Indemnification of Third Party Claims (Excluding IP Claims)


1. Definitions

The following definitions apply to these IACCM Contracting Principles:

  • "Indemnification" means that the indemnifying party (“Indemnitor”) will defend and be responsible for a claim made by a third party against the indemnified party (“Indemnitee”) to the extent that the Indemnitor expressly undertook the indemnification obligation with respect to the specific acts or omissions under the agreement that gave rise to the claim.  

2. General Concepts

These general concepts form the basis for the more detailed IACCM Contracting Principles that follow:

  • Although parties to a contract generally recognize that their acts or omissions under the agreement may affect third parties – particularly where a supplier is enabling a customer to provide its products or services downstream – the supplier should only be expected to step into the shoes of the customer in taking on risks that directly relate to the supplier’s acts or omissions under the contract.
  • Third parties should not be viewed as beneficiaries of an agreement between customers and suppliers unless expressly made so in the agreement.
  • Customers should be expected to undertake commercially reasonable efforts to shield themselves from liability (e.g., by including appropriate flow down terms in their own agreements with their end consumers or by means of appropriate insurance) and should not look to suppliers to act as insurers in the event those efforts are not successful in warding off claims.
  • The agreement is not the sole vehicle by which a party can hold the other party accountable for third party claims.  A party can also join the other party as a third-party defendant in litigation initiated by a third-party plaintiff.
  • Indemnification obligations should extend only to the degree that the indemnifying party was responsible for the damages incurred.  Proportionate liability should result from situations where multiple parties contributed to an event.
  • Supplier indemnification obligations should be tied to its own acts or omissions under the agreement as well as that of its subcontractors and agents.

(Note:  Indemnification for intellectual property infringement claims is addressed in the IACCM Contracting Principle – Intellectual Property Rights and Indemnification for Third Party IP Claims.)

3. IACCM Contracting Principles

3.1. Scope of Indemnification Obligations

  • Each party should indemnify the other for third party claims relating to (i) bodily injury, death, and real or tangible property damage due to a party’s negligence or wilful misconduct; and (ii) where relevant to the services provided, employment matters brought by employees of the indemnitor against the indemnitee.
  • Supplier should provide indemnification for “Protected Data Losses” to the extent resulting from supplier’s “Protected Data Non-Compliance” (as such terms are defined in IACCM Contracting Principles - Data Security and Privacy).
  • Supplier’s indemnification for governmental or regulatory fines or penalties incurred by the customer should be limited to those that are a direct result of the supplier’s breach of the agreement with respect to obligations to comply with applicable laws or regulations that apply to it.
  • Customers should indemnify suppliers for third party claims associated with the customers’ business operations, data, or business content that gave rise to the claim except to the degree the suppliers’ acts or omissions contributed to the damages.
  • The Indemnitees, which should be limited to the contracting party (and possibly also other directly related parties) should be specified in the agreement.  

3.2. Applicability of Liability Caps and Exclusions from Liability for Indemnification Obligations

  • Indemnification obligations should be subject to the same liability caps as would apply for similar claims made between the contracting parties (but see an exception under the IACCM Contracting Principle – Intellectual Property Rights and Indemnification for Third Party IP Claims).
  • Third party claims should be treated as direct damages regardless of their nature (but see an exception under the IACCM Contracting Principle – Data Security and Privacy).

3.3.  Conditions for Indemnification

  • The Indemnitee should have the same obligation to mitigate third party damages as it would to mitigate its own.
  • Any obligation to indemnify for third party claims should be preconditioned upon the following:
    • The extent of liability for the claim should be proportional to the fault on the part of the Indemnitor vis-à-vis the Indemnitee or any other party.
    • The Indemnitee must give prompt notice of the claim to the Indemnitor or relieve the latter for any incremental liability caused by the delay.
    • The Indemnitee must provide reasonable support to the Indemnitor in defense of the claim.
    • The Indemnitee has the right to engage its own counsel (at its own expense) to represent it, provided that the Indemnitor maintains control of the defense of the claim.
    • The Indemnitor cannot admit to guilt or fault on the Indemnitee’s part or agree to an obligation to be undertaken by the indemnitee without the express prior written consent of the latter.
    • The Indemnitor cannot take any action in the course of the defense that would bring in to question the reputation or goodwill of the Indemnitee.
    • In the event the Indemnitee demands the right to give prior consent to any settlement of the third-party claim, the Indemnitee should accept responsibility for any additional exposure caused by its failure to give consent to any settlement proposed by the Indemnitor.