Contributed By Greenberg Traurig, LLP
The key market developments in IT outsourcing are:
The key market developments in BP outsourcing (BPO) are:
The impact of new technology is as follows:
Other key market trends include agile working and DevOps are changing the way companies work with suppliers and SLA’s becoming less relevant as partnership and trust are increasingly seen as a basis for performance. Procurement departments are, therefore, required to change their approach but are struggling to do so.
The political climate in the Netherlands is trending towards stronger protections for workers. Business process outsourcing has come under increasing scrutiny and outsourcing has been construed as mainly aimed at stripping workers of protections they would otherwise have had. Although it is hardly ever the parties’ intention to strip employees of rights, recently PostNL and TempoTeam announced they would halt certain outsourced activities after facing considerable negative coverage in the media.
Data and systems security is starting to be viewed as a matter of public importance. The Minister of Justice recently announced he will investigate the creation of powers that will allow the Government to compel providers to improve their security practises, and even step-in if necessary.
Rules and restrictions on outsourcing apply only in some regulated markets, primarily the financial, insurance, asset management and pensions industries. In other markets, freedom of contract rules.
Industry specific restrictions mainly exist in the financial, insurance, asset management and pensions industries and the regulations are, mostly, based on EU legislation. The regulations concerned include the Dutch Financial Supervision Act (FSA) and a number of directives and resolutions under that Act, the Solvency II Directive and the Solvency II Regulations, the AIFMD, the Pension Act, the Dutch Central Bank’s (DNB) Good Practices for insurers and (separate) for other sectors, the EBA guidelines on outsourcing to cloud service providers. The main principles of these regulations boil down to the following:
The restrictions on data processing and data security are based on the EU General Data Protection Regulation (GDPR), meaning that export from personal data outside the EU is not allowed unless proper contractual documentation and technical measures are in place. Furthermore, specific, highly sensitive data held by the Dutch Government may not be stored in the cloud.
Data security is mainly governed by the EU Directive on security of network and information systems (NIS Directive) and the Cyber Security Act. The Cyber Security Act establishes a certification framework for IT digital products, services and processes. The NIS Directive identifies sectors which are vital for the aspects of economy and society which rely heavily on IT, such as energy, transport, banking and health care. These sectors have to take appropriate security measures and ensure swift notification of any incidents to the relevant authorities.
In accordance with the GDPR, the penalty for a breach is a maximum of 4% of the worldwide turnover of the group belonging to the company that breached the legislation.
Under the NIS Directive, the maximum penalty amounts to EUR17 million.
Regarding Data Protection contracts usually contains the following contractual protections:
If parties wish to avoid Cambridge Analytica type of risks they shall include more limitations than covered by the GDPR, mainly on profiling and advertising.
Regarding Security contracts mainly contain the following contractual protections:
There is no standard outsourcing agreement in the Netherlands.
The association of IT suppliers NL Digital has standard terms but these do not, generally, apply to outsourcing. Sourcing Netherlands, the association for outsourcing, has developed a balanced standard form for an outsourcing agreement, which is sometimes implemented. Sophisticated customers will contract on the basis of their own tailored agreement. These agreements are similar to the market standard agreements in the UK and USA. They are very detailed and contain approximately twenty schedules.
The usual model consists of an Asset Transfer Agreement and a separate Services Agreement. For large cross border projects, a framework structure is used, comprising a framework asset transfer agreement and a separate framework services agreement, under which local-to-local asset transfer agreements and services agreements are concluded.
Although alternative models are sometimes used, 95% of outsourcing will be contracted, one-on-one, with an asset transfer agreement and a separate services agreement. Multi-vendor agreements (between the customer and a number of suppliers) are also common. Joint ventures (JV) are rare, mainly because a JV structure is rather complicated and expensive. It will only be used where the customer and suppliers wish jointly to set up a new business.
Originally, SSC’s were set up to centralise and rationalise the IT environments. Later, labour arbitrage (ie, the reduction of the costs of labour) became a factor and, as a result there of, many SSC’s where moved to nearshore and offshore locations. Lately, a number of captive SSC’s have been transferred to suppliers. We are also seeing captive SSC’s co-operate more closely with suppliers in order to benefit from the newest technologies and innovation.
The main customer protections are the following:
The customer can terminate the contract for cause. Serious breaches of services levels and severe data security and privacy incidents are often specifically mentioned as providing cause for termination. Sometimes, outsourcing or services agreements provide a termination right to the customer iwhere there has been a change of control in the supplier, especially in contracts relating to mission critical services or services provided to regulated financial institutions.
Customers can also, almost always, terminate for convenience. In the case of termination for convenience, the customer must pay termination compensation. There is no fixed formula for calculating this compensation as this is a matter of freedom of contract. In general, the compensation consists of unrecovered costs and a small lost-margin component. Furthermore, in the financial industry the customer may terminate the agreement if a regulator requires a termination.
Usually, the supplier can usually only terminate for material breach (most notably, prolonged non-payment of invoices). It is highly unusual to allow a supplier to terminate for convenience.
Dutch statutory law does not define the difference between direct loss and indirect loss. However, under the influence of Anglo-American contracts and terms, the concept is often used in Dutch law agreements. In such an event, it is wise to define exactly the damages considered direct and those considered indirect. However, it can be hard to reach agreement on these distinctions as the customer will try to include as much as possible under the definition of direct damages while the supplier wishes to exclude as much as possible from this definition. It may, therefore, be better practice to refer to the statutory definition of damages and leave the decision to the courts. This means that damages that are reasonably attributable to the event that caused the damages, and to the party that caused the damages, must be paid. In addition, pure loss of profit and turnover can be excluded.
The liability of both parties must always be capped. The market standard caps vary between 12 and 36 months of fees.
Dutch law provides for certain implied terms in relation to inter alia the quality of goods sold and the provision of services. However, these implied terms are typically not mandatory in B2B contracts and are usually explicitly excluded or superseded by the contents of the contract.
The rules governing employee transfers in outsourcing are based on the EU Acquired Rights Directive (ARD). Under the ARD, employees who are predominantly working on the activities that are to be transferred will, where the ARD (as implemented in the Netherlands) applies, transfer to the supplier together with their applicable employment terms and conditions, by operation of law. In general, the ARD will apply if significant assets are to be transferred to continue the economic activity or, in case of labour intensive activities, the majority of the employees (considering number and/or skills) are offered employment by the new service provider. The EU and Dutch case law on ARD/TUPE is numerous and granular, but at essence is based on an ever-increasing protection of employees.
Works council consultation (ie, a right of advice prior to implementing the proposed decision) is almost always required (under Article 25 of the Dutch Works Councils Act).
Trade union consultation is only required in relation to transactions that affect numerous employees (ie, larger transactions) or if this requirement follows from the applicable collective labour agreement.
Market practice on employee transfers in the Netherlands is:
There are no specific rules that apply to asset transfer agreements and freedom of contract prevails. Typical terms include:
1017 PS Amsterdam
+31 20 301 7300
+31 20 301 7350www.gtlaw.com