Clauses
Open
Handling third party claims
>
Customer’s Obligations

X.X.  Customer’s Obligations.  Customer will have the following obligations to handle claims arising from misuse.
If Provider receives a Claim from an Outside Entity (including after the end of a Service Period) and that Claim arises from Customer’s Infringing or Unlawful Content{"name":"Narrower claims - Infringement only", "deleteText":", Customer's violation of the \u201cProhibited Data\u201d Section, or Customer's use of the Cloud Services for a High Risk Activity or unlawful purpose"}, and Provider complies with the requirements in the “Claim Coordination” Section, then, at its own expense, Customer shall do the following:

  1. defend Provider from and against the Claim; and
  2. pay, on behalf of Provider, all amounts awarded against Provider (including reasonable attorneys’ fees) as a result of the Claim, or any amounts agreed by Customer to be paid in settlement of the Claim.
Before you copy and paste
  • Should we include this “Customer’s Obligations…” clause at all?<endsummary>This clause isn’t mandatory. While many Providers include a Customer indemnity to shift responsibility for certain nonparty claims, others leave it out, especially when the risks are low or the clause might cause unnecessary negotiation friction.The risks covered here, like infringing content, are relatively low in B2B SaaS.  Most platforms are used internally, which means content typically isn’t public-facing, so the chances of defamation, copyright infringement, or similar claims are lower, compared to B2C contexts. And even when content issues arise, they’re often resolved by removing the content, not through lawsuits.Still, these risks are not zero. Customers may upload or generate infringing content, submit sensitive or regulated data without proper consent, or use the Cloud Services in ways the Provider did not intend or permit. Even if the Provider is not at fault, it may be pulled into a third-party dispute or regulatory inquiry, and the associated defense and payment costs could be significant.You may want to include this clause if:
    • your platform supports public or user-generated content;
    • customers might upload others’ sensitive or regulated data (like health, student, or financial information);
    • your Cloud Services could be used in risky or unintended ways; or
    • you're generally trying to reduce exposure to edge-case claims involving customer misuse.
    But if those risks feel remote, and you’d rather avoid drawn-out negotiations with customers, it’s also reasonable to leave the clause out.
  • Should we expand the clause to cover other types of claims?<endsummary>Some platforms carry a greater risk of third-party claims, not just because of what customers upload, but also because of how they use the Cloud Services in regulated or sensitive environments. These risks can come from Customer conduct that violates laws, creates regulatory exposure, or causes harm to others.You may want to broaden the clause if any of the following are true:
    • The Cloud Services are likely to be used in regulated sectors such as healthcare, finance, or education, or in other contexts that involve regulatory risk, such as government use, HR decision-making, or targeted advertising.
    • Customers may use the Cloud Services in ways that violate laws designed to protect others, such as anti-discrimination, marketing, or surveillance laws.
    • A regulator or third party might reasonably expect the Provider to be responsible if a Customer misuses the platform.
    If these risks do not apply, a narrower clause may be sufficient and easier to get through negotiations.
  • Should we narrow the clause to focus only on infringement claims?<endsummary>
    • If the primary concern is that Customers might upload infringing content, and the Cloud Services are not used in high-risk or regulated contexts—then limiting the clause to infringement may offer enough protection.
    • A narrower version still provides meaningful protection in many B2B SaaS scenarios. And it may reduce the time spent negotiating indemnity language.

Why we wrote it this way
  • Why we leave out the phrase “hold harmless”<endsummary>“Hold harmless” is a familiar phrase, but not a clear one. Courts across the U.S. disagree on what it means, and whether it adds anything to an indemnity clause. Most jurisdictions treat “hold harmless” as a synonym for “indemnify,” but some courts try to give it independent meaning, suggesting it offers broader protection, such as covering the risk of loss rather than just reimbursement after costs are incurred. That kind of ambiguity can create disagreement later.  If courts or the parties themselves don’t read the phrase the same way, it can lead to arguments about what the clause really requires. If the parties want to draw distinctions about the types of protections or costs this clause covers, it’s better to say that directly. That’s why this clause leaves out “hold harmless” and instead states clearly what the Provider is responsible for.
  • Why we use the word “pay” instead of “indemnify” <endsummary>We’re not against the word “indemnify.” We just don’t think it adds clarity.On its own, “indemnify” can be vague. Courts and lawyers don’t always agree on what it includes: whether it means reimbursing, paying upfront, or protecting someone from having to incur a cost at all.Even when paired with a list of covered losses, “indemnify” doesn’t make it clear when the Customer must pay. Is it only after a judgment? After the Provider pays out of pocket? Or does it include advancing costs during the claim? That lack of clarity creates confusion.That’s why this clause just says what we mean:
    • pay amounts awarded in the Claim
    • cover settlement payments
    That’s the substance of indemnification, without relying on legal shorthand.Using “pay” doesn’t narrow the obligation. It just makes it easier for lawyers, business teams, and courts to see what’s covered and when payment is required.
  • Why we include an obligation for the Customer to “defend” the Provider<endsummary>When a third party brings a claim based on Customer conduct, such as uploading infringing content, submitting regulated data without consent, or using the Cloud Services for an unlawful purpose, the Customer is the one with the relevant facts. The Provider may have had no visibility into the conduct and played no role in it. This clause requires the Customer to lead the defense so that the party best positioned to respond quickly and accurately is the one handling the claim.
  • Why the Customer’s obligations continue after it stops using the Cloud Services<endsummary>The Customer’s obligations don’t just end because the Customer’s access does. If a Claim shows up later, even after Service Closure, this clause makes  clear that the  Customer is still obligated to defend and pay. That is typical in SaaS agreements. Most say that indemnification obligations “survive” the agreement, but they bury that point in a separate survival clause. We think it’s clearer to just say it here. No cross-referencing. Just a clause that explains when it applies.
  • Why we specify the costs that Customer must cover<endsummary>Instead of using broad terms like “liabilities” or “losses,” we spell out exactly what Customer must cover: (1) amounts awarded or settlement payments; and (2) costs of defending the claim. General terms like "losses" can be interpreted to sweep in broader harms, such as lost profits or business interruption, that usually go beyond what indemnities are meant to cover. Naming the categories directly helps clarify the obligations and reduce the risk of disputes later.
  • Why we leave out any obligation to reimburse assistance costs<endsummary>Unlike the Provider indemnity for Service Infringement Claims, in which Provider is obligated to reimburse Customer for reasonable costs it incurred while assisting with Provider’s defense, this clause doesn’t include any reimbursement obligation. Here, the Customer controls the defense and is responsible for resolving the claim. The Customer might occasionally request help from the Provider, like access to logs, product behavior details, or technical background, but that assistance tends to be specific and limited. By contrast, Service Infringement Claims often require deeper, ongoing involvement from the Customer to support the Provider’s defense of its Cloud Services. That’s why reimbursement appears in the Provider clause but not here.  Including it in this clause would likely create negotiation friction without addressing a frequent or high-burden need.
  • Why we avoid listing affiliates or other protected parties<endsummary>Some agreements list affiliates, employees, or other individuals or entities as additional indemnified parties. We do not. This clause focuses on the relationship between the two contracting parties: the Provider and the Customer.  Our rationale:
    • A Customer cannot fulfill its defense obligations effectively without coordinating with the party it is defending. That coordination includes timely notice, strategy decisions, settlement approval, and ongoing cooperation. Without a direct contractual obligation to cooperate with that entity, it is not practical for the Customer to take on responsibility for defending that entity.
    • Limiting the clause to the Provider avoids complicated legal questions about whether non-Provider entities truly qualify as third-party beneficiaries with a direct and enforceable right under the contract.
    Still, for clarity and control, if the goal is to protect specific non-Provider entities, a better approach is to create a separate clause or add language that clearly defines the Customer’s obligations toward them. Simply listing additional parties here, without adjusting the obligations, creates uncertainty about what protections they have and how those protections are enforced.

Optional variations
Modify text below to replace it.
Oops! Something went wrong while submitting the form.
{ "optionalVariations": { "option1": { "name":"Narrower claims - Infringement only", "afterText":"Unlawful Content", "deleteText":", Customer\u2019s violation of the \u201cProhibited Data\u201d Section, or Customer\u2019s use of the Cloud Services for a High Risk Activity or unlawful purpose,", "displayedText":"Narrow the scope to cover infringement claims only" }}}
Definitions
  • Customer’s Infringing or Unlawful Content<endsummary>Customer Content that violates or infringes others’ Intellectual Property Rights, privacy rights, publicity rights, or other legal rights, including rights to prior consent.
  • High Risk Activity<endsummary>an activity (such as operation of nuclear facilities, air traffic control, life support systems, or emergency services) where the use or failure of the Cloud Services or a particular feature of the Cloud Services would reasonably be expected to lead to death, personal injury, or environmental or property damage.
  • Claim<endsummary>any demand, notice, investigation, action, suit, or proceeding.
  • Service Period<endsummary>the period beginning on the Service Start Date and continuing for the service duration, as specified in each Order.

Related clauses
  • Limitation of Liability<endsummary>The Limitation of Liability clause sets financial boundaries on each party’s responsibility if something goes wrong, helping both sides manage risk and prepare for worst-case scenarios. One of those scenarios is a lawsuit from an Outside Entity. This clause addresses that risk through a defense obligation, where the Customer steps in, takes control, and handles the entire claim. For that to work smoothly, the Provider needs confidence that the Customer has both the incentive and financial ability to see the defense through. Capping liability can undercut that structure. Once the cap is reached, the Customer may no longer be required to continue defending the claim. That creates real disruption: a midstream handoff of a live legal claim is rarely smooth. It can mean switching law firms, shifting strategies, and restarting coordination, all while the claim continues to move forward. The result is delay and confusion. If your agreement includes a liability cap, consider carving out this clause. Leaving it uncapped keeps the Customer responsible for the full scope of defense and resolution.
  • Survival<endsummary>Make sure the Survival section is consistent with this clause.  As written, the Customer’s obligation lasts indefinitely (”including after the end of a Service Period”)

Close Modal