ContractHQ
Start
All posts
Clauses

Limitation of liability caps: how the numbers actually get chosen

Liability caps look arbitrary until you see the patterns. A walkthrough of how the dollar figures get picked, why 12 months of fees became standard, and what drives deviations.

By ContractHQ Team7 min read

Open any SaaS contract, scroll to the Limitation of Liability section, and you'll almost certainly find a sentence that looks something like: "In no event shall either party's aggregate liability exceed the fees paid by Customer during the twelve (12) months preceding the claim." Different vendor, different logo, same number. It reads like a law of nature.

It isn't. The 12-month fees cap is a convention, not a rule. It got there through a mix of insurance math, industry norms, and the slow grinding pressure of template reuse. Once you understand how the number actually gets chosen, the cap stops looking like boilerplate and starts looking like a negotiation lever, one that procurement and legal ops teams routinely leave on the table.

This is a walkthrough of how the limitation of liability cap gets set, the factors that push it up or down, and the patterns that show up once you've read a few hundred of these clauses in a row.

What a limitation of liability cap actually does

A limitation of liability cap is a ceiling on the total dollar amount one party can recover from the other under the contract, regardless of how bad the harm is. It answers the question: "If everything goes wrong, what's the maximum check I can write, or collect?"

The cap typically sits inside a broader Limitation of Liability clause that does three jobs at once:

  • Excludes categories of damages, indirect, consequential, incidental, lost profits, lost data. (These are "damages caps by type.")
  • Caps remaining damages at a dollar figure, the number you're actually negotiating when you argue over the cap.
  • Lists carve-outs, things the cap doesn't apply to (indemnification, confidentiality breach, gross negligence, IP infringement).

The dollar cap is what most people mean when they say "the cap." It's a single number, or a formula that resolves to a single number, and it's the hard ceiling on direct damages that survive the exclusions.

The three common formulas

Most limitation of liability caps are expressed one of three ways:

1. Fees paid in the trailing N months

Overwhelmingly the most common. The cap equals what the customer paid over some lookback window, usually 12 months, sometimes 6, occasionally 24. So a customer spending $8,000/month on a SaaS tool has a $96,000 cap after twelve months of use. A customer that churned after three months has a $24,000 cap.

This formula is popular because it scales automatically with deal size and it's easy for a finance team to verify. It also favors the vendor in short-duration disputes: a customer that catches a problem in month two has a tiny cap, even if the harm is large.

2. Fixed dollar amount

Less common but still frequent, a flat number like "$500,000" or "$1,000,000" regardless of fees paid. Fixed caps usually appear in enterprise deals where the customer negotiated a floor, or in consumption-based pricing where trailing-fees math is unstable.

3. Multiple of fees

A hybrid, "2x fees paid in the preceding twelve months" or "the greater of $250,000 or fees paid in the preceding twelve months." Multiples are what you often see when the customer pushed back on a 1x cap and the vendor compromised.

Why 12 months of fees became the default

The trailing-12 formula didn't emerge from first principles. It's a sediment of three things:

  • Insurance alignment. Most tech E&O policies underwrite based on annual revenue from the covered customer, so a 12-month cap maps cleanly to what the insurer is willing to indemnify.
  • Template inheritance. The major law firm templates settled on it in the mid-2010s, and every vendor's first contract was some version of those templates. Once a default exists in the market, deviating requires justification on both sides.
  • It sounds reasonable. "A year of fees" feels intuitively fair in a way that "6 months" feels stingy and "3 years" feels aggressive.

None of those reasons are about the actual risk of harm. A data breach on day 400 of a relationship can cost the customer millions regardless of how much they paid the vendor. The cap is a risk-allocation device, not a damage-estimation device.

What pushes the cap up

Some patterns reliably drive the limitation of liability cap higher than the 1x default:

Customer data sensitivity

If the vendor processes PII, PHI, payment data, or regulated financial information, the customer usually pushes for a higher cap, because the potential harm (regulatory fines, notification costs, class actions) dwarfs any trailing-fees figure. 2x, 3x, or a fixed floor of $1M-$5M is common for data processors.

Customer leverage

Enterprise buyers with procurement teams routinely negotiate caps up. A Fortune 500 customer spending $2M/year will often get 2x fees or a carve-out structure that effectively removes the cap for security incidents. A startup signing the same vendor's paper gets the 1x default.

Category of spend

Mission-critical infrastructure (identity, payments, primary databases) commands higher caps because the downside of a failure is larger. A marketing analytics tool, by contrast, can often hold a 1x cap because the harm from an outage is measured in dashboard downtime.

Mutual vs. one-way caps

If the cap is mutual (both parties are capped at the same number), vendors are much more willing to raise it, because raising the ceiling also raises their own protection against customer claims. One-way caps are harder to move.

What pushes the cap down

Short-term or low-ARR deals

A $500/month SaaS tool will have a 1x cap and no appetite to negotiate. Below a certain deal size, the vendor's CLV doesn't justify a legal review, and the answer is always "that's our standard."

Free tiers and trials

Expect aggressive caps, sometimes as low as $100 or "fees paid in the preceding one month." Free users have essentially no cap because they haven't paid anything.

Consumption pricing volatility

For usage-based pricing that spikes unpredictably, vendors sometimes insist on a fixed cap rather than trailing fees, because a burst month could inflate the cap beyond what the insurance supports.

Reading a clause carefully

Two caps that look identical can behave very differently. A few things worth reading closely:

  • "Paid" vs. "paid or payable." The second is larger, it includes committed but uninvoiced amounts. On a 3-year prepaid deal, this can be a 3x difference.
  • Lookback window. "Preceding 12 months" is the default. "Preceding 6 months" halves the cap. "Since inception" favors long-tenured customers and is unusual.
  • Aggregate vs. per-claim. Aggregate means the cap is a lifetime ceiling across all claims. Per-claim means each separate claim gets its own cap. Per-claim is dramatically more favorable to the plaintiff.
  • "Arising out of or related to." Broader language sweeps more claims under the cap. Narrower language ("arising under this Agreement") leaves room for tort claims outside the cap.

What the cap doesn't cover

The dollar cap almost always has carve-outs, categories where the cap doesn't apply and liability is either uncapped or capped at a much higher "super-cap" number. Typical carve-outs include indemnification obligations, breach of confidentiality, gross negligence or willful misconduct, and IP infringement claims.

The cap is therefore best thought of as the ceiling on ordinary liability, the kind that comes from bugs, outages, and run-of-the-mill contract breaches. Catastrophic categories route around it.

Common negotiation asks

Teams that actively negotiate limitation of liability caps tend to reach for a handful of moves:

  • Raise the multiple. Ask for 2x or 3x fees instead of 1x. This is the easiest ask and frequently granted, especially on mid-market deals.
  • Add a fixed floor. "The greater of $X or trailing 12 months' fees." Protects against the short-tenure scenario where the customer was harmed early.
  • Widen the carve-outs. Pushing data breach, security incidents, or regulatory violations out from under the cap is often more valuable than raising the cap itself.
  • Mutualize the cap. Apply the same cap symmetrically. Vendors that resist a higher one-way cap will often agree to a higher mutual cap.
  • Clarify "paid or payable." Close to free on the vendor side; doubles or triples the effective cap on multi-year prepaid deals.

The bottom line

The limitation of liability cap is a number that looks fixed but is routinely moved. The 1x trailing-12 default exists because insurance math and template inheritance made it the path of least resistance, not because it reflects the actual risk of any particular contract.

Teams that treat the cap as boilerplate sign what the vendor's template says. Teams that treat it as a negotiated field, with carve-outs, multiples, floors, and mutuality as separate levers, end up with risk allocation that actually matches the deal. The number on the page is the output of that negotiation, not the input.

Legal notice

The content on this page is provided for general informational and educational purposes only. It does not constitute legal, tax, financial, or professional advice. No attorney-client, fiduciary, or other professional relationship is formed by reading this article, contacting ContractHQ, or using the ContractHQ product. Laws vary by jurisdiction and change over time; nothing here is a substitute for advice from a licensed attorney in your state or country. ContractHQ makes no representations or warranties regarding the accuracy, completeness, or timeliness of the information. You use this content at your own risk. If you have a specific legal question, consult a qualified attorney.

About the author

Unless explicitly stated otherwise, ContractHQ authors are not licensed attorneys. Bylines identify the writer, not a legal representative. Guest posts from licensed attorneys, when published, are clearly marked as such.

© 2026 ContractHQ. All rights reserved.