Malaysian Contractor Insurance Stack: CAR/EAR/PL/WC by CIDB Grade, Project Type, and Principal (2026)

This guide is for CIDB-registered contractors in Malaysia preparing to take on, tender for, or mobilise on a project that requires insurance. Whether you're a G3 specialist starting your first independent placement or a G7 main contractor managing a portfolio of jobs, the same logic applies: the stack you need depends on the project type and the principal you're working for.

The Malaysian contractor insurance stack is the combination of project-based and statutory covers a CIDB-registered contractor must arrange before mobilising on site. The base stack is Contractor's All Risks (CAR) or Erection All Risks (EAR), Workmen's Compensation under the Workmen's Compensation Act 1952 for foreign workers, SOCSO under Act 4 of 1969 for local workers, Public Liability or Comprehensive General Liability, and where the contract requires it, a Performance Bond. The exact stack varies by project type, contract value, and the principal type.

This guide walks through that stack, what each layer does, when to add it, and how the stack changes between government tenders, private developers, MNC EPC contracts, and subcontract work.

1. What is a contractor's insurance stack in Malaysia

An insurance stack is a layered set of policies, each covering a specific kind of exposure. For Malaysian contractors, the stack runs across three broad layers:

• Project layer, covers tied to a specific project (CAR, EAR, project-specific PL, DSU, performance bond)
• Annual layer, covers that run year-round across all projects (Public Liability annual, Professional Indemnity annual, Plant All Risks)
• Statutory layer, covers the law requires (Workmen's Compensation, SOCSO)

The mistake new contractors make is treating CAR as the whole stack. CAR is the project layer. The statutory layer is non-negotiable. The annual layer covers exposures CAR doesn't reach, public liability between projects, professional negligence, plant breakdown.

2. The two real decision axes, project type and principal type

Two questions determine almost everything else about your stack:

Question	Drives
What kind of project is it? (civil / building / M&E / renovation / specialist)	Whether you need CAR or EAR, what extensions matter, what site-condition load you'll face
Who is the principal? (JKR / MOF / agency / private developer / MNC / main contractor)	What clauses you'll be required to comply with, what minimum limits, what contract form, what bond requirements

Project type drives the policy type. Principal type drives the policy structure. Both have to be answered before the stack can be priced.

3. The base stack every CIDB G1-G7 contractor needs

Regardless of grade, project, or principal, every CIDB-registered contractor mobilising on a real project needs the following layers in some form:

Layer	What it covers	Statutory or contract-driven
CAR or EAR	Physical loss/damage to the works during construction or erection, plus third-party liability	Contract-driven (almost universally required for projects above ~RM200k)
Workmen's Compensation (WC)	Compensation for foreign workers injured on duty	Statutory, Workmen's Compensation Act 1952
SOCSO	Social security cover for Malaysian and PR workers	Statutory, Employees' Social Security Act 1969 (Act 4)
Public Liability or CGL	Third-party bodily injury and property damage outside the works (or between projects)	Contract-driven; some contracts require annual PL on top of CAR's Section II
Performance Bond	Guarantee to the employer for performance under the contract	Contract-driven (universal for government, common for private)

The bond isn't insurance in the strict sense, it's a guarantee. But it's part of the contractor's financial stack at tender stage and most insurers and bond facilities sit alongside CAR placement.

4. JKR and MOF tender add-ons

Government tenders, JKR-led (Public Works Department), MOF-administered (Ministry of Finance), and agency-direct (TNB, Petronas, MAHB), prescribe specific insurance clauses that go beyond the base stack.

Common add-ons across government tenders:

• Higher third-party liability limits, typical limits are materially higher than private contracts of similar size
• Cross-liability between named parties, Government / Public Works Department named as principal insured, plus all subcontractors
• Existing surrounding property extension, required where works are within or adjacent to operational government facilities
• Maintenance period to match contract DLP, often 24 months for major civil
• SRCC and theft cover with documented site security

The pattern in JKR Standard Specification volumes is consistent: the SST tells you the minimum cover, the named insureds, and the deductible thresholds. Read the specific paragraph references in the tender document, clause numbers vary between SST volumes and revisions, and the wording in your specific tender governs.

Anonymised real example from April 2026 Selangor JKR tenders: a RM18M civil works tender required CAR with sum insured aligned to the full contract value, RM10M third-party liability limit, 24-month maintenance period, and SRCC cover. The specific clause references were listed in the SST under the insurance section of the conditions of contract.

Use our government project insurance cheat sheet for the standard handling at tender stage.

5. Private developer (PAM 2018 / IEM) add-ons

Private developers using PAM 2018 (Persatuan Arkitek Malaysia) or IEM (Institution of Engineers Malaysia) standard contract forms have a different add-on pattern.

PAM 2018 requires CAR for the duration of the works plus the defects liability period. The employer, principal contractor, and all subcontractors are named insureds. The maintenance period must match the defects liability period in the contract, usually 12 or 24 months, sometimes longer for specialist scope. PAM 2018 contracts typically don't require SRCC unless the project location calls for it.

IEM forms are used more often for engineering-heavy projects: M&E erection, infrastructure, specialist works. IEM contracts add testing-and-commissioning clauses for M&E scope, which is why EAR (with its testing & commissioning cover) often replaces CAR for M&E-led projects.

Where contractors get caught on private contracts: the maintenance period and the defects liability period don't match, and the discrepancy isn't picked up until a defect surfaces in the second year. Match the policy maintenance period to the contract DLP at inception.

6. MNC EPC and private commercial add-ons

Multinational EPC (Engineering, Procurement, Construction) contracts and major private commercial projects often layer in additional requirements driven by lender, parent-company, or industry standards.

Common additional layers:

• Delay in Start-Up (DSU) cover, also called Advanced Loss of Profits. Pays for revenue delay caused by a covered physical loss. Often required by project finance lenders.
• Higher Professional Indemnity limits, for design-and-build contracts or where the contractor carries design responsibility
• Environmental Impairment Liability (EIL), for projects with material pollution exposure
• Marine cargo cover, for imported plant and materials in transit
• Erection All Risks (EAR) for M&E commissioning, alongside or instead of CAR

MNC contracts also tend to have stricter named-insured structures, sometimes including the parent company, lender consortium, and operating subsidiary. Get the exact wording from the contract before binding.

7. Subcontractor stack, named-under-main vs own CAR

For subcontractors, the question isn't always "what insurance do I need?", it's "am I covered under the principal's CAR, or do I need my own?" The answer depends on the contract.

Scenario	Decision
Named on principal's CAR as additional insured, with cross-liability waived	Usually sufficient for project works. Verify in writing, get a copy of the cover note showing your name.
Listed in the principal's contract but not actually endorsed on the policy	You are likely not insured. Take your own cover or insist on an endorsement before mobilising.
Specialist subcontractor (M&E, lifts, façade) with distinct scope	Take your own EAR or CAR even if named on the principal's. Cross-liability covers third parties; it doesn't cover damage you do to your own scope before handover.

Subcontractors also need their own statutory layer (WC and SOCSO for their workforce) and their own annual layer (Public Liability between projects). The principal's CAR doesn't cover the subcontractor's annual operating exposure outside the project.

8. CIDB grade and contract value reference

CIDB grades G1 through G7 set maximum project value tiers and minimum paid-up capital requirements. The grade signals capacity, not risk per se, insurance pricing follows the actual project profile, not the grade label. But the grade does correlate with which insurers are likely to underwrite the placement.

For the full grade reference, see CIDB grade requirements G1-G7. For levy obligations on each project, see CIDB levy payment guide. For ongoing CCD points and renewal: CCD points guide.

9. Cost drivers, directional, not numerical

Premium isn't tariffed. It's driven by the same five factors that govern any non-tariffed engineering risk:

• Project type, civil loads higher than building; specialist civil (basement, slope, water-adjacent) loads highest within civil
• Contract value and duration, premium scales with sum insured; long-duration projects load on top
• Site conditions, flood-zone, slope, urban congestion, high-value adjacent property all load the rate
• Contractor profile, CIDB grade, claims history, prior project portfolio
• Principal contract requirements, minimum limits, deductible thresholds, mandatory extensions

The interaction between these is the actual underwriter's job. The calculator below gives you a working range based on your specific inputs.

10. Estimate your stack premium

11. Common mistakes that void or under-cover the stack

Five recurring failures across the contractor placements we see:

1. Treating CAR as the whole stack. CAR is the project layer. WC and SOCSO are statutory. PL and PI are annual. A complete stack covers all three layers.
2. Mismatched maintenance period. CAR maintenance period must match the contract's defects liability period. A 12-month CAR on a 24-month DLP leaves the contractor exposed and in breach of contract from month 13.
3. Subcontractor named in contract but not on policy. Being mentioned in the principal's construction contract is not the same as being named on the insurance policy. Verify with the cover note.
4. Skipping mid-project variations endorsement. CAR is rated against the sum insured at inception. Variations that increase contract value need a mid-term endorsement to bring the cover up to match.
5. Buying CAR without reading the principal contract clauses. The principal's contract drives the cover requirements. Quoting CAR without reading the SST or PAM 2018 wording produces a policy that prices well but doesn't satisfy the contract.

12. What to send us for a binding placement

For a complete contractor placement (CAR/EAR plus the supporting layers), the package we need:

• Contract sum and breakdown
• Project description and method statement
• Site address, site plan, neighbouring use
• Project schedule (start, completion, maintenance period)
• CIDB grade and registration number
• Claims history (last 3-5 years)
• Principal contract clauses for insurance (the actual SST or PAM 2018 wording)
• Workforce composition (for WC and SOCSO sizing)
• Any existing annual policies to coordinate with (PL, PI, Plant)

Most placements turn around in 3-5 working days from package received to bound policy. Larger projects with facultative reinsurance take longer. Tender deadlines are usually accommodated if the package arrives early enough.

FAQ

What insurance does a CIDB contractor need to mobilise on a Malaysian project?

The base stack: CAR or EAR for the works, Workmen's Compensation for foreign workers, SOCSO for local workers, Public Liability or CGL for third-party exposure, and Performance Bond if the contract requires one. Project type and principal type determine the specific add-ons.

Is CAR insurance mandatory for CIDB contractors?

CIDB registration itself doesn't mandate CAR. Project contracts do. Government tenders, most private developers, and any meaningful EPC contract require CAR or EAR as a condition of contract. In practice, projects above RM200k almost always require it.

What's the difference between CAR and EAR?

CAR covers civil and building works. EAR covers mechanical and electrical erection, including testing and commissioning. Civil project = CAR. M&E commissioning = EAR. See CAR vs EAR comparison.

Do I need Public Liability if my CAR already covers third-party liability?

Sometimes. CAR Section II covers third-party liability arising from the works. It doesn't cover liability arising outside the project (e.g., between projects, at your office, on a different site). Annual Public Liability fills that gap. Some contracts explicitly require both.

Does SOCSO replace Workmen's Compensation?

No. SOCSO covers Malaysian citizens and permanent residents. Workmen's Compensation is required for foreign workers under the Workmen's Compensation Act 1952. Most Malaysian construction sites have both, they're complementary, not alternative.

What's a Performance Bond and why does it sit alongside CAR?

Performance Bond is a guarantee from a bank or insurer to the employer that the contractor will perform the contract. It's not insurance, it pays the employer if the contractor fails. CAR is insurance, it pays the contractor if the works are damaged. Most government tenders require both.

Can a subcontractor rely on the main contractor's CAR?

Only if the subcontractor is named as additional insured on the policy with cross-liability waived. Being mentioned in the construction contract is not the same as being named on the insurance policy. Verify with the cover note before mobilising.

What's the difference between annual and project Public Liability?

Annual PL runs year-round across all your operations. Project PL is tied to a specific project. Most contractors carry annual PL as their baseline; some projects then require additional project PL or higher project-specific limits.

Do I need Professional Indemnity if I'm not a designer?

Depends on the contract. If you're delivering a design-and-build contract, you carry design responsibility, and PI cover. If you're a pure construction contractor without design responsibility, PI is usually not required. See SPPI / PI insurance.

How does the contractor stack change for renovation versus new build?

Renovation needs an existing surrounding property extension on the CAR, the host building is exposed to the works in a way greenfield isn't. Public Liability limits often need to be higher because you're working inside an operating facility. The base stack structure is the same; the extensions and limits differ.

How does the stack change for JKR vs private developer projects?

JKR tenders prescribe higher third-party liability limits, longer maintenance periods, mandatory cross-liability, and often SRCC. Private contracts (PAM 2018, IEM) follow a similar base structure with different limit conventions and clause wordings. Read the specific contract, don't generalise.

How long does it take to bind a complete contractor stack?

For standard placements with complete documentation: 3-5 working days from package received to bound policies. Larger projects with facultative reinsurance: 1-2 weeks. Statutory layers (WC, SOCSO) are quicker; project layers take the most time.

Can I take CAR without taking the rest of the stack?

Yes, but it's usually a false economy. CAR alone leaves the workforce uninsured (statutory breach), the annual exposure unprotected, and possibly the contract's PL requirement unmet. Most contractors arrange the full stack at the same time.

What does it cost to insure a typical CIDB contractor?

Use the calculator above for a CAR estimate. Statutory layers (WC and SOCSO) are tariffed and predictable. Annual PL, PI, and Plant covers depend on turnover, scope, and asset values. For a complete stack quote, send the project and operating specs through the form.

Do I need a different stack for first-time vs experienced contractors?

The structure is the same; the pricing differs. First-time contractors often pay a learning premium on first 1-2 CAR placements. Experienced contractors with clean claims history get tighter rates. Both need the same layer set.

Foundation Conclusion

The Malaysian contractor insurance stack isn't a single policy. It's a layered set of project, statutory, and annual covers, each driven by the project type and the principal you're working for.

The work that pays is matching the stack to the actual contract, clause-by-clause, deductible-by-deductible, named-insured-by-named-insured. That's the conversation worth having before you mobilise.

Talk to our risk specialists about your stack

Disclaimer: This article provides general guidance on contractor insurance available in the Malaysian market as of April 2026, plus statutory cover requirements under the Workmen's Compensation Act 1952 and the Employees' Social Security Act 1969 (Act 4). Regulations and policy terms change. Always review your specific contract clauses and policy wordings or consult a qualified insurance professional before making coverage decisions. Foundation is a specialist property and engineering insurance intermediary.