“Indemnity” sounds like a loyalty programme. It isn’t. An indemnity is a contractual promise to make someone whole if a specified bad thing happens to them. If you indemnify your counterparty against a class of claim, you’re saying: if a third party sues them about that thing, you’ll pay the legal fees, the settlement, and the damages. You become their insurance.
That promise has three moving parts. Most negotiation about indemnity is really about these three parts.
The three parts of every indemnity
1. The trigger
What kind of claim activates the indemnity? Common triggers:
- IP infringement — someone sues claiming the product violates their patent or copyright.
- Breach of confidentiality — a leak that causes loss to the disclosing party.
- Data breach — a security incident that exposes personal data.
- Personal injury or property damage — usually relevant in services / on-site work.
- Wilful misconduct — claims arising from intentional bad acts.
Read the trigger language carefully. “Any third-party claim arising out of or relating to the Services” is much broader than “Any third-party claim that the Services infringe a registered patent.” The first wording catches everything; the second is precise.
2. The cap
How much can you be on the hook for? Indemnities are usually subject to a separate limitation of liability clause, but they’re also the most common carve-outfrom that cap. In other words: the contract says “our total liability is capped at 12 months of fees, except for indemnification, which is uncapped.”
Whether your indemnity should be capped depends on the trigger. IP indemnification is often left uncapped because it’s existential to the licensee. Indemnification for breach of confidentiality or data breach is usually capped, often at a multiple of the liability cap.
3. Who controls the defence
If a claim hits, who runs the lawsuit? The indemnifier (the party paying) usually wants control because they’re writing the cheque. The indemnified party (the party being defended) usually wants approval rights because the defence affects their reputation.
Standard middle ground: the indemnifying party controls defence; the indemnified party gets the right to participate at its own expense; settlement requires the indemnified party’s prior written consent (not to be unreasonably withheld) if it admits liability or contains non-monetary obligations.
Mutual vs. one-sided indemnities
A common pattern in vendor-paper contracts: the customer indemnifies the vendor against misuse, breach, and basically anything that happens during the customer’s use of the product, but the vendor doesn’t indemnify the customer for anything material.
That asymmetry is rarely justified. The vendor is in the best position to control product risk (defects, IP issues, security flaws). The customer is in the best position to control usage risk (misuse, regulatory compliance in their domain). A clean indemnity clause is mutual, with each party indemnifying the other for risks within its control.
Push for mutuality. If the vendor refuses, ask why their product creates so little risk that they won’t stand behind it.
Procedural protections worth keeping
Whichever side of the indemnity you’re on, the procedural clause matters as much as the substantive one. Three things worth ensuring:
- Prompt notice. The indemnified party must notify the indemnifier of any claim promptly. Usually phrased as “within ten (10) business days of becoming aware,” with a carve-out that failure to give notice doesn’t void the indemnity unless it actually prejudiced the defence.
- Cooperation. The indemnified party agrees to cooperate reasonably with the defence — providing documents, access to witnesses, etc.
- No prejudicial settlement. The indemnifier can’t settle a claim in a way that admits the indemnified party’s wrongdoing without consent.
The clauses you should never indemnify against
Reasonable indemnities cover specific, predictable risks. Unreasonable indemnities try to convert your contract into open-ended insurance. Refuse to indemnify:
- The other party’s gross negligence or wilful misconduct.
- Claims arising from the other party’s breach of the contract.
- “Any and all losses” without a meaningful trigger — that’s a blank cheque.
- Lost profits or consequential damages on third-party claims (this should be excluded by the limitation of liability anyway, but make sure the indemnity doesn’t carve it back in).
If you remember one thing
An indemnity transfers risk from one party to the other for a specific category of bad outcome. The right question isn’t “will I sign this?” — it’s “am I in the best position to control this risk, and is it priced into the deal?”
If yes to both, sign it. If no, push back. If the answer is unclear, you’re probably being asked to take a risk you can’t price.