If you write Python for a living — shipping Django and FastAPI apps, building ETL pipelines, or training and deploying models — your deliverable is code and data infrastructure. That is also where almost all of your liability lives. Unlike a physical trade, your risk is not someone tripping on a ladder. It is financial loss caused by your work product: a bug that corrupts a client's orders, a deployment that takes down production, a breach that leaks customer data. A single claim can dwarf the revenue of the project that caused it.
This guide walks through every coverage a Python developer or data/ML consultancy should understand, why each one exists, what drives the premium, and what you can expect to pay.
Technology E&O — the cornerstone
Technology Errors & Omissions (tech E&O) is the flagship policy for this niche. It blends traditional professional liability (your software, services, or advice caused a client a financial loss) with cyber liability (a breach exposed data) into a single form built for firms whose product is code.
When a migration drops a table, a payment integration double-charges customers, or a project simply doesn't perform as the contract promised, tech E&O responds — paying legal defense costs and damages that routinely exceed the fee you were paid. Most modern forms are written claims-made and bundle first-party and third-party cyber alongside the E&O. This is the policy a procurement team points to before they let you sign.
Professional liability
Standalone professional liability (also called E&O) covers the narrower core: claims that your work was negligent, late, over budget, or failed to deliver what was promised. Many solo freelancers start here and graduate to a full tech E&O form as clients grow and contracts begin demanding cyber. Like tech E&O, it is claims-made, so the retroactive date and tail coverage matter when you switch carriers.
Cyber liability
Python and data firms hold exactly what attackers want — customer databases, API keys, credentials, and training datasets full of PII and PHI. Cyber liability covers both:
- First-party costs: forensics, breach notification, credit monitoring, ransomware/extortion negotiation, PR, data restoration, and business interruption.
- Third-party liability: lawsuits and regulatory actions (GDPR, CCPA, HIPAA) from the people and companies whose data leaked.
Bundled cyber inside tech E&O is often a lighter sub-limit. Firms handling large volumes of regulated data usually buy a dedicated cyber policy with higher first-party limits.
General liability and the BOP
General liability (GL) covers the physical world: a visitor injured at your office, damage to a client's property during an on-site, a slip-and-fall at a co-working space. Your physical exposure is modest, but GL is almost always the first certificate a landlord or client asks to see. Importantly, a software bug is not a GL claim — GL excludes the professional and technology services that are your actual business. That is tech E&O territory.
A Business Owner's Policy (BOP) bundles GL with commercial property — laptops, servers, monitors, networking gear — plus business interruption, at a discount versus buying them separately. A BOP does not include professional liability or cyber; those stay separate.
Media / IP liability
Media liability covers claims that your delivered work infringed someone's rights — copyright and trademark infringement, defamation in produced content, and the classic Python-shop exposure: an open-source / copyleft (GPL, AGPL) license violation that "infects" a client's proprietary codebase. With AI-assisted coding now pulling in code of uncertain provenance, this exposure is growing fast.
Commercial umbrella
A commercial umbrella sits above your primary liability lines and adds limits when a catastrophic claim exhausts them. It is a cost-efficient way to reach $2M–$5M+ total coverage to satisfy a contract requirement. Confirm with your broker which underlying policies your umbrella follows — umbrellas commonly extend GL, not always claims-made tech E&O or cyber.
What drives your premium
- Revenue and headcount — larger firms, larger exposure.
- Data volume and sensitivity — heavy PII/PHI (healthcare, fintech) pushes cyber pricing up.
- Services offered — model training and deployment carry more E&O exposure than static websites.
- Required limits — a $5M MSA requirement costs more than $1M.
- Claims history and security posture — MFA, backups, and incident plans lower cyber pricing.
Typical cost ranges (2026)
- Solo / freelance Python developer: a comprehensive bundle (professional liability + GL + basic cyber) commonly runs $30–$80/month ($500–$1,500/year). Standalone tech E&O is around $83/month for a $1M limit; GL alone can be as low as $30/month.
- Small consultancy / shop: tech E&O averages roughly $87/month; a software bundle (BOP + professional liability) about $152/month (~$1,819/year); standalone cyber around $150/month for firms holding meaningful PII.
- Larger / data-heavy ML consultancy: full tech E&O plus dedicated cyber commonly lands in the $1,200–$5,000+/year range, scaling with revenue, data volume, and required limits. Bundling E&O + cyber + GL typically saves 16%–24% versus buying separately.
The bottom line
For most Python firms the right structure is tech E&O + cyber at the core, GL or a BOP for the office and contract requirements, media liability if you redistribute code or content, and an umbrella when a contract demands limits your primary policies can't reach. Disclose your AI/ML work clearly at underwriting so the form is written to actually cover it.