Defend, Indemnify and Hold Harmless: What They Mean and How To Use Them

Some phrases turn up regularly in contracts, e.g., a party that “represents, warrants and covenants” something; the grant of a “right and license”; a set of “terms and conditions”; and a party owning all “right, title and interest” to something. When drafting, reading and/or interpreting a contract, you may view each of these phrases as a single concept. However, the component terms in these phrases often have different meanings. I have previously written about the differences between representations, warranties and covenants, and why those differences can be extremely important.

A core element of every contract is risk allocation. Most agreements contain risk allocation clauses such as limitation of liability, disclaimer of consequential damages, insurance obligations, and indemnification obligations. A contractual indemnification provision often begins with a statement that a party shall “indemnify, defend and hold harmless” one or more other parties from and against losses, damages, etc. arising from or relating to certain acts, omissions or occurrences. There are three separate and distinct concepts in this phrase – an obligation to indemnify, a duty to defend, and an obligation to hold harmless. Should these always be used together? Or are there circumstances when only one or two should be used, or used separately? Understanding what each of these concepts mean and how to use them strategically (as a whole or in parts) is critical to ensuring an agreement contains the right risk allocation.

Here’s a handy summary chart to differentiate these three concepts:

The obligation to indemnify

An “indemnity” is a core risk shifting provision of a legal contract, obligating one party (the “indemnitor” or the “indemnifying party”) to compensate and reimburse (or “indemnify”) the other party (the “indemnitee” or the “indemnified party”) for certain losses such as monetary costs and expenses (the “indemnified losses”) which arise from, result from or relate to certain acts, omissions or occurrences defined in the contract (the “scope of the indemnity.”) Properly defining the scope of the indemnity and any exclusions to scope, the indemnified parties, and the indemnified losses are especially critical. For example, the scope of an indemnity may include, among other things, the material breach of a representation or warranty; a violation of a law, rule or regulation; a party’s negligent, grossly negligent, and/or willful acts or omissions; a breach of confidentiality or security obligations; and a claim that a product infringes the intellectual property of a third party. Common indemnified losses include attorneys’ fees and costs (whether or not the contract includes a duty to defend), losses, expenses, costs, damages, fines, and penalties.

Indemnification obligations can be either “third party” (protection against damages and losses claimed by a third party and not the other contractual party) or “first party” (protection against damages and losses claimed by the other contractual party). Most parties do not use a first-party agreement in contractual indemnification clauses, preferring that any damages and/or losses claimed by the other contractual party be governed by general breach of contract principles. Some courts have interpreted an indemnity as a third-party indemnity absence express language as to the parties’ intention to cover first party claims.

If you are thinking this sounds a lot like insurance, you’re right – an insurance policy is a form of an indemnity pursuant to which the insurer (the indemnitor) agrees to compensate and reimburse a policy holder (the indemnitee) for losses and damages relating to losses, expenses, or other damages suffered by the policy holder in connection with an indemnified claim. Another important point is that indemnification is not automatic – it requires the indemnitor to accept its obligation to indemnify for a particular claim, or alternatively a finding by a court, arbitrator, or similar that the claim giving rise to the loss or damage was within the scope of the indemnity. For example, if Party A is required to indemnify Party B for third party damages and losses (including attorneys’ fees) arising from Party A’s negligence, and a third party (Party C) sues Party B for damages arising from Party A’s negligence, if the court finds that Party A was negligent, then Party A’s indemnification obligations are triggered. An indemnitor may sometimes contest their obligation to indemnify, which can lead to additional litigation over the obligation to indemnify itself.

The duty to defend

Like indemnity, the duty to defend has its roots in insurance. If you tender a claim to your insurance carrier and the carrier accepts your claim, your carrier will “step into your shoes” to defend you, by either having their in-house attorney handle the matter, or more commonly, by hiring an attorney to defend you against the claim. Similarly, if in a contract you accept a duty to defend the other party in the event that other party receives a claim, is sued, or some has other cause of action or proceeding commenced against it arising from certain specified occurrences, you are agreeing to step into their shoes and be responsible for their defense, whether or not you are also sued. This includes hiring attorneys, retaining experts, retaining e-discovery providers, and taking on other obligations associated with the defense of the claim. A duty to defend includes an obligation to bear the costs of providing the defense such as attorneys’ fees, expert witness fees, electronic discovery fees, court fees, and the like. Keep in mind that the defended party will still need to be involved the defense of the claim. While a party imposing a duty to defend on the other party gives up their ability to defend the claim as they see fit, the cost-shifting generally outweighs the loss of control.

If a party feels it must maintain direct control, e.g., where the reputational risk from a claim is so significant that they want to call the shots or where a party has outside counsel that they feel is essential for a particular type of claim), that party may want to negotiate out a duty to defend and rely solely on the duty to indemnify for reimbursement of incurred defense costs. However, this is often not palatable to indemnitees who insist on a right to defend; the most common argument is that if a party has the obligation to indemnify against costs of a judgment or settlement, that party must have control over the defense of the claim so they control the outcome. Some parties shifting the duty to defend will preserve the right to retain their own counsel at their expense in the procedures section, so they retain some say in the defense strategy. Remember that the damage from a legal proceeding may be non-monetary, e.g., reputational damage, so having a say in the other party’s defense may be important.

When offering a duty to defend and an obligation to indemnify, consider separate but sequential obligations to defend and to indemnify to narrow the scope of both obligations. In this approach, a party would provide a duty to defend the other party against third party claims arising from certain acts, omissions, and occurrences, and with respect to such claims, would indemnify the other party from and against defense costs (attorneys’ fees and other litigation expenses), indemnitor-agreed settlements, and court-awarded damages resulting from such claims. This approach avoids applying the broad categories of “damages, losses, expenses, costs,” etc. to either the duty to defend or the obligation to indemnify, which language often results in a broader risk shifting to the indemnitor than was intended.

The obligation to hold harmless

A hold harmless is an agreement by a party to assume responsibility for, and to not hold the other party liable for, damages resulting from the occurrence of certain acts, circumstances or events. In practice, a hold harmless and an indemnity are functionally equivalent in that both require a party to assume responsibility for losses incurred by another party in connection with certain acts and circumstances. Some argue that while an indemnity shifts losses, a hold harmless shifts both losses and liability. However, shifting liability is often not realistic or achievable. There is no way to assume responsibility for negative and equitable intangible liabilities such as damage to reputation, bad press, a public court record, an injunction or specific performance requirement, etc.; a party can only compensate the other monetarily for such intangible liabilities.

There is one important difference between a hold harmless and an indemnity – a party granting a hold harmless not only shifts risk to itself by taking responsibility for another’s losses associated with that risk, but also assumes the risk directly and agrees not to shift it to the other party even if the other party is ultimately responsible. This may prevent a party granting a hold harmless from shifting liability to the other party if the other party turns out to be the one that caused that liability to occur. Consider whether to ensure contractually that a contractual indemnity and hold harmless excludes liability and damages caused by the other party’s own acts and omissions.

To limit the scope of risk you or your client will accept, consider providing a duty to defend and obligation to indemnify only, and negotiating or leaving out an obligation to hold harmless. If the paramount concern is shifting as much risk as possible, ask for a hold harmless as well. A hold harmless provision can be unilateral (one party retains risk) or mutual (each party retains its own risk associated with certain acts, events or occurrences). Be very careful with mutual indemnity and hold harmless provisions. If you receive an indemnity, granting a hold harmless back for the same acts or circumstances as the two provisions may result in two conflicting provisions that may cancel each other out and leave you without indemnification protections.

Final thoughts

Using the obligation to indemnify, the duty to defend, and the obligation to hold harmless properly in contracts helps ensure a party is taking on the right amount of risk under the relationship. Use of common legal phrases without thinking through whether that use is correct for a particular circumstance may cause your company or your client to take on more risk than they realized, or to give up rights you thought you had. The obligation to indemnify, duty to defend, and obligation to hold harmless also relate directly to, and may be impacted by, the language in other contractual provisions, including indemnification procedures and exclusions; disclaimer of consequential damages; limitation of liability; and insurance provisions. Working with your in-house attorney, or retaining a subject matter expert, is often a worthwhile an investment of time and resources up front to help you navigate the risk allocation terms in your agreement — such as the obligation to indemnify, duty to defend, and obligation to hold harmless — to ensure the risks you take are properly balanced against the expected rewards.

Eric Lambert is counsel for the Transportation division of Trimble Inc., an geospatial solutions provider focused on transforming how work is done across multiple professions throughout the world’s largest industries. He supports the Trimble Transportation Mobility and Trimble Transportation Enterprise business units, leading providers of software and SaaS fleet mobility, communications, and data management solutions for transportation and logistics companies. He is a corporate generalist and proactive problem-solver who specializes in transactional agreements, technology/software/cloud, privacy, marketing and practical risk management. Eric is also a life-long techie, Internet junkie and avid reader of science fiction, and dabbles in a little voice-over work. Any opinions in this post are his own. This post does not constitute, nor should it be construed as, legal advice.

Use the Right Intellectual Property Contract Terms To Protect Against IP Risk

In most technology and service agreements, one or both parties use or license the other party’s intellectual property (IP), or one party uses or licenses its own intellectual property for the other party’s benefit. However, using or benefiting from another party’s IP carries certain risks, including the risk of an infringement claim, ownership or licensing disputes, open source software, and risks arising from a bankruptcy of the IP owner/licensor.  Where managing the risks from that IP usage is important, having the right contract clauses in place to shift and mitigate this risk can be critical.

There are a number of contract clauses that can be employed to manage and shift IP risk. Two contract clauses in particular – the IP representation/warranty and the IP indemnity – may seem complimentary but can expose a party to unintended liability if used together.

IP Representation/Warranty and IP Indemnity

There are two clauses which can shift the risk of intellectual property infringement – an express representation/warranty of non-infringement and an indemnity against non-infringement. (I will not cover implied warranties of non-infringement under the Uniform Commercial Code, which are very frequently disclaimed in technology and service agreements.)

A representation/warranty of non-infringement is a statement of fact (rep) or statement or promise of condition (warranty) that intellectual property licensed and/or used does not infringe the intellectual property or other proprietary rights of third parties. An IP rep/warranty may be knowledge-qualified, i.e., “to the best of [owner/licensor’s] knowledge.” An IP rep/warranty allows the IP owner/licensor to stand behind its intellectual property, and allows the IP user/licensee to assert an “innocent infringer” defense to certain IP claims. However, like other reps and warranties, there are potentially meaningful consequences if they are breached. Like other breaches of representations, a breach could give rise to a right to void the contract and rescission damages.  Like other warranties, a breach can give rise to contract remedies, a right to withhold or cease performance under the agreement, and/or a right to terminate the agreement for cause.  The user/licensee is required to prove damages resulting from a breach of an IP representation or warranty.

An intellectual property indemnification is an obligation to defend, indemnify, and hold harmless the other party from and against losses, damages, and expenses arising or resulting from a third-party IP infringement claim. (Most service providers avoid first-party IP indemnity clauses, as they are effectively an insurance clause.)  This can be a standalone IP indemnity clause, or an indemnification obligation for breaches of reps/warranties where the agreement contains an IP rep/warranty. As it’s very difficult for an IP user/licensee to determine or mitigate the risk of infringement itself, the IP indemnity allocates this risk to the owner/licensor (subject to the limitation of liability) without the need for the user/licensee to prove damages or other losses. Watch the geographic scope of the indemnity to ensure it matches where the IP will be used – if it’s limited to US patents/trademarks, for example, a user/licensee would not be protected from a claim that their use violates an EU patent. IP indemnification clauses usually include procedures for tendering a claim for defense and language governing who controls the defense, assistance provided by the indemnified party, and settlement of an indemnified claim. A major benefit of an IP indemnity is that the indemnified party does not have to incur or prove damages resulting from an IP infringement claim first; as long as an indemnified claim is brought against the indemnified party, the indemnification obligations apply. As long as the indemnifying party complies with its defense and indemnification obligations, the indemnified party does not have a right to terminate the agreement.

Service providers will often put contours around the scope of the intellectual property indemnity by including limitations to the obligation to indemnify based on certain acts or omissions of the indemnified party. These include where the user/licensee uses IP outside the scope of the license or terms; where the user/licensee modifies the IP other than as authorized by the IP owner/licensor; where the infringement claim results from the combination of the IP with other products or technology not provided by the IP owner/licensor; and where the user/licensee fails to accept or use an updated version of a product or service provided by the IP owner/licensor which has been modified to be non-infringing. Some parties also exclude IP protection where the claim results from open-source software used in their products or systems. One thing to watch for is whether the exclusions are comparative (claims are excluded “to the extent” that an exception applies) or absolute (if any of the exceptions applies, indemnification is not provided).

Savvy service providers and IP licensors understand that including both of these clauses into an agreement can have unintended consequences, such as the potential for remedy “double-dipping.” If a contract contains both an IP indemnity and IP warranty protecting Party B, and a third-party IP claim is asserted against Party B, Party B may be able to both assert a breach of rep/warranty claim and seek damages for breach of the warranty or seek to terminate the agreement for cause, while also tendering the third party claim to Party A for defense and indemnification. Because of this, many licensors and vendors will offer an IP indemnity, but not an IP warranty. However, this eliminates the ability for the user/licensee to rely on the rep/warranty as an innocent infringer. If both the rep/warranty and indemnity are used, one approach to harmonizing them is to add language to the IP warranty stating that the sole and exclusive remedy for breach of the IP warranty is indemnification pursuant to the IP indemnity. This gives the user/licensee the “innocent infringer” benefits of the IP warranty protection as well as the IP indemnity protection, while ensuring that a breach of the IP warranty does not result in a claim outside of indemnification obligations.

Other Intellectual Property Risk Protections

In addition to IP reps/warranties and IP indemnities, there are other contractual protections which can be used to protect against IP risk.

Indemnification Remedy Clause

Where infringement occurs, the IP user/licensee often wants more than just to be protected — they want the right to keep using the IP for the duration of the agreement. In the event of actual infringement, neither an IP rep/warranty nor IP indemnity forces the IP owner/licensor to remedy the infringement. This is why many agreements include an additional IP infringement remedy clause which generally commits an IP owner/licensor facing a claim or judgment of IP infringement to obtain the right to continue to use the impacted IP, to modify the IP so that it is non-infringing, or to replace the impacted IP with a non-infringing alternative. In some cases, if none of the remedies are feasible, one or both parties may be given the right to terminate the agreement; where a termination right exists, users/licensees should consider whether to ask for a prorated refund of license/usage fees for the remaining terminated period of the agreement. Watch for language on the timing of the remedy – in most cases, it’s when the indemnifying party is found to be infringing by a court of competent jurisdiction (and not when the claim is first asserted), which generally does not impact the user/licensee as the defense and indemnification obligations should apply prior to that point.

Allocation of risk (limitation of liability) Cause

While an IP indemnity and rep/warranty shifts risk to the IP owner/licensor, the amount of risk shifted is allocated between the parties through the limitation of liability clause. Is the indemnifying party willing to provide uncapped liability for its IP indemnification obligations? Some service providers have not priced unlimited liability into its fees, or is unwilling to provide uncapped liability as a policy or due to insurance limitations. The user/licensee usually wants to negotiate the broadest liability cap possible; one common compromise is to negotiate a “super-cap” for IP indemnification obligations above the base limitation on direct damages but short of uncapped.

It’s important to also look at the disclaimer of consequential damages. An indemnified claim can include consequential damages as part of the third-party claim (e.g., lost profits).  If the disclaimer of consequential damages does not specifically exclude indemnification obligations, any such damages claimed by a third party may not be indemnifiable which may not be what one or both parties want.  It’s important to note that there is a significant difference between third-party consequential damages awarded in connection with an indemnified claim, and first-party consequential damages related to an indemnified claim (e.g., the indemnifying party should not have to pay for a company’s lost profits due to an executive having to travel and participate in a deposition in connection with an indemnified claim). An exclusion to the disclaimer of consequential damages for third party damages awarded in connection with, or included in the settlement of, an indemnified claim may provide a finer point on the exclusion.

IP Ownership Clause

Another contract provision which can be leveraged to mitigate IP risk is the IP ownership clause, which addresses ownership of each party’s pre-existing IP as well as any new IP created in connection with the agreement. This clause is ideally located up front in a base agreement between the parties, but sometimes will be placed in a Statement of Work (“SOW”) or other ancillary document instead (order of precedence language in the base agreement can be critically important in that case). Ensure that each party retains ownership of its own IP (except to the extent ownership is transferred to the other party), and that each party is prohibited (to the extent permitted by law) from reverse engineering, disassembling, de-compiling, creating derivative works from, renting, selling, leasing, acting as a service bureau regarding, or otherwise attempting to learn the source code of the other party’s IP. If neither company will acquire ownership rights to the other’s IP (even IP created in connection with the agreement), make sure the ownership clause clearly covers this.  If one company will transfer ownership of developed IP (a “deliverable”) to the other, ensure the agreement clearly defines the deliverable and states that the deliverable is considered “works made for hire” as defined in the US Copyright Act, and consider adding language regarding transfer and assignment of the IP rights in and to the deliverables (which may be tied to payment for the deliverable). If a deliverable contains the developer’s pre-existing IP, consider asking for a perpetual, irrevocable, worldwide right and license to sue the pre-existing IP as part of the deliverable (this may cause the IP indemnity to survive in perpetuity).

IP Insurance Clause

Another way to mitigate and shift the risk arising from IP is through intellectual property insurance. IP insurance can be obtained through specialized policies such as a cyber liability policy and media liability policy. Coverage for IP infringement claims may not be available under comprehensive general liability (CGL) coverage – check your policy or walk through coverage with your insurance broker to ensure you understand what your IP insurance policies (or typical policies) cover and don’t cover. Users/licensees may want to ask the IP owner/licensor about IP insurance they carry, and request that the owner/licensor be obligated to maintain their insurance and protect the user/licensee under the policy, e.g., by tying the contractual limitation of liability to the policy coverage.

Open source software Clause

In many cases, companies use open source software (“OSS”) in their IP. There are a number of good reasons companies do this, including lower costs, better quality, and a large support community. As IP owners/licensors did not create the OSS they use, many will disclaim OSS from IP representations, warranties, and indemnities. However, there are risks to OSS usage. For example, under some OSS license types, software which uses OSS governed by one of those licenses becomes governed by that same license, which can include requirements to disclose the source code upon request or other limitations. Users/licensees may want to consider including an OSS representation/warranty that any IP or other deliverables provided to it will not contain open source software which has not been disclosed in the agreement or a SOW.

Rights in Bankruptcy (§ 365(n)) Clause

Licensees under software license agreements have a special tool for mitigating risk arising from a bankruptcy of the software licensor. When a company enters bankruptcy, the licensee (or debtor-in-possession) has certain rights to “affirm” or “reject” the debtor’s executory contracts, including some license agreements. 11 U.S.C § 365(n) gives licensees certain rights to continue to use licensed software in the event of the bankruptcy of the software licensor. To ensure these protections are available, consider including a clause in the agreement protecting the licensee’s rights under this section.

Software Escrow Clause

Finally, consider whether to include a contractual requirement for the owner/licensor to escrow licensed software.  For more on software escrow, please see my earlier post on software escrow.

An earlier version of this post first appeared as an article on my blog, Notes from the Trenches.

Eric Lambert has spent most of his legal career working in-house as a proactive problem-solver and business partner. He specializes in transactional agreements, technology/software/e-commerce, privacy, marketing, compliance and practical risk management, and is a technophile and Internet evangelist/enthusiast. In his spare time Eric dabbles in voice-over work and implementing and integrating connected home technologies. Any opinions in this post are his own. This post does not constitute, nor should it be construed as, legal advice.