General contractors and property owners have tracked certificates of insurance on spreadsheets for decades. The spreadsheet approach was never perfect, but it was functional in a legal environment where missing documentation could be corrected after the fact. The AVOID Act has changed that calculus. A GC that cannot confirm its subcontractors' insurance compliance within weeks of being served can miss an impleader deadline that cannot be recovered. The stakes attached to COI management have permanently increased.
Spreadsheets fail in this environment not because they are a bad tool for tracking data, but because the job they are being asked to do has outgrown what they can reliably deliver. Understanding the specific failure modes of manual COI tracking is the first step toward building a system that actually works under the pressure the AVOID Act creates.
What a certificate of insurance actually is and is not
Before examining tracking failures, it helps to be precise about what a COI verifies and what it does not.
A certificate of insurance is a summary document issued by an insurance broker confirming the existence of coverage as of the date it was issued. It is not a policy. It is not a binding contract between the insurer and the certificate holder. It does not guarantee that coverage exists on any date other than the issuance date. The ACORD 25 form that most certificates use explicitly states: "This certificate is issued as a matter of information only and confers no rights upon the certificate holder."
This matters because a GC who holds a certificate in its files has not confirmed that its subcontractor carries the required insurance today, has not confirmed that the policy contains the required endorsements, and has not confirmed that the GC is actually listed as an additional insured on the policy rather than just on the certificate.
These distinctions are not academic. They determine whether the GC can successfully pursue a failure-to-procure-insurance claim against the sub, which is one of the two primary contractual impleader theories under the AVOID Act.
Failure mode one: expiration monitoring
The most obvious failure of spreadsheet-based COI tracking is expiration monitoring. A COI filed in a spreadsheet carries an expiration date. Someone must check that date before it passes and request a renewal certificate from the subcontractor.
In practice, this process depends on whoever owns the spreadsheet remembering to check it, noticing the approaching expiration, following up with the subcontractor or broker, and updating the record when the renewal arrives. Each of those steps is a point of failure. Subcontractors do not always renew on time. Brokers do not always send renewal certificates automatically. Project administrators responsible for COI collection are often managing dozens of subcontractors across multiple active projects.
The result is that COI files frequently contain a mixture of current and expired certificates, with no reliable signal about which is which at any given moment. A GC served with a lawsuit who pulls its COI file for a subcontractor may find a certificate that expired eight months ago. That certificate tells the GC almost nothing about what coverage the sub actually carried on the date of the incident.
Under the AVOID Act's 90-day clock, there is no time to retrospectively request and verify insurance documentation. The question of whether the sub had the required coverage, and whether the GC was named as an additional insured, must be answerable from existing records within days of service.
Failure mode two: endorsement verification
The existence of a COI does not confirm that required endorsements are in place. Most construction subcontracts require the subcontractor to carry general liability coverage with an additional insured endorsement naming the GC and property owner, a primary and non-contributory endorsement specifying that the sub's policy applies first, and a waiver of subrogation endorsement preventing the sub's insurer from pursuing the GC for amounts paid.
A COI may indicate that these endorsements exist, but the COI is not the endorsement. The actual endorsements are attached to the policy, and the policy is held by the subcontractor. Confirming that the endorsements exist and are properly worded requires obtaining copies of the endorsements themselves, not just the COI.
Many COI tracking systems, including sophisticated ones, track the certificates but not the underlying endorsements. This means a GC may believe its additional insured status is confirmed when it is actually unverified. When that GC is served under the AVOID Act and needs to evaluate whether it has a viable failure-to-procure claim against the sub, it may discover that the endorsement it believed existed either was not obtained or contains language that does not meet the contract requirement.
Failure mode three: coverage verification against contract requirements
Even a current COI with the correct endorsements does not confirm that the coverage limits match the contract requirements. A subcontract may require $2 million in commercial general liability coverage per occurrence. The COI may show $1 million. Spreadsheet tracking that records only the existence of a certificate, without comparing the certificate's stated limits against the applicable contract requirement, will not catch this gap.
Coverage limit mismatches are among the most common deficiencies in subcontractor insurance programs, in part because contract requirements vary from project to project while subcontractor policies tend to be uniform. A sub that carries the required limits on one GC's projects may be out of compliance on another's. Without a system that compares the COI data against the specific contract requirement for each project, this gap is invisible until someone looks for it.
The comparison problem is particularly acute for additional insured status on completed operations coverage, which is required by many construction subcontracts and provides coverage for claims that arise after the project is complete. Completed operations coverage must be explicitly required in the contract and explicitly confirmed in the COI. It is frequently absent from both.
What automated verification actually solves
Automated COI verification addresses all three failure modes, but it is important to be precise about what automation does and does not do.
Automated systems can monitor certificate expirations and trigger renewal requests before expiration occurs, eliminating the human memory dependency in the manual process. They can extract structured data from certificates, including coverage limits, policy numbers, and named endorsements, and compare that data against the contract requirements stored in the same system. They can alert the appropriate people when a subcontractor's coverage falls out of compliance, rather than relying on someone to check.
What automated systems cannot do is verify the underlying policy. COI data is only as accurate as what the broker puts on the certificate. Automated systems that process certificates are reading the certificate, not the policy. Independent confirmation of endorsement language requires obtaining policy documents, which is possible but requires cooperation from the subcontractor.
The practical benefit of automation under the AVOID Act is speed and coverage. A GC that has automated COI monitoring for its entire subcontractor roster can, in theory, produce a current compliance status report for any subcontractor within minutes of being served. That is the operational standard the AVOID Act implicitly requires.
Platforms like TrustLayer automate COI verification across your vendor network, flagging expired certificates and coverage gaps against your specific contract requirements so that your insurance compliance documentation is current when an AVOID Act deadline arrives.
The AVOID Act's specific demand on COI systems
The AVOID Act creates two specific scenarios where COI documentation must be immediately actionable.
The first is failure to procure insurance as a contractual impleader claim. If a subcontractor failed to maintain the coverage required by its subcontract, the GC has a viable third-party claim against the sub for failure to procure. But this claim depends on establishing that the sub's actual coverage did not meet the contract requirement. That means the GC needs both the contract (to establish the requirement) and the coverage documentation (to establish the gap) within the 90-day window. A COI file that is current and complete makes that analysis feasible; one that is incomplete makes it impossible.
The second is the additional insured status question. The GC's ability to tender its defense to the sub's insurer depends on valid additional insured status on the sub's policy. If the GC cannot confirm additional insured status quickly, it cannot pursue that avenue within the impleader deadline framework. And if the COI files show that certificates were never obtained or have been expired for months, the GC's position in that conversation with the sub's insurer is considerably weaker.
Building a COI system that meets the new standard
The minimum requirements for a COI management system that functions under AVOID Act pressure are the following.
Current certificates for every active and recently completed project, with automated expiration monitoring and renewal tracking. The "recently completed" window should extend at least three years post-closeout, consistent with typical discovery timelines for construction tort claims.
Per-project contract requirement profiles that allow certificates to be evaluated against the specific requirements applicable to each project. A GC working with the same subcontractor on multiple projects may have different requirements for each; the compliance evaluation must be project-specific.
Endorsement tracking that goes beyond the face of the certificate. This means a system for requesting, storing, and confirming required endorsements as separate documents, not just as checkboxes on a COI form.
Integration with the contract repository, so that the contract requirement and the COI verification are accessible in the same location. When the 90-day clock is running, the ability to answer both the indemnification question and the insurance compliance question from a single source is operationally significant.
The compliance checklist covers COI management as one of its 10 preparation steps, with specific guidance on what to audit and how to close gaps. The broader framework for understanding what coverage gaps mean in the context of an AVOID Act deadline is covered in the hidden cost of noncompliance analysis.
The spreadsheet approach to COI tracking was an adequate solution to a lower-stakes problem. The AVOID Act has raised the stakes. Firms that continue to manage COIs manually will find that the gap between what their records show and what they need to prove at the impleader stage is exactly the kind of gap that forfeits risk-transfer rights. Building the right system now is significantly less expensive than absorbing that forfeiture on a major claim.
Use the deadline calculator to understand how the 90-day impleader window maps to your specific claim type and answer date, and how quickly that window closes once service is received.