There are two main categories of indemnities in information technology contracts. The first provides cover for losses where events which do not directly related to the performance of the contract, cause a loss. In other words, there is no performance which has breached the contract. This can include breaches of data protection regulations.
Businesses entering information technology contracts should expect to incorporate a series of indemnities in their agreements to guard against a range of potential liabilities. An indemnity is an express contractual obligation to pay compensation for a described head of loss or damage, in the event that a particular event takes place. Indemnities are used to protect a contracting party against exposure to liability from third parties.
Indemnities are onerous because they are an express promise to pay money – usually on demand - in the circumstances described. The information technology supplier usually indemnifies the customer, so it is in the information technology supplier’s interest to limit their scope to defined circumstances. They are also sometimes hotly negotiated particularly when they describe wider liability than what is appropriate for the contract in question. The final form of the indemnities incorporated into the agreement should be a compromise that sits somewhere in the middle of the parties’ initial positions, rather than a one-way street requiring the supplier to indemnify the customer for anything that can go wrong in the technology contract.
The value of these types of clauses is that the business is able to recover a greater sum than what would otherwise be the case in an assessment of damages after liability has been established for a breach of contract. To indemnify another is to make good the loss it has suffered as a result of an act or default on the part of the indemnifying party.
Broadly speaking, there are two types of indemnities which may be included in information technology contracts. The first are specific indemnities relating to losses arising from particular types of events which are not breaches of contract themselves. The second are indemnities that cover breaches of particular clauses in the contract or breaches of the contract in general.
The first type of indemnity provides cover for losses where the relevant events do not directly relate to the performance of the contract by one party to the other. These indemnities might cover issues such as breaches of data protection regulations, infringement of a third party’s intellectual property rights or some other third party relationship. So, these indemnities relate to the rights of third parties which, if breached, would cause the other contracting party damage. The rationale for these sorts of indemnities is that the supplier is normally in a better position than the customer to ascertain, acknowledge, and/or avoid the liability altogether.
These indemnities which are unrelated to the performance of the contract are generally reasonable to include in information technology contracts but they can be made subject to named conditions. The conditions might include an obligation on the customer to notify and cooperate with the indemnifying party in relation to any proceedings, to avoid admissions of liability and to mitigate losses.
For instance, in the case of intellectual property rights, a software developer (ie a supplier) develops its source code. It is in a better position to assess whether a third party’s copyright would be infringed by the software. The licensee (customer) will not be aware whether there are any pre-existing intellectual property rights which are infringed in the software to be supplied. Rather than a customer undertaking a due diligence exercise to inspect the source code to check for infringement (which would be impractical in any event), indemnities are available as a middle-ground between the parties as a compromise.
The second category of indemnity clause is much broader in scope. These indemnity clauses relate to the performance of the contract and aim to provide compensation in the event of a particular breach. Since these usually seek to extend potential liability beyond what would normally be available through simple contractual remedies, they are less likely to be conceded by suppliers in information technology contracts.
Indemnity clauses in general are often subject to limitations of liability which caps the amount of money that the indemnifying party needs to pay as a result of a claim, rather than the total sum of damage suffered. In most contracts, these limitations of liability make the clauses more palatable than if they remained unlimited.
In negotiated contracts, inclusion of the types of indemnities and their extent of coverage are usually determined by the relative bargaining power of the parties. Indemnities are also found in standard terms of business, where there is no opportunity to negotiate the terms. The appropriateness and suitability of indemnities is also influenced by the degree of control the parties have in performing the contract, the asymmetry of information held by the parties and the amount of risk the parties can or is prepared to shoulder.
In relation to the latter point, the risk tolerance of the indemnifying party may be determined in part by the coverage of a relevant insurance policy. But then, insurance policies contain extensive conditions in their own right and should be checked carefully to ensure that coverage assumed is actually covered and the conditions set out in the policy itself should be checked so as to ensure that coverage is maintained. For instance, some insurance contracts provide that if the indemnifying party agrees to unlimited consequential loss, the policy will not be available to cover a claim for insurance.
The indemnities that a business is prepared to give should be limited to those matters which are completely within the control of the business giving the indemnity. Where matters are not within the complete control of the indemnifying party, the indemnifying party is at risk of having to pay out on the indemnity arising from circumstances which another business controls, which cannot be a good position to be in or a satisfactory outcome.
Unbalanced or inappropriate indemnities in technology contracts can make a hard breakup even harder. Getting technology contracts properly drafted and negotiated contracts should fairly balance the risks and attribute the risk to the appropriate party. For legal advice on enforcement or defending breaches of contracts contact our information technology lawyers for more information.
