With the UK now well into the two year withdrawal period provided for in Article 50 [of the Treaty on the European Union], the time for businesses to prepare for the consequences of a UK exit on their contractual arrangements is reducing. Between now and end March 2019, businesses in Ireland, Europe and elsewhere dealing with the UK must assess current contractual arrangements and consider how best to minimise risks caused by Brexit.
We examine the potential impact of Brexit under four main headings - restrictions and additional burdens, termination, governing law and data protection.
1. Restrictions and additional burdens
For Irish companies providing IT services to UK clients, the costs of services may increase due to work permit requirements for staff travelling to the UK or by reason of tariffs on equipment and software imported into the UK. Conversely, for Irish businesses relying on UK based IT suppliers, continuity of supply may be affected if and when UK suppliers no longer benefit from the freedom to provide services in the EU or cannot send employees to work on IT projects in Ireland.
IT services and supply contracts currently under negotiation should consider whether resolving such issues are solely the responsibility of the UK based company, or whether a party to a contract can use a change control clause to alleviate the additional difficulties created by Brexit's costs and restrictions. The parties should also consider how any clause on changes in law and compliance with "all applicable laws" affect their obligations and rights in the event of Brexit. It would be advisable for the parties to analyse the possible impacts of Brexit on all aspects of the IT outsourcing or supply contract and specifically agree which party should be responsible for dealing with the additional licences, permits or obstacles created by Brexit and related costs.
Much has been written about force majeure clauses (FM clauses) in the context of Brexit. As most FM clauses require that an event not only has to be beyond the reasonable control of the parties, but also one that is not reasonably foreseeable by them, it is likely that such an FM clause could not be invoked in the event of Brexit particularly where the contract was entered into after June 2016.
Certain IT and commercial contracts allow for termination on the occasion of certain events, for example, a material change in the law or regulatory framework that governs the operation of the contract. Businesses should assess the likely impact of clauses like this in their existing contracts in the context of Brexit.
Given the uncertainty of the UK's relationship with the rest of Europe, businesses may also wish to negotiate termination rights in the event of certain contingencies. If the UK is excluded from the EU single market, this could make the performance of a contract much more difficult or less profitable than the parties intended. An obvious example would be the effect on cloud contracts if a valid legal basis for transfer of data to the UK from another EU Member State cannot be established. We discuss this challenge in more detail below in the context of data protection.
In the absence of more specific termination rights in the contract, the ability of a party to terminate for convenience (without cause) will be important. Businesses should keep this in mind when negotiating termination notice periods and the duration of any lock-in periods.
3. Governing law
Most pre-Brexit IT contracts will have been drafted on the assumption of the UK's membership of the EU. Parties that traditionally chose the laws of England and Wales, Scotland or Northern Ireland to govern their contracts may wish to re-evaluate this position. In addition, English law has traditionally been a common choice for cross-border contracts and is viewed as a commercial and predictable legal system.
Much of the UK's current legislation is derived from EU law. Due to initiatives such as the Digital Single Market, technology businesses are increasingly likely to trade across Europe. These businesses will have benefited from the level of consistency between English law and the laws of other EU Member States. While the UK's proposed 'Great' Repeal Bill will initially ensure continuity of EU laws in the UK, we may see future divergence as UK case law and policy develops independently of the EU.
If a business wishes to adopt a common law system subject to EU primacy, then the laws of the Republic of Ireland are an obvious choice for any future contract.
Moreover, any existing contracts that define the EU as its territorial scope should be amended to identify the UK and the EU. This will be relevant, for example, for distribution, agency and franchise contracts.
3. Data protection
The transfer of personal data is an important consideration in modern IT and commercial contracts. Two key data protection issues arise for services and technology businesses as a result of Brexit:
- it is likely that, despite Brexit, the UK will need to comply with EU data protection laws, and
- the transfer of data from EU Member States to the UK will potentially become more complicated.
Currently, data protection in the UK is governed by the Data Protection Act 1998. As this legislation is derived from EU law, it offers data subjects similar levels of protection to the other EU Member States. However, EU data protection law is changing. On 25 May 2018, the GDPR will come into force – representing a significant strengthening of EU data protection rules and imposing uniform obligations on all EU Member States.
If the UK does not join the European Economic Area and apply almost identical protections as those provided in the GDPR, major challenges will arise with respect to the free flow of data between the EU and the UK. EU data protection law prohibits transfers to countries that do not provide an "adequate" level of protection for personal data. This means that transfers of personal data between the EU and the UK could be unlawful. The UK government has stressed that it is keen to secure the unhindered flow of data between the EU and the UK post-Brexit. After Prime Minister Theresa May's recent speech in Florence, it appears that the UK intends to introduce rules that retain the high standards of data protection contained in the GDPR and not diverge substantially from EU data protection law.
Where to from here?
The UK and remaining Member States of the EU are in the midst of complex negotiations to determine the terms of the UK's formal withdrawal. While the exact nature of the UK's future relationship with Europe remains uncertain, businesses still have time to audit their IT and commercial contracts. In doing so, businesses can develop a strategy for their future contracts in order to manage the inevitable disruption resulting from the UK's triggering of Article 50 and its intention to leave the EU.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.