Legal considerations when outsourcing to India
Over the last 20 years India has created a place for itself as a global technology services hub and is now one of the preferred outsourcing locations. Initially, the draw was a source of cheap but educated labour; however, India has now grown to prove itself as a true hi-tech knowledge hub. A major part of this success story for the Indian economy is the booming technology outsourcing industry which – while many would associate this with Business Processing Outsourcing – has recently grown to include Financial & Accounting, Information Technology, Medical Transcription, Education & Training Services which increasingly form part of the outsourcing market. The different outsourced services all have unique issues and privacy concerns that must be managed with reference to business culture and corporate policy as well as the legal and regulatory frameworks in both the originating and the processor country.
However, there are certain core legal issues that form the basis of – the very backbone for – all the outsourcing agreements or the Master Services Agreements, as most of them are known.
At the outset, the most important question to be determined in drafting and negotiating a Master Services Agreement would be the lex contractus, i.e the governing law or the proper law of the contract. It is well established that the parties to the contract can choose the governing law of the contract, provided that the intention of the parties is express, bona fide and not against public policy. However, due to the fact that a major proportion of the services are to be rendered in India, consideration for services will be received in India and the Indian party may sign the contract in India, the applicability of Indian laws cannot be excluded by contract. In other words, even if the Indian party agrees to the governing law being a foreign law, it is possible that in case of any dispute, the Indian party could approach a court in India to seek appropriate relief and the court could also entertain the dispute on the basis of factors set out above.
US, UK and European countries constitute the largest bloc of clients for the Indian outsourcing industry due to the favoured factors of political stability, infrastructure and reasonably priced skilled labour. Nevertheless, many client companies are wary of the Indian judicial system and its functioning; this means that an arbitration clause is often establsihed in each Master Services Agreement, with the seat of arbitration and rules governing arbitration proceedings outside of India and the governing law agreed between the parties. Further, in case of any international commercial arbitration, the parties have the option to expressly exclude or include the applicability of the provisions of Part I of the Arbitration & Conciliation Act 1996 (India) which deals with interim measures and relief.
In terms of enforcement of arbitral awards, the Indian Code of Civil Procedure 1908 states that only decrees passed by the superior courts of those reciprocal countries can be directly executed through a competent court in India by filing an execution petition. Further, Indian law mandates that for a foreign arbitral award to be directly enforceable in India, the award must meet the following conditions: the award must have attained finality in the country it has been passed; it must conform to and must not conflict with Indian law or public policy; both the parties and the arbitration venue should belong to a New York or Geneva Convention signatory country.
Where the Indian Arbitration Act (which is based on the UNCITRAL model) is agreed to be the governing law, the parties would have the right to seek an injunction before a competent court, unless the intervention of courts is barred by contract.
Data Protection and Privacy Laws
Incidents of data theft in Indian outsourcing units have come to light and have raised many questions on India’s data protection laws and their ability to protect and secure personal and sensitive data. US companies, one of the largest outsourcing clients for India, are required to comply with industry specific federal laws in the US as well as state laws that regulate the cross-border transfer of personal and sensitive information. Further, US companies also have to comply with the European Data Protection Directive (95/46/EC) for the protection of data of their European clients. The Directive states that data transfer outside the European Economic Area is illegal unless the recipient country has an “adequate level of protection” for data processing.
At first India lagged behind on privacy and data protection laws (although most of the these safeguards were put in place through contractual covenants). However, with the fear of losing out to rising competition from countries such as China, Philippines and Brazil, the Indian goverment enacted the Information Technology Act, 2000. Initially this seemed to lack enforcement teeth, so to improve its credibility the government quickly passed the Information Technology Rules 2011 which defined what would constitute “Sensitive Personal Data or Information”, laid down various obligations on the data collector and data processor, and defined reasonable security practice and procedures in India.
Thus, what really needs to be kept in mind while drafting and negotiating the Master Services Agreement is the impact of the laws of the country where the data originates as well as the laws of the country where the data is being processed. Further, specific contractual safeguards such as third-party audits and adopting the international standard IS/ISOIEC2700 on information technology, security techniques, information security management system requirements etc. all need to be taken into consideration (although the degree of protection will vary considerably from company to company).
Another critical aspect is the need to ensure that the service provider enters into a watertight agreement with its employees or consultants, for the safety of the data provided by the foreign company.
While entering into outsourcing agreements attention must be paid to the fact that the service provider complies with all the necessary laws and that the overseas outsourcing company may not be threatened by any kind of claim by employees of the Indian company.
Licensing, Copyright in Database and Infringement Issues
The issue of intellectual property rights is also critical to an effective outsourcing agreement. The key basis is creating, developing and processing data for the client; thus it is essential that the data, product, programme, software (if provided by the client), designs and compilations so created which constitute the IP rights are protected and assigned back to the client. In Indian law, the supplier will hold the copyright interest in the software developed by it but Indian law also provides for the assignment of the copyright interest by the service provider in favour of the client, by entering into an separate assignment agreement.
Further, the client may want to transfer certain technology for the execution of the outsourcing project. Again in Indian law licensing of technology is permitted through the so called “automatic route” as long as the royalty and license fee payment provisions are in compliance with the RBI guidelines.
The scope of the Agreement, along with the obligations, liabilities, indemnities, termination and its consequences should be clearly spelled out to ensure a successful working relationship between the parties.
These are the core legal issues which would need to be deliberated upon by an overseas company while entering into an outsourcing agreement with an Indian company.
About the Author
Manishi Pathak is a Senior Partner in the Corporate Practice of Kochhar & Co. He also heads the firm’s regulatory practice. Kochhar & Co are a member of Ius Laboris, the world’s largest human resources law firm alliance.