Limitations of liability come in many different shapes and sizes and they are present in a vast majority of vendor and other commercial agreements. These provisions operate to exclude certain types of damages and place a cap on allowable damages. It is essential for customers to recognize that limitations of liability have the potential to shift an enormous amount of risk to the customer.
So, when faced with a vendor who "requires" a limitation of liability, what can a customer do to reduce the impact of such a provision? During the negotiation process, a customer could employ several key techniques that can be thought of as the M-I-C-E methodology: (1) make the provision mutual, (2) have the damages cap apply to individual claims rather than aggregated claims, (3) extend the scope of the damages cap, and (4) exclude certain types of claims.
To illustrate these techniques, we can utilize the following boilerplate limitation of liability provision:
Vendor shall not be liable to Customer for any indirect, incidental, exemplary, punitive or consequential damages arising out of or related in any way to this Agreement, including, but not limited to, lost profits and other commercial losses, even if Vendor has been notified of the possibility of such damages. Under no circumstances shall Vendor's total liability for any and all claims in the aggregate exceed the total amount paid by Customer to Vendor for the affected products and/or support during the three (3) month period preceding the event giving rise to the initial claim.
Mutual: A standard provision from a vendor will undoubtedly only protect the vendor. It will not exclude any types of damages or provide a cap on damages for which the customer could be liable. Modifying the provision so it applies equally to both parties will provide some protection for the customer.
Individual: Depending on the language of the provision, the cap on damages could apply to each claim or the sum total of every claim. Our sample provision applies to the "total liability for any and all claims in the aggregate." Assuming the applicable cap was set at $100,000, the customer could not recover $60,000 for one claim and $60,000 for another claim -?the second claim would be capped at $40,000. If the provision were modified to apply to the total liability for each claim, then the customer could have fully recovered for each of the $60,000 claims.
Cap: Our sample provision is limited to (1) the total amount paid, (2) for affected products and/or services, (3) during a three month period. Assuming a very small amount was paid for a product that caused a massive amount of damages, this can be extremely limiting. The total amount paid should be broadened to include both the total amounts paid and the total amounts owing to encompass any outstanding amounts. Further, instead of limiting the amounts paid and owing to the affected items in a three month period, the provision could apply to the entire amounts paid and owing under the agreement. To further expand the scope, the provision could include a cap multiplier (e.g. "three (3) times the total amounts paid and owing").
Exclusions: One of the most effective methods to reduce the impact of a limitation of liability provision is to simply insert language carving out certain situations. Such situations normally include breaches of confidentiality and security, indemnification obligations, tortious conduct, property damage, and if applicable, breaches of a business associate agreement. If present in the agreement, indemnification obligations should be excluded because the parties are expressly agreeing to an allocation of risk, and an insufficient cap on these obligations defeats their purpose. An average breach involving protected health information (the subject matter of the business associate agreement) can equate to hundreds of dollars per compromised record and millions of dollars in the aggregate, most of which is indirect. Therefore, if the vendor will gain access to or use the customer's protected health information, the vendor's breach of the business associate agreement should also be excluded.
After employing the M-I-C-E methodology, a more palatable version of our sample limitation of liability provision may look like this (significant modifications have been underlined):
Neither party shall be liable to the other party for any indirect, incidental, exemplary, punitive or consequential damages arising out of or related in any way to this Agreement, including, but not limited to, lost profits and other commercial losses, even if the parties have been notified of the possibility of such damages. Under no circumstances shall a party’s total liability for any single claim exceed the total amounts paid and owing by Customer to Vendor under this Agreement. This provision shall not apply to (a) either party’s indemnification obligations under this Agreement, (b) a breach of either party’s confidentiality obligations under this Agreement, (c) either party’s tortuous conduct, or (d) a breach of Vendor’s obligations under the business associate agreement attached hereto as Exhibit [X].
Certainly, there are other techniques to reduce the impact of a limitation of liability provision, and a vendor or other commercial entity is unlikely to be amenable, at least initially, to all of the above modifications. Still, when a customer is faced with any type of limitation on liability - just as when a mouse is faced with a block of cheese, it would be disadvantageous to not attempt to tunnel some holes into it, and the M-I-C-E methodology is good place to start.