BizLeaseCheck
Vendor contract guide

MSA Indemnification Clauses: IP Claims, Defense Control & Settlement Consent

Indemnity decides who handles third-party claims, who controls the defense, and whether the liability cap actually protects either side.

Last reviewed: May 26, 2026 by the BizLeaseCheck Editorial Team

General information, not legal advice.

Analyze a vendor contract PDF All vendor contract guides

Overview

Indemnification is a risk-transfer clause. In vendor contracts, the most common high-value indemnity is for third-party IP infringement claims, but data, confidentiality, bodily injury, property damage, and customer misuse can also appear.

The clause should explain what claims are covered, whether defense costs are included, who controls defense, when consent is needed for settlement, and how indemnity interacts with the limitation of liability.

Topics to check

Separate third-party claims from first-party lossesHigh confidence

A narrow indemnity may cover only third-party claims. A broad one may also cover direct losses between the customer and vendor. That difference changes both exposure and settlement leverage.

If indemnity is uncapped, the definition of covered claim needs to be tight enough that ordinary breach disputes do not become uncapped indemnity disputes.

IP infringement indemnity should have remediesHigh confidence

For software and SaaS, an IP indemnity often lets the vendor procure continued rights, modify the service, replace it, or terminate affected access if infringement risk cannot be resolved.

Customers should check whether termination refunds are meaningful if the vendor ends the service after an IP claim. Vendors should check exclusions for customer content, unauthorized modifications, and use outside documentation.

Defense control and settlement consent matterHigh confidence

A party paying for defense usually wants control. The other party usually needs settlement consent if a settlement admits fault, imposes non-monetary obligations, restricts business operations, or requires customer action.

Notice deadlines should protect against prejudice without creating a technical forfeiture for harmless late notice.

Key takeaways

  • Indemnity should say whether it covers third-party claims only or broader first-party losses.
  • IP indemnity needs practical remedies if the vendor cannot continue providing the service.
  • Defense control, counsel selection, cooperation, and settlement consent should be explicit.
  • Uncapped indemnity requires narrow definitions and careful cross-checking against liability caps.
  • Customer misuse and vendor unauthorized changes often need separate exclusions.

Official resources

9 U.S.C. § 2 — enforceability baseline for arbitration clauses UCC § 2-719 — limitation of remedies

Legal-review notes

Guide confidence marker: Medium confidence.

  • Indemnity enforceability, anti-indemnity statutes, and defense-obligation rules can vary by state and industry.
  • Have counsel review any uncapped or first-party indemnity before treating the cap table as final.

Frequently asked questions

Should indemnity be mutual?

It depends on the claims. IP infringement is often vendor-side. Customer content, misuse, and data supplied by the customer can justify customer-side indemnity. The goal is matching risk to control.

Is indemnity usually capped?

Some indemnities are capped, some have super-caps, and some are uncapped. The key is to check which claims are outside the ordinary liability cap.

Can an indemnity clause create payment risk without a lawsuit?

Yes, if it covers demands, settlements, investigations, or direct losses. Read the trigger language, not only the heading.