This is what I call a nuclear indemnity: “Vendor shall indemnify Customer against any third party claim arising out of or related to Vendor’s breach of this Agreement.” It’s nuclear because it destroys all in its path. It’s not limited to a type of claim, like IP, data breach, or personal injury. Tech vendors should not grant nuclear indemnities. And while customers do benefit, they should not expect nuclear indemnities or feel cheated if they’re not available.
[We’ll discuss this topic and more in our April 4 webinar on indemnities. You can register here.]
Damages address breach, not indemnities
All contracts impose consequences for breach — usually damages. So no one needs an indemnity to address breach. The indemnity against third party claims is extraordinary, breaking the normal rule that each party deals with its own lawsuits. It makes sense for a limited set of claims. IP indemnities make sense, for instance, since the tech vendor deals in IP — and its product creates IP risk for the customer. But an indemnity against … everything … puts the indemnitor nearly in the position of an insurance company.
Tech vendors can’t manage risk like insurers
Insurance companies assess potential customers and turn down those whose operations create too much risk. Tech vendors generally can’t. And insurance companies often reqiure that customers take precautions against suits. Tech companies don’t and generally can’t. Finally, insurance companies are experts at litigation. Tech companies are not.
Of course, the nuclear indemnity covers claims related to the vendor’s breach, while insurance policies cover broader sets of claims. But customers with high risk operations are more likley to get sued. So customer risk matters. And the vendor doesn’t actually have to breach to find itself on the hook. Usually, an alleged breach will trigger the indemnity.
Suggestions for vendor and customer
Tech vendors should refuse nuclear indemnities if possible. Offer indemnites — if any — related to technology-relevant concerns, like IP. And remind the customer that damages provide the typical remedy for breach, not indemnities. Maybe even point out the insurer comparisons above. Or do offer the nuclear indemnity … but only in exchange for a lot more money.
Customers, if you can get a nuclear indemnity, great. But don’t consider it vital. In fact, if you can get one, consider trading it for something more valuable, like lower fees or a higher limit of liability.
Thank you to attorney Erik Oliver for several of the ideas above!
Join us for our April 4 webinar on indemnities. You can register here.
© 2023 by Tech Contracts Academy, LLC. All rights reserved.
Thank you also to Pixabay.com for great, free stock images!
This is a great post. Insurance companies are only experts at litigation because they get sued a lot to make good on the insurance, when they probably do not want to.
Things a customer can get through regular course damages do not need an indemnity. There are times when the service or solution by its nature would increase the chances of a third party claim, e.g. a tech solution that processes or hosts significant amounts of personal data.
Those are the types of software solutions that a customer is more likely to face a claim by its own customers if their personal information is leaked because of a Vendor’s breach of contract or tort.