Liability and indemnification provisions determine what financial protection you have when a software vendor's product fails, causes a data breach, or infringes a third party's intellectual property. Standard vendor terms cap vendor liability at levels that are commercially meaningless for enterprise buyers — while imposing unlimited indemnification obligations on the buyer. Getting these provisions right is a matter of genuine financial risk management.
This article is part of our IT Contract Negotiation Strategy guide. Liability and indemnification provisions interact closely with SLA terms (which determine when a breach entitles the buyer to remedies), contract red flags (which cover problematic warranty disclaimers and indemnification structures), and data rights clauses (which become critically important when a liability event involves data loss or exposure).
In the normal course of a software contract, liability provisions are invisible — both parties perform, no serious failures occur, and the limitation of liability clause sits dormant in the contract schedule. Their relevance becomes acute precisely in the scenarios that matter most: a security breach exposes customer data; a software bug causes production outages and business losses; a vendor's IP infringement claim exposes the buyer to third-party litigation; or a cloud platform failure takes down critical business operations.
In these scenarios — which are increasingly common as software becomes more deeply integrated into business operations — the liability provisions determine how much financial protection the enterprise buyer actually has. Most buyers discover, too late, that the answer is: almost none. Vendor-standard liability caps are typically set at 12 months' fees — a figure that is commercially meaningless relative to the losses that enterprise software failures can cause.
A single significant data breach can cost an enterprise organisation hundreds of millions of pounds — in regulatory fines, remediation costs, litigation, and reputational damage. A liability cap of £500k (representing 12 months' fees for a mid-size SaaS subscription) provides no meaningful protection against this exposure. The reality is that enterprise buyers carry the vast majority of the downside risk from software failures under standard vendor terms.
The average total cost of a data breach for a large enterprise organisation reached $4.88 million in 2024 (IBM/Ponemon Institute). For organisations in regulated industries (financial services, healthcare), total costs including regulatory penalties and remediation regularly exceed $10–20 million. A vendor liability cap of 12 months' subscription fees — typically $500k–$2m for mid-size enterprise software — covers 2–10% of the expected breach cost. This is not insurance. It is risk transfer in name only.
Standard vendor liability provisions typically contain three elements that collectively limit vendor financial exposure to near-zero in any realistic loss scenario.
Liability cap: The vendor's total aggregate liability to the buyer for any and all claims arising under the agreement is capped at the fees paid in the preceding 12 months (or sometimes the preceding 6 months). For a £500k/year SaaS subscription, this means the vendor's maximum liability — regardless of the scale of the failure — is £500k.
Consequential damages exclusion: Standard terms exclude the vendor's liability for indirect, consequential, incidental, special, punitive, or exemplary damages — including lost profits, lost revenue, loss of data, and business interruption losses. These exclusions eliminate the categories of damage most likely to be material in a real loss scenario. The only damages that typically survive are direct damages — the cost of the software itself — which are already capped at 12 months' fees.
Warranty disclaimer: Standard terms disclaim all warranties other than the express warranty that the software will perform materially in accordance with the documentation. Implied warranties of fitness for purpose, merchantability, and non-infringement are expressly excluded. For buyers who rely on software to perform a specific business function, this disclaimer significantly reduces the scope of enforceable performance obligations.
The combination of a 12-month fee cap, a full consequential damages exclusion, and a broad warranty disclaimer means that for most enterprise software failures, the buyer's effective recovery against the vendor is zero. The cap is not high enough to cover direct damages in most serious failure scenarios; the consequential damages exclusion eliminates the categories of damage that actually matter; and the warranty disclaimer limits the bases on which claims can be made. This is not an accident — it is deliberate contract design by vendor legal teams with decades of experience optimising against buyer interests.
Liability cap negotiation is fundamentally a risk pricing exercise. The vendor must weigh the probability of a large claim against the value of winning the deal. For large enterprise accounts, increasing the liability cap is achievable — vendors adjust their insurance structures accordingly — but the starting position is always the vendor-standard 12-month cap.
| Cap Level | Typical Scenario | Achievability | Appropriate For |
|---|---|---|---|
| 12 months' fees (standard) | Vendor standard; starting position | Always offered; should not be accepted | Low-value, non-critical software only |
| 2x annual fees | First buyer ask; often achieved without push | Very achievable at most spend levels | Lower-risk SaaS applications |
| 3–5x annual fees | Enterprise standard for mission-critical software | Achievable with leverage; may require trade-offs | Core business platform; significant data exposure |
| Total contract value (TCV) | Strong buyer position; requires escalation | Achievable for regulated industries; complex to negotiate | Financial services, healthcare, government |
| Uncapped (for specific carve-outs) | IP indemnification; gross negligence; wilful misconduct | Standard in well-negotiated contracts; not unreasonable | IP claims; data breach (if specific carve-out); fraud |
The liability cap level achievable depends on several factors: the total contract value (higher TCV = more leverage); the nature of the software and the risk profile of failure; the buyer's industry (regulated industries can justify higher caps more easily); whether the buyer is willing to provide a reciprocal increase in its own liability to the vendor; and whether the buyer is willing to trade other commercial concessions for a higher cap.
Even when a general liability cap is in place, certain categories of claim should be carved out from the cap — either to be subject to a higher cap, or to be uncapped entirely. These carve-outs address the scenarios where vendor liability exposure is most acute and where the standard cap would be most obviously inadequate.
If a third party claims that the vendor's software infringes their intellectual property rights — and the buyer is named in or exposed to that claim — the buyer needs the vendor to indemnify the full cost of the claim, not just 12 months' fees. IP indemnification obligations should be uncapped or subject to a significantly higher separate cap. This is the carve-out that most vendors accept most readily, as it aligns with their own IP insurance structures.
Where the vendor processes personal data on behalf of the buyer (as a data processor under GDPR or equivalent), vendor liability for data breaches caused by the vendor's failure should be subject to a higher cap or a separate sub-cap that reflects the regulatory and remediation cost exposure. For enterprise SaaS platforms processing significant volumes of customer data, a separate data breach liability cap of 2–5x TCV is not unreasonable.
No reputable vendor should resist removing liability limitations for claims arising from their own gross negligence or wilful misconduct. This carve-out is standard in well-negotiated enterprise contracts and should not be a concession. If a vendor insists on maintaining the liability cap even for fraud or wilful misconduct, this is itself a significant contract red flag.
Liability for death or personal injury caused by negligence is not capable of contractual limitation in most common law jurisdictions. While this is a standard legal carve-out that buyers rarely need to push for explicitly, confirming it is present in the contract — particularly for software used in safety-critical contexts — is appropriate diligence.
Where the vendor receives confidential business information under the agreement — trade secrets, competitive data, strategic plans — vendor liability for unauthorised disclosure of this information should not be limited to the standard fee cap. Confidentiality breach liability should be subject to a higher cap or treated separately from the general limitation.
Indemnification provisions — where one party agrees to compensate the other for specific categories of third-party claims — are distinct from the liability cap, which governs direct claims between the parties. In enterprise software contracts, the indemnification structure is often more commercially significant than the cap level.
IP indemnification by vendor: The vendor should indemnify the buyer against third-party claims that the software infringes any patent, copyright, trademark, or trade secret. This should be a broad, explicit obligation — not limited to "currently known" claims or to claims arising in specific jurisdictions. The vendor's IP indemnification obligation should cover: defence costs; settlement amounts; and any judgement or award — and should be subject to a reasonable cooperation obligation from the buyer rather than a condition that triggers only if the buyer gives immediate notice.
Data processor indemnification: Where the vendor processes personal data, the data processing agreement (DPA) should include specific indemnification for regulatory fines, enforcement costs, and third-party data subject claims arising from the vendor's failure to comply with its data processor obligations. This is separate from the main agreement indemnification and should not be subject to the standard liability cap.
Buyer indemnification — what to watch: Vendor-standard contracts often impose broad indemnification obligations on the buyer: to indemnify the vendor against third-party claims arising from buyer's use of the software, buyer's data, or buyer's modifications. These buyer-side indemnification obligations should be reviewed carefully — they should be limited to claims arising from buyer's breach of the agreement or gross negligence, not from the normal use of the software for its intended purpose.
Need a specialist to review your liability and indemnification provisions?
Our advisors work alongside your legal team to negotiate enterprise software contracts that provide genuine financial protection.
The consequential damages exclusion is the provision that most completely strips enterprise buyers of meaningful protection against software failures. Even with a doubled or tripled liability cap, if lost profits, lost revenue, and business interruption losses are excluded, the cap is largely academic — because those are typically the most significant losses.
Buyers should negotiate to carve out specific categories of consequential damages from the vendor's consequential damages exclusion. Full removal of the exclusion is rarely achievable, but targeted carve-outs for the most commercially significant categories often are.
Achievable consequential damages carve-outs include: lost profits directly and demonstrably caused by a vendor-caused platform outage (subject to a specific cap); costs of data recovery and incident response following a vendor-caused data breach; and regulatory fines and penalties imposed on the buyer as a direct result of the vendor's failure to comply with applicable law. Each of these carve-outs addresses a category of real loss that the buyer would otherwise bear entirely.
| Vendor | Standard Cap | Carve-Outs in Standard Terms | Enterprise Achievable |
|---|---|---|---|
| Oracle | 12 months' fees | IP indemnification (limited) | 2–3x achievable; IP uncapped achievable |
| SAP | 12 months' fees | IP and death/injury carve-outs | 2–3x; data breach carve-out achievable |
| Microsoft | 12 months' fees (standard); TCV for some EA | IP, death/injury, gross negligence carve-outs | TCV cap achievable; reasonable carve-outs standard |
| Salesforce | 12 months' fees | IP indemnification; death/injury | 2x achievable; data breach carve-out possible |
| AWS | 12 months' fees paid in prior 12 months | IP indemnification; some security carve-outs | EDP customers have more leverage; limited movement on cap |
| ServiceNow | 12–24 months depending on tier | IP, gross negligence, confidentiality carve-outs | More flexible than most at enterprise scale |
1. Make liability a business-level, not legal-level, discussion. Liability negotiations conducted solely between legal teams tend to produce small incremental movements because neither side wants to set precedent. Escalate to a commercial conversation about risk allocation: "Our Board requires us to have insurance coverage of £X for this category of risk. Your current cap doesn't support that. How do we solve this?" Commercial leaders can authorise exceptions that legal playbooks cannot.
2. Use your insurance requirements as an objective anchor. Many enterprise organisations have insurance policies that require them to have minimum contractual liability coverage from key vendors. Using your insurance requirements as an objective benchmark — rather than a negotiating position — frames the conversation as compliance with external requirements rather than a commercial demand, which is easier for vendor commercial teams to approve.
3. Prioritise carve-outs over cap increases where possible. Vendors are often more resistant to increasing the general liability cap (which sets a broad precedent) than to agreeing to specific carve-outs for defined high-risk categories. A well-structured carve-out negotiation — achieving uncapped IP indemnification, a separate data breach cap, and gross negligence carve-outs — may provide more practical protection than a doubled general cap.
4. Offer reciprocal treatment. If you are asking the vendor to accept a higher liability cap, offer to apply the same cap structure to the buyer's indemnification obligations under the agreement. Vendors are less resistant to cap increases when they are explicitly mutual — even if the practical exposure profile is different.
5. Tie liability cap to insurance coverage. Many enterprise software vendors are insured against the liabilities they accept in their contracts. Negotiating a liability cap tied to the vendor's actual insurance coverage ("the greater of 12 months' fees or the vendor's then-current insurance policy limit") leverages the existence of insurance capacity that the vendor has already purchased.
6. Review the interaction between the SLA and the liability cap. SLA breach remedies (service credits) are often structured as the "sole and exclusive remedy" for performance failures — which means a buyer whose service is down for a week may receive a small credit while being unable to claim the full extent of their losses. Negotiating that SLA credits do not exhaust the liability cap for serious failures is as important as the cap level itself. See our SLA negotiation guide for detailed coverage of the "sole remedy" trap.
"Except as set forth in the carve-outs below, each party's total aggregate liability to the other party in respect of all claims arising under or in connection with this Agreement shall not exceed the greater of: (a) the total fees paid or payable by Customer in the twelve (12) months immediately preceding the event giving rise to the claim multiplied by [3]; or (b) [£X]. The following are excluded from this cap and shall not be subject to any limitation of liability: (i) either party's liability for death or personal injury caused by negligence; (ii) either party's liability for fraud or wilful misconduct; (iii) Vendor's IP indemnification obligations; (iv) Vendor's liability for breach of confidentiality; and (v) Vendor's liability arising from a data breach caused by Vendor's failure to comply with its data processor obligations."
"Notwithstanding the exclusion of consequential damages, Vendor shall not exclude liability for: (a) Customer's reasonable and documented costs of data recovery and incident response directly caused by Vendor's security failure; (b) regulatory fines and penalties imposed on Customer directly as a result of Vendor's failure to comply with applicable data protection law in its capacity as data processor; and (c) Customer's direct and documented lost revenue attributable to a Vendor-caused platform outage exceeding [4] consecutive hours, subject to a separate cap of [12] months' fees."
Standard vendor liability caps provide almost no real protection for enterprise buyers. Our advisors negotiate the carve-outs, cap levels, and indemnification structures that actually matter when things go wrong.