Many tech contracts require that one party indemnify the other against claims “resulting from the Indemnitor’s negligence or other wrongdoing.” In other words, the indemnity obligation gets triggered by the indemnitor’s fault — by something it did wrong. Unfortunately, these fault-triggered indemnities work poorly at best. To understand indemnities, you need to understand why.

Typical Fault-Free Indemnities

In an indemnity, one party promises to defend the other against third party lawsuits — and to pay resulting settlements or judgments. The simplest, most effective indemnities require that the indemnitor take responsibility for a particular type of lawsuit, regardless of whether the indemnitor did anything wrong. It’s the type of claim that triggers the indemnity, not wrongdoing.

Take the intellectual property indemnity: the most typical version found in IT contracts. The vendor indemnifies the customer against any lawsuit claiming that, by using the vendor’s product, the customer infringed a third party’s IP — usually a patent or copyright. These IP indemnities do not say, “Vendor shall indemnify customer against IP claims, so long as Vendor is at fault for the infringement.” Nor do they say the vendor indemnifies, “so long as Vendor’s technology actually infringes the third party’s IP.” If the third party IP suit relates to vendor technology, the vendor indemnifies — even if the claim is invalid and the vendor did nothing wrong. It’s the vendor’s technology, and the parties (usually) agree that the vendor/indemnitor will defend it. (Actually, it’s slightly more complex than that, with some exceptions meant to limit the vendor’s obligations. But that’s the principle.)

The Problem of Fault

Fault plays a larger role in other indemnities, and that’s where the clause gets messy. In data breach indemnities, for instance, vendors worry that customer security problems could trigger a breach. So the vendor doesn’t want to defend data breach claims unless itwas at fault. Plus, some contracting parties want broad indemnities covering all sorts of claims — so long as the indemnitor did something wrong.

These fault-triggered indemnities create two problems — both related to the indemnitor’s obligation to defendthe case:

  1. Refusal to Defend: If the indemnity only applies where the indemnitor did something wrong, the defense may never happen. Imagine, for instance, that the indemnity clause covers “data breach claims resulting from Vendor’s negligence.” If the vendor/indemnitor claims it wasn’t negligent, it may not defend the customer. And that choice might be justified. Keep in mind: the court might not rule on negligence until the end of the case, when the defense is already over.
  2. Conflict of Interest: If the indemnitor does defend the case, it’ll have a hard time doing right by the indemnified party in a fault-triggered indemnity. That’s because victory for the indemnified party does not necessarily provide the quickest way out of the lawsuit for the indemnitor. Rather, the indemnitor’s quickest way out may be to prove that it did nothing wrong, terminating the indemnity. In fact, the indemnitor has an incentive to prove that the indemnified party was negligent, even while defending that party. That conflict of interest makes defense either impractical or extra expensive. The extra expense comes if the vendor has to hire two law firms, one to pursue its own claim of innocence and the other to defend the indemnified party.

To put it another way, indemnities work well when the indemnitor and indemnified party have similar interests in the litigation. In the typical IP indemnity, for instance, the customer and the vendor/indemnitor both want the vendor to win the third party lawsuit. Victory would mean the customer can keep using the vendor’s product, which is good for both. But in a fault-triggered indemnity, the parties have opposing interests. The indemnitor wants to show that it did nothing wrong so it can escape responsibility. The indemnified party wants to establish the indemnitor’s fault, to keep it in the case. That makes cooperation difficult.

One qualification: this article addresses indemnities triggered by fault, not indemnities alleging fault. The indemnitor has much clearer defense obligations in an indemnity against “any claim alleging an injury resulting from Indemnitor’s negligence or other wrongdoing.” But those indemnities raise other issues. What if the third party claim blames the indemnitor but the indemnified party actually caused the loss? And what if the claim accuses both parties? (Those are topics for another post.)

Doing Fault-Triggered Indemnities Anyway

None of this means fault-triggered indemnities have no value. The defense obligation might fall apart, but the indemnitor could still have to pay settlements or judgments against the indemnified party. And in some cases, the only alternative to a fault-triggered indemnity is no indemnity. Most IT vendors, for instance, will not indemnify data breach cases triggered by their customer’s IT security screw-ups. They’ll only accept indemnities triggered by their own mistakes.

So you might have to accept fault-triggered indemnities. But avoid them where possible. And recognize that a fault-triggered indemnity might not do its job, which is to provide rules for dispute-free cooperation between the parties. A fault-triggered indemnity could easily lead to a battle between the business partners, right when they need to cooperate against the third party who’s suing them.