By: Stephen Morrissey, Nick Martin and Christy Mellifont

At a glance

After a software update by cybersecurity firm CrowdStrike caused a global outage, legal experts in the US have speculated the company is protected from paying customers’ losses due to a contractual limitation of liability clause in its standard terms and conditions.

In this article, we examine how limitation of liability clauses operate in the Australian context and provide practical tips for reviewing or preparing IT service contracts.

A costly mistake?

On 19 July 2024, CrowdStrike rolled out a faulty software update which affected Microsoft Windows users worldwide and cost Australian businesses an estimated $1 billion. A root cause analysis report concluded that a single error caused the unprecedented outage, impacting businesses globally and leaving CrowdStrike facing a shareholder class action and a multi-million dollar lawsuit from Delta Air Lines.

CrowdStrike’s standard terms and conditions limit its liability for contractual breaches to the fees paid by customers for its services. Experts say that unless a US court finds the clause is inherently unfair and unenforceable, CrowdStrike’s customers will be unable to recover their losses to the extent they exceed the fees paid under the agreement.

Principles for interpreting limitation clauses

In Australia, businesses frequently seek to limit or exclude liability to their clients or customers through contractual terms. Common examples include terms which:

  • cap monetary damages (e.g. limiting liability to fees paid under the contract)
  • exclude liability for indirect or consequential losses, or
  • impose a time limit for commencement of action.

In interpreting a limitation provision, the court will look to the natural and ordinary meaning of the words used, construed in the context of the contract as a whole¹. A clause will not exclude or limit liability in negligence unless it contains words to that effect.² Where the wording is ambiguous, the court will interpret the clause against the party seeking to enforce it (the ‘contra proferentum’ rule).

Australian Consumer Law

In addition to claims for breach of contract and negligence, professionals can find themselves facing claims under the Australian Consumer Law (ACL). The position is that:

  • The ACL does not allow parties to contract out of consumer guarantees, but may permit a party to limit liability in some circumstances (for example, limiting liability to resupplying the services or goods or the cost of doing so).³
  • Liability for misleading and deceptive conduct under the ACL cannot be contractually excluded. However, there is conflicting authority about whether a limitation provision can apply to misleading and deceptive conduct. In New South Wales, contractual time limits have been held to be enforceable and it has been suggested that a damages cap could also operate.⁴ Victoria has rejected that approach on the basis that limiting time for misleading and deceptive conduct claims under the ACL is contrary to public policy.⁵

Unfair contract terms

It is important to consider whether a liability limitation or exclusion clause in a standard form contract falls foul of the unfair contract terms protections in the ACL.

The protections will apply if the contract is for the supply of goods or services, and at least one party to the contract is a small business (i.e. a business that has fewer than 100 employees or an annual turnover of less than $10m). A term in a contract will be “unfair” if:

  • it would cause a significant imbalance in the rights and obligations of the parties under the contract
  • it is not reasonably necessary to protect the legitimate interests of the party who gets an advantage from the term, or
  • enforcement of the term would cause financial or other harm to the other party.

If a contractual term is unfair, it will be void and the party seeking to enforce it may face significant penalties.

Implications

The enforceability of liability limitation and exclusion clauses will turn on:

  • the precise wording of the clause, construed in the context of the contract
  • the nature of the liability alleged, and
  • the operation of the unfair contract terms regime.

When reviewing or preparing IT service contracts, it is important to consider:

  • whether a limitation on one or both parties’ liability should be included, and how that should be stated or calculated (e.g. as a specified amount, or a multiplier of fees paid under the contract)
  • whether liability for certain types of loss should be excluded altogether, ensuring that these types of losses are clearly described (particularly in view of the uncertainty in Australian case law as to the meaning of ‘indirect/consequential’ loss)
  • whether there should be any exceptions to the limitation or exclusion of liability clauses (i.e. loss for which liability is uncapped and/or all types of losses are recoverable)
  • whether any risk of a party suffering loss or damage from a particular event or circumstance should be mitigated by way of an indemnity from the other party
  • whether liability for negligence is limited or excluded, and
  • whether the contractual terms are “unfair” within the meaning of the ACL.

Liability limitation and exclusion clauses can effectively help technology professionals manage potential risks, but their enforceability in Australia is not guaranteed and depends on the specific factual circumstances.

Our experienced Technology team can assist businesses and insurers with tailored advice and strategies to navigate the complexities of liability limitation clauses, technology disputes and technology contract-related risks. Get in touch with our authors to discuss how we can support your business.

[1] Darlington Futures Ltd v Delco Australia Pty Ltd (1986) 161 CLR 500.
[2] Glenmont Investments Pty Ltd v O’Loughlin (2000) 79 SASR 185; [2000] SASC 429; Bright v Sampson and Duncan Enterprises Pty Ltd (1985) 1 NSWLR 346.
[3] ACL, sections 64 and 64A.
[4] Owners SP 62930 v Kell & Rigby [2009] NSWSC 1342; Firstmac Fiduciary Services Pty Limited & Anor v HSBC Bank of Australia Limited [2012] NSWSC 1122; Lane Cove Council v Michael Davies & Associates and Others [2012] NSWSC 727. But see Omega Air Inc. v CAE Australia Pty Ltd [2015] NSWSC 802.
[5] Brighton Australia Pty Ltd v Multiplex Constructions Pty Ltd (2018) 56 VR 557 (Brighton), cited with approval in Viterra Malt Pty Ltd v Cargill Australia Ltd [2023] VSCA 157.