Outsourcing 2019 Second Edition

Last Updated October 28, 2019

Netherlands

Law and Practice

Authors



Greenberg Traurig, LLP is an international law firm with approximately 2,100 attorneys serving clients from 41 offices in the United States, Latin America, Europe, Asia, and the Middle East. The firm's Technology and Outsourcing team advises on a full range of legal issues impacting outsourcing situations – including tax implications, employment, real property and intellectual property issues. The team consist of more than 50 lawyers, five in Amsterdam. The firm works with companies in industries ranging from financial services, telecommunications, energy, waste disposal, retail, consulting, travel, container manufacturing, municipal government and quick-serve restaurants. The firm's attorneys' structure and negotiate a full spectrum of services for clients from standard transactions to highly complex multinational ITO and BPO transactions. Recent transactions include cross border BPO projects (regarding customs clearance, credit control, billing, human resources, finance and accounting) for multi-national energy companies, global transport companies and global banks.

The key market developments in IT outsourcing are:

  • an increasing focus on “as-a-service” contracts to replace traditional managed services;
  • transition to the cloud, including service providers themselves moving to IAAS; 
  • significantly heightened awareness of, and focus on, data security and privacy;
  • service integration and architecture integration are of increasing importance due to the fact that customers work with a larger number of vendors; and
  • the role of IT departments is under pressure; service providers often work directly with the business within the customer.

The key market developments in BP outsourcing (BPO) are:

  • in BPO it is less about labour arbitration and costs savings, and more about technology transformation and automation;
  • TUPE staff transfers under the Acquired Rights Directive become less common because the parties (including the employees) agree otherwise (which quite often means that the employees are voluntarily made redundant); and
  • companies are implementing Robotic Processing Automation (RPA) as an alternative for BPO, but most programs are not yet yielding the intended results.

The impact of new technology is as follows:

  • customers are increasingly struggling to build up internal capabilities to address new technologies and are therefore relying more on IT providers;
  • AI and robotics heavily impact suppliers in their delivery centres that were traditionally built around labour arbitration; and
  • blockchain/smart contracts are typically applied in a larger ecosystem which requires a different mode of cooperation from traditional client-supplier relationships. The importance of these technologies is currently negligible but we believe this may change soon due to an increase in professional offerings from reputable service providers.

Other key market trends include agile working and DevOps are changing the way companies work with suppliers and SLA’s becoming less relevant as partnership and trust are increasingly seen as a basis for performance. Procurement departments are, therefore, required to change their approach but are struggling to do so.

The political climate in the Netherlands is trending towards stronger protections for workers. Business process outsourcing has come under increasing scrutiny and outsourcing has been construed as mainly aimed at stripping workers of protections they would otherwise have had. Although it is hardly ever the parties’ intention to strip employees of rights, recently PostNL and TempoTeam announced they would halt certain outsourced activities after facing considerable negative coverage in the media.

Data and systems security is starting to be viewed as a matter of public importance. The Minister of Justice recently announced he will investigate the creation of powers that will allow the Government to compel providers to improve their security practises, and even step-in if necessary.

Rules and restrictions on outsourcing apply only in some regulated markets, primarily the financial, insurance, asset management and pensions industries. In other markets, freedom of contract rules.

Industry specific restrictions mainly exist in the financial, insurance, asset management and pensions industries and the regulations are, mostly, based on EU legislation. The regulations concerned include the Dutch Financial Supervision Act (FSA) and a number of directives and resolutions under that Act, the Solvency II Directive and the Solvency II Regulations, the AIFMD, the Pension Act, the Dutch Central Bank’s (DNB) Good Practices for insurers and (separate) for other sectors, the EBA guidelines on outsourcing to cloud service providers. The main principles of these regulations boil down to the following:

  • responsibility cannot be outsourced;
  • the requirement of a written agreement that contains sufficient means for the customer to monitor performance;
  • mandatory disclosure by the supplier of circumstances that may affect continuity;
  • sufficient audit rights for the customer;
  • requirement of a risk analysis;
  • in some sectors the customer must be able to terminate at will (against a termination fee); and
  • giving notice of the intended outsourcing to the supervisors is often required.

The restrictions on data processing and data security are based on the EU General Data Protection Regulation (GDPR), meaning that export from personal data outside the EU is not allowed unless proper contractual documentation and technical measures are in place. Furthermore, specific, highly sensitive data held by the Dutch Government may not be stored in the cloud.

Data security is mainly governed by the EU Directive on security of network and information systems (NIS Directive) and the Cyber Security Act. The Cyber Security Act establishes a certification framework for IT digital products, services and processes. The NIS Directive identifies sectors which are vital for the aspects of economy and society which rely heavily on IT, such as energy, transport, banking and health care. These sectors have to take appropriate security measures and ensure swift notification of any incidents to the relevant authorities.

In accordance with the GDPR, the penalty for a breach is a maximum of 4% of the worldwide turnover of the group belonging to the company that breached the legislation. 

Under the NIS Directive, the maximum penalty amounts to EUR17 million. 

Regarding Data Protection contracts usually contains the following contractual protections:

  • an obligation for the supplier to give notice to the customer of a data breach within 24-48 hours;
  • a detailed data processing agreement between the customer as controller and the supplier as processor;
  • in the case of a data export from the EU, the Standard Contractual Clauses can be used; and
  • very specific and concrete purpose limitations (see Article 6 paragraph 1 (a) of the GDPR).

If parties wish to avoid Cambridge Analytica type of risks they shall include more limitations than covered by the GDPR, mainly on profiling and advertising.

Regarding Security contracts mainly contain the following contractual protections:

  • an obligation on the supplier to implement market standard physical technical and procedural security measures;
  • an obligation to maintain and report on certain certifications (eg, ISO27001, ISAE3000, ISAE3402, etc);
  • an obligation to comply with the customer’s security policies;
  • a right for the customer to undertake penetration testing via a third party;
  • an obligation on the supplier to report actual or potential security breaches; and
  • an obligation to have a Business Continuity Plan and Disaster Recovery Plan in place, concurrent with frequent testing.

There is no standard outsourcing agreement in the Netherlands.

The association of IT suppliers NL Digital has standard terms but these do not, generally, apply to outsourcing. Sourcing Netherlands, the association for outsourcing, has developed a balanced standard form for an outsourcing agreement, which is sometimes implemented. Sophisticated customers will contract on the basis of their own tailored agreement. These agreements are similar to the market standard agreements in the UK and USA. They are very detailed and contain approximately twenty schedules.

The usual model consists of an Asset Transfer Agreement and a separate Services Agreement. For large cross border projects, a framework structure is used, comprising a framework asset transfer agreement and a separate framework services agreement, under which local-to-local asset transfer agreements and services agreements are concluded.

Although alternative models are sometimes used, 95% of outsourcing will be contracted, one-on-one, with an asset transfer agreement and a separate services agreement. Multi-vendor agreements (between the customer and a number of suppliers) are also common. Joint ventures (JV) are rare, mainly because a JV structure is rather complicated and expensive. It will only be used where the customer and suppliers wish jointly to set up a new business.

Originally, SSC’s were set up to centralise and rationalise the IT environments. Later, labour arbitrage (ie, the reduction of the costs of labour) became a factor and, as a result there of, many SSC’s where moved to nearshore and offshore locations. Lately, a number of captive SSC’s have been transferred to suppliers. We are also seeing captive SSC’s co-operate more closely with suppliers in order to benefit from the newest technologies and innovation.

The main customer protections are the following:

  • a detailed service description;
  • appropriate service levels;
  • tailored service credits;
  • an appropriate governance and contract change structure;
  • a benchmarking clause (like-for-like comparison of pricing and service levels);
  • a step-in right; and
  • an audit clause.

The customer can terminate the contract for cause. Serious breaches of services levels and severe data security and privacy incidents are often specifically mentioned as providing cause for termination. Sometimes, outsourcing or services agreements provide a termination right to the customer iwhere there has been a change of control in the supplier, especially in contracts relating to mission critical services or services provided to regulated financial institutions.

Customers can also, almost always, terminate for convenience. In the case of termination for convenience, the customer must pay termination compensation. There is no fixed formula for calculating this compensation as this is a matter of freedom of contract. In general, the compensation consists of unrecovered costs and a small lost-margin component. Furthermore, in the financial industry the customer may terminate the agreement if a regulator requires a termination.

Usually, the supplier can usually only terminate for material breach (most notably, prolonged non-payment of invoices). It is highly unusual to allow a supplier to terminate for convenience.

Dutch statutory law does not define the difference between direct loss and indirect loss. However, under the influence of Anglo-American contracts and terms, the concept is often used in Dutch law agreements. In such an event, it is wise to define exactly the damages considered direct and those considered indirect. However, it can be hard to reach agreement on these distinctions as the customer will try to include as much as possible under the definition of direct damages while the supplier wishes to exclude as much as possible from this definition. It may, therefore, be better practice to refer to the statutory definition of damages and leave the decision to the courts. This means that damages that are reasonably attributable to the event that caused the damages, and to the party that caused the damages, must be paid. In addition, pure loss of profit and turnover can be excluded.

The liability of both parties must always be capped. The market standard caps vary between 12 and 36 months of fees.

Dutch law provides for certain implied terms in relation to inter alia the quality of goods sold and the provision of services. However, these implied terms are typically not mandatory in B2B contracts and are usually explicitly excluded or superseded by the contents of the contract.

The rules governing employee transfers in outsourcing are based on the EU Acquired Rights Directive (ARD). Under the ARD, employees who are predominantly working on the activities that are to be transferred will, where the ARD (as implemented in the Netherlands) applies, transfer to the supplier together with their applicable employment terms and conditions, by operation of law. In general, the ARD will apply if significant assets are to be transferred to continue the economic activity or, in case of labour intensive activities, the majority of the employees (considering number and/or skills) are offered employment by the new service provider. The EU and Dutch case law on ARD/TUPE is numerous and granular, but at essence is based on an ever-increasing protection of employees.

Works council consultation (ie, a right of advice prior to implementing the proposed decision) is almost always required (under Article 25 of the Dutch Works Councils Act).

Trade union consultation is only required in relation to transactions that affect numerous employees (ie, larger transactions) or if this requirement follows from the applicable collective labour agreement.

Market practice on employee transfers in the Netherlands is:

  • application of the principles of the ARD, as described in 5.1 Rules Governing Employee Transfers; and
  • staff transfers under the ARD become less common because the parties (including the employees) agree otherwise, which quite often means that the employees are voluntarily made redundant.

There are no specific rules that apply to asset transfer agreements and freedom of contract prevails. Typical terms include:

  • the description of the assets that transfer, usually concerning hardware, software, licence agreements and people; 
  • the price of the assets, typically being the book value or the fair market value;
  • an “as is, where is” guarantee; and
  • terms regarding the transfer of employees, including indemnities for unintended transfers.
Greenberg Traurig, LLP

Leidseplein 29
1017 PS Amsterdam
The Netherlands

+31 20 301 7300

+31 20 301 7350

www.gtlaw.com
Author Business Card

Law and Practice

Authors



Greenberg Traurig, LLP is an international law firm with approximately 2,100 attorneys serving clients from 41 offices in the United States, Latin America, Europe, Asia, and the Middle East. The firm's Technology and Outsourcing team advises on a full range of legal issues impacting outsourcing situations – including tax implications, employment, real property and intellectual property issues. The team consist of more than 50 lawyers, five in Amsterdam. The firm works with companies in industries ranging from financial services, telecommunications, energy, waste disposal, retail, consulting, travel, container manufacturing, municipal government and quick-serve restaurants. The firm's attorneys' structure and negotiate a full spectrum of services for clients from standard transactions to highly complex multinational ITO and BPO transactions. Recent transactions include cross border BPO projects (regarding customs clearance, credit control, billing, human resources, finance and accounting) for multi-national energy companies, global transport companies and global banks.

Compare law and practice by selecting locations and topic(s)

{{searchBoxHeader}}

Select Topic(s)

loading ...
{{topic.title}}

Please select at least one chapter and one topic to use the compare functionality.