indemnification

TL;DR: An indemnification clause requires one party (the indemnitor) to compensate the other party (the indemnitee) for specified losses, damages, or liabilities arising from the indemnitor's actions, omissions, or breach of the contract. It shifts the economic burden of certain risks from one party to the other. Key variables include the scope of covered claims (first-party vs. third-party), the types of losses indemnified, caps and baskets, control of defense provisions, notice requirements, and the interaction with limitation of liability and insurance provisions.

What Is an Indemnification Clause?

An indemnification clause is a contractual risk-allocation mechanism in which one party agrees to hold the other harmless from specified losses. At its core, it answers the question: when something goes wrong, who pays? The indemnitor promises to compensate the indemnitee for defined categories of loss, which may include damages awarded to third parties, settlement costs, attorneys' fees, regulatory fines, and the indemnitee's own direct losses.

Indemnification provisions come in two primary forms. Third-party indemnification covers losses arising from claims brought by someone outside the contract. For example, a software vendor might indemnify its customer against claims that the software infringes a third party's patents. First-party (or direct) indemnification covers losses the indemnitee suffers directly, without a third-party claim. For example, a data processor might indemnify the data controller for costs incurred to remediate a data breach caused by the processor's negligence.

The clause works alongside, but is distinct from, the limitation of liability. The limitation of liability caps total exposure. Indemnification defines who bears specific categories of loss within (or sometimes outside) that cap. In many contracts, indemnification obligations for IP infringement and confidentiality breaches are carved out of the general liability cap, reflecting the parties' assessment that these risks should not be subject to the same financial ceiling as routine performance failures.

Related terms include "hold harmless," "defend and indemnify," "save harmless," and "make whole." Courts in some jurisdictions distinguish between "indemnify" (reimburse after loss) and "hold harmless" (protect against loss in the first instance), though in commercial practice the terms are generally used interchangeably.

Why It Matters

Indemnification clauses determine who bears the financial burden of the most significant risks in a commercial relationship. They are among the most heavily negotiated provisions in any contract.

• Risk transfer: A well-drafted indemnity shifts specific, identifiable risks to the party best positioned to control or insure against them. A vendor who controls the development process should bear the risk of IP infringement. A customer who controls the use environment should bear the risk of misuse. Indemnification aligns financial exposure with operational control.
• Third-party claim defense: When a third party sues, the indemnification clause determines who controls the defense, who selects counsel, who approves settlements, and who pays. In IP infringement disputes, defense costs alone can exceed $2M in patent litigation (AIPLA Economic Survey, 2023). The indemnity structure determines whether those costs fall on the vendor or the customer.
• Insurance alignment: Indemnification obligations must align with available insurance coverage. A vendor who agrees to indemnify a customer for unlimited consequential damages but carries only $5M in professional liability insurance has made a promise it cannot economically keep. The indemnification scope should reflect the parties' insurance programs.

Key Elements of a Well-Drafted Indemnification Clause

1. Scope of covered claims: Define precisely which claims trigger the indemnification obligation. Common categories include: IP infringement (patent, copyright, trademark, trade secret), breach of confidentiality, data breach and privacy violations, personal injury or property damage, breach of representations and warranties, and violation of applicable law. The more specific the list, the less room for dispute.
2. Covered losses: Specify the types of losses that are indemnified: judgments, settlements, attorneys' fees, court costs, expert fees, regulatory fines, and remediation costs. Consider whether lost profits, business interruption, and reputational harm are included or excluded.
3. Duty to defend vs. duty to indemnify: Distinguish between the obligation to pay for losses after they occur (indemnify) and the obligation to actively defend against third-party claims (defend). A "duty to defend" requires the indemnitor to retain counsel, manage the litigation, and bear defense costs as they are incurred. A "duty to indemnify" only requires reimbursement after the loss is determined. The duty to defend is broader and more protective of the indemnitee.
4. Notice requirements: Require the indemnitee to provide prompt written notice of any claim for which it seeks indemnification. Specify whether failure to provide timely notice bars the indemnity claim entirely or merely reduces the indemnitor's obligation to the extent it was prejudiced by the delay.
5. Control of defense: Specify who controls the defense of third-party claims: the indemnitor (who is paying), the indemnitee (whose business is at stake), or a cooperative arrangement. Common structures give the indemnitor control of defense with the indemnitee's right to participate at its own expense and approve settlements that impose non-monetary obligations or admit liability.
6. Settlement authority: Address who may approve settlement of indemnified claims. The indemnitor typically wants sole settlement authority (since it is paying). The indemnitee wants approval rights to prevent settlements that harm its business, admit fault, or impose injunctive restrictions. Market standard gives the indemnitor settlement authority with the indemnitee's consent for settlements involving non-monetary terms.
7. Caps, baskets, and thresholds: In M&A agreements, indemnification is typically subject to a basket (minimum threshold before claims are payable), a cap (maximum aggregate liability), and a survival period (time limit for bringing claims). In technology contracts, IP indemnification is frequently uncapped or subject to a separate, higher cap than the general limitation of liability.
8. Exclusions and carve-outs: Specify circumstances that negate the indemnification obligation. Common exclusions: losses caused by the indemnitee's own negligence, modifications made by the indemnitee to the indemnitor's product, use outside the scope of the license, and failure to implement recommended updates or patches.

Market Position & Benchmarks

Where Does Your Clause Fall?

• Indemnitor-Favorable: Indemnity limited to third-party IP infringement claims only, capped at 12 months of fees, indemnitor controls defense and settlement with no indemnitee consent required, 30-day notice period with failure to notify as a complete bar, no duty to defend (reimburse only), broad exclusions for modifications and misuse.
• Market Standard: Mutual indemnification: vendor indemnifies for IP infringement, data breach, and breach of reps; customer indemnifies for misuse, customer data, and customer's own IP infringement. IP indemnity uncapped or capped at 2x annual fees. Duty to defend and indemnify. Indemnitor controls defense; indemnitee approves non-monetary settlements. Prompt notice required; late notice reduces but does not eliminate obligation. 24-month survival period.
• Indemnitee-Favorable: Broad indemnification covering all losses arising from the indemnitor's performance or breach, uncapped, duty to defend and indemnify, indemnitee may participate in defense at indemnitor's expense, indemnitee retains settlement approval for all terms, failure to provide notice does not affect obligation, perpetual survival.

Market Data

• Approximately 92% of enterprise technology contracts include IP indemnification from the vendor (SaaStr Benchmark Report, 2024).
• Mutual indemnification provisions appear in approximately 75% of negotiated SaaS and services agreements (IACCM, 2023).
• IP indemnification is uncapped in approximately 40% of enterprise software deals and subject to a separate, higher cap (typically 2-3x annual fees) in another 35%.
• The average cost to defend a patent infringement case through trial is $2.5M-$5M (AIPLA Economic Survey, 2023).
• Data breach indemnification provisions appear in approximately 80% of SaaS agreements following the expansion of privacy regulations (DLA Piper Data Protection Survey, 2024).
• In M&A transactions, the median indemnification cap is 10-15% of enterprise value, with a median basket (deductible) of 0.5-1% (ABA Deal Points Study, 2024).

Related Clauses

• Limitation of Liability: Caps the total financial exposure under the contract, working alongside indemnification to define the overall risk framework.
• Reps & Warranties: Breach of representations and warranties is one of the most common triggers for indemnification claims, particularly in M&A transactions.
• Disclaimer Clause: Disclaimers eliminate certain warranty claims at the threshold, while indemnification addresses losses from claims that survive the disclaimer.
• Subrogation Clause: Governs insurance carrier rights that may interact with contractual indemnification obligations.
• Survival Clause: Determines how long after contract termination an indemnification claim can be brought, a critical variable in M&A and technology agreements.

This content is for informational purposes only and does not constitute legal advice. Market data represents general trends and may vary by industry, jurisdiction, and deal size. Consult qualified legal counsel for specific contract matters.