- Professional indemnity (PI) is the core cover for talking therapies: it responds to allegations of professional negligence, breach of confidentiality, or harm linked to your clinical work.
- Major professional bodies including the BACP and UKCP require members in clinical practice to hold appropriate indemnity cover as a condition of accredited registration.
- Public liability (PL) covers third-party injury or property damage at your premises and is commonly arranged at a 1 million to 5 million limit for therapy rooms.
- Therapists are data controllers under UK GDPR and the Data Protection Act 2018, and most must register with the ICO, which charges a tiered annual data protection fee.
- If you sell or arrange insurance-style products, the firm must be authorised by the Financial Conduct Authority and listed on the FCA Financial Services Register.
Therapists and counsellors need professional indemnity as the essential cover, usually public liability for premises, plus data protection and lone-worker protection. BACP, UKCP and similar bodies make adequate indemnity a registration condition.
Last reviewed: June 2026
Why insurance matters for therapists and counsellors
Talking therapy carries a particular risk profile. The work itself is intangible: there is no physical product, but there is a duty of care, sensitive personal data, and the possibility that a client could allege harm, misdiagnosis, or a breach of confidence. For most practitioners in the UK, the question is not whether to insure but how to combine the right covers so that the practice, the practitioner, and the client are all protected.
Insurance for therapists is rarely a single policy. It is usually a small stack: professional indemnity at the centre, public liability around any premises, and data protection considerations woven through both. Sole practitioners working from a single consulting room have different needs from group practices with employed associates, and online-only therapists have a different physical-risk footprint again. This guide walks through each layer in plain terms, set out as of 2026.
Professional indemnity: the essential cover
Professional indemnity insurance is the foundation for any counsellor or psychotherapist. It exists to respond when a client, or a third party, alleges that your professional work caused them loss or harm. In a therapeutic context that can include claims of negligent treatment, failure to refer or escalate appropriately, breach of confidentiality, defamation, or a failure to keep adequate records. The policy typically funds the legal defence costs of investigating and contesting such an allegation, as well as any damages awarded or agreed.
The reason PI sits at the heart of the stack is that the most serious exposures in therapy are professional rather than physical. A client is far more likely to allege that the work itself fell below a reasonable standard than to trip over a rug. PI is also the cover that professional bodies have in mind when they make indemnity a registration requirement, because it directly underwrites clinical accountability.
Most PI policies for individual therapists are written on a claims-made basis. That means the policy that responds is the one in force when the claim is made against you, not the one in force when the work was carried out. Two practical points follow. First, you need to keep cover continuously in place while you practise. Second, when you eventually stop practising, you should consider run-off cover, which keeps you protected against claims that surface after you retire about work you did years earlier. Therapy claims can emerge long after the sessions ended, so run-off is not a detail to overlook.
Indemnity limits commonly start around 1 million to 1.5 million for sole practitioners and rise from there depending on caseload, modality, and any higher-risk specialisms. Some bodies state a minimum limit; many leave the adequacy judgement to the member, which is why understanding your own exposure matters.
Public liability: covering your practice premises
Public liability insurance protects you against claims from third parties, usually clients or visitors, who suffer injury or property damage in connection with your business. In a therapy setting the classic example is a client who slips on a wet floor in your waiting area, trips on a trailing cable, or is injured by faulty furniture in the consulting room. PL covers the compensation and legal costs that can follow.
If you see clients in person, whether in a rented therapy room, a clinic, or a dedicated space at home, PL is the cover most landlords, clinics, and room-hire providers expect to see. Many room-hire agreements make a minimum PL limit a condition of booking. Limits of 1 million, 2 million, or 5 million are typical, with the higher end common where a building owner or a clinic group sets the requirement.
Online-only therapists have a much smaller physical-risk footprint, since there is no premises for a client to be injured at. Even so, some practitioners keep a modest PL element because circumstances change: a single in-person workshop, a supervision session held face to face, or a return to room-based work can all reintroduce the exposure. If you genuinely never see anyone in person, PL becomes less central, but PI remains essential.
Professional body requirements
Membership of a recognised professional body is, for many UK therapists, the practical gateway to working: it signals accountability, an ethical framework, and a complaints route. Most of the major bodies make adequate indemnity insurance a condition of accredited or registered practice. The exact wording varies, and some bodies arrange or facilitate cover for members while others simply require you to hold your own and to be able to evidence it.
The table below summarises how several well-known bodies approach the indemnity requirement. Always check the current rules directly with your own body, because membership categories, registration tiers, and minimum expectations are reviewed periodically.
| Professional body | Field | Indemnity requirement |
|---|---|---|
| BACP | Counselling and psychotherapy | Members in clinical practice must hold adequate professional indemnity cover appropriate to their work. |
| UKCP | Psychotherapy and psychotherapeutic counselling | Registrants in practice are required to hold appropriate professional indemnity insurance. |
| NCPS (National Counselling and Psychotherapy Society) | Counselling and psychotherapy | Practising members must hold professional indemnity cover for their clinical activity. |
| BPS | Psychology (including counselling psychology) | Members providing services are expected to be appropriately indemnified for their practice. |
| HCPC | Practitioner psychologists (statutory regulator) | Registrants must have an indemnity arrangement in place as a condition of registration under HCPC standards. |
The common thread is the word adequate. Bodies tend to require that your cover is appropriate to the work you actually do, rather than naming a single universal figure. A practitioner offering high-intensity trauma work with complex clients should reasonably consider a different limit from someone running occasional low-risk wellbeing sessions. Treat any stated minimum as a floor, not a target.
Data protection cover: handling sensitive client information
Therapists hold some of the most sensitive personal data there is. Session notes, assessments, GP correspondence, and safeguarding records are all special category data under UK GDPR and the Data Protection Act 2018. As a practitioner you are almost always a data controller, which carries direct legal responsibilities for how that information is collected, stored, shared, and eventually destroyed.
Two distinct things sit under the data heading. The first is compliance: most therapists must register with the Information Commissioner's Office and pay the annual data protection fee, which is set in tiers based on the size and turnover of the organisation. Registration is a legal obligation for most controllers, not an optional extra, and the ICO publishes a self-assessment to help you confirm whether you need to pay and at which tier.
The second is insurance. A data breach, such as a lost laptop, a misdirected email containing notes, or a ransomware attack on your records system, can trigger notification duties, regulatory engagement, and potential claims from affected clients. Some PI policies extend to cover certain breach-related costs and third-party claims, and standalone cyber or data protection cover can fill gaps around incident response, forensic investigation, and client notification. Read the wording carefully: confidentiality breaches arising from your professional conduct may sit under PI, while a technology-driven breach may need a cyber element. The two are not interchangeable.
Lone worker risk
Many therapists work alone. Sessions are private and confidential by design, which means you are frequently in a room, or on a call, with one other person and no colleague nearby. That privacy is a clinical necessity, but it also creates a lone-worker risk that deserves a deliberate plan rather than an afterthought.
Insurance is only part of the answer here. PL and PI respond after an incident; a lone-worker policy is mainly about prevention. Practical measures include sharing your appointment schedule with a trusted contact, agreeing check-in arrangements after late or higher-risk sessions, carrying out a brief risk assessment for new clients, and setting clear boundaries around home-based practice. Where you employ or supervise others who work alone, your duty of care extends to them, and employers have obligations to assess and manage lone-working risks. Some insurers offer guidance, helplines, or risk-management support as part of a professional package, which can be a useful complement to your own safeguarding policies.
Building the right combination
For a typical UK sole practitioner, the working stack looks like this: professional indemnity as the essential core, public liability for any in-person premises, ICO registration and appropriate data protection arrangements, and a considered lone-worker plan. Add employers' liability if you ever take on staff, since that cover is a legal requirement once you employ people. Online-only practitioners can usually streamline the PL element but should never trim the PI.
Match limits to the work you do, keep cover continuous, and diary your run-off decision for the day you stop practising. Review the whole arrangement at least annually, and whenever your modality, caseload, or premises change.
Frequently Asked Questions
Do therapists need professional indemnity insurance?
In practical terms, yes. Professional indemnity is the essential cover for talking therapies because it responds to allegations of professional negligence, breach of confidentiality, or harm linked to your clinical work. Most professional bodies also make adequate indemnity a condition of registered or accredited practice, so it is effectively required to work.
Does BACP require insurance?
The BACP requires members who are in clinical practice to hold adequate professional indemnity cover appropriate to the work they do. The exact expectation is set out in BACP membership and ethical framework documentation, which is reviewed periodically, so members should confirm the current requirement and any minimum directly with BACP.
What insurance do counsellors need to practise?
Most counsellors need professional indemnity as the core cover, public liability if they see clients in person, and appropriate data protection arrangements including ICO registration where required. Those who employ staff also need employers' liability insurance by law. The precise mix depends on whether you work face to face or online and whether you have employees.
Does therapist insurance cover online sessions?
Professional indemnity generally responds to your clinical work regardless of whether it is delivered in person or remotely, but you should confirm that your policy explicitly covers online and telephone delivery and any clients located outside the UK. Public liability is tied to physical premises, so it is less central for online-only work, while data protection cover becomes more prominent because remote practice relies heavily on technology.
How do I check my insurer is FCA authorised?
Search the firm on the FCA Financial Services Register at register.fca.org.uk using its name or firm reference number. The register shows whether a firm is authorised, what permissions it holds, and its status. Any firm arranging or providing insurance to you in the UK should appear there, and you can use the register to confirm details before you buy.
