SaaS Startup Tech E&O Insurance in India: Coverage Gaps and Contract Negotiation

Technology Errors and Omissions insurance exists to answer a single question: if your software fails and your customer loses money because of it, who pays? For a B2B SaaS company selling to enterprise clients, that question is not theoretical. A CRM platform that miscalculates pipeline forecasts, an ERP that misprocesses payroll, a billing engine that fails during month-end close — each of these produces quantifiable revenue loss for the client, and each client will look to their contract with the SaaS vendor for recovery.

Tech E&O covers the SaaS vendor against claims arising from errors, omissions, or failures in the covered technology product or service. A covered claim in Indian Tech E&O policy terms typically includes: software errors causing client data corruption, failures of SaaS platforms during contractually guaranteed uptime windows, incorrect outputs from automated software functions, and negligent failure to maintain security resulting in a breach that harms the client's operations. When Freshworks' ticketing product goes down during a client's peak support season and the client suffers measurable revenue damage from unresolved customer queries, that is the paradigm case for a Tech E&O claim.

What Tech E&O does not cover is equally important. The policy does not respond to disputes about whether your product delivered the functionality your sales team promised — that is a contractual dispute, not a negligence claim. It does not cover a client who claims your product was inferior to a competitor's product they could have purchased instead. It does not respond to claims arising from the client's own misuse or misconfiguration of your platform. And it does not cover bodily injury or property damage, which fall under general liability. The single most common coverage gap Indian SaaS founders discover in claims situations is the exclusion for contractual liability: if you have assumed a liability in your MSA that you would not have had under general law (for instance, a guarantee of specific business outcomes), the insurer will argue that the claim arises from contract, not from the policy's covered negligence standard.

Indian insurers file their products with IRDAI (the Insurance Regulatory and Development Authority of India) under the Professional Indemnity (PI) classification. You will not find a policy in India with 'Technology Errors and Omissions' on the cover page from an IRDAI-registered insurer. The product that provides equivalent protection is filed as Professional Indemnity — Technology, or simply under the PI class with an endorsement broadening the definition of professional services to include software provision.

Global insurers — particularly Lloyd's of London underwriters, and admitted carriers in the US and UK — use 'Tech E&O' as the product name. For an Indian SaaS company receiving a vendor questionnaire from a Fortune 500 US client, the contract will typically specify 'Technology Errors and Omissions Insurance, minimum USD 2 million per occurrence and USD 5 million in the aggregate.' Your IRDAI-filed PI policy almost certainly provides coverage that meets this requirement, but the policy title does not match what the client's legal team is looking for.

The practical resolution is a certificate of insurance with a cover note from your broker explicitly mapping your PI policy's coverage to the Tech E&O requirements in the client's contract. Most global procurement teams accept this with no objection. Some — particularly those in heavily regulated US sectors (healthcare, fintech, defense contractors) — will require that the policy be reviewed by their own risk management team, which adds two to four weeks to the contract cycle. A small number of large enterprise clients will only accept a policy from a Lloyd's coverholder or an internationally admitted carrier, which means the Indian SaaS vendor needs to purchase coverage in a foreign market, typically the UK or Singapore, for those specific contracts.

The substantive coverage difference between an IRDAI-filed PI and a Lloyd's Tech E&O matters more than the naming convention. Lloyd's Tech E&O wordings typically incorporate cyber liability as an inseparable module, while Indian PI products offer cyber as a separate policy or an optional extension. Lloyd's wordings also tend to be more explicit about coverage for SaaS-specific risks: API failures, multi-tenant data contamination, algorithmic errors in automated outputs. IRDAI-filed PI products, particularly those designed for IT services companies rather than pure SaaS, may use broader but less precise drafting.

Fortune 500 procurement contracts with Indian SaaS vendors routinely specify minimum insurance requirements. The typical structure for a mid-market enterprise B2B SaaS agreement, based on contracts reviewed across a sample of Indian SaaS companies from 2023 to 2025, specifies:

• Professional Liability / Tech E&O: USD 2 million per occurrence, USD 5 million aggregate
• General Liability: USD 1 million per occurrence, USD 2 million aggregate
• Cyber Liability: USD 2 million per occurrence (often combined with Tech E&O)
• Employers Liability / Workers Compensation: local statutory minimums

For a SaaS startup with USD 1–5 million ARR, purchasing USD 5 million in PI/Tech E&O aggregate limits on an IRDAI-filed policy is straightforward. Indian general insurers (New India Assurance, ICICI Lombard, HDFC Ergo, Bajaj Allianz, Reliance General) file PI products that can accommodate USD 5 million limits. The premium for a pure SaaS company at this limit tier typically falls between INR 12 lakh and INR 35 lakh annually, depending on ARR, client concentration, the nature of the product (whether it makes automated decisions that affect client revenue), and the deductible structure.

The conversation changes materially above USD 10 million in limits, which is where unicorn-stage companies (think Zoho, Freshworks, Chargebee, Razorpay, Postman) operate. At USD 10–25 million limits, the Indian domestic market runs out of capacity on a single-carrier basis. Structuring a programme at this level requires a layered tower: a lead Indian insurer providing the first layer (say, USD 5 million), with Lloyd's or international excess carriers providing additional layers above that. A USD 20 million programme for a SaaS company with INR 1,000+ crore ARR carrying Fortune 100 client exposures may involve three to five carriers and will be placed through a broker with Lloyd's access. Annual premiums at this level typically range from USD 500,000 to USD 1.5 million, depending on claims history and the breadth of coverage including retroactive date provisions.

A specific negotiation point that Indian SaaS founders frequently mishandle is the distinction between per-occurrence and aggregate limits in client contracts. When a US enterprise says 'USD 5 million Tech E&O,' they usually mean USD 5 million per claim (occurrence), not USD 5 million total for all claims in the policy year. Indian PI products, particularly IRDAI-filed products using older wordings, default to aggregate limits. A policy with an INR 30 crore aggregate limit may meet the letter of a USD 3 million aggregate requirement but fail the spirit of a USD 3 million per-occurrence requirement. Verify with your broker whether your policy's primary limit structure matches the client's expectation before signing the MSA.

Claims-made policies — which is the standard trigger structure for both IRDAI PI and Lloyd's Tech E&O — have three structural features that determine whether a given claim is covered: the policy period, the retroactive date, and the notification condition.

The retroactive date is the date before which claims arising from acts or omissions are not covered, even if the claim is made during the current policy period. For a SaaS company buying PI for the first time, the retroactive date is usually the policy inception date, meaning no prior acts coverage. When a client claim involves a software error that occurred before the policy's retroactive date (even if the client only discovers and notifies you of it during the policy period), the insurer will decline the claim. Indian IRDAI-filed PI products vary in how they handle retroactive date provisions: some insurers will extend the retroactive date to the company's date of incorporation for an additional premium, and some will not. Lloyd's underwriters are generally willing to negotiate full prior acts coverage for a SaaS company with a clean claims history, pricing the additional exposure based on the vintage of the software.

The policy period runs for 12 months in most IRDAI-filed products. Lloyd's Tech E&O wordings for complex technology risks sometimes offer multi-year policies at a negotiated rate, which provides the SaaS company with certainty of renewal terms during a growth phase. IRDAI products are typically annual, which means that a growing SaaS company must renegotiate limits and terms every year — and in a hard market, may face significant premium increases or capacity withdrawal at renewal.

Notification conditions are the most frequently contested aspect of claims-made policies. The standard condition requires that a claim, or the circumstances that may give rise to a claim (a 'potential claim notification'), be notified to the insurer as soon as reasonably practicable after the insured becomes aware of them, and in any case before the expiry of the policy period. Indian IRDAI-filed PI products use fairly standard language here, but in practice, notification disputes arise when a SaaS company is aware of a client's dissatisfaction or a software issue during one policy period, does not notify the insurer, and the client files a formal claim in a subsequent policy period with a different insurer. The original insurer will decline (no formal claim was made during their period), and the current insurer will decline (the circumstances were known before their policy inception). The resulting gap is uncovered.

The resolution is a disciplined internal process for flagging potential claims and a clear protocol for notifying insurers of circumstances — not just formal legal claims. Any client complaint that mentions contractual breach, any software failure that you know caused measurable client harm, any legal letter even threatening a claim: these should trigger notification to your insurer within the policy year.

Indian SaaS companies handling client data — almost all of them — need cyber liability coverage alongside Tech E&O. The question is whether to purchase a combined policy or separate coverages, and what the interaction between them looks like when a real incident happens.

In the Lloyd's market, most Tech E&O policies for SaaS companies incorporate a Cyber module, covering first-party cyber costs (incident response, forensic investigation, business interruption from a cyber event, regulatory defence and fines) alongside the third-party professional liability coverage. The combined structure means a single insurer makes the coverage determination across a claim that typically spans both: a ransomware attack on your SaaS infrastructure causes your platform to go down, your clients suffer revenue loss (Tech E&O) and their data is exposed (Cyber). With a combined policy, you make one notification and one policy responds.

In the Indian IRDAI-filed market, Cyber insurance and Professional Indemnity are almost always separate products from separate filings. IRDAI Circular No. IRDA/SDD/MISC/CIR/255/12/2020 (and subsequent cyber-specific guidelines) govern cyber product filings separately from the professional indemnity framework. This means an Indian SaaS company typically has two policies, two deductibles, and potentially two adjusters when a cyber incident triggers both a PI claim and a cyber claim. Coordination between the two policies at claim time is important and should be agreed in advance with your broker.

For SaaS companies with clients across multiple geographies, the standard recommendation is a primary Cyber policy (which may be IRDAI-filed for Indian policyholders) plus a Tech E&O policy from a Lloyd's coverholder with explicit SaaS coverage. The two policies should be reviewed by your broker for any anti-stacking or 'other insurance' clauses that might reduce recovery. Premium benchmarks for a combined cyber + Tech E&O programme for a USD 10 million ARR Indian SaaS company with primarily US and EU clients: USD 80,000 to USD 150,000 annually depending on security posture, incident history, and the nature of client data processed.

The DPDP Act 2023 introduces a specific cyber risk for Indian SaaS companies: obligations as data fiduciaries or data processors under the Act, with penalties up to INR 250 crore for significant breaches. Whether cyber insurance responds to DPDP regulatory penalties depends on policy wording — most current Indian cyber products exclude deliberate or wilful violations but cover unintentional breaches. Review your policy's regulatory fines sublimit and ensure it captures DPDP exposure specifically.

Almost every enterprise SaaS MSA contains a mutual limitation of liability clause that caps each party's exposure to the other. The standard structure limits the SaaS vendor's liability to the fees paid by the client in the 12 months preceding the claim. For a client paying USD 200,000 annually in SaaS fees, this means your maximum contractual exposure is USD 200,000 regardless of what your software's failure cost them.

This cap creates an interesting tension with insurance requirements. If your contractual liability cap is USD 200,000, why is the client requiring USD 2 million in Tech E&O insurance? There are two answers. First, some large enterprise clients use a standard insurance requirement schedule that does not adjust for contract size — the same USD 2 million requirement goes to every technology vendor regardless of the fee level. Second, and more importantly, indemnity caps can be overridden for certain categories of breach: wilful misconduct, gross negligence, IP infringement, data protection breaches, and death/personal injury. If your software failure rises to the level of gross negligence, the cap may not protect you, and the uncapped exposure to a client with material losses could exceed your policy limit.

The insurance structuring implication is that you should not calibrate your Tech E&O limit solely to your average contract size. Your limit should reflect your maximum realistic exposure across your top clients assuming the worst-case scenario — a complete, extended outage or data loss event affecting a client's core operations. For most mid-stage Indian SaaS companies, this analysis supports USD 2–5 million in limits. For companies where individual client contracts exceed USD 1 million ARR, or where clients use the product for mission-critical financial or regulatory compliance functions, USD 5–10 million is more appropriate.

VC term sheets and investor covenants increasingly specify minimum insurance requirements as conditions of investment. A typical Series B term sheet from a US or global VC investing in an Indian SaaS company may include a covenant requiring the company to maintain 'professional liability insurance with limits reasonably acceptable to the lead investor' and to provide evidence of coverage at each annual audit. Some investors specify minimum limits directly: USD 3 million in professional liability is a number seen in several Series B and Series C term sheets reviewed between 2023 and 2025. Insurance adequacy has become a due diligence item at funding stages, not an afterthought.

Three structural decisions in Tech E&O policy placement have a disproportionate impact on both cost and claims outcomes.

Deductible selection is the first. Indian PI policies for SaaS companies typically offer deductibles starting at INR 2.5 lakh for smaller companies and scaling to INR 25 lakh or higher for mid-market companies. Higher deductibles reduce premium but mean the company absorbs the first portion of every claim. The right deductible level is determined by your company's cash reserves and your risk tolerance, not by the cheapest premium. A SaaS startup with INR 2 crore in the bank should not be accepting a INR 50 lakh deductible even if it cuts premium in half — a mid-sized claim would consume a quarter of available cash before insurance responds.

Extended Reporting Period (ERP) or tail coverage matters when a company is acquired, merges, or the founders wind down a venture. A claims-made policy, once cancelled or not renewed, covers no claims made after cancellation. An ERP endorsement extends the period during which claims can be made (but not the period from which acts giving rise to claims can arise) for one to three years beyond policy cancellation. Indian SaaS companies acquired by a US strategic buyer often find the acquisition agreement requires them to purchase a three-year ERP. The cost of a three-year ERP is typically 150–200% of the final annual premium, paid as a one-time fee. Founders should factor this into acquisition negotiations.

Broker selection for Tech E&O is more material than for commodity lines. A broker who primarily places health and motor insurance for SME clients has limited ability to negotiate Tech E&O wording, access Lloyd's capacity, or structure a layered programme for a SaaS company with USD 25 million ARR. The right broker for a growth-stage Indian SaaS company is one with a dedicated technology practice, Lloyd's correspondent capabilities, and direct relationships with international surplus lines markets. The global composite brokers (Marsh, Aon, WTW, Gallagher) operate this way. Several India-focused specialist brokers (Prudent Insurance Brokers, Sarvada, and others with IRDAI composite broker licences) have developed technology client practices that can serve SaaS companies from seed stage to IPO without the overhead of the global firms.

Premium benchmarks for Tech E&O/PI coverage in the Indian SaaS market have moved over the past three years, driven by a hardening in the global tech E&O market between 2021 and 2023, followed by modest softening through 2025 as claims frequency stabilised in the mid-market sector.

For an early-stage SaaS company (seed to Series A, USD 1–5 million ARR, fewer than 50 enterprise clients, no material claims history), IRDAI-filed PI limits of USD 2 million aggregate can be placed for INR 8–18 lakh annually. The lower end applies to companies with well-defined products in stable categories (project management, document collaboration), clean security posture (SOC 2 Type II, ISO 27001), and low client concentration. The upper end applies to companies in higher-risk categories (fintech data processing, automated compliance tools, real-time payment workflows).

For a growth-stage company (Series B–C, USD 10–50 million ARR), a programme combining USD 5 million IRDAI-filed PI with a USD 5 million Lloyd's excess layer, plus separate Cyber at USD 3 million, will typically run INR 65–150 lakh annually depending on the risk factors above. At this stage, the Lloyd's layer is critical because Indian domestic market capacity for a single technology risk rarely exceeds USD 5–8 million without significant coinsurance.

For unicorn-stage companies requiring USD 20–25 million in total limit towers, total annual programme costs in the range of USD 500,000 to USD 1.2 million are representative. These programmes are placed through global brokers, involve four to six insurers, and require detailed risk submissions including historical claims data, security assessment reports, and a product risk narrative.

IRDAI has not published specific rate guidelines for PI/Tech E&O, which remains a de-tariffed line. Rate adequacy is a function of insurer underwriting appetite and market competition. The current market, as of early 2026, is competitive for well-presented SaaS risks: claims frequency in Indian tech E&O has been modest relative to global peers, and Indian SaaS companies generally carry strong security postures compared to the SME technology vendors that drove US tech E&O loss ratios higher in 2022 and 2023.