{"formats":[{"name":"JSON","format":"json","url":"\/downloads\/2025\/code-json\/2.2-2012.1.json"},{"name":"Plain Text","format":"text","url":"\/downloads\/2025\/code-text\/2.2-2012.1.txt"},{"name":"XML","format":"xml","url":"\/downloads\/2025\/code-xml\/2.2-2012.1.xml"},{"name":"HTML","format":"html","url":"\/downloads\/2025\/code-html\/2.2-2012.1.html"}],"law_id":60730,"edition_id":1,"section_id":60730,"structure_id":15207,"section_number":"2.2-2012.1","catch_line":"Major information technology project procurement; terms and conditions","history":"2019, cc. 605, 606.","full_text":"A\n\nFor purposes of this section, &#8220;supplier&#8221; means an offeror with whom the Commonwealth has entered into a contract for a major information technology project.B\n\nExcept as provided in subsection C, in any contract for a major information technology project, terms and conditions relating to the indemnification obligations and liability of a supplier shall be reasonable and shall not exceed in aggregate twice the value of the contract. There shall be no limitation on the liability of a supplier for (i) the intentional or willful misconduct, fraud, or recklessness of a supplier or any employee of a supplier or (ii) claims for bodily injury, including death, and damage to real property or tangible personal property resulting from the negligence of a supplier or any employee of a supplier.C\n\nIf the CIO believes that a major information technology project presents an exceptional risk to the Commonwealth, he shall conduct a risk assessment prior to the issuance of a Request for Proposal. Such risk assessment shall include consideration of the nature, processing, and use of sensitive or personally identifiable information. If the risk assessment concludes that the project presents an exceptional risk to the Commonwealth and the limitation of liability amount provided in subsection B is not reasonably adequate to protect the interest of the Commonwealth, the CIO may recommend and request approval by the Secretary of Administration to increase the limitation of liability amount.\n\t\t\tThe CIO shall make such recommendation in writing setting forth the reasons that the limitations in subsection B are not adequate to protect the Commonwealth&#8217;s interests. The recommendation shall describe the risks presented to the Commonwealth and how those risks are not sufficiently mitigated by the expected terms and conditions associated with the Request for Proposal. The CIO shall recommend a reasonable maximum alternative limitation of liability amount that is a multiple of the contract value, with the same exceptions to the limitation as provided in subsection B.\n\t\t\tThe Secretary of Administration shall review and may approve any recommended maximum alternative limitation of liability amount to be included in any Request for Proposal issued for the project. The CIO shall annually publish a list of all approvals granted under this subsection pertaining to any Request for Proposal issued in the previous 12-month period.D\n\nNotwithstanding the provisions of this section, the Commonwealth may agree to a lower limitation for any contract subject to subsection B or C.","order_by":null,"text":{"0":{"id":222041,"text":"For purposes of this section, &#8220;supplier&#8221; means an offeror with whom the Commonwealth has entered into a contract for a major information technology project.","type":"section","prefixes":["A"],"prefix":"A","entire_prefix":"A","prefix_anchor":"A","level":1,"next_prefix":"B"},"1":{"id":222042,"text":"Except as provided in subsection C, in any contract for a major information technology project, terms and conditions relating to the indemnification obligations and liability of a supplier shall be reasonable and shall not exceed in aggregate twice the value of the contract. There shall be no limitation on the liability of a supplier for (i) the intentional or willful misconduct, fraud, or recklessness of a supplier or any employee of a supplier or (ii) claims for bodily injury, including death, and damage to real property or tangible personal property resulting from the negligence of a supplier or any employee of a supplier.","type":"section","prefixes":["B"],"prefix":"B","entire_prefix":"B","prefix_anchor":"B","level":1,"prior_prefix":"A","next_prefix":"C"},"2":{"id":222043,"text":"If the CIO believes that a major information technology project presents an exceptional risk to the Commonwealth, he shall conduct a risk assessment prior to the issuance of a Request for Proposal. Such risk assessment shall include consideration of the nature, processing, and use of sensitive or personally identifiable information. If the risk assessment concludes that the project presents an exceptional risk to the Commonwealth and the limitation of liability amount provided in subsection B is not reasonably adequate to protect the interest of the Commonwealth, the CIO may recommend and request approval by the Secretary of Administration to increase the limitation of liability amount.\n\t\t\tThe CIO shall make such recommendation in writing setting forth the reasons that the limitations in subsection B are not adequate to protect the Commonwealth&#8217;s interests. The recommendation shall describe the risks presented to the Commonwealth and how those risks are not sufficiently mitigated by the expected terms and conditions associated with the Request for Proposal. The CIO shall recommend a reasonable maximum alternative limitation of liability amount that is a multiple of the contract value, with the same exceptions to the limitation as provided in subsection B.\n\t\t\tThe Secretary of Administration shall review and may approve any recommended maximum alternative limitation of liability amount to be included in any Request for Proposal issued for the project. The CIO shall annually publish a list of all approvals granted under this subsection pertaining to any Request for Proposal issued in the previous 12-month period.","type":"section","prefixes":["C"],"prefix":"C","entire_prefix":"C","prefix_anchor":"C","level":1,"prior_prefix":"B","next_prefix":"D"},"3":{"id":222044,"text":"Notwithstanding the provisions of this section, the Commonwealth may agree to a lower limitation for any contract subject to subsection B or C.","type":"section","prefixes":["D"],"prefix":"D","entire_prefix":"D","prefix_anchor":"D","level":1,"prior_prefix":"C"}},"ancestry":[{"id":15207,"edition_id":1,"name":"General Provisions","identifier":"1","label":"article","depth":5,"order_by":1,"parent_id":14335,"metadata":{},"date_created":"2026-06-26 03:52:58","date_modified":"2026-06-26 03:52:58","permalink":{"id":173433,"object_type":"structure","relational_id":15207,"identifier":"1","token":"2.2\/I\/C\/20.1\/1","url":"\/2.2\/I\/C\/20.1\/1\/","edition_id":1,"permalink":0,"preferred":1}},{"id":14335,"edition_id":1,"name":"Virginia Information Technologies Agency","identifier":"20.1","label":"chapter","depth":4,"order_by":1,"parent_id":13092,"metadata":{},"date_created":"2026-06-26 03:47:47","date_modified":"2026-06-26 03:47:47","permalink":{"id":173431,"object_type":"structure","relational_id":14335,"identifier":"20.1","token":"2.2\/I\/C\/20.1","url":"\/2.2\/I\/C\/20.1\/","edition_id":1,"permalink":0,"preferred":1}},{"id":13092,"edition_id":1,"name":"State Agencies Related to the General Operation of Government","identifier":"C","label":"part","depth":3,"order_by":1,"parent_id":12784,"metadata":{},"date_created":"2026-06-26 03:44:16","date_modified":"2026-06-26 03:44:16","permalink":{"id":172453,"object_type":"structure","relational_id":13092,"identifier":"C","token":"2.2\/I\/C","url":"\/2.2\/I\/C\/","edition_id":1,"permalink":0,"preferred":1}},{"id":12784,"edition_id":1,"name":"Organization of State Government","identifier":"I","label":"subtitle","depth":2,"order_by":1,"parent_id":12749,"metadata":{},"date_created":"2026-06-26 03:43:53","date_modified":"2026-06-26 03:43:53","permalink":{"id":171455,"object_type":"structure","relational_id":12784,"identifier":"I","token":"2.2\/I","url":"\/2.2\/I\/","edition_id":1,"permalink":0,"preferred":1}},{"id":12749,"edition_id":1,"name":"Administration of Government","identifier":"2.2","label":"title","depth":1,"order_by":1,"parent_id":null,"metadata":{},"date_created":"2026-06-26 03:43:51","date_modified":"2026-06-26 03:43:51","permalink":{"id":171453,"object_type":"structure","relational_id":12749,"identifier":"2.2","token":"2.2","url":"\/2.2\/","edition_id":1,"permalink":0,"preferred":1}}],"structure_contents":[{"id":73383,"structure_id":15207,"section_number":"2.2-2005","catch_line":"Creation of Agency; appointment of Chief Information Officer","url":"\/2.2-2005\/","token":"2.2\/I\/C\/20.1\/1\/2.2-2005","metadata":false},{"id":67174,"structure_id":15207,"section_number":"2.2-2006","catch_line":"Definitions","url":"\/2.2-2006\/","token":"2.2\/I\/C\/20.1\/1\/2.2-2006","metadata":false},{"id":80478,"structure_id":15207,"section_number":"2.2-2007","catch_line":"Powers of the CIO","url":"\/2.2-2007\/","token":"2.2\/I\/C\/20.1\/1\/2.2-2007","metadata":false},{"id":63438,"structure_id":15207,"section_number":"2.2-2007.1","catch_line":"Additional duties of the CIO relating to information technology planning and budgeting","url":"\/2.2-2007.1\/","token":"2.2\/I\/C\/20.1\/1\/2.2-2007.1","metadata":false},{"id":82467,"structure_id":15207,"section_number":"2.2-2008","catch_line":"Repealed","url":"\/2.2-2008\/","token":"2.2\/I\/C\/20.1\/1\/2.2-2008","metadata":false},{"id":57889,"structure_id":15207,"section_number":"2.2-2009","catch_line":"Additional duties of the CIO relating to security of government information","url":"\/2.2-2009\/","token":"2.2\/I\/C\/20.1\/1\/2.2-2009","metadata":false},{"id":80320,"structure_id":15207,"section_number":"2.2-2010","catch_line":"Repealed","url":"\/2.2-2010\/","token":"2.2\/I\/C\/20.1\/1\/2.2-2010","metadata":false},{"id":62483,"structure_id":15207,"section_number":"2.2-2011","catch_line":"Additional powers and duties relating to development, management, and operation of information technology","url":"\/2.2-2011\/","token":"2.2\/I\/C\/20.1\/1\/2.2-2011","metadata":false},{"id":74110,"structure_id":15207,"section_number":"2.2-2012","catch_line":"Additional powers and duties related to the procurement of information technology","url":"\/2.2-2012\/","token":"2.2\/I\/C\/20.1\/1\/2.2-2012","metadata":false},{"id":60730,"structure_id":15207,"section_number":"2.2-2012.1","catch_line":"Major information technology project procurement; terms and conditions","url":"\/2.2-2012.1\/","token":"2.2\/I\/C\/20.1\/1\/2.2-2012.1","metadata":false},{"id":61119,"structure_id":15207,"section_number":"2.2-2013","catch_line":"Internal service and special funds","url":"\/2.2-2013\/","token":"2.2\/I\/C\/20.1\/1\/2.2-2013","metadata":false},{"id":78759,"structure_id":15207,"section_number":"2.2-2014","catch_line":"Submission of information technology plans by state agencies and public institutions of higher education; designation of technology resource","url":"\/2.2-2014\/","token":"2.2\/I\/C\/20.1\/1\/2.2-2014","metadata":false},{"id":83513,"structure_id":15207,"section_number":"2.2-2015","catch_line":"Repealed","url":"\/2.2-2015\/","token":"2.2\/I\/C\/20.1\/1\/2.2-2015","metadata":false}],"previous_section":{"id":74110,"structure_id":15207,"section_number":"2.2-2012","catch_line":"Additional powers and duties related to the procurement of information technology","url":"\/2.2-2012\/","token":"2.2\/I\/C\/20.1\/1\/2.2-2012","metadata":false},"next_section":{"id":61119,"structure_id":15207,"section_number":"2.2-2013","catch_line":"Internal service and special funds","url":"\/2.2-2013\/","token":"2.2\/I\/C\/20.1\/1\/2.2-2013","metadata":false},"metadata":false,"official_url":"https:\/\/law.lis.virginia.gov\/vacode\/2.2-2012.1\/","history_text":"<p>This law was first created in 2019. The record of its establishment is cataloged in chapters <a href=\"https:\/\/legacylis.virginia.gov\/cgi-bin\/legp604.exe?191+ful+CHAP0605\">605<\/a> and <a href=\"https:\/\/legacylis.virginia.gov\/cgi-bin\/legp604.exe?191+ful+CHAP0606\">606<\/a> of that year\u2019s edition of \u201cActs of Assembly,\u201d the annual state publication listing all changes made to the Code of Virginia in that year.<\/p>","references":false,"refers_to":false,"permalink":{"id":173471,"object_type":"law","relational_id":60730,"identifier":"2.2-2012.1","token":"2.2\/I\/C\/20.1\/1\/2.2-2012.1","url":"\/2.2-2012.1\/","edition_id":1,"permalink":0,"preferred":1},"url":"\/2.2-2012.1\/","token":"2.2\/I\/C\/20.1\/1\/2.2-2012.1","dublin_core":{"Title":"Major information technology project procurement; terms and conditions","Type":"Text","Format":"text\/html","Identifier":"\u00a7 2.2-2012.1","Relation":"Code of Virginia"},"html":"\n\t\t\t\t\t\t<section id=\"A\"><p><span class=\"prefix-number\">A.<\/span> For purposes of this section, &#8220;<span class=\"dictionary\">supplier<\/span>&#8221; means an offeror with whom the Commonwealth has entered into a <span class=\"dictionary\">contract<\/span> for a <span class=\"dictionary\">major information technology project<\/span>. <a id=\"paragraph-222041\" class=\"section-permalink\" href=\"https:\/\/vacode.org\/2.2-2012.1\/#A\"><i class=\"fa fa-link\"><\/i><\/a><\/p><\/section>\n\t\t\t\t\t\t<section id=\"B\"><p><span class=\"prefix-number\">B.<\/span> Except as provided in subsection C, in any <span class=\"dictionary\">contract<\/span> for a <span class=\"dictionary\">major information technology project<\/span>, terms and conditions relating to the indemnification obligations and liability of a <span class=\"dictionary\">supplier<\/span> shall be reasonable and shall not exceed in aggregate twice the value of the <span class=\"dictionary\">contract<\/span>. There shall be no limitation on the liability of a <span class=\"dictionary\">supplier<\/span> for (i) the intentional or willful misconduct, <span class=\"dictionary\">fraud<\/span>, or <span class=\"dictionary\">recklessness<\/span> of a <span class=\"dictionary\">supplier<\/span> or any employee of a <span class=\"dictionary\">supplier<\/span> or (ii) claims for bodily injury, including death, and damage to real property or tangible personal property resulting from the <span class=\"dictionary\">negligence<\/span> of a <span class=\"dictionary\">supplier<\/span> or any employee of a <span class=\"dictionary\">supplier<\/span>. <a id=\"paragraph-222042\" class=\"section-permalink\" href=\"https:\/\/vacode.org\/2.2-2012.1\/#B\"><i class=\"fa fa-link\"><\/i><\/a><\/p><\/section>\n\t\t\t\t\t\t<section id=\"C\"><p><span class=\"prefix-number\">C.<\/span> If the CIO believes that a <span class=\"dictionary\">major information technology project<\/span> presents an exceptional risk to the Commonwealth, he shall conduct a risk assessment prior to the issuance of a Request for Proposal. Such risk assessment shall include consideration of the nature, processing, and use of sensitive or personally identifiable information. If the risk assessment concludes that the project presents an exceptional risk to the Commonwealth and the limitation of liability amount provided in subsection B is not reasonably adequate to protect the interest of the Commonwealth, the CIO may recommend and request approval by the <span class=\"dictionary\">Secretary<\/span> of Administration to increase the limitation of liability amount.\n\t\t\tThe CIO shall make such recommendation in writing setting forth the reasons that the limitations in subsection B are not adequate to protect the Commonwealth&#8217;s interests. The recommendation shall describe the risks presented to the Commonwealth and how those risks are not sufficiently mitigated by the expected terms and conditions associated with the Request for Proposal. The CIO shall recommend a reasonable maximum alternative limitation of liability amount that is a multiple of the <span class=\"dictionary\">contract<\/span> value, with the same exceptions to the limitation as provided in subsection B.\n\t\t\tThe <span class=\"dictionary\">Secretary<\/span> of Administration shall review and may approve any recommended maximum alternative limitation of liability amount to be included in any Request for Proposal issued for the project. The CIO shall annually publish a list of all approvals granted under this subsection pertaining to any Request for Proposal issued in the previous 12-month period. <a id=\"paragraph-222043\" class=\"section-permalink\" href=\"https:\/\/vacode.org\/2.2-2012.1\/#C\"><i class=\"fa fa-link\"><\/i><\/a><\/p><\/section>\n\t\t\t\t\t\t<section id=\"D\"><p><span class=\"prefix-number\">D.<\/span> Notwithstanding the provisions of this section, the Commonwealth may agree to a lower limitation for any <span class=\"dictionary\">contract<\/span> subject to subsection B or C. <a id=\"paragraph-222044\" class=\"section-permalink\" href=\"https:\/\/vacode.org\/2.2-2012.1\/#D\"><i class=\"fa fa-link\"><\/i><\/a><\/p><\/section>","plain_text":"                                 CODE OF VIRGINIA\n\nMAJOR INFORMATION TECHNOLOGY PROJECT PROCUREMENT; TERMS AND CONDITIONS (\u00a7\n2.2-2012.1)\n\nA. For purposes of this section, &#8220;supplier&#8221; means an offeror with\nwhom the Commonwealth has entered into a contract for a major information\ntechnology project.\n\nB. Except as provided in subsection C, in any contract for a major information\ntechnology project, terms and conditions relating to the indemnification\nobligations and liability of a supplier shall be reasonable and shall not exceed\nin aggregate twice the value of the contract. There shall be no limitation on\nthe liability of a supplier for (i) the intentional or willful misconduct,\nfraud, or recklessness of a supplier or any employee of a supplier or (ii)\nclaims for bodily injury, including death, and damage to real property or\ntangible personal property resulting from the negligence of a supplier or any\nemployee of a supplier.\n\nC. If the CIO believes that a major information technology project presents an\nexceptional risk to the Commonwealth, he shall conduct a risk assessment prior\nto the issuance of a Request for Proposal. Such risk assessment shall include\nconsideration of the nature, processing, and use of sensitive or personally\nidentifiable information. If the risk assessment concludes that the project\npresents an exceptional risk to the Commonwealth and the limitation of liability\namount provided in subsection B is not reasonably adequate to protect the\ninterest of the Commonwealth, the CIO may recommend and request approval by the\nSecretary of Administration to increase the limitation of liability amount.\n\t\t\tThe CIO shall make such recommendation in writing setting forth the reasons\nthat the limitations in subsection B are not adequate to protect the\nCommonwealth&#8217;s interests. The recommendation shall describe the risks\npresented to the Commonwealth and how those risks are not sufficiently mitigated\nby the expected terms and conditions associated with the Request for Proposal.\nThe CIO shall recommend a reasonable maximum alternative limitation of liability\namount that is a multiple of the contract value, with the same exceptions to the\nlimitation as provided in subsection B.\n\t\t\tThe Secretary of Administration shall review and may approve any recommended\nmaximum alternative limitation of liability amount to be included in any Request\nfor Proposal issued for the project. The CIO shall annually publish a list of\nall approvals granted under this subsection pertaining to any Request for\nProposal issued in the previous 12-month period.\n\nD. Notwithstanding the provisions of this section, the Commonwealth may agree to\na lower limitation for any contract subject to subsection B or C.\n\nHISTORY: 2019, cc. 605, 606.","edition":{"id":1,"name":"2025","slug":"2025","date_created":"2026-06-21 22:39:22","date_modified":"2026-06-21 22:39:22","current":1,"order_by":1,"last_import":null}}