Government ICT Policy: Limited Liability, Risk Management, and What it Means For You

The Commonwealth Government released the draft Guide to Limiting Supplier Liability in ICT Contracts for Australian Government Agencies for consultation late last year. Contained within the Guide is the draft Depart-ment of Finance and Administration Circular, Limited Liability in Information and Communications Technology Contracts. The draft Circular is official confirmation of the policy that Commonwealth agencies should not seek unlimited liability from information and communications technology (ICT) suppliers in most cases.

The draft policy followed the announcement by the Victorian government that it would amend whole of government ICT policies to alleviate three of the key sticking points in ICT negotiations and contracting - unlimited liability, insurance levels and ownership of intellectual property - a measure confirmed with the release of the Victorian Government ICT Industry Plan 2005-2010.

In late 2005, the Victorian government announced that it would implement four new initiatives in its ICT contracting practice to encourage innovation and reduce the cost to business of working with government. The initiatives were set out in the Plan and will involve:

• establishing a default position under which the contractor (rather than the government) owns intellectual property in ICT developed under contract;
• re-focusing liability in ICT contracting on actual project risk, and so minimising the need for ICT contractors to bear unlimited liability;
• re-aligning the types and levels of insurance required in ICT contracts with actual project risks; and
• (as a logical fourth step) ensuring that tender documentation specifies the expected contract provisions for dealing with these issues or indicates that the provisions will be negotiated with the contractor.

The indications are that a central feature of the new policy provisions will be the need for risk assessment at the procurement planning stage. This will allow agencies to assess the risks involved in a project and then request tenders which comply with appropriate contractual provisions. This aspect of the policy will be no surprise to procurement officers nationally, as a key feature of state and territory government procurement policy is risk management.

The focus of the draft Commonwealth policy is contractual agreement to limit the sum that may become payable by a party to a contract if certain events happen. The draft policy encourages agencies to use liability capping clauses in most ICT contracts, including for the use of hardware, software and services to create, store, retrieve, transfer, process or present information.

Previously, Commonwealth government policy required unlimited liability of all suppliers, including ICT suppliers, unless there was a compelling reason to limit a supplier's liability in a particular case. The draft Circular states that the liability of ICT suppliers contracting with Commonwealth agencies should, in most cases, be capped at appropriate levels.

There has been no change to Commonwealth government policy on capping liability in non-ICT contracts. Unless there is a compelling reason to cap such suppliers' liability, unlimited liability will still be required.

The Guide includes model liability clauses based on the GITC4 contract format. The effect of those clauses is to cap the liability of both the Common-wealth and the supplier for certain types of loss or damage. Some types of loss or damage will not – and according to the policy, should not - be subject to the cap. Loss or damage arising to a third party, or from personal injury, unlawful or illegal acts, damage to tangible property, and breach of intellectual property, privacy, confidentiality and security obligations should normally not be capped.

Importantly, unlimited liability – that is, no liability cap - may still be required as part of ICT contracts where it is justified by the size, complexity or inherent risk of a project. This is because the general principle behind the Commonwealth approach to risk management has not changed; subject to the new policy, risk should be borne by the party best placed to manage it, and the Common-wealth should not accept risks which another party is better placed to manage.

So, how do you navigate through this liability maze?

First, don't panic! The new policy embodies two aspects of contracting with ICT suppliers that have not changed: value for money and risk management. Your aim in any ICT procurement is still to achieve the first, and you do it through the second. And, as always, limitation of a supplier's liability, or "capping", needs to be considered as part of the value for money assessment of a supplier's response.

Both the Circular and the Guide contain steps that you need to follow in the case of all ICT procurements. The upshot of the steps is that a decision to cap liability - even where the cap is a direct result of the new policy and is expressed in the words of the model clauses - must be based on a risk assessment. The purpose of the risk assessment is to enable you to determine the amount of the cap, or for those really large, complex or risky projects, whether a cap is appropriate at all. Accordingly, the risk assessment should initially be conducted when you are planning your procurement. You can then include the cap in your approach to the market, and the relevant clauses with the draft contract that accompanies it.

Because risk assessment (and mitigation) is central to the new policy and is the critical tool informing agency decisions to limit liability, the Guide contains tables of liabilities and examples of common ICT risks and their treatment that can assist you to determine the level of an appropriate cap.

ICT suppliers, aware of the proposed changes in the Commonwealth and Victorian government spheres, may already be seeking contractual provisions which reflect the changing government policies. Such requests need to be very carefully managed by agencies.

In the Commonwealth case, some of the model clauses will almost certainly be the subject of extensive negotiation, since the draft policy does not appear to mandate the use of the model clauses. This includes the exclusion of so-called "consequential loss", and a release from liability caused by errors / omissions in agency-supplied information. Accordingly, you should seek legal advice on the model clauses, including how to adapt them for use with your documentation. Legal advice – and even further risk assessment - will be especially important if a supplier's response to request documentation includes a statement of non-compliance regarding your preferred liability clauses. In particular, agencies should review their ICT request documentation and contracts to include provision for capping liability in accordance with the new policy, and should make sure that their risk management training / tools are appropriately updated.

For all Victorian and Commonwealth agencies, now is a good time to start reviewing practices, internal policies, and procurement and contracting documentation in preparation for compliance with the final version of the Circular and Guide (in the case of the Commonwealth), and with the changes to procurement policies (in the case of Victoria). The policies express earlier Victorian and Commonwealth government commitments to the Australian ICT industry. So, the key features of the policies will almost certainly continue into their final versions.

For all other State or Territory government agencies, be aware that the changes happening in the Commonwealth and Victorian spheres may impact on the way that ICT suppliers, especially those operating nationally, approach negotiation of liability, intellectual property and insurance provisions in contracts. Other state and territory governments may also be seeking to make similar policy changes to those made by the Commonwealth and Victorian governments.

The final version of the Commonwealth Circular and Guide are due out mid-year. A revised suite of GITC contracts is expected at around the same time. The draft Guide and Circular are available through the Department of Communications, IT and the Arts (DCITA) website by clicking here.

You can access the Victorian Government ICT Industry Plan 2005-2010 through the Victorian government's 'Multimedia Victoria' website at: http://www.mmv.vic.gov.au/AbouttheICTIndustry.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.