Limitation of Liability Clause Playbook: How to Cap Your Business Risk
Limitation of Liability Clause Playbook
Purpose of Limitation of Liability Clause Playbook
A limitation of liability clause answers two critical questions:
What is the most I can be required to pay if something goes wrong?
What types of losses am I not responsible for?
Lawyers often spend significant time negotiating this clause as it can ultimately determine who bears the financial risk when a problem arises.
The Limitation of Liability playbook is designed to ensure you review, amend and mitigate your liability across all contracts consistently.
Who needs a Limitation of Liability playbook?
This Limitation of Liability Playbook is designed for entrepreneurs, startups, and professionals with no legal background providing an easy, step-by-step approach to cap your liability before signing a contract.
Why do I need a Limitation of Liability Clause playbook?
Limitation of liability playbook ensures that the liability your business undertakes is consistent across all agreements.
Key benefits of using a playbook for contracts:
Efficient Contract Review: efficient and consistent contract review by paralegals
Policy Alignment: liability your business undertakes is consistent with the policy across all contracts
Clear Communication: Makes it easier to explain to stakeholders and clients as to why certain provisions are non-negotiable.
Scalability: Provides a framework that grows with your business, preventing a "patchwork" of different liability levels across your client base
Do I need this Limitation of Liability clause playbook?I have a small business with few contracts every month.
Yes. In fact, early-stage businesses need a Limitation of Liability Clause Playbook more than anyone. It is a common mistake to wait until a business expands to prioritize contract risk management. By then, you may have already signed multiple contracts with no cap on liability that may expose you to unlimited risk. Starting with a playbook ensures you are protected from Day 1.
How to use this Limitation of Liability playbook?
You can use this playbook in 3 ways:
AI Contract Review: Use the playbook as a reference guide for AI contract review tools to automatically flag and edit unfavorable clauses.
Playbook For Contract Negotiation Shield: Use the reasoning provided in the playbook to explain your stance when negotiating liability caps with vendors or clients.
Template Integration: Copy and paste the "preferred positions" directly into your contracts.
Limitation of Liability Playbook for customer / buyer
Example: If your a buying a CRM tool then your goal is to ensure the seller remains liable for:
Costs of notification and regulatory fines for data breaches & privacy violations
Claims of Third-Party IP Infringement
Gross Negligence or Willful Misconduct by the seller
Data loss or loss due to service interruptions
How to negotiate Limitation of Liability Clause if you are a customer / buyer?
Limitation of Liability Playbook For customer / buyer
Clause | Preferred Position for Customer | Redlining Strategy | Sample Clause Language |
Liability Cap | Seek a higher cap aligned to commercial value (e.g., 12–24 months fees or 2x annual contract value). Avoid very low caps. | Push for cap tied to total contract value or annual fees rather than strictly “last 12 months paid.” Accept vendor need for predictability, but ensure cap reflects deal size and risk. | Except for liabilities under Section [X], Vendor's total aggregate liability arising out of or relating to this Agreement shall not exceed an amount equal to twelve (12) to twenty-four (24) months of fees paid or payable under this Agreement or the annual contract value, whichever is higher. |
Exclusion of Consequential Damages | Accept standard exclusion but ensure it does not unintentionally exclude key commercial remedies. | Carve out key recoverable categories such as IP indemnity, confidentiality breaches, and data protection breaches (as applicable). Avoid over-broad re-characterisation of direct damages as “consequential.” | Neither party shall be liable for indirect or consequential damages, including loss of profits or revenue, except that this exclusion shall not apply to (i) indemnification obligations, (ii) breach of confidentiality, or (iii) data protection obligations. |
Data Breach / Privacy Liability | Seek enhanced cap (e.g., 2x–3x annual fees) for data security breaches. Avoid full uncapped liability unless regulatory context demands it | Push for separate “super cap” reflecting higher risk profile of personal data handling, but keep within commercially insurable limits. | Vendor's aggregate liability for breaches of its security obligations resulting in unauthorized access to Customer Personal Data shall not exceed two (2) to three (3) times the total fees paid or payable in the preceding twelve (12) months. The liability is at anytime not more than the value of the contract. The exclusions include: |
IP Infringement Indemnity | Expect strong indemnity from Vendor, typically subject to a higher or separate cap, not full uncapped liability in most SaaS deals. | Ensure full defence and settlement obligations, but accept reasonable limitation aligned with insurance coverage. | Vendor shall indemnify Customer against third-party claims that the Services infringe intellectual property rights, and such liability shall be subject to the enhanced liability cap set out in Section [X]. |
Early-Term Exposure | Ensure cap reflects full contract value exposure, not only amounts already paid at time of claim. | Resist overly narrow “fees actually paid only” interpretation; allow inclusion of committed fees. | For purposes of calculating liability caps, fees paid shall include all fees payable under the Agreement for the then-current subscription term. |
Aggregate Not Per Claim | Generally accept aggregate cap, but ensure it is not overly restrictive in long-term contracts. | Avoid per-claim stacking that artificially inflates exposure; instead ensure cap is sufficiently sized. | The liability cap stated in this Agreement shall apply in the aggregate to all claims arising out of or relating to this Agreement. |
Mutuality of Liability | Ensure liability limitations apply symmetrically unless commercially justified. | Push back where vendor has asymmetrical protections (e.g., uncapped liability exclusions for itself but strict caps on customer). | The limitations and exclusions of liability set out in this Agreement shall apply equally to both parties, except where expressly stated otherwise. |
Carve-Outs from Cap | Maintain narrow but standard carve-outs for high-risk conduct. | Accept carve-outs for fraud, wilful misconduct, confidentiality breaches, and statutory non-excludable liability; avoid excessive expansion. | The liability cap shall not apply to fraud, wilful misconduct, or liabilities that cannot be limited or excluded under applicable law. |
Insurance Alignment | Ensure vendor maintains commercially reasonable insurance consistent with deal size. | Require evidence of cyber / PI insurance at levels proportionate to risk, but avoid excessive or unrealistic coverage requirements. | Vendor shall maintain commercially reasonable insurance coverage, including cyber liability and professional indemnity insurance, having regard to the nature and risk profile of the Services. |
Sample Buyer Friendly Limitation Of Liability Clause
12. LIMITATION OF LIABILITY12.1 Except as provided in Section 12.2 and 12.3, the Vendor’s total aggregate liability to the Buyer for all claims arising out of or related to this Agreement (whether in contract, tort, or otherwise) shall not exceed the greater of: (i) the total fees paid or payable by Buyer in the twelve (12) months preceding the event giving rise to the claim; or (ii) $150,000. 12.2 Notwithstanding Section 12.1, the Vendor’s liability for damages arising from a security breach, unauthorized access to Buyer data, or violations of the privacy laws (e.g., GDPR, CCPA) shall be capped at the greater of: (i) five times (5x) the annual contract value; or (ii) $1,000,000.12.3 Exclusions (Uncapped Liability): The limitations set forth in Section 12.1 and 12.2 shall not apply to:
|
Limitation of Liability Playbook For Vendor (Seller)
When negotiating liability caps, a vendor doesn't always need to delete a buyer's request for a liability cap. Instead, they perform 'Intelligent Contract Review' i.e. small, precise changes that allow the buyer to feel protected while the vendor minimizes risk for their 'worst-case scenario'.
Here is the Limitation of Liability Clause Playbook for the Seller / Vendor. In this playbook the sample clauses are drafted from the perspective of the Vendor's liability to the Customer/Buyer:
Clause | Preferred Position For Vendor | Redlining Strategy | Sample Clause Language |
Liability Cap | Limit total liability to fees actually paid by the customer during the 12 months preceding the event giving rise to the claim. | Resist caps based on total contract value, fees payable, or uncapped exposure. Ensure the cap applies to all claims in aggregate, not per claim. | Except for the liabilities expressly set out in Sections [X] and [Y], Vendor's total aggregate liability arising out of or relating to this Agreement shall not exceed the total fees paid by Customer under this Agreement during the twelve (12) months immediately preceding the event giving rise to the claim. |
Exclude consequential damages | Exclude indirect, consequential, incidental, special, exemplary, punitive and lost profit damages. | Ensure exclusions apply and survive termination. | Neither party shall be liable for any indirect, incidental, special, consequential, exemplary or punitive damages, including loss of profits, revenue, goodwill, business opportunity, anticipated savings, or data, arising out of or relating to this Agreement. |
Data Breach | Subject privacy and security claims to an enhanced cap rather than uncapped liability. | Move data breach liability into a separate "super cap" instead of accepting unlimited exposure. Limit liability to breaches caused by Vendor's failure to comply with contractual security obligations. | Vendor's aggregate liability for direct damages arising from Vendor's breach of its security obligations resulting in unauthorized access to Customer Personal Data shall not exceed the lesser of (i) two (2) times the fees paid or payable during the preceding twelve (12) months, or (ii) US$1,000,000. |
IP Infringement Indemnity | Subject IP indemnity obligations to the same enhanced cap as data breach liability. | Move IP claims into the super-cap bucket. | Vendor's liability arising from its indemnification obligations for third-party intellectual property infringement claims shall be subject to the enhanced liability cap set out in Section [X]. |
Early-Term Exposure | Ensure liability is tied to fees actually paid, not fees payable or total contract value. | Delete references to "fees payable", "committed spend", or "remaining contract value". | For purposes of calculating liability caps, only fees actually paid by the Customer prior to the claim shall be included. |
Aggregate Not Per Claim | Apply the cap once across all claims. | Prevent the customer from arguing the cap resets for each breach or claim. | The liability cap stated in this Agreement is an aggregate cap applying to all claims arising out of or relating to this Agreement. |
Sample Clause Language for Limitation of Liability - Vendor Friendly
Limitation of Liability12.1 Exclusion of Certain Damages TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, NEITHER PARTY SHALL BE LIABLE TO THE OTHER FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY OR PUNITIVE DAMAGES, OR FOR ANY LOSS OF PROFITS, REVENUE, BUSINESS OPPORTUNITY, GOODWILL, ANTICIPATED SAVINGS, OR LOSS OR CORRUPTION OF DATA, ARISING OUT OF OR RELATING TO THIS AGREEMENT, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 12.2 General Liability Cap EXCEPT AS EXPRESSLY PROVIDED IN SECTION 12.3, VENDOR'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATING TO THIS AGREEMENT SHALL NOT EXCEED THE TOTAL FEES ACTUALLY PAID BY CUSTOMER TO VENDOR UNDER THIS AGREEMENT DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM. THE FOREGOING CAP IS AN AGGREGATE CAP APPLYING TO ALL CLAIMS, LOSSES, DAMAGES AND CAUSES OF ACTION ARISING OUT OF OR RELATING TO THIS AGREEMENT AND SHALL NOT APPLY SEPARATELY TO EACH CLAIM. 12.3 Enhanced Liability Cap NOTWITHSTANDING SECTION 12.2, VENDOR'S TOTAL AGGREGATE LIABILITY FOR DIRECT DAMAGES ARISING FROM: (a) VENDOR'S BREACH OF ITS EXPRESS SECURITY OBLIGATIONS UNDER THIS AGREEMENT RESULTING IN UNAUTHORIZED ACCESS TO CUSTOMER PERSONAL DATA; and (b) VENDOR'S INDEMNIFICATION OBLIGATIONS FOR THIRD-PARTY CLAIMS ALLEGING THAT THE SERVICES INFRINGE OR MISAPPROPRIATE SUCH THIRD PARTY'S INTELLECTUAL PROPERTY RIGHTS, SHALL NOT EXCEED THE LESSER OF: (i) TWO (2) TIMES THE TOTAL FEES ACTUALLY PAID BY CUSTOMER TO VENDOR UNDER THIS AGREEMENT DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM; OR (ii) US$1,000,000. FOR THE AVOIDANCE OF DOUBT, THIS ENHANCED LIABILITY CAP APPLIES ONLY TO DIRECT DAMAGES. 12.4 Exclusions from Enhanced Liability THE ENHANCED LIABILITY CAP IN SECTION 12.3 APPLIES ONLY TO CUSTOMER PERSONAL DATA AND SHALL NOT APPLY TO CUSTOMER DATA GENERALLY OR TO ANY OTHER INFORMATION THAT DOES NOT CONSTITUTE PERSONAL DATA UNDER APPLICABLE DATA PROTECTION LAW. 12.5 Sole Unlimited Liabilities NOTHING IN THIS AGREEMENT SHALL LIMIT OR EXCLUDE LIABILITY FOR FRAUD, FRAUDULENT MISREPRESENTATION, OR ANY LIABILITY THAT CANNOT BE LIMITED OR EXCLUDED UNDER APPLICABLE LAW. |
