Got a $200K contract with F500 company. Their MSA has an indemnification clause that basically says I'm liable for any and all damages without limit. My E&O insurance only covers $1M. This seems insane. How do I negotiate this?
Key things to negotiate:
Carve-outs for IP indemnification: You should only indemnify for claims that your work infringes third-party IP — not for their misuse of deliverables.
Liability cap: "Total aggregate liability under this agreement shall not exceed the greater of (a) amounts paid in the 12 months preceding the claim, or (b) $X."
Carve-out for gross negligence/willful misconduct: Caps shouldn't apply to intentional bad acts.
At $200K, they expect you to push back. Their legal team has seen these requests before.
Word of warning: some F500 procurement teams have zero authority to modify legal terms. Ask early if they can actually negotiate, or if you need to escalate to their legal department. Saves time.
Also: get your own lawyer to redline it. The $2-3K for contract review is nothing compared to the risk on a $200K deal.
Yeah vendor contract sent me an indemnification clause that says I indemnify them for 'any and all claims arising from or related to the services.' That's incredibly broad — it would make me responsible even for their own negligence. Is this standard? Can I push back?
Outside counsel here — I negotiate MSAs and vendor agreements for mid-market SaaS companies. Building on Patricia’s excellent buyer-side perspective, I want to address the one area where I see vendors consistently leave money on the table: indemnification carve-outs for insurance coverage gaps.
Most indemnification clauses are drafted without any reference to the parties’ actual insurance coverage. This creates a dangerous mismatch. If your vendor contract has a broad indemnification obligation but your E&O policy excludes coverage for IP infringement claims arising from open-source components, you are personally on the hook for that gap. I have seen a $2.1 million patent troll settlement come out of a startup founder’s personal assets because their insurance policy had a software IP exclusion that nobody caught during contract negotiation.
My standard redline for any indemnification clause now includes three elements: (1) a liability cap at the greater of 2x annual contract value or $1 million, (2) a mutual carve-out stating that neither party’s indemnification obligation exceeds its applicable insurance coverage limits unless the claim arises from willful misconduct, and (3) an obligation for both parties to maintain commercially reasonable insurance (typically $2M general liability, $2M E&O/professional liability, and $5M cyber liability for SaaS vendors). This framework gives both sides meaningful protection while keeping the exposure insurable and predictable.