What’s Market? Vendor’s Indemnification Obligations

The What’s Market series by TermScout provides a deeper understanding of contract terms and provides data regarding how these terms are approached throughout vendor, customer and negotiated contract forms. All data is gathered by TermScout, which uses AI assisted by contract professionals to accurately review and rate contracts.

Today’s article delves into vendor indemnification obligations by asking: how common are vendor indemnification obligations within IT, SaaS, and PaaS contracts?

Indemnification Obligations

Vendor indemnification obligations are one of the most negotiated terms in contracting, and play a huge role in the contracting process, particularly when there is substantial risk involved for the customer. Black’s Law Dictionary states that to indemnify is “To save harmless; to secure against loss or damage; to give a security for the reimbursement of a person in case of an anticipated loss falling upon him. Also, to make good; to compensate; to make reimbursement to one of a loss already incurred by him.” In short, vendor indemnification protects the indemnified party against claims for damages. The most common indemnification provision protects the indemnified party against claims brought by third parties. 

Vendor’s indemnity obligations provide vital protection for customers against harms not caused by the customer. When a vendor promises to provide a certain specific service/good, the service will contain predetermined functions, responsibilities and tasks. It is important that these functions, responsibilities and tasks are clearly defined and do not put the customer at risk of claims by third parties. 

Let’s say, for example, a vendor is providing services to the customer, when it is discovered that the services are infringing on an intellectual property (“IP”) right of a third party. As a result, the customer is sued by that third party, who claims that the solution the customer is using infringes on their IP. Fortunately for the customer, the contract they have with the vendor has a clause indicating that the vendor will indemnify the customer for any claim of third party IP infringement. As a result, the customer is protected against losses incurred as a result of the claim by the third party.

As described in the above example, the vendor is on the hook for any losses they may incur as a result of the claim by the third party. However, there are nuances to this deal. In the above example, the vendor is only obligated to indemnify the customer, not defend them. As such, the customer is still responsible for defending the claim, and once a judgment is reached, the customer may then approach the vendor to recoup any losses. If the vendor had instead agreed to not only indemnify, but also defend the customer, then the responsibility of defending the suit, and bearing the costs, shifts from the customer to the vendor. It is important to understand these distinctions during a contract negotiation, as they determine the responsibilities of the parties.

Vendor v. Customer v. Negotiated Contracts

If vendor indemnification is crucial, does it appear in contracts at a proportionally high rate? We reviewed 572 vendor forms, 100 customer forms, and 79 negotiated contracts in order to provide the most comprehensive overview of the answer to this question.

The data we’ve gathered reinforces some conventional wisdom surrounding indemnification obligations, but also explores the dichotomy between customers and vendors, and how they compromise throughout negotiations.

What Vendors Offer (577 vendor forms)

As seen in the above graph, vendors are about evenly distributed when it comes to indemnification, with a little over half including vendor indemnification within their base terms. However, the data gathered from customer forms tells a different story.

What Customers Offer (100 customer forms)

A whopping 99% of customer forms include language in regard to vendor indemnification, showing that this issue is overwhelmingly important to the customer. While it makes sense that the indemnifying party is less likely to include such language in their terms, there is nonetheless a massive gap between the terms vendors find acceptable, and those customers want. So naturally, when the two negotiate, they are bound to meet somewhere in the middle, right?

What Happens When Parties Negotiate (79 negotiated contracts)

Wrong. When looking at the above data, you’d be forgiven for thinking it’s a mistake and that the data from the customer forms was entered twice. The above data has been gathered from 79 separate negotiated contracts, and tells a clear story: when negotiations occur, vendors wind up with indemnification obligations. What’s most curious about this data though, is how closely it matches that of the data gathered from customer forms. This begs the question: if this clause is a virtual lock to end up in the final executed agreement, why is it still being negotiated?

For what do Vendors Indemnify?

The above chart is the aggregated data of vendor, customer and negotiated contracts, showing the most common indemnification provisions. We see that the top three singular issues that are indemnified are death or personal Injury, violation of laws and, by quite a large margin, third-party IP infringement. While “other” does place second, that category includes any issues not listed, and as such does not represent any singular one. Therefore, since it is a combination of issues, its rank is a misnomer. 

One noticeable result of the data is how much more prominent third-party indemnification is than all of the others, coming in at over 90% of contracts. This aligns with our previously stated data regarding the prevalence of vendor indemnification obligations in customer forms.

Representative Provisions

Examples of Companies where Vendor has Obligations

• Asana: 7.2, Subscriber Agreement
• AWS: 9.2(a), AWS Customer Agreement
• DataRobot: 15.1, Master Subscription Agreement
• Freshworks: 10a, Master Services Agreement
• VMware: 10.2.1, Terms of Service

Examples of Companies where Vendor does not have Obligations

• Beagle Security: Indemnification, Terms of Service
• Fleetsmith: 8.2, Terms of Service
• HITRUST: 9.1, Service Agreement
• LexisNexis: 4.5, Terms and Conditions
• Malwarebytes: 8, Malwarebytes Software License Agreement

Final Thoughts

Customers want vendors to indemnify them, and while vendors are split on whether to include such language in their base terms, they are more than willing to concede on vendor indemnification after negotiation. This overwhelmingly supports the idea that customers should seek to have vendor indemnification requirements in negotiated contracts. For vendors, on the other hand, it is clear that their customer base holds indemnification in high regard, and the 49% of vendors who elect not to indemnify could potentially expedite negotiation by giving a concession on vendor indemnification.

The What’s Market series will be published regularly, so keep an eye out for the next article, coming soon!