Allocation of Risk in Master Service Agreements with Tech Companies
August 25, 2021

Allocation of Risk in Master Service Agreements with Tech Companies

by Jana Gouchev

Well negotiated Master Service Agreements (MSAs) are so important to the working relationship of service providers and client. The MSA sets the terms of engagement for all current and future work. Unlike traditional service and license agreements, which are usually single-body contracts with occasional attachments and exhibits, MSAs are master documents that govern multiple agreements or transactions between entities. Structurally, the bulk of the legal terms and conditions are negotiated once in the MSA, and then, specific Work Orders or Statements of Work (SOW) are executed with respect to specific services ordered by a customer. The SOW functions as an order form that creates a legally binding agreement between the two parties. It sets out the services to be performed, any deliverables attached to it and related payment terms.

This article explains allocation of risk provisions in an MSA from both the customer’s side and the service provider’s side. It also discusses several ways to help you think through the clauses and avoid possible pitfalls in the MSA. The points below are also generally applicable to SaaS Agreements, Vendor Agreements, Service Level Agreements, Software Agreements, and the like. 

Representations, Warranties, Disclaimers and Covenants

Most MSAs will include references to the terms “representations,” “warranties” and/or “covenants,” so it is important to understand each concept and use them appropriately. Customer may ask that “covenants” be styled as representations and warranties to make more favorable claims or remedies available to them if litigation is ever initiated.

  • A representation is an express or implied statement that one party to the master service agreement makes to the other before or at the time the contract is entered into regarding a past or existing fact. A claim that a misrepresentation induced a contract might be pursued in fraud, either to rescind the contract or for damages.
  • A warranty is a promise, generally requiring strict compliance, that a fact is true at the time the master service agreements is being negotiated. It provides that something in furtherance of the contract is “guaranteed” (which is typically stronger than a “mere” contractual obligation) by a contracting party, often to give assurances that a service or deliverable is as promised.
  • A covenant is usually a formal agreement or promise in a master service agreement or any vendor agreement or commercial contract that is secondary to the main reason for the contract. It is an undertaking to do or not do something in the future. A claim for breach of a covenant may be for damages or specific performance (meaning that a court could order the service provider to perform), or, potentially, if the covenant is important enough, for rescission or termination.

Implied Warranties

The laws of most states provide for various implied warranties. For example, New York State law provides for an implied warranty that goods sold shall be merchantable and fit for their ordinary purposes (UCC Chapter 38, Article 2, Part 3). Rather than rely on these statutory warranties that can be unclear, an MSA may set out its own warranty, and then disclaim all other warranties. This way, the parties know exactly what warranties apply to their deal, without having to research any outside statutes.

When negotiating an MSA, a Software as a Service (SaaS) Agreement or general vendor agreement, the customer may push back on a broad disclaimer. Service providers: try asking if there are specific warranties that customers think are missing. This can help get to the heart of the real issue, without the need for over-broad warranties.

If the language disclaims “express, implied, or statutory warranties”, then the service provider should press to remove “express” from the list. The disclaimer should not be able to disclaim what is expressly guaranteed under the contract. Note that disclaimers need to be clear and conspicuous. They ban be set in ALL CAPS or bold or underlined.

Noteworthy is that "undefined 'fraud carveouts' continue to find their way into agreements notwithstanding otherwise well-crafted waiver of reliance provisions."

The most important representation in a technology contract is generally the Intellectual Property.

Since it is difficult to know about every possible IP infringement claim in advance, this is a risky representation to make. The service provider will be asked to represent that: (i) has clear title to the products and services; and, (ii) the deliverables will not infringe any intellectual property of any third party.

A service provider may push back on this provision, their position being that the IP indemnity should be the sole remedy concerning infringement by the service provider. While this representation may be subject to the limitations of liability provision, it does provide consumers with some additional remedies beyond the indemnity (e.g. the right to file a claim against the service provider for breach of contract, warranty or misrepresentation and seek monetary damages and/or rescission of the Agreement), which remedies may prove useful to customers in certain circumstances.

Limiting obligations of the IP representation with a “knowledge qualifier”

Often the party that is being hired under the master service agreement will want to negotiate into the contract a limit of its obligations under the IP representation with a “knowledge qualifier”. In this scenario, it is important for the parties to delineate the scope of such knowledge. Often the definition of “knowledge” in an agreement will include both the actual and constructive knowledge of certain individuals who have control over and knowledge of the relevant facts.

Knowledge can be limited to actual knowledge, which is information that service provider actually or consciously knew about, or constructive knowledge, which is knowledge that a prudent individual should have under the circumstances (i.e. information that the individual would be expected to learn after some reasonable level of diligence, or information the individual would be expected to know based on his or her capacity as a director, officer or employee of the company).

In negotiating this, a customer may agree to the “knowledge qualifier” but further require “reasonable inquiry”. That is, the service provider represents that it is not aware of any IP infringement after a reasonable inquiry into the facts. In this scenario, the service provider needs to do some research before making the representation.

For any express warranty that deliverables and services will conform with any specification documents, they should extend for the length of the term. This is very important for agreements involving software, where “updates” could remove critical functionality, such as interoperability. This can be a challenging issue to negotiate if the service provider wants to reserve the right to discontinue or sunset services, especially over a long contract term.

"Undefined “fraud carveouts” continue to find their way into agreements notwithstanding these otherwise well-crafted waiver of reliance provisions.

Indemnification in a Master Service Agreement

Most MSAs will include references in the indemnification provision with all three of these terms" “indemnification”, “defense” and/or “hold harmless”, so it is important to understand each concept and use them appropriately.

  • To “indemnify” is to provide security for financial reimbursement to an individual in case he or she incurs a specified loss.
  • Defense” requires the indemnifying party to engage attorneys and manage any litigation or other proceedings.
  • To hold harmless” someone is to promise to pay any costs or claims which may result. For example, covering the indemnified party for any subsequent fall-out (e.g. unknown lawsuits or claims) stemming from the covered claim and or/its settlement.

An indemnification in a service contract obligates a party to compensate the other party for losses or damages set out in the provision. This compensation is separate and apart from other contractual obligations and damages. For this reason, an indemnity is generally not a substitute remedy for a “normal” breach of contract scenario but is reserved for extreme circumstances in which one party has virtually sole control over the subject matter and the information necessary to prove or disprove the claim. It will be important to define what is included in the scope of the indemnity and what is excluded. Recovery under an indemnification clause is typically excluded from the limitation of liability clause or included under a separate or “super” cap covering certain types of liability.

Indemnities under a master service agreement may cover claims resulting from breaches by service provider of compliance with laws. The compliance with laws indemnity may be very broad, as it may include violations of data privacy laws and information security schedules. It is advisable to assess the risks once the data privacy and information security schedules are finalized to better determine the actual risks around data privacy breaches.

'An 'excluded losses' provision is standard fare as an exception to the scope of indemnification otherwise available for breach of representations and warranties" in commercial agreements. The indemnification clause should be limited to third-party claims, not all claims. If the indemnification clause will cover direct claims as well as third party claims, this should be clearly stated. Hooper Assocs. v. AGS Computers, 74 NY.2d 487 (NY 1989).

IP Infringement Indemnification

Customers frequently ask for broad IP indemnification provisions in service agreements, including uncapped IP infringement and indemnity protection from service providers related to service provider’s products and services. Their theory is that service providers know the technology better and are in the best position to defend their products and services, unlike customers who has no control or input into the product development process and cannot unilaterally redesign an allegedly infringing product. Customers’ expectation is that service providers stand behind their products and commit to provide uncapped IP indemnity in exchange of payment.

Service Providers may attempt to limit their infringement indemnity geographically (e.g., US/EU patents only), to only certain types of IPR (e.g., copyrights and trademarks but not patents), or in some other manner. Fundamentally, the party being hired under the master service agreement should provide IP indemnity in any jurisdiction which service provider determines to provide its products and services, since service provider is in control of the jurisdictions in which its products and services may be sold.

IP indemnity can survive termination of the master service agreement and any statements of work under it. The time limits should adequately protect the customer from third-party patent claims, which is usually a reasonable risk for services providers to bear.

The customer in the master service agreement may also request an IP indemnity from service provider which does not exclude other third-party IP/ components. In the event service provider seeks to exclude other third-party products from the scope of its outbound IP indemnity to customer, the following options can be considered: (i) require service provider to disclose all the third-party components so customer can determine if any of them poses heightened risk; and (ii) add a monetary cap on the service provider’s indemnity of the third-party components.

Any such restriction in a master service agreement should be discussed with the parties’ business stakeholders to assess risk with such restrictions.

Limitation of Liability

Limitations of liability are tied to the risk profile for a particular deal, from both the customer side and the service provider side. The provisions on liability in an MSA can vary widely between deals.

By default, a party that breaches a master service agreement or a vendor agreement may be liable for direct and indirect (e.g., consequential, punitive, etc.) damages. These damages can be quite high, even when the value of the contract itself is small. This is why parties generally want to set to limit to their overall liability if something goes wrong. Liability caps can be tied to the amount in a specific statement of work, or they can be flat dollar amounts.

It is important to exclude certain damages from the limitations of liability. A master service agreement may exclude indirect damages (no punitive damages, no lost profits, etc.). Many MSAs provide that recoverable damages are limited to direct, or actual, damages. Although there will be extensive case law available to the parties in the relevant jurisdiction to help them define direct damages, it is not recommended to leave the issue entirely to an “after the fact” determination.

We recommend defining the term “direct damage” term in the contract in order to so that they are not open to interpretation. Such damages might include: (i) additional costs incurred by the customer over the charges set forth in the agreement to transition to and obtain similar services from another provider, (ii) costs incurred to correct any deficiencies in the services provided by service provider, (iii) service level credits, (iv) fines or penalties assessed against the customer, (v) damages arising out of or in connection with the breach; or, (vi) losses covered under a party’s indemnification obligations.

An example of an Unforeseeable Losses Limited provision: "Neither party will be liable for breach-of-contract damages that are remote or speculative, or that the breaching party could not reasonably have foreseen on entry into this agreement."

It is standard to exclude breaches of confidentiality obligations from the limitation of liability under the master service agreement.

Statute of Limitations.

The limitation of liability may put a deadline on filing any claims. The statute of limitations for a breach of contract is generally 4 to 6 years (it’s 6 years in Washington State, 6 in New York, 4 in California, and 4 in Texas). Parties to a contract can agree to shorten that period.

Requiring Service Providers to Carry Insurance

The MSA should include a requirement that the service provider and its contractors maintain insurance for the duration of the relationship. Certain policy limits can be requested, as well as proof of insurance, The parties’ management group should be consulted early in the process of determining the risk profile of the deal, as well as the types and levels of insurance to be required from the service provider and its subcontractors. The conversation with the business units and key stakeholders will likely extend beyond the insurance provision to the other provisions of the contract, such as the indemnities and limitation of liability.

Gouchev Law represents service providers and the clients hiring them in all commercial contracts, and technology transactions. Book a free session with a senior partner, and visit our website for more information.

Disclaimer: The information in this article is for general information purposes only. Nothing in this article should be taken as legal advice for any individual case or situation. This information is not intended to create and viewing it does not constitute an attorney-client relationship. 

To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics