Indemnities in IT Contracts - What is the "standard" position?

Imagine the scene in one of the deals I was doing recently. It was a long negotiation on an IT deal which was nearing its conclusion and I was acting for the IT customer. One of the last issues to be finalised on the deal was the issue of indemnities…

The usual debates played themselves out regarding the IT customer asking to be indemnified for a whole range of issues, in the knowledge that during negotiations it would probably have to accept that these would be whittled down to just a few indemnities (i.e. starting high but with a strategy of being prepared to accept something lower).  The IT supplier refused to give any indemnities “on principle” (i.e. starting low but being prepared to be pushed higher). So, after this apparent stalemate, the traditional legal and commercial debates regarding indemnities began and the parties eventually agreed to a relatively “standard” position on indemnities.

So, what is this relatively “standard” position” ? It’s important to have a general idea of what this looks like so that at least you know what you are aiming to achieve in negotiations.

To understand this issue, it’s important to understand what an indemnity is. Generally when an IT supplier indemnifies you for an event then if that event occurs the IT supplier will reimburse you for your losses regarding that event without any real obligation on you, as the IT Customer, to mitigate your losses. I remember one lawyer referring to it as “a blank cheque” and although this is a bit of a sound bite it tends to capture the essence of what an indemnity is about although I appreciate that this doesn’t really give you the whole story.

Because an indemnity has this onerous nature, it should only be used in contracts where it is for very specific events that might happen, where those events are so serious that the party not at fault should be indemnified for that event.

Going back to the relatively “standard position” on indemnities, the indemnities that were included were: 

1. An IP indemnity – In general, if the IT Customer was sued or incurred losses for using IP that the IT Supplier had provided to the IT Customer then the IT Supplier would indemnify the IT Customer for losses suffered or incurred by the IT Customer as a result of this;

2. Confidentiality – each party indemnified the other party for any breaches of the confidentiality provisions of the agreement;

3. Data Protection – an indemnity was incorporated so that each party would indemnify the other party for any breaches by it of data protection law.

However, these indemnities were subject to caveats such that the party claiming on the indemnity had to:

1. notify the other party promptly of any claim on any indemnity;

2. not make any admissions regarding the indemnity to any third party;

3. provide reasonable co-operation to the indemnifying party in respect of the indemnity:

4. allow the indemnifying party to have control of any proceedings or actions regarding the indemnity if any third parties were involved in respect of the indemnity – i.e. if any third parties were suing the IT Customer and the IT Customer was, in turn, looking to claim any of its losses from the IT Supplier under the indemnity given by the IT Supplier;

5. mitigate its losses

What was not included in the contract was:

1. An indemnity given by the IT Supplier for any breaches or alleged breaches of any of the terms and conditions of the contract by the IT Supplier (i.e. the IT Supplier was not going to provide an indemnity to the IT Customer for every clause of the contract)

2. A cap on the indemnity (i.e. the indemnity was unlimited)

There are a number of interesting cases on the subject of indemnities and these are interesting to read if you are involved in negotiating indemnities in contracts.

Codemasters Software Co Ltd (Codemasters) v Automobile Club de l’Ouest (Automobile) Chancery Division (Patents Court)  25 November 2009 .

Automobile had a licence agreement with Codemasters. Part of this licence agreement warranted that use by Codemasters of car manufacturers’ names would not infringe any IP rights. However, when Codemasters incorporated certain materials into its computer game, car manufacturers claimed that Automobile did not have the rights to grant such licences. Codemasters sought to rely on an indemnity in the licence agreement. The Court held that there are good reasons why parties agree to indemnities against third party infringement claims: generally the licensor of intellectual property rights is in a better position to ascertain whether the exploitation will infringe third party IP rights and so the Court ruled in favour of Codemasters.

Another interesting case is Rust Consulting v PB Limited regarding enforcement of indemnities.

I think that key issues regarding the indemnity position are:

  • understanding what indemnities stand for in IT contracts
  • understanding what the relatively “standard position” might be regarding indemnities in IT contracts
  • keeping up to date with case law on indemnities

Next week I’ll look at interesting clauses that you, as an IT Customer, can add to contracts in order to make the IT contract more favourable for you.


Data Center
Data Management