- with Inhouse Counsel
In a recent article, our team explored whether Master Services Agreements (“MSAs”) are truly built for today’s modern technology landscape ,particularly in light of artificial intelligence, cybersecurity risks and evolving data protection frameworks. That highlighted a critical reality: many organisations continue to rely on MSAs that were drafted for a very different operating environment.
It also raises a further question: where an MSA has been updated to account for technological change, is it capable of responding to a world that is no longer stable, predictable or uniform?
The contracting landscape has shifted in a way that goes beyond technology. Geopolitical tension, regulatory divergence and data sovereignty requirements are no longer peripheral considerations. They are central to how services are delivered, how risk materialises and how liability is ultimately allocated.
Most MSAs, however, still assume a stable world. They allocate operational risk, financial risk and even reputational risk with a degree of sophistication. What they often fail to do is allocate for geography itself becoming a source of disruption. That gap is no longer theoretical. It is now a legal and commercial exposure.
One of the clearest examples of this is the continued reliance on traditional force majeure clauses. These provisions were designed to address events such as natural disasters or war. They were not drafted with modern geopolitical realities in mind, including sanctions regimes, export control reclassifications or the sudden recharacterisation of a trading partner. In practice, this means that a party may find itself unable to perform due to a geopolitical event that does not neatly fall within the scope of force majeure, leaving the contractual position uncertain. A more deliberate approach is required, one that recognises geopolitical disruption as a defined category of risk and provides for appropriate consequences, including business continuity, suspension, termination or commercial adjustment mechanisms.
Similarly, governing law and jurisdiction clauses can no longer be treated as boilerplate. The selection of a governing law or dispute forum is increasingly a strategic decision that carries geopolitical implications. In cross border arrangements, organisations are beginning to move away from a single governing law model towards more nuanced structures that contemplate different forums for different types of disputes or enforcement scenarios. While this approach introduces complexity, it reflects the reality that dispute resolution itself has become exposed to geopolitical considerations.
The impact of this shift is not evenly distributed. Larger multinational organisations are increasingly investing in internal teams that monitor geopolitical risk and its contractual implications. Smaller and mid sized organisations often rely on legacy templates that have not been updated to reflect this new environment. The result is a heightened risk of inadvertent breach. A supplier becoming subject to sanctions, a component being reclassified under export control laws or a payment route becoming restricted can potentially place a party in immediate breach of its contractual obligations, often without any clear contractual protection or remedy or worse, from a customer perspective, may impact on a customer’s ability to deliver goods and services through technological platforms with a direct impact on revenue.
There are also less obvious contractual pressure points that are beginning to surface. Most favoured nation clauses, for example, were often included in a pre tariff environment without full consideration of how they would operate in a volatile trade context. In a fragmented world, changes in pricing, supply chains or regulatory requirements in one jurisdiction can trigger cascading renegotiation rights across an entire portfolio of contracts. This creates a level of legal and commercial exposure that many organisations have not modelled.
Data localisation and data sovereignty requirements present a further layer of complexity. As discussed in our previous article, data protection has already become a central component of technology contracts. What is changing now is the extent to which jurisdiction specific requirements dictate where data must be stored, processed and accessed. This is no longer a compliance issue that can be addressed through a generic data protection clause. It goes to the heart of how services are structured, particularly in cloud and SaaS environments. An MSA that does not cater for these requirements may not only expose an organisation to regulatory risk but may also render certain service models unworkable. Further, where data centres may be impacted directly by acts of war or terrorism, this may also impact on business continuity planning and jurisdiction selection.
These geopolitical considerations also intersect with more traditional contractual areas. Export control restrictions can limit the use or deployment of certain technologies across jurisdictions. Open-source software obligations can create unintended consequences where deliverables are intended to be proprietary. Liability frameworks, particularly where they are symmetrical, may not adequately reflect the allocation of risk in a world where vendors process large volumes of customer data and operate across multiple regulatory regimes. Even provisions relating to technology refresh and ongoing support need to be considered in light of supply chain disruption and the availability of components in different markets.
The common thread across all of these issues is that the underlying assumptions of many MSAs no longer hold. Contracts are still being drafted on the basis that the operating environment is relatively stable, that jurisdictions are broadly aligned and that disruption is the exception rather than the norm. That is no longer the case.
Organisations should therefore be asking a different set of questions when assessing whether their MSAs are fit for purpose. It is no longer sufficient to consider whether the agreement addresses technology risk in isolation. The question is whether the agreement is capable of responding to a fragmented world in which geography, regulation and politics directly impact performance, pricing and risk allocation.
In practical terms, this requires a more deliberate approach to drafting. Contracts should clearly address geopolitical disruption and its consequences. Governing law and dispute resolution mechanisms should be selected with an appreciation of enforcement and geopolitical risk. Data localisation and cross border data flows should be built into the structure of the agreement, rather than addressed as an afterthought. Liability and risk allocation provisions should be revisited to ensure that they reflect the realities of modern service delivery. Importantly, these considerations should not be limited to new agreements but should form part of a broader review of existing contract portfolios.
The cost of updating an MSA is modest when compared to the potential impact of a service disruption, regulatory breach or contractual dispute arising from a gap that could have been identified and addressed.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
[View Source]
