Virginia Caps Supplier Liability in Major IT Procurement Contracts

Cybersecurity & Technology

Under a new law in Virginia that goes into effect on July 1, 2019, contractual liability of certain information technology (IT) suppliers to the Commonwealth of Virginia will generally be capped at a maximum of two times the value of the contract.  The law (which will appear as Section 2.2-2012.1 of the Virginia Code) applies to procurement contracts for any "major information technology project," which is, with some exceptions, any state agency IT project that is under guidance and oversight by the Commonwealth, and that:

             (i) has a total estimated cost of more than $1 million, or
             (ii) has been designated by the Commonwealth's CIO as a major information technology project.

The law mandates that contractual terms relating to indemnification obligations and liability of suppliers on major IT projects "shall be reasonable" and "shall not exceed" in aggregate two times the contract value (the Cap).  The law also prohibits any limitation of liability for intentional or willful misconduct, fraud, or recklessness of the supplier or its employees, or for claims for bodily injury, including death, and damage to real property or tangible personal property resulting from the negligence of the supplier or its employees.

Finally, the law requires that where the CIO believes a major IT project presents an exceptional risk to the Commonwealth, the CIO must conduct a risk assessment prior to issuance of any request for proposal on the project, and if the risk assessment concludes that the project presents an exceptional risk and the Cap is not reasonably adequate, the CIO may seek approval from the Secretary of Administration to increase the Cap to a reasonable maximum alternative that is a multiple of the contract value.

Bobby Turnage leads Sands Anderson’s Cybersecurity and Technology Team. If you have any questions about this post or any other technology contract issues, please reach out to Bobby or a member of the Cybersecurity and Technology Team.     

Subscribe for Updates

Subscribe to receive useful articles, legal updates and firm news to keep you informed and up-to-date on important issues and trends.

Sign Up

Media Contact

Rachel Lufkin
804.783.6799

Email Rachel 

Jump to Page

Sands Anderson Cookie Preference Center

Your Privacy

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek