Your limit of liability might not work on your indemnity

The parties to IT contracts generally agree that the limit of liability (LoL) won’t apply to indemnities. After all, if one party takes responsibility for a third party lawsuit against the other – a tech contract’s typical third party indemnity – why would that responsibility suddenly end? If the vendor indemnifies against IP claims, for instance, why would it stop defending a case or paying judgments after spending some fixed amount of money? It’s still the vendor’s product and IP, right? And how would the LoL’s limit on consequential damages even apply to an indemnity against third party claims? Because of those and other issues, the limit of liability often says something like, “This Section __ does not apply to Section __ (Indemnity).1See The Tech Contracts Handbook, Subchapter II.M.4 (“Exceptions: Unlimited Liability”).

warning! Your limit of liability might not work for your indemnityNevertheless, the parties sometimes do apply the LoL to indemnities. Sometimes an indemnity just won’t get done without some restriction on the indemnitor’s risk (leaving that risk with the other party). So the parties delete the typical LoL exception (above). They leave the limit of liability applicable to the indemnity.

That, however, might not work. In fact, even if the contract specifically says the limit of liability does apply to an indemnity … it might not. At least, it might not work the way the parties expect. The indemnity obligation could remain unlimited.

This is complex stuff, but I try to explain it simply below. If all you want is the solution, however, skip down to “Limit on indemnity performance obligations, instead of LoL.”

A third party indemnity doesn’t involve liability for breach or other wrongdoing; it’s arguably just an obligation to perform.

Contrary to common belief, a third party indemnity is not a remedy for wrongdoing. The indemnitor promises to defend certain types of lawsuits against the other party (indemnified claims) and to pay settlements and/or judgments. The vendor hasn’t necessarily done anything wrong when the indemnity gets triggered. The indemnity involves a promise to perform: a promise to deal with that litigation.

The Scream, by Edvard Munch
You might in be in for a shock.

Let’s look again at our IP indemnity example. The customer gets protection against third party claims – whether or not the vendor/indemnitor has actually infringed IP. Even if it’s “innocent,” the vendor defends the case and settles if possible.2See The Tech Contracts Handbook, Subchapter II.L.2 (“IP Indemnity”). So those two indemnity obligations, defend and settle, don’t involve liability for breach of contract or for other wrongdoing. Again, that sounds like an obligation to perform.

Wrongdoing can trigger indemnity obligations. The indemnitor has to pay judgments if the case goes to trial, the court holds the indemnitor did something wrong (e.g., infringed), and the court awards damages. That’s a lot of ifs. Also, data indemnities usually require wrongdoing. “Vendor shall indemnify and defend Customer against any third party claim, suit, or proceeding resulting from Vendor’s breach of Section __ (Data Management & Security)” (emphasis added).3See The Tech Contracts Handbook, Subchapter II.L.3 (“Data Indemnity”). But neither of those indemnities requires that the indemnitor pay money directly to the customer.4The vendor/indemnitor would be liable directly to the customer if the latter pays a judgment or settlement. That sounds like a small, complex exception. The indemnity still arguably imposes a performance obligation on the vendor, not liability to the other party.

The limit of liability doesn’t restrict obligations to perform.

If the indemnity does involve an obligation to perform, the limit of liability probably won’t apply.

Think of other obligations to perform. Let’s say the contract requires that the vendor write some software. And let’s say that ends up costing more than expected. Can the vendor point to the contract’s $500K dollar cap in the limit of liability and argue: “It’s going to cost more than $500K to write this software, so won’t finish the job – we’re not going to spend more than $500K – because we have a limit of liability.” That probably won’t work. A court would say the limit of liability restricts the vendor’s damages for breach in that situation, not its obligation to spend money performing: writing software.

The same could apply to the indemnity. If it’s just an obligation to perform – to deal with a third party lawsuit – the limit of liability arguably doesn’t apply.

Do we need to breach the contract?

AI-generated image of a young woman programming
The limit of liability doesn’t restrict the vendor’s obligation to create software.

That doesn’t mean the limit of liability has nothing to say about the indemnity – or about an obligation to write software. If the vendor breaches its obligations, the LoL almost certainly comes into play. If the vendor doesn’t write the software, the LoL restricts its damages for breach. It pays no more than the dollar cap/limit in the LoL. And it doesn’t pay consequential damages, per usual terms (discussed below)

That, however, just works for damages. Let’s say the vendor has already spent $600K writing software. It can’t successfully argue, “We’re done: we’ve already spent more than our $500K limit.” So in addition to the $600K it’s spent writing software, the vendor might have to pay another $500K in damages for not finishing the promised job.

Could the same apply to the indemnity? If the indemnitor spends $600K defending the third party claim against the other party, does it have to keep spending until the case is over and it’s paid any settlement or judgment, despite the $500K limit of liability? I think there’s a real risk that it does. So to take advantage of the LoL, the vendor has to breach the indemnity. It has to refuse to defend, settle, and/or pay judgments, despite the contract. At that point, the $500K LoL does set in. The indemnitor could owe another $500K in damages for breach of contract. In other words, the LoL did not limit its obligation to $500K.

The weirdness of the limit on consequential damages

What about the limit of liability terms forbidding consequential damages? How ever would that apply to an indemnity?

A typical consequential damages clause reads, “IN NO EVENT WILL PROVIDER BE LIABLE FOR INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT.5See The Tech Contracts Handbook, Subchapter II.M.2 (“Exclusion of Consequential Damages”). Does that mean the provider/indemnitor doesn’t have to pay consequential damages to the third party plaintiff in an indemnified claim? That wouldn’t make much sense. The clause addresses damages owed by one contracting party to the other, not to a third party. So it probably only addresses damages the indemnitor owes the other contracting party, for breach of contract.

If so, the consequential damages clause fits the model suggested above. It does not restrict the indemnitor’s obligation to perform. It only restricts its obligation to pay damages. And if that interpretation works for the consequential damages clause, why not for the other half of the LoL: the dollar cap?

That would be bad news for an indemnitor hoping to rely on the limit of liability.

Uncertainty about the word “liability”

blind lady justiceAt least, that’s the concern. The outcome depends on what a court thinks “liability” means. Does the court agree with the Legal Dictionary at, which says: “liability means legal responsibility for one’s acts or omissions. Failure of a person or entity to meet that responsibility leaves him/her/it open to a lawsuit for any resulting damages … (as in a breach of contract …).” If so, the limit of liability won’t help the indemnitor … unless it breaches the clause.

On the other hand, the court could agree with Cornell’s Legal Information Institute: “To be liable in a legal sense simply means to be held legally responsible or obligated.” If so, the limit of liability could help. But it’s still not very clear.

The best solution is to research the answer for your jurisdiction. Good luck! This is not an easy question to research. And while knowing the law is always best, we have an option that require less research – and that doesn’t involve high odds of a lawsuit over the meaning of “liability.”

Limit on indemnity performance obligations, instead of LoL

Instead of relying on the limit of liability, the indemnitor can limit its indemnity performance obligations.6See The Tech Contracts Handbook, Subchapter II.M.5 (“Limit on Indemnity Performance (As Opposed to Liability”). I now think I overstated the case in that (2021) subchapter – didn’t acknowledge the room for debate about the nature of “liability.” But the solution is still the same.

Indemnitor is not required to spend more than $X pursuant to Section __ (Indemnity), including without limitation on attorneys’ fees, court costs, settlements, judgements, and reimbursement of costs.

That clause restricts the indemnitor’s obligation to perform. With that sort of limit, you don’t need to cross your fingers and hope you’ve got the right interpretation of “liability” in the LoL. It should work either way.

In most cases, you’d use the clause above in a contract that also has a typical limit of liability, probably with terms saying the LoL does not apply to the indemnity. That’s because, with indemnity performance obligations limited, you have less reason to limit liability for breaching the indemnity.

Third party indemnities are very weird. They cause all sorts of problems because they involve liability to a third party, not between the two contracting parties. We cover this LoL issue and many others in The Tech Contracts Master Class™ (specifically, in course 3). And we cover them in The Indeminar: Indemnities in IT Contracts.

© 2024 by Tech Contracts Academy, LLC. All rights reserved.

Note, this post updates an earlier one, from 2020.

Thank you to for great, free stock images!

Share the Post:

Related Posts