Understanding Common Exceptions to Limitations of Liability Clauses in Contracts

Limitations of liability clauses are among the most negotiated provisions in any commercial contract, and for good reason. Without a cap, a single dispute can expose a party to damages far exceeding the value of the deal.

But the cap is only half the story. The real risk often sits in the exceptions.

Almost every well-drafted contract includes exceptions: specific categories of claims or conduct that fall outside the cap entirely. These are not loopholes. They reflect a deliberate judgment that certain types of harm should not benefit from the same financial protection as ordinary performance failures.

Understanding which exceptions are standard, why they exist, and how to handle them in negotiation is essential for any business entering into a commercial contract.

Gross Negligence and Willful Misconduct

The most common exception to any liability cap is conduct that rises above ordinary negligence to gross negligence or willful misconduct. Ordinary negligence is the kind of mistake that liability caps are designed to address: a failure to meet a reasonable standard of care. Gross negligence involves a serious departure from that standard. Willful misconduct involves intentional harmful action.

A party should not be able to contractually insulate itself from the consequences of reckless or deliberate harm. Courts in most jurisdictions will not enforce liability caps that purport to cover intentional wrongdoing, and many will limit their enforcement even for gross negligence. Including this exception in the contract largely codifies what courts would apply anyway.

How to handle it: Accept this exception as standard. If you are the party more likely to be providing services or controlling performance, focus instead on ensuring the contract defines the applicable standard of care clearly, so that the line between ordinary negligence and gross negligence is not easily blurred in a dispute.

Fraud and Intentional Misrepresentation

Fraud is universally excepted from liability caps. A party that induces another to enter a contract through false representations has not simply underperformed; it has obtained the other party's agreement through deception. Allowing the deceiving party to then shelter behind a liability cap would reward the fraud. That is not a risk allocation issue; it is a legitimacy issue.

Intentional misrepresentation operates similarly. Even where a statement does not rise to the level of common law fraud, a deliberate false statement that causes harm to the other party is not conduct that the law generally permits to be capped by contract.

How to handle it: Treat this exception as non-negotiable. If a counterparty pushes back on a fraud exception, that resistance is itself a significant red flag about how the relationship may unfold.

Intellectual Property Infringement

IP indemnification obligations are routinely excepted from liability caps. These obligations cover claims that one party's deliverables, software, or content infringe a third party's intellectual property rights. IP infringement claims can carry statutory damages, injunctions, and third-party litigation costs that are entirely unpredictable at the time of contracting and can dwarf the contract value.

For the indemnified party, the exception makes sense. If a vendor delivers software that turns out to infringe a patent, the customer facing an infringement lawsuit should not be limited to recovering a fraction of the contract price from the vendor who caused the problem.

How to handle it: If you are the indemnifying party, negotiate boundaries around the IP indemnity obligation itself. Excluding infringement caused by the other party's modifications, combinations with third-party materials, or use outside the scope of the license are all commercially standard limitations. The indemnity exception to the liability cap is more manageable when the indemnity obligation itself is precisely scoped.

Confidentiality and Data Security Breaches

Confidentiality obligations and, increasingly, data security obligations are another frequent exception to liability caps. The exposure from a breach of confidentiality or a data security failure can extend well beyond the bilateral relationship. Regulatory penalties, third-party litigation, reputational harm, and customer notification obligations can all follow from a single incident.

For contracts involving sensitive business information, personal data, or regulated data categories, excepting confidentiality and data security breaches from the liability cap is commercially standard. The party entrusting its data needs to know that the full value of that data, not just the contract fee, is at stake if the other party fails to protect it.

How to handle it: If you are the data custodian or service provider, you have two practical options. First, limit the exception to breaches resulting from your failure to meet the contractually specified security standard, rather than any breach regardless of cause. Second, if full uncapped exposure is not acceptable, negotiate a separate, higher cap for data security claims, such as two to three times the fees paid, rather than treating them as fully uncapped. Either approach is more defensible than accepting broad uncapped exposure tied to no defined standard.

Indemnification Obligations Generally

Some contracts except all indemnification obligations from the liability cap, not just IP indemnities. A blanket exception for all indemnification obligations is one of the fastest ways to eliminate the liability cap entirely, often without either party fully appreciating it at the time of signing.

Indemnification provisions allocate third-party risk between the contracting parties: if one party's conduct causes a third party to assert a claim against the other, the indemnifying party is obligated to defend and hold harmless the indemnified party. Excepting all such obligations from the cap means that liability exposure for third-party claims is unlimited. Whether that is appropriate depends on the nature of the contract. In agreements involving physical performance such as construction, logistics, or professional services with significant third-party exposure, broad indemnification exceptions are common. In purely software or SaaS agreements, the exception is more often limited to specific categories.

How to handle it: Resist agreeing to a blanket exception for all indemnification obligations unless the nature of the contract genuinely warrants it. Identify which indemnification categories should be uncapped and negotiate the exception to cover only those categories.

When Exceptions Overlap: Uncapped by Accident

One of the most consequential risks in contract negotiation is not any single exception to the liability cap but the cumulative effect of multiple exceptions. A contract that separately excepts IP indemnification, confidentiality breaches, and all indemnification obligations may have a liability cap that applies only to a narrow category of residual claims. The parties negotiated a cap; what they actually have is a cap that covers very little. In extreme cases, the cap becomes largely cosmetic.

This outcome is rarely intentional. It tends to result from each exception being negotiated in isolation without anyone stepping back to assess what the cap actually covers once all exceptions are in place. In technology and SaaS agreements, where IP indemnification, data security, and broad indemnification language are all common, the risk of unintended uncapped exposure is particularly high.

How to handle it: Before finalizing any contract with multiple liability cap exceptions, map out what the cap actually covers after all exceptions are applied. If the remaining scope is narrow, reconsider whether the exceptions need to be individually restructured or whether the cap level itself needs to be adjusted to reflect the actual risk allocation.

Payment Obligations

Payment obligations are typically excluded from liability caps. The cap is meant to limit exposure for breach, not to give a party a ceiling on amounts it has agreed to pay. A liability cap that could limit a party's obligation to pay fees already earned would fundamentally undermine the economics of the deal.

How to handle it: Accept this exception as standard. The only context in which it requires negotiation is where there is a genuine dispute about whether a claimed amount is a payment obligation or a damages claim, something that can arise in more complex agreements.

The Takeaway

Liability caps and their exceptions are not boilerplate. They are negotiated risk allocation decisions that can determine the financial consequences of a dispute years after signing.

The question is not whether exceptions exist. It is whether, taken together, they leave you with a meaningful cap or the illusion of one.

This post is general information only and does not constitute legal advice. If you have questions about how limitations of liability are structured in your contracts, or need help reviewing or negotiating these provisions, contact Cruxterra Law Group.