A contract is an allocation of risk and liability limits are a huge bone of contention.
Vendors want to limit their liability to very specific types of damages: 1. They want to only be responsible for direct damages; and, 2. They only want to be liable up to a capped dollar amount. Generally speaking, this is acceptable (we’ll talk about the dollar amount in a second), as it’s a question of reasonability.
With respects to the types of damages (direct, indirect, consequentials, specials, etc), direct damages (in a very layperson definition) are those that are connected to the cause of the liability. So, for example, if Person A steals from Person B, the cost of the stolen goods would be direct damages. But, in the event that the theft led to Person B being unable to complete another business transaction (and thus negatively impacting Person B), that negative impact would be “consequential.” You can quickly see that damages other than directs can be hard to quantify or calculate – and someone who would be liable for more than directs would not have a good way to understand their total portfolio of liability.
For dollar amounts, most people used to say that you could reasonably ask for 3x the amount “spent” under the terms of the agreement. But to be fair to both sides, any amount I might recommend here isn’t a fair assessment of damages. When discussing software deals gone bad, I typically want every penny I’ve paid over the term of the agreement returned to me – this is less an exact science of knowing the amount of future damage and more of an understanding of what it costs to replace software once integrated into an environment.
With respects to both limitations on liability (type and amount), customers should be able to get three exceptions: A. Indemnification Obligations (including both IP and general indemnity), B. Breach of Confidentiality, and C. Gross Negligence or Willful Misconduct. These three things, in my (supported) opinion, are eligible for ALL forms of liability and without any financial limit, either. In almost all cases, vendors do not challenge these exclusions from the limits. They recognize, as does the customer, that indemnification is only valuable when unlimited, that breaches of confidentiality have far reaching implications, and that willful acts shouldn’t be capped, either.
However, even a generous vendor is only going to allow themselves to be “on the hook” for indemnification for software that they licensed in the form in which it was licensed, or for certain types of damages. Modifications to the software, for example, usually prevent indemnification to the extent that the infringement is a result of those modifications and not based on the unmodified software received from the provider. However, in many instances, vendors rely heavily on talking the customer through various issues via phone or via e-mail and they provide a variety of bug fixes in numerous ways. It is advisable to change any language limiting liability as a result of modifications made by licensee to read “modifications made by customer unless authorized by provider.” This allows for the ability of the customer to make changes to the software at the vendor’s direction but not remove the vendor’s liability for the changes that are made.
In some cases, vendors are concerned that even this language is not enough protection as the customer might not follow the directions/instructions provided by the vendor. If that is the case, language such as “modifications made by customer unless authorized in writing by vendor and such modifications explicitly conform to the changes contained in the written authorization” can be used. The net result is that the customer should not be harmed as a result of following the directions of the provider with respect to their software.
Recently, I’ve seen some significant push-back on the limitations section – a desire to avoid the exclusions and reductions in the financial amount, as well. I’m pushing back and I continue to use one of my favorite bad-cop/jerk phrases when discussing what will happen if the vendor breaches confidentiality (“I want to own your company.”). What’s happening in your deals?