Monday, November 15, 2010


(First, two words of disclaimer: IANAL—TINLA. Seriously.)

If you are selling software, your customers might occasionally ask you if you provide indemnification. In a nutshell, your customers are looking to be protected in case your software infringes on a third-party intellectual property, such as a patent or copyrighted code, and as a consequence your customers gets sued by this third party. By agreeing to provide indemnification coverage to your customers, you are telling them that if this were to happen, you would:

  1. Defend them in court, and pay for legal fees — hiring the legal team or covering legal cost.
  2. Repair or replace your product — changing your software as necessary, so it doesn't infringe anymore on any third-party intellectual property. Depending on how your indemnification clause is written, this may mean removing, instead of replacing, the infringing functionality.
  3. Pay for damages and settlement fees — those being damages you occasioned to your customers and settlement fees your customers might have to pay to a third-party as a result of you infringing on that third-party intellectual property.

Indemnification clauses often include limitations:

  1. In scope — Each one of the above points (especially number 2 and 3) may or may not be included; if it is included, coverage is often limited.
  2. In dollar amount — A cap is often set to the value of the contract. For instance, for non volume licensing contracts, Microsoft used to have a cap on damages and settlement fees. Microsoft later changed this policy to remove the cap for legal defense (point 1 above), but they are still keeping a cap for damages and settlement fees (point 3 above). Similarly, Red Hat's indemnification caps their liability to the total fees paid by their client during the previous year.
  3. In time — For instance, as mentioned earlier, Microsoft still has a cap a on how much they will pay for damages and settlement fees. That cap is set to the amount paid to them by their customer during the prior one or two years, depending on the cases. Similarly, and as mentioned earlier, Red Hat's total cumulative liability is capped to the total amount in payments made by their customer during the previous year.