If you run a technology business in Singapore and you are starting to pitch to banks, insurers, government agencies, or large enterprises, you will almost certainly encounter a procurement requirement you were not expecting.
The contract comes back with a clause requiring you to hold professional indemnity insurance, sometimes called technology errors and omissions insurance or technology liability insurance, at a minimum specified limit. The clause may also require cyber liability cover, and sometimes public liability. It will typically require you to provide a certificate of insurance before the engagement proceeds.
This post explains why these requirements exist, what they actually mean in practice, and what a Singapore technology company needs to check to satisfy them without over-insuring.
Why enterprise and government clients require it
The short answer is regulatory trickle-down.
Singapore's Monetary Authority of Singapore (MAS) imposes technology risk management requirements on financial institutions through its Technology Risk Management (TRM) framework. These requirements apply directly to the financial institutions themselves, but they create downstream obligations for the technology vendors those institutions rely on.
A bank that is required by MAS to manage the technology risk posed by its vendors will, in its vendor contracts, pass that obligation downstream. The insurance clause in the contract is one mechanism by which the bank satisfies itself that the vendor can absorb a loss arising from a technology failure without the bank bearing that loss directly.
The same logic applies outside the financial sector. A government agency that engages a technology vendor for a critical system wants assurance that if the vendor's work causes a problem, there is a financially credible way to address it. An enterprise that outsources a business-critical function to an IT managed services provider wants the same assurance. Insurance is the mechanism.
For a Singapore technology company, understanding this as the underlying logic makes the clause less surprising. It is not bureaucratic box-ticking. It is the client's risk management applied to their vendor.
What the clause typically requires
Contracts vary, but the most common requirements in Singapore technology procurement are as follows.
Professional indemnity or technology errors and omissions cover. A minimum limit per claim, typically ranging from S$500,000 to S$5,000,000 depending on the contract value and the nature of the engagement. The limit represents the maximum the insurer will pay for a single claim. For smaller contracts with a mid-sized enterprise, S$1,000,000 is common. For government contracts or engagements involving critical systems, S$2,000,000 to S$5,000,000 is not unusual.
Cyber liability cover. Increasingly required alongside PI, reflecting the reality that technology work creates data exposure as well as professional liability. For companies handling client data, processing payments, or providing cloud or managed services, a separate cyber liability policy is often specified.
Public liability cover. Where the technology company's personnel will be working at the client's premises, a public liability requirement is common. This covers liability for bodily injury to third parties or damage to the client's property arising from the vendor's activities on site.
Certificate of insurance. A formal document from the insurer confirming the existence and terms of the cover. This is what the client's procurement team actually receives and files. The certificate names the policyholder, the insurer, the policy type, the limit, and the period of cover. Some clients also require to be named as an additional insured on the policy, which is a more specific arrangement that allows them to make a direct claim under the policy.
Retroactive cover. Some contracts specify that the policy must cover prior acts, meaning work done before the current policy period. This is the retroactive date issue covered in our previous post. A policy with a retroactive date limited to the current policy inception date does not cover prior work, which may not satisfy a client who wants assurance over the full history of the engagement.
The three most common gaps
The policy wording does not match the work. A general PI policy arranged when the company was primarily doing consulting may not extend to software development, system delivery, or managed services. The procurement team at a sophisticated client will often review the actual policy wording, not just the certificate. A policy that covers professional services advice but excludes technology products and deliverables may not satisfy the clause even if the limit is correct.
The limit is below the contractual minimum. A company that has held a S$500,000 PI policy for years may find that a new enterprise client requires S$2,000,000. Increasing the limit at renewal is straightforward; increasing it mid-term is possible but may require underwriter approval. Discovering the gap after the contract is signed is not the right time to find this out.
The retroactive date is too recent. A company that changed insurers and accepted a retroactive date of the new policy's start date has a gap for all prior work. A client whose contract work spans multiple years may not be satisfied by a policy that only covers claims arising from work done in the current policy period.
What to check before the next procurement response
For a Singapore technology company responding to a tender or contract requirement that specifies insurance, the following checks are worth doing before the submission goes in.
Does the current PI policy wording specifically extend to technology products and services, including software development, system delivery, and managed services? Or does it cover only advisory work?
What is the retroactive date on the current policy, and does it go back to when the company first started delivering technology work?
Is the per-claim limit on the current policy consistent with what the client contract requires? And if the aggregate limit applies, how does it sit relative to the per-claim limit?
Are defence costs paid in addition to the indemnity limit, or are they included within it? In a large claim, this distinction matters significantly.
Does the contract require cyber liability cover separately, and if so, does the current cyber policy have the right territorial scope and limit?
Does the contract require the client to be named as an additional insured? If so, the insurer needs to be notified and a specific endorsement may be needed.
None of these questions require a legal degree to ask. But they require someone to read the current policy wording against the contract requirement, which is a different exercise from simply providing a certificate of insurance and hoping it is sufficient.
You can read more about our professional indemnity cover and cyber insurance on the products page. Our post on Technology Liability Insurance in Singapore covers the broad picture, and our post on Professional Indemnity and Cyber Liability in Singapore covers how the two sit together.
If you are responding to a procurement requirement and want to confirm your current cover satisfies what is being asked for, we would be glad to review the clause with you.
This article provides general information only. It is not insurance advice. Policy availability, terms, conditions, and exclusions vary by insurer and product, and cover is subject to the full policy wording. Please contact TZY CO for advice on your specific situation.