The Limitation of Liability clause is the ceiling on each party's total exposure under the contract. It is the single most consequential financial clause in most SaaS agreements. Negotiating it well protects the company. Negotiating it badly can wipe a year of margin in a single dispute.
The standard structure is a cap pegged to fees paid or payable in the prior twelve months under the agreement. That number can be anywhere from a few thousand dollars to seven figures depending on the deal. Some contracts use a fixed dollar amount. Some use a multiple (2x, 3x) of fees. Some carry a separate, lower cap for direct damages and a higher super-cap for specific categories.
The clause has two parts that both matter. The cap itself, which sets the ceiling. And the exclusions and carve-outs, which name the categories that escape the cap entirely. Common carve-outs include indemnification obligations (especially IP indemnity), breach of confidentiality, gross negligence and willful misconduct, and increasingly, data breach and AI-specific harm. Each carve-out you accept is uncapped exposure.
The drafting discipline is to treat the LoL as a financial decision, not legal boilerplate. The cap should track what the vendor's E&O or cyber insurance will cover. The carve-outs should be limited to risks the company genuinely accepts as uncapped. And the language should be tested against the actual claim scenarios that show up: a data breach, a customer's downstream IP claim, an AI output that triggers a third-party action.