The Legal View: Does Outsourcing’s Silver Lining Have A Cloud?
A lot has been written in recent times about the impact of cloud computing upon outsourcing; in a commercial and business sense, discussion has focussed on how the shift of operations into the cloud can break the dependence upon heavily bespoked legacy systems, and potentially enable further step changes in cost and flexibility beyond what has been achieved to date by use of (in large part) the labour arbitrage advantage of shifting operations offshore. In the legal arena, however, the majority of the public writing has so far concentrated on issues associated with data protection and privacy, and the challenges associated with not necessarily knowing exactly where (and/or by whom) personal data may be being processed “in the cloud”. Such concerns are undoubtedly valid (particularly at a time when the proposed new Data Protection Regulation may be about to ratchet up the sanctions applicable to data protection breaches), but they are only one small part of the impact which the advent of the cloud may have upon outsourcing agreements.
Consider for one moment a common scenario for any mid-to-larger outsourcing engagement; the customer will ordinarily have a record of historic service level achievement (or will be able to develop one!), and will have an expectation that service levels will be at least maintained if not improved, and with associated service credit sanctions (at least) in the event that this is not the case, often set at amounts capped at 10% or more of associated monthly revenues. Particularly bad or persistent poor performance as against such service levels will often be expressly linked to termination triggers, and then leave the supplier further exposed to damages claims, which are in turn usually expressed as multiples of annual charges (100% plus).
So far, so familiar. But consider then the reasons why an outsource provider would be willing to agree to such arrangements. It will be taking on the infrastructure associated with the provision of the services and to the service levels being discussed, or will have in place its own infrastructure which it will be confident it will be able to support them with. It will equally be receiving a commensurate level of fees with the risk which it is willing to take on (in terms of balancing out the quantum of the fees and the amount of whatever limit of liability is agreed in the contract).
Now let us analyse the new developments in the market, whereby outsourcing engagements are frequently incorporating “hybrid” elements of both onshore and offshore services and also elements of the customer’s legacy systems and operations which are being moved into the cloud, or which will be dependent upon support from a cloud-based infrastructure (eg in terms of storage, or as a platform for migrated applications). This is increasingly common as suppliers compete to find more cost effective and flexible ways of meeting their clients’ objectives, with the risk that a supplier who does not consider incorporating an element of cloud services as part of the “backbone” of their service offering may find themselves uncompetitive on price when compared to one who does.
However, not many of the “traditional” outsource suppliers have significantly developed cloud-based offerings of their own, at least as things currently stand. The reality, therefore, is that they will find themselves having to rely upon third parties who do have the cloud-based capabilities to subcontract to. At first blush this may not be seen as being particularly unusual, as many an outsource service provider will have subcontracted elements of their services, whether related to parts of the WAN/LAN services associated with an infra deal, or perhaps deskside support for services which are largely (but not entirely) taken offshore. The key difference, however, is that the trend to date for contracts associated with cloud services is for them to be particularly aggressive in terms of the limitation of remedies and liabilities for the cloud services providers. It would, for example, be entirely common to find B2B cloud services contracts where – in effect – if something were to go catastrophically wrong with the provision of the services in question, the “sole and exclusive” liability of the cloud services provider would be to try to fix the issue and – if they found it uncommercial to do so – to themselves be able to terminate the relevant contract and to then hand back any amount of as yet un-used pre-payments to the customer.
This leaves the primary outsource supplier in something of a quandary. On the one hand, customer demands and market pressures will necessitate the use of such cloud solutions. On the other, they face being denied the ability to flow down contract risk and liability to the extent that they may have been used to doing with pre-cloud subcontractors, leaving them potentially exposed as the “piggy in the middle” in the event of major issues which can be traced back to issues with the cloud-based infrastructure or services.
So where next for the outsourcing contracting market, given this new dynamic? In the short term it seems that many of the service providers are simply swallowing the additional contract risk, but this may be as much due to a lack of detailed analysis as opposed to conscious analysis. We have certainly seen examples now of service providers seeking to distinguish between causes of action which are due to their own, independent defaults as opposed to those of (disclosed) cloud-based subcontractors, and to limit customer remedies in the case of the latter to whatever can be obtained from the subcontractor, justified then on the basis that if the customer wants the flexibility and cost benefit associated with cloud services, it should then also accept the contractual consequences in terms of a reduction in the scope and/or quantum of contractual remedies, but this is unlikely to be attractive to a customer, particularly one with a degree of bargaining power in a competitive procurement process!
I suspect that instead, we will gradually see more pressure exerted on the “pure” cloud providers to moderate their own approach to contract terms and limitations and to accept more contract risk themselves, combined with an increased focus by the service provider community on building out their own cloud services offerings. In the meantime, however, there may be a risk of stormy showers for some service providers from the cloud offerings they incorporate into their delivery models….
This article originally appeared in Outsource magazine Issue #35 Spring 2014.
About the Author
Kit Burden is a Partner at leading law firm DLA Piper. His main areas of practice include complex technology and sourcing/outsourcing transactions, systems integration, ERP and CRM implementations, and joint venture operations.