SaaS liability limitation clause: how to get the balance right
Cap, indirect damages, super-cap, gross negligence: how to draft and negotiate the liability limitation clause in a SaaS agreement.
In a SaaS agreement, the liability limitation clause governs the financial risks in the event of a dispute. Its purpose is clear: to protect the vendor against disproportionate claims while reassuring the customer about the remedies available. Poorly drafted, it can unbalance the agreement and become a source of litigation. Here is what both customers and vendors should watch for.
A liability limitation clause defines which types of damages are covered and which are excluded. It also sets the compensation cap. In a SaaS model, where infrastructure is shared across customers, this clause must account for the vendor’s global risk management. The customer should therefore seek adjustments that are reasonable in this context.
Most SaaS agreements exclude indirect or consequential damages. These typically include lost revenue, data loss and reputational harm. This exclusion limits the vendor’s financial exposure. Some agreements also exclude the pre-qualification of indirect damages, to prevent overly broad exclusions.
The vendor’s liability is typically capped. The cap usually corresponds to the fees paid by the customer over a defined period (three, six or twelve months) or to the annual contract value. A cap that is too low may make remedies meaningless for the customer, but it must also remain reasonable in light of the risks for both parties.
Certain events cannot be subject to a liability limitation as a matter of law. Intellectual property infringement, gross negligence and breaches of mandatory legal obligations fall outside the scope of the clause. Some agreements also include a super-cap for high-risk areas such as personal data protection, to ensure adequate coverage for sensitive exposures.
The customer’s primary objective is to ensure that the liability limitation clause does not exclude its main risks and provides a meaningful remedy in the event of loss.
A vendor may exclude too many categories of liability, making the agreement unbalanced. An overly broad exclusion of indirect damages is usually a strong indicator. Essential protections should remain in place, particularly regarding data breaches.
Checking whether the vendor holds professional liability insurance is essential. This ensures that the vendor can meet its indemnification obligations in the event of a claim.
A SaaS that handles sensitive data or financial transactions carries elevated risk. In such cases, an overly restrictive clause may be unacceptable, and a higher liability cap may need to be negotiated.
The vendor must strike a balance between risk limitation and the commercial attractiveness of its agreement. The objective is to minimise bespoke amendments in order to enable rapid contracting.
An overly protective clause may be deemed unfair and therefore unenforceable. Total exclusion of liability should be avoided, particularly in cases of gross negligence or breach of mandatory obligations. Accepting a super-cap for major risks such as personal data processing can reassure the customer.
A SaaS serving consumers and a SaaS serving businesses carry different risks and are subject to different rules. A consumer-facing agreement cannot include a liability limitation clause — it would be deemed unfair. A B2B agreement can provide stronger protection for the vendor.
Successful negotiation requires consideration of both parties’ interests. The key is to assess the actual risks of the agreement objectively and find a balance that is acceptable to all.
For the customer: request a cap aligned with actual risk, review the exclusions and seek to narrow them where they are too broad, and verify that the vendor holds appropriate insurance.
For the vendor: set a cap that protects without appearing disproportionate, adjust exclusions in line with legal and contractual obligations, and ensure the clause is drafted in a way that is enforceable.
For an overview of the key provisions in a SaaS agreement, see the SaaS contracting guide. For an analysis of the interaction between SLA penalties and liability, see the article on SLA penalties vs damages.
A well-drafted liability limitation clause prevents disputes and protects both parties. The customer must ensure it retains a meaningful remedy. The vendor must limit its exposure without creating an unenforceable provision. Getting this balance right is fundamental to a viable SaaS agreement. If you need to review your liability provisions, book a call.
The Data Act limits what SaaS vendors can charge when you switch providers. Permitted fees, prohibited charges, and the 2027 deadline explained.
Stuck in a SaaS contract your company no longer needs? The EU Data Act gives you a legal right to switch providers. Eligibility, process, and pitfalls.
Let's build together to grow your business
I have been supporting software and SaaS companies for over 10 years, helping them structure their business, protect their intellectual property and strengthen their contracts.
