Limitation of liability clauses in EU service agreements operate within a complex framework of national contract law, EU consumer law harmonization, and the Rome I Regulation (EC 593/2008) on choice of law. There is no EU-level statute generally regulating commercial limitation clauses — each Member State applies its own contract law to B2B agreements. EU law intervenes primarily through the Unfair Terms in Consumer Contracts Directive 93/13/EEC for B2C contracts and certain sector-specific instruments. The practical effect is that limitation clauses in cross-border EU service agreements require careful drafting. A cap that is reasonable under English law (the UCTA reasonableness test) may be overridden by mandatory rules in French, German, or Italian contract law. The Rome I Regulation governs choice of law, but Article 9 preserves Member State mandatory rules (lois de police) that cannot be contracted out.
What is a Limitation of Liability?
A limitation of liability clause in an EU service agreement caps and excludes potential liability for performance failures, breach, or damages. The clause is governed by: (1) the governing law chosen under Rome I Regulation Article 3; (2) Member State mandatory rules under Rome I Article 9 (e.g., German BGB §307 control of standard business terms, French Code civil Article 1170 on essential obligations); (3) Unfair Terms in Consumer Contracts Directive 93/13/EEC for B2C contracts; (4) sector-specific EU legislation (e.g., GDPR Article 82 on data protection liability, Digital Services Act for platform contracts); and (5) general principles of contract law in the governing jurisdiction. Tort liability for personal injury or fraud typically cannot be excluded in any Member State.
Red flags to watch for
Rome I Article 9 preserves Member State 'overriding mandatory rules'. A choice of law clause selecting Delaware or Cayman Islands law cannot override mandatory rules in the jurisdiction with the closest connection. The choice may be ineffective in the most relevant Member State.
French Code civil Article 1170 voids clauses that effectively deprive the essential obligation of its substance. A very low cap on a service supplier's core performance obligation may be unenforceable in France regardless of choice of law.
German BGB §305-310 control of general business conditions (AGB-Kontrolle) applies stringent rules to limitation clauses in standard form contracts. Caps below typical reasonable levels, exclusions of foreseeable typical damages, or exclusions of liability for cardinal obligations are unenforceable. This applies even to B2B contracts.
GDPR Article 82 creates statutory liability for material and non-material damage from breach. The liability is direct and statutory, and a contractual cap on this liability vis-à-vis third-party data subjects is ineffective. Cap structures should specifically carve out GDPR liability.
Most EU Member States prohibit exclusion of liability for fraud, gross negligence, or wilful misconduct as a matter of public policy. French Code civil Article 1231-3, Italian Codice civile Article 1229, German BGB §276 all reflect this. An exclusion attempting to cover these categories is void.
Best EU practice — and increasingly the regulatory expectation under GDPR and NIS2 Directive — is that IP infringement indemnity and data breach indemnity sit outside the general cap or have separate higher caps. Bundling these under a single low cap leaves the customer without meaningful recourse.
Member State limitation periods vary (typically 3-10 years for contract claims). Contractual time-bars below national mandatory minimum periods may be unenforceable. German BGB §202 prohibits agreements shortening limitation periods for fraud-based claims below the statutory minimum.
Your legal rights
EU service agreement liability clauses are governed by: Rome I Regulation (EC 593/2008) on choice of law in contractual obligations, with Article 9 preserving overriding mandatory rules of Member States; Member State contract law — Code civil (France), BGB (Germany), Codice civile (Italy), Código Civil (Spain), and equivalent codes — each with mandatory rules on limitation clauses; Unfair Terms in Consumer Contracts Directive 93/13/EEC (B2C only); GDPR Article 82 (data protection liability); Network and Information Security Directive 2 (NIS2) for critical sector contracts; Product Liability Directive 85/374/EEC and successor; sector-specific instruments (Digital Services Act, MiCA, etc.). National implementing legislation in each Member State provides the operative rules. Cross-border disputes are subject to Brussels I Regulation (recast) on jurisdiction.
Questions to ask before you sign
- 1What is the governing law, and does it permit the cap structure proposed?
- 2What Member State mandatory rules apply (e.g., German BGB §307 AGB control, French Code civil Article 1170)?
- 3Does the cap attempt to cover GDPR liability, and is that effective?
- 4Are fraud, gross negligence, and wilful misconduct expressly carved out from the limitation?
- 5Are IP infringement and data breach carved out, with separate higher caps or no cap?
- 6Is the contractual time-bar within the national mandatory limitation period?
- 7If the contract is standard form, does it satisfy national standard-terms control?
Disclaimer: This guide is for educational purposes only and does not constitute legal advice. Contract law varies by jurisdiction and individual circumstances. Always consult a qualified legal professional before making decisions based on this information.