Part 2 - Liability and Risk – key concepts and protections for the new normal
This is the second part in the series designed as a starting point for an audit, or set of questions you could be asking yourself as the world starts to turn again, around key legal issues that may have changed, what industry standards may now look like, and to check that you understand the related risks and opportunities.
- Have you properly limited the warranties you are giving in relation to your Service?
- Customer content or data on your platform, and getting the right warranties from the customer to manage your risk.
- What is an indemnity and how do they relate to other contractual remedies and liability?
- Have you limited your liability properly?What are indirect and consequential losses anyway??
1. Have you properly limited the warranties you are giving in relation to your Service?
Warranties are promises that something is correct or a state of affairs is true. In tech platform or services agreements these warranties are generally around IP in the platform or IP that is created, and compliance with the “applicable law”, including Data Protection law (data protection will be dealt with in a later instalment).
Are full IP warranties necessary?
Generally a supplier should be able to give a full warranty that the IP it creates, supplies or uses belongs to it and will not infringe any third party rights. But often it is possible and advisable to add a caveat that the IP is non infringing “to the best of the Supplier’s knowledge”. This this is still a strong warranty, but is not absolute, so relieves the supplier of liability for things it just could not have reasonably known about. Often carve outs like this are useful in relation to use of potentially patented technology, or overlap with third party trade marks.
Avoid overpromising full compliance with “all applicable laws”
In relation to compliance with the law, it is impossible to know what the law is in every territory in the world. So the question should be asked, is it appropriate or overly risky to make that promise, and how to reasonably limit it? This obviously comes even more into focus if your service relates to a heavily regulated industry like finance or healthcare.
But it is significant even if the platform or services are generic, as the customer may be operating and using your services in a heavily regulated industry. There is a big risk in promising legal compliance in this situation. Well written Terms of Business can reverse the obligation back onto the customer to promise that they will tell the supplier of relevant rules and regulations, or otherwise the ToB should ensure that issues arising due to those industry specific regulations are carved out from the supplier’s responsibilities.
2. Customer content or data on your platform, and getting the right warranties from the customer to manage your risk.
You should ensure that your ToB provide for some standard mutuality to protect you as operator of the platform or service provider handling the customer’s data or content. So, you need to consider if you have the correct warranties (promises) and protections from your customers about the data and content that they are putting through your platform.
As standard you should have a warranty from customers that they have the right to use the data / content, and therefore permit you to handle it; and this should be broad enough to cover responsibility if you received a third party claim for dealing with infringing data or content the customer has supplied or used on your platform. This links directly the issues around the relevant indemnities you have from them also.
3. What is an indemnity and how do they relate to other contractual remedies and liability?
Generally if there is a breach of contract one party can sue the other for losses or “damages”. Indemnities add a higher level of protection and remedy, and therefore give better recovery for financial amounts than pure damages.
Take care when giving an indemnity
Often in contracts the key risks and warranties, especially related to third party claims, are protected by these indemnities. However there is all too often a lack of clarity about how the indemnities work, and suppliers often get unnecessary requests from customers for too much indemnity cover. Are you sure you know-how your indemnities work, whether you are over exposing yourself through them. Often it is perfectly reasonable to validly push back on those customer requests.
This comes into focus again with US customers as they are more used to having all obligations and breaches indemnified, rather than just the key risks and warranties. This is due to some fundamental differences in the legal systems in the UK and US, which if you are operating under English law may need to be explained to the customer to properly balance liabilities and reduce your risks.
Warranties and indemnities are nuanced legal concepts and need to be drafted with care in the context of legal precedent and the practicalities of the services and contractual arrangements.
4. Have you limited your liability properly? What are indirect and consequential losses anyway??
Most contracts will try and carve out or cap certain types of liability to protect the respective parties. But what is reasonable? A lot of customers will ask for uncapped liability from the supplier for IP issues, Confidentiality and Data Protection. But Suppliers should think very clearly about what level of risk it wants to take on in this regard, relative to the type of service and value of the contract. It is perfectly reasonable and industry acceptable, for example, to limit Data Protection liability in the context of GDPR.
Should I give an uncapped IP indemnity?
But what about IP and other risks/liabilities? Not all customers will accept any sharing of the risk on IP, so you need to be ready to assess the real risk to you in the context of the likelihood of an issue arising and the consequences if it does. This is not an easy task, but there are some relatively established thought processes and risk assessment models that can be used to balance risk against the value of the contract.
You will also need to consider this liability and risk issue in the context of your insurance cover – both the categories of insurance and financial limits.
How to carve out indirect losses
Indirect and consequential losses are significant concepts as they can mount up exponentially and unintentionally. They can usually be carved out although the clauses do need to be drafted carefully as English law is very specific on the wording. However, again customers often try and make indirect and consequential loss apply (by removing the carve out) more broadly than is reasonable, and in particular to apply to certain types of loss like IP and Confidentiality. Make sure you know what the industry norms are for this and what you can validly push back on to protect yourself.