ContractHQ
Start
All posts
Clauses

The 'super-cap' and why some contracts have one

A super-cap is a second, higher liability ceiling for high-risk categories. A walkthrough of why it exists, how the numbers get set, and what it quietly solves.

By ContractHQ Team8 min read

Most Limitation of Liability sections end with a single dollar figure, typically twelve months of fees. Some of the more sophisticated contracts in enterprise SaaS, though, end with two. The first is the general cap. The second, usually set higher, is called a super-cap. It applies to a specific list of categories where the standard ceiling felt too low to be defensible but uncapped liability felt too high to insure.

Super-caps don't show up in the first draft of most SaaS templates. They appear in deals large enough to warrant a real negotiation, and they're often the compromise that unlocks a closing. The customer asked for unlimited liability on a sensitive category, data breach, say, or IP indemnification. The vendor said no. The super-cap is the middle ground: a higher but finite number that carves a specific category out of the general cap without exposing either party to unbounded risk.

This is a walkthrough of what a super cap liability structure actually does, why it exists, and the patterns that show up when you read enough of them.

The basic structure

A super-cap lives inside a Limitation of Liability clause that has a two-tier structure:

  • General cap, applies to ordinary claims. Typically 12 months of fees. The default ceiling for things like bugs, outages, and routine contract breaches.
  • Super-cap, applies only to specifically listed categories. Higher than the general cap. Usually expressed as a multiple of fees (2x, 3x, 5x) or a fixed dollar amount ($1M, $5M, $10M).
  • Uncapped carve-outs, narrow categories that sit above the super-cap and aren't subject to any ceiling. Usually limited to fraud, willful misconduct, and sometimes confidentiality breach.

So the overall structure looks like three stacked layers: ordinary liability (general cap), elevated liability for high-risk categories (super-cap), and uncapped liability for the most severe misconduct. A claim's category determines which layer it lands in.

Why super-caps exist

Super-caps solve a specific negotiation problem. In a typical enterprise deal, the customer will push to carve certain categories out of the general cap because the potential harm is much larger than 12 months of fees. The usual candidates:

  • Data breach and security incident liability
  • IP indemnification obligations
  • Confidentiality breach
  • Regulatory fines related to the vendor's conduct

The vendor's initial response is usually "our standard cap applies to everything." The customer's next position is often "then these categories need to be uncapped." The vendor's response to that is usually no, because uncapped liability is, by definition, uninsurable at any predictable premium, and the vendor's E&O carrier won't underwrite it.

The super-cap is the compromise that bridges that gap. The vendor can justify a higher number to their insurer (or self-insure the delta), and the customer gets meaningful recovery on the categories that actually matter to them.

How the super-cap number gets set

The dollar figure on a super-cap is rarely arbitrary. It usually reflects some combination of:

The vendor's insurance limits

Tech E&O and cyber insurance policies have coverage ceilings, $1M, $5M, $10M are common tiers for mid-market vendors. A super-cap set at or below the vendor's coverage limit means the insurer will absorb the claim. A super-cap above that limit means the vendor is self-insuring the delta, which gets expensive quickly.

The customer's estimated exposure

For data breaches in particular, customers can estimate their realistic worst-case exposure: notification costs, regulatory fines, credit monitoring, class action settlements. A super-cap that covers something close to that estimate is more defensible than a cap set by convention.

A multiple of the general cap

Often the super-cap is a clean multiple, 2x, 3x, or 5x the general cap. This is common because it scales with deal size automatically and because "three times fees" is easier to explain internally than a specific dollar figure.

What the last deal did

Vendors keep internal memory of what super-caps they've agreed to for similar-sized customers. The anchor for the current negotiation is often "what we did last time for a comparable deal," with small adjustments.

What categories typically get a super-cap

Across hundreds of enterprise SaaS contracts, the same short list of categories tends to live under a super-cap rather than the general cap:

Data breach and security incidents

The most common super-cap category. If the vendor suffers a breach exposing customer data, the downstream costs, notifications, credit monitoring, regulatory fines, litigation, can dwarf twelve months of SaaS fees. A super-cap gives the customer a meaningful recovery without forcing the vendor to self-insure an unbounded loss.

IP indemnification

Vendor-to-customer IP indemnification for third-party infringement claims is often super-capped. Patent litigation alone can cost $2M-$5M in defense fees before a verdict, and settlements in mid-range cases are routinely in the seven figures. A general cap of $150K of fees wouldn't meaningfully cover the defense costs, let alone the settlement.

Confidentiality breach

Often super-capped rather than uncapped. The theory is that confidentiality breaches can produce large, hard-to-quantify losses, but bounded ones, a finite set of trade secrets, a finite set of affected deals. Super-cap at a multiple of fees is a common middle ground.

Breach of specific representations

Sometimes vendors super-cap liability for breach of specific, high-stakes representations, compliance with specific regulations (HIPAA, SOC 2, GDPR), absence of open-source contamination, or ownership of IP.

What typically stays uncapped

A short list of categories usually sits above the super-cap and isn't subject to any ceiling:

  • Fraud and willful misconduct. Courts in most US jurisdictions won't enforce contractual limits on liability for intentional wrongdoing, so making this explicit in the contract matches the legal reality.
  • Gross negligence. Similar treatment, though more varied by jurisdiction.
  • Payment obligations. The customer's obligation to pay fees is almost never capped, you owe what you owe.
  • Indemnification, in some structures. When indemnification isn't super-capped, it's usually uncapped for third-party claims, with the reasoning that the indemnifying party controls the settlement anyway.

The line between "super-capped" and "uncapped" is where a lot of the negotiation energy goes in enterprise deals.

The interaction with the general cap

One subtle but important question: is the super-cap additive to the general cap, or does it replace the general cap for the covered categories?

Two drafting patterns:

Replacement super-cap

"The aggregate liability of Vendor for any claim arising from a Data Breach shall not exceed [super-cap amount]."

Under this language, claims in the super-cap category have their own ceiling, and those claims are subject only to that super-cap. Claims in other categories are subject to the general cap. The two caps are parallel, not stacked.

Additive super-cap

"Notwithstanding the general cap, the aggregate liability of Vendor for Data Breach claims shall not exceed [super-cap amount] in addition to any other liability under this Agreement."

Less common, but it can show up. Under this language, the super-cap is layered on top of the general cap. A customer with $100K of general-cap exposure and a $2M super-cap can potentially recover up to $2.1M in a data breach scenario.

Most super-caps are replacement, not additive. Reading which structure the clause uses is load-bearing, the difference between the two can be seven figures.

Common super-cap numbers

A few patterns that show up repeatedly:

  • 2x fees. The most common super-cap multiple. A light elevation that signals "this category matters more" without requiring the vendor to restructure its insurance.
  • 3x-5x fees. More common for data-sensitive categories. Still tied to deal size, still insurable.
  • $1M fixed. A frequent floor for smaller deals, especially for data breach and IP indemnification.
  • $5M fixed. A common ceiling for mid-market enterprise deals.
  • Cap at insurance limits. Some clauses set the super-cap at "the lesser of [X] or the proceeds of Vendor's then-current insurance." This is vendor-friendly because it explicitly limits the vendor to whatever the insurer pays.

Common negotiation moves

Teams actively negotiating super-caps tend to focus on:

  • Adding a super-cap to categories the vendor initially refused to carve out. If the vendor won't uncap data breach, propose a super-cap at 3x-5x. This is often accepted.
  • Raising the multiple. Move from 2x to 3x, or 3x to 5x. Smaller ask than uncapping and more likely to succeed.
  • Structure as replacement, not additive. Vendors usually want replacement. Customers sometimes negotiate additive on high-stakes categories.
  • Tie the super-cap to insurance coverage. Customers often ask vendors to certify insurance coverage at or above the super-cap amount, otherwise the number is theoretical.
  • Explicit list of covered categories. Super-caps only matter if the listed categories actually match the customer's risk. Adding regulatory fines, compliance warranties, or specific indemnities to the super-cap list is a common ask.

The bottom line

A super-cap is a negotiated acknowledgment that not all risk categories are equal. Twelve months of fees is a reasonable ceiling for bugs and outages, but it's not a reasonable ceiling for a breach of millions of customer records. The super-cap is how sophisticated contracts reflect that without forcing either party into an uninsurable "uncapped" posture.

The structure is simple once you see it: a general cap for ordinary claims, a super-cap for high-risk categories, and a narrow set of uncapped carve-outs for the most severe misconduct. The real work of the negotiation is figuring out which categories go in which layer, and at what dollar figures. A contract with a super-cap is usually a contract that both sides took seriously. A contract with a single number for everything is usually a contract that nobody on the customer side read carefully enough.

Legal notice

The content on this page is provided for general informational and educational purposes only. It does not constitute legal, tax, financial, or professional advice. No attorney-client, fiduciary, or other professional relationship is formed by reading this article, contacting ContractHQ, or using the ContractHQ product. Laws vary by jurisdiction and change over time; nothing here is a substitute for advice from a licensed attorney in your state or country. ContractHQ makes no representations or warranties regarding the accuracy, completeness, or timeliness of the information. You use this content at your own risk. If you have a specific legal question, consult a qualified attorney.

About the author

Unless explicitly stated otherwise, ContractHQ authors are not licensed attorneys. Bylines identify the writer, not a legal representative. Guest posts from licensed attorneys, when published, are clearly marked as such.

© 2026 ContractHQ. All rights reserved.