If you had to describe an indemnity in one sentence that most people would understand, here's what you would say: "An indemnity is a specific type of contractual risk allocation mechanism whereby one party to a contract agrees to hold the other (and presumably innocent) party harmless if a third party brings a claim against the innocent party."

When you offer someone an indemnity, you are generally acting as the responsible party with respect to third party claims. If SCO is that third party and sues you for violating its rights because you don't have an SCO license--but you do have a contract (license)-- the company with whom you have the contract and that is holding you harmless (e.g., HP) will stand between you and SCO as a contractual shield.

Like many contract clauses and legal principles, an "indemnity" is used to describe a variety of obligations--sometimes correctly and other times not. Some people mistakenly liken it to a contractual insurance policy - although that is not accurate from either a legal or a practical point of view. Different indemnities serve very different purposes--although each deals with risk management. Some people also don't distinguish between indemnities based on the "innocent party" description and those based on the occurrence of an event, regardless of fault. In the former case, someone is being sued not because they knowingly did anything wrong, but by virtue of licensing, using and paying for something that someone else alleges should be licensed from them. An event indemnity is more in the nature of the pure allocation of risk - if I can't perform, I will arrange to have someone else do so and pay any incremental amounts and hold you harmless from any damages you may have to pay someone else to obtain the same service. Most intellectual property (IP) indemnities offered by licensors in their standard forms, if any, are of the "innocent infringer" kind.

While the public profile of indemnification clauses has been raised by recent lawsuits over Linux, indemnities have a place in virtually every technology and IT contract and have been around for a long time.

		Special Report: Managing the legal risks of Linux  The SCO legal train: Know your options  Protect Thyself 101: A primer on indemnification  Novell's protection: Covers more than SCO  HP's protection: SCO-only, but no dollar limit  Instead of indemnification, consider insurance  Defense funds: Taste great, but less filling  Is Red Hat the canary in SCO’s coal mine?  What did SCO buy--Unix or the Brooklyn Bridge?

John is a Linux user, and he gets his Linux from ABC company. Now let's suppose SCO sues John, claiming that ABC has misappropriated SCO's code or violated SCO's proprietary IP rights. In other words, SCO is claiming John is using SCO's property without a license from SCO.

In this example, John is simply an innocent user of ABC's Linux. John looked in the commercial marketplace for Linux, got the best deal from ABC, who represented they had the right to provide it to John and would stand behind it against all other claimants. In a perfect world, let's assume ABC has given John absolute indemnification. John triggers the indemnity clause and notifies ABC, saying "I was just notified by SCO that they are going to sue me and here's a copy of the papers they are filing. I will cooperate with you and do whatever it takes to facilitate my defense, but please retain counsel and defend me and if I incur any damage or liability, you will be responsible and hold me harmless."

Simple? Not yet. Does your indemnity include an obligation to defend or handle lawsuits, demands and all manner of claims--actual or alleged? Or is it only a pure indemnity, which means that you will be held harmless at some future point for damages you sustain, but does not automatically mean you are going to be defended in the actual claim or lawsuit. Most people lump this defense obligation into the meaning of the term indemnity, although they are actually different obligations.

Let's stick with our perfect example--ABC has agreed to "defend and indemnify" John and handle the defense. ABC would hire a law firm to defend John. Remember, ABC has a more important stake in this litigation; this isn't just about John, it's about their licensing Linux to John and others. The lawsuit will generally challenge the very validity of ABC's right to license Linux in the marketplace--the intellectual or other property rights that may underlie a large portion of ABC's business and revenue. It makes sense that most companies like ABC will want to control the defense of any lawsuit challenging the ownership or licensing rights to software they are marketing. They are defending not just John, but their product line.

Presuming that John isn't the only ABC customer that has been sued by SCO, ABC's law firm would probably try to consolidate the cases and ABC would pick up the tab. If ABC wins, John and everybody else that was sued continue merrily along about their business--having been duly defended and held harmless. If ABC is wrong and loses and SCO turns out to be the rightful owner, it is likely that the court would order ABC to fork over any profits to SCO it made from licensing software that has now been determined to belong to SCO and not ABC, as well as any damages the court finds are required by law or appropriate. While courts don't tend to needlessly create burdens on innocent users like John in our example, John would certainly need to enter into a new license with SCO in order to continue using the Linux obtained from ABC--or find another alternative.

So, before you accept a solution provider's offer of indemnity, what questions should you be asking?

For one, is the indemnity limited to certain types of claims (e.g., patent or trademark claims)? Is the indemnity limited geographically (e.g., claims brought in the United States, claims alleging violations of a U.S. patent)? Is the indemnity a comprehensive offering to defend you, indemnify you and hold you completely harmless from any and all damages or losses (including legal fees)? Or does the indemnity limit the obligation to a dollar amount or some other restriction?

Many indemnities limit damages to those "actually and finally awarded by a court." Imagine how much money you might have to spend in the hopes of recovering something from an indemnity at the end of a long string of court trials and appeals. You will probably need to copy papers and documents, provide witnesses and you may even need to retain your own independent counsel if, for any reason, your interests and ABC's turn out to diverge during the course of litigation. Are these issues covered?

Typically, an indemnity will ask you to relinquish control of the primary defense to ABC's counsel. What if ABC wants to settle the lawsuit and the settlement might cause you some problems? What if John's interests (as a customer/licensee) and ABC's interests (as the licensor) are not perfectly aligned? Can John hire a lawyer to participate and protect his interests in that case? Who pays?

If the contract has a limitation of liability clause, is the indemnity capped by that limit? What if the contract distinguishes between direct and consequential (indirect) damages? Does that make a difference in the way the indemnity applies? What if a claim is covered by insurance? Is there an overlap or a conflict? Is the insurance policy yours or the licensors? Perhaps to limit the licensor's potential risk, they build in the right to require you, the licensee, to cease use of the programs to avoid building potential damage claims farther. Perhaps they can substitute equivalent software, but probably not without some cost and some operational pain.

In short, like many contract terms, indemnities can be complex and are "standard" only in theory, not in practice. In most contracts dealing with e-commerce, information technology and IP, indemnities should be a routine part of the contract toolkit, to use and customize as appropriate. For savvy organizations that understand the importance and complexities of IT-related indemnities, these should become standard issues to consider. Before losing their buying leverage with their IT solution providers, those IT-savvy organizations have turned to internal or external counsel to make sure they are sufficiently protected from the costs and liabilities associated with IP infringement claims that may arise. Why shouldn't your company be one of them? When your business is the carrot that those solution providers seek, always remember that everything is negotiable, especially if you are innocent.

Joe Rosenbaum is a partner at the New York offices of the international law firm ReedSmith, He heads that firm's New York based e-commerce group and publishes a free newsletter that focuses on IT-related legal issues and trends. He can be reached at JRosenbaum@ReedSmith.com.