A“changed world order”; “Like it or not, outsourcing is here to stay”; “2010 revenues of US$50 billion” – all are statements now being made about the Indian outsourcing industry. Among the range of activities that are now outsourced to India – payroll administration, call centres, medical transcription – software development is the nation’s most renowned area of expertise.
Global corporations often outsource all or part of the software development processes needed for their regular project activity. On the basis of specifications provided by the client, service providers develop the software and provide it to the client who, in turn, licenses or sells the entire package to its own clients.
The three most common outsourcing models involve sending work to either a dedicated (or “captive”) service provider; a local Indian partner (in this model, the entity doing the work is a joint venture between the client and the service provider); or a third party vendor.
A range of issues need to be addressed when negotiating an outsourcing contract. It is important to protect those interests of the client which, if neglected, may lead to serious consequences; skilful crafting is required to make contractual provisions enforceable.
An area of particular concern is the protection of intellectual property rights (IPR). In a typical outsourcing contract relating to R&D, engineering or software development, each employee and any subcontractor assigns all the IPR rights in new inventions to the client. Contention may arise with respect to ownership of products developed and created by the service provider; assignment of invention in such products eventually depends upon the negotiations among the parties.
Any outsourcing arrangement that involves sharing or developing proprietary software is vulnerable to dispute and even outright theft. In view of this, at the outset the agreement must specifically:
a) Establish ownership of any IP in existence at the time of execution of the outsourcing agreement;
b) Establish ownership of any IP developed or improved during the course of the outsourcing relationship;
c) Precisely define what constitutes a modification (including such items as who makes the modification, when, why, and by what process);
d) Determine if change control procedures apply during modifications;
e) Restrict the vendor from disclosing any proprietary software or other information to third parties;
f) Define IP loss;
g) Include affirmative representations and a warranty by the vendor to adhere to Indian IP laws (not only to the extent of the protections afforded under Indian domestic law, but as broadly as applicable law will allow);
h) Define prohibited activities under the non disclosure agreements (NDAs);
i) Provide strong penalties for breach of the IP provisions (representations and warranties must provide for real-life protection);
j) Negotiate for either money in an escrow or a bank guarantee to be invoked for breach of the IP provisions;
k) Clearly define ownership of service deliverables;
l) Place an expatriate technology officer on the board of the service provider (the presence of a client representative can highlight and prevent potential problems); and,
m) Conduct periodic audits to evaluate conformity with the IP protection standards.
Normally, the client requires the provider to indemnify it in the event of a breach of a third party’s IPR. While a provider will typically seek to limit the extent and amount of its IPR exposure, the client can attempt to negotiate an unlimited indemnity right for copyright and trade secrets.
One often-overlooked matter when drafting outsourcing agreements is subcontracting rights. It is not unusual for the service provider to subcontract one or more functions without notifying the client, who may learn of this only when trouble arises. Therefore, the agreement should include a section defining subcontracting rights.
It is important to ensure that the vendor can only subcontract with the written consent of the outsourcer – essentially, the subcontracting process and the agreement should be transparent. The vendor should remain contractually liable for the subcontracted functions, and the subcontractor’s level of service, systems, and control must be on par with that of the vendor. Finally, the subcontractor must be subject to the terms and conditions of the IP provisions of the outsourcing agreement.
Data protection is a crucial issue in relation to IPR in India. With recent changes to the IT Act, Section 43A now provides for data protection, including compensation for failure to protect data, making service providers liable for damages if they fail to implement and maintain “reasonable security practices and procedures”. While this term is not further defined, the explanation to section 43A shows that the parties involved are at liberty to identify the best security practices and to agree mutually acceptable terms.
There is no doubt that a distinctive legal regime addressing and promoting IP protection will create confidence among investors and foreign companies, and mute critics of outsourcing.