Under a new law in Virginia that goes into effect on July 1, 2019, contractual liability of certain information technology (IT) suppliers to the Commonwealth of Virginia will generally be capped at a maximum of two times the value of the contract. The law (which will appear as Section 2.2-2012.1 of the Virginia Code) applies to procurement contracts for any “major information technology project,” which is, with some exceptions, any state agency IT project that is under guidance and oversight by the Commonwealth, and that:
(i) has a total estimated cost of more than $1 million, or
(ii) has been designated by the Commonwealth’s CIO as a major information technology project.
The law mandates that contractual terms relating to indemnification obligations and liability of suppliers on major IT projects “shall be reasonable” and “shall not exceed” in aggregate two times the contract value (the Cap). The law also prohibits any limitation of liability for intentional or willful misconduct, fraud, or recklessness of the supplier or its employees, or for claims for bodily injury, including death, and damage to real property or tangible personal property resulting from the negligence of the supplier or its employees.
Finally, the law requires that where the CIO believes a major IT project presents an exceptional risk to the Commonwealth, the CIO must conduct a risk assessment prior to issuance of any request for proposal on the project, and if the risk assessment concludes that the project presents an exceptional risk and the Cap is not reasonably adequate, the CIO may seek approval from the Secretary of Administration to increase the Cap to a reasonable maximum alternative that is a multiple of the contract value.
Bobby Turnage leads Sands Anderson’s Cybersecurity and Technology Team. If you have any questions about this post or any other technology contract issues, please reach out to Bobby or a member of the Cybersecurity and Technology Team.