Liability Provisions In IT Contracts

IT contracts often address liability only by limiting the value of claims, if at all. Elias Mühlemann (Managing Associate, IT/IP) and Florian Fallegger (Associate, Corporate/M&A) highlight key points for drafting contractual liability provisions. 

In practice, we often observe two extremes regarding liability provisions in IT contracts: they are either completely absent or highly restrictive. The absence of such provisions can be problematic for service providers, as it exposes them to significant liability risks, even with small order values.

1. What happens if there is no liability provision?

The Swiss Code of Obligations (CO) governs such situations. It stipulates that a party who fails to fulfil a contractual obligation, or does so improperly, must compensate for the resulting damage unless they can prove they are not at fault. If the contractual service requires performing an activity with due care, a breach of this obligation is presumed to be negligent, and the resulting damage must be compensated.

Relevant damage under the CO is any involuntary reduction in assets that, in the normal course of events and based on general life experience, was caused by the breach of duty.

The CO's provision thus favours the service recipient. The service provider is liable for any breach of duty and any resulting damage, provided there is a reasonable connection between the breach and the damage, and the provider cannot prove their lack of fault.

2. How can the liability risk be distributed sensibly?

The contract should differentiate between (i) services for which a party is directly responsible, (ii) services provided by third parties, such as suppliers, manufacturers, or software providers, and (iii) items of damage for which no liability is assumed.

In order to distribute the liability risk appropriately, action must be taken at various levels. Service providers in particular have a duty to do so, because the default provision in the CO generally puts the service recipient at an advantage.

• Avoid excessive obligations: Contractual liability typically arises from breaching a performance obligation. Therefore, service providers should only commit to obligations they can assess and fulfil. This transparency also benefits the service recipient.
• Define the consequences of a breach of duty: The contract should specify the customer's claims in the event of a breach of duty by the service provider. Typically, experienced service providers limit their liability to rectification and a price reduction. To avoid potentially significant rectification efforts, service providers often reserve the right to choose to either rectify the defect or granting a reduction. The contract must also define the process for reporting defects, including the method (preferably in a verifiable form e.g., verifiably by email), the deadline, the designated contact person for warranty claims, and the scope of their responsibility.
• Limiting liability for content: Liability can be contractually excluded, except for damages caused intentionally or by gross negligence. For instance, liability for minor negligence can be excluded. A "substantive" limitation of liability can be achieved for example by excluding liability for auxiliary persons, such as subcontractors or licensors (e.g., software licensors or cloud providers) who are outside the service provider's sphere of influence. It is also permissible to exclude liability for certain categories of damages, like indirect damages such as lost profits, meaning the service provider is not liable for the customer's loss of income resulting from damage to the IT environment or data. Furthermore, the service provider may exclude liability for third-party claims arising from the service provider's faulty performance (recourse claims by customers).

To avoid misunderstandings, parties can explicitly exclude specific types of damages that may arise from using an IT service, such as liability for data loss or damage, or for service unavailability. For the latter, parties can agree on compensation through, for example, flat-rate service credits.

• Limiting liability in terms of amount: Service providers with significant bargaining power often exclude liability entirely, to the extent the law permits. Where a service provider lacks this bargaining power, it typically limits its liability to an amount commensurate with the contract value, such as the annual remuneration paid by the customer. This monetary cap on liability may apply per claim, per specific period (e.g., a calendar year), or for the entire contract term.

Conclusion: Parties often negotiate liability limitations solely in monetary terms. However, liability can be structured in various other ways to suit the specific situation. As a service provider, it is crucial to (i) avoid unfulfillable obligations, (ii) contractually define the consequences of a breach, and (iii) appropriately structure liability in both scope and amount.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.