Clauses
Open
Handling third party claims
>
Provider’s Obligations

X.X.  Provider’s Obligations to Handle Cloud Services IP Claims.  If Customer receives a Service Infringement Claim from an Outside Entity (including after the end of a Service Period), and that Claim is not solely the result of Customer’s Improper Customization; {"name":"No claims involving Trials and Pre-Release","deleteText":" Customer’s use of a Trial or Pre-Release Feature;"}  or the Provider’s implementation of Customer’s specifications, instructions, or requirements  and Customer complies with the requirements in the Section “Claim Coordination” below, then, at its own expense, Provider shall do the following as Customer’s only legal remedies for that Claim:

  1. defend Customer from and against the Claim;
  2. pay, on behalf of Customer, all amounts awarded against Customer (including reasonable attorneys’ fees) as a result of the Claim, or any amounts agreed by Provider to be paid in settlement of the Claim; and
  3. if the Claim results in a settlement or court order prohibiting Customer from using any part of the Cloud Services, then either: (i) obtain the necessary rights for Customer to continue using the Cloud Services, if commercially reasonable; (ii) implement an Infringement Mitigation, if feasible; or (iii) if neither of those options is available, proceed with Early Termination in accordance with the “Early Termination” Section, and issue a Prorated Refund to Customer.
  4. {"name":"Reimburse the Customer","addText":"reimburse the Customer for all the Customer's expenses in helping to defend the claim."}
Before you copy and paste
  • Should we carve out Claims involving Trials and Pre-Release Features?<endsummary>By default, this clause does not carve out Trials or Pre-Release Features. If you offer them, consider adding a carveout so the Provider is not responsible for Claims related to those features.  If not, you can leave it out.Select this variation in the “Optional Variations” panel to add this carveout to the clause.
    • If your agreement already addresses this carveout elsewhere (such as in a separate section or attachment), adding it here might be unnecessary.
    • If it does not, adding it here can help make clear that the Provider’s obligations do not apply to those features.
  • Should we reimburse the Customer for helping us defend a claim?<endsummary>
    • By default, this clause does not require the Provider to reimburse the Customer for costs incurred while assisting with a Claim. But in practice, defending a Claim, especially an IP Claim, often depends on the Customer’s support. The Provider may need technical explanations, usage information, and other help to respond fully and accurately.
    • Adding this clause gives the Customer a right to recover reasonable costs tied to investigation, defense, or settlement. The term “reasonable” is not defined, so the parties may still disagree later about which specific costs are covered. But including the clause can avoid a broader dispute over whether the Provider is responsible for support costs at all, which can make cooperation more reliable.
    • Leaving this clause out allows the Provider to keep the scope of its obligations narrower, and handle reimbursement requests on a case-by-case basis.
    • Select this variation in the “Optional Variations” panel to add the reimbursement obligation to the clause.
  • Should we carve out Claims involving Customer-provided specifications or instructions?<endsummary>This clause assumes the Provider is offering standardized Cloud Services, where the same service is delivered to all customers without tailoring.If your deal includes customized services, such as custom builds, white-label versions, or configurations based on the Customer’s instructions, ask whether that work is clearly defined as a separate service (such as onboarding or professional services) and excluded from the definition of Cloud Services.
    • If the custom work is treated as a separate service, this clause does not apply to it, and no carveout is needed.
    • If the custom work is treated as part of the Cloud Services, consider adding a carveout for Claims caused by following Customer-provided specifications, instructions, or requirements.
  • Is our User Documentation clear enough to support the Customer’s Improper Customization carveout?<endsummary>For the carveout to work, the Provider needs to show that the Customer used the Cloud Services in a way that strays from how they are meant to be used under the User Documentation. That makes the User Documentation an important part of how the carveout applies.This clarity is especially important if the Customer:
    • Modifies the Cloud Services;
    • Combines them with other software, tools, or systems;
    • Uses integration points in ways that are not documented or are discouraged.
    These kinds of usage boundaries are hard to fully capture in the contract. Cloud Services are often designed to be configurable, work with other tools, and run in many different environments. That flexibility is part of their value. But it also makes it difficult to list every unsupported or discouraged use in the agreement itself.That is why this carveout relies on User Documentation. It can define clearer technical boundaries, evolve alongside your services, and help show when a Customer went beyond the expected use.
  • If we offer downloadable software, do we need a carveout for use of outdated versions?<endsummary>This issue only comes up if your Cloud Services include downloadable software components. If everything runs in the cloud and users don’t install anything locally, you can skip this.But if customers have to download and run software, consider whether they are also required to update that software to keep using the Cloud Services.
    • If customers can continue using outdated versions, the Provider could be responsible for infringement claims tied to the outdated code, even if a newer, non-infringing version is available. A carveout can help limit that risk.
    • If the Cloud Services stop working unless the software is updated, the Provider controls which version is in use, so a carveout may not be needed.
    The current clause assumes that the Cloud Services are designed to prevent continued use of outdated software. If that is not the case, a carveout may help clarify that the Provider is not responsible for issues that could have been avoided by updating.

Why we wrote it this way
  • Why we leave out the phrase “hold harmless”<endsummary> “Hold harmless” is a familiar phrase, but not a clear one. Courts across the U.S. disagree on what it means, and whether it adds anything to an indemnity clause. Most jurisdictions treat “hold harmless” as a synonym for “indemnify,” but some courts try to give it independent meaning, suggesting it offers broader protection, such as covering the risk of loss rather than just reimbursement after costs are incurred. That kind of ambiguity can create disagreement later.  If courts or the parties themselves don’t read the phrase the same way, it can lead to arguments about what the clause really requires. If the parties want to draw distinctions about the types of protections or costs this clause covers, it’s better to say that directly.That’s why this clause leaves out “hold harmless” and instead states clearly what the Provider is responsible for.
  • Why we use “pay” instead of “indemnify”<endsummary> We’re not against the word “indemnify.” We just don’t think it adds clarity.On its own, “indemnify” can be vague. Courts and lawyers don’t always agree on what it includes: whether it means reimbursing, paying upfront, or protecting someone from having to incur a cost at all.Even when paired with a list of covered losses, “indemnify” doesn’t make it clear when the Provider must pay. Is it only after a judgment? After the Customer pays out of pocket? Or does it include advancing costs during the claim? That lack of clarity creates confusion.That’s why this clause just says what we mean:
    • pay amounts awarded in the Claim
    • cover settlement payments
    • reimburse reasonable costs of assisting with the Claim (if that optional language is included)
    That’s the substance of indemnification, without relying on legal shorthand.Using “pay” doesn’t narrow the obligation. It just makes it easier for lawyers, business teams, and courts to see what’s covered and when payment is required.
  • Why we include an obligation for the Provider to “defend” the Customer<endsummary>In SaaS deals, it’s often in both parties’ interests for the Provider, not the Customer, to handle the defense in a Service Infringement Claim. Litigation is resource-intensive, but the Provider usually wants to control lawsuits that challenge the intellectual property rights in their Cloud Services. That is especially true if they are already defending similar claims against themselves or other customers. And while Customers often prefer to control their own legal defense, many are happy to defer in this situation. The Provider typically has both the knowledge and the incentive to defend aggressively, particularly when the outcome could affect every customer using the service.
  • Why the Provider’s obligations continue after the Customer’s access ends<endsummary>The Provider’s responsibility doesn’t end just because the Customer’s access does.If a Service Infringement Claim comes in later, even after Service Closure, this clause makes clear that the Provider is still obligated to defend and pay.That is typical in SaaS agreements. Most say that indemnification obligations “survive” the agreement, but they bury that point in a separate survival clause. We think it’s clearer to say it directly. No cross-referencing. Just a clause that explains when it applies.
  • Why we include a carveout for the Customer’s Improper Customizations<endsummary>This carveout limits the Provider’s responsibility when a claim arises from something the Customer did, such as modifying the Cloud Services, combining them with other tools, or using them in unsupported ways. The goal is simple: to avoid making the Provider liable for risks it cannot reasonably control. But this carveout can also make enforcement more complex. When a claim arises, the Provider typically needs to act quickly to take control of the defense. The carveout introduces a threshold question: does the Provider even have an obligation to defend? That question often turns on facts that are not clear at the outset. Was the alleged infringement caused by something the Customer did? By a third-party integration? Or by the Cloud Services as delivered? Sorting that out can delay the Provider’s response or create friction between the parties at a time when coordination matters most. In some cases, the uncertainty may even affect whether the claim is resolved efficiently or escalates. Even so, we chose to include the carveout. The risk of friction or delay is real, but it’s outweighed by the importance of setting clear boundaries around the Provider’s responsibility. If the Customer introduces a risk the Provider did not create or control, it is reasonable to exclude that from the Provider’s indemnity obligations and to work through any case-specific gray areas if and when they arise.
  • Why we specify the costs that the Provider must cover<endsummary>Instead of using broad terms like “liabilities” or “losses,” we spell out exactly what the Provider must cover: (1) amounts awarded or settlement payments; (2) costs of defending the claim; and (3) costs Customer incurred while assisting with investigation, defense, and settlement (if that optional language is included). General terms like "losses" can be interpreted to sweep in broader harms, such as lost profits or business interruption, that usually go beyond what indemnities are meant to cover. Naming the categories directly helps clarify the obligations and reduce the risk of disputes later.
  • Why we avoid listing affiliates or other protected parties<endsummary>Some agreements list affiliates, employees, or other individuals or entities as additional indemnified parties. We do not. This clause focuses on the relationship between the two contracting parties: the Provider and the Customer.  Our rationale:
    • A Provider cannot fulfill its defense obligations effectively without coordinating with the party it is defending. That coordination includes timely notice, strategy decisions, settlement approval, and ongoing cooperation. Without a direct contractual obligation to cooperate with that entity, it is not practical for a Provider to take on responsibility for defending that entity.
    • Limiting the clause to the Customer avoids complicated legal questions about whether non-Customer entities truly qualify as third-party beneficiaries with a direct and enforceable right under the contract.
    Even so, many agreements still include broader lists of indemnified parties. This often reflects a customer’s desire for broader perceived protection across their ecosystem. For providers, accepting broader language, despite the legal and practical challenges mentioned above, is often a pragmatic business decision. In many SaaS contexts, the likelihood of a messy defense is low, and the perceived benefits of faster deal-making, customer goodwill, or market norms may outweigh those risks.Still, for clarity and control, if the goal is to protect specific non-Customer entities, a potentially better approach is to create a separate clause or add language that clearly defines the Provider’s obligations toward them. Simply listing additional parties here, without adjusting the obligations, creates uncertainty about what protections they have and how those protections are enforced.

Optional variations
Modify text below to replace it.
Oops! Something went wrong while submitting the form.
{"optionalVariations":{"option1":{"name":"Claims involving Trials and Pre-Release","addText":"If the claim involves the Customer’s use of a Trial or Pre-Release Feature, the Provider's obligations shall be limited to ...","afterText":"</li></ol>","displayedText":"Carve out Claims involving Trials and Pre-Release Features"},"option2":{"name":"Reimburse the Customer","addText":"<li>reimburse the Customer for all the Customer's expenses in helping to defend the claim.</li>","afterText":"and issue a Prorated Refund to Customer.</li>","displayedText":"Reimburse the Customer for helping to defend a Claim"}}}
Definitions
  • Service Infringement Claim<endsummary>a Claim that the Cloud Services, as used by Customer in accordance with this Agreement, infringe or misappropriate others’ Intellectual Property Rights.
  • Customer’s Improper Customization<endsummary>Customer’s modification, change, or combination of the Cloud Services with other software, systems, or data that: (1) results in infringement or misappropriation of others’ Intellectual Property Rights, and (2) would not have resulted in that infringement or misappropriation if Customer had used the Cloud Services as described in the User Documentation.
  • Infringement Mitigation<endsummary> modifying or replacing the allegedly infringing portion of the Cloud Services to make it non-infringing, without substantially impairing the Cloud Services’ primary features.
  • Trial<endsummary>means a limited time period during which Customer may use the Cloud Services on a free or trial basis, as specified in the applicable Order.
  • Pre-Release Features<endsummary>optional features, functionalities, or services that Provider invites Customer to use before they are generally available to all customers.
  • Early Termination<endsummary>nding a Service Period before its expiration date.
  • Claim<endsummary>any demand, notice, investigation, action, suit, or proceeding.
  • Prorated Refund<endsummary>a refund of prepaid fees covering the period from the effective date of termination to the end of the Service Period.
  • Service Period<endsummary>the period beginning on the Service Start Date and continuing for the service duration, as specified in each Order.

Related clauses
  • Limitation of Liability<endsummary>The Limitation of Liability clause sets financial boundaries on each party’s responsibility if something goes wrong, helping both sides manage risk and prepare for worst-case scenarios. One of those scenarios is a lawsuit from an Outside Entity.  This clause addresses that risk through a defense obligation, where the Provider steps in, takes control, and handles the entire claim. For that to work smoothly, the Customer needs confidence that the Provider has both the incentive and financial ability to see the defense through. Capping liability can undercut that structure. Once the cap is reached, the Provider may no longer be required to continue defending the claim. That creates real disruption: a midstream handoff of a live legal claim is rarely smooth. It can mean switching law firms, shifting strategies, and restarting coordination, all while the claim continues to move forward. The result is delay and confusion. If your agreement includes a liability cap, consider carving out this clause. Leaving it uncapped keeps the Provider responsible for the full scope of defense and resolution.
  • Survival<endsummary>Make sure the Survival section is consistent with this clause.  As written, the Provider’s obligation lasts indefinitely (”including after the end of a Service Period”)

Close Modal