A software vendor delivers a product with a critical flaw. The client's e-commerce platform goes down for four days during peak season. Lost revenue: $380,000. The contract's limitation of liability clause caps the vendor's total exposure at the fees paid under the agreement: $12,000. The client can sue. They can win. And they can collect $12,000. That is what a limitation of liability clause does when it works as intended for the party that drafted it — and what it does to the party that signed without reading it carefully.
What the clause actually does
A limitation of liability clause (sometimes called a liability cap) sets a ceiling on how much one party can recover from the other if something goes wrong. It does not prevent lawsuits. It does not eliminate liability entirely. It just caps the dollar amount or restricts the types of damages available, so that even a valid, successful claim can only recover up to the agreed limit.
Both sides have reasons to want one. The party providing a service wants to know that a single contract cannot expose them to losses that dwarf the fees they earned. The party receiving the service wants predictability too, and may accept a reasonable cap in exchange for a lower price or better terms elsewhere. Problems arise when the cap is so low, or so broadly drafted, that it effectively insulates one side from accountability for serious failures.
The two main forms: dollar caps and damage exclusions
Most limitation of liability clauses work in one of two ways, or combine both.
A dollar cap sets a maximum recovery amount. Common formulations tie the cap to the fees paid under the contract (often the total contract value or the fees paid in the prior 12 months), a fixed dollar amount, or a multiple of the contract value such as two or three times the fees paid. A cap tied to a $10,000 contract means $10,000 is the most either side can recover, regardless of actual losses. That works fine for small disputes. It creates serious problems when the actual harm is orders of magnitude larger.
A damage exclusion restricts the types of losses that can be recovered rather than the total amount. The most common exclusions cover consequential damages (losses that flow from the breach but are not the direct result of it, like lost profits from a downstream business disruption), indirect damages, incidental damages, and punitive damages. Some contracts exclude all of these categories entirely. Others cap direct damages while excluding consequential ones. The practical effect of a broad consequential damages exclusion is often larger than a dollar cap, because consequential losses are frequently where the real harm lives.
Many contracts combine both: a dollar cap on direct damages plus a full exclusion of consequential damages. That structure can leave the non-drafting party with almost no meaningful recovery for a serious failure.
What courts will and will not enforce
Limitation of liability clauses are generally enforceable in commercial contracts between sophisticated parties. Courts respect the right of businesses to allocate risk by agreement. But enforceability is not guaranteed, and several circumstances can cause a court to refuse enforcement or limit what the clause covers.
Gross negligence and willful misconduct are the most common carve-outs required by law or public policy. Many jurisdictions will not enforce a liability cap that purports to limit recovery for a party's own intentional wrongdoing or reckless disregard for consequences. A vendor who destroys client data on purpose cannot hide behind a $10,000 cap. Some states extend this to fraud: you cannot contractually cap liability for your own fraudulent conduct.
Unconscionability is another ground for non-enforcement. A clause that is so one-sided, presented on a take-it-or-leave-it basis to a party with no real bargaining power, may be unenforceable as unconscionable. This comes up more often in consumer contracts than commercial ones, but courts have applied it to business agreements where the power imbalance was severe.
Personal injury and death claims are frequently carved out of enforceability by statute. In many states, a contract cannot limit liability for physical harm caused by negligence. Software contracts rarely raise this issue, but construction, medical, and product liability contexts do regularly.
State law matters here. California courts tend to scrutinize liability caps more carefully than Texas courts, which generally give commercial parties wide latitude to allocate risk as they see fit. New York enforces caps in commercial contracts but has strong rules against capping gross negligence. Illinois follows similar principles. If a contract is governed by a specific state's law, the enforceability analysis runs under that state's rules.
The carve-outs that belong in every negotiated contract
A well-drafted limitation of liability clause does not just set the cap — it specifies what falls outside it. These carve-outs protect both sides from outcomes neither party intended when they agreed to the cap.
Gross negligence and willful misconduct should always be carved out. A party who causes harm through reckless or intentional conduct should not benefit from a cap negotiated to cover ordinary business risk. Most sophisticated parties will accept this carve-out without significant resistance, because they do not expect to be grossly negligent.
Intellectual property infringement is another standard carve-out. If a vendor's deliverable infringes someone's patent or copyright, the client could face third-party claims that far exceed the contract value. Capping the vendor's indemnification obligation at the contract price in that scenario is unreasonable, and most IP indemnification provisions are drafted to sit outside the general liability cap.
Confidentiality breaches and data security failures are increasingly common carve-outs in technology contracts. The potential harm from a data breach — regulatory fines, notification costs, third-party claims — can vastly exceed the contract value. Vendors with strong security practices often accept unlimited liability for confidentiality breaches because they do not expect to have them. Vendors who resist this carve-out are telling you something about how they assess their own risk.
Fraud and intentional misrepresentation should be carved out for the same reason as willful misconduct. A party who lies to induce the other to enter a contract should not benefit from a cap on damages for that lie.
Negotiating the cap: what each side should push for
If you are the service provider, a cap tied to fees paid under the contract is the standard starting position. It aligns your maximum exposure with the economic value of the engagement. Consequential damages exclusions protect against the scenario where a relatively small service failure triggers massive downstream losses that bear no relationship to what you were paid.
If you are the client, the contract-value cap may be entirely inadequate if your actual exposure from a failure is much larger. Push for a cap that reflects the real risk. A software platform migration contract worth $50,000 that could cause $2 million in harm if botched should not have a $50,000 cap. A multiple of the contract value (two or three times fees paid) is a reasonable negotiating position. Alternatively, push for specific higher caps or unlimited liability for the categories of harm most likely to affect you, such as data breaches, IP infringement, or confidentiality failures.
Reciprocal caps are worth requesting in symmetrical contracts. If the vendor caps their liability at the contract value, the client's liability for things like non-payment or misuse of deliverables should be capped on the same basis. One-sided caps favor the drafter and create imbalanced risk allocation that courts sometimes notice.
A Real Scenario
A mid-size accounting firm hires a cloud software vendor to manage client financial data. The contract's limitation of liability clause caps the vendor's liability at fees paid in the prior three months: $9,000. The vendor suffers a data breach that exposes the financial records of 400 clients. The accounting firm faces regulatory investigations, client notification costs, and reputational damage totaling well over $500,000. Their recovery from the vendor is capped at $9,000. A negotiated carve-out for data security failures, with a separate higher cap or unlimited liability for breach of confidentiality, would have changed the outcome entirely.
Frequently Asked Questions
Can a limitation of liability clause be thrown out entirely by a court?
Yes, in certain circumstances. Courts can refuse to enforce a liability cap that covers gross negligence or willful misconduct, that is unconscionable given the parties' bargaining positions, or that violates a specific statute in the governing jurisdiction. Personal injury and death claims are frequently unwaivable by contract under state law. In commercial contracts between sophisticated parties, however, courts are generally reluctant to override agreed-upon risk allocations, and most caps hold up if they were clearly written and not the product of fraud or duress.
What is the difference between a liability cap and a consequential damages exclusion?
A liability cap sets a maximum dollar amount of recovery. A consequential damages exclusion restricts the types of losses that can be recovered regardless of amount. Consequential damages are losses that flow indirectly from the breach, such as lost profits, lost business opportunities, or downstream customer claims. A contract can have one, both, or neither. In practice, a broad consequential damages exclusion often does more to limit recovery than a dollar cap, because the most significant harm from a serious failure is typically consequential rather than direct.
Does a liability cap apply to third-party claims against me?
It depends on how the clause is drafted. A limitation of liability clause typically governs claims between the contracting parties, not third-party claims. If a vendor's failure causes you to face claims from your own customers, those are third-party claims that the vendor's cap may not address. Indemnification provisions are the separate mechanism for allocating responsibility for third-party claims, and a complete contract addresses both the cap between the parties and the indemnification obligations for third-party exposure.
Is a $1 liability cap enforceable?
Courts have split on this. A nominal cap (one dollar, one euro) is sometimes used to signal that the drafting party wants to eliminate liability almost entirely. Some courts treat this as effectively no cap and allow full recovery. Others enforce it as written. The safer approach for drafting parties who want near-zero liability is a very low but non-nominal cap, combined with broad consequential damages exclusions and carefully drafted carve-outs. A $1 cap in a commercial contract invites litigation over enforceability that a more reasonable cap would avoid.
Should both sides be subject to the same liability cap?
In many commercial contracts, yes, and a symmetrical cap is a reasonable negotiating position for the party that did not draft the agreement. If the vendor caps their liability at the contract value, the client's liability for breach (non-payment, misuse of deliverables, breach of confidentiality) is often capped on the same basis. Asymmetrical caps that protect only the drafting party create imbalanced risk and can be a signal that the drafter is not negotiating in good faith about risk allocation.