Drafting IT contracts in a COVID-19 environment

Written By

ian edwards Module
Ian Edwards

Partner
UK

I'm a partner in our Tech Transactions team in London where I work closely with our clients to implement digital transformation projects.

So, you are sat at your home desk (or kitchen table or ironing board!) and you need to draft a contract for a new IT project. You have your company's standard template, but what do you need to do differently given the unprecedented action from governments around the world to combat COVID-19? Here are some brief thoughts.

Topic What should I think about?
Force Majeure clause

No doubt, your first thought will be to look at the force majeure clause and see whether it already refers to pandemics (or similar).

Force majeure clauses are clearly an important contractual provision in the current climate and will likely receive more attention in negotiations over the coming months.

We have written a detailed note looking at the issues you should be thinking about in force majeure clauses.

However, force majeure clauses, by their very nature, are generic. They are intended to apply a "broad brush" regime of relief from liability in respect of a very wide range of potential events. Accordingly, it is important to consider the potential impact of COVID-19 elsewhere in your contract.

It is also worth remembering that most force majeure clauses assume that only one party will be affected by the relevant force majeure event. By contrast, COVID-19 is almost certainly affecting both parties to at least some extent. This, again, is a good reason to look outside of the force majeure clause in the current circumstances.

Changes in law

We have already seen a number of governments introduce new laws (and guidance) in an attempt to confine the spread of COVID-19, and it is likely that legislative developments will continue over the coming months.

However, many simple IT templates do not include a specific change in law clause (or, where a clause is included, it will often simply transfer the increased risk and cost of changes in law onto the supplier).

Now may be a good time to think about including a more balanced and consensual approach to changes in law:

  • while customers will still expect their suppliers to spread the increased costs from changes in law equally across their entire customer base, it may make sense to allow for some of the financial pain to be shared by the parties;

  • the change control procedure is likely to be a useful way to assess the impact of a change in law on the contract. However, extra provisions may need to be included for the parties to undertake a more detailed analysis of how increased costs should be allocated between them;

  • there may be situations where a party is unable to comply with both the change in law and its existing obligations under the contract. Where this occurs, the change in law process should allow for escalation to senior stakeholders to resolve.
    It will also be useful to look at how "applicable law" (or whatever equivalent term is used in the template) is defined. For example, is this limited to legislation or does it also cover guidance from central government or local authorities?
Business continuity

It is likely that your template will include business continuity obligations on the supplier, but these are often treated as boilerplate provisions and not discussed in any detail in negotiations.
Many companies will have activated their business continuity & disaster recovery (BCDR) plans in response to the current crisis. However, many others will have plans that simply did not account for such a dramatic and swift change in circumstances.

Accordingly, when negotiating new contracts, it will be worthwhile to spend time properly exploring how each party's BCDR arrangements will work and, in particular, how they will interact with each other.

One area to focus on may be to stress test the assumptions on which the BCDR plans are designed (e.g. if supplier's BCDR plan assumes that up to x% of its workforce may be unavailable, how will the services be provided if y% of its workforce end up being unavailable?).

Dealing with non-performance generally

For obvious reasons, many IT contracts don't include specific procedures to deal with non-performance by the supplier until it gets serious (whether that is "material breach" allowing termination or some form of "Critical Service Failure" triggering remediation obligations).
Given the difficulties of performing contracts at the moment, it may be worth thinking about a regime to deal with more day-to-day performance issues. It will be important to ensure that this is not overly adversarial so that the parties approach it in a transparent and co-operative manner. Some elements of this regime could include:

  • regular governance reviews of performance issues (see below);

  • greater visibility of ongoing remedial activities;

  • possibly, agreeing a project charter to set out how the parties will interact and work together (e.g. a "fix first, argue later" principle);

  • greater emphasis on co-operation between the customer and supplier.
Governance & reporting

Traditional governance regimes tend to be quite rigid (i.e. a series of fixed quarterly or monthly meetings between defined steering committees with specific terms of reference). It is likely that the parties will want to supplement their standard governance schedule with a more flexible regime to address the current environment. This could include:

  • a specific governance forum who will meet (virtually) on a regular basis to review performance issues across the full landscape of the contract, with the ability for frequency to be ramped up or down as needed;

  • in addition, a "rapid response" governance team who can meet (virtually) at short notice to discuss urgent matters;

  • a clear "org chart" of deputies (and deputies of deputies) to address the risk of the governance participants being unavailable (whether due to illness or the need to care for others);

  • agreeing how the governance team will meet, including fall-back technology options.

It is also worth considering whether reporting arrangements should be tweaked, such as:

  • providing for greater "early warning" style reports of potential roadblocks and problems, possibly with a risk rating;

  • potentially reducing the supplier's obligations to ensure that all reports are fully complete and accurate. This may be difficult to ensure at the moment and it may make sense to encourage suppliers to be open about potential risks even if detailed information is not fully available.
Milestones

Many IT contracts will include milestone-based obligations, such as the implementation of an IT system or delivery of physical hardware. Traditional remedies for delay include liquidated damages and termination.

Bird & Bird has long had the view that these remedies are blunt tools to deal with complex contracts with many moving parts. The COVID-19 crisis underlines the need for more practical remedies that are focussed on getting the project back on track and not just on establishing a legal claim against the other party.

We would suggest:

  • having an early warning system where the supplier is encouraged to flag any potential risks that a milestone may not be achieved in advance (see above);

  • in cases of extreme uncertainty, having a "milestone window" rather than a fixed date to give the supplier more flexibility;

  • if there is a material risk of a milestone being missed, consider more practical remedies like:

    - enhanced reporting to understand the root of the problem;
    - escalation to senior stakeholders on each side to agree an appropriate response;
    - a remedial plan (to be agreed jointly by the parties and which may include obligations on both parties).
Personnel

Some of the key issues to consider here include:

  • does your IT project assume or require co-located working? This may be particularly relevant in software development projects, especially agile developments (where co-location is often a cornerstone of the project). With many of us working remotely, co-location will not be possible and technology workarounds will need to be implemented – there are various blogs and articles currently being published on this topic;

  • most IT contracts will include "Key Personnel" provisions, requiring specific personnel to be used to provide the services. We are likely to see certain individuals becoming unavailable, whether due to illness or the need to care for others. As such, you should ensure that the Key Personnel clause includes an efficient mechanism for deputies to be on-boarded. From a customer perspective, you will obviously want to ensure that any deputy is properly trained and skilled to take over the relevant responsibilities, but you want to streamline any cumbersome arrangements about interviewing the deputies etc.
Sub-contractors

Most IT contracts will address whether the supplier needs to seek the customer's consent to sub-contract (and will generally expressly state that the supplier is responsible for any acts or omissions of its sub-contractors).

However, the majority of IT contracts do not go further than this (on the basis that it is the supplier's responsibility to manage its supply chain).

In the current environment, it may make sense (for both parties) for there to be greater transparency about the supplier's sub-contractors and their performance, including:

  • ensuring that some of the specific measures included in the head contract to address COVID-19 issues (such as early warning reporting) are flowed down to sub-contractors;

  • requiring the supplier to conduct more pro-active management of their supply chain (e.g. regular reviews and reporting on performance issues or delays);

  • having key sub-contractors participate in some of your governance processes;

  • potentially, imposing specific co-operation obligations between the customer, the supplier and individual sub-contractors.
Security Many IT templates will include security requirements or a security policy. These will likely have been drafted to work in the pre-COVID-19 world. As such, there may be restrictions on accessing data from home, including the use of portable storage devices, that may need to be reviewed to strike the right balance between ensuring ongoing data security and reflecting current working practices.
Pricing & invoicing

There may be cost increases for suppliers due to ongoing factory closures and/or higher demand for delivery and logistics services.

Under normal circumstances, the supplier often has to bear the risk of such cost increases.

In the current climate, it may be useful to at least have a discussion with the commercial stakeholders to understand whether there is an appetite for some form of pain-sharing here, at least on a temporary basis while supply chains are subjected to increased and unpredictable surges in demand.

Similarly, it may be worthwhile to review policies on payment terms. For example, if your standard payment terms are 60 days (or longer), you may want to consider whether a temporary exception could be made, at least for small suppliers.

Audit rights You should consider how audit rights will be exercised during any period of remote working and social distancing. Can audit data be provided electronically by the supplier instead?
All things must pass …

Although we may have to live with the implications of COVID-19 for some time, the current crisis will end at some point. As such, you should consider which of the above modifications should cease to apply (and at what point).

It may be difficult to set an objective end date at the moment (not least because the return to "normal life" may be phased and we may see the reinstatement of lockdowns and social distancing regimes in future months or years). As such, it may make sense to call out those modifications which are specific to COVID-19 and have a governance regime for them to be periodically assessed by the parties.

Equally, even when COVID-19 does retreat, we may see that some current working practices stick around in the longer term (e.g. a greater trend towards remote working). As such, again, this would mean that it would be prudent to regularly review the modifications made to your contract for continued relevance.

Latest insights

More Insights
flower

NEWSFLASH - The UK’s New Consultation on AI and Copyright: Purr-suing Balance?

Dec 19 2024

Read More
laptop phone

EU/UK sanctions regarding Russia and Belarus (16-12-2024)

Dec 19 2024

Read More
Curiosity line teal background

Australia’s first standalone cyber security law – the Cyber Security Act 2024

Dec 18 2024

Read More