It is a well-known fact that the UK government is the country's single largest purchaser of information technology. Past and recent history has seen some very public successes and failures in public IT projects, and some material changes in public and commercial policy relating to them. In view of the size of these projects, and the involvement of service providers and advisers from the private sector as well as the public sector, such IT projects have an influence far beyond the public sector and affect practice of both customers and service providers in the private sector as well.
The purpose of this article is three fold. The first is to give an overview of past and future IT projects and to review the UK government's current thinking on IT projects. This will assist in creating a context for the later analysis of commercial and legal issues in public sector outsourcings. Second, to analyse current thinking on the predominant commercial and legal issues in IT outsourcing projects in the public sector. Third, to provide an outline of other areas of legal significance in such projects, such as procurement, employment and regulatory issues.
Overview of recent public sector IT projects
IT procurement and outsourcing has over the last decade been undertaken by both central and local government for projects at both ends of the financial spectrum. Such projects have been structured as traditional service or outsourcing arrangements as well as, on a limited scale, Private Finance Initiative (PFI) projects, involving third party financiers to fund the project. The government has, of course, been involved in a number of high profile failures.
Despite some unsuccessful projects, the government's desire to continue with large-scale spending on IT procurement remains unabated. There are a number of notable IT outsourcings or heavily IT dependent business process outsourcings, which have recently taken place or are currently planned.
In local government, this year (2003) saw the largest ever local authority outsourcing deal in Britain between Vertex and Westminster City Council. The contract is a ten year arrangement, worth a reported £250 million for the management of the authority's customer services, with Vertex implementing new IT systems and reforming business processes with the aim of resolving 85 per cent of council enquiries at the first point of contact. All local governments are also affected by central government's e-government plan, which aims for all government services to be delivered online by 2005.
In central government, DEFRA (the Department of the Environment, Food and Rural Affairs) is planning to outsource its IT function in a deal worth an estimated £850 million, with a proposed award in June 2004 to either Accenture, Cap Gemini, Ernst & Young or IBM. This contract is, however, dwarfed by the Inland Revenue's £4 billion Aspire deal, which the Inland Revenue is due to announce next month (December 2003).
A review of current IT projects, would not be complete without mentioning the NHS IT Programme. This is the Department of Health's £2.3 billion national IT programme which aims to create a national NHS IT infrastructure, an integrated care records service, electronic booking of appointments and the electronic transfer of prescriptions. A number of regional contracts are being offered to different suppliers, with one supplier to provide the backbone architecture. It is regarded by those involved in the process as representing a new approach by the state to large-scale IT outsourcings.
Trends in government policy
The projects mentioned need to be considered in the context of the evolution in government policy for the structuring of public sector IT outsourcings.
In view of the widely publicised failures in the last decade, the Cabinet Office commissioned an analysis of major IT government projects and issued a report in May 2000 titled "Successful IT: Modernising Government in Action" (otherwise known as the McCartney Report). The report made a number of recommendations aimed at improving the success rate of IT projects. The recommendations emphasised a change in approach to focus on changes to the way government works of which IT is an integral part, as opposed to thinking of an IT project as a goal in itself. Other recommendations included improved project and risk management and the deconstruction of large high risk projects into smaller more manageable components, with an emphasis on modular and incremental development.
To implement these recommendations the government created the SPRITE Programme (The Successful Projects in an IT Environment) which ran from January 2001 to March 2003, and had 13 objectives including educating government departments on best practice and ensuring open and honest communication with suppliers on the resolution of the issues associated with the acquisition and implementation of government IT programmes. The closing report for the programme claimed success in establishing the recommendations throughout government departments.
In addition to the SPRITE Programme, the government organised the Senior IT Forum in November 2001, which resulted in the Government Procurement Code of Good Practice. Although not legally binding, any breaches of the code are to be reported to, and examined by the government. The Code of Good Practice applies not only to government departments but to all members of the supply chain. The Code has 4 core values: fairness; honesty and openness; efficiency and effectiveness; and professionalism.
In the PFI arena, in July 1999, the government produced the first edition of the Standardisation of PFI contracts, with specific standardisation guidance for the IT sector being added as an annex in March 2000. The second edition was published in 2002. The guidance sets out government policy to particular commercial and legal issues in PFI projects, and is discussed in more detail below. However, the policies stated in this guidance go beyond PFI projects and are applied by public authorities to traditional outsourcing structures.
This application to traditional outsourcing structures has gained increased significance since July 2003 when Treasury released its review of PFI policy titled "PFI: meeting the investment challenge". The proposed policy, which has effect in England only (the PFI policy function is devolved in Scotland, Wales and Northern Ireland) included an end to PFI IT projects. The report highlighted the overall lack of success of the PFI model for IT projects claiming that IT projects differ in a number of ways from other projects in other sectors making them unsuitable for the PFI model. The report cited 5 significant differences. First, IT projects are subject to a frequent change in the service requirement, caused by changing organisational operational needs and changes in technology. Second, the report correctly identified that the nature of IT service provision and the difficulty of integrating proprietary technologies, makes it very difficult, if not impossible, to substitute a second IT service provider in the event of a contractor failing to meet its obligations. Third the government noted the lack of third party finance for such projects partly blamed on the general downturn in the IT sector. Fourthly, IT projects have significant continuing annual running costs, after the up-front costs of investment in the project assets. Fifthly, IT PFI contracts have a shorter life span than PFI projects in other sectors.
In the surveys undertaken, the government found that while 75 per cent of IT PFI projects were regarded as fulfilling or exceeding user expectations, only 22 per cent of projects were delivering 80 to 100 per cent of defined programme benefits.
The results of the research therefore favoured an approach of different procurement models to the standard PFI, with a leaning towards arrangements which are renegotiated during the life of the project and models which favour changing business requirements and more effective incentive structures. The OGC is due to issue new guidance on replacement models for IT projects next week (December 2003).
Commercial and legal issues in public sector IT outsourcings
In recent years, there has been a consolidation of the government's approach to key commercial and legal issues in public sector outsourcings. This has been partly led by the standardisation of PFI projects, and while the government has signalled a policy shift away from PFI as a model for IT projects, the guidance given in such standardisation remains of relevance to other models for IT projects.
The PFI standardisation guidance is divided into three parts. Division I - general - covers a range of issues such as service commencement, protections against late service commencement, service requirements and availability, performance monitoring, price and payment mechanism, indemnity and liability etc. Division II - Information Technology - incorporates guidelines for successful IT PFI contracts, managing risk, payment structures and specific contract drafting issues. Division III - local government - incorporates guidelines for local authority projects.
The guidance includes in some instances model clauses. While these are not mandatory, they are generally adhered to by authorities. If a contractor wishes to vary any of the model clauses, it will need to have good reason to do so, and any amendment to such model clauses in practice will need to be limited to amendments to the model clauses, as opposed to wholesale deletion and replacement with an alternative.
As a general rule, there is no such thing as a model public IT outsourcing contract (unlike SCAT and GCAT, and the 10 OGC Model Agreements for purchasing information systems and services). The standards used by authorities often depend on the legal advisers used. There are, however, model contracts for a few specific types of construction projects.
Set out below are 7 key areas of policy, which have considerable impact on the allocation of risk in public sector IT outsourcings.
The authority's business requirements and the technical solution
In the past, parties sometimes developed an output specification, which combined within a single document, the authority's business requirements (namely what requirements must be met in delivery of the services) and the contractor's technical solution (how the contractor proposes to meet/is meeting the authority's business requirements in delivery of the services).
Public sector customers are now advised to ensure that the business requirements are kept entirely separate from the technical solution. The technical solution is not strictly approved by the authority. Instead provisions are included that the contractor will promise to meet the authority's business requirements in delivering the services. The risk that the technical solution does not meet the business requirements therefore remains with the contractor, not the authority.
Legacy assets and warranties
Warranties in public sector outsourcing are normally one sided with the authority giving few if any warranties. Increasingly suppliers are requested to accept the transfer of legacy assets, with the exclusion of any information warranties and with the inclusion of acceptance provisions, which specify that the contractor shall be deemed to have gathered all necessary information and to have satisfied itself as to the condition and suitability, and nature and extent of risks in relation to the legacy assets and the contract.
Such an approach clearly transfers the risk of deficiencies in existing IT systems to suppliers. Suppliers can then be forced to undertake sufficient due diligence to ensure that they can properly analyse the cost and risk of the existing IT systems, and/or to include a contingency in their charging structure to compensate for the relevant risk.
Payment models - no service/no fee
While the PFI guidance specifies that it is difficult in IT projects to devise standard pricing and payment mechanisms, it does however, recommend a no service no payment principle, with the contractor only being paid following implementation of a project.
There are separate guidelines for major software development projects, where the guidelines propose milestone payments upon the passing of appropriate tests for each stage of the development programme, with each progress payment representing a largely cash neutral flow to the contractor with all profit and possibly some cost recovery deferred and contingent upon successful outcomes/ performance under the main PFI contract.
The no service no fee philosophy again shifts the risk of late implementation to the supplier, as a supplier has no compensation until the service has commenced. With the absence of third party funding, effectively the supplier has to have sufficient financial resources by way of corporate funding to ensure that it is able to sustain this upfront development. The authority's acceptance of milestone payments in software/system development projects alleviates some of the adverse financial restraints of this philosophy. However, current practice is seeing an increasing use of regression testing. This is the process of testing previous releases, with a new release to determine the functionality and performance of the overall software package/system as a whole, coupled with the right to reject previously accepted interim releases and to require a repayment of sums paid to date, for failure to meet such regression tests.
Flexibility and change
Change control procedures are very important for IT outsourcing projects, and the need for flexible arrangements was highlighted in the government's findings in its July 2003 PFI report. The guidance provides standard provisions for changes to the services distinguishing between authority requested changes and contractor requested changes. The standard IT change control procedure, provides that the contractor can only make a request to change its technical solution, with the authority having the right to object to such changes for a number of reasons, including if they would cause the authority to incur additional costs or such change would result in a change to the authority's business requirements.
Public customers are also adopting an increasingly sophisticated approach to changes of law, which have an effect on the provision of services. Most contractors will be reluctant to incur all the risk over the term of a contract for changes in law to the extent that these affect the cost of providing the services. The government's position is that as a starting point the cost of complying with legislation, which is current or foreseen at the time of the contract should be built into the price the contractor bids to provide the service. For other changes a distinction is made between: a "discriminatory change in law", a change in law which applies expressly to the contract, and not to similar projects, only to the contractor or only to PFI contractors; a "specific change in law" normally any change in law that specifically refers to the provision of services similar to the services under the contract or similar service providers; and finally "general changes in law" for any other changes in law. The guidance specifies that where a risk sharing approach is to be adopted, costs arising from discriminatory changes and specific changes are to be borne by the authority; costs arising from general changes in law can either be for the account of the contractor or shared between the contractor and the authority.
Recent practice is also evidencing an even more rigorous position being taken by public authority customers requiring service providers to bear the risk for changes in technical standards and all changes in law with the contractor's only solution to price a contingency into the project.
Compensation, relief and force majeure events
The definition of force majeure events in public sector contracts is much narrower than it has been historically, and then it typically is in private sector agreements and is often limited to specified catastrophic circumstances only.
In order to cover events other than such limited force majeure events, public sector contracts are including concepts such as compensation events and relief events. Compensation events are those events, which prevent the supplier from fulfilling its obligations, but which give the supplier not only the right to claim relief from performance of obligations but also compensation. A typical example of a compensation event is a breach by the authority, which affects the provision of the services. Relief events, on the other hand while giving the contractor relief from performance of its obligations and the authority's right to terminate do not result in any compensation payable to the contractor. Relief events typically cover events such as fire, explosion, storms, strikes and lock-outs, some of which may traditionally have been force majeure events.
Latest practice is also seeing a further dilution of the compensation event principle, requiring, a contractor to elect for either compensation (but with a requirement still to perform the services) or relief from performance (but without the right to claim compensation).
Intellectual property rights
The IT guidance includes principles and model clauses for the ownership and licensing of intellectual property rights. Traditionally the government has accepted that, for cost reasons and the ability to spread the cost over a number of customers will normally be beneficial to the authority if the contractor owns specially written software and is entitled to license it to third parties. Some recent projects, however, have seen the government electing to own specially written software.
Termination rights and exit management
Public sector IT contracts have typically included the right for an authority to exercise a break option (termination for convenience), subject to payment to the contractor of any unavoidable third party costs.
While the authority often has a wide range of rights to terminate the agreement in other circumstances, the contractor's right to terminate is narrowly limited, with the right for the contractor to terminate in respect of material non-payment only and occasionally material breach that frustrates the contract for a long period.
The model clauses also include exit mechanisms whereby the authority can appoint an independent expert to survey the assets, which the authority may wish to acquire at the end of the term and to establish whether the contractor has complied with its maintenance and technology refresh obligations. The guidance also advocates the use of a retention fund account, which is a retention of a proportion of the unitary charge payments for a fixed period prior to expiry. Such a retention is then used as an incentive for ensuring that rectification obligations are met and to secure an agreed period of residual life in the assets.
Other legal issues
Outsourcings in the public sector also require consideration of a number of other important legal issues.
A public body (or bodies substantially financed or managed by public bodies) is required to comply with EU procurement procedures where it wishes to enter into a contract for works, goods or services, which exceeds certain thresholds. Under these procedures the public body has to follow certain tender processes with advertisements in the Official Journal to allow tenderers from different member states to bid for a contract. The current legal framework is based on three directives: Directive 92/50/EEC relating to the co-ordination of procedures for the award of public service contracts; Directive 93/36/EEC and Directive 93/37/EEC concerning the co-ordination of procedures for the award of public works contracts.
The UK government also uses a number of framework agreements, which are standard public body contracts. These frameworks have been established in accordance with the EU public procurement rules. This means that contracts awarded in accordance with the rules of the framework do not also have to go through lengthy EU procedures. In the IT sector these are known as S-CAT (for the supply of IT services) and G-CAT (for the supply of IT products and services).
Framework Agreements have sat uneasily with the current EU rules. However, the Commission has put forward proposals for two new directives, which will replace the existing procurement procedure, and are expected to be passed next year. One proposed directive is for public sector supply and public works contracts; the other is for contracts awarded by bodies in the water, energy and transport sectors. Both directives have broadly similar aims: the intention to consolidate the existing directives into one text; the introduction of electronic purchasing mechanisms, simplification of the award procedures; clarification of provisions relating to technical specifications; strengthening provisions relating to award and selection criteria; simplification of thresholds; and the introduction of a common procurement vocabulary.
Authorities are also subject to the common laws rules on bodies acting "ultra vires". Where an authority purports to enter into a contract and the purpose of such contract is outside the powers of that authority, then any purported contract is void and unenforceable (Hazell -v- Hammersmith & Fulham London Borough Council  2WLR 372 and Credit Suisse -v- Allerdale Borough Council 1997 QB306). If a contract is unenforceable it means that the contractor is not entitled to claim for any work performed under it, nor can the authority require the contractor to perform any supposed obligations. The effect of the aforementioned decisions was mitigated by legislation (Local Government (Contracts) Act 1997).
The government has produced specific Transfer of Undertakings Protection of Employment guidelines for public sector outsourcing. These specify that in the majority of instances the authority and the contractor should assume that TUPE will apply. The guidelines also recommend the inclusion of an additional requirement on the contractor to provide materially similar pension arrangements for transferring staff. This follows the "Fair Deal for Staff Pensions" policy announced in June 1999. Other policies include: the Retention of Employment in NHS policy, to recognise the specific needs of the NHS, staff who remain employed by the NHS and are then seconded to the new service provider; and the Best Value Code of Practice which came into effect from March 2003 across England, which applies to all new staff employed on PFI, PPP and outsourcing contracts that are covered by "Best Value". The code requires that new employees' terms and conditions are "overall, no less favourable" than their transferred colleagues, and requires employers to provide a pension to a given standard.
Regulatory - Freedom of Information Act 2000
The Freedom of Information Act is legislation giving the public a statutory right to see and request "recorded" information held by public organisations. Any person will have the right to request information from any public authority who will have a duty to inform the applicant in writing whether or not the information is held and, if so, provide that information within 20 working days. The aim of the Act is to create and foster an "open government" climate. For the purposes of the Act public authorities include publicly owned companies owned wholly by the state and some private organisations carrying on duties on behalf of the government, e.g. Royal Mail, Press Complaints Commission.
The Act is being brought into force in stages. The duty of public authorities to have a Publication Scheme approved by the Commissioner is being implemented by type of public authority between November 2002 and June 2004, with the individual right of access coming into force for all authorities on 1st January 2005.
The legislation has two important consequences on IT projects in the public sector. The first is the need of public authorities to have IT systems which enable them to comply with the legislation and also, where a service provider holds hard or electronic records which are owned by an authority, to ensure such records are accessible to the public authority and to ensure the service provider is required to act in a way which allows the public authority to comply with its obligations under the Act.
The second is an awareness that information disclosed by a contractor to the public sector, may be subsequently disclosed and put in the public domain. Contractors can negotiate confidentiality provisions into supply contracts with a public authority to prevent disclosure of a supplier's confidential information, and the Act provides for an absolute exemption from disclosure to the public if the public authority is subject to such a contractual restriction. However, the public authority is required to perform a balancing act. Government guidance on the Act recommends that public authorities do not enter into contractual confidentiality obligations, which require the authority to be subject to a confidentiality obligation relating to contractor's information beyond the equitable rules for breach of confidence.
The last few years have seen some considerable development in government policy relating to IT projects and the outsourcing of IT in the public sector. Despite, the government's own analysis, for preferring smaller projects, the public sector's appetite for large scale projects appears unabated with such projects as the e-government initiative and the NHS IT programme.
Government practice is creating a contractual regime clearly more onerous on suppliers than in previous years and the developments in the commercial and legal structuring of such programmes, have considerable ramifications not only for those directly involved in the public sector, but also to similar activities in the private sector.
For more information please contact Yuban Moodley on 020 7367 3453 or at [email protected], David Roberts on 020 7367 3678 or at [email protected], or Louise Wallace on 020 7367 2181 or at [email protected].