Liability is probably the most argued-over part of enterprise software as a service contract. A lot of negotiations will break down over limitations of liability and a lot of attention is paid to these liability caps in the due diligence phase of any investment round. Why? It essentially comes down to risk mitigation. Managing SaaS contract liability caps is something that starts to get tricky the more customers you have. Each party in a transaction is looking to reduce the amount of risk that they open themselves up to and liability caps are one way to balance out the risk a little. If the worst happens we can at least get X, Y, and Z covered. So, as a startup company selling to enterprise customers, how do you manage your liability caps?
Contract Tracking
First and foremost, know what you’ve agreed to. Sounds simple but a lot of startups don’t track the amount of liability that they have agreed to across the board. They’ll track other parts of contract data but rarely will there be a contract database that documents levels of liability that have been agreed to for each of its customers. Usually, a founder will be able to remember the exceptions that have been made along the way and quote a handful of customers who have high liability caps but the founder’s memory isn’t a scalable source of information.
Tracking the amount of liability for each contract that you sign can mean that it’s super simple to have your contract renewals team know which customers need to have their contracts renegotiated or for your executive team to know which contracts will be flagged during the due diligence of any investment or acquisition.
What is the normal level of liability for a software-as-a-service contract?
Normal, as with anything in the startup world, is a relative term. Does your product hold customer information that would cause damage to their business if leaked? Think source code or protected intellectual property. Or does your product only require a username and passcode while the remainder of the data used is publicly accessible, like a tool that checks your website for search engine optimization purposes? A normal level of liability for software as a service contract is often aligned with the risk attached to something going wrong.
Other things that influence liability levels are the types of customers that you are dealing with, are they used to strong-arm negotiation tactics or are they nimble and understand the SaaS procurement process?
When asked what a normal level of liability is for a SaaS product we usually tend to lean towards one times the annual value of the contract. Effectively this means that if the product is in breach of the contract terms the customer effectively gets a full refund. Keep in mind that this is standard for SaaS products that don’t process overly private material or intellectual property. You can understand what is normal better once you start managing SaaS contract liability caps and tracking them. What’s normal can be based on your historical data.
Should I ever agree to unlimited liability?
This is a risk question that is specific to your business and risk appetite. It is also very business stage-specific. A lot of early-stage startup companies will agree to much higher liability caps when they are getting started selling to enterprise customers. The risk is outweighed by the need to get traction and build a customer base. A lot of software-as-a-service companies will have legacy contracts with early customers that need to be renegotiated later as the risk becomes unacceptable for a more established company. By the time this happens, the hope is that those early customers have got enough utility from your product that you have highly engaged champions who you can leverage in contract negotiations. You should have a contract management policy in place that will guide your business on this.
How can I negotiate lower liability?
Negotiating lower liability is often less about getting lower liability across the board and instead identifying the areas in which your potential customer must have high or unlimited liability and carving these out to have a separate liability cap in your contract. As a SaaS company, you may agree to a one-times contract value cap for a data breach but an unlimited liability cap for death caused by your application.
These carve-outs allow both parties to attach liability to different outcomes based on their true impact rather than a blanket amount. For most SaaS companies extreme outcomes are so unlikely that agreeing to unlimited liability is an acceptable business risk.