Armenia has developed into a regional hub for IT outsourcing and software development, often referred to as the “Silicon Mountains” of the Caucasus. The IT outsourcing market was projected to reach USD49.44 million by 2025, with the broader IT services sector expected to grow to USD143.37 million. The sector has sustained an average annual growth rate of around 23%, driven by both domestic innovation and increasing demand from international clients.

The country’s strategic location between Europe and Asia, combined with a multilingual and culturally aligned workforce, allows Armenian providers to collaborate effectively across global markets. Developers demonstrate strong expertise in major programming languages and specialise in mobile and web applications, embedded systems and IoT, AI and machine learning, cybersecurity, fintech and healthcare IT.

The government has played a central role in fostering this growth through targeted tax incentives. These include a 0% corporate income tax for qualifying IT start-ups, a reduced 10% personal income tax for employees, a 200% R&D super deduction and a 1% turnover tax regime for smaller firms.

Armenia’s business process outsourcing (BPO) sector is on a steady upward trajectory, with revenues projected to reach USD42.14 million in 2025 and an anticipated compound annual growth rate of 3.54% between 2025 and 2030, reaching USD50.14 million by 2030. BPO activity typically targets non-core processes, allowing businesses to retain control over their essential operations while achieving efficiency in support functions.

The sector is developing in parallel with IT outsourcing, with providers focusing on technical support, customer service, back-office administration and data analytics. At the same time, the market is increasingly shaped by IT-enabled outsourcing, including consulting, application outsourcing and web hosting. Providers are moving beyond transactional support towards higher-value services, such as product development, digital operations and advanced data analytics for international clients.

Armenia’s BPO offerings typically include:

• Software development: web, mobile, enterprise and custom solutions
• IT support services: cloud infrastructure, DevOps, helpdesk
• AI and data analytics solutions: predictive modelling, machine learning platforms
• Cybersecurity services: audits, penetration testing, protocol development
• BPO services: technical support, customer service, back-office administration
• Specialised projects: fintech software, healthcare IT, R&D collaborations

A segmentation of providers has emerged: boutique firms often concentrate on niche services such as customer support, translation, market research and big data, while mid-sized providers specialise in finance and HR outsourcing. Newer entrants are diversifying into marketing, branding and other specialised IT services.

Reflecting international trends, Shared Services Centres and long-term BPO arrangements are being increasingly adopted in Armenia, particularly in finance and accounting functions.

Armenia has rapidly developed into a recognised hub for IT outsourcing and software development, supported by a strong educational base, competitive costs and government-backed incentives. Service providers are increasingly embedding AI, machine learning and robotic process automation into their offerings, moving beyond transactional tasks to deliver higher-value, technology-enabled solutions.

Several key trends define the Armenian IT outsourcing landscape:

• Cloud adoption and SaaS models: Armenian companies are increasingly delivering cloud-based solutions, including software as a service (SaaS) and tailored infrastructure, a trend reinforced by the growth of distributed teams and remote work.
• Artificial intelligence and machine learning: significant investment in education and research has positioned Armenian developers to design advanced AI and machine learning applications.
• Electronic design automation and chip design: Armenia’s established expertise underpins projects in IoT and embedded systems.
• Cybersecurity: providers are expanding into penetration testing, protocol development and managed security services, meeting rising global demand for secure digital operations.
• Mobile applications: Armenian firms have delivered successful products across iOS and Android, strengthening the country’s international reputation in app development.

In Armenia, the most commonly outsourced services are concentrated in the IT and back-office domains. IT outsourcing remains the leading segment, covering software development, application outsourcing, web hosting and IT consulting/implementation. These services are frequently sought by international clients attracted by Armenia’s strong pool of skilled developers and competitive cost base.

Back-office outsourcing is also well established, particularly in finance and accounting functions such as bookkeeping, payroll processing, statutory reporting and tax compliance. Human resources outsourcing, including workforce administration, recruitment support and training management, is gaining traction among both domestic SMEs and local branches of multinational corporations.

Customer service outsourcing, often delivered through call centres or multilingual support hubs, is another growth area. Finally, niche areas such as translation, market research, digital marketing and big data analytics are emerging as specialised outsourcing offerings.

Armenia does not have cross-sector legislation specifically regulating outsourcing. Instead, restrictions arise under sectoral laws in regulated industries (see 2.2 Industry-Specific Restrictions). Outsourcing arrangements in the public sector may also be prescribed by law, particularly where state functions or services are delegated. The principal legal considerations relate to data protection and information security requirements (see 2.3 Restrictions on Data Processing or Data Security).

In Armenia, outsourcing and technology transactions are subject to sector-specific regulation, particularly in the banking, insurance and healthcare sectors.

In the banking sector, outsourcing of both core and ancillary operations is permitted, provided that where the outsourced activity requires a licence, the contractor itself holds the relevant authorisation. Outsourcing such activities is subject to prior approval from the Central Bank of Armenia (CBA), which may refuse approval if outsourcing threatens financial stability, clients’ interests or effective supervision. Even after approval, banks remain fully liable towards clients, third parties and the CBA for the outsourced operations.

The insurance sector is likewise tightly regulated. Insurers may delegate certain functions – including claims handling, actuarial work and asset management – only with the CBA’s prior authorisation. The outsourcing contract must include mandatory provisions, such as confidentiality safeguards, explicit audit and supervision rights for the insurer and the CBA, and liability rules for improper performance. Both the insurer and its contractors fall under the CBA’s supervisory authority, and the CBA may require amendment or termination of outsourcing contracts that pose regulatory or consumer risks.

In the healthcare sector, the management of the national electronic healthcare system, which involves sensitive personal health data, is centralised. Technical maintenance and operation are entrusted exclusively to a single operator selected by public tender, under government-defined criteria. This ensures state oversight and protection of medical confidentiality in technology-related outsourcing.

The Law on the Protection of Personal Data defines personal data broadly as any information relating to an identified or identifiable natural person. It distinguishes between ordinary data, special category data (such as information on race, ethnicity, political views, religious or philosophical beliefs, trade union membership, health or sexual life), biometric personal data and publicly available data.

Armenian legislation on data protection provides for four general principles relating to the general processing of personal data: lawfulness, proportionality, reliability, and minimum engagement of data subjects in the process.

As a general rule, the processing of personal data requires the data subject’s consent, except for the cases directly provided by Armenian legislation.

Data controllers are obliged to ensure security of processing, including the use of encryption keys and the prevention of unauthorised access. Although the law foresees further detailed requirements to be adopted by government decision, such secondary legislation has not yet been enacted, leaving a degree of uncertainty in practice. In the event of a security breach such as the leakage of personal data from an electronic system, the controller is obliged to immediately publish a statement about it while also informing the Police of the Republic of Armenia and the Personal Data Protection Agency. Another security breach envisaged by the Law on the Protection of Personal Data is the detection of illegal actions with personal data. In such a case, the controller is obliged to eliminate the committed violations not later than within three working days. In case of impossibility to eliminate the violations, the controller is obliged to immediately destroy the personal data and inform the data subject or their representative about eliminating violations or destroying personal data within three working days, and to also inform the Agency if the request was received from it.

Cross-border transfers of personal data are permitted with the consent of the data subject or if the transfer of data results from the purposes of personal data processing and/or is necessary for the fulfilment of those purposes. The authorisation of the Agency to transfer personal data to another country may not be needed if a sufficient level of protection of personal data is ensured in the receiving country. A sufficient level of personal data protection is considered to be provided if personal data is transferred in accordance with international agreements or personal data is transferred to any country included in the list officially published by the Agency. Personal data may be transferred to the territory of a state that does not provide a sufficient level of protection only with the permission of the Agency, if the personal data is transferred on the basis of a contract and the contract provides guarantees of personal data protection that have been approved by the Agency as providing sufficient protection. In such cases, the controller is obliged to apply in writing to the Agency and receive permission to transfer.

Sector-specific rules apply in areas such as banking, insurance, medical services, telecommunications and anti-money laundering. Telecom operators, for example, are required to maintain the confidentiality of communications, with disclosure permitted only upon written consent or by court order in cases provided by law.

Recent Developments

As for developments in the last year, there is currently a legislative project that includes a proposed Law on Cybersecurity. This law aims to create a cyber-safe environment for the information systems and critical information infrastructures used to provide vital services in the Republic of Armenia. The proposed law aims to regulate relations relating to the detection of cyber incidents and their notification, prevention and resolution, monitoring, control, and cybersecurity audit of compliance with the requirements of this law, as well as defining the scope of the persons who are obliged to ensure the cybersecurity of information systems, infrastructures and the critical information they use, as well as their continuous, uninterrupted and safe use. In addition, the Armenian government’s action plan for the years 2021 to 2026 establishes as a goal the improvement of the level of personal data protection in the Republic of Armenia, particularly with the help of aligning newly adopted as well as current legal acts concerning personal data protection.

There is no industry-specific model agreement for outsourcing or technology transactions in Armenia. In practice, outsourcing relationships are governed by the general provisions of the Civil Code, in particular the rules on paid service provision contracts and contractor agreements.

These provisions allow the parties to freely define the terms of their outsourcing arrangements, including the scope of services, performance standards, timelines, methods of remuneration and allocation of risks. Agreements are typically negotiated on a case-by-case basis and supplemented by clauses or annexes dealing with confidentiality, data protection, liability, warranties, subcontracting and dispute resolution.

As a result, outsourcing contracts in Armenia follow a customised, negotiated approach, rather than a standardised contractual model.

In Armenia, as in many jurisdictions, the bilateral outsourcing (paid service provision) contract remains the default model for most commercial outsourcing arrangements. Alternative structures are less common but available where strategic, regulatory or economic considerations make them suitable. In practice, these can include service contracts with subsidiaries (in-house outsourcing), joint ventures/partnerships, multi-sourcing (splitting services between several suppliers), build-operate-transfer arrangements, managed services/long-term outsourcing and public-private partnerships for public services.

Digital transformation has had a gradual but noticeable effect on outsourcing transactions in Armenia, particularly in the IT and telecommunications sectors, where cloud computing, SaaS and IaaS models are increasingly adopted by both private companies and public institutions. Most digital service providers use their own standardised contracts tailored to the specific services they offer, which companies must accept to use those services. This shift to digitalisation requires that these model contracts address the following key issues:

• Data protection and confidentiality: heightened emphasis on data processing, confidentiality and information security.
• Technical appendices and service levels: digital outsourcing agreements more frequently incorporate detailed schedules on service availability, reversibility, interoperability and data portability.
• Liability clauses: strengthened provisions addressing data breaches, cybersecurity incidents and non-compliance with evolving sectoral standards, especially in finance, telecommunications and payment services.
• Regulatory influences: outsourcing in regulated industries, notably banking and financial services, is increasingly shaped by CBA requirements on internal risk management and IT security.

As mentioned in 3.1 Standard Contract Models, technology transactions and outsourcing arrangements in Armenia are generally governed by the Civil Code, primarily under the rules on contracts for paid provision of services and contractor agreements. There is no dedicated legislative framework for IT or outsourcing agreements; therefore, such contracts are treated as ordinary civil contracts, supplemented by sector-specific laws (for example, on data protection).

Armenian customer protection legislation applies to natural persons. However, in this context (and in the context of this section 4. Contract Terms), “customer” or “client” refers to a legal entity receiving services under a civil contract, which is therefore outside the scope of customer protection regulation.

A contract for paid provision of services requires the provider to render services to the customer in exchange for payment, and must be concluded in written form. Failure to observe the written form requirement does not invalidate the contract, but limits the parties’ ability to rely on witness testimony in case a dispute arises; however, they may still present written or other evidence.

Besides general contractual liability provisions, additional customer protections and remedies are as follows:

• The provider must perform the services personally, unless otherwise agreed.
• If performance becomes impossible due to circumstances for which neither party is responsible, the customer is required only to reimburse the provider’s actual expenses, unless the law or contract provides otherwise.
• The customer may terminate the service contract at any time, subject to reimbursement of the provider’s actual expenses.
• Conversely, the provider may withdraw from the contract, but must fully compensate the customer for any losses incurred as a result of such withdrawal.
• As for sector-specific protections, operators of electronic commerce platforms are obliged to display mandatory information about vendors and retain this information throughout the vendors’ presence on the platform and for at least one year thereafter (unless a longer period is required by law or contract).

Contractor agreements apply where one party (the contractor) undertakes to perform defined work and deliver a tangible or intangible result, while the other party (the customer) undertakes to accept the result and pay for it. The form requirements mirror those for paid service provision contracts.

Statutory protections for customers are wider in this case and include the following:

• In contracts for the manufacture of goods, ownership of the work passes to the customer.
• Work must be performed using the contractor’s own resources (labour, materials, equipment), unless otherwise agreed.
• The contractor is liable for the quality of materials and equipment it supplies.
• The contractor is responsible for meeting both interim and final deadlines.
• The customer may at any time inspect the work in progress and its quality, without interfering in the contractor’s activities.
• If the contractor fails to commence or performs so slowly that timely completion is clearly impossible, the customer may terminate the contract and claim damages.
• If it becomes evident during performance that the result will be defective, the customer may set a reasonable period to correct the defects; if such defects are not corrected, the customer may terminate the contract, remedy defects at the contractor’s expense and/or claim damages.
• The customer may terminate the contract at any time before acceptance, subject to payment for completed work and compensation of losses caused by termination.
• The result must comply with contractual requirements or, in their absence, with ordinary quality standards.
• Work may be subject to a statutory or contractual warranty period during which defects must not arise.
• In case of defects, the customer may demand correction, price reduction or reimbursement of repair costs, or terminate the contract with damages.
• The contractor bears the risk of accidental loss until formal acceptance by the customer.
• Claims may be raised within the warranty period or, if no such period is agreed, within two years.
• If, in the course of performance, a party obtains access to new technical solutions, know-how or trade secrets, it may not disclose them to third parties without the other party’s consent.

It is worth noting that in practice, outsourcing and technology contracts in Armenia often combine features of both paid provision of service and contractor agreements.

In the case of paid service provision contracts, the law allows the customer to terminate the contract unilaterally at any time. When doing so, the customer is obligated to compensate the service provider only for the actual costs incurred in performing the services up to the point of termination. This mechanism ensures that the service provider is not financially disadvantaged for work already performed, while giving the customer flexibility to stop the contract if necessary. Conversely, the service provider also has the right to terminate the contract if the customer’s actions or failures make proper performance impossible, but in such cases, the provider must fully compensate the customer for any resulting damages.

In the case of contractor agreements, the customer may terminate the contract if it becomes clear during performance that the work is not being properly executed. In such circumstances, the customer must first provide the contractor with a reasonable period to correct the defects. If the contractor fails to remedy such defects within this period, the customer may terminate the contract and, if necessary, hire another party to complete or correct the work, with the contractor bearing any resulting costs. Additionally, the customer has the right to terminate the contract at any time before the work is delivered by paying the contractor for the work already performed, while also compensating for any losses caused to the contractor due to early termination. Similarly, the contractor has the right to suspend or refuse performance if the customer fails to fulfil its obligations – such as failing to provide materials, equipment or required instructions – or if such failures make timely or proper completion impossible. Upon termination, the contractor is required to return any materials, equipment or property provided by the customer, or compensate the customer for their value if return is impossible. Furthermore, if the contract ends before the customer formally accepts the work, the customer has the right to receive the unfinished results of the work, with reimbursement of costs already incurred by the contractor.

Under Armenian law, the injured party is entitled to full compensation for all damages caused by the breach, unless a lower measure of compensation is expressly provided by law or contract. This includes both actual loss – such as damage to or loss of property, or expenses incurred to restore rights – and lost profit, which covers income that would have been earned under normal conditions had the breach not occurred. Non-material losses, such as harm to dignity or reputation, are recoverable only in cases explicitly provided by law.

Armenian law does not explicitly use the “direct” or “indirect” (consequential) loss terminology. In practice, however, actual loss is treated similarly to what other jurisdictions call direct loss, while lost profit can encompass what might be considered indirect or consequential loss elsewhere. Courts generally allow recovery for losses if they are causally linked to the breach and reasonably foreseeable.

As already mentioned, lost profit is expressly recoverable if causally connected to the breach.

Goodwill, business reputation, and honour are protected under Article 1087.1, which provides remedies for injury caused by insult or defamation, including public apologies, publication of court decisions, or monetary compensation. Compensation for harm to business reputation is treated as non-material damage and is recoverable if proven through judicial process.

Certain losses cannot be limited or excluded under Armenian law:

• Non-material damages arising from violations of fundamental rights, including the right to life and liberty, the prohibition of torture, the right to a fair trial, and property rights, as regulated in Article 1087.2: These damages are assessed according to principles of reasonableness, equity and proportionality, and compensation is payable from the state or local budget, depending on the responsible authority.
• Intentional or grossly negligent acts: Liability cannot be excluded for deliberate misconduct or gross negligence.
• Harm to honour, dignity or business reputation: Compensation for insult or defamation under Article 1087.1 cannot be contractually limited. Remedies may include monetary compensation (ranging up to several thousand times the minimum wage, depending on severity), public apology or publication of court rulings, with the right to additionally recover related property or economic losses.

Armenian law does not explicitly recognise “implied terms” in the same way as common law jurisdictions. However, the Civil Code establishes that obligations must be performed properly, in accordance with the contract terms, the law and other legal acts. Where specific contractual terms or legal requirements are absent, performance must comply with customary business practices or generally accepted standards.

As mentioned in 2.3 Restrictions on Data Processing or Data Security, currently Armenia does not have a dedicated national law on cybersecurity. However, the country is a party to the Budapest Convention on Cybercrime. Cybersecurity crimes are defined under the Criminal Code of Armenia.

In Armenia, the most common contractual clauses that allow a customer to manage and measure a supplier’s performance in technology and outsourcing agreements are typically derived from the general rules governing contractor agreements under the Civil Code. These include obligations on the contractor to perform work in accordance with the contract and applicable quality standards, with liability for any defects or delays in delivery. For instance, contractor agreements usually set out clear timelines for the completion of work, including interim milestones where appropriate, and provide the customer with the right to inspect the work at any stage without interfering in the contractor’s methods. Payment provisions are linked to proper performance and acceptance of work, with mechanisms for advance payments, adjustments for additional work, or withholding in case of non-performance. Contractors are required to notify the customer of any obstacles, defective materials, or circumstances that could affect the timely or proper completion of the work, and the customer is entitled to direct remedial actions, including correction of defects or termination of the contract if necessary. Subcontracting is permitted, but the contractor remains fully liable for performance. Additional clauses often cover the proper use and safekeeping of customer-provided materials and equipment, confidentiality of technical and commercial information, and warranties over the quality of the delivered work. Together, these provisions provide a framework for the customer to monitor, assess and enforce supplier performance in a structured and legally enforceable manner.

Generally, the contractual terms governing cloud-based technology or outsourcing do not differ substantially from traditional arrangements, and the principles under the Civil Code still apply. However, in the context of cloud services, particular attention is typically given to:

• the safety of the transfer and the location of the data centre;
• the reversibility provisions; and
• security provisions.

Under Armenian law, there is no specific regulation on employee transfers in the context of outsourcing. Instead, the matter is governed by the general provisions of the Labour Code, which defines an employee’s essential employment conditions. These include the workplace, salary and the method of its determination, benefits, working hours and rest regime, job classification and titles, job functions, and the type of employment contract. Such conditions may only be changed by the employer in cases of changes in workload, or in economic, technological or organisational circumstances. Any such change requires prior notice to the employee, and if the previous essential conditions cannot be maintained and the employee does not give written consent to continue under the new conditions, the employment contract must be terminated in accordance with the procedures of the Labour Code.

Employee transfers may also arise in cases of legal succession. In the event of a corporate reorganisation (such as merger, consolidation, separation or restructuring), all rights and obligations, including those under employment contracts, automatically transfer to the successor entity. This means that when outsourcing is structured as a transfer of a business unit that qualifies as a reorganisation, employees can be automatically transferred to the new employer without termination of their contracts. However, if such transfer results in changes to any essential working conditions, compliance with the above-mentioned procedure remains mandatory.

In practice, the most common approaches are either to offer employees new employment contracts with the outsourcing provider or to retain them with the original employer, while the outsourced services are delivered externally under contractual arrangements between the outsourcing company and the client company.

Under the Labour Code, employees have the right to freely establish trade unions to protect and represent their interests. Where no trade union exists, employees may elect representatives or delegate representation to a sectoral or territorial union. In practice, such employee representations are not commonly established. If they do exist, the employer must respect the representatives’ rights, refrain from interfering with their activities, and consult them before making decisions affecting employees’ legal status. While Armenian law provides that, in certain cases, employer consent may be required, no such cases are currently defined, meaning that consultation remains advisory rather than mandatory.

In Armenia, there has been a growing trend towards onshoring in outsourcing transactions. Armenian companies increasingly prefer to retain or relocate services within the country rather than rely on offshore providers. This shift is driven by several factors:

• heightened awareness of data protection and cybersecurity risks, particularly where client or employee personal data is processed;
• the introduction of government incentives for local IT and tech service providers, which makes onshore solutions more cost-effective;
• competitive pricing of domestic providers, coupled with the steady development of Armenia’s IT and business services sector; and
• operational efficiencies gained from cultural alignment, absence of time zone barriers, and easier regulatory compliance.

The Labour Code expressly defines remote working as the performance of an employee’s duties without being physically present at the workplace. Remote working is permissible only with the mutual consent of the employer and the employee, provided the nature of the work allows it. The arrangement must be documented in writing.

The conditions of remote work – including the provision of equipment, reimbursement of related expenses, and procedures for performance monitoring – are determined by collective agreements, internal policies or mutual written agreement. During remote work, the employee must remain accessible to the employer and properly fulfil their duties; failure to do so is treated as a disciplinary breach.

Importantly, the health and safety obligations of the employer are significantly reduced in the remote working context, with the exception of the duty to provide necessary personal protective equipment. Employees working remotely, whether from Armenia or abroad, retain all rights and guarantees provided under Armenian labour law.