Skip to main content

Indemnification

  • definition: To indemnify another party is to compensate that party for loss or damage that has already occurred, or to guarantee through a contractual agreement to repay another party for loss or damage that occurs in the future.

Research

  • This means that one party (the indemnifying party) will pay the damages, claims, expenses and other types of payments listed in this provision if the other party (the indemnified party) as well as those related to the indemnified party listed in the provision, incurs damages as a result of something the indemnifying party does related to the agreement. The things the indemnifying party could do that would result in liability to the indemnified party are listed at the end of the provision (essentially acts or omissions under the agreement). This provision requires that the indemnified party promptly notify the indemnifying party of a claim and allow that party to control the defense or settlement of the claim.

  • An indemnification provision addresses the risk that your company might be liable for damages resulting from something the other party does related to the contract. For example, your company has a contract to buy ground beef from another company, which it then incorporates into its frozen lasagna product. If the ground beef is tainted and results in sick consumers, this provision in the contract requires the ground beef supplier to defend any action against your company resulting from the tainted ground beef and to pay all costs and damages. If this provision were not in the contract, your company would have to sue the other company to obtain a judgment for the damages and costs it incurs as a result of the tainted ground beef.

Clause

  • Each party shall indemnify, defend, and hold the other party harmless from and against any and all claims, actions, suits, demands, assessments, or judgments asserted, and any and all losses, liabilities, damages, costs, and expenses (including, without limitation, attorneys fees, accounting fees, and investigation costs to the extent permitted by law) alleged or incurred arising out of or relating to any operations, acts, or omissions of the indemnifying party or any of its employees, agents, and invitees in the exercise of the indemnifying party's rights or the performance or observance of the indemnifying party's obligations under this agreement. Prompt notice must be given of any claim, and the party who is providing the indemnification will have control of any defense or settlement.

Why Your Indemnification Clause is Critical

Your proposed broad indemnification clause is crucial because it accounts for these human and configuration-based vulnerabilities. By using a broad phrase like "any act or omission of the Indemnifying Party relating to this agreement," you ensure that the contract covers not just IP infringement, but also the consequences of:

  • A client's employee having their password compromised.
  • A client insisting on using a specific, unvetted third-party app that later leads to a breach.
  • The client incorrectly configuring their database or content permissions after the project is complete.

In short, even with Wix's robust security, a data breach can still occur. Your indemnification clause should be designed to protect you from the risks you don't control, while still holding you accountable for your own work. The broader language does a much better job of this than a clause that only focuses on intellectual property.

A client's employee having their password compromised

For a Wix website development project, an indemnification clause is essential to manage risks like a client's employee having their password compromised. The agreement's guidelines for this scenario hinge on the principle that each party is responsible for their own "acts or omissions."

How the Clause Works

The indemnification clause would likely state that the client (as the "Indemnifying Party") agrees to protect you, the service provider, from any claims or damages that result from their own actions or negligence. This includes a scenario where one of their employees' login credentials for the Wix website are compromised.

The clause operates under the following logic:

  • Client's Responsibility: The agreement makes it clear that the client is responsible for all actions taken by their employees. This includes providing them with secure login credentials, enforcing strong password policies, and training them on cybersecurity best practices.
  • Negligent Act or Omission: The employee's failure to protect their password or falling victim to a phishing scam is considered a negligent "act or omission" on the part of the client.
  • Cause and Effect: If a third party gains unauthorized access to the website using the compromised password and, for example, steals customer data or defaces the site, the resulting damages and legal costs are a direct consequence of the client's negligence.
  • Indemnification in Action: According to the clause, the client would be obligated to "indemnify, defend, and hold harmless" you, the service provider. This means the client would be responsible for paying any legal fees, damages, or settlement costs that arise from the data breach. The clause protects you from being held liable for a security failure that was entirely outside of your control.

In short, the agreement's guidelines protect you by placing the responsibility for a password compromise squarely on the client, as it is a risk they are in the best position to manage. Yes, you should definitely include a time frame for your indemnification clause. It's considered a best practice to avoid indefinite liability, which can be an open-ended risk for a service provider.

Why a Time Limit is Crucial

Without a specific time limit, your indemnification obligations could last for the entire duration of the statute of limitations for the underlying claims, which could be many years. This is a significant business risk for an LLC, especially a small one. A clear time frame brings predictability and finality to the business relationship.

For example, a client might get sued for copyright infringement from a photo on their website you built three years ago. If your contract doesn't have a time limit on indemnification, you could be financially responsible for that claim even though the project was completed a long time ago.

A time-bound clause protects you by ensuring that after a reasonable period, the client assumes full responsibility for any future issues. This aligns with the idea that the client has had ample time to review and accept the work, and any problems that arise after that point are their responsibility, or at least they can't blame you.

Enforceability and Best Practices

The enforceability of a time limit on an indemnification clause is generally recognized, but it depends on the specific jurisdiction and the reasonableness of the time frame.

  • Statute of Limitations: The time limit you set in your contract cannot be shorter than the relevant state's statute of limitations for that type of claim. For many contract-related claims, the statute of limitations can be anywhere from two to six years. If your contract sets a one-year limit on indemnification, but the statute of limitations for a copyright claim is three years, a court might not enforce your one-year limit if the claim arises within the three-year window. This is why it's a good idea to consult a lawyer to ensure your time limit is reasonable and enforceable in your jurisdiction.

  • Reasonable Time Frame: The standard practice is to tie the indemnification period to a reasonable and specific event. For a web development project, a common time limit is 12 to 24 months following the completion or "go-live" date. This gives the client enough time to find any latent issues while also protecting you from perpetual liability.

  • Exceptions: Most indemnification clauses, including those with time limits, will not apply to claims resulting from gross negligence, willful misconduct, or a breach of confidentiality. This is a legal and practical safeguard. Courts are often unwilling to allow a party to contractually shield themselves from liability for their own intentional wrongdoing.