If you’re an architect or engineer in Texas or California, your 2026 professional liability renewal might look very different than past years. 73% of insurers planning rate increases and underwriters scrutinizing TX-CA firms intensely, one contract clause you overlook today could become tomorrow’s uncovered claim.
A renewal quote comes in 20% higher than last year. A client contract arrives with indemnity language broader than anything the firm's policies will defend. An E&O endorsement now mentions AI where it never did before. For principals and operations leaders at architecture, engineering, surveying, and construction management firms, 2026 continues to produce moments like these — and the playbook that worked in 2022 no longer holds.
Risk Specialty Group, a brokerage that works exclusively with design professionals across the Southwest, recently published a 2026 design firm risk management playbook built from what its brokers are seeing in the 2024-2026 market. The framework below distills the six systems that guide covers — and how a firm can pressure-test each one this quarter, before an underwriter, a client, or a claimant does it first.
Three shifts are driving the change. AI is now part of the deliverable workflow at most firms, whether it arrived by policy or by habit — drafting support, code checking, BIM clash detection, energy modeling, and proposal narratives. Many professional liability policies have not kept pace, and some carriers have added exclusions for purely AI-generated work, while others have attached restrictions to affirmative coverage.
Cyber exposure has moved out of the IT department. Design firms hold drawings, client financials, and infrastructure data, and the most frequent cyber event is not sophisticated ransomware — it is a spoofed email that convinces someone in accounting to change banking details on a vendor payment.
And carrier appetite has tightened, especially for structural, geotechnical, and surveying work. Renewals are slower, more selective, and more expensive than two years ago. Firms that arrive with an organized risk story get measurably better terms than firms that respond reactively in renewal week.
1. Contract Review That Runs Before Signature. Most contract-risk problems trace back to provisions that got swallowed under deadline pressure. Four carry most of the downside: standard-of-care language ("best efforts" and "highest standard" go past what professional liability will defend), indemnification clauses (broad-form indemnity usually falls outside coverage), limitation of liability (one of the most valuable clauses a firm can negotiate), and additional insured requirements (general liability can usually accommodate them; professional liability typically cannot). The pressure test: pull the last three signed contracts and check those four provisions against how the firm's policies will actually respond.
2. An Insurance Stack That Matches Actual Exposure. There is no single correct stack. A 15-person civil firm doing municipal work does not need what a 60-person multi-discipline EPC firm doing healthcare projects needs. But every firm should make a deliberate call on the same six lines: professional liability, general liability, workers' compensation, commercial auto (including hired and non-owned), cyber liability, and umbrella or excess. A specialist broker's review of professional liability insurance for design firms is the natural starting point, because that line anchors the rest of the stack. The pressure test: list all six lines and the last date each was matched against how the business actually operates today— including new states, new project types, and new field operations.
3. Documentation That Defends the Standard of Care. The most common reason design firms lose defensible claims is documentation. Strong work product is not enough. The project file should show decision logic, owner direction in writing, subconsultant handoffs, and submittal review records. In 2026, that list grows by one: AI use. If a tool helped draft, check, or model any part of a deliverable, the record should show what the tool did and who reviewed the output. The pressure test: pick one active project and try to reconstruct, from the file alone, why a key design decision was made and what the client directed.
4. Subconsultant Risk Controls. A client looks to the prime first. If a subconsultant carries inadequate insurance or fails to preserve its own project record, that problem lands upstream. Four controls matter: verify insurance before work starts, flow contract obligations downstream, document delegated versus retained scope, and keep the relationship intact at claim time so the subconsultant helps defend the work instead of going silent. The pressure test: check whether every active subconsultant's certificate was collected before its work began — not after.
5. The 2026 Tech and Data Baseline. Insurers now treat certain controls as table stakes: multi-factor authentication on every business account, encrypted and tested backups with at least one offline copy, email security that catches payment-change fraud, vendor due diligence for AI tools, and a written incident response plan that names who calls whom in the first hour. Missing controls no longer read as oversights — they surface as exclusions, sublimits, or declined quotes at the time of binding. The pressure test: confirm MFA coverage specifically for email. It is the most common entry point for wire-transfer fraud.
6. A Claims-Response Plan Already on the Wall. Professional liability is claims-made: coverage triggers when the claim is reported, and late notice is the single most common reason coverage gets challenged. The written plan should cover carrier notice on first knowledge, early engagement of counsel with design-professional E&O experience, immediate preservation of the project record, one designated internal contact, early notification of implicated subconsultants, and a written chronology started while memories are fresh. Anything involving AI, cyber, or data escalates immediately — different policies and shorter statutory notification windows may apply. The pressure test: ask three people at the firm who calls the carrier when a claim letter arrives. If the answers differ, the plan does not exist yet.
The pattern across disciplines is consistent: the firm with a solid professional liability program gets hit through the system next to it. Architects most often through contract terms and coordination documentation. Engineers through standard-of-care records and subconsultant scope. Surveyors through boundary disputes and field exposure. Construction managers and EPC firms through the sheer breadth of the stack their dual design-and-construction role demands.
The six systems only function as a posture when they work together. Running four of them well is not 67% protection — it is an invitation for the claim to find the other two.
A full risk overhaul is not the assignment. The firms that handle this well run a sixty-minute check on one component per quarter and a deep refresh every 18 to 24 months. The right starting point is whichever system maps to what is pressuring the firm right now: the renewal on the calendar, the contract on the desk, or the AI endorsement nobody has read yet.
For firms that want a structured version of that review, Risk Specialty Group, a four-time IIABA Best Practices Agency serving design professionals across Texas, Arizona, Arkansas, Oklahoma, New Mexico, and California, offers a 360 Review that checks contracts, coverage, cyber controls, subconsultant risk, and claims posture against the 2026 playbook.