Outsourcing 2021

Last Updated October 28, 2021

New Zealand

Law and Practice


Russell McVeagh is a premier law firm in New Zealand, with offices in both Auckland and Wellington. Russell McVeagh's outsourcing team boasts award-winning lawyers who possess exceptional thought-leadership, depth of experience and the ability to translate complex legal issues into client success stories. The firm's technology and outsourcing practice collaborates with other specialist teams around the firm as necessary to provide clear, pragmatic and innovative advice. The team counts among its clients some of the world's largest technology companies and also acts for all of the major New Zealand banks, as well as many of New Zealand's largest companies, including the majority of New Zealand's largest listed companies. Russell McVeagh has advised on numerous large-scale outsourcing transactions in the past 12 months for both public and private sector clients, including acting for one of New Zealand's largest companies on the outsourcing of its global application support, maintenance and development requirements across more than 30 jurisdictions.

New Zealand organisations continue to outsource in-house IT capability to local and global IT service providers and to consolidate previously multi-sourced environments with strategic partners. Key drivers tend to be reducing cost and complexity, taking advantage of specialist capabilities and modernising ageing estates, increasing efficiency and improving the security, performance and user experience associated with IT systems. This trend has been accelerated following New Zealand's COVID-19 pandemic-related Alert Level 4 lockdowns, in connection with which many organisations have been forced to invest in the digitisation of previously manual processes and associated back-end systems.

There has been a continued shift towards cloud computing, with organisations now tending to move away from owning or contracting for physical IT assets, in favour of leveraging third-party cloud environments (IaaS) and utilising software (SaaS) and platform (PaaS) solutions. Among other things, this allows organisations to enjoy the cost-efficiencies and other benefits associated with a fully scalable model. Further areas of development include solutions that increasingly offer value-added services powered by artificial intelligence (AI) and machine learning, core systems and functions such as payroll/HR, ERP, finance and, increasingly, security, commonly being outsourced to third parties on an end to end "as-a-service" basis and a focus on Internet of Things (IoT) capability. Increasingly, organisations that have IT at the core of their service-offering are also demonstrating a desire to outsource both back-end and customer-facing IT functions to third-party IT outsource service providers.

Business process (BP) outsourcing has grown in line with IT outsourcing developments. However, solutions being procured are increasingly digitalised and a general convergence of BP and IT outsourcing has been seen in many areas, including in relation to HR, ERP and finance functions. As with IT outsourcing, this trend has been accelerated since New Zealand's COVID-19-related Alert Level 4 lockdowns, in connection with which many organisations were forced to invest in the digitisation of previously manual processes.

New and emerging technologies, including AI, blockchain, IoT and next-generation robotics, are not new to the New Zealand market and it is well understood that such technologies provide opportunities to solve business issues, improve efficiency and increase profitability.

However, the adoption of these technologies has not been as widespread in New Zealand as perhaps was initially expected. As is the case in many jurisdictions, emerging technologies are suffering the effects of regulatory lag, which has caused uncertainty as to how regulators and legislators will react to novel or perceived high-risk applications. As such, it seems that many organisations are wary of investing significant resources in these new technologies early on, owing to the risk of potentially costly re-engineering being required as a result of subsequent changes in the law.

However, government-led initiatives are emerging in the technology space, including:

  • the government's recent announcement to establish a mandatory consumer data right framework for New Zealand;
  • the development of a national digital strategy;
  • the introduction of an AI algorithm charter for public sector agencies;
  • consultation on the use of autonomous weapons as part of its disarmament policy; and
  • other government-led initiatives such as the Digital Industry Transformation Plan (ITP).

There has also been significant government investment in areas such as digital learning platforms and contact tracing apps as a result of COVID-19 (discussed below in more detail).

Outsourcing is not separately regulated in New Zealand. Rather, whether or not a particular outsourcing arrangement will be the subject of a specific regulatory regime will largely depend on the customer's industry and the specific nature of the arrangement, including details of the customer, industry and type of outsourcing. 

While not relating to outsourcing specifically, New Zealand's competition law (Commerce Act) contains prohibitions against cartel agreements between competitors. Namely, it is illegal "cartel conduct" for competing businesses to agree:

  • what prices each will charge customers in competition with each other (known as "price fixing");
  • what customers or territories each will supply, or will not supply, in competition with each other (known as "market allocation"); and
  • to not supply certain goods or services in competition with each other (known as an "output restriction agreement").

These prohibitions could apply to an outsourcing agreement where the provider of outsourced services is also a competitor of the customer of those services. Illegal conduct can be found without a written agreement and an informal expectation between competitors that they will act in a certain way is sufficient to breach the Commerce Act. Therefore, discussions with outsourcing partners that are also competitors should not "spillover" into informal understandings as to how each competes for customers and the parties should avoid sharing commercially sensitive information (such as pricing information) with each other in the areas in which they compete.

The Commerce Act contains an exemption from the cartel prohibition for clauses included in supply contracts (such as an IT outsourcing contract), provided those clauses do not have the purpose of lessening competition between the parties. This is increasingly an area to watch in New Zealand as IT service providers are, more and more, outsourcing their own IT operations to outsource service providers who may also be competitors in some markets.

While there is no legislation that applies to outsourcing generally in New Zealand, there is specific guidance given to these arrangements in particular industries and by particular regulators, including financial services, the public sector, certain infrastructure providers, and regulated businesses more generally.

Financial Services

The financial services sector in New Zealand is regulated by the Financial Markets Authority, and subject to (among other legislative requirements) the Financial Advisers Act 2008 (FAA). Outsourcing is not generally restricted to the provision of financial services. However, the FAA specifically prescribes liability for compliance with statutory duties where brokers and financial advisers outsource their services.

If a broker contracts out broking services to another business (for example, to a custodian) the broker remains responsible to the client for broking services. The person providing the outsourced broking services is required to register on the Financial Service Providers Register as providing broking services but will not have any broker obligations under the FAA if it is acting on behalf of the other broker's business.

A new financial advisers' regime, that came into force on 15 March 2021, requires financial advisors to take all reasonable steps to ensure that the person or entity to whom they have outsourced services complies with their duties under the FAA.


Large New Zealand banks are generally subject to a standard condition of registration that requires banks to continue to meet specific outcomes, despite outsourcing.

In 2017, the prudential regulator of New Zealand, the Reserve Bank (RBNZ) introduced a revised outsourcing policy, and banks were given a five-year transition period to comply. Given the difficulties in resourcing associated with COVID-19, the RBNZ has extended this transition period to six years, requiring implementation work to be complete in 2022. Banks are required to conduct an independent review each year to ensure progress toward compliance is sufficient. From 1 October 2023, the RBNZ will be empowered to take enforcement action against any New Zealand bank to ensure compliance with these conditions. Relevant requirements under the RBNZ outsourcing policy include that New Zealand banks seeking to implement any outsourcing arrangement must, depending on the circumstances of the outsourcing:

  • have the relevant risk mitigation requirements (as specified for particular circumstances in the outsourcing policy) in place at all times;
  • have robust backup capability in place if the arrangement is with another related or independent third party;
  • ensure that the outsourcing arrangement contains the contractual terms prescribed in the outsourcing policy;
  • in some cases, obtain non-objection from the RBNZ before entering into the arrangement;
  • maintain, annually review, and provide to the RBNZ on request, a compendium of outsourcing arrangements; and
  • have a separation plan (which is tested annually), to provide for the steps a bank would take to ensure the services covered by the outsourcing arrangement would continue to be provided in the event of failure of the arrangement.

The RBNZ maintains an extensive "White List" of outsourcing arrangements that are exempt from the outsourcing policy.

Public Sector

All public service departments, including the New Zealand Defence Force, New Zealand Police, New Zealand Security Intelligence Service and Parliamentary Counsel Office (collectively the "Agencies") are directed by the New Zealand government to implement the Protective Security Requirements (PSRs). The PSRs are a set of mandatory requirements, a number of which are focused on information security, which is the government's primary concern in the outsourcing of its Agencies' responsibilities.

The PSRs include guidelines and policies for managing protected information when outsourcing and offshoring, in particular:

  • agencies considering using cloud services must contact the Government Chief Digital Officer for advice and guidance and follow that advice and guidance;
  • agencies planning to use cloud services must perform a formal risk assessment, which includes identifying the controls needed to manage the information security and privacy risks associated with their use of the service; and
  • agencies must verify that they have put effective controls in place to manage security and privacy risks before certifying and accrediting the service for use.

More broadly, the Government Procurement Rules are mandatory for all government departments, the New Zealand Police and Defence Force, and most Crown entities when the procurement is worth more than NZD100,000 (or NZD9 million for new construction works). These Rules focus on promoting public value and include explicit requirements for agencies to consider in their procurement arrangements (such as increasing the domestic workforce and supporting the transition to a zero net emissions economy).

Other Regulated Sectors

Many businesses in New Zealand that conduct operations in regulated industries are subject to licensing, approval, and certification requirements, and other ongoing price, governance and quality obligations set out in statutes, rules and regulations. While outsourcing in these industries is not specifically regulated or prohibited, there are other considerations that those looking to outsource should take into account. For example, in New Zealand, the following sectors are subject to industry-specific regulation:

  • aviation is governed by the Civil Aviation Act 1990, Airport Authorities Act 1966 (which are both currently under review), and the Civil Aviation Rules. The Civil Aviation Authority and the Commerce Commission monitor compliance with regulations;
  • energy is governed by the Electricity Industry Act 2010 and Electricity Industry Participation Code, and is regulated by the Electricity Authority and the Commerce Commission;
  • food is governed by a number of Acts and Codes, and regulated by the Australia New Zealand Food Standards Authority and the Ministry of Health;
  • medicines and medical devices are governed by the Medicines Act 1981 and are monitored by the Ministry of Health;
  • road transport is governed by the Land Transport Act 1998, the Land Transport Management Act 2003, and associated rules and regulations. The New Zealand Transport Authority, local authorities and the Ministry of Transport regulate this industry; and
  • telecommunications, gas and dairy are regulated under industry-specific legislation and are subject to the oversight of the Commerce Commission.

Organisations must comply with the new Privacy Act 2020 and the Privacy Regulations 2020 (the "Privacy Act") which came into effect on 1 December 2020. New Zealand organisations must ensure that they comply with the information privacy principles in the Privacy Act 2020, which govern the rights of individuals in relation to their personal information.

The Privacy Act 2020 implements a number of changes relevant to outsourcing services. These include:

  • strengthened protections for cross-border transfers of personal information whereby agencies may only transfer personal information overseas if certain exceptions under the Privacy Act apply (noting that the export of personal information to a third party which merely holds that data as agent on behalf of the first party (eg, for safe custody, such as a cloud service provider) is expressly excluded from the restrictions on cross border transfers if the agent only stores or processes the personal information on the relevant agency's behalf);
  • the introduction of a mandatory breach notification regime for certain notifiable privacy breaches, requiring an organisation to notify the New Zealand Privacy Commissioner and, in most cases, the individual concerned as soon as practicable after becoming aware of the breach or make a public notification regarding the breach;
  • public notifications must be published on an internet website maintained by the organisation and in at least one other medium, with a range of requirements for the content of the notice (including a description of the breach and notification of the right to complain about the breach);
  • specific reference to foreign agencies, expressly bringing them within the scope of the Privacy Act 2020 to the extent that they undertake regulated activities in the course of carrying on business in New Zealand; and
  • clarification that the Privacy Act 2020 will apply to all actions by a New Zealand agency, whether inside or outside of New Zealand.

Additionally, New Zealand organisations that process the personal data of people residing in the European Union (EU) are required to comply with the General Data Protection Regulation (GDPR) in some circumstances, including where those businesses offer goods and/or services to such people residing in the EU.

The maximum fine under the Privacy Act is NZD10,000 for failure to comply with an access order, compliance notice or transfer prohibition notice, and failure to notify a privacy breach where required under the Privacy Act.

In addition, there is a process to escalate privacy complaints to the Human Rights Review Tribunal, which may grant a number of remedies including a declaration that the business has interfered with the privacy of the individual and the award of damages. Typically, damages for a less serious breach will range from NZD5,000 to NZD10,000, more serious cases can range from NZD10,000 to around NZD50,000, and the most serious cases can exceed NZD50,000 (with the maximum award for a privacy matter to date being just over NZD168,000).

Privacy, data protection and security have had an increased focus in outsourcing contracts, particularly following the introduction of the EU's GDPR and the Privacy Act 2020. Where an outsourcing arrangement relates to or involves data, and in particular personal data, the underlying outsourcing contract will likely include provisions regarding the following matters:

  • ensuring that consent has been given to the sharing of that data with the service provider;
  • when data is shared, requiring the service provider to monitor and report security, data and privacy breaches and provide the customer with all information and assistance reasonably required in respect of the same;
  • restrictions on the transfer of information outside of New Zealand;
  • ensuring that individuals will be provided with the requisite rights in relation to their personal data; and
  • demonstrating that they comply with the Privacy Act and, where applicable, the GDPR by appointing a Privacy Officer (or Data Protection Officer), providing training to staff and meeting other general requirements regarding the security of information.

The customer may also seek to require the service provider to comply with the customer's security policies and/or other specified standards. The customer would also typically include audit rights in respect of the security standards and obligations on the service provider to provide the customer with the results of its security testing. The privacy, data protection and associated security obligations may also be supported by an express acknowledgement that the service provider's liability for a breach of the same is uncapped or subject to a separate, higher cap as further discussed in 4.3 Liability.

Outsourcing contract models in New Zealand vary depending on the specific circumstances of the particular outsourcing arrangement, including the types of services being procured and the size of the customer's business.

Direct Contracting

Although there is no one standard approach to outsourcing contracts in New Zealand, direct contracting tends to be the prevailing model and it is increasingly common for customers to aggregate service providers by contracting with a core outsourcing provider direct for a number of different services, often involving third-party managed services or subcontracting arrangements. This allows these customers to take advantage of relative administrative simplicity, cost efficiency and a single point of end-to-end service provider responsibility, whilst still making use of specialist third-party capability. These outsourcing arrangements are typically governed by a master services agreement, with each service falling under a separate service schedule or statement of work.

The master services agreement contains the general legal terms relating to the arrangement as a whole and will typically include provisions relating to the initial term of the engagement, a process for agreeing to additional services, liability caps and exclusions, warranties, indemnities, a dispute resolution process and termination rights, as well as the overarching principles and standards to which the services will be provided to the customer. The specific details of the arrangement are detailed in the service schedules, which will set out the service levels and service credit regime, pricing, customer dependencies, assumptions, customer requirements and other specific service terms. 

Existing Contracts and Drafting Outsourcing Fabrics

It is common for service providers to push to use their existing contractual template as the base for the outsourcing contract. Depending on the type of IT services being procured, the size (and relative bargaining power) of the customer and the value of the transaction it can be more challenging in the New Zealand market to negotiate amendments to such template agreements (or to use the customer's terms as a base for negotiation) than it is in other larger markets where this practice is more widespread.

The drafting of outsourcing contracts in New Zealand has shifted in line with global developments in outsourcing. Parties are increasingly contracting on terms that focus on agility and partnership, rather than more traditional adversarial-style obligations. Further, there is a trend toward customers becoming much more sophisticated purchasers of these types of services, with several larger organisations now at the second or third generation outsourcing stage. Contracts are increasingly focused on service outcomes, rather than prescribing the method of service provision in detail.

Indirect Outsourcing

Indirect outsourcing is fairly common with respect to the procurement of services to perform discrete business functions or processes (for example, Enterprise Resource Planning (ERP), finance, accounting, HR processing or complex lease management). This is typically because the underlying provider of the service or technology is not based in New Zealand and, instead, the New Zealand customer entity would contract with a local supplier entity who subcontracts out to the foreign third-party service provider. In these cases, it is typical for the local entity to provide second level support services and on-site implementation, transition and configuration services to augment the overseas service provider's remote service offering.

Liability arrangements in these circumstances can become complex and, except with respect to very large customers, the underlying services are often contracted for on the underlying foreign service provider's standard terms without significant negotiation.


Multi-sourcing involves the outsourcing of different services and/or different components of services to multiple different service providers. Some organisations may have developed a multi-source outsourcing model without any particular planning, through contracting for different IT services on an ad-hoc basis over time. The key benefit of multi-sourcing is that it allows organisations to contract with the best service provider for each particular service or component of a service.

However, it can result in complex chains of responsibility and accountability and, as a result, can be difficult to administer from the customer's perspective. As such, conscious multi-sourcing can often be a preferred approach whereby the customer's ecosystem of suppliers are subject to common terms which mandate common governance rules, inter-supplier collaboration and a well-designed and managed service integration and management layer (SIAM).

Other Models of Outsourcing

Alternative models of outsourcing arrangements are less common in the New Zealand market but may be selected in response to unique commercial circumstances of the parties. These include joint ventures and captive centres and build to operate transfers.

Joint ventures

Parties may wish to set up a joint venture or partnership, with both entities having voting rights in connection with the provision of the services. This affords the customer with a greater degree of control over the operations of the service provider than simply agreeing to a contract on an arm's length basis. However, this model is typically perceived to be an expensive option and can result in the customer taking on additional obligations that may not be within its expertise.

Captive centres involve the outsourcing of services to a wholly-owned subsidiary of the customer, which provides the relevant IT services. These entities are developed and resourced by the customer and therefore do not involve outsourcing to third-party service providers. A "build-to-operate transfer model" is similar to a captive centre, but the customer contracts with a third party to build a captive centre for the customer.

This centre is later transferred to the customer once it is operational. These options may provide the customer with tax benefits (as opposed to providing the services in-house), but involve significant upfront and ongoing costs.

Captives and shared services centres are relatively uncommon in the New Zealand market and the increasing options in respect of digitisation and as-a-service offerings have meant that the cost-saving benefits traditionally associated with captives and shared service centres are often achieved without the upfront investment costs associated with these models.

In fact, many of the shared services centres that do operate in New Zealand provide in-country services, as opposed to leveraging low-cost centre jurisdictions. Research has also indicated that knowledge-based services are increasingly being provided on the basis of a shared service model, with customers looking toward automated solutions as a way to reduce transactional work and increase value. However, one of the biggest challenges to New Zealand's expansion of shared services centres in this area is the recruitment of talent, with technology talent in New Zealand overall being consistently reported to be in short supply across the industry.

Customer protections in outsourcing contracts differ depending on the nature of the services being provided. However, a few commonly used customer protections are discussed below.


The customer will typically require warranties from the service provider in order to protect the customer in key risk areas. Such warranties commonly relate to the quality of service, expertise and personnel of the Service Provider, obtaining (and maintaining) required consents and licences and intellectual property related warranties. A breach of the warranties by the service provider would typically entitle the customer to bring a damages claim against the service provider for breach of the agreement.

Service Levels and Service Credits

A further protection typically included in IT outsourcing contracts are service levels and service credits. Service levels are agreed performance metrics in respect of the services and/or components of the service. These vary depending on the type of service being provided but commonly include availability, response and resolution times and reporting obligations. Service levels can be used as a measure of the service provider's performance under the contract and customers will usually seek to supplement these with a service credit regime in the event of service level failures.

A service credit is an agreed reduction in price to reflect that the service provider's performance has not met the agreed standards. However, it is worth noting that service credits that amount to a "penalty" are unenforceable in New Zealand, as discussed further in 4.3 Liability. Customers will typically also include reporting and audit rights in relation to the service levels, to ensure that it is able to monitor and verify the service provider's performance against the same (which it may otherwise be unable to do).

Customers may also seek to include milestones in particular statements of work, with the service provider receiving a specific payment if it meets the relevant milestone date for achievement of that milestone. Conversely, failure to meet the relevant date may result in a discount on the price for the relevant service and/or deliverable. This incentivises the service provider to complete work on time and in an efficient manner, and provides the customer with protection against unreasonable delays and additional costs, particularly in relation to the initial transition phase.

Termination and Termination Assistance

The customer will want to ensure that it has sound termination rights in the contract, as further discussed in 4.2 Termination. The customer may also seek to include a termination assistance regime, which requires the service provider to assist the customer to transition the services to a replacement service provider or in-house, in the event that the agreement comes to an end. The outsourcing contract will typically require the parties to agree on an exit plan at the outset of the agreement, with obligations to continually refresh the same throughout the term of the agreement.

Relationship Management and Governance

Practising good contractual management is a further way that a customer may obtain some protection and mitigate its risks in an outsourcing contract. To achieve this, the customer may seek to include specific governance requirements such as regular meetings, the appointment of a dedicated service provider relationship manager, rights in respect of the replacement and removal of key personnel and strong reporting and audit rights. These rights are particularly important in the context of outcomes-based outsourcing arrangements.

The contractual rights should be supported by a capable in-house team and relationship manager who are able to monitor the service provider's performance against contracted standards and enforce contractual protections afforded to the customer where required.


The customer may seek indemnity protection from the service provider in respect of certain key losses, including third-party breach of intellectual property rights and breach of data protection laws. The liability regime in respect of a breach of these indemnities is discussed in 4.3 Liability.

Business Continuity and Disaster Recovery

The customer will also typically seek to receive assurances from the service provider in respect of its business continuity and disaster recovery plans and may include obligations to review, test, update and report to the customer regularly or on request. This is also a mandatory regulatory requirement imposed on New Zealand banks, as discussed in 2.2 Industry-Specific Restrictions.

Step-in Rights

Step-in rights were once commonly requested by customers in outsourcing arrangements for critical services whereby the customer would have a right to step into the shoes of the service provider in the event that the service provider materially fails to perform. However, "soft" step-in rights (for example the right to make recommendations to the service provider and work with the service provider to improve service delivery in the event of significant failures) are far more commonly the agreed position that is reached.

Customary termination rights in outsourcing contracts vary depending on the nature of the services being provided. Where the services involve a significant portion of the customer's business (for example an infrastructure outsourcing contract), the service provider will generally have very limited rights to terminate the contract, often only in the event that the customer has failed to pay an overdue invoice after receiving notice and a chance to remedy that overdue invoice. However, a contract for discrete services or services that are readily replaceable by the customer may provide the service provider with additional termination rights, such as for material breach by the customer.

Right to Terminate

Customers typically seek to include a right to terminate for the service provider's material breach if that remains unremedied for a certain period of time (or that cannot be remedied) and in circumstances where the service provider suffers an insolvency event or a persistent "force majeure" event (noting that following the advent of COVID-19, customer organisations have been increasingly careful to ensure that known pandemics, epidemics and associated government rules and restrictions do not constitute events of force majeure that would provide the service provider with relief from its responsibilities). In addition, the agreement may include a right for the customer to terminate in the event of specific contractual failures that would not meet the standard of a "material" breach, such as serious or repeated service level failures or a failure of the service provider to meet specific milestones in respect of the services or deliverables.

The customer may also wish to include a right to terminate the agreement for convenience, although this may be subject to a minimum term and it is common for the service provider to require the payment of termination compensation in these circumstances (particularly if the service provider will invest significant resources at the beginning of the arrangement on the basis that those costs will be recouped over the full term of the contract).

Additional termination restrictions may also apply in respect of the outsourcing of services by New Zealand banks, which largely operate to limit a service provider's ability to terminate contracts in the event that the bank goes into statutory management.

If no specific termination rights have been agreed in the contract, each party generally has a right to terminate the agreement for a "material breach" of the other party at common law. However, it is commonplace for contracts to include a detailed contractual termination regime.

Liability at Law

The liability provisions are typically heavily negotiated in outsourcing contracts. It is common for the liability of both parties to be subject to a liability cap, with the quantum of that liability cap varying depending on the circumstances. In New Zealand, the Courts will generally enforce such clauses where they are negotiated at arm's length between commercial parties. There is scope, under the Fair Trading Act 1986 (FTA), for challenging their enforceability if one of the parties is a "consumer" or for standard form business-to-business contracts with a value of less than NZD250,000.

Liability in Contract and Loss of Profit, Goodwill and Business

Service providers will usually seek to exclude all "indirect" or "consequential" losses. Whether or not a loss is "direct", "indirect" or "consequential" depends on the context of the contract in which the words were used and, as such, is a question of fact depending on the circumstances of the situation.

The New Zealand Courts adopt an objective approach to this question, with the aim being to ascertain the meaning that the clause would convey "to a reasonable person having all the background knowledge which would reasonably have been available to the parties in the situation in which they were at the time of the contract". In circumstances where the meaning of "consequential and indirect loss" is ambiguous, and the court is unable to discern what the clause is intended to mean from the contract as a whole and the factual matrix, the Courts have been prepared to adopt the contra proferentem rule. This "tie-breaker" rule construes the meaning of these words against the party who drafted the clause in which these words were included.

To create more certainty as to what is recoverable in the event of a loss, the parties will often specify certain key losses as deemed direct (and recoverable) losses. Common examples of specified "deemed direct" losses include (but are not limited to):

  • the reasonable cost of procuring alternative systems;
  • the reasonable cost of implementing workarounds; and
  • the costs incurred in taking steps to remedy the other party's breach.

The parties may also seek to include certain key uncapped heads of loss in the contract, such as breach of confidentiality, breach of the provisions relating to intellectual property rights, wilful default and fraud. In addition, in the event that service providers will have access to personal information of the customer, customers are increasingly seeking uncapped liability for the service provider's breach of its data protection obligations or to agree a separate, higher cap than is included for general breaches of the contract.

Service credits

Customers often seek to include service credits in the event of service level breaches, or other amounts that are payable should the service provider breach relevant terms of the contract (for example, failures to meet specific milestones). Such clauses are known as "liquidated damages" and disproportionate liquidated damages clauses in contracts (ie penalty clauses) are unenforceable in New Zealand.

The test for whether or not a damages clause is a penalty is the same as in the United Kingdom and a provision will be a penalty only if it is a secondary obligation that imposes a detriment out of all proportion to any legitimate interest of the customer in the enforcement of the primary obligation. This is important to keep in mind when drafting liquidated damages clauses and it may be helpful to provide a justification that outlines the interest being protected, and the interest in enforcement, when drafting the relevant clause.

The service provider will typically also have insurance obligations in order to support the liability regime.

Businesses may be protected against unfair commercial practices in New Zealand through the FTA, which prohibits a service provider from misleading or deceiving another person and making unsubstantiated representations in trade. 

It is common for the parties to expressly exclude the terms of the FTA and other implied consumer protections, such as pursuant to the Consumer Guarantees Act 1993 in outsourcing contracts, and to instead document the specific warranties and service commitments applicable to the arrangement in the contract terms expressly. However, it is worth noting that certain provisions cannot be contracted out of in business-to-business transactions, where to do so would not be "fair and reasonable" (noting that the test of fairness explicitly considers the relative bargaining power of the two parties). The unfair contract terms regime in the FTA (which traditionally only applied to consumer contracts) has been extended to also apply to standard form business-to-business contracts with a value of less than NZD250,000. 

Given the nature of outsourcing contracts (being typically high value and heavily negotiated) the New Zealand Courts will be reluctant to imply terms into the contract on the basis that if the parties wanted the term to be part of the bargain they would have set that out in the contract expressly. In particular, unlike the UK and Australian positions, New Zealand Courts have tended to be reluctant to imply a universal doctrine of good faith into commercial contracts. The agreement of warranties, standards and prescribed obligations is, therefore, an important stage in the negotiation of outsourcing contracts. However, the Courts may still imply terms into outsourcing contracts in some cases, such as where it is necessary to make the contract work. The Courts adopt the following test to determine whether a term should be implied in the contract:

  • the term relates to a business custom which is so well known that the parties must be taken to have known of it and intended that it should form part of the contract;
  • the term must be certain and reasonable;
  • there is clear and convincing evidence of the custom (unless the doctrine of judicial notice applies); and
  • it must not be contrary to an express term of the contract or inconsistent with the tenor of the contract as a whole.

There are no rules that apply specifically to employee transfers for outsourcing (as opposed to transfers for other commercial reasons) in New Zealand. Employees are divided into two groups for the purposes of a transfer that arises in the context of a "restructuring" (which includes the outsourcing of work or the sale or transfer of all or part of a business).

Cleaning, Food Catering and Security Employees

Employees who perform cleaning, food catering or security work have the right to elect to transfer to the new service provider with the work on the same terms and conditions of employment, with service with the past provider recognised by the new provider. Leave entitlements transfer with the relevant employee. However, there are no additional restrictions on subsequent redundancies by the new service provider.

All Other Employees

There is no statutory right for any other employees to transfer with the new service provider. As such, the new service provider may, but is not required to, offer such employees employment on whatever terms and conditions it may choose (provided that minimum New Zealand employment law entitlements are met).

If an employer contemplates outsourcing that could lead to redundancies, it must consult with affected employees prior to making a decision. This is the case even if the new service provider would offer employment to all affected employees on the same terms and conditions of employment. Should the obligation to consult be triggered, it is a decision for employees as to whether they involve their union. However, if employees belong to a union, it would be typical for unions to be involved in consultation as the representative of affected employees. There is no independent obligation to consult with a union. 

Unlike other larger jurisdictions, New Zealand does not have workers' councils.

The potential for employee transfers is generally considered as part of the broader commercial terms to be negotiated between the parties in New Zealand. This is the case regardless of whether the employees have the right to transfer (see 5.1 Rules Governing Employee Transfers), in which case the additional potential liability may affect the contract price, or whether employment would need to be offered to, and accepted by, the employees that were to transfer.

There is often a tension between the motivations of the customer and the new service provider in considering the terms and conditions of employment to be offered by the new service provider. While these are ultimately a matter for the new service provider, this is something over which the customer usually has an interest and may wish to make recommendations. The new service provider will typically want to ensure that the terms offered to such transferring employees are consistent with the market and the terms of any other similar employees.

The customer will often want to ensure that the terms are the same as, or close to, the current terms and conditions of employment, as this is the best practical way to minimise employment issues. In addition, if the customer's employees will transfer with the outsourcing and there is a contractual entitlement to redundancy compensation, the customer will usually want to ensure that if possible, the offer of employment by the new service provider is such that this compensation is not triggered. For completeness, there is no statutory entitlement to redundancy compensation or severance in New Zealand.

Asset Transfer

There are not any standard terms that apply to an asset transfer in the context of outsourcing contracts in New Zealand. However, there are positions at law that will need to be considered depending on the type of asset being transferred. Outside of these considerations, the terms of the asset transfer will be a matter for commercial negotiation between the parties.

Depending on the nature of the asset being transferred, the parties may consider some or all of the following factors.


The structure of the asset transfers (including the identity of the applicable group company that will purchase the assets) is often largely driven by taxation considerations.

Due diligence

The parties will typically engage in a due diligence process in order to establish the scope of the assets that will transfer and the features relating to the same. Where the transfer involves personal property, the outsourcing provider will likely search the New Zealand Personal Property Securities Register (PPSR) to identify whether there are any security interests registered over the relevant assets (including debts or obligations).


In New Zealand, transfers of land must be in writing and registered with Land Information New Zealand (LINZ). If the transfer involves the lease of land or premises, the consent of the landlord will typically be required.

Intellectual property rights

The transfer of licences usually requires the consent of the relevant third-party licensor in order to be binding. In addition, the parties will need to advise the New Zealand Intellectual Property Office of the transfer of registered trade marks.


The default position under New Zealand law is that rights under contracts may be assigned to a third party without consent. However, if there are any express assignment restrictions in the terms of the relevant contracts, the parties will need to obtain the consent of the relevant counterparty prior to assigning any rights under these contracts to the outsource service provider. In general, it is only possible to assign the rights, not the obligations, under a contract to a third party without the counterparty's consent. As such, the parties may wish to novate certain contracts to the outsourcing service provider if the intention is for both the rights and obligations to pass to them.

Contractual matters

The terms of an asset transfer contract typically document matters such as the date for transfer of the assets, price, payment, warranties and indemnities.

Overseas Investment Regime

In addition to the above, if assets are being transferred to an outsourcing provider and that provider is an "overseas person", the Overseas Investment Act 2005 (OIA) may, in certain prescribed circumstances, apply. The OIA, along with the Overseas Investment Regulations 2005 (Regulations), establish the framework for overseas investment in New Zealand. Unless exempted by the Regulations, an investment by an "overseas person" in "significant business assets" or "sensitive land" requires an application for consent to be lodged with the Overseas Investment Office (OIO), and the consent of the OIO obtained before the proposed transaction can be completed (noting that the proposed transaction can be conditional upon receipt of OIO consent).

In addition to the standard consent pathways, a "national interest" test may apply in addition to the usual requirements if the target business is considered a "strategically important business" and/or the investor is considered a "non-New Zealand government investor" under the OIA and Regulations.

Finally, even where OIO consent is not otherwise required, a transaction may be mandatorily or voluntarily notifiable to the OIO, and, if not notified, subject to the Minister of Finance's power to "call-in" the transaction for review, under a "national security and public order" (NSPO) call-in regime if the target business is, or includes assets used in, a "strategically important business". Of particular relevance to this chapter is that one of the categories of "strategically important business" for the purposes of the NSPO regime is a business that develops, maintains, holds or has access to data sets of "sensitive information" relating to 30,000 or more individuals.

Overseas Person

An "overseas person" is broadly defined and includes any person who is not a New Zealand citizen, any company incorporated outside of New Zealand and any company, partnership, body corporate or trust where more than 25% of any class of its securities is directly or indirectly owned or controlled by such persons (Overseas Person).

Significant Business Assets

A transfer of assets to an Overseas Person would be considered an investment in "significant business assets" if, as a result of the transaction, the Overseas Person acquires assets in New Zealand and the total consideration provided exceeds NZD100 million or the gross value of the New Zealand assets exceed NZD100 million.

If consent is required for an investment in significant business assets, the OIO must be satisfied that the "investor test" has been met in order to grant approval.

The OIO will grant consent if it is satisfied that the 'relevant overseas persons' and the 'individuals with control' of the investment satisfy certain 'character' and 'capability' criteria, which are aimed at determining whether the relevant entities and persons are suitable to own or control sensitive New Zealand assets.

For the investor test to be met, the OIO must be satisfied that each relevant overseas person and each individual with ownership and control of the Overseas Person:

  • character factors are that the individual:
    1. has not been sentenced to imprisonment for a term of five years or more (at any time);
    2. has not been sentenced to imprisonment for a term of 12 months or more (within the last ten years);
    3. if not an individual, has not been convicted of an offence for which the person has been sentenced to pay a fine;
    4. has not been ordered by a court to pay a civil pecuniary penalty in respect of a contravention of any enactment;
    5. has not had a penalty imposed for a contravention of the OIA or the Regulations;
    6. has not been the subject of any other proceedings commenced against the person for any offence, or contravention of an enactment, that carries a penalty corresponding to those listed above;
    7. has not entered into an enforceable undertaking or an equivalent agreement with any regulator in respect of any contravention or alleged contravention of any enactment;
    8. is not a person not eligible for visa or entry permission under Section 16 of the Immigration Act 2009.
  • capability factors are that the individual:
    1. is not prohibited from being a director, promotor, or manager of a company;
    2. is not subject to a management banning order or prohibited to act as a creditor, lessor, transferee or buy-back promoter;
    3. has not been liable to pay a penalty for tax avoidance or evasion; and
    4. does not have outstanding unpaid tax of NZD5 million or more.

If any of the above factors apply, the investor test may still be met if the OIO is otherwise satisfied that this does not make the investor unsuitable to own or control sensitive New Zealand assets.

Repeat investors whose controlling entities and individuals have all previously met the investor test set out above will be deemed to have met the investor test for a new transaction, unless there has been a material change in relation to the character or capability factors as they apply to the investor and its controlling individuals at the relevant time.

An investor may also obtain a "pre-clearance" of its ownership structure and controlling individuals against the investor test, even if it is not currently contemplating a transaction.

Sensitive Land

If the transfer of assets to an Overseas Person involves freehold "sensitive land" or a leasehold or other interest in sensitive land (including any renewals) that has a term of ten or more years, either directly or through acquiring an ownership or control interest of more than 25% in a person which owns or controls such an interest in sensitive land, OIO consent will also be required to effect that transfer. A broad range of categories of land may be considered sensitive depending on the size and location of the land (including, for example, non-urban land that exceeds five hectares, land adjoining a marine or coastal area that exceeds 0.2 hectares or certain land significant to Māori).

If a "sensitive land" consent is required, in addition to the criteria for significant business assets, the OIO must also be satisfied it meets the "benefit to New Zealand" test in order to grant approval. Under this test, the investor must show that the overseas investment will, or is likely to, benefit New Zealand and, in relation to certain categories of land, the benefit will be "substantial and identifiable". The requirements and operation of the "benefit to New Zealand" test are complex and outside of the scope of this chapter. However, we note that this test is expected to be subject to significant changes on or before 24 May 2022 (which will include the removal of the requirement for an investor to show that a benefit is "substantial and identifiable").

National Interest Test

In addition to the usual consent pathways, the New Zealand government has discretionary power to block transactions that require OIO consent if the Minister considers that the proposed transaction is deemed contrary to New Zealand's national interest. The national interest test mandatorily applies where:

  • the purchaser is considered a "non-New Zealand Government investor" because it is directly or indirectly owned or controlled by one or more foreign government-related, owned or controlled entities (such as sovereign wealth funds, SOEs and public pensions funds) from a single jurisdiction; or
  • the proposed investment involves the acquisition of securities in a "strategically important business" or of assets used in a "strategically important business" (which includes businesses involved in military or dual-use technology, ports or airports, electricity, water, telecommunications, irrigation schemes, or financial market infrastructure).

The operation of the national interest test is complex and outside the scope of this chapter.

National Security and Public Order Regime

Transactions that do not require OIO consent may still be reviewed by the New Zealand Government under the "national security and public order" (NSPO) call-in power.

The NSPO regime allows the Minister of Finance to review for national security and public order risks, any overseas investment transaction entered that results in an overseas person (either alone or together with its associates), acquiring certain interests in a "strategically important business".

Notifications of transactions under the NSPO regime may either be mandatory or discretionary. It is mandatory to notify the OIO of any investment in a business that researches, develops, produces, or maintains military or dual-use technology or is a critical direct supplier to the New Zealand Defence Force or an intelligence and security agency. It is recommended, but not mandatory, to notify the OIO of investments in other types of "strategically important business".

Relevant to this chapter, for the purposes of the NSPO regime only, the term "strategically important business" includes any business that develops, maintains, holds or otherwise has access to:

  • official information that is relevant to the maintenance of national security or public order; or
  • data sets of "sensitive information" relating to 30,000 or more individuals, where "sensitive information" includes certain categories of financial, genetic, health and/or sexual orientation or sexual behaviour information.

If an investor chooses not to notify the OIO of a transaction subject to the NSPO regime, the transaction may nevertheless be "called-in" and reviewed by the OIO and Minister at any subsequent time and unwound if the Minister considers that the transaction poses is a significant risk to New Zealand's national security or public order. As such, it will be up to the investor to weigh the benefit of not notifying a transaction to the OIO with the risk that the transaction may be called in for review and potentially unwound in the future.

The Minister also has the power to impose conditions on any transaction that is subject to the NSPO regime where it's considered necessary to manage national security or public order risks posed by the transaction, which may include conditions as to data security and/or access to, or dealings, with data.

Russell McVeagh

Vero Centre
48 Shortland Street
PO Box 8
Auckland 1140
New Zealand

+64 9 367 8326

+64 9 367 8163

contactus@russellmcveagh.com www.russellmcveagh.com
Author Business Card

Law and Practice


Russell McVeagh is a premier law firm in New Zealand, with offices in both Auckland and Wellington. Russell McVeagh's outsourcing team boasts award-winning lawyers who possess exceptional thought-leadership, depth of experience and the ability to translate complex legal issues into client success stories. The firm's technology and outsourcing practice collaborates with other specialist teams around the firm as necessary to provide clear, pragmatic and innovative advice. The team counts among its clients some of the world's largest technology companies and also acts for all of the major New Zealand banks, as well as many of New Zealand's largest companies, including the majority of New Zealand's largest listed companies. Russell McVeagh has advised on numerous large-scale outsourcing transactions in the past 12 months for both public and private sector clients, including acting for one of New Zealand's largest companies on the outsourcing of its global application support, maintenance and development requirements across more than 30 jurisdictions.

Compare law and practice by selecting locations and topic(s)


Select Topic(s)

loading ...

Please select at least one chapter and one topic to use the compare functionality.