Managing IP risks in outsourcing deals

By Dr Sushil Kumar, Clairvolex Knowledge Processes

Outsourcing as a competitive strategy undoubtedly delivers benefits for the client in terms of cost, time and operational flexibility. However, potential outsourcing clients are also exercising caution owing to the prevalence of risks – especially in certain service provider destinations – in relation to data security, intellectual property (IP) protection, regulatory compliance and dispute resolution. These factors affect business decisions and intelligence regarding outsourcing work.

Dr Sushil Kumar Vice-president Clairvolex Knowledge Processes
Dr Sushil Kumar
Clairvolex Knowledge Processes

The security of IP that will be transferred as part of an outsourced project remains one of the key factors governing any decision to send work offshore. The risks and challenges associated with ownership and protection of IP are significantly amplified in an outsourcing transaction, in which the client’s IP is necessarily shared with the outsourcing provider (which may also create new IP on behalf of the client). While the increased risks involved in transferring and protecting existing and new IP necessitate a robust and vigilant risk assessment and management plan on the side of the outsourcing client, they also present the outsourcing service provider with critical issues that must be carefully addressed and determined. The skill and thoroughness with which this is done may make the difference between clinching and losing a deal.

It is important for the outsourcing service provider to devise well-structured strategies to contain and mitigate IP risks for their clients. A key strategy is to have well-designed IP management policy standards and procedures in place. Such internal standards should specify the channels (in terms of personnel and procedures) through which sensitive information such as a client’s IP can be received and handled by the provider; impose non-disclosure obligations on professionals working for the service provider; and establish detailed guidelines for how any IP created by the provider for the client during the work contract is to be protected. Further, effective compliance with these standards needs to be demonstrated during the negotiation of an outsourcing deal, and then regularly throughout its implementation.

In an outsourcing arrangement, the IP that is transferred from the client to the provider typically relates to business processes, proprietary designs, illustrations, product specifications, technology, chemical compositions and any other information essential for performance of the outsourced functions. In a captive centre outsourcing model, the client retains greater control over the existing IP (and of IP that may be developed during the course of operations) than under a third-party outsourcing model. Under a joint-venture outsourcing model, a middle approach is adopted, with control of IP retained by multiple owners (which means that more complicated operational arrangements may be needed). Control over IP rights is a major factor affecting decisions about the most appropriate outsourcing model for a particular project. Where particularly sensitive information is involved – such as critical client IP, or a component that may influence the launch of the product in the market – the outsourcing client normally prefers the captive model.

The sharing and creation of IP across multiple jurisdictions can be done in various ways, depending on circumstances. The transfer of IP from the client’s home country to the offshore service provider is effected by a “licence to use” that is valid only during the term of the outsourcing relationship and terminates upon completion of the operation. When the IP is created as part of the outsourced operation, its transfer is typically affected by an irrevocable assignment.

In the absence of a global IP law governing cross-country transfer of IP, protection is maintained through clauses in the service-level agreements that are negotiated between outsourcing clients and providers. One size certainly does not fit all when it comes to the design and strictures of IP protection clauses in service-level agreements; it depends on the kind of work outsourced. The terms usually include stipulations regarding the transfer of IP, contractual IP protections and related enforcement rights and mechanisms, and take into account the risks of owning, developing and protecting customer IP.

IP protection clauses in service-level agreements typically cover the following components: a) Specific allocation of relative ownership and access rights to the IP during the performance of outsourced operations and after their termination; b) applicable non-disclosure and non-competition obligations of the service provider and its employees; c) measures to be adopted by the service provider to minimize risks to the client’s IP; d) rights and remedies available to the outsourcing client in the event of any infringement, misuse, misconduct or unauthorised disclosure by the service provider; and e) the governing law that will apply to the transaction, including dispute resolution – normally, these are the laws of the outsourcing client’s country.

Outsourcing clients generally conduct due diligence regarding IP protection levels by examining the local laws and practices of the jurisdiction to which they are considering sending their work. The goal is to minimize potential vulnerabilities associated with the particular transaction, and to avoid losing control of valuable IP.

Dr Sushil Kumar is the vice-president at Clairvolex Knowledge Processes, a Delhi-based legal outsourcing firm.

clairvolex_logo3rd Floor NDIIT Building,105 MOR Pocket

Kalkaji Extension

New Delhi – 110 019, India

Tel: +91 11 4707 4707

Fax: +91 11 4707 4708