Outsourcing: India overview
A Q&A guide to outsourcing in India.
This Q&A guide gives a high level overview of legal and regulatory requirements on different types of outsourcing; commonly used legal structures; procurement processes; formalities required for transferring or leasing assets; data protection issues; customer remedies and protections; contracting parties' remedies; dispute resolution; and the tax issues arising on an outsourcing.
To compare answers across multiple jurisdictions, visit the Outsourcing Country Q&A tool.
This Q&A is part of the multi-jurisdictional guide to outsourcing. For a full list of jurisdictional Q&As, visit www.practicallaw.com/outsourcing-mjg.
For the rules relating to transferring employees, visit Transferring employees on an outsourcing in India: overview.
Regulation and requirements
India is a globally recognised outsourcing jurisdiction with laws that support the practice, being both:
One of the 23 founding contracting parties to the General Agreement on Tariffs and Trade (GATT) in 1947.
A member of the World Trade Organization (WTO) since 1995.
While there is no one outsourcing law, the industry itself is not unregulated. National laws that have an impact on the outsourcing industry include:
Company law. The Indian Companies Act 2013 includes mandatory board and shareholder meetings, shareholder approval in respect of certain matters, restrictions on loans and investments, and so on.
Income Tax Act 1961. Any income earned by a company from its business operations is taxable under the Income Tax Act. A foreign company must pay income tax if its operations create a taxable presence in India.
Information Technology Act 2000. This legislation deals with online transactions, data protection and cyber crimes.
Intellectual property rights (IP rights) law. India has a strong Agreement on Trade-Related Aspects of Intellectual Property Rights 1994 (TRIPS) compliant IP rights protection regime, which must be considered when outsourcing in India.
Exchange control and foreign direct investment (FDI) policy. Where foreign investment is involved in setting up outsourcing operations, the provisions of the FDI policy must be considered. The regulator is the Reserve Bank of India (RBI), and FDI policy is fairly liberal for investment in outsourcing operations. The Indian rupee is fully convertible for current account transactions, though controls remain on capital account transactions.
Labour law. India has an extensive employment law regime. The Industrial Disputes Act 1947 is particularly relevant to outsourcing, as it provides "security" of employment to employees and outlines due process, which must be followed on termination of employment. Other statutes concern flexible working hours, overtime payments, holidays, leave and the employment of women at night.
Indian Contract Act 1872. Any contract outlining private law between the parties to an outsourcing transaction is governed by the provisions of the Indian Contract Act 1872.
Department of Telecommunications (DoT). Provides policy, guidelines, licensing and co-ordination of matters relating to telegraphs, telephones, wireless, data, facsimile and telematic services and other similar forms of communications. DoT guidelines are particularly relevant for call centre outsourcing.
The Reserve Bank of India (RBI) issued guidance in its circular dated 22 April 2009 (Guidelines on Managing Risks and Code of Conduct in Outsourcing of Financial Services) for banks outsourcing financial services. Although Indian banks do not require prior approval from the RBI, necessary safeguards to address risks inherent in outsourcing are detailed in these guidelines. Outsourcing arrangements must neither diminish a bank's ability to fulfil its obligations to customers and the RBI, nor impede the effective supervision of the RBI. Banks remain responsible for the actions of their supplier, and for ensuring the confidentiality of customer information. Banks are advised not to engage in outsourcing that would weaken their internal control, business conduct or reputation. The RBI has also issued instructions concerning outsourced services relating to credit cards.
A bank that has entered into, or is planning, material outsourcing, or intends to vary any such outsourcing arrangements, must notify the RBI of these arrangements. Banks in India are not allowed to outsource core management functions, for example, corporate planning, organisation, management and control and decision-making functions, such as determining compliance with know-your-customer norms for opening deposit accounts, according sanctions for loans and the management of investment portfolios.
Outsourcing arrangements involving the transfer of financial information should ensure compliance with Indian data privacy laws, which prescribe specific requirements for Sensitive Personal Data or Information including financial information.
There are no specific laws or regulations in respect of business process outsourcings (BPOs). However, a BPO unit may need to be registered with the Department of Telecommunications (DoT) as an Other Service Provider (OSP) before commencing operations, particularly if it is engaging in services relating to tele-banking, tele-medicine or tele-trading e-commerce.
Where a unit is acting as an internet service provider (ISP), then the exposure and liability of the unit may need to be verified under the Information Technology Act 2000 (IT Act) before operations commence. Section 70 of the IT Act, read with the Information Technology (Intermediaries Guidelines) Rules 2011, provides that an ISP is exempt from liability for any third-party data or information if the ISP can prove either that:
The offence or contravention was committed without its knowledge.
It had exercised all due diligence to prevent the commission of the offence or contravention.
Companies providing telecommunications outsourcing services must be registered with the DoT as an OSP. This includes call centre operators, tele-marketers, tele-banking operators, network operation centres, and so on. There are some restrictions on foreign investment in the telecommunications sector.
Public procurement guidelines apply to the procurement of outsourced services from the private sector. Government policies dealing with public procurement include the:
General Financial Rules 1963.
Delegation of Financial Powers Rules 1978 (both issued by the Ministry of Finance).
Directorate General of Supplies and Disposals (DGSD) Manual on Procurement, and the Central Vigilance Commission (CVC) Guidelines, which prescribe the procurement procedure to be followed by all federal ministries.
In August 2006 the Federal Government issued three manuals governing the procurement of goods, works and services. These manuals are used as guidelines for government ministries and departments, and public sector undertakings.
The outsourcing of insurance services is regulated by the Guidelines on Outsourcing of Activities by Insurance Companies, dated 1 February 2011, passed under Section 14(2) of the Insurance Regulatory and Development Authority Act 1999 (IRDA Act). The general principle underlying these Guidelines is that the insurer should at all times ensure that outsourcing arrangements do not diminish its ability to fulfil its obligations to policyholders or impede effective supervision by the Insurance Regulatory and Development Authority (IRDA). The guidelines define insurers' core and non-core activities, classify activities that can be outsourced, and circumstances under which outsourcing is permitted.
Activities supporting core activities (such as underwriting, premium collection and data storage) of the insurance company can be outsourced subject to due reporting (Regulation 4, read with Annexure I of the Guidelines), such as:
Data collection of prospect/insured details.
Submission of proposals.
Printing of receipt.
Data entry of details.
All outsourcing activities under these Guidelines must be carried out in accordance with the relevant Risk Management Principles. There are specific restrictions and reporting requirements for outsourcing to a third party which is, or becomes an affiliate, or a group entity, as defined under IRDA (Investment) Regulations 2000. Regulation 8 provides that if a third party supplier becomes a group entity, the insurer must report this to the IRDA within 30 days.
Where the third party supplier is either a group entity, or has a common director with the insurer, the insurer must ensure that the transfer pricing is done according to sound principles, and/or that all such transactions are disclosed to the IRDA as soon as the agreement is completed and before payment is made to the third party supplier.
Data protection and privacy
See Question 10.
The National Association of Software and Service Companies (NASSCOM), an industry association, plays a critical role in ensuring India's prominence in global outsourcing. In addition to playing a significant leadership and lobbying role, NASSCOM also provides industry certifications, organises conferences and collates industry reports.
The Business Software Alliance (BSA) is also a key player in the Indian market. The BSA has had some success in obtaining Anton Piller orders (that is, a court order that provides for the preservation of the subject matter of a claim or the preservation of documents and articles relating to the claim through enabling a search of premises) from Indian courts and conducting raids on distributors of pirated software.
The following questions concerning types of risk should be considered:
Is there a strategic risk, in that the supplier conducts business in a manner inconsistent with the overall strategic goals of the customer? Will proprietary software or intellectual property (IP) rights be shared? Is there potential for an ownership, transfer or user dispute concerning IP rights?
Is there a contractual risk in terms of enforcement of the contract?
Is there a concentration and systemic risk, due to the customer's lack of control over the supplier?
Is there a compliance risk concerning data privacy, consumer confidentiality and related matters?
Is there an operational risk from technological failure, fraud, error, or the supplier's financial incapacity to fulfil its obligations and/or provide remedies as agreed under the outsourcing contract?
Does the customer have an exit strategy? Is it focused only on one supplier in India? Will it be difficult to shift the work to another supplier in India, overseas or back in-house to the customer?
Is there a reputation risk? Does the service quality of the supplier meet the overall standards of the customer?
Due diligence of the supplier
It is important to thoroughly evaluate the Indian supplier's facilities, credentials, information security practices and procedures. Among others, it is advisable to:
Conduct a site visit of the facilities.
Ensure the supplier has a plan to address any identified gaps or deficiencies.
Obtain independent reviews and market feedback on the supplier.
Conduct due diligence and evaluate the supplier's:
expertise, past experience and competence to implement and support the proposed activity over the contracted period;
financial stability and ability to service commitments even under adverse conditions;
market intelligence, reputation and culture, compliance, complaints and outstanding or potential litigation;
internal policies and procedures, including security and control, audit coverage, reporting and monitoring environment and business continuity management;
locational factors including tax benefits, political, economic, social and legal factors;
employees, recruitment process, benefits, attrition plans, contingency plans and sub-contractor issues.
It is not unusual for suppliers to use sub-contractors, and it is good practice to include the following provisions in relation to sub-contracting:
Customer's consent must be obtained.
Minimum qualifications, capabilities and so on of any sub-contractor should be outlined.
Customer's right to review any sub-contracting terms.
Supplier's liability for the actions of the sub-contractor.
Sub-contractor IP rights and liability issues should be outlined.
Customer's right to inspect a sub-contractor and his premises.
The outsourcing agreement determines the success of the underlying relationship. The more clear, precise, detailed and carefully drafted the document, the easier it is to allocate risks, anticipate and prevent potential problems, and set realistic expectations. Some drafting tips include:
Take time to understand, negotiate and finalise the document, even if there is business pressure to close the deal.
Clearly address risks and risk mitigation strategies, particularly those identified at the gap analysis and due diligence stages.
Incorporate flexibility into the agreement to cater for changed circumstances.
Clearly state the nature of the legal relationship between the parties, whether principal to principal or otherwise.
Require that the supplier complies with laws, regulations and provisions that apply to the customer in different jurisdictions.
Include an obligation that the supplier complies with industry standards.
Clearly document the supplier's obligations in the event of a breach, and any transition issues.
Don't concede an important issue just to close the deal.
Key provisions that should be addressed in the contract include:
The contract's scope, clearly defined. Service and performance standards should be stated.
Audit rights. The customer must be able to access all books, records and information relevant to the outsourced activity with the supplier. Audits can be conducted internally by the customer or through external auditors or agents.
Monitoring rights. Continuous monitoring and assessment by the customer is necessary to erase long-term issues and ensure that any necessary corrective measures are taken quickly.
Termination. Notices, procedures and consequences should be addressed.
Policies and procedures for data privacy. The supplier should have adequate controls to ensure customer data confidentiality and a statement of liability in the case of a breach of security and/or any leak of confidential information.
Sub-contractor issues. The agreement should clearly state if customer approval is required, and how a sub-contractor's suitability is to be ascertained.
Compliance with law. Both domestic and other applicable laws should be covered.
Confidentiality of customer information. This issue cannot be overstated, and the agreement should seek to ensure the security and confidentiality of customer information in the supplier's custody or possession.
Indemnities, fall-back and other remedies. The agreement should contain the customer's specific non-compliance related remedies, fall-back and indemnities.
Business continuity and management of disaster recovery (DR) plan
The supplier should have a robust framework for documenting, maintaining and testing business continuity and recovery procedures. The customer must ensure that the supplier periodically tests the DR plan. Often customers consider joint testing with the supplier.
Termination and change of supplier issues
Customers tend to retain a degree of control over outsourcing, to mitigate against the unexpected termination of the agreement, or the supplier's liquidation. To establish a viable contingency plan, customers should consider the availability of alternative suppliers or the possibility of bringing the outsourced activity back in-house in an emergency, and the costs, time and resources involved in those activities.
Segregation of facilities
Customers should decide whether or not they are willing to allow the supplier to share its facilities with its other customers. Some level of segregation of the customer's information, documents, records and other assets is certainly advisable, particularly to ensure that the customer can easily reclaim those items following a breach or termination of the agreement.
Audit, monitoring and control
It is wise to include robust audit rights in the agreement to ensure that the customer can verify that the supplier is complying with the contract. The customer should continuously monitor and control its outsourced activities, either internally or using external auditors. The customer should periodically review the supplier's financial and operational conditions to assess its ability to continue to meet its outsourcing obligations. Periodic audits highlight any deterioration or breach in performance standards, confidentiality and security, and in business continuity.
There is no specific notification required for conducting an outsourcing transaction. However there can be specific requirements that must be met, including:
Specific set-up registrations, which depend on the structure proposed (see Question 5).
Tax benefits, where available, must be based on a registration.
Foreign exchange regulations can apply if an investment is made in India. While there is no prior approval required, there can be post investment filings that must be complied with.
An other service provider (OSP) licence from the Department of Telecommunications (DoT) may be required (see Question 2, Business process).
Principally, there are two structures used in an outsourcing transaction in India:
Having an owned set-up in India.
Outsourcing to a third party.
Description of structure. There are four common structures used by foreign investors establishing an owned set-up:
Branch office. The Reserve Bank of India's (RBI) permission to set up a branch office is required. Overall, setting up and shutting down a branch office is relatively straightforward. A branch office can be set up by a foreign entity provided it is used for one of the following activities:
promoting technical or financial collaborations between Indian companies and parent or overseas group companies;
rendering professional or consultancy services;
representing the parent entity in India, for example, acting as buying/selling agents in India;
conducting research and development work that the parent company is engaged in;
rendering services in information technology and the development of software in India;
undertaking export and import trading activities;
rendering technical support to the products supplied by parent/group companies;
representing a foreign airline or shipping company.
Wholly owned subsidiary (WoS). To take advantage of tax and other locational benefits, and to have a local business presence, foreign entities can set up a WoS. The income of a WoS is taxed at a lower rate than a branch office. Companies wishing to set up a manufacturing base and access the Indian product market often choose this route. There are certain benefits offered by the government if the entity is set up in an Export Processing Zone (EPZ), Special Economic Zone (SEZ) or Electronic Hardware Technology Park (EHTP). The unit can also be set up elsewhere as a 100% Export Oriented Unit (EOU). These units must export at least 75% of their final output out of India. SEZs are designed to provide internationally competitive infrastructure facilities and a duty-free and low cost environment.
WoS are best set up as a private limited liability company. This is more flexible and less regulated than a public limited liability company. The move from a private to a public company can be made at any time, depending on business needs, including if there is a desire to list the WoS on an Indian stock exchange.
Joint venture company (JVC). Where there is a relative business advantage to collaborate, a joint venture can be a good option. This allows both parties to share their expertise to optimum advantage. Most JVCs have exit and acquisition options, where parties clearly set out their short- and long-term objectives from the venture, together with options to leave or take over the venture should the need arise.
As with WoS, JVCs can also be registered as private limited liability companies. The shareholding between the domestic and the foreign investor is generally determined by the relative leverage of the parties. The government has few restrictions for foreign investment and therefore the structure is determined by business needs. However, the thresholds of a 10%, 25%, 50%, 75% and 90% shareholding in a company provide different sets of rights, and these may be considered before structuring the holding of the investor.
India has two basic categories of shares: equity (common) and preference (preferred) shares. While these are similar to those overseas, the level of flexibility in structuring the rights associated with shares that is globally available is not available in India. Other than ownership, control is maintained by board seats, veto rights and affirmative votes.
Acquiring an existing Indian company. This option reduces both the time to market and the set-up time and effort. Obtaining a good business culture fit can take some time, but acquisitions are a popular choice. An acquisition can involve both the issue of fresh capital, and the transfer of existing shares. RBI approval can be required for the transfer of shares, particularly with regard to their valuation, before their transfer from a resident to a non-resident. This is governed by the Foreign Exchange Management Act (FEMA) 2000, and the RBI guidelines issued. Where the shares of the company being acquired are listed on the stock exchange, additional legislation can apply.
Foreign investors usually route their investments through countries such as Mauritius, Singapore, Cyprus, and so on, to take advantage of the double tax treaties these countries have with India.
Advantages and disadvantages. Establishing an owned set-up:
It provides better control over the management, operations and the day-to-day running of the business.
It allows for the easy implementation and monitoring of internal processes, global policies and compliance issues.
It provides reassurance where there is sensitive and confidential information being processed in India.
Generally, India has a favourable repatriation policy. Profits generated from branch offices for example are freely remittable from India, subject to the payment of applicable taxes.
There is a loss of flexibility.
There are cultural issues: the burden of compliance with local laws together with potential clashes of culture and ethics to those of the parent.
There is delayed exit.
There are challenges in change of control, and moving between suppliers.
There are transfer pricing issues.
There are difficulties associated with managing a remote entity, geographically far from the parent.
Outsourcing to a third party
Description of structure. If the foreign entity does not want to establish itself in India, it can undertake outsourcing transactions by contracting with a supplier in India.
The outsourcing relationship between a customer and supplier can take several forms, including:
Build operate transfer (BOT). The supplier sets up, builds and operates the outsourcing unit for the customer and ultimately transfers it to the customer at an agreed date or event. The terms of transfer are also generally agreed upfront. The advantage of this structure is that the customer becomes the owner of the outsourcing unit without having to bear the initial set-up burden.
Staff augmentation (body shopping). This structure provides specialised resources, from the supplier to the customer, on a need basis. The model allows flexibility in terms of cost and resource allocation, and allows the customer to efficiently run their outsourcing business.
Service level agreements (SLA) (out-tasking). These are shorter and more specific agreements, documents and orders that flow from a main agreement requiring these specific contracts to be executed for short-term business needs, to deliver work product or to fill skill gaps.
Project-based outsourcing. Under this collaborative model, both the suppliers and their customers share risks and rewards. Industry best practices are used to evaluate work, quality and delivery issues. This model has a short-term focus.
Managed services. With a long-term focus, this model works from a main agreement covering a multi-year relationship together with SLA-based integrated solutions. The supplier is responsible for agreed strategic business results. A key term of the contract is the concept of technology refresh, or reinvestment of expertise, giving the supplier a commercial advantage. This model is becoming increasingly popular in outsourcing transactions.
Multi-sourcing. Where different suppliers perform different services, which they are adept at performing. While this allows the customer to use the best of all that is available, there can be challenges in co-ordinating the efforts of different suppliers and moving services and intellectual property (IP) rights among them.
Advantages and disadvantages. This option:
Is the most cost-effective.
Requires care to be taken to ensure that this arrangement does not constitute a service permanent establishment (PE) as if a PE is established, the foreign entity is liable to pay taxes in India for income attributable to India.
Raises concerns regarding confidentiality, people and performance control.
Works best where the work is of an intermittent nature, the volumes are small, and varying expertise is required for different pieces of work.
Provides flexibility, both in terms of the work outsourced, and allowing the work to be done by different suppliers.
The agreement plays a very critical role in this type of outsourcing. It should cover issues relating to data protection, security compliance, confidentiality, IP rights' assignment, audit rights, reporting requirements and change control.
The procurement process should examine various matters, including supplier reputation, technical specifications, expertise, pricing, updates, after-sales support and service, service level agreements (SLAs), and so on. While the procurement process can vary, the following provides a general outline of the process.
Request for proposal
It is not common to undertake a request for proposals (RFP) during the tendering process for non-government outsourcing. However, for large projects, foreign companies do send out RFPs to a select group of suppliers. This starts the procurement process. In the event that a formal RFP is not sent out, the shortlisted suppliers are sent a brief so that they can put forward their proposal and initiate their due diligence.
The suppliers' due diligence and evaluation should first address their technical capabilities, knowledge levels and market share. Supplier credibility can then be checked through referral sources.
Assessing supplier capability
Infrastructure, technical capabilities, leadership, team size, human resource management, locations, client focus, processes, tools and certifications are all relevant in assessing the supplier's capabilities. India has many capable vendors, and it can be difficult to select a particular supplier. A supplier should not be selected purely because of its company name or the number of multinationals who have outsourced work to it. Evaluation of the people is as critical as evaluation of the company.
Referral checks on supplier reputation
This can be done by contacting some of the supplier's other customers, or requesting that the supplier provides a capability statement based on past experience. A visit to the supplier's facilities allows the customer to study their processes and ensure they meet the customer's internal quality and regulatory requirements.
Gap analysis/SLA signing
Ask the supplier to do a gap analysis so that issues can be identified. An SLA should only be signed after a level of reassurance is established with the supplier. The scope of the gap analysis/SLA should be clear, concise and simple. It should contain objectives, and define the scope of work, final deliverables and any resource allocation details.
Both the internal staff of the foreign entity planning to outsource to India and external consultants can be used, depending on a project's requirements. When selecting external consultants care must be taken to ensure that they have adequate exposure to India and doing business in India.
Continuous evaluation of supplier performance
Keep evaluating the supplier even after the agreement has been awarded to them. This can be based on both feedback from the people involved and active assessments. Evaluation is particularly useful where there is a subsequent engagement.
The team negotiating the transaction should be practised in negotiating with Indians. The Indian style of negotiation is quite unique, and negotiators should be sensitive to the nuances of this style of negotiation.
Transferring or leasing assets
Formalities for transfer
The Transfer of Property Act 1882 governs the transfer of property in India, including the sale, lease, rent, mortgage, or charge of immovable property, and the gifting and exchange of movable property. It also deals with the transfer of actionable claims. Additionally, with any transfer of property there are conveyancing documents, their registration and the payment of stamp duty.
If the transfer of property needs to be absolute, then sale is the only option. On completion of the sale, the buyer takes all the rights of ownership, possession, and so on over the property. Stamp duty must be paid and the sale should be registered with the appropriate authority, so that the seller has no claim over the sold property.
Stamp duty payment is legislated by the respective Indian state, while the provisions regarding registration are contained in the Registration Act 1908.
IP rights and licences
While care is taken to protect intellectual property (IP) rights, such as copyrights, trade secrets, inventions, ideas, formulae, source and object codes, know-how, improvements, and so on, the transfer of IP rights provides challenges. While copyright can be transferred automatically from an employee to an employer, the same is not true for a patent right. In the case of an independent contractor, the supplier must be careful to ensure the assignment of the IP rights.
Due diligence conducted on the supplier should reveal whether the supplier has contracts with its employees and consultants for the assignment of IP rights developed by them. Importantly, on the creation of specific IP rights (particularly where there could be a patent right), the supplier should ensure that independent contractors and employees assign the IP rights and execute all necessary documentation to validate that assignment. It is advisable to include provisions allowing the party registering the IP rights in its name to seek further documents to perfect its title.
The customer should aim at obtaining an exclusive, royalty-free, irrevocable, perpetual and worldwide assignment of IP rights from the supplier. Any deed of assignment should specifically state that the assignment is in perpetuity and worldwide, and that the assignment does not lapse in the event the assignee does not exercise the rights assigned within a period of one year from the date of assignment. The assignment should identify the work and clearly specify the rights being assigned.
Software tends to be the main IP right created and the subject matter of transfer, but software is not patentable in India. However, it is copyrightable under the Indian Copyright Act 1957, and sections 18 and 19 deal with the assignment of copyrights. Section 18 states that any prospective owner of a copyright, in a future work, can assign, to another person, the copyright, either wholly or partially, although the assignment takes effect only when the work comes into existence. Therefore, the supplier must first specifically enter into a general copyright assignment agreement with each of its independent contractors. As and when a copyrighted product comes into existence, the supplier should sign a specific assignment recording the work being transferred. The supplier can then transfer all the IP rights it obtains, as an assignee, to its customer.
A knowing violation of copyright in India is a criminal offence. Indian courts are reasonably quick to grant injunctive relief for IP rights' violation.
While the transfer procedure can vary depending on the specific property, generally the transfer of movable property follows that item's delivery. Share transfer has a prescribed process under Indian company law. The transfer of confidential information is based on contract law.
Privity of contract applies in India, and therefore a third party cannot enforce a contract. Generally, it is possible to assign rights under a contract where that is the parties' intention, and provided the law does not forbid those rights from being assigned. However, if the obligations under the contract are of a personal nature, they cannot be assigned and must be performed by the parties who have contracted to perform them.
Contracts can also be transferred by way of novation of the contract. Under this concept, all liabilities and obligations under a contract, including the transfer of the benefit and/or burden of a contract, are passed to a third party provided all parties consent. Effectively, the original contract is annulled and is replaced by a new contract.
Key contracts can therefore be transferred either by way of novation or assignment, depending on the original contract terms and the intent of the original parties.
Formalities for leasing or licensing
See Question 7.
Transferring employees on an outsourcing
There is no law that transfers employees in an outsourcing transaction. It is only on transfer of a business undertaking that Section 25FF of the Industrial Disputes Act 1947 (IDA) enables the transfer of employees to the new business undertaking.
For more information on transferring employees on an outsourcing, including structuring employee arrangements (including any notice, information and consultation obligations) and calculating redundancy pay, see Transferring employees on an outsourcing in India: overview (www.practicallaw.com/4-593-3466).
Data protection and secrecy
Data protection and data security
General requirements. The Information Technology Act 2000 (IT Act) and its associated rules and regulations, govern electronic data protection and prescribe penalties for failure to comply with its provisions. There are a range of requirements, including:
Damages must be paid by a company for failure to adopt reasonable security practices while handling sensitive personal data (section 43A, IT Act). It is advisable for the outsourcing agreement to cover the issue of data transfer, together with the extent of protection and security expected from the supplier.
Any person who, pursuant to the powers conferred under the IT Act, has secured access to any electronic record or personal data and discloses that information to a third person without consent for that disclosure is liable to punishment of a fine or up to three years' imprisonment (section 72A, IT Act).
In addition, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011 (Privacy Rules) lay down the procedure to be followed in order to secure personal data and sensitive personal information. The Privacy Rules define sensitive personal data or information as information relating to:
Physical, physiological and mental health conditions.
Medical records and history.
Any information relating to these as available with, or provided to, a body corporate under a lawful contract, or for providing services.
There are a range of requirements relating to sensitive personal data, including (Privacy Rules): A procedure for the formulation and implementation of reasonable security practices by corporate bodies. They can either follow the International Standard IS/ISO/IEC 27001 on Information Technology: Security Techniques: Information Security Management System: Requirements, or any other code of best practice, that is approved by the central government (Rule 8, Privacy Rules).
The information provider's consent is required before obtaining sensitive personal data or information. The information provider should be made aware of the collection of information, the purpose of doing so and the data's intended recipients. Any disclosure of sensitive personal data or information to any third party also requires the information provider's prior permission.
It is advisable that parties execute binding data transfer agreements, outlining the mode and purpose of any data transfer. This agreement does not need to be approved by any regulatory authority and there are no standard forms or precedents that have been formulated, or approved by national authorities. However, the agreement must comply with the Indian Contract Act 1872 (Contract Act) and the standards under the Privacy Rules.
NASSCOM has also established the Data Security Council of India (DSCI) as a self-regulatory body.
Mechanisms to ensure compliance. See above, General requirements.
International standards. See above, General requirements.
General requirements. The Reserve Bank of India's (RBI) know-your-customer norms require banks to ensure that information collected from customers is treated as confidential, and that its details are not divulged for cross-selling or similar purposes.
The RBI has also established the Banking Codes and Standards Board of India (similar to the Banking Codes and Standards Board in the UK, as an autonomous and independent watchdog of the banking industry. The Banking Board has formulated the Code of Bank's Commitment to Customers (which sets the minimum standards of banking practices for banks to follow while dealing with individual customers). Section 5 of the Code deals with privacy and confidentiality of customers' personal information banks must not reveal any information or data relating to the accounts of customers, whether provided by them or otherwise, including other companies/entities, except if one of the following circumstances applies:
The information is required to be provided by law.
There is a duty towards the public to reveal the information.
The bank's interests require the bank to give the information (for example, in case of prevention of fraud). But the same will not be used as a reason for giving information about customers or their accounts to anyone else, including other group companies, for marketing purposes.
The customer asks the bank to reveal the information, or if the bank has the customer's permission in writing.
The bank is asked to give a banker's reference about the customer, provided written permission of the concerned customer is obtained prior to such disclosure.
Mechanisms to ensure compliance. See above, General requirements.
International standards. Secrecy of customer information is a principle of common law, which is practised in India, and recognised a statutory basis must be provided in order to strike a balance between privacy rights of the customer along with the need to share crucial information with law enforcement authorities and other regulators, in the larger public interest.
Confidentiality of consumer data
General requirements. The right to privacy falls under the ambit of the fundamental right to life, protected by the Constitution of India. The IT Act and Privacy Rules also contain provisions concerning the privacy and protection of consumers' sensitive personal data and information in any electronic medium. India does not have a statute governing the protection of confidential information and trade secrets.
Mechanisms to ensure compliance. It is possible to obtain protection through a civil action under common law. It is also possible to file an action for criminal breach of trust against the supplier, based on the fact that the confidential information was provided by the customer to the supplier "in trust" and its misuse constitutes a breach of trust.
Given these circumstances, it is best practice to ensure that the outsourcing agreement contains clearly articulated and adequate confidentiality obligations. This has the effect of contractually binding the parties to confidentiality.
Additionally, periodic auditing and monitoring of the supplier's facilities, and seeking reports on the implementation of data security measures, can help a customer ensure the confidentiality of its data.
International standards. Changes are still required to give statutory force to the privacy rights of consumers, in compliance with global standards (Banking secrecy: International standards).
Service specification and levels
Flexibility in volumes purchased
Flexibility to adjust volumes purchased is largely dependent on the nature of the outsourcing transaction. Outsourcing models such as "pay per unit pricing model" or "variable rate pricing model" are the most flexible. These arrangements typically allow the customer to adjust volumes transacted, however, in some cases, they may prescribe a minimum purchase volume, below which a premium rate per unit is payable or the agreement stands terminated. Customers opting for fixed rate pricing models, that typically have short term or one-time projects, do not enjoy such flexibility.
Charging methods and key terms
Charging methods vary, and a contract can also provide the flexibility to move from one method to another, depending on the circumstances. The most common charging methods include the following:
Cost plus is often used in a captive/wholly owned subsidiary (WoS) set up between a parent and an Indian subsidiary. With this method the customer pays the supplier actual costs plus a predetermined profit percentage. This method tends to lack incentive for performance improvement, cost reduction and overall efficiency, and is usually used in captive setups and WoSs for this reason.
Fixed price/unit price
Fixed pricing and unit pricing charging methods are used where the relationship tends to be more static, the scope of the agreement is very clearly understood and has been in place for some time. Often there is little room to improve performance or cost-effectiveness, and this method is usually used for lower-end services. The supplier is always motivated to decrease its internal costs to find ways to increase efficiency, but usually the differences are marginal.
Risk or reward
Where the scope of the agreement is undefined, or unique, and the value proposition high, parties usually negotiate an incentive-based charging method. The customer incentivises the supplier to encourage optimal performance. However, the supplier can also be charged penalties for unsatisfactory service.
There are various other risk/reward sharing charging methods that can be used to keep both the customer and the supplier on their toes. The aim is to make both parties act as partners, so that both gain from any additional value created as a result of their collaborative efforts.
Customer remedies and protections
The well-established legal system, based on English common law, is one of the factors that make India an attractive outsourcing destination. The legal system is robust, and courts enforce the parties' contractual rights. Contracts are enforced either:
By filing a civil suit for damages under section 73 of the Contract Act 1872.
By filing a civil suit for specific performance under section 10 of the Specific Relief Act 1963.
A party suffering a breach of contract is entitled to receive compensation from the breaching party for any loss or damage caused to it. The twin principles of restitution and mitigation are followed while calculating damages. Compensation cannot be paid for any remote and indirect loss or damage. Although liquidated damages are recognised and can be recovered under Section 74 of the Contract Act, the principles of reasonableness and remoteness must be followed.
The nature of an outsourcing agreement can raise concerns over remedies as a customer is dealing with an Indian supplier with few, or no, meaningful assets in the customer's country, against which any judgment or arbitral award would be executed. The jurisdiction of the courts under the outsourcing agreement, and the implications of obtaining a judgment from a foreign court should be considered. It is critical for the customer to understand the supplier's corporate structure, its assets and the location of those assets. Once this is established, the parties can structure the dispute resolution provisions to maximise the ability to recover against the supplier's assets in the event a dispute arises between the parties. Customers can seek additional measures to guarantee performance, including, among others:
Parent or affiliate guarantees.
Escrow accounts for payments.
Letters of credit.
Unless India has a reciprocal intellectual property (IP) rights arrangement for enforcement of a foreign judgment, that judgment cannot be enforced in India. For example, a US judgment is not directly enforceable in India, though it can be enforced by filing a fresh suit in an Indian court, based on the US judgment. While the process can take time, certain grounds make the judgment unenforceable, and these include:
The judgment was not issued by a court of competent jurisdiction.
The judgment was not issued on the merits of the case.
The judgment appears to be founded on an incorrect view of international law or a failure to recognise Indian law, if such law is deemed applicable.
Principles of natural justice were ignored by the overseas court.
The judgment was obtained by fraud.
The judgment sustained a claim founded on a violation of any law in force in India.
A judgment can also be obtained directly from Indian courts. This allows the customer to seek attachment of the supplier's assets in India. While a final judgment in India can take time, injunctive relief is available for pressing matters.
While Indian courts recognise private international law principles and generally enforce choice of law clauses agreed on by the parties (sections 13, 15 and 44A, Indian Civil Procedure Code 1908 and section 41, Indian Evidence Act 1972) Indian law is generally applied to disputes in certain fields, including disputes involving:
Indian courts do not apply any law that violates public policy in India.
Arbitration continues to be the preferred means of dispute resolution in outsourcing transactions. India is a signatory to the United Nations Convention on the Recognition and Enforcement of Foreign Awards 1958 (New York Convention), and therefore it is easier to enforce a foreign arbitral award rendered in a New York Convention country than those in other jurisdictions. A foreign arbitral award can be challenged or refused enforcement in India on very limited grounds, including:
Incapacity on the part of any of the parties to the contract.
Invalidity of the arbitration agreement under the law governing the dispute.
Lack of due process afforded to either party.
The award goes beyond what was provided for in the arbitration clause's scope.
The matter is not subject to resolution by arbitration under India's laws.
Enforcement of the award would be contrary to public policy in India.
Once an Indian court is satisfied that the foreign arbitral award is enforceable, it is deemed to be a decree of that court and becomes enforceable in India.
Warranties and indemnities
Parties negotiate the effect of warranties on the relationship, including whether time is of the essence.
Contracts will typically include express warranties, particularly in relation to:
Intellectual property (IP) rights.
Associated professional services.
Standard maintenance is also sometimes warranted, usually where supplier software (whether owned or licensed) is being used.
There is usually lengthy negotiation on the scope of the services to be provided and each of the parties' respective responsibilities under the agreement.
Supplier warranties. It is good practice to ensure that employee-related warranties are included, to guarantee that employees will work in a professional and workmanlike manner, and that resources will be properly and appropriately allocated. The supplier must often provide warranties relating to employee issues concerning:
Payments due to employees.
Capabilities and expertise of employees.
The use of sub-contractors (if applicable) that both vouch for the quality of any sub-contractor, and accept sole responsibility for any sub-contractor engaged.
Customer warranties. Customer warranties usually include provisions to provide the supplier with all assistance, materials and accurate information reasonably required to enable it to provide the services outlined in the agreement.
Supplier and customer warranties. Both parties include warranties regarding:
Compliance with all relevant laws, applicable guidelines and professional codes.
Possible conflicts of interest.
That all data, software or other information provided by them does not infringe upon any third-party IP rights.
Indemnities. The parties agree to defend and indemnify the other against losses incurred as a result of any third-party infringement of any of the IP rights provided. Indemnities can range from:
Broad indemnities (for example, breach of a warranty or covenant).
Middle level indemnities (for example, breach of a data protection obligation).
Very specific indemnities (for example, employees misbehaving at customer locations or introducing a virus into the customer's computer systems).
Limitations to the supplier's liability are also negotiated. These can include monetary caps and a clear understanding that no consequential or indirect damage will be covered. Suppliers tend to limit protection to third-party claims and the customer's direct losses. A supplier will also seek to defend any third-party claim. Suppliers tend to try to resist indemnities concerning a breach of a service-related warranty or covenant.
These provisions are negotiated between the parties to the agreement, and the matters that are included depend on the negotiation leverage that each of the parties have (see Question 18).
Unlike other jurisdictions, insurance products are not as sophisticated or accessible in India. As the insurance industry matures, with increased multinational participation, more competitive products may become available. Currently, outsourcing parties usually obtain:
Public liability insurance.
Professional liability insurance.
Employee health insurance.
Term and notice period
Termination and termination consequences
Events justifying termination
As there are no specific statutes governing outsourcing in India, instances that justify termination of an agreement without giving rise to damages are governed by the terms of the agreement. It is important that the parties include adequate exit strategies, address transition co-operation, and allocate adequate time for any transition, within the agreement.
It is common to include insolvency as a ground for such termination in most contracts.
Generally, remedies that are available on termination are provided in the terms of the outsourcing agreement.
Termination for near insolvency may be adopted as a method of avoiding the disastrous effects of a provider's unanticipated insolvency on the customer's business. However, this remedy is only feasible if the customer remains alert and aware of the provider's performance and financial health. Appropriate mechanisms to measure such health as performance benchmarks, periodic financial reporting and "no material adverse change" certification requirements may be included in the agreement.
Outsourcing agreements can also call for third party intervention in cases of material breach. For example, forensic investigation in cases of suspected data breach may be included in agreements involving transfer of sensitive information.
IP rights and know-how post-termination
Liability, exclusions and caps
The parties are free to agree on a cap on the liability. However, liquidated damages for breach of contract are governed by the Contract Act and case law under that statute. Liquidated damages agreed between the parties in the contract, which stipulate the damages to be paid in the event of a breach, irrespective of the actual damage suffered, must be a genuine pre-estimate of damages, which is likely to flow from a breach. Therefore, any cap on liability must be reasonable for the court to award it.
Private arbitration is the preferred means of dispute resolution in all commercial transactions in India. Considering the transfer of IP and sensitive information in an outsourcing transaction, and the need for confidentiality and expeditious resolution, arbitration is being preferred to prolonged litigation. Most international commercial contracts executed in India call for arbitration under ICC rules with the seat of arbitration in a neutral third party venue.
See Question 16.
Taxation policy has had a big effect on the growth of India as an offshore outsourcing destination, although a lot of the benefits available under the Software Technology Parks of India scheme are no longer available to outsourcing companies being established in India. However, there are tax advantages, which should be considered before negotiating an outsourcing agreement.
Suppliers are typically exempt (either wholly or in part) from tax on income earned from the export of software or services out of India, provided the fees are received in convertible foreign currency. Conversely, where fees are paid in Indian rupees, costs can significantly increase, because the supplier would seek to recover the tax that it pays from the customer.
Transfers of assets to the supplier
The transfer of assets by sale attracts capital gains tax (CGT) on the amount of profit made by the customer on selling the asset. Again, there may be some locational and other benefits that exempt the supplier from paying any taxes (for example, if a 100% export oriented unit procures the assets sold, then that unit is exempt from paying CGT).
Transfers of employees to the supplier
The transfer of employees is not a taxable event, and does not have any tax consequences.
VAT or sales tax
As VAT or sales tax is paid on the transfer of goods, the supplier must evaluate whether the product offered by them is a good or a service. If the product is classified as a good, then the requisite VAT or sales tax must be paid on the transfer of assets to the supplier.
Service tax is payable on the gross amount the supplier charges for the supply of services. As service tax is a consumption tax, it is only levied on services consumed in India. Therefore, a unit engaged in the export of services, where the payment is received in a foreign exchange, is exempt from paying service tax.
Stamp duty is payable on a conveyance deed.
Corporation tax is payable by way of income tax under the Income Tax Act 1961. A foreign customer can also be subject to income tax if its presence in India is classified as a "permanent establishment" in India (see below, Permanent establishment (PE)).
Certain entities in India can import capital goods and consumables without paying customs duty, although this also involves making certain export commitments. Generally, the higher the value of the duty-free imports, the higher the export commitment. Certain entities can also benefit from exemptions on excise duty on local Indian goods purchased by them.
Permanent establishment (PE)
Under the double tax treaties that India has signed with various countries, a PE is a fixed place of business through which the business of an enterprise is wholly, or in part, carried on. This includes:
A place of management.
A mine, an oil or gas well, a quarry, or any other place of extraction of natural resources.
A warehouse, in relation to a person providing storage facilities for others.
A farm, plantation or other place where agriculture, forestry, plantation or related activities are carried out.
A store or premises used as a sales outlet.
An installation or structure used for the exploration or exploitation of natural resources, but only if so used for a period of more than 120 days in any 12-month period.
A building site or construction, or installation, assembly project or supervisory activities in connection with those, where the site, project or activities (together with other such sites, projects or activities, if any) continue for a period of more than 120 days in any 12-month period.
The furnishing of services (other than included services as defined in Article 12 of the Royalties and Fees for Included Services) within a contracting state by an enterprise through employees or other personnel, where:
activities of that nature continue within that state for a period (or periods) aggregating more than 90 days within any 12-month period; or
the services are performed within that state for a related enterprise (within the meaning of paragraph 1 of Article 9 of the Royalties and Fees for Included Services).
A PE does not include:
The use of facilities solely for the purpose of storage, display or occasional delivery of goods or merchandise belonging to the enterprise.
The maintenance of a stock of goods or merchandise belonging to the enterprise solely for the purpose of storage, display or occasional delivery.
The maintenance of a stock of goods or merchandise belonging to the enterprise solely for the purpose of processing by another enterprise.
The maintenance of a fixed place of business solely for the purpose of purchasing goods or merchandise, or of collecting information, for the enterprise.
The maintenance of a fixed base of business solely for the purpose of advertising, for the supply of information, for scientific research, or for other activities that have a preparatory or auxiliary character, for the enterprise.
The concept of service PEs, although not defined under Indian law, has come under considerable scrutiny recently. Indian courts have held that certain foreign entities providing services through agents in India, have, in the process, created service PEs. For example, in the case of DIT (International Taxation), Mumbai v Morgan Stanley and Co Inc and Morgan Stanley and Co Inc v DIT, Mumbai [(2007) 2SCC1], it was held by the Honourable Supreme Court of India that employees of the US arm of Morgan Stanley deputed to its Indian arm to provide certain services for a specified period, created a service PE of the US arm in India. The reasoning of the Supreme Court was based on the fact that the employees were receiving remuneration from the US arm and that they were under the control and authority of the US arm of Morgan Stanley.
In addition, in the recent judgment in Rolls Royce Singapore Pvt Ltd v ADIT [MANU/DE/3479/2011], the Honourable High Court of Delhi identified the following indicators of whether a supplier is in fact a dependent agent, creating a PE:
The dependant agent must be carrying out activities either wholly or almost wholly on behalf of the assessee.
The agent must be prohibited from taking competitive products.
The assessee must exercise extensive control over the agent.
Transfer pricing issues
The Transfer Pricing Regulations (TP Regulations) are used to compute income from international transactions between associated enterprises. Indian tax laws require that the pricing of transactions between associated enterprises must be conducted on an arm's-length basis. An arm's-length price means a price that is applied, or proposed to be applied, in a transaction between persons other than associated enterprises, in uncontrolled conditions. There is no prescribed formula although companies tend to opt for either a cost plus method (of around 15%) or standard per diem rates.
The TP Regulations only apply if the parties are deemed to be associated enterprises. In an outsourcing situation, parties are deemed to be associated if:
The supplier's manufacture or processing of the goods is wholly dependent on the use of the customer's IP rights.
One party, or any person specified by it, supplies and influences the prices and other conditions concerning 90% or more of the raw materials and consumables required for the manufacture or processing of goods or articles carried out by the supplier.
The goods or articles manufactured or processed by the supplier are sold to the customer at prices and conditions that are influenced by the customer.
Ministry of Corporate Affairs
Description. The Ministry of Corporate Affairs is primarily concerned with administration of the Companies Act 2013, the Companies Act 1956, the Limited Liability Partnership Act 2008 and other allied acts, and rules and regulations framed under these; mainly for regulating the functioning of the corporate sector in accordance with the law. The Ministry of Corporate Affairs is also responsible for administering the Competition Act 2002 to prevent practices having adverse effect on competition, to promote and sustain competition in markets, to protect the interests of consumers through the commission set up under the Competition Act 2002. The information is up-to-date.
Reserve Bank of India (RBI)
Description. The RBI was established on 1 April 1935 in accordance with the provisions of the Reserve Bank of India Act 1934. The RBI is India's Central Banking Institution, which controls the Monetary Policy of the Indian Rupee. RBI is also the regulator and supervisor of the financial system and prescribes broad parameters of banking operations within which the country's banking and financial system functions. Its objectives are to maintain public confidence in the system, protect depositors' interest and provide cost-effective banking services to the public. The website is up-to-date.
Department of Telecommunications (DoT)
Description. The DoT is responsible for policy formulation, licensing, wireless spectrum management, administrative monitoring of PSUs, research and development and standardisation/validation of equipment and so on. The website is up-to-date.
Ministry of Labour and Employment
Description. The Ministry of Labour and Employment is responsible for protecting and safeguarding the interests of workers in general and those who constitute the poor, deprived and disadvantage sections of society, in particular regarding to creating a healthy work environment for higher production and productivity and to develop and co-ordinate vocational skill training and employment services. The website is up-to-date.
J. Sagar Associates
Professional qualifications. India, 1990
Areas of practice. Corporate commercial; mergers and acquisitions; private equity.
- Leading the technology, media and telecommunication practice.
- Undertaking transactional work with a focus on representing emerging technology companies in areas of inbound investments in India, venture capital and private equity investments, joint ventures, strategic alliances, and mergers and acquisitions.
- Assisting many international businesses and funds to funnel investments in India.
- Clients include established and high technology companies, internet start-ups, connectivity specialists, e-commerce ventures, conversion technology and technology-based entertainment industries.