A changing landscape
Technology and commercial contracts operate in a constantly evolving landscape, whether resulting from technological change, shifting appetites for risk, or legal and regulatory developments. All of these can impact the area of liability.
For example, unless you have been living under a rock for the past few years, you will have seen the seismic technological shift brought about by AI and in particular generative AI. On the contractual side, we have seen a change in the standard terms and conditions put forward by vendors of AI products, with a lower appetite to take on liability for the product or solution and its outputs, given the nature of the technology.
Not quite ‘all care, no responsibility’, but not far off. There are also fascinating differences, compared to more traditional technology contracts, as to the treatment and ownership of data, particularly customer data, given that the latter is often the food or fuel to further train the AI model. It is imperative that any party buying or selling an AI solution gives proper consideration to the underlying contractual terms and not just assume that what was ‘standard’ five years ago is standard today for an AI solution. And although AI regulation in Australia is lagging behind other parts of the world such as the AI, we will catch up eventually. This will potentially create new obligations and exposure to potential regulatory sanctions for not meeting them, including in the context of the ACL – the Australian Government having already released a “Review of AI and the Australian Consumer Law” discussion paper.
Similarly, recent years have seen a massive uptake in both the frequency and impact of cyber incidents affecting Australian organisations. From a liability perspective, this has created significantly increased risks: for a customer, the risk of suffering huge loss and reputational damage through a cyber incident caused by a third party supplier’s acts or omissions, and having only limited recourse under the contractual liability regime meaning the loss far exceeds the recoverable amounts, for a supplier, the risk of your customer, or its insurer, alleging it ‘caused’ the cyber incident due to a contractual failure or negligence, even where the supplier may have met its contractual obligations, or the relevant infrastructure or its security were outside the agreed contractual scope.
Again, the answer to dealing with these increased risks is to take a fresh look at the applicable contract terms (including those of third party vendors) and consider how they would apply, and what the effect on liability would be, in a worst case cyber incident scenario.
Finally, we cannot assume that technology contracts and commercial agreements sit within a fixed legal landscape. Laws can, and do, change. For example, the Australian privacy laws are currently undergoing a massive, staged overhaul, and any party accessing or dealing with the personal information of another needs to be aware of the new laws and the liability implications. Similarly, as we will discuss later, the meaning of ‘indirect’ or ‘consequential’ loss underwent a dramatic transformation some years ago as a result of new judicial interpretation of these concepts.
How to approach liability in a commercial contract
The starting point is to identify the risks. What could go wrong? Which party has assumed the bulk of the obligations? Which party is most likely to cause the other to suffer loss, and how much could that loss be?
As noted earlier, it is necessary to consider not only liability for breach of contract, but also other potential areas of liability: is there any risk of a claim by a third party against a party to the contract (for example, a third party claiming infringement of its intellectual property rights)? Is either party to the contract assuming significant regulatory risk? How likely is it that a party may assume non-contractual liability such as tortious liability or breach of statutory duty?
You should be asking these and other questions around risk and adverse outcomes in order to inform the liability regime you want to put forward. Whether you achieve a successful result is often simply a reflection of the relative bargaining strength of the parties, but it’s worth noting that in a technology agreement, the limitation and exclusion of liability and indemnity clauses are often amongst the most heavily negotiated.
Our experienced Technology Law team can assist customers and vendors or technology solutions with tailored advice and strategies to optimise your position in IT contracting, including in relation to liability.
If you would like any technology law assistance, or have any questions or comments on this release, please contact Technology Special Counsel Nick Martin below.
Wotton Kearney acknowledges the traditional custodians of the lands on which we work, and pay our respects to Elders past and present.
© 2025 WOTTON KEARNEY Legal information | Privacy | Legitimate interest | Contact
