrella company's PI cover instead of buying my own?",
"acceptedAnswer": {
"@type": "Answer",
"text": "If you work through an umbrella company you are contractually an employee of the umbrella, the umbrella is the supplier of services, and the umbrella's PI cover responds to your work under that engagement. You do not need a separate personal service company PI policy for umbrella engagements. Contractors who hold some engagements through umbrella and others through their own personal service company need their own PI cover for the company engagements regardless of the umbrella arrangement."
}
},
{
"@type": "Question",
"name": "Do I need run-off cover if I move from contracting to a permanent role?",
"acceptedAnswer": {
"@type": "Answer",
"text": "Almost always, yes. PI is claims-made — the policy only responds if it is in force at the date the claim is notified, not the date the work was done. Once the personal service company stops paying premium, claims can still arise for up to six years under English contract law. The practical standard is six years of run-off, and many modern agency contracts now require it as a continuing obligation. Run-off is typically priced as a single up-front premium calculated as a multiple of the last annual premium."
}
},
{
"@type": "Question",
"name": "Are AI tools I use in my contractor work covered by my PI policy?",
"acceptedAnswer": {
"@type": "Answer",
"text": "Most UK tech PI wordings in 2025 and 2026 do not have express exclusions for AI-generated output, but several insurers have introduced clarifying endorsements. If you make material use of generative AI in delivery — code generation assistants, AI-assisted documentation, AI-driven testing tools — declare it at renewal so the wording and any endorsements respond as intended. The risk areas are intellectual property infringement, warranties of originality in your contract, and errors from undetected AI hallucinations entering production work."
}
}
]
}