Drafting IT contracts in a COVID-19 environment

No doubt, your first thought will be to look at the force majeure clause and see whether it already refers to pandemics (or similar).

Force majeure clauses are clearly an important contractual provision in the current climate and will likely receive more attention in negotiations over the coming months.

We have written a detailed note looking at the issues you should be thinking about in force majeure clauses.

However, force majeure clauses, by their very nature, are generic. They are intended to apply a "broad brush" regime of relief from liability in respect of a very wide range of potential events. Accordingly, it is important to consider the potential impact of COVID-19 elsewhere in your contract.

It is also worth remembering that most force majeure clauses assume that only one party will be affected by the relevant force majeure event. By contrast, COVID-19 is almost certainly affecting both parties to at least some extent. This, again, is a good reason to look outside of the force majeure clause in the current circumstances.

We have already seen a number of governments introduce new laws (and guidance) in an attempt to confine the spread of COVID-19, and it is likely that legislative developments will continue over the coming months.

However, many simple IT templates do not include a specific change in law clause (or, where a clause is included, it will often simply transfer the increased risk and cost of changes in law onto the supplier).

Now may be a good time to think about including a more balanced and consensual approach to changes in law:

• while customers will still expect their suppliers to spread the increased costs from changes in law equally across their entire customer base, it may make sense to allow for some of the financial pain to be shared by the parties;
  
  
• the change control procedure is likely to be a useful way to assess the impact of a change in law on the contract. However, extra provisions may need to be included for the parties to undertake a more detailed analysis of how increased costs should be allocated between them;
  
  
• there may be situations where a party is unable to comply with both the change in law and its existing obligations under the contract. Where this occurs, the change in law process should allow for escalation to senior stakeholders to resolve.
  It will also be useful to look at how "applicable law" (or whatever equivalent term is used in the template) is defined. For example, is this limited to legislation or does it also cover guidance from central government or local authorities?

It is likely that your template will include business continuity obligations on the supplier, but these are often treated as boilerplate provisions and not discussed in any detail in negotiations.
Many companies will have activated their business continuity & disaster recovery (BCDR) plans in response to the current crisis. However, many others will have plans that simply did not account for such a dramatic and swift change in circumstances.

Accordingly, when negotiating new contracts, it will be worthwhile to spend time properly exploring how each party's BCDR arrangements will work and, in particular, how they will interact with each other.

One area to focus on may be to stress test the assumptions on which the BCDR plans are designed (e.g. if supplier's BCDR plan assumes that up to x% of its workforce may be unavailable, how will the services be provided if y% of its workforce end up being unavailable?).

For obvious reasons, many IT contracts don't include specific procedures to deal with non-performance by the supplier until it gets serious (whether that is "material breach" allowing termination or some form of "Critical Service Failure" triggering remediation obligations).
Given the difficulties of performing contracts at the moment, it may be worth thinking about a regime to deal with more day-to-day performance issues. It will be important to ensure that this is not overly adversarial so that the parties approach it in a transparent and co-operative manner. Some elements of this regime could include:

• regular governance reviews of performance issues (see below);
  
  
• greater visibility of ongoing remedial activities;
  
  
• possibly, agreeing a project charter to set out how the parties will interact and work together (e.g. a "fix first, argue later" principle);
  
  
• greater emphasis on co-operation between the customer and supplier.

Traditional governance regimes tend to be quite rigid (i.e. a series of fixed quarterly or monthly meetings between defined steering committees with specific terms of reference). It is likely that the parties will want to supplement their standard governance schedule with a more flexible regime to address the current environment. This could include:

• a specific governance forum who will meet (virtually) on a regular basis to review performance issues across the full landscape of the contract, with the ability for frequency to be ramped up or down as needed;
  
  
• in addition, a "rapid response" governance team who can meet (virtually) at short notice to discuss urgent matters;
  
  
• a clear "org chart" of deputies (and deputies of deputies) to address the risk of the governance participants being unavailable (whether due to illness or the need to care for others);
  
  
• agreeing how the governance team will meet, including fall-back technology options.

It is also worth considering whether reporting arrangements should be tweaked, such as:

• providing for greater "early warning" style reports of potential roadblocks and problems, possibly with a risk rating;
  
  
• potentially reducing the supplier's obligations to ensure that all reports are fully complete and accurate. This may be difficult to ensure at the moment and it may make sense to encourage suppliers to be open about potential risks even if detailed information is not fully available.

Many IT contracts will include milestone-based obligations, such as the implementation of an IT system or delivery of physical hardware. Traditional remedies for delay include liquidated damages and termination.

Bird & Bird has long had the view that these remedies are blunt tools to deal with complex contracts with many moving parts. The COVID-19 crisis underlines the need for more practical remedies that are focussed on getting the project back on track and not just on establishing a legal claim against the other party.

We would suggest:

• having an early warning system where the supplier is encouraged to flag any potential risks that a milestone may not be achieved in advance (see above);
  
  
• in cases of extreme uncertainty, having a "milestone window" rather than a fixed date to give the supplier more flexibility;
  
  
• if there is a material risk of a milestone being missed, consider more practical remedies like:
  
  - enhanced reporting to understand the root of the problem;
  - escalation to senior stakeholders on each side to agree an appropriate response;
  - a remedial plan (to be agreed jointly by the parties and which may include obligations on both parties).

Some of the key issues to consider here include:

• does your IT project assume or require co-located working? This may be particularly relevant in software development projects, especially agile developments (where co-location is often a cornerstone of the project). With many of us working remotely, co-location will not be possible and technology workarounds will need to be implemented – there are various blogs and articles currently being published on this topic;
  
  
• most IT contracts will include "Key Personnel" provisions, requiring specific personnel to be used to provide the services. We are likely to see certain individuals becoming unavailable, whether due to illness or the need to care for others. As such, you should ensure that the Key Personnel clause includes an efficient mechanism for deputies to be on-boarded. From a customer perspective, you will obviously want to ensure that any deputy is properly trained and skilled to take over the relevant responsibilities, but you want to streamline any cumbersome arrangements about interviewing the deputies etc.

Most IT contracts will address whether the supplier needs to seek the customer's consent to sub-contract (and will generally expressly state that the supplier is responsible for any acts or omissions of its sub-contractors).

However, the majority of IT contracts do not go further than this (on the basis that it is the supplier's responsibility to manage its supply chain).

In the current environment, it may make sense (for both parties) for there to be greater transparency about the supplier's sub-contractors and their performance, including:

• ensuring that some of the specific measures included in the head contract to address COVID-19 issues (such as early warning reporting) are flowed down to sub-contractors;
  
  
• requiring the supplier to conduct more pro-active management of their supply chain (e.g. regular reviews and reporting on performance issues or delays);
  
  
• having key sub-contractors participate in some of your governance processes;
  
  
• potentially, imposing specific co-operation obligations between the customer, the supplier and individual sub-contractors.

There may be cost increases for suppliers due to ongoing factory closures and/or higher demand for delivery and logistics services.

Under normal circumstances, the supplier often has to bear the risk of such cost increases.

In the current climate, it may be useful to at least have a discussion with the commercial stakeholders to understand whether there is an appetite for some form of pain-sharing here, at least on a temporary basis while supply chains are subjected to increased and unpredictable surges in demand.

Similarly, it may be worthwhile to review policies on payment terms. For example, if your standard payment terms are 60 days (or longer), you may want to consider whether a temporary exception could be made, at least for small suppliers.