Indemnification Clause

TL;DR: An indemnification clause requires one party (the indemnitor) to compensate the other party (the indemnitee) for specified losses, damages, or liabilities arising from the indemnitor's actions, omissions, or breach of the contract. It shifts the economic burden of certain risks from one party to the other. Key variables include the scope of covered claims (first-party vs. third-party), the types of losses indemnified, caps and baskets, control of defense provisions, notice requirements, and the interaction with limitation of liability and insurance provisions.

What Is an Indemnification Clause?

An indemnification clause is a contractual risk-allocation mechanism in which one party agrees to hold the other harmless from specified losses. At its core, it answers the question: when something goes wrong, who pays? The indemnitor promises to compensate the indemnitee for defined categories of loss, which may include damages awarded to third parties, settlement costs, attorneys' fees, regulatory fines, and the indemnitee's own direct losses.

Indemnification provisions come in two primary forms. Third-party indemnification covers losses arising from claims brought by someone outside the contract. For example, a software vendor might indemnify its customer against claims that the software infringes a third party's patents. First-party (or direct) indemnification covers losses the indemnitee suffers directly, without a third-party claim. For example, a data processor might indemnify the data controller for costs incurred to remediate a data breach caused by the processor's negligence.

The clause works alongside, but is distinct from, the limitation of liability. The limitation of liability caps total exposure. Indemnification defines who bears specific categories of loss within (or sometimes outside) that cap. In many contracts, indemnification obligations for IP infringement and confidentiality breaches are carved out of the general liability cap, reflecting the parties' assessment that these risks should not be subject to the same financial ceiling as routine performance failures.

Related terms include "hold harmless," "defend and indemnify," "save harmless," and "make whole." Courts in some jurisdictions distinguish between "indemnify" (reimburse after loss) and "hold harmless" (protect against loss in the first instance), though in commercial practice the terms are generally used interchangeably.

Why It Matters

Indemnification clauses determine who bears the financial burden of the most significant risks in a commercial relationship. They are among the most heavily negotiated provisions in any contract.

• Risk transfer: A well-drafted indemnity shifts specific, identifiable risks to the party best positioned to control or insure against them. A vendor who controls the development process should bear the risk of IP infringement. A customer who controls the use environment should bear the risk of misuse. Indemnification aligns financial exposure with operational control.
• Third-party claim defense: When a third party sues, the indemnification clause determines who controls the defense, who selects counsel, who approves settlements, and who pays. In IP infringement disputes, defense costs alone can exceed $2M in patent litigation (AIPLA Economic Survey, 2023). The indemnity structure determines whether those costs fall on the vendor or the customer.
• Insurance alignment: Indemnification obligations must align with available insurance coverage. A vendor who agrees to indemnify a customer for unlimited consequential damages but carries only $5M in professional liability insurance has made a promise it cannot economically keep. The indemnification scope should reflect the parties' insurance programs.

Key Elements of a Well-Drafted Indemnification Clause

1. Scope of covered claims: Define precisely which claims trigger the indemnification obligation. Common categories include: IP infringement (patent, copyright, trademark, trade secret), breach of confidentiality, data breach and privacy violations, personal injury or property damage, breach of representations and warranties, and violation of applicable law. The more specific the list, the less room for dispute.
2. Covered losses: Specify the types of losses that are indemnified: judgments, settlements, attorneys' fees, court costs, expert fees, regulatory fines, and remediation costs. Consider whether lost profits, business interruption, and reputational harm are included or excluded.
3. Duty to defend vs. duty to indemnify: Distinguish between the obligation to pay for losses after they occur (indemnify) and the obligation to actively defend against third-party claims (defend). A "duty to defend" requires the indemnitor to retain counsel, manage the litigation, and bear defense costs as they are incurred. A "duty to indemnify" only requires reimbursement after the loss is determined. The duty to defend is broader and more protective of the indemnitee.
4. Notice requirements: Require the indemnitee to provide prompt written notice of any claim for which it seeks indemnification. Specify whether failure to provide timely notice bars the indemnity claim entirely or merely reduces the indemnitor's obligation to the extent it was prejudiced by the delay.
5. Control of defense: Specify who controls the defense of third-party claims: the indemnitor (who is paying), the indemnitee (whose business is at stake), or a cooperative arrangement. Common structures give the indemnitor control of defense with the indemnitee's right to participate at its own expense and approve settlements that impose non-monetary obligations or admit liability.
6. Settlement authority: Address who may approve settlement of indemnified claims. The indemnitor typically wants sole settlement authority (since it is paying). The indemnitee wants approval rights to prevent settlements that harm its business, admit fault, or impose injunctive restrictions. Market standard gives the indemnitor settlement authority with the indemnitee's consent for settlements involving non-monetary terms.
7. Caps, baskets, and thresholds: In M&A agreements, indemnification is typically subject to a basket (minimum threshold before claims are payable), a cap (maximum aggregate liability), and a survival period (time limit for bringing claims). In technology contracts, IP indemnification is frequently uncapped or subject to a separate, higher cap than the general limitation of liability.
8. Exclusions and carve-outs: Specify circumstances that negate the indemnification obligation. Common exclusions: losses caused by the indemnitee's own negligence, modifications made by the indemnitee to the indemnitor's product, use outside the scope of the license, and failure to implement recommended updates or patches.

Market Position & Benchmarks

Where Does Your Clause Fall?

• Indemnitor-Favorable: Indemnity limited to third-party IP infringement claims only, capped at 12 months of fees, indemnitor controls defense and settlement with no indemnitee consent required, 30-day notice period with failure to notify as a complete bar, no duty to defend (reimburse only), broad exclusions for modifications and misuse.
• Market Standard: Mutual indemnification: vendor indemnifies for IP infringement, data breach, and breach of reps; customer indemnifies for misuse, customer data, and customer's own IP infringement. IP indemnity uncapped or capped at 2x annual fees. Duty to defend and indemnify. Indemnitor controls defense; indemnitee approves non-monetary settlements. Prompt notice required; late notice reduces but does not eliminate obligation. 24-month survival period.
• Indemnitee-Favorable: Broad indemnification covering all losses arising from the indemnitor's performance or breach, uncapped, duty to defend and indemnify, indemnitee may participate in defense at indemnitor's expense, indemnitee retains settlement approval for all terms, failure to provide notice does not affect obligation, perpetual survival.

Market Data

• Approximately 92% of enterprise technology contracts include IP indemnification from the vendor (SaaStr Benchmark Report, 2024).
• Mutual indemnification provisions appear in approximately 75% of negotiated SaaS and services agreements (IACCM, 2023).
• IP indemnification is uncapped in approximately 40% of enterprise software deals and subject to a separate, higher cap (typically 2-3x annual fees) in another 35%.
• The average cost to defend a patent infringement case through trial is $2.5M-$5M (AIPLA Economic Survey, 2023).
• Data breach indemnification provisions appear in approximately 80% of SaaS agreements following the expansion of privacy regulations (DLA Piper Data Protection Survey, 2024).
• In M&A transactions, the median indemnification cap is 10-15% of enterprise value, with a median basket (deductible) of 0.5-1% (ABA Deal Points Study, 2024).

Sample Language by Position

Indemnitor-Favorable: "Vendor shall indemnify Customer against third-party claims alleging that the Software, as delivered by Vendor and used in accordance with the Documentation, infringes a valid United States patent or copyright. Vendor's aggregate liability under this Section shall not exceed the fees paid by Customer in the twelve (12) months preceding the claim. Vendor shall have no obligation under this Section to the extent the infringement arises from: (a) modifications not made by Vendor; (b) combination with non-Vendor products; or (c) Customer's failure to use the most current version of the Software."

Market Standard: "Vendor shall defend, indemnify, and hold harmless Customer and its officers, directors, and employees from and against any third-party claim alleging that the Service infringes any intellectual property right, and shall pay all damages finally awarded or amounts agreed in settlement. Customer shall defend, indemnify, and hold harmless Vendor from any third-party claim arising from Customer Data or Customer's use of the Service in violation of this Agreement. The indemnifying party shall control the defense and may settle any claim, provided that no settlement imposing liability or obligations on the indemnified party may be made without the indemnified party's prior written consent."

Indemnitee-Favorable: "Vendor shall defend, indemnify, and hold harmless Customer, its affiliates, and their respective officers, directors, employees, agents, successors, and assigns from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising from or related to: (a) any breach of this Agreement by Vendor; (b) Vendor's negligence or willful misconduct; (c) infringement of any intellectual property right; (d) any violation of applicable law by Vendor; and (e) any data breach or security incident affecting Customer Data. This indemnification obligation is not subject to any limitation of liability set forth elsewhere in this Agreement."

Example Clause Language

These examples show indemnification provisions in different contract contexts.

SaaS Agreement (IP Indemnity): "Vendor shall, at its expense, defend any action brought against Customer to the extent based on a claim that the Service as provided by Vendor infringes any patent, copyright, or trade secret of a third party, and Vendor shall pay any costs, damages, and reasonable attorneys' fees finally awarded against Customer or agreed to in settlement by Vendor. If the Service is held to infringe, Vendor shall, at its option and expense: (i) obtain the right for Customer to continue using the Service; (ii) modify the Service to be non-infringing; or (iii) if neither (i) nor (ii) is commercially practicable, terminate the affected Service and refund prepaid fees for the unused portion of the Subscription Term."

Professional Services Agreement: "Consultant shall indemnify and hold harmless Client from any third-party claims, damages, and expenses (including reasonable legal fees) arising from: (a) Consultant's gross negligence or willful misconduct in performing the Services; (b) Consultant's breach of the confidentiality obligations in Section 7; or (c) any claim that Deliverables created by Consultant infringe the intellectual property rights of a third party. Client shall indemnify Consultant from any third-party claims arising from Client's use of Deliverables in a manner not contemplated by this Agreement."

M&A Purchase Agreement: "Seller shall indemnify Buyer for Losses arising from: (a) any breach of any representation or warranty of Seller in Article III; (b) any breach of any covenant of Seller; and (c) any Excluded Liabilities. Seller's indemnification obligation shall be subject to: (i) a deductible of $500,000 (the 'Basket'), after which Seller shall be liable for all Losses from the first dollar; (ii) a cap of $15,000,000 (the 'Cap'), except that the Cap shall not apply to Losses arising from fraud, willful misconduct, or breach of Fundamental Representations; and (iii) a survival period of eighteen (18) months from the Closing Date, except that Fundamental Representations shall survive for thirty-six (36) months."

Common Contract Types

• Technology and SaaS agreements: IP indemnification from the vendor is near-universal. Data breach indemnification is increasingly standard. Mutual indemnification structures are the norm.
• M&A purchase agreements: Extensive indemnification provisions with baskets, caps, escrows, and survival periods governing post-closing liability for breaches of representations and warranties.
• Professional services and consulting: Indemnification typically covers negligence, IP infringement in deliverables, and confidentiality breaches. Scope is more limited than in technology agreements.
• Construction contracts: Broad indemnification for personal injury, property damage, and third-party claims arising from the contractor's work. Anti-indemnity statutes in many states limit the scope of construction indemnities.
• Commercial leases: Tenant indemnifies landlord for claims arising from tenant's use of the premises. Landlord may indemnify tenant for claims arising from common area maintenance.
• Distribution and supply agreements: Product liability indemnification from the manufacturer to the distributor for defective products. Distributor may indemnify manufacturer for claims arising from distributor's marketing and sales activities.

Negotiation Playbook

Key Drafting Notes

• Always specify whether the indemnification includes a duty to defend, not just a duty to reimburse. The practical difference is enormous: a duty to defend requires the indemnitor to pay legal costs as they are incurred, while a duty to indemnify only requires payment after the loss is finalized. For the indemnitee, the duty to defend is far more valuable.
• Carve IP and data breach indemnification out of the general liability cap. These are typically the highest-exposure risk categories and the most important to the indemnitee. Subjecting them to a cap of 12 months of fees may leave the indemnitee with inadequate protection for a catastrophic IP or data breach claim.
• Require the indemnitor to maintain adequate insurance coverage. Tie the indemnification obligation to a minimum insurance requirement (e.g., $5M in professional liability, $5M in cyber liability). An indemnification promise is only as good as the indemnitor's ability to pay.
• Include IP mitigation remedies. If the vendor's product is found to infringe, the vendor should have the option to obtain a license, modify the product, or replace it before the customer can claim damages. This gives the vendor a path to cure before the indemnity obligation converts to a cash payment.
• Address the interplay between indemnification and the waiver of subrogation in insurance provisions. If both parties carry insurance and waive subrogation rights, the indemnification clause may be partially or fully superseded by the insurance arrangement. Coordinate the two provisions.

Common Pitfalls

• Agreeing to indemnify "against any and all claims arising from the agreement" without limitation. This is effectively an unlimited guarantee of the other party's performance and eliminates any practical effect of the limitation of liability clause. Scope the indemnification to specific, defined risk categories.
• Failing to specify a notice period and its consequences. Without a notice requirement, the indemnitee could incur substantial defense costs before the indemnitor even knows about the claim. Without specifying the consequence of late notice (reduction vs. bar), courts will apply varying default rules.
• Ignoring anti-indemnity statutes. Multiple U.S. states have statutes that void indemnification clauses in construction contracts that require one party to indemnify another for the indemnitee's own negligence. Similar restrictions exist in oil and gas contracts in several states. Draft with the applicable statute in mind.
• Confusing indemnification with limitation of liability. These are complementary but distinct provisions. The indemnification defines who bears specific losses. The limitation caps total exposure. A poorly drafted interaction between the two can result in an indemnification obligation that exceeds the liability cap, creating an unintended carve-out.

Jurisdiction Notes

United States: Indemnification clauses are generally enforceable as written between commercial parties. However, multiple states have anti-indemnity statutes that void broad indemnification clauses in specific contexts, particularly construction (New York General Obligations Law Section 5-322.1, California Civil Code Section 2782) and oil and gas (Texas, Louisiana). Courts distinguish between "broad form" indemnity (covering the indemnitee's own negligence), "intermediate form" (covering the indemnitee's negligence only to the extent of the indemnitor's concurrent fault), and "limited form" (covering only the indemnitor's own negligence). Many states require express, unambiguous language to enforce broad form indemnity.

United Kingdom: English law enforces indemnification clauses as contractual obligations. The distinction between an indemnity (a primary obligation to pay) and damages (a secondary obligation arising from breach) has practical significance: an indemnity claim may not require proof of breach, the measure of recovery may differ, and limitation periods may be longer. The Unfair Contract Terms Act 1977 subjects indemnity clauses in standard form contracts to a reasonableness test. In negotiated commercial contracts between businesses of comparable sophistication, indemnification clauses are enforced as drafted.

India: Indian courts recognize and enforce indemnification clauses under Sections 124-125 of the Indian Contract Act, 1872. Section 124 defines a contract of indemnity as one where a party promises to save the other from loss caused by the promisor's conduct or the conduct of any other person. Indian courts have interpreted this broadly to cover losses caused by third-party claims, not just the promisor's own actions. However, Indian law generally does not permit indemnification for losses arising from the indemnitee's own fraud or willful misconduct. Stamp duty implications should be considered, as indemnification clauses may trigger stamp duty obligations in certain states.

Related Clauses

• Limitation of Liability: Caps the total financial exposure under the contract, working alongside indemnification to define the overall risk framework.
• Reps & Warranties: Breach of representations and warranties is one of the most common triggers for indemnification claims, particularly in M&A transactions.
• Disclaimer Clause: Disclaimers eliminate certain warranty claims at the threshold, while indemnification addresses losses from claims that survive the disclaimer.
• Subrogation Clause: Governs insurance carrier rights that may interact with contractual indemnification obligations.
• Survival Clause: Determines how long after contract termination an indemnification claim can be brought, a critical variable in M&A and technology agreements.

This content is for informational purposes only and does not constitute legal advice. Market data represents general trends and may vary by industry, jurisdiction, and deal size. Consult qualified legal counsel for specific contract matters.