PI Insurance for Software: What Isn’t Covered?

Professional Indemnity (PI) Insurance is often described as “cover for mistakes.” For software businesses, that’s broadly true — but it’s also where many misunderstandings start.

If you build, implement, configure, integrate, or advise on software, PI is designed to protect you if a client alleges your professional services caused them a financial loss. That could be anything from a faulty implementation to incorrect advice, missed requirements, or a deliverable that doesn’t do what it was supposed to.

But PI Insurance is not a “catch-all” policy. It won’t cover every problem your software business might face, and the gaps can be expensive if you only discover them after a claim.

This guide explains the most common things PI Insurance for software companies typically doesn’t cover, why those exclusions exist, and what you can do to reduce the risk.

Quick refresher: what PI is meant to cover

PI Insurance is primarily aimed at third-party claims arising from your professional services, such as:

• Negligence (e.g., failure to use reasonable skill and care)

• Breach of professional duty

• Errors or omissions in your work

• Misrepresentation (in some cases)

• Legal defence costs (often included within the limit of indemnity)

For software businesses, that might include:

• A client claims your code defect caused them financial loss

• A client alleges your advice led them to buy the wrong solution

• A client says your implementation caused downtime and lost revenue

• A client alleges you failed to meet agreed specifications

Now, let’s get into the “what isn’t covered” side — because that’s where most disputes and surprises happen.

1) Known issues, deliberate acts, and “you meant to do it” problems

PI is designed for accidents, not intentional wrongdoing.

Common exclusions include:

• Deliberate or reckless acts (e.g., knowingly deploying insecure code)

• Fraud or dishonesty

• Criminal acts

• Intentional breach of contract

If a claim alleges you intentionally misled a client, or you knowingly delivered something that didn’t meet the contract, insurers will typically resist covering it.

Practical example

If you discover a security flaw but decide not to tell the client because you’re trying to hit a deadline, and the client later suffers a loss, that can fall into “deliberate” territory.

2) Contractual liabilities you’ve agreed to that go beyond “negligence”

One of the biggest PI pitfalls in software is contract wording.

PI policies usually cover liability arising from negligence (failure to take reasonable care). But if your contract makes you responsible for outcomes regardless of fault, you can create liabilities that PI may not respond to.

Typical problem clauses include:

• Unlimited indemnities (especially for IP or data protection)

• Fitness for purpose warranties (promising the software will achieve a specific outcome)

• Liquidated damages / service credits that operate like penalties

• Broad “hold harmless” clauses

Why this matters

If you promise “the system will reduce processing time by 40%” and it doesn’t, the client may claim breach of warranty rather than negligence. PI may not cover pure contractual breach where negligence isn’t established.

3) Fines, penalties, and punitive damages

PI Insurance is not designed to pay regulatory fines or penalties.

Software businesses often assume PI will cover:

• GDPR fines

• ICO penalties

• Contractual penalties

In reality, most PI policies exclude:

• Fines and penalties imposed by regulators

• Punitive or exemplary damages (where they exist)

Even where some policies offer limited extensions, it’s not something to assume. If your work involves personal data, you’ll usually need to consider Cyber Insurance alongside PI.

4) Cyber incidents (often only partially covered, if at all)

This is a major grey area.

PI can sometimes respond to claims alleging your professional services caused a client loss (for example, a coding error that created a vulnerability). But PI is not a full cyber policy.

Cyber-related losses that are often excluded or limited under PI include:

• Your own ransomware costs

• Incident response and forensic costs

• Notification costs

• Credit monitoring

• Business interruption from a cyber event

• Extortion payments

The key point

PI is usually about third-party claims. Cyber Insurance is designed to cover first-party costs (your own costs to respond and recover) and certain third-party liabilities.

If you host software (SaaS), manage infrastructure, or handle sensitive data, Cyber Insurance is often essential.

5) Bodily injury and property damage (that’s usually Public Liability)

PI is about financial loss from professional services, not physical harm.

Most PI policies exclude:

• Bodily injury

• Property damage

If your software is used in environments where it could contribute to physical incidents — for example, industrial control systems, medical devices, or safety-critical systems — you may need a combination of:

• Public Liability / Products Liability

• PI with appropriate endorsements

• Potentially specialist cover depending on the risk

6) Product liability and “your software product caused harm” scenarios

If you sell a software product (rather than purely providing bespoke services), the boundary between PI and product liability can get blurry.

Some PI policies are written for professional services and may not fully address:

• Mass-distributed software products

• Off-the-shelf software sold to many customers

• App store distribution

If a defect affects many customers at once, insurers may treat it differently than a single-client professional negligence claim.

This is where policy wording matters: you may need PI that explicitly includes “technology services” and “technology products” (or a combined wording).

7) “Your own costs” to fix the work (rectification and re-performance)

A very common misconception: PI doesn’t usually pay you to redo your own work.

Many PI policies exclude or restrict:

• Rectification costs (your cost to correct errors)

• Re-performance (your cost to deliver the service again)

• Betterment (upgrading beyond what was originally agreed)

PI is typically designed to cover the client’s claim for loss — not your internal cost of putting things right.

Example

If you built an integration incorrectly and need to spend 200 hours fixing it, PI may not reimburse your labour. But if the client sues you for the losses they suffered because of the faulty integration, PI may respond (subject to terms).

8) Intellectual property (IP) issues — especially if you didn’t create it

Software businesses face IP risk in multiple ways:

• Using open-source code incorrectly

• Licensing disputes

• Allegations of copyright infringement

• Patent claims (particularly complex)

PI policies may include some cover for unintentional infringement, but commonly exclude or limit:

• Patent infringement

• Trade secret disputes

• Known infringement

• Contractual IP indemnities that are too broad

If your contracts include strong IP indemnities (common in enterprise deals), you should align them with what your insurance actually covers.

9) Employment-related claims

PI won’t cover disputes with employees or contractors.

Typical exclusions include:

• Unfair dismissal

• Discrimination

• Harassment

• Wage disputes

That’s where Employers’ Liability (legally required in most UK cases) and Employment Practices Liability (EPL) come in.

10) Claims you knew about before the policy started (and late notification)

PI is usually written on a claims-made basis. That means:

• The policy that responds is typically the one in force when the claim is made (or when you become aware of circumstances likely to give rise to a claim).

Most policies exclude:

• Known circumstances before inception

• Claims previously notified

Also, late notification can cause serious issues. If you suspect a client is unhappy and a claim might follow, you should notify your insurer early, even if it feels premature.

11) Insolvency, inability to pay, and pure business failure

If a project fails because the client runs out of money, or your business can’t deliver due to financial distress, PI won’t “make the project whole.”

PI generally won’t cover:

• Your inability to pay refunds

• Losses arising from insolvency

• Pure commercial disputes where no negligence is alleged

12) War, terrorism, and major systemic events

Most commercial policies include broad exclusions for:

• War and war-like events

• Terrorism (sometimes offered separately)

• Nuclear risks

For software businesses, a related modern issue is systemic cyber events. Some insurers apply exclusions or sub-limits for widespread attacks that affect many organisations at once.

13) “This is just a contract dispute” (no negligence alleged)

PI is not a general legal expenses policy for all disputes.

If the dispute is simply:

• Non-payment

• Scope disagreement

• A client wanting a discount

• A disagreement over milestones

…there may be no PI claim at all unless the client alleges negligence or breach of professional duty.

This is why strong contracts, clear statements of work, and good project documentation matter.

How to reduce the risk of uncovered claims

You can’t insure everything, but you can reduce the chance of falling into the gaps.

1) Tighten your contracts

• Avoid “fitness for purpose” promises unless you can prove them

• Cap liability where possible

• Keep indemnities realistic and aligned with your insurance

• Define acceptance criteria and sign-off stages

2) Document scope and change control

Many software disputes start with “we thought it included…”

• Use clear statements of work

• Confirm requirements in writing

• Use change requests for scope creep

3) Pair PI with Cyber Insurance (for many software firms)

If you host data, manage infrastructure, or could face ransomware, Cyber Insurance can cover areas PI won’t — including incident response and business interruption.

4) Choose the right PI wording

Not all PI policies are equal for tech.

Look for wording that explicitly includes:

• Technology services

• Software development and implementation

• Systems integration

• Cloud/SaaS (if applicable)

• Breach of confidentiality (where relevant)

5) Keep continuity in place

Because PI is claims-made, gaps in cover can be a problem.

• Maintain continuous PI cover

• Consider retroactive dates

• Notify circumstances early

FAQs: PI Insurance for software — what isn’t covered?

Does PI cover bugs in my software?

Sometimes — if a client alleges your negligence caused them a financial loss. But PI usually won’t pay your own costs to fix the bug.

Does PI cover GDPR fines?

Usually not. Fines and penalties are commonly excluded. Cyber Insurance may offer broader protection for data incidents, but fines are still often restricted.

Does PI cover cyberattacks?

PI may respond to third-party claims alleging your professional services caused a loss, but it typically won’t cover your own incident response costs like a dedicated cyber policy.

Does PI cover missed deadlines?

If the claim is framed as negligence and the client suffered a financial loss, it may be considered. But contractual penalties and pure breach of contract are often excluded.

Does PI cover IP infringement?

It depends on the policy. Some cover unintentional infringement, but patent claims and broad contractual IP indemnities are often excluded or limited.

Final thoughts

PI Insurance is a key protection for software businesses — but the value is in the details. The biggest uncovered areas tend to be cyber incidents, contractual liabilities you’ve agreed to, your own rectification costs, and regulatory fines.

If you’re buying PI for a software company, it’s worth reviewing:

• Your contracts and indemnities

• Whether you host or process sensitive data

• Your typical client profile (SME vs enterprise)

• Your delivery model (bespoke projects vs SaaS)

If you want, tell me what type of software work you do (SaaS, bespoke dev, consultancy, integration, managed service) and your typical client size — and I can tailor this into a more niche, SEO-focused version for your exact audience.