Minimum T&Cs for IT start-ups in particular on the limitation of liability

Anyone setting up a new company first has to pay close attention to financing. Numerous issues need to be dealt with and mean costs, even though significant income is still lacking for the time being. Certain costs can be covered, e.g. through EXIST funding, out of your own pocket or through initial investors. Nevertheless, the expenditure needs to be carefully considered. When it comes to legal issues, things can quickly become complex and expensive. On the other hand, it is also expensive if a liability case arises and, for example, savings have been made on general terms and conditions with an - at least rudimentary - limitation of liability. So what are the minimum T&Cs recommended for an IT start-up?

GTC clause on limitation of liability

General terms and conditions with blanket limitations of liability are generally legally invalid. The reason for this is the strict GTC law that applies in the B2C sector and - in key parts - also in the B2B sector.

Provisions such as "We are not liable for data loss" in the case of a cloud or SaaS service are therefore simply ineffective. Maximum sum provisions such as "We are liable at most for the order value" are also generally ineffective. It is therefore important to ensure that such "simple" GTC provisions do not merely create a false sense of security.

In addition, liability for so-called cardinal obligations, i.e. the main performance obligations, cannot be limited - or at best only to a limited extent. This means that a blanket limitation of liability is ruled out for the main risk area, namely the core of the company's own services.

Nevertheless, general limitations of liability are recommended. However, these must take into account numerous legal aspects, in particular numerous exceptions (e.g. non-application of the exclusion for intentional breaches of duty), so that they are not invalid from the outset. This also applies even if the back exclusion does not appear to be relevant for your own area. For example, liability for personal injury should still be excluded from the limitation of liability, even if you offer a SaaS service and will probably never meet the customer in person.

Limitation of liability as part of the service description

Often, the best results with regard to a limitation of liability can be achieved by not limiting the liability, but rather the service promise.

This means clarifying the company's own services and checking the advertising statements. If, for example, it is advertised that the data is "100% secure" with its own SaaS service, the company's own range of services is initially broadly defined. In particular, this can be understood to mean that backups are carried out. It is difficult or almost impossible to "catch" such a broad service promise by limiting liability. It would be more advantageous to simply advertise that the SaaS service will only process the data for the period of document generation, for example, and that it will then be deleted. This way, there is no promise that extensive data backups will be made. At the same time, such an arrangement could also eliminate a number of other legal problems.

Differentiation of various services

Furthermore, it is important to differentiate between different partial services in order to achieve a limitation of liability. For example, if an IT start-up provides software developed in-house for use on-premises with annual payment by the customer, this will constitute a rental agreement (or a legal lease). If the IT start-up also offers the initial installation, setup and configuration, this will be classified as a work performance. If the IT start-up also offers training, this is a contractual service.

However, the liability regulations under the German Civil Code (BGB) for rental contracts, contracts for work and services and service contracts are fundamentally different. While there is even strict liability for unknown, initial defects for rental agreements in the B2B sector, the BGB does not even provide for a warranty regime for service contracts. In the case of contracts for work and services, attention should also be paid to acceptance (or a "substitute" for it) so that, for example, the - contractually shortened - limitation period begins to run.

Therefore, in order to achieve a limitation of liability, it is strongly advisable to subdivide your own services from a legal point of view in order to then make different arrangements specifically for this purpose, which can ultimately significantly limit your own liability risk.

Copyright liability

If the IT start-up offers SaaS services, for example, and users can upload content or interact with each other, or if user-generated content is involved, the granting of sufficient copyright usage rights should also be considered. An indemnification provision in the event of a warning should also be considered. It is also necessary to clarify the scope of these rights of use in terms of time and content. If the rights of use are limited to the term of the contract, for example, this could be insufficient, as data backups or cached copies may be kept by your own hosting provider or content delivery network (CDN). Therefore, a transitional period of e.g. a few months after the end of the contract may need to be agreed.

Further regulations

Further provisions often depend on the specific service. If an online service is offered as SaaS (Software-as-a-Service), for example, there should be a provision on availability and planned downtime or planned maintenance windows.

Once the above measures for achieving a limitation of liability have been taken, the result of "initial minimum T&Cs" is usually achieved. It is then necessary to clarify which further provisions - depending on the specific content of the company's own services - are to be recommended.

This includes provisions on the place of jurisdiction and applicable law. Provisions regarding the term of the contract and termination regulations should also be made. In this context, it should be considered, for example, whether the contract of each customer of the IT start-up should be extended at an individual point in time or uniformly, e.g. at the end of the month. Example: Customer A registers with the IT start-up on March 17. With a contract period of one month, the contract would then be extended on the 17th of each month and the monthly payment would also have to be collected on the 17th of each month (or shortly before or after - depending on the advance payment arrangement). This can quickly become complex for many customers if no separate payment processor is involved.

Alternatively, it can also be stipulated that all contracts with customers are renewed at the end of each month. It would then be clear that payment must be collected for all customers at the end of the month. In this case, however, it may be necessary to consider whether a partial payment is due for the first partial period. Example: Customer B registers on January 21. In this case, a partial fee may have to be charged for the period from January 21 to January 31 before the full fee is invoiced each month from the beginning of February. In any case, this should be thought through, although this may no longer be the subject of the first minimum T&Cs.

Avoidance of warnings

Warning letters are letters sent by a competitor or a consumer protection association, for example, or sent via a lawyer, requesting the cessation of unlawful conduct. A cease-and-desist declaration with a contractual penalty is then to be issued and the costs incurred by the other party, e.g. for the lawyer there, are to be reimbursed.

The warning letter is tricky in that the request for reimbursement of costs is a further burden on the finances of a start-up. It should also be noted that the cease-and-desist declaration - should it actually be issued - will result in the start-up being liable "for life" should the infringement be repeated. In the case of small start-ups, attempts are also often made to hold the managing directors or founders personally liable. If the infringement is repeated, a contractual penalty is due, which must then be paid directly to the party issuing the warning. This can ultimately restrict the IT start-up's "freedom of action" due to the immediate threat of contractual penalties (and thus possibly also the interest of investors).

In some cases, damages may also be claimed due to a recent change in the law.

It should therefore be determined on which points a warning is imminent, or at least could be imminent to a particular extent. For example, the law may stipulate certain minimum requirements with regard to provisions in general terms and conditions and information to be provided. What these are depends on the type of services offered.

If, for example, the IT start-up offers a virtual online marketplace where suppliers and customers can find each other, some mandatory information is required by law, the absence of which can quickly lead to a warning being issued. Whether and, if so, which legal minimum requirements must be complied with depends - once again - largely on the type of services offered.

Date: 27. May 2022