The new Technology & Outsourcing 2023 guide covers 15 jurisdictions. The guide provides the latest legal information on IT outsourcing; business process outsourcing; legal and regulatory restrictions on outsourcing; industry-specific restrictions; legal or regulatory restrictions on data processing or data security; contract models; contract terms, including customer protections and liability; HR issues; and asset transfer terms.
Last Updated: October 26, 2023
An Introduction to Technology and Outsourcing
The rate of change in the technology and outsourcing industry continues to increase after a period of relative stability. New and disruptive technologies have come and gone (or gone somewhat dormant) within the past 12 months, while others have demonstrated more staying power. The global outsourcing industry continues to remain strong in light of these new and somewhat disruptive technologies, and outsourcing providers have incorporated many of these technologies into their service offerings. This ability to constantly evolve along with the broader technology market demonstrates the flexibility and resilience of the outsourcing industry as a whole.
The cryptocurrency market has essentially tanked from a valuation perspective; however, many continue to hold (or, in cryptocurrency parlance, “HODL”) their positions in the hope of a triumphant return. To make matters worse, several cryptocurrency exchanges have been hauled in front of the SEC, while others (eg, Australia’s Blockchain Group) are in the process of being liquidated. Several other recent high-profile events have further called the future of cryptocurrencies into question ‒ including the recent collapse of FTX, a USD1 billion laundering scheme perpetrated by North Korea’s Lazarus Group ‒ and any number of scams and hacks involve the digital currency.
Notwithstanding all of these challenges, the cryptocurrency market has survived. Valuations have dropped dramatically since 2021, with Bitcoin dropping from a high of nearly USD70,000 per bitcoin to a current price of nearly USD25,000 per bitcoin ‒ although a per bitcoin price of USD25,000 is also nothing to scoff at. Certain analysts expect the overall market cap to grow by nearly 13% in 2023‒24. If the cryptocurrency market is able to survive and thrive, expect a resurgence of blockchain and cryptocurrency software application developers, advisers and managed service providers.
Non-fungible tokens (NFTs) are essentially digital certificates of asset ownership and are primarily represented by digital images that were bought and sold as if they were more tangible assets. At the height of the NFT craze, a single NFT sold for more than USD20 million at Sotheby’s. Fast-forward to 2023 and it is nearly impossible to unload NFTs and certainly not at anywhere near their original price. Consumers soon realised that NFTs were easily copied and carried no real value independent of their original sales price. As 2023 comes to a close, few analysts expect a resurgence of this market, so any future impact on the IT or outsourcing market is unlikely.
The metaverse promised to become a new digital world hosted somewhere in the ether, which analysts predicted would ultimately comprise a market worth several billions of dollars. Service providers immediately formed metaverse working groups and marketed managed services for customers’ needs in the metaverse. Meanwhile, metaverse consulting groups began advertising their services and social media management services evolved to encompass management of one’s social media presence in the metaverse.
Aside from a handful of applications, the metaverse simply never took off and very few customers engaged service providers for these purposes. Today, the metaverse is somewhat of a ghost town where ‒ fittingly ‒ sellers often hope to unload NFTs through online art museums. With that being said, there are still bears in the metaverse market that believe more widespread adoption of the technology is likely as the technology and end users view of the technology matures.
Artificial intelligence (AI), on the other hand, seems to have finally taken hold in the IT services industry. ChatGPT, GitHub, Bard and other generative AI solutions are end user-friendly and widely available, which seems to have led to greater adoption of AI technologies in the broader market. Moving from a mere buzzword tossed around by service providers who had not yet integrated the technology into their solutions to potentially a driver of new solutions geared toward increased efficiency, it seems as if AI in the IT services space is here to stay. Time will tell whether these AI-integrated solutions are “real”, in terms of tangible benefits to customers, but the pitches seem to have substance behind them (something that was lacking 12 months ago).
Implementation and adoption of these new technologies require practitioners to remain current on familiar concepts of the law (eg, IP, data protection and privacy, and employment law) yet also be prepared to apply these concepts in a very new way. Unfortunately, some level of patience is also required by practitioners ‒ given that many of these issues are currently subject to litigation, including litigation that could prohibit (or materially limit) the use of these technologies as currently contemplated.
Robotic process automation
Although robotic process automation (RPA) is not necessarily new (various forms have existed in the manufacturing and warehousing space for years), its use in an outsourcing or managed services relationship is relatively new. Service providers are successfully integrating RPA tools and solutions into their broader offerings in an effort to maximise technical efficiencies and minimise internal costs. Customers are benefiting as well, as they are no longer focused solely on cost savings but ‒ rather ‒ on delivery of value (ie, worth over dollars).
Stability of cloud and as-a-service solutions
Unlike many of these more disruptive technologies, cloud and as-a-service solutions have been widely adopted. Customers across the globe have purchased some mix of these solutions with varying levels of complexity and, for the most part, have managed to appropriately navigate the data privacy, cybersecurity, export and tax issues initially presented by these technologies without borders.
Agreements governing these products have also seemingly stabilised. The largest providers (ie, the original providers of the actual cloud infrastructure behind most cloud and as-a-service offerings) continue to command the most deference to their terms and conditions, while mid-to-small providers often view their agreements as far more negotiable. Key sticking points have not changed throughout the years, as companies and providers alike continue to focus on limits of liability, indemnification, termination, compliance audits, data security and privacy, and permitted uses.
Outsourcing and new technologies
While service providers continue to offer all of the more traditional outsourcing services (eg, data centre, application development and maintenance, call centres, support desk), these offerings are increasingly complemented by certain of the newer technologies described earlier. Service provider solutions in the outsourcing space, in particular, more often include some combination of AI and RPA. In many instances, the two go hand-in-hand, as traditional AI and automation depend in large part upon repetition in order to increase efficiency. Additionally, providers are introducing generative AI products and solutions that are specific to the service being offered and/or the customer receiving the service.
As a result, many outsourcing providers who were traditionally more focused on towers or full-time equivalents are now on the frontline introducing their customers to newer technologies. This shift is also evident in the introduction by providers of “bundled offerings”. Bundled offerings are generally comprised of products or services offered by independent third-party providers through a customer’s outsourcing provider. These are not traditional subcontractor arrangements. Rather, the bundled offering includes two providers who ‒ in theory ‒ remain independent of one another, with the customer’s outsourcing provider serving more in the role of a managed services provider. Practitioners need to be wary of these models, as any number of providers have not resolved certain privity of contract and liability issues associated with this approach.
The above-mentioned approaches may represent an attempt by outsourcing providers to claw back against a very clear trend in the industry during the past several years, which is the breaking up of “mega” outsourcing contracts into several one-off agreements for individual services and products. Alternatively, outsourcing providers may be co-mingling managed services and outsourced services to a greater extent and simply hoping to become a one-stop shop for their customers.
Regardless of the reason, the introduction of new products, new services and third parties demands that practitioners pay closer attention to the governing agreements. While many of the legal topics have not changed throughout the years, the approach to these topics certainly has and often calls for multiple approaches to address the same topic ‒ each dependent upon the technology provided.