Negotiation Guide

How to Negotiate Indemnification

Master the art of limiting your exposure while protecting against legitimate breach-related losses. Learn about caps, carve-outs, and insurance requirements.

📄 Clause Versions 🤝 Negotiation Guide

🎯 The Core Negotiation Challenge

Indemnification is often the most contentious clause in any agreement because it directly allocates financial risk. The key tensions are:

  • Disclosers want maximum protection: They're sharing valuable secrets and want full coverage if things go wrong
  • Recipients want limited exposure: They need predictable, bounded risk that matches the deal value
  • Insurance considerations: Coverage gaps can leave one party holding uninsurable risk

Your goal is to achieve a fair allocation where each party bears responsibility for their own breaches, with reasonable limits that both sides can live with.

📈 Negotiating Liability Caps

Uncapped indemnification is the biggest risk in most NDAs. Always push for a cap. Here are common cap structures:

Fixed Dollar Cap
"not to exceed $100,000"
Best for: Standalone NDAs with no revenue relationship
Fees-Based Cap
"not to exceed fees paid in the 12 months preceding the claim"
Best for: NDAs related to service agreements
Deal Value Cap
"not to exceed the transaction value"
Best for: M&A or investment-related NDAs
Insurance Cap
"not to exceed available insurance coverage"
Best for: When parties have cyber liability coverage
Negotiation Response: "We Need Uncapped Indemnity"

Their position: "Our confidential information is worth millions. We can't cap indemnification."

Your response: "We understand the value of your information, which is why we've agreed to strong confidentiality protections. However, unlimited indemnification creates unquantifiable risk that exceeds the value of this relationship. We propose a cap of [X], which represents meaningful protection while keeping risk proportional to the transaction. We can also discuss enhanced security measures or insurance requirements as additional protections."

🛠 Essential Carve-Outs

Even if you agree to indemnification, carve-outs limit your exposure to truly your fault scenarios:

Carve-Out What It Does Sample Language
Their Fault Excludes claims caused by their negligence or misconduct "...except to the extent arising from Discloser's own negligence or willful misconduct"
Third-Party Only Limits to outside claims, not disputes between parties "...limited to claims brought by third parties, excluding direct claims between the parties"
Proven Breach Requires actual breach, not just allegations "...arising from a proven material breach" or "...as finally determined by a court of competent jurisdiction"
Mitigation Failure Excludes damages they could have prevented "...except to the extent Discloser failed to take commercially reasonable steps to mitigate damages"
Proportional Fault Reduces obligation based on comparative fault "...reduced in proportion to any fault attributable to Discloser or third parties"
Combined Carve-Out Language
"Notwithstanding the foregoing, the Receiving Party's indemnification obligations shall not apply to the extent that claims arise from: (i) the Disclosing Party's own negligence, willful misconduct, or breach of this Agreement; (ii) information that was publicly available or independently developed; (iii) the Disclosing Party's failure to use commercially reasonable efforts to mitigate damages after becoming aware of the breach; or (iv) direct claims between the parties, which shall be governed by ordinary contract principles."

💰 Defense Cost Obligations

How and when defense costs are paid can be as important as the indemnification itself:

Danger: Pay-As-You-Go Defense Costs

"The Receiving Party shall pay defense costs within 10 days of invoice."

Why it's dangerous: You could spend hundreds of thousands on legal fees defending against a frivolous claim, with no guarantee of recovery. This creates leverage for the other party to make unreasonable settlement demands.

Better: Reimbursement After Resolution

"The Indemnifying Party shall reimburse reasonable defense costs following final resolution of the underlying claim."

Why it's better: Shifts cash flow risk to the party with the claim. They can still recover costs, but only after liability is established.

Compromise: Advance with True-Up

"The Indemnifying Party shall advance 50% of defense costs quarterly, with final reconciliation upon resolution. If the claim is resolved in favor of the Indemnifying Party, advanced amounts shall be refunded within 30 days."

When to use: When the other party has legitimate concerns about litigation financing but you need protection against frivolous claims.

🛡 Insurance Requirements

Insurance can bridge the gap between desired protection and acceptable risk levels:

Key Insurance Types for NDA Indemnification

Cyber Liability Insurance: Covers data breaches, including third-party claims, notification costs, and regulatory fines. Limits typically range from $1M to $10M.

Errors & Omissions (E&O): Covers professional mistakes that lead to confidentiality breaches. Common in service provider relationships.

Commercial General Liability (CGL): May provide limited coverage for "personal and advertising injury" but typically excludes contractual liability.

Negotiating Insurance Requirements

Sample Insurance Requirement
"Each party shall maintain cyber liability insurance with limits of not less than $2,000,000 per occurrence and $5,000,000 in the aggregate, covering claims arising from data breaches, unauthorized disclosure, and related regulatory proceedings. Each party shall name the other as an additional insured under such policy and shall provide certificates of insurance upon request. The indemnifying party's indemnification obligation shall be limited to available insurance coverage plus [$ amount]."
When They Don't Have Insurance
  • Require them to obtain coverage as a condition of the NDA
  • Set a lower indemnification cap if they can't get insurance
  • Consider a security deposit or letter of credit for material NDAs
  • Limit the scope of confidential information you share

🚨 Red Flags to Reject

  • 🔴
    Indemnification for "alleged" breaches
    You shouldn't pay for claims that are never proven. Require "actual" or "proven" breach.
  • 🔴
    "Regardless of negligence or fault"
    You shouldn't indemnify for losses caused by their own mistakes or misconduct.
  • 🔴
    Indemnification excludes limitation of liability
    This creates unlimited exposure. Your liability cap should always apply to indemnification.
  • 🔴
    Bond or security deposit requirements
    Ties up capital and creates leverage imbalance. Reject unless the relationship justifies it.
  • 🔴
    No control over settlement
    They could settle frivolous claims and bill you. Require consent for settlements affecting you.

💬 Sample Negotiation Exchanges

Scenario 1: Making It Mutual

Their position: "We want you to indemnify us for any breaches."

Your response: "We're sharing confidential information too, so indemnification should be mutual. We'll indemnify you for our breaches if you indemnify us for yours. This is fair because it puts both parties in the same position - each responsible for their own conduct."

Scenario 2: Rejecting Immediate Defense Costs

Their position: "You need to fund our defense as costs are incurred."

Your response: "Pay-as-you-go defense funding creates perverse incentives and cash flow issues. We're willing to agree to reimbursement of reasonable, documented defense costs after final resolution of any claim. Alternatively, we can agree to periodic advances with a true-up provision, but we need protection against overstated costs and frivolous claims."

Scenario 3: Adding Insurance Instead of Higher Cap

Their position: "Your $500K cap is too low. We need $5M."

Your response: "Rather than uncapped or very high exposure, let's address this with insurance. We'll maintain $3M in cyber liability coverage and add you as an additional insured. Combined with the $500K cap, this gives you up to $3.5M in protection through a combination of insurance proceeds and our direct obligation. This is better protection than a higher cap you might never collect on."

💡 Key Negotiation Principles

  1. Cap everything: Never agree to unlimited indemnification. Even if the cap is high, having one limits your maximum exposure.
  2. Require mutuality: If both parties share information, both should indemnify. One-way indemnification is a red flag.
  3. Protect against their fault: Always carve out claims caused by their own negligence or misconduct.
  4. Control costs: Avoid pay-as-you-go defense obligations. Push for reimbursement after resolution.
  5. Require proven breach: "Alleged" breach indemnification shifts investigation costs to you unfairly.
  6. Use insurance: Insurance can provide protection beyond what either party can fund, and shifts risk to specialized carriers.
  7. Match to deal value: Indemnification exposure should be proportional to the value of the underlying relationship.