Outsourcing: Italy overview
A Q&A guide to outsourcing in Italy.
This Q&A guide gives a high-level overview of legal and regulatory requirements on different types of outsourcing; commonly used legal structures; procurement processes; and formalities required for transferring or leasing assets. The article also contains a guide to transferring employees; structuring employee arrangements (including any notice, information and consultation obligations); and calculating redundancy pay. It also covers data protection issues; customer remedies and protections; and the tax issues arising on an outsourcing.
To compare answers across multiple jurisdictions, visit the Outsourcing Country Q&A tool. This article is part of the global guide to outsourcing. For a full list of contents, please visit www.practicallaw.com/outsourcing-guide.
Regulation and requirements
With the exception of certain sectoral regulations, there are no specific provisions applicable to outsourcing (see Question 2).
The parties in an outsourcing transaction must comply with the Civil Code provisions on:
Contracts in general (Article 1321 and following, Civil Code).
Services contracts (somministrazione) (Article 1559 and ff, Civil Code).
Tender contracts (appalto) (Article 1655 and ff).
In addition, Law No. 192 of 1998 on subcontracting may be relevant, particularly regarding the regulation of late payments.
Outsourcing the financial services sector is subject to specific guidelines from the competent supervisory bodies, such as the:
Bank of Italy (Banca d'Italia).
National Commission for Companies and Securities Exchange (Commissione Nazionale per le Società e la Borsa)(CONSOB).
Among the various provisions applicable (and not taking into account requirements applicable at EU level), the following are particularly noteworthy:
The Bank of Italy issued its regulations for the prudential supervision of banks (Circular No. 263 of 27 December 2006, as subsequently amended), which include a number of provisions covering outsourcing by banks. In its 15th revision issued in 2013, the regulations substantially reshaped the overall framework for an outsourcing bank's corporate functions, introducing:
new outsourcing areas; and
a progressive adjustment roadmap to implement the new rules (that, in some cases concerning IT infrastructure, will expire on 1 July 2016).
The Bank of Italy recognises the need for banks to concentrate in their core business and increase their flexibility to achieve cost reductions.
The Bank of Italy and CONSOB adopted a joint regulation on the organisation and intermediary procedures providing investment services or collective investment management services (issued on 29 October 2007, as amended) that, among other provisions, regulates the outsourcing of essential or important operative functions or services or activities as well as the delegation by alternative investment funds managers the task of carrying out one or more functions on their behalf.
Main areas for financial services outsourcing are:
Insurance companies are subject to the supervision of the Italian Insurance Supervisory Authority (Istituto per la Vigilanza sulle Assicurazioni) (IVASS) and the regulation concerning internal controls, risk management, compliance and the outsourcing of activities of insurance undertakings (Regulation No. 20 of 26 March 2008, as amended).
IT and cloud services
The IT and cloud services sector is significantly affected by data protection regulation and is subject to the supervision of the Data Protection Authority (Garante per la protezione dei datI personali). In addition to the oversight of the Data Protection Authority, this sector is regulated by Legislative Decree No. 196 of 2003, as amended (Data Protection Code) and several decisions of the Data Protection Authority periodically addressing specific privacy aspects related to outsourcing.
Telecommunications outsourcing can relate to the provision of telecommunications services within a closed users group (for example, voice telephony and data transmission to various locations of the same company). However, it is very rare for companies to set up their own internal networks. In addition, it not usual for telecommunications services to be provided in combination with certain IT services.
The provision of telecommunications services to the public, and therefore also its outsourcing, is heavily regulated through the Electronic Communications Code (Legislative Decree No. 259 of 2003, as amended) that implemented Directive 2009/136/EC on consumer protection and users' rights in relation to the processing of personal data and the protection of privacy in electronic communications (Citizens' Rights Directive). The sector regulators are the:
Communications Regulatory Authority (Autorità per le Garanzie nelle Comunicazioni) (AGCOM).
Ministry for Economic Development (Ministero dello Sviluppo Economico) (MISE).
Service provision is subject to a general authorisation and, in cases of scarce resources (such as spectrum and numbers), the granting of individual rights of use.
Legislative Decree No. 163 of 2006 (Code on public contracts for works, service and supplies, as amended) regulates public sector outsourcing, implementing Directive 2004/17/EC co-ordinating the procurement procedures of entities operating in the water, energy, transport and postal services sectors (Utilities Directive)
and Directive 2004/18/EC on the co-ordination of procedures for awarding public works, supply and service contracts (Consolidated Public Sector Directive). Other applicable legislation includes the rules governing the public connectivity system, in which service providers and outsourcers must be enrolled in registers of national suppliers held by CNIPA (Centro Nazionale per l'Informatica nella Pubblica Amministrazione) (National Centre for Informatics within the Public Administration) and of local suppliers held by the relevant regional governments.
Banks. Outsourcing transactions must be made in accordance with the overall group policies that banks are required to draft in relation to:
Provider selection and relevant due diligence.
Minimum contents of the outsourcing agreements and expected service levels.
Monitoring and role of internal functions.
The flow of information.
Continuous risk assessment.
Continuity/contingency plans in case of malfunctioning of the services.
The ultimate responsibility remains with the bank concerned and outsourcer must not fully dismantle its internal structure in order to be able to monitor the services received by the provider, provide the appropriate guidance and be able to re-insource the services if needed.
Bank of Italy Circular No. 285 of 19 December 2013 (15th revision of 8 March 2016 (Circular 285) lists a number of aspects that must be regulated in the outsourcing agreement. These include:
The respective rights and obligations.
Service levels (including emergency service levels and business continuity solutions), the modalities for their measurement, and certain automatic termination provisions if the service levels are not met (or are no longer capable of being met).
Access right for audit and for the surveillance authority (European Central Bank or the Bank of Italy).
Limitations to sub-outsourcing.
The Bank of Italy provides stricter requirements for the outsourcing of control activities (in the risk management and internal audit areas) (Title IV, Chapter 3, Section IV, Circular 285). In particular, it requires banks to set out is overall outsourcing policy, including the:
Procedures for outsourcing any of its operations.
Minimum contents of the outsourcing agreements and service level.
Continuous monitoring of the activities with the involvement of the internal audit functions.
Continuous information flows in order to enable awareness and management of risk factors concerning the outsourced activities.
Furthermore, specific provisions must be introduced in agreements concerning the outsourcing of IT systems and services (Title IV, Chapter 4, Section VI of Circular 285) such as, among others:
Obligation for the outsourcer to comply with the bank's IT security policy.
Ownership of data, software, technical documentation and other IT resources, periodical backup of the IT system.
Procedures for communicating and managing incidents to IT systems and ensuring business continuity.
Traceability methods to ensure accountability of the various operations (in particular, critical operations and access to confidential data).
Intermediaries. The joint regulation on the organisation and intermediary procedures providing investment services or collective investment management services (adopted by the Bank of Italy and CONSOB on 29 October 2007) provides, among other things, that for outsourcing of essential or important operative functions or investment services or activities, the intermediary concerned must take reasonable steps to mitigate the related risks (see Question 2). In this context, outsourcing cannot reduce the effectiveness of the control system nor prevent the supervisory authorities from checking that the intermediaries fulfil all their obligations. The agreements must:
Be in writing.
Require the parties to set up and review an emergency plan for resuming operation and disaster recovery including the review from time to time of the backup systems (whenever this is necessary on the basis of the business function that has been outsourced).
Enable the intermediary to early terminate the outsourcing agreement if necessary.
Not jeopardise the continuity of the service the intermediary provides to its clients.
Moreover, alternative investment funds managers delegating the task of carrying out one or more functions on their behalf, must also comply with the principles set out in Regulation (EU) 231/2013 on exemptions, general operating conditions, depositaries, leverage, transparency and supervision.
Insurance companies. Regulation No. 20 of 26 March 2008 expressly prohibits outsourcing of risk underwriting and contains specific and more stringent provisions on outsourcing of the internal audit, risk management and compliance functions. Insurance companies must define their outsourcing policies, including (as a minimum):
The criteria for identifying the activities to be outsourced (and for the classification of activities as critical or important activities).
The criteria for selecting suppliers, concerning:
their professional experience, good repute and financial standing;
methodologies for evaluating service level; and
contingency plans (including exit strategies in cases of outsourcing of critical or important functions and activities).
Regulation No. 20 of 26 March 2008 also provides certain minimum contents of the outsourcing agreements involving insurance companies such as (Article 32):
Clear description of the outsourced activities.
Outsourcer's obligation to promptly inform the insurance company of any occurrence that is capable of impacting its ability to perform the outsourced activities in compliance with applicable laws.
Outsourcer's data protection undertakings concerning data of the insurance company and its clients, right of access by IVASS and by the insurance company to its locations.
Documentation, termination for convenience right without onerous penalties.
Right for the insurance company to terminate for convenience or amend the outsourcing agreement upon request from IVASS.
Prohibition of sub-outsourcing without the express consent of the insurance company.
Banks. A pre-notification of any planned outsourcing contracts must be made to the Bank of Italy. During the 60 days following the notification, the Bank of Italy is entitled to commence a proceeding to prohibit the outsourcing.
Intermediaries. A pre-notification of any planned outsourcing contracts must be made to the competent supervisory bodies by intermediaries willing to outsource their portfolio management outside of the EU as well as by alternative investment funds managers delegating the task of carrying out one or more functions on their behalf. In the 30 days following notification, the competent supervisory body can commence a proceeding to prohibit the outsourcing.
Insurance companies. Italian Insurance Supervisory Agency's (IVASS) prior approval is required when the envisaged supplier is resident outside of the EEA.
In the following cases, undertakings must notify IVASS in advance:
Outsourcing of critical or important activities (at least 45 days before the contract enters into force).
Outsourcing of internal auditing, risk management and compliance functions (at least 60 days before the contract enters into force).
Generally, IVASS can require the insurance company to either:
Modify any outsourcing agreement.
Withdraw from the agreement (in the most serious cases).
In particular, IVASS can order the insurance company to withdraw when it is of the opinion that the sound and prudent management of the undertaking or the interests of policyholders and third parties may be compromised, or that the full exercise of the supervisory functions is not allowed.
For an outsourcing agreement that also constitutes a concentration (for example, when it contemplates the sale to the services provider of a business division/going concern), all transactions between parties whose aggregate national turnover exceeds EUR495 million and in which the national turnover generated by the acquired entity exceeds EUR50 million are subject to prior notification to the Italian Competition Agency (Autorità Garante della Concorrenza e del Mercato) (AGCM) (Article 16, paragraph 1, Law No. 287 of 1990 and AGCM decision of 14 March 2016). If the above thresholds are met but the transaction does not meet the thresholds for notification to the European Commission, notification must still be made to the AGCM.
For further information on consultation requirements possibly applicable to the transfer of employees, see Transfer of employees on an outsourcing: Italy overview.
Simple outsourcing agreements
Description of structure. This is the simplest structure, with the entirety of the deal concentrated in a single document and its annexes. It assumes that there is no portion of the pre-existing (in-house or external) service provisioning structure that must be transferred to the new provider, including personnel assets or contracts.
Advantages and disadvantages. The possibility to adopt this structure relies on the:
Type of service to be provided.
Pre-existing structure adopted by the client.
Based on the circumstances, this can decrease or increase the initial set-up costs. Possible costs and methods for re-insourcing the service must not be affected.
Outsourcing with the transfer of assets
Description of structure. Unless the outsourcing is requested by a start-up (and, in certain circumstances, as a replacement of a previous outsourcing deal), it is quite common that, alongside the outsourcing agreement, the parties sign an agreement for the sale or the lease of certain assets to be used for the provision of the services. This can also include the lease (or, as the case may be, the sale) of the premises where the assets are located or from where the services, or at least a part thereof, will continue to be provided.
Advantages and disadvantages. If this type of structure is used, a number of different agreements are entered into in parallel. For agreements for the sale of immovable properties, the signing and relevant formalities must be completed before a notary public.
The need for the outsourcer to effect payments (or, as applicable, net such payments against the initial set-up costs or service fees) as well as the need to grant security interests depends on the circumstances. Possible costs and methods for re-insourcing the service are normally affected (and it would be opportune to determine in advance, to the extent possible, the perimeter of the assets to be transfer to the client at the end of the contract and their cost, if any).
A complex structure increases the interdependencies between the supplier and the client during the start-up phase, the services provision and, more importantly, the discontinuance/re-insourcing of the service concerned. That is why, for example, the supervising bodies of in the financial services sector require the introduction of specific provisions in the agreements (as well as, in certain circumstances, require the customer to keep a retained organisation) to monitor the service level and be ready to re-insource the services or otherwise terminate the outsourcing deal.
Outsourcing involving the transfer of employees
Description of structure. This is a more complex structure than outsourcing with the transfer of assets (see above, Outsourcing with the transfer of assets). Depending on the number of employees involved, it may be necessary to sell the business division/going concern affected by the transaction to the service provider.
Advantages and disadvantages. If this type of structure is used, a number of different agreements are entered into in parallel and the formalities for the sale of the business division/going concern (as well as the sale of an entire subsidiary of the client, in case its internal structure was already more complex) must be completed before a notary public.
All the contracts included in the business division/going concern is automatically transferred to the purchaser without the need to request the prior consent of the other party/parties to such agreements (unless in case of agreements requiring consent in case of change of control). However, the third party concerned can withdraw from the agreement for justified reasons within three months from the receipt of the relevant notice. Therefore, this is the modality normally preferred for complex deals.
If this structure is adopted, the need for the outsourcer to effect payments (or, as applicable, net such payments against the initial set-up costs or service fees) as well as the need to grant security interests depends on the circumstances. Possible costs and methods for re-insourcing the service will not be affected.
Other structures are considered on a case-by-case basis. Popular structures include:
The option to create a specific vehicle (newco) that provides the services to the client and to which the internal business division/going concern is contributed or subsequently transferred. If such structures are selected, it is also possible that the client continues to hold a participation in the newco (at least for a given period).
The option to create a temporary grouping of enterprises providing the services or enter for complex structures, to the extent allowed by the client, into sub-contracting agreements; also in this case, it would also be possible to set up a newco with the various sub-contractors as shareholders.
Request for proposal
Although the request for proposal generally constitutes the first step of the process, it is the outcome of a complex preliminary decision-making process determining the:
Goals in term of service provisions (and related improvements).
Basic cost savings.
During this preliminary phase it is important for the prospective client to engage its technical, strategic and legal advisers. Additional complexities can occur in cases of replacement of a prior outsourcing.
Before sending the complete set of documentation concerning the request for proposal, the client must ensure that the potential providers sign appropriate non-disclosure undertakings.
Invitation to tender
Based on the initial offers received, the client shortlists potential providers. A preliminary check of the capabilities of such potential providers is made but a more in depth analysis is made thereafter.
Two different types of due diligence normally occurs:
Due diligence by the potential provider. This is to check that the representations made by the client (also in terms of baseline, current service level, possible technical refreshment, among other) or its analogous assumptions are correct. This will impact the final offer if the due diligence is carried out during the tender phases, or a mere confirmatory nature if carried out after the preliminary awarding.
Due diligence by the client. This is on the potential provider and its capabilities. It is always advisable but is substantially regulated in cases of outsourcing in particular sectors such as financial services.
Unless and until the client has not decided to commence exclusive negotiations with a single potential provider by entering into a memorandum of understanding or letter of intent (and excluding public procurement procedures that are more complex and with mandated rules), participants to the tender process can be requested to issue further binding offers and/or be invited to sessions aimed at better explaining the contents of such offer with the purpose of examining areas of improvement.
Transferring or leasing assets
Formalities for transfer
Any agreements contemplating the transfer of immovable property must be signed before a notary public. The notary public will effect a number of preliminary checks aimed at ensuring the validity of the transfer and must carry out the registration of the agreement for tax and legal publicity purposes.
IP rights and licences
In order to properly transfer IP rights and software licences, the parties must enter into a written agreement detailing, to the extent possible, all the elements concerning such IP rights. For a transfer concerning patents, trade marks, drawings or utility models, the transfer must be registered with the Italian Revenue Agency (Agenzia delle Entrate) and then filed with the Italian Patents and Trademarks Office (Ufficio Italiano Brevetti e Marchi).
The transfer of movable property is made in written form only in case of registered property and evidence of the transfer must be made for tax and legal publicity purposes. Particular procedures apply to boats and aircrafts (however, this is beyond the scope of this article).
In case the contract concerned is simply assigned to the outsourcer, unless the agreement already contemplated the possibility to effect the assignment (in which case a mere notice will be required), the client must request the formal acceptance of the assignment by the third party.
However, whenever the key contract is included in the business division/going concern that is going to be sold to the outsourcer, the agreement is automatically transferred to the purchaser without the need to request the prior consent of the other party/parties to these agreements (unless in case of agreements specifically requiring consent in case of change of control) but the third party concerned is entitled to withdraw from the agreement for justified reasons within three months from the receipt of the relevant notice.
Data and information
In the case of a transfer affecting personal data, it is necessary to obtain the consent of the data subject concerned unless the transfer is made as part of the sale of a business division/going concern (in which case, however, the data subject must be informed of the new data holder). Certain further formalities under the Data Protection Code must be followed.
Formalities for leasing or licensing
Registration of lease agreements is required for tax purposes. A lease agreement of nine years or more must be signed before a notary public (which will comply with the registration formalities).
In certain circumstances, given the peculiarity of an outsourcing, the landlord being the client of the outsourcing services provides the outsourcer with a gratuitous right of use certain of its premises.
IP rights and licences
The parties must enter into a written agreement detailing all the elements concerning the IP rights concerned (where possible).
For licences concerning patents, trade marks, drawings or utility models, the licence must be registered with the Italian Revenue Agency and then filed with the Italian Patents and Trademarks Office.
No specific formalities apply to lease or license movable property. In certain circumstances, given the peculiarity of an outsourcing, the client of the outsourcing services provides the outsourcer with a gratuitous right of use certain of its movable property.
It is difficult to identify cases in which a contract can be leased/licensed. However, we could consider the possibility to sublease premises, subject to consent by the landlord concerned.
Data and information
While it is possible to license the use of databases, given their particular nature it seems opportune to protect the disclosure of data and information disclosure through specific non-disclosure agreements, with methods for the cancellation/return of the data and information concern that are determined on the basis of the desired level of protection. This seems particularly relevant in case of provision of cloud services.
Transfer by operation of law
For a transfer of a going concern, all the employment contracts belonging to the going concern (or a part thereof) are automatically transferred to the transferee by operation of law and the consent of the employees is not required (Article 2112, Italian Civil Code, implementing Directive 2001/23/EC on safeguarding employees' rights on transfers of undertakings, businesses or parts of businesses (Transfer of Undertakings Directive) (TUPE)). Article 2112 must be applied each time the transaction provides for a transfer of a going concern (or a part thereof), irrespective of the kind of transactions to be carried out (for example, the sale of a business or merger, among others).
A going concern is defined as "all the assets organised by an entrepreneur for the purpose of carrying out the business" (Article 2555, Italian Civil Code). The assets of a business as a going concern include, among others:
Contracts (including employment contracts).
Article 2112 of the Italian Civil Code defines a part of a going concern (ramo d'azienda) as a sub-set of organised assets within a going concern, which can be identified by the transferor and the transferee at the moment of the transfer.
With regard to the meaning of "a part of a going concern" court precedents have specified that the possibility of identifying it at the moment of the transfer does not allow the parties to "create" a going concern by unifying various elements carved-out from different business units which were separately operating before the transfer. If this is the case, no transfer of a going concern occurs and, as a result, the relevant employment contracts cannot be automatically transferred to the transferee without the individual consent of each employee involved in the transfer. The possibility to identify "a part of a going concern" at the moment of the transfer must be limited to the carve-out of a pre-existing part of the transferor's business to be qualified as an organised business unit able to carry out a business both before and after the transfer.
The transferor and the transferee are not allowed to tailor the perimeter of the going concern (or a part thereof) at their discretion ("cherry picking" is not permitted) and, consequently, all the employees belonging to the going concern (or a part thereof) will be automatically transferred to the transferee and such transfer cannot be overridden by any agreement between the transferor and the transferee.
On the other hand, in all the cases which fall outside the scope of Article 2112 of the Italian Civil Code, the consent of each employee to be transferred is required.
Change of supplier
There are no legal provisions providing for an autonomous discipline regarding the transfer of employees on a change of supplier. Nevertheless, there are some collective bargaining agreements (CBAs), which provide for the transfer from the old supplier to the incoming one under certain circumstances. An example is the national collective bargaining agreement for employees of cleaning companies and integrated services/multi-services companies (collective bargaining agreement (CBA) concerning employees of cleaning services and integrated services of 2011), concerning the change of supplier and the related transfer of employees.
There are no provisions regarding the termination of an outsourcing with the subsequent transfer back to the customer. If the transfer back is a TUPE transfer, all the employment contracts belonging to the relevant going concern (or a part thereof) are automatically transferred to the transferee by operation of law and the consent of the employees is not required.
Data protection and secrecy
Data protection and data security
General requirements. Italian law on data protection and, in particular, Legislative Decree No. 196 of 30 June 2003 (Data Protection Code) constitute the implementation of the applicable EU directives regulating such matters (in particular, Directive 2009/136/EC on consumer protection and users’ rights in relation to the processing of personal data and the protection of privacy in electronic communications (Citizens' Rights Directive)).
Therefore, the data subject (that is, natural persons) must be informed of the:
Processing of their personal data.
Identity of the data controller.
Identity of the data processor.
His rights concerning the personal data held by the data controller.
"Data subject" does not include legal entities, only individuals. Where the processing of personal data is contemplated among the outsourced services, the outsourcer will act as data processor and not as data controller.
Security requirements. Data Protection Code establishes various measures, standards and procedures to be applied, including, among others:
Requiring a user ID/password mechanism for enabling access to data.
The adoption of anti-virus software.
In addition, Annex B to the Data Protection Code indicates the minimum security measures to be implemented mandatorily in order to comply with Article 169 of the Data Protection Code.
Mechanisms to ensure compliance. If the processing fails to comply with the laws or regulations, the Italian Data Protection Commissioner (the Garante) will alert the data controller's or processor's attention to the changes and additions that are required and verify that they are implemented (Article 160, Data Protection Code). Where the request for the inquiries was made by the data subject, the latter will generally be normally informed of the relevant outcome.
Sanctions for non-compliance. Articles 161 to 172 of the Data Protection Code regulate the breaches to the provisions of the code, including certain criminal law breaches, and the sanctions applicable for these breaches.
Confidentiality of customer data
General requirements. Confidentiality obligations additional to those concerning processing of personal data are not regulated by the Data Protection Code but are exclusively dealt with in the outsourcing agreement.
Security requirements. The outsourcing agreement regulates the security requirements concerning the customer's data. Quite often, the methods for processing the data and ensuring data that the data is secure are integral part of the scope of work and, as applicable, are contemplated in the service level agreement.
Mechanisms to ensure compliance. As confidentiality of customer's data is a contractual matter, compliance is normally ensured through the contractual monitoring and audit procedures. Based on the actual security/secrecy requirements, specific procedures can be put in place.
International standards. It is quite common that, as it is for other services contemplated in the statement of work, the parties can decide to rely upon international standards in order to protect confidential information. However, it is more common that the agreement incorporates the standards adopted by the customer (or, less frequently, by the supplier) as the methods to be followed in order to protect confidential information.
Sanctions for non-compliance. Non-compliance is treated as a contractual breach. It is quite common that the customer is entitled to seek temporary measures in order to protect its confidential information but this possibility is balanced with the need to continue using the supplier services (unless the breach is so material to trigger customer's right to terminate the agreement).
Based on the type of confidential information that must be disclosed to the supplier in order to enable supplier to provide its services, it is possible to determine whether the application of specific indemnities can properly protect the supplier. Otherwise, the parties normally regulate such matter relying upon the standard liability provisions contained in the contract.
Service specification and levels
Service specifications are generally drafted by the customer. The relevant list (or, at least a preliminary outline) is included in the request for proposals. However, the final service specifications are eventually detailed in the statement of work or other attachment.
Typically, service specification is read in combination with the service level agreement. It is also common that, during transition phases (particularly at the beginning and expiration of the agreement), certain specifications do not apply and/or are replaced/supplemented by other specifications.
The level of detail can vary, also in light of the applicable pricing scheme. It is also appropriate to include references to the activities to be performed by customers and, to the extent possible, describe the interdependencies.
Furthermore, it is important to regulate potential grey areas and to insert a mechanism (and likely a committee) for possible revisions of the specifications during the term of the agreement.
For material breaches (that for service level agreements (SLAs) can occur in case of specific, and higher, thresholds having been exceeded for a certain period of time), the customer will also have the right to terminate the agreement and seek further damages.
Further difficulties can arise in cases of multi-sourcing, as the thresholds are agreed considering each provider separately.
It is quite common that the SLAs are confirmed after a check of the current status of the services at the beginning of the agreement and that there is a transitional phase for fine tuning the SLAs (or during which a large part of the SLA is not yet applicable).
In addition, particularly when the relevant agreement regulate outsourcing for a long period of time, it is possible that the SLA contains different/improved levels to be achieved when certain reorganisations of the services have been completed by the provider. In these cases, prices are also modified as a premium to the improvement, unless if the parties envisaged that the efficiencies (to be) obtained by the provider already determine a reduction of its costs.
Flexibility in volumes purchased
The nature and duration of the services to be outsourced determines the level of flexibility in the volumes.
Typically, providers grant wider flexibility (perhaps also with price reductions) for increases in the volumes and exclusivity provisions.
In case of reductions in the volumes purchased by the customer, the impact on the price actually paid depends upon a number of factors, considering the structure put in place by provider and possible existence of a dedicated structure (with its start-up and ordinary costs).
Significant changes in volumes are generally dealt with by committees established by the relevant agreement and aimed at regulating service changes and the related matters.
Charging methods and key terms
Charging methods vary on the basis of the service to be provided and the duration of the agreement. Typically, the customer indicates at the time of its request for proposals certain saving targets it intends to achieve, as well as any improvements in the services it requires the provider to ensure.
This method is used in outsourcings with a low degree of complexity, particularly when the volumes do not need to significantly vary and the service level will remain the same for the entire contractual term.
Possible service changes, with the consequential need to amend prices, can be handled through a change request mechanism and the committees that the agreement establishes to cure such events.
Cost plus is another charging method that the parties will wish to use. However, any open-books mechanism such as the "cost plus" method is capable of determining issues in the review phase and of generating misunderstanding between the parties as to the calculation of the cost base. Therefore, it is uncommon for a cost plus method to be used in complex outsourcings.
The resource-based method is typically used in very complex outsourcings where the volumes can vary significantly and the parties wish to ensure a level of flexibility without the need to renegotiate every change.
In these cases, taking into account the main charging method selected for the services, the agreement identifies both:
Additional resource charges (ARC) where the volumes of services actually requested are higher than those initially envisaged.
Reduced resource credit (RCC) where the volumes of services actually requested are lower than those initially envisaged.
Typically, the RCC is lower than the ARC, unless there are other mechanisms aimed at protecting the provider against excessive/unexpected reductions in the services volumes.
Although recently the depreciation rate is less perceived to be an issue, the indexation of charges is still applied. In Italy, the commonly used index for addressing the cost of living adjustment (COLA) is published by the Italian Institute for Statistics (Istituto Nazionale di Statistica) (Istat). For multi-jurisdictional deals, other mechanisms can be used to cover the various countries involved.
Change management is typically dealt with through the establishment of a dedicated committee that, balancing the parties' goals and needs, identifies both:
The most appropriate modality for revising the services to be provided.
The consequential impact on prices.
For particular types of services (for example, those provided to companies, such as banks, intermediaries, insurance companies and public utilities), the agreement can establish a faster track aimed at implementing, with a reduced possibility for the provider to argue, changes deriving from amendments of sector specific laws and requirements from surveillance/regulatory authorities, leaving to a later phase the determination of the changes into costs (if any).
Based on the detail of the service specifications, the following factors will be more or less complex:
Possible guidelines on change management contained in the agreement.
Applicable charging mechanism.
The proceedings before the relevant committee in case of a change request.
These proceedings generally include an escalation mechanism in case of disagreement and, in particular cases, the possibility (normally for the customer) to terminate the agreement in the case of disagreement concerning the implementation of a change request.
Several outsourcing agreements with a long duration contain a benchmarking mechanism to be triggered in order to confirm/review applicable charges against similar charges applied elsewhere in the market.
To avoid issues between the parties, the methods for benchmarking and its consequences must be properly detailed in the agreement.
Customer remedies and protections
Aside from what it is expressly provided in the agreement, the customer is entitled to terminate the agreement for breach and seek damages from the supplier where:
There has been a material breach by the supplier of its contractual obligations.
The breach has not been resolved/cured within a given period of time (or are not susceptible of being resolved/cured),
These damages include:
Losses that are the immediate consequence of the breach and (unless in case of fraud/wilful misconduct) were foreseen as possible losses at the time of entry into the agreement.
Loss of profits.
The complexities and peculiarities of an outsourcing agreement recommend that the parties (and in particular, the customer) are not required to merely refer to general law provisions to seek protection.
A primary role can be attributed to auditing, where the customer is entitled to review the performance by the supplier of its contractual obligations. Through auditing, it is often possible to identify breaches at their early stages and, therefore, minimise their consequences. Based on the type of services concerned, auditing is an ongoing right or a right to be exercised at specific phases (for example, through a predetermined number of audits that can be exercised in a calendar/contractual year). It is advisable to specify, to the extent possible, what activities can be done as part of an audit as well as what documentation, access rights and collaboration the supplier is to provide.
Disaster recovery and business continuity are normally contemplated (and priced) in outsourcing agreements in order to safeguard the uninterrupted operations of the customer irrespective of the issues that affected the outsourcer (or, if applicable, the customer) requiring a temporary reshaped of the services to be provided. Particularly in complex deals, it is important to detail how disaster recovery and business continuity are dealt with, in order to both:
Let customer validate the solutions identified by the supplier.
Ensure its operation can actually benefit of such solutions.
Changes to customer's operations typically lead to a change of disaster recovery and business continuity solutions.
Certain outsourcing agreements, particularly those concerning customers operating in sectors under strict surveillance (including, banks, intermediaries, insurance companies and public utilities (among others), contemplate in addition to termination certain temporary step-in rights, to be exercised by customers in particular circumstances in order to ensure their ability to operate notwithstanding the outsourcer's failure.
Finally, to mitigate the effects deriving from changes of market prices, outsourcing agreements with a long duration contemplate benchmarking. There is no prevailing methodology for this, but it is uncommon for benchmarking to be done several times during the contractual term and is often only requested when other price review requests/mechanisms proved unsuccessful.
Typically, if a benchmarking determines that the then-applicable charges are higher than the market prices more than a given percentage, the customer can request a price reduction (it is very rare that a benchmarking is established also in favour of the supplier and that can lead to a price increase). For changes possibly exceeding pre-determined values, certain mitigating factors can apply. It is even possible that the agreement provides that, if the supplier does not intend or is not able to reduce its charges in light of the outcome of the benchmarking, the parties can early terminate the agreement.
Warranties and indemnities
Generally, a supplier is required to warrant the good performance of its services as well as that (to the extent applicable) such services are error-free. References to specific aspects of the service level agreements (SLAs) and the related key performance indicators are typically included to substantiate such warranty.
In addition, the following are generally included in the contract documentation:
Standard warranties concerning the legal capacity of the parties to enter into the agreement.
The warranties' compliance with the applicable laws.
Data protection, environmental, safety and security laws and third parties' rights (including intellectual property rights (IPRs)).
If the outsourcing also contemplates the sale of assets and/or of a business division, the relevant agreements must also contain the representations and warranties that are typical for such kind of agreements and possible overlaps between the warranties contained in different parts of the contractual documentation shall be taken into due account. These warranties must comply with applicable laws, including:
Data protection laws.
Safety and security laws.
Third parties' rights (including IPRs).
Indemnities are contemplated in outsourcing agreement based on the complexity of the services to be provided and the need to avail of automatic mechanisms (therefore, without the need to determine the damages actually suffered or to prove the existence of a breach or that such breach was caused by supplier's negligence/wilful misconduct).
Generally, indemnities are paid through service credits.
Acceptance of a good or service by the customer normally relieves supplier's liability for apparent defects.
Outsourcing agreements typically contain specific methods for acceptance and audit procedures to confirm the acceptance. Therefore, it is more complex to assess how long the customer remains entitled to raise a complaint for an apparent defect (or a defect that, in light of the applicable procedures, should have been detected during the acceptance/audit phases).
For hidden defects, the customer has a time period of 60 days after their detection to raise a complaint to the supplier but such defects must have been detected within two years from the delivery date (Article 1667, Italian Civil Code).
In addition, certain goods must comply with specific law provisions and the supplier must provide certification of their compliance with these legal requirements.
See Question 18. Furthermore, social security charges must be properly calculated and paid in order to avoid, in certain circumstances, customer's joint liability.
Depending on their complexity and duration, outsourcing agreements can contain insurance.
The following aspects are typically negotiated between the parties in such agreements:
Actual scope of the coverage.
Type (and rating) of the insurer.
Contents of the insurance policy (if applicable).
Therefore, it is common for a form of insurance policy to be attached to the agreement.
The various types of coverage generally contemplated includes:
Cyber-related liability is usually covered under a separate agreement, due to its specifics and peculiarities.
Term and notice period
There is no maximum notice period that applies to outsourcing agreements. The minimum notice period must be adequate for the type of activities contemplated in the agreement. If a minimum notice period is included in the agreement, this will mean that the term has been considered adequate by the parties.
For further information regarding notice of termination for material breach, see Question 24.
Termination and termination consequences
Events justifying termination
In case of material breach of a party, the non-breaching party can terminate the agreement if the other party does remedy the breach within a given time period that cannot be shorter than 15 days from the receipt of the relevant notice (Articles 1454 to 1456, Italian Civil Code). However, no remedy period is required for:
Breaches which are not capable of being remedied.
Breaches for which the parties have already identified as entitling the non-breaching party to immediately terminate the agreement.
Under Italian bankruptcy law, in case of insolvency events, the receiver is the only person entitled to decide, within certain boundaries, whether to terminate the agreement or continue its performance.
As a result, any clauses providing that insolvency automatically constitutes a termination event are null and void. However, this type of clause can constitute a factor for evaluating that the personal nature of the outsourcer was a determining reason for the customer to enter into the agreement, therefore exceptionally enabling the termination of the agreement.
Termination for convenience
Termination for convenience can be freely regulated by the parties. Based on the type of agreement, this can give rise to the payment of an early termination fee (particularly if such termination occurs in the initial part of the contractual term and if significant set-up costs have been incurred in by the supplier). Post termination services are normally provided after the termination, to ensure the smooth re-insourcing or the transfer of the outsourcing to another supplier.
Due to the importance often attached to the personal characteristics of the supplier (and, sometimes, of the customer), right of termination in case of change of control is often contemplated by outsourcing agreements. In certain cases, the termination right can only be exercised if the control on the other party is acquired by competitors or other entities included in a specific list attached to the agreement.
Certain outsourcing agreements, particularly those concerning customers operating in sectors under strict surveillance (for example, among others, banks, intermediaries, insurance companies and public utilities), contemplate certain temporary step-in rights, to be exercised by customers in particular circumstances (see Question 17).
IP rights and know-how post-termination
Generally, any licence to customer's IP rights terminates together with the remainder of the agreement. The parties can agree that the supplier continues to avail of the licence.
In addition, for IP possibly created by the supplier during the contractual term for the benefit of the customer, the agreement normally regulates how such rights are allocated and are exercised. There is no specific standard, but the allocation depends on the possible combination with other pre-existing IP.
Finally, it is quite common that the supplier is expressly required by the agreement to return or destroy all confidential information it received from the customer throughout the term (as well as any documentation the supplier created on the basis of such information).
This aspect is sometimes crucial, as it can impact the customer's ability to rapidly re-insource the service or appoint a new outsourcer.
Therefore, knowledge transfer is normally contemplated among the post termination services that the supplier is required to provide. The existence of a retained organisation within the customer, and its actual interaction with the supplier throughout the contractual term, will facilitate (if not even avoid the need for) such knowledge transfer.
Liability, exclusions and caps
Inclusion of liability caps in outsourcing agreements is quite customary. Such caps are only applicable when they are lawful under applicable law and can also refer to specific timeframes (for example, quarterly, semi-annual or annual) (see Question 29).
Although such caps are normally established in favour of the supplier, quite often the customer is nevertheless entitled to enforce the termination for material breach if such caps have been exceeded.
The inclusion of caps to indemnities is less common.
The peculiarities of outsourcing services make it highly opportune for the parties to establish committees aimed at monitoring the service provision. Such committees generally deal with:
The day-to-day provision of the services.
Review of the supplier's compliance with the applicable service levels (and relevant key performance indicators).
Such committees, therefore, also constitute the initial contact in case of disputes and are generally able to resolve the majority of disagreements/misalignments between the parties.
However, in order to try and address major issues, outsourcing agreements generally contemplate a specific escalation procedure to be followed by the claimant prior to commencing any litigation (or alternative disputes resolution mechanism).
If the escalation procedure proves unsuccessful, outsourcing agreements contemplate litigation before either:
A competent court (normally specifically identified by the parties).
An arbitration panel.
If an arbitration clause is used, this will set out the:
Rules to be followed (for example, arbitration rules of the international chamber of commerce).
Methods for setting up the arbitration panel.
Law to be followed.
Transfers of assets to the supplier
Transfer of assets is subject to the standard VAT (currently 22%). However, for assets sold within the sale of a business division, VAT does not apply and the sale is subject to a registration tax equal to 3% of the market value of the business concerned.
Other taxes, including income tax on capital gains might apply.
Transfers of employees to the supplier
Since a transfer of employees to the supplier occurs within the frame of the sale of a business division, the sale is subject to a registration tax equal to 3% of the market value of the business concerned.
Other taxes, including income tax on capital gains might apply.
VAT or sales tax
The provision of outsourcing services is subject to VAT (currently at the rate of 22%).
Outsourcing agreements profits are subject to the taxes normally applicable to companies, such as corporate income tax (IRES) (currently at the rate of 27.5%) and regional tax on productive activities regional production tax (IRAP).
Bank of Italy (Banca d'Italia)
Description. Official website of the Bank of Italy. English translations are for guidance only
National Commission for Companies and Securities Exchange (Commissione Nazionale per le Società e la Borsa)
Description. Official website of the National Commission for Companies and Securities Exchange. English translations, where available, are for guidance only.
Italian Insurance Supervisory Authority (Istituto per la Vigilanza sulle Assicurazioni)
Description. Official website of the Italian Insurance Supervisory Authority English translations, where available, are for guidance only.
Communications Regulatory Authority (Autorità per le Garanzie nelle Comunicazioni)
Description. Official website of the Communications Regulatory Authority. English translations, where available, are for guidance only.
Ministry for Economic Development (Ministero dello Sviluppo Economico)
Description. Official website of the Ministry for Economic Development. English translations, where available, are for guidance only.
Data Protection Authority (Garante per la protezione dei dati personali)
Description. Official website of the Data Protection Authority. English translations, where available, are for guidance only.
Agency for Digital Italy (Agenzia per l'Italia Digitale)
Description. Official website of the Agency for Digital Italy. English translations, where available, are for guidance only.
Luca Capone, Partner
Freshfields Bruckhaus Deringer LLP
Professional qualifications. Italy bar, Avvocato
Areas of practice. Employment; outsourcing.
- Assisting Italian and international clients in local and multi-national outsourcing deals as well as in complex carve-out transactions.
- Providing legal assistance to providers and customers of outsourcing services.
Luca Ulissi, Partner
Freshfields Bruckhaus Deringer LLP
Professional qualifications. Italy bar, Avvocato; admitted to defend before the Italian Supreme Court (Corte di Cassazione)
Areas of practice. Information technology; telecommunications; outsourcing; procurement.
- Assisting Italian and international clients in local and multi-national outsourcing deals as well as in complex carve-out transactions.
- Providing legal assistance to providers and customers of outsourcing services.
Languages. Italian and English