Who owns my project documents?
Q: Does my client own my project documents?
A: It depends on your contract language. A license to use your documents is often intended only when you’ve been paid in full for your services. Also, some clients don’t understand that documents are project-specific and not necessarily intended for reuse on other projects, so consider requiring that any reuse be at your client’s sole risk.
For further information on this topic, read RLI’s “Ownership of Documents and Intellectual Property: Are They the Same or How Do They Differ?”
To learn about our Insurance Offerings and our Risk Management program, visit our website or Contact us today at 713-552-1900. Be sure to have a lawyer or licensed Risk Manager review your contracts for insurability and other risk implications.
Ownership of Project Documents, Yours, Mine or Ours?
Here are some questions to ask. In exchange for the transfer, does the Recipient agree that:
- Payment – Do the documents remain the Design Professional’s property until the Design Professional has received full payment for the services provided, and the project is completed?
- Reuse – Are the documents are project-specific and are not intended for reuse on other projects?
- Owner’s Risk – Any reuse by the Recipient without the Design Professional’s involvement will be at the Recipient’s sole risk?
- Indemnification – The Recipient will defend, indemnify, and hold the Design Professional harmless from any claims brought against them arising out of the reuse?
- DP’s Rights – The Design Professional has the right to retain one record copy of all project documents and to reuse standard details of the contract documents?
What does AIA have to say about ownership?
According to — AIA Document B101-2007, § 7.3
“Upon execution of this Agreement, the Architect grants to the Owner a nonexclusive license to use the Architect’s Instruments of Service solely and exclusively for purposes of constructing, using, maintaining, altering and adding to the Project, provided that the Owner substantially performs its obligations, including prompt payment of all sums when due, under this Agreement. The Architect shall obtain similar nonexclusive licenses from the Architect’s consultants consistent with this Agreement. The license granted under this section permits the Owner to authorize the Contractor, Subcontractors, Sub-subcontractors, and material or equipment suppliers, as well as the Owner’s consultants and separate contractors, to reproduce applicable portions of the Instruments of Service solely and exclusively for use in performing services or construction for the Project. If the Architect rightfully terminates this Agreement for cause as provided in Section 9.4, the license granted in this Section 7.3 shall terminate.”
AND
“In the event the Owner uses the Instruments of Service without retaining the author of the Instruments of Service, the Owner releases the Architect and Architect’s consultant(s) from all claims and causes of action arising from such uses. The Owner, to the extent permitted by law, further agrees to indemnify and hold harmless the Architect and its consultants from all costs and expenses, including the cost of defense, related to claims and causes of action asserted by any third person or entity to the extent such costs and expenses arise from the Owner’s use of the Instruments of Service under this Section 7.3.1.”
Are your firm's Cyber risks actually covered? If you're like most design professionals, the answer might surprise you.
According to the World Econo
Does your E&O policy cover cyber attacks?
For most design professionals, the answer is no.
The most common coverage in Professional Liability policies regarding any type of virus transmission is called "network security" liability. But this is only for "3rd party" expenses, such as when a design firm gets sued by one of their clients for the transmission of a virus. It covers the cost of defense and any "3rd party" costs that the client incurs. However, it does not provide any "1st party" coverage for the design firm itself in the event of a cyber attack or breach. Also, these endorsements typically offer sublimits that cap payouts at a fraction of actual incident costs.
Only true Cyber Liability covers 1st party costs associated with a cyber attack or breach on the design firm. That is why the coverage within a Professional Liability is called "network security" and not "cyber liability".
What about a major ransom demand? What about two weeks of system downtime? What about paying a fake invoice for $85,000?
That's a different category of loss entirely. The vast majority of design firms enter 2026 without true cyber coverage.
The FTC's cyber insurance guidance recommends standalone cyber coverage for businesses.
Why are engineering firms prime targets?
Fifty-nine percent of AEC firms experienced a cybersecurity threat in the past two years, according to Dodge Data & Analytics. Cyberattacks on construction companies doubled in Q1 2024 compared to Q1 2023.
The reasons are structural. Engineering firms hold exactly what attackers want:
- Time-sensitive projects where delays cost real money
- Critical infrastructure plans of interest to nation-state actors
- Detailed client information across multiple projects
- Smaller IT budgets than the data they protect would suggest
Design professionals are more than twice as likely to face ransomware attacks compared to other industries, according to research from CyberPress and FalconFeeds.
DragonForce, a ransomware group that attacked O&S Engineers & Architects in February 2025, specifically targets architecture and engineering firms. They kn
Frequently Asked Questions
Does my professional liability policy cover cyber attacks?
Is the cyber add-on to my E&O policy enough protection?
Why are engineering firms prime targets for ransomware?
What happens if client data or CAD files are breached?
How much does cyber insurance cost for design firms?
What should design professionals do now?
Effective risk management services start with understanding your actual exposure.
Don't assume your current coverage is adequate. Pull your policy. Read the cyber-related language. Look for exclusions, sublimits, and gaps.
Then ask yourself:
- What would two weeks of downtime cost in lost revenue?
- What would you do if you paid out $50,000 to a fake invoice?
- What would you do if you could no longer access your design plans and email account?
If those questions concern you, it's time for a real conversation about standalone cyber coverage.
At Risk Specialty Group, we're not just another insurance provider. We're your guide in navigating the complex world of cyber risk for design professionals.
We work with over 20 "A" rated carriers who specialize in architects, engineers, and design firms. We know what questions to ask because we've seen what happens when firms don't have the right coverage.
Ready to understand where you stand?
Just a Quote — For those who know what coverage they need
Conversation & Quote — For those unsure about cyber coverage gaps
Full 360° Review — Comprehensive risk analysis including emerging cyber exposures
Contact Risk Specialty Group: 713-552-1900 | info@riskspecialtygroup.com
About the Author
Travis Landers, ARM, is the President and Founder of Risk Specialty Group, a Houston-based insurance and risk management firm serving design professionals. A UT Austin McCombs School of Business graduate with over 25 years of entrepreneurial experience, Travis founded RSG in 2010 to help architects, engineers, and consultants navigate the complex world of insurance and risk management. Under his leadership, RSG has earned the IIABA Best Practices Agency designation multiple years running. Risk Specialty Group serves design professionals across Texas, Arizona, Arkansas, California, New Mexico, and Oklahoma.
