MSA: The Warranty That Doesn't Protect You

The Warranty That Doesn't Protect You

The Illusory Protection pattern appears in many technology agreements: a remedy that appears meaningful but can't structurally function when you need it.

The most common form in MSAs is the warranty-remedy mismatch.

How It Works

Section 8.2 of a typical SaaS MSA says something like:

"Vendor warrants that the Services will perform substantially in accordance with the Documentation during the Subscription Term."

That looks protective. Your vendor is warranting that the product works as described. But the warranty is only as strong as the remedy for breach. Scroll to the limitation of liability section:

"Customer's exclusive remedy for any breach of the foregoing warranty shall be, at Vendor's option, (a) correction of the non-conforming Services, or (b) termination of the affected Order Form and a pro-rata refund of prepaid fees for the remainder of the Subscription Term."

Read that again. Your exclusive remedy is the vendor's choice: fix it or let you leave. If the product failure costs you $2M in lost revenue, your recovery is capped at a pro-rata refund of what you paid. If you paid $200K annually and the breach happened 6 months in, your remedy is $100K.

The warranty exists. The protection doesn't.

The Data Security Version

The same pattern appears in data security provisions, often with more severe consequences.

In the SolarWinds breach — one of the most significant supply chain attacks in enterprise software history — the contractual structure followed this exact pattern (per Contract Teardown Show, "SolarWinds Software Services Agreement", featuring Otto Hanson of TermScout):

• Section 7.2 committed to security measures
• Section 11 eliminated meaningful remedies through an indirect damages waiver
• The liability cap was 12 months of fees with no exception for data security breaches

Most harm from a data breach is consequential (investigation costs, notification costs, regulatory fines, business interruption, reputational damage). The indirect damages waiver excludes exactly those categories. The warranty promises security. The remedy structure ensures you can't recover when security fails.

Benchmarking reality: Of 327 vendor contracts benchmarked by TermScout, 100% waive indirect damages. Only 7 — roughly 2% — offer an elevated liability cap for data security breaches. If your MSA doesn't have a carve-out, you're in the 98%. (Source: Otto Hanson, Founder & CEO of TermScout, via Contract Teardown Show. Verify specific report at termscout.com for current figures.)

Both Sides of the Table

If you're the buyer:

1. Read the warranty AND the exclusive remedy AND the limitation of liability as a single unit — they're designed to work together
2. Push for a data breach carve-out from the liability cap (Snowflake's Terms of Service Section 12(C), last updated April 16, 2026, establishes a 2x "Data Protection Claims Cap" separate from the general liability cap — use it as a benchmark)
3. Reject "at Vendor's option" remedy language — you should choose whether to accept a fix or terminate
4. If the vendor won't move on the cap, negotiate for an insurance requirement instead

If you're the vendor:

1. The warranty-remedy structure IS the business model for enterprise SaaS — unlimited liability is not commercially viable at scale
2. Offering a modest data breach carve-out (2x cap) is a competitive differentiator that costs you almost nothing in most scenarios
3. "At Vendor's option" protects you from customers who want both a fix and a refund; it's worth defending

The Pattern Signal

The Illusory Protection has the strongest co-occurrence with the Missing Provision pattern (one of the tightest pairings in the pattern library). When the warranty is illusory, check: is there a provision that should exist but doesn't? Common missing provisions in MSAs:

• No SLA with financial teeth (uptime warranty without credits)
• No transition assistance on termination (your data is hostage)
• No restrictions on vendor's use of your data for model training