Sign in Subscribe
Startup Central

Indemnification Clauses Explained: How Indemnity Works in Contracts (With Examples)

Promise Legal Staff

9 min read
Abstract figures transfer segmented risk flow through layered contract with shield/coins icons
Loading the Elevenlabs Text to Speech AudioNative Player...

Why Indemnification Clauses Deserve Your Attention

An indemnification (indemnity) clause is the part of a contract where one party agrees to cover certain losses and third-party claims the other party faces — often including attorneys’ fees, settlements, and judgments. In startup vendor, SaaS, and services deals, it’s one of the fastest ways to accidentally sign up for liability that’s far bigger than the contract value.

This guide is for startup founders, business leaders, and in-house counsel who routinely review or negotiate customer and vendor agreements. The core risk is simple: one broadly drafted indemnity can require you to pay for a customer’s legal defense (and possibly a settlement) even when the facts are messy and the claim is only loosely connected to your product.

We’ll keep it practical: how to read and stress-test indemnity language, what to negotiate, and what “balanced” looks like — plus sample clauses and a checklist. For related contract building blocks, see our resources on master service agreements (MSAs) and negotiating vendor contracts.

TL;DR for Busy Readers

  • Indemnity = who pays when a third party sues (and who controls the defense).
  • Bad drafting can create outsized, uncapped exposure (fees + settlement can dwarf revenue).
  • Key levers: scope, triggers (third-party only), defense/settlement control, caps, and carveouts.
  • Action: review your current templates, standardize a “house” indemnity clause, and escalate high-risk deals to counsel.

What an Indemnification Clause Actually Does (In Plain English)

Indemnification is a contract promise that one party will cover certain losses and third-party claims the other party faces — often including attorneys’ fees, settlements, and judgments — when the claim relates to specific risks (like IP infringement, data incidents, or negligence).

Indemnity is different from (1) ordinary breach remedies (you breached, so you pay damages) and (2) limitation of liability terms (which cap or exclude damages). Indemnities often function like a bespoke “risk transfer” mechanism that can override expectations created by a general liability cap.

The common pattern reads like: “Party A will indemnify, defend, and hold harmless Party B from and against any claims, damages, and costs… arising out of X.” The most important word is usually X.

Where You’ll See Indemnity Clauses in Real Contracts

Indemnities show up in SaaS agreements, master service agreements (MSAs), service agreements, vendor contracts, reseller/partner deals, IP licenses, and DPAs. They can also survive termination — so when terminating a vendor contract, the indemnity term may still control future claims.

Simple Scenario: When Indemnity Kicks In

Your startup licenses software to a customer. A third party sues the customer alleging your product infringes its patent/copyright. The customer tenders the claim under the IP indemnity: you may have to hire counsel, run the defense, and pay covered losses (fees, settlement/judgment), subject to the clause’s limits.

  • Confirm who indemnifies whom.
  • Confirm what claims trigger the duty (IP only? any “related to” use?).
  • Confirm who controls defense/settlement and whether there’s a cap.

The Moving Parts of an Indemnification Clause You Must Understand

Think of this as your core checklist. If you can quickly spot these components, you can tell whether an indemnity is reasonably balanced — or a hidden “blank check.”

1. Who Indemnifies Whom (One-Way vs Mutual)

One-way indemnity is common when a startup is the vendor (vendor indemnifies customer). Mutual indemnity allocates each party’s wrongdoing to itself (e.g., each covers its own IP infringement or misconduct). If you have low leverage, pushing for full mutuality may fail; narrowing scope and adding caps is often more achievable.

2. Scope of Covered Claims – How Broad Is “Arising Out Of”?

“Arising out of or related to” can sweep in almost anything. Watch for categories like IP, data incidents, negligence, bodily injury, or “any breach of law.” A safer version ties coverage to third-party claimsto the extent caused by” the indemnifying party’s breach/negligence/willful misconduct.

3. What Types of Losses Are Covered

“Losses, damages, costs, expenses (including attorneys’ fees)” usually means defense fees are included — which often dwarf the underlying damages. Confirm whether consequential/indirect damages sneak back in through indemnity despite a general limitation of liability.

4. Triggers: Third-Party Claims vs Direct Losses

Most commercial indemnities are for third-party claims, not routine disputes between the parties. As a default, confine indemnity to third-party claims unless there’s a specific, negotiated reason to cover direct losses.

5. Defense and Settlement Control

“Defend” is a separate promise from “indemnify.” If the other side controls defense and can settle quickly, you could end up with admissions or non-monetary obligations that harm your business. Negotiate counsel approval and settlement consent (especially for admissions, injunctive relief, or operational restrictions).

6. Caps, Carveouts, and Limitations of Liability

Check whether indemnity is subject to the cap (common vendor position) or carved out (often demanded for IP, data security, bodily injury, fraud). If you’re a startup, caps can be existential — use targeted carveouts rather than blanket uncapped exposure.

7. Notice, Procedure, and Survival

Procedures usually require prompt notice and cooperation. A reasonable fix is: late notice only relieves duties if it materially prejudices the indemnifying party. Also confirm survival — indemnities can last years after termination, especially for IP and data-related risks.

Sample Indemnification Clauses with Annotations

These samples are practical illustrations, not legal advice. Indemnity language should be tailored to your product, data posture, insurance, and leverage — get counsel involved for high-stakes deals.

Example 1 – Broad One-Way Indemnity Clause (High Risk for Vendor)

“Vendor shall indemnify, defend, and hold harmless Customer from and against any and all claims, damages, losses, liabilities, costs, and expenses (including attorneys’ fees) arising out of or related to the Services.”

  • Why it’s risky: open-ended (“any and all”), vague trigger (“related to”), no fault qualifier, and often no clear link to third-party claims.
  • Cap problem: if indemnity is carved out of the limitation of liability, exposure can be effectively unlimited.
  • Common redlines: add “to the extent caused by Vendor’s breach, negligence, or willful misconduct,” limit to third-party claims, and make it subject to the liability cap (or a negotiated sub-cap).

Example 2 – Balanced Mutual Indemnity (More Typical for B2B SaaS)

“Each party will indemnify, defend, and hold harmless the other from third-party claims to the extent arising from the indemnifying party’s (a) IP infringement, (b) breach of its security obligations resulting in unauthorized access, or (c) gross negligence or willful misconduct. The indemnifying party controls the defense with counsel reasonably acceptable to the indemnified party; no settlement may admit fault or impose non-monetary obligations without consent (not unreasonably withheld).”

  • More even allocation: each party owns its own high-risk failures.
  • Startups may need leverage to get this; if not, use it as a north star while narrowing scope/caps.

Example 3 – IP-Only Indemnity with Clear Remedies

“Vendor will indemnify Customer from third-party claims that the Services infringe IP rights. If infringement is alleged, Vendor may procure rights, modify the Services, or terminate and refund prepaid fees for the affected Services.”

  • IP indemnity is often non-negotiable for customers; remedies keep the focus on business continuity.

How to Use These Samples in Practice

Use these as a comparison tool when reviewing redlines, then build a “house” indemnity clause you start from every time. Involve counsel for enterprise deals, regulated data, or any indemnity that’s uncapped or carved out of liability limits.

Negotiation Playbook – How to Push for Safer Indemnity Terms

Even if the other side sends a “non-negotiable” form, you can usually improve indemnity risk by focusing on a few high-leverage edits.

Step 1 – Assess Your Role and Risk Profile

Your posture changes fast depending on whether you’re the vendor (customers push broad indemnity), the customer (vendors resist), or an intermediary (reseller/partner). A small SaaS selling to an enterprise typically has less leverage than when that same SaaS buys cloud infrastructure from a hyperscaler. Regulated use cases (health/finance) and deal size usually mean more indemnity pressure.

Step 2 – Narrow the Scope and Triggers

Ask for: (1) third-party claims only, (2) a fault qualifier (“to the extent caused by…”), and (3) removal of catch-alls like “related to.”

Before: “any claims related to the Services.” After: “third-party claims to the extent caused by Vendor’s breach or willful misconduct.”

Step 3 – Align Indemnity with Limitation of Liability

Cross-check the indemnity section against the cap. If the customer insists on carveouts (IP, security, bodily injury), try a separate sub-cap, tie it to insurance, or narrow what’s carved out.

Step 4 – Fix Defense and Settlement Control

Key asks: right to assume defense, counsel approval (not unreasonably withheld), and consent for settlements with admissions or non-monetary obligations. Without this, you can face a quick settlement that imposes product changes or public statements you can’t accept.

Step 5 – Clarify Process and Survival

Add: late notice only relieves duties if it causes material prejudice. Set survival periods that match realistic claim timelines (often longer for IP, shorter for general claims).

Step 6 – Bring in Insurance and Risk Management

Indemnities should map to coverage (CGL, cyber, tech E&O). Coordinate legal + finance/ops, and when risk is high, ask the counterparty for minimum limits and additional insured status where appropriate.

Common Mistakes and Red Flags in Indemnification Clauses

Use this as a fast triage list during contract review — these issues are often where indemnity terms become disproportionately risky.

Red Flags to Watch For

  • Overbroad scope: indemnity for any losses “arising out of or related to” the agreement, with no fault qualifier.
  • Wrong trigger: indemnity covers direct disputes between the parties, not just third-party claims.
  • Uncapped exposure: indemnity is uncapped or expressly excluded from all limitations of liability without a narrow carveout.
  • No defense/settlement protections: you can’t control defense or block settlements that admit fault or impose non-monetary obligations.
  • Notice “gotchas”: minor delays in notice void coverage even if there’s no material prejudice.

Practical Examples of What Can Go Wrong

  • A startup agrees to indemnify a customer for anything “related to use,” and the customer’s noncompliant deployment triggers a third-party claim — vendor still pays defense costs.
  • A customer assumes it has IP protection, but the vendor’s IP indemnity excludes open-source components; an OSS claim arrives and there’s a coverage gap.
  • A security incident happens; the contract’s indemnity language doesn’t line up with cyber/tech E&O coverage, leaving unexpected out-of-pocket costs.

How to Fix or Escalate These Issues

  • Simple redlines: add “to the extent caused by…,” limit to third-party claims, and align indemnity with the liability cap (or a sub-cap).
  • Escalate to counsel if indemnity is uncapped, carved out broadly, or involves IP/security in a high-value deal.
  • Consider walking away when the downside is existential and the counterparty won’t narrow scope or add workable caps/defense control.

Indemnification Clause Checklist and FAQs

Use this as a final pass before signing any meaningful SaaS, services, or vendor contract. If you can’t confidently answer these items, pause and escalate.

Quick Indemnity Risk Checklist

  • Have you identified who indemnifies whom?
  • Is indemnity limited to third-party claims (not direct disputes)?
  • Is scope tied to specific acts (breach/negligence/IP/security), not “related to” everything?
  • Are covered losses defined (fees, settlements, judgments) and are consequential damages addressed?
  • Who controls the defense, selects counsel, and pays costs as incurred?
  • Is settlement consent required for admissions or non-monetary obligations?
  • Is indemnity subject to the liability cap (or a sub-cap), and are carveouts commercially reasonable?
  • Are high-risk areas (IP, data security, bodily injury, fraud) handled explicitly?
  • Do notice/cooperation duties include a material prejudice standard?
  • Do survival periods match realistic claim timelines?
  • Do your insurance policies actually map to the indemnity you’re signing?

FAQs About Indemnification Clauses

  • What’s the difference between an indemnity clause and a limitation of liability clause? Indemnity allocates responsibility for specific losses/third-party claims; limitation of liability caps or excludes damages generally. In practice, indemnity can “punch through” the cap if it’s carved out.
  • Is it normal for indemnification obligations to be uncapped? Some carveouts are common (often IP or bodily injury), but fully uncapped, broad indemnities are a red flag for startups. If a carveout is unavoidable, narrow scope and consider a separate sub-cap tied to insurance.
  • What is an IP indemnity, and when should I insist on it? It’s a promise that the vendor will defend/pay if a third party claims the product infringes IP. Customers often insist on it when the software is business-critical or customer-facing.
  • Do I need mutual indemnity, or is one-way enough? Mutual is cleaner and fairer, but leverage matters. If you can’t get mutuality, prioritize narrowing scope, third-party-only triggers, and defense/cap alignment.
  • Can indemnification cover regulatory fines or penalties? Sometimes contracts try to shift them, but insurability and enforceability vary by jurisdiction and facts. Treat this as counsel-review territory.
  • What does “defend, indemnify, and hold harmless” actually mean? “Defend” is paying for and controlling the legal defense; “indemnify” is paying covered losses; “hold harmless” reinforces the protection concept. The details (control, consent, caps) determine the real risk.

Conclusion and Actionable Next Steps

Indemnification clauses are one of the highest-leverage risk-allocation tools in any SaaS, services, or vendor contract. Once you understand a few moving pieces — scope, triggers, defense control, and caps — you can negotiate from a position of clarity instead of signing surprise liability. The “right” balance depends on your role and leverage, but ignoring indemnity language is often far more expensive than addressing it upfront.

Actionable Next Steps

  • Audit your templates (MSA, SaaS agreement, service agreement) and flag overly broad or uncapped indemnities.
  • Use the checklist in this guide for the next material vendor or customer deal before signature.
  • Create a house indemnity clause + fallback positions (sub-caps, carveouts, defense-control language) aligned to your risk tolerance and insurance.
  • Train sales/procurement to spot red flags and escalate early.
  • Do a focused review of indemnity + limitation of liability on your highest-value/highest-risk contracts.

If you want help benchmarking your current language or renegotiating indemnity terms in existing agreements, book a contract review with Promise Legal.