Limitation of Liability Clauses for UK SaaS Startups

Alex Solo
byAlex Solo12 min read
Contracts
Contents

If you run a SaaS business in the UK, the limitation of liability clause is often the part of the contract that matters most when something goes wrong. Founders regularly make three expensive mistakes here: they copy a liability cap from another company without checking whether it fits their product, they accept a customer's uncapped indemnity wording without realising the exposure, or they assume a clause is enforceable just because both sides signed it. None of those assumptions is safe.

A good liability clause does more than trim risk on paper. It sets the commercial deal between you and your customer, supplier or integration partner. It also affects insurance, pricing, support promises and how much legal risk you carry if there is downtime, data loss, a security issue or a failed implementation.

This guide explains what a limitation of liability clause means for UK SaaS startups, what the law does and does not let you exclude, what to check before you sign, and the drafting mistakes that commonly leave founders exposed.

Overview

A limitation of liability clause sets the outer boundary of what one party may have to pay if the contract is breached or something goes wrong. For UK SaaS startups, the right wording usually balances three things: legal enforceability, the level of technical and commercial risk in the deal, and what the business can realistically afford to stand behind.

  • Check whether the clause limits direct losses, indirect losses, or both.
  • Check the liability cap, including whether it is tied to fees paid under the contract and over what period.
  • Check which liabilities are carved out and cannot be limited, such as fraud, and whether the carve-outs go too far.
  • Check whether service credits are the sole remedy for downtime or service failures.
  • Check how the clause interacts with indemnities, data protection obligations, confidentiality and intellectual property terms.
  • Check whether the wording is likely to be reasonable and enforceable under UK law.

What Limitation of Liability Clause SaaS Startups Means For UK Businesses

A limitation of liability clause decides who carries the financial risk when your software contract does not go to plan. In practice, it can be the difference between a manageable refund and a claim that threatens the business.

For SaaS startups, liability clauses usually appear in customer agreements, supplier contracts, reseller deals, implementation statements of work and enterprise procurement terms. The clause may cap liability at a fixed amount, such as £50,000, or by reference to fees, such as 100% of fees paid in the previous 12 months.

What the clause usually covers

Most SaaS contracts split liability into categories so that not every type of loss is treated the same way. That matters because a customer's claimed losses can be much larger than the fees they paid, especially if they say your outage disrupted their business operations or caused them to lose revenue.

A typical clause may deal with:

  • the overall cap on liability for all claims under the contract
  • separate caps for certain types of risk, such as data protection breaches
  • excluded losses, such as loss of profit, loss of revenue, loss of anticipated savings and loss of goodwill
  • liability that cannot legally be excluded or limited
  • specific remedies for service failure, such as service credits

Why this matters more in SaaS than in many other sectors

SaaS businesses often promise ongoing performance rather than a one-off delivery. That means risk does not end when the contract is signed. It continues through uptime obligations, support response times, integrations, security commitments and data handling.

This is where founders often get caught. A customer may accept a headline liability cap, but another clause elsewhere in the agreement may reopen the risk. Common examples include broad indemnities, unlimited confidentiality liability, uncapped data protection obligations, or acceptance criteria that create extra exposure if onboarding fails.

What UK law allows and restricts

UK law does allow businesses to limit liability in commercial contracts, but not without boundaries. Some liabilities cannot be excluded at all. For example, a party cannot exclude liability for fraud or fraudulent misrepresentation, and liability for death or personal injury caused by negligence cannot generally be excluded.

Other exclusions and limitations may be subject to a reasonableness test, particularly under the Unfair Contract Terms Act 1977. In business-to-business SaaS contracts, that often means the court would look at whether the term was fair and reasonable in the circumstances known when the contract was made.

Reasonableness is not just a drafting issue. It is also commercial. Relevant factors may include:

  • the parties' bargaining strength
  • whether the customer had a realistic chance to negotiate
  • the value of the contract
  • what insurance each party could reasonably obtain
  • whether the clause was brought clearly to the other party's attention
  • whether the cap bears some sensible relationship to the risk and price

A cap of one month's fees in a contract for mission critical software may be harder to defend than a cap of 12 months' fees, particularly if the supplier made strong promises about resilience and security.

Common cap structures for SaaS contracts

There is no single correct cap for every startup. The right position depends on the product, customer profile, contract value, data sensitivity and insurance.

Common structures include:

  • a cap equal to fees paid in the previous 12 months
  • a multiple of annual fees, such as 125% or 150%
  • a fixed monetary cap for lower value agreements
  • different caps for different risks, such as a higher cap for confidentiality or data protection breaches
  • uncapped liability for a narrow set of serious matters, although startups should treat this carefully

Enterprise customers often ask for a very high cap, or no cap at all, for intellectual property infringement, data protection and confidentiality. Startups should not treat those carve-outs as standard without checking whether the business could survive that exposure.

Before you sign a SaaS contract, the liability clause should be read alongside the rest of the agreement, not in isolation. The main risk is that the cap looks acceptable until another clause quietly removes it.

1. What losses are excluded

Excluding indirect or consequential loss is common, but that phrase does not automatically exclude every kind of business loss a customer might claim. Many contracts also list specific excluded losses to make the point clearer.

Look for wording that deals expressly with:

  • loss of profit
  • loss of revenue
  • loss of business
  • loss of anticipated savings
  • loss of goodwill
  • loss or corruption of data, if that is intended

Be careful with data loss language. If your product stores customer data, trying to exclude all liability for data loss while also giving strong backup or recovery promises can create tension elsewhere in the agreement.

2. How the cap is calculated

The cap should be clear enough that both sides can calculate it without argument. A vague cap often causes disputes at exactly the worst moment.

Check:

  • whether the cap applies per claim or in aggregate
  • whether it is based on fees paid, fees payable, or a fixed sum
  • what time period applies, such as the previous 12 months
  • whether professional services, onboarding fees or third party charges are included
  • whether the cap resets each contract year or runs across the full term

A startup on a low monthly subscription may find that a fees-paid cap is too low for some risks and too high for others. That is why layered caps can work better than one blanket number.

3. Which liabilities are carved out

Every carve-out needs separate scrutiny. A clause that says "nothing limits liability for breach of confidentiality, data protection, indemnities and intellectual property infringement" may wipe out most of the protection you thought you had.

Before you accept the provider's standard terms or a customer's procurement paper, check whether carve-outs include:

  • fraud or fraudulent misrepresentation
  • death or personal injury caused by negligence
  • breach of confidentiality
  • data protection breaches
  • intellectual property infringement
  • payment obligations
  • deliberate default or wilful misconduct

Some of these are more negotiable than others. Fraud and personal injury are legal red lines. Others often come down to commercial leverage and risk allocation.

4. Indemnities that bypass the cap

An indemnity can create a payment obligation that sits outside the main liability cap if the contract says so. This is one of the most common founder traps.

For SaaS businesses, indemnities often cover third party intellectual property claims, data protection claims, or losses caused by misuse of the service. If the indemnity is uncapped, broad and triggered easily, it may be more dangerous than the main liability clause itself.

Before you rely on a verbal promise that an indemnity is "market standard", check:

  • what event triggers the indemnity
  • whether it covers third party claims only or direct losses too
  • whether your control of the defence is protected
  • whether you can replace or modify the service instead of paying out
  • whether the indemnity is subject to the main cap or a separate cap

5. Data protection and security promises

Data protection terms often drive the hardest liability negotiations in UK SaaS deals. Customers may ask for uncapped liability for any breach of data protection law, while startups may only have modest contract value and limited cyber cover.

That mismatch needs careful contract drafting. Points to check include:

  • whether the contract distinguishes between ordinary breaches and serious security incidents
  • whether the cap for data protection aligns with your insurance
  • whether the customer's instructions or misuse are carved out from your responsibility
  • whether subcontractors and hosting providers are addressed sensibly
  • whether the security commitments in the contract match your actual technical controls

Overpromising on encryption, backups, disaster recovery or incident response can make a liability clause harder to defend, especially if the sales process created strong expectations.

6. Service levels and sole remedies

Many SaaS agreements say service credits are the customer's sole and exclusive remedy for downtime. That can be useful for the supplier, but only if the drafting is tight and consistent with the rest of the contract.

If your service level schedule offers credits, check whether:

  • the customer can also claim damages outside the credits regime
  • the credits count towards the overall liability cap
  • the service levels apply during maintenance windows and third party outages
  • chronic failure gives the customer a termination right

7. Misrepresentation and pre-contract statements

Founders often focus on the liability clause but forget the contract may also try to exclude liability for pre-contract statements. That matters if your sales team made claims about functionality, implementation times or integrations before you sign.

An entire agreement clause and a non-reliance clause may reduce exposure, but these clauses need careful handling and may also be tested for reasonableness. They are not a cure for inaccurate sales promises.

Common Mistakes With Limitation of Liability Clause SaaS Startups

The biggest mistake is treating the liability clause as standard wording. In SaaS, a small drafting change can move a large amount of financial risk onto the startup.

Copying another company's cap

A clause taken from a larger software business may assume much higher contract values, stronger bargaining power and broader insurance. Your startup may not have those protections. A cap that looks normal in an enterprise template may be unrealistic for an early stage business.

Focusing only on the headline cap

Many founders negotiate the main cap down to a sensible number, then miss the carve-outs underneath. If confidentiality, data protection, indemnities and IP claims are all uncapped, the headline number may not help much.

Ignoring low-value, high-impact contracts

Some of the most dangerous contracts are not the largest ones. A low-fee pilot with a major customer can still contain broad warranties, harsh service levels and uncapped liability language. Before you sign, compare the legal risk with the actual revenue.

Promising more than the product can deliver

Sales pressure often leads startups to accept warranty language that the platform will be uninterrupted, error-free or fully secure. Those promises are difficult to maintain in real operational conditions and can undermine your risk position if there is an outage.

More realistic wording usually works better, such as committing to reasonable skill and care, documented service levels and defined support processes.

Leaving supplier risk unaddressed

Your own suppliers matter too. If your customer contract gives a high liability cap but your cloud provider, developer or data sub-processor limits liability to a tiny amount, you may carry a gap in the middle. This is common where startups rely on multiple third party tools.

Map the contract chain and compare:

  • what you promise your customer
  • what your suppliers actually promise you
  • what your insurance covers

Using vague exclusions

General wording about indirect loss may not cover what you think it covers. If you want to exclude specific heads of loss, name them clearly. Precision usually causes fewer disputes than broad abstract phrases.

Assuming "mutual" always means fair

A mutual clause can still be unbalanced. If both sides have the same cap, but only one side handles live customer data, hosts the platform and gives operational warranties, the practical risk may still sit mostly with the supplier.

Forgetting the negotiation record

If enforceability is later challenged, the negotiation context may matter. Clear drafting, sensible revisions and evidence that the term was considered can help support reasonableness. Hidden terms and last-minute clauses can create the opposite impression.

Not matching the clause to insurance

Your liability position should be checked against your professional indemnity, cyber and other relevant policies. Insurance does not solve every problem, but it should inform the limits you agree to. A contract review before signing can help identify gaps where a contract cap sits well above your cover.

Accepting uncapped liability too casually

There are situations where a startup may choose to accept uncapped or very high liability for a narrow issue, but that should be a deliberate commercial decision. It should not slip in because the clause looked familiar or the customer said it was non-negotiable.

FAQs

Can a UK SaaS startup exclude all liability in its terms?

No. Some liabilities cannot be excluded, including fraud, and liability for death or personal injury caused by negligence cannot generally be excluded. Other limitations may still need to satisfy a reasonableness test.

What is a typical liability cap in a SaaS contract?

A common approach is a cap linked to fees paid in the previous 12 months, sometimes with higher caps for specific risks. The right cap depends on contract value, the type of service, data sensitivity and insurance.

Should data protection liability be uncapped?

Not automatically. Many customers ask for this, but startups should assess the actual risk, the contract value, the nature of the data and available insurance before agreeing. A separate higher cap is often negotiated instead.

Do service credits stop a customer claiming other losses?

Only if the contract clearly says service credits are the sole and exclusive remedy for the relevant failure, and the rest of the agreement supports that position. If the drafting is inconsistent, the customer may still argue for additional remedies.

Does a limitation clause protect against IP infringement claims?

Sometimes, but many contracts treat IP claims separately through an indemnity or carve-out. You need to check whether those claims sit within the general cap, a separate cap, or no cap at all.

Key Takeaways

  • A limitation of liability clause is one of the most commercially important terms in a UK SaaS contract because it sets the financial boundary if things go wrong.
  • The clause must be read with indemnities, data protection terms, confidentiality, IP wording, service levels and pre-contract statements, not on its own.
  • Not all liability can be excluded under UK law, and business-to-business limitations may still need to be reasonable to be enforceable.
  • Founders often miss the real risk when a sensible-looking cap is undermined by broad carve-outs or uncapped indemnities.
  • The right liability position depends on your product, customer profile, contract value, technical promises, supplier chain and insurance cover.
  • Before you sign, make sure the contract reflects what your platform can actually deliver and the level of risk your startup can afford to carry.

If you want help with liability caps, indemnities, data protection risk allocation, and SaaS contract wording, you can reach us on 08081347754 or team@sprintlaw.co.uk for a free, no-obligations chat.

Alex Solo
Alex SoloCo-Founder

Alex is Sprintlaw’s co-founder and principal lawyer. Alex previously worked at a top-tier firm as a lawyer specialising in technology and media contracts, and founded a digital agency which he sold in 2015.

Need legal help?

Get in touch with our team

Tell us what you need and we'll come back with a fixed-fee quote - no obligation, no surprises.

Keep reading

Related Articles

When Should You Use a Heads of Agreement (Hoa) for Your Business, and When Is It

When Should You Use a Heads of Agreement (Hoa) for Your Business, and When Is It

A heads of agreement can help UK businesses record key deal terms before the full contract is signed, but it is not always legally harmless. Learn when an

23 Jun 2026
Read more
Starting a Virtual Assistant Business in the UK: Essential Legal Checklist

Starting a Virtual Assistant Business in the UK: Essential Legal Checklist

Starting a virtual assistant business in the UK is relatively quick, but the legal setup still matters. Here are the key issues to sort out around

23 Jun 2026
Read more
Contractor or Subcontractor? Legal Differences for UK Businesses

Contractor or Subcontractor? Legal Differences for UK Businesses

Not sure whether you are dealing with a contractor or subcontractor in the UK? This guide explains the legal difference, key contract issues to check, and

23 Jun 2026
Read more
AI Use Policies for UK Telehealth Platforms

AI Use Policies for UK Telehealth Platforms

AI use policies can help UK telehealth platforms manage staff use of AI tools, protect patient data, reduce clinical risk and align workforce rules with

23 Jun 2026
Read more
BYOD Policies for UK Telehealth Platforms

BYOD Policies for UK Telehealth Platforms

Personal device use can create major privacy and employment risks for telehealth businesses. This guide explains how UK telehealth platforms should

23 Jun 2026
Read more
What Is a Frustrated Contract and How to Manage One?

What Is a Frustrated Contract and How to Manage One?

A frustrated contract can bring an agreement to an end when an unexpected event makes performance impossible, unlawful, or fundamentally different. Here

22 Jun 2026
Read more
Need support?

Need help with your business legals?

Speak with Sprintlaw to get practical legal support and fixed-fee options tailored to your business.

Get StartedBook A Call