ARTICLE
28 November 2024

Outsourcing Spotlight - Autumn/Winter 2024

TS
Travers Smith LLP

Contributor

Travers Smith LLP logo
It’s not just law at Travers Smith. Our clients’ business is our business. Independent and bound only by our clients’ ambitions, we are wherever they need us to be. We focus on key areas of work where we are genuinely market leading. If it’s hard – ask Travers Smith.
Explore Firm Details
This edition of *Outsourcing Spotlight* explores key trends affecting outsourcing, including employment reforms, heightened regulatory risks under the 2024 DMCC Act, cloud services scrutiny, and innovations in AI and smart contracts.
United Kingdom Employment and HR
Richard Brown,Louisa Chambers,James Longster
+7 Authors
 Your Author LinkedIn Connections

Welcome to the third edition of the Travers Smith Outsourcing Spotlight. In this issue, we look at the impact on outsourcing of the new Labour Government's employment reforms and the Digital Markets, Competition and Consumers Act 2024. We also discuss a range of other topics including artificial intelligence, smart contracts and a recent Supreme Court decision on force majeure clauses.

  1. Employment reforms: what's the impact on outsourcing?
  2. Consumer-facing outsourcings: a game changing moment
  3. Big tech: major cloud providers in the firing line?
  4. Force majeure: lessons from the Supreme Court
  5. Smart contracts: can they play a role in outsourcing?
  6. AI, data and cybersecurity roundup
  7. Public sector roundup
  8. Our outsourcing experience and publications

Employment reforms: what's the impact on outsourcing?

On 10 October 2024, the new UK Government provided considerably more detail on what we can expect from its employment reforms, including draft legislation (the Employment Rights Bill or "ERB"). For full details of all the reforms, see our briefing "Employment Rights Bill What does it mean for employers?" – here's our take on what it means for outsourcing:

Implications for customers

Customers will obviously have to consider the reforms in the context of their own employees, but even though they aren't responsible for their outsourcing provider's staff, it's worth noting the following:

  • Price increases from 2026? If the service provider employs staff in the UK, it may experience an increase in employee-related costs from 2026, when the majority of the reforms are expected to come into force. That said, it's reasonable to expect providers to reduce their exposure by, for example, following appropriate processes when dealing with employee under-performance (so that any dismissal is less likely to result in a successful claim). It is therefore worth pushing back on suggestions that these new employment rules mean that price rises are unavoidable.
  • Impact on the zero hours model: As explained below, the reforms are likely to make life more difficult for service providers which rely heavily on staff on zero hours contracts. Some may even decide to change their business model altogether, which could have implications for service levels, as well as costs (for example, because of the proposed new obligation to give workers more regular hours, some service providers may find it harder to offer the same level of out of hours service as they have done to date).

Implications for service providers

Service providers, particularly those with more labour-intensive operations, should take particular note of the following:

  • Significant expansion in day one rights from 2026: the ERB will remove the waiting/qualifying period for many existing rights, including unfair dismissal (currently 2 years). As regards the latter, there will be a statutory probation period (currently suggested at 9 months) during which a "lighter touch" dismissal process will apply (with termination on 3 months' notice). It will also introduce or expand a raft of other rights, including for paternity leave, bereavement leave and the right to request flexible working (which are or will become day one rights from 2026).
  • Full minimum wage to apply to 18-20 year olds: currently, employers are able to pay 18-20 years old staff £8.60 an hour, as opposed to £11.44 (for those aged 21 and over). This age band will be removed, so only 16-17 year olds can be paid at a lower rate.
  • Zero hours and casual / irregular hours workers: although the ERB will not ban zero hours contracts, it will give workers the right to request a contract which reflects their regular hours (based on the hours worked over a suggested 12 week reference period). Fairly obviously, the resulting contract would commit the employer to offering similar hours on an ongoing basis (not zero hours). If shifts are cancelled or curtailed at short notice, the employer will also have to pay compensation to the worker. Much is therefore likely to depend on whether existing staff are sufficiently keen on the flexibility of a zero hours contract to stick with that model – but if not, the employer is likely to face an increase in costs (which may be hard to estimate in advance).

All in all, the proposals are likely to mean that UK-based service providers will need to be prepared for increases in employee-related costs – all the more so if current rumours of a proposed rise in employer national insurance contributions at the next Budget prove to be correct.

What about TUPE?

Until a 2019 Employment Tribunal decision suggested otherwise, it had been thought that TUPE only applied to employees, not workers. The previous Government had proposed amending TUPE to clarify that only employees were covered. The current Government, by contrast, intends to consult on introducing a "single worker status" under which all workers would have full employment rights – in which case, it would be hard to justify leaving workers outside the scope of TUPE. However, the single worker status will not form part of the first wave of reforms to be included in the ERB.

Protecting employees from harassment

Finally, new rules requiring employers to take "reasonable steps" to protect their employees from sexual harassment come into force on 26 October 2024. The Government plans to expand this duty to all forms of harassment (not just sexual harassment) in due course, as part of its wider package of reforms. You may wish to consider amending contracts to reflect this e.g. imposing a contractual obligation on the service provider or customer (as the case may be) to ensure that its staff don't harass your employees – and vice versa.

Consumer-facing outsourcings: a game changing moment

For outsourcing arrangements that involve dealing with consumers, the Digital Markets, Competition and Consumer Act 2024 ("DMCC Act") dramatically increases the regulatory risks for both customers and service providers. We explain the key changes and set out what customers and suppliers should be doing to prepare for the new regime.

A much tougher enforcement regime

The risks for business of infringing consumer law are about to increase substantially, mainly because of new powers that the DMCC Act confers on the Competition and Markets Authority (CMA), which are expected to come into force in April 2025:

  • Substantial fines: The CMA will gain a raft of new enforcement powers, including the ability to impose fines of up to 10% of global annual turnover on businesses found to have infringed consumer law. This is higher than in most EU countries. In the sphere of competition law, such powers have enabled the CMA to impose fines as high as £260 million.
  • Consumer redress: The CMA will also be able to impose "enhanced consumer measures", which could require compensation to be paid to consumers and/or early termination of contracts. In the financial services sector, regulator-imposed redress schemes for misselling of PPI (imposed under sectoral legislation) have resulted in pay-outs of over £38 billion (and billions more in associated costs).

The upshot is that the CMA will have a great deal more clout as a consumer regulator than it does under the current, relatively weak enforcement regime (see this briefing for a more detailed explanation of those weaknesses and how the new legislation will address them).

Consumer-facing outsourcing arrangements: a significantly higher risk profile

For outsourcings that involve dealing with consumers, such as call centre operations, the stakes are about to rise significantly. Here's an example of how life is likely to be different from April 2025, when the new regime is expected to come into force:

A (fictional) B2C call centre debacle

Call centre staff have given consumers seriously misleading information, causing them to purchase products or services that they wouldn't otherwise have bought (motivated in part by a desire to meet targets in the outsourcing agreement). The CMA investigates and in addition to imposing a significant fine, it also makes an order requiring the affected individuals to be compensated. Whilst these measures are most likely to be directed against the outsourcing customer, service providers should not assume that they are "out of the firing line". For example, customers may argue that the service provider was at fault and seek to recover under the contract. Such an incident may also prompt the customer to look at terminating the arrangement and switching to a different supplier.

How should businesses respond?

Whilst the immediate risk is higher for outsourcing customers, both parties to an outsourcing transaction would be well advised to review current practices, identify any potential weaknesses and take steps to reduce their exposure. For example, in some cases, it may be that the risks can be addressed by tightening up procedures and providing front-line staff with additional training on the types of behaviour which are likely to be problematic. We can help you prepare for the new regime, whether it's through providing training or preparing straightforward guidance materials for staff.

Both parties should also review the provisions of their existing contract. For example, if one solution is for the service provider to undertake enhanced compliance measures, this will raise the issue of who should bear any additional costs. Where there has been a change in the law, outsourcing contracts often stipulate which party should pay. However, much will depend on how the contract is worded. We have given some thought to how both customers and service providers should approach this issue – so do get in touch if you are concerned about this. In addition, whereas risks like data protection may have been addressed specifically in the contract, liability for consumer protection risk may not be as clearly set out – so both parties may want to review the position to find out where they stand.

Where parties are looking to enter into new outsourcing contracts for consumer-facing operations, they should take account of the new DMCC Act regime with a view to arriving at an appropriate allocation of risk. This is another area that we have been advising on recently, so feel free to contact us if you find yourself in this position.

Subscription contracts

Businesses which use a subscription model will also need to take account of new requirements in the DMCC Act. For example, at the "on-boarding" stage, consumers will need to be given certain information before they sign up. Among other things, they will also need to be sent reminders of their right to cancel in the run-up to any automatic "roll-over". As a result, changes are likely to be needed to the procedures used by outsourced service providers. Whilst the measures affecting subscription contracts are not expected to come into force until 2026, they should be taken into account when considering any longer term projects.

How we can help

We can help you to ensure that your business is prepared for these imminent changes. Our specially designed packages aim to equip you with the training, resources and analysis that you and your teams need to ensure your business is legally compliant and insulated from the most punitive aspects of the new regime. To find out more, please speak to any of the contacts listed below.

Big tech: major cloud providers in the firing line?

Alongside reform of the UK's consumer enforcement regime (outlined in section 2 above), the Digital Markets, Competition and Consumers Act 2024 ("DMCC Act") also introduces a new regime intended to regulate very large players in digital markets. This allows the CMA to designate certain firms as having "Strategic Market Status" (SMS). Once designated, the CMA can impose certain requirements on those firms. These could include obligations – in relation to particular services where the CMA has concerns - to ensure that users are treated fairly and able to interact, directly or indirectly, with the SMS firm on reasonable terms.

Could the likes of Amazon or Microsoft be designated under the DMCC Act?

In the outsourcing space, a key question is whether these powers will be used to designate major cloud service providers such as Amazon or Microsoft, whose services are often used to underpin technology-focussed outsourcings. Some service providers and customers might welcome such a development on the basis that it could impose constraints on the commercial freedom of these very large players.

What's the concern about cloud services?

Based on the CMA's ongoing market investigation into cloud services, there appears to be evidence that some businesses find it difficult to switch between some of the larger cloud service providers – with the result that competition in the market may be less intense than it otherwise would be. There are also concerns about businesses finding it difficult to use the services of two different cloud providers alongside one another. This could, for example, make it difficult for a customer which mainly uses Microsoft to engage an outsourcing service provider which mainly uses Amazon (and vice versa), particularly where the customer's system and the service provider's system need to interact with one another.

Will the CMA use the DMCC Act to tackle cloud services?

The DMCC Act is certainly one tool in the CMA's armoury, should it decide that constraints on cloud service providers are justified. However, as Senior Counsel Richard J Brown [explains, the CMA's initial focus may lie elsewhere:

"If you look at the firms that the EU has identified as having 'gatekeeper' status under its Digital Markets Act, the likes of Amazon and Microsoft are certainly there – but in relation to other markets, not cloud services. Although the DMCC Act adopts a slightly different approach, we think that initially, the CMA is more likely to focus its activity under the new regime on markets similar to those identified by the EU – especially as it is already investigating cloud services using its market investigation powers." Richard J Brown, Senior Counsel, Competition

"Core platform services" designated by the EU

As noted above, Amazon and Microsoft have been identified as having "gatekeeper" status under the EU's Digital Markets Act - but in respect of the following markets (not cloud services):

  • Amazon: Amazon Marketplace and Amazon Ads
  • Microsoft: LinkedIN and Windows PC OS

Google has also been given "gatekeeper" status by the EU in relation to numerous platforms, including as Google Search and the Android mobile operating system – but not cloud services (although it has a significantly lower market share than either Amazon or Microsoft in cloud services).

What other action could be taken?

The CMA could take action following its market investigation into cloud services; for example, it could order cloud providers to change some of their licensing practices. However, the investigation is still ongoing and the CMA would first have to be satisfied that the behaviour of certain providers was having an adverse effect on competition in the market. The CMA is currently expected to publish its final decision in July 2025, although it is hoped that we will know its provisional decision before the end of 2024.

Force majeure: lessons from the Supreme Court

The vast majority of outsourcing contracts contain a force majeure clause of some description. Such provisions set out what should happen if one party cannot perform its obligations under the contract for a reason beyond its control. Typically, they provide for the suspension of the affected obligations for the duration of the force majeure event. However, it is also common for them to allow a party to terminate if the force majeure event persists beyond a given period (usually a matter of months).

What's new?

In MUR Shipping v RTI, the UK Supreme Court was faced with a situation where one party argued that, as it had used reasonable endeavours to get around the problem with performance, the other party was obliged to accept its solution – even though that "work-around" was not strictly in accordance with the contract. The Supreme Court made clear that its ruling applied to force majeure clauses in general – not just the specific clause in dispute. In particular, it said that unless there is clear wording to the contrary, most force majeure provisions will be interpreted in the following way:

  • The importance of reasonable steps: The clause will only apply if the event or state of affairs that has caused the problem with performance cannot be avoided by taking reasonable steps. The Supreme Court said that this would normally be the case even if there is no express reference to reasonable endeavours.
  • The importance of the original bargain: The clause is not intended to allow the party who is unable to perform to effectively change the terms of the original bargain by requiring the other party to accept non-contractual performance. If the other party chooses to accept such performance, it can opt to do so – but it is not under any obligation to accept it.

Key implications for outsourcing service providers

The key implication for outsourcing service providers is that if you want to be able to force customers to accept a "work-around" which is not in line with the contract, but "almost there", then the force majeure clause will need to make this clear. Otherwise, the most likely outcome is that the customer will be able to respond that "almost there" is not good enough – and that it's entitled to expect performance in line with what the contract says.

From the service provider's perspective, this is not necessarily bad news, at least in the short term – because an inability to overcome the force majeure event using reasonable endeavours means that the clause is likely to apply (so the obligations to perform in accordance with the contract will be suspended, for as long as force majeure event persists). And of course, in some cases, customers may be prepared to accept an "almost there" solution, at least on a temporary basis. However, if they don't and the force majeure event persists, then customers may ultimately be able to terminate the arrangement – even where the supplier has found a fairly good work-around.

Key implications for outsourcing customers

In the light of the Supreme Court's ruling, most conventionally worded force majeure provisions are unlikely to require customers to accept non-contractual performance by the service provider. As noted above, this will usually mean that, in the short term at least, the customer is likely to have to accept that the service provider's obligations to comply with the strict terms of the contract are suspended for so long as the force majeure event persists – provided that the supplier can show that it can't be avoided by taking reasonable steps. However, if the clause allows for termination if the force majeure event continues beyond a certain point, then unless the service provider is able to come up with a work-around that meets the contractual specifications in full, the right to terminate is likely to remain exercisable. That said, much depends on the wording of the clause – and we have previously highlighted a case where the drafting led the Privy Council to treat the issue of non-contractual performance somewhat differently.

More generally, customers should ensure that any force majeure provisions contain an express provision requiring the service provider to use at least reasonable endeavours to minimise the impact of any force majeure event.

Smart contracts: can they play a role in outsourcing?

Smart contracts have been partially eclipsed by the recent focus on AI, particularly Generative AI. But as we explain in our briefing, smart contracts have their uses – and it's possible that in future, generative AI could complement smart contracts to further automate the contracting process.

Key points

From an outsourcing perspective, the key points to note are that, due to their complexity, most outsourcing agreements are unlikely to be suitable for "conversion" to a smart contract – but certain elements of them could be appropriate candidates for some form of more automated approach. Examples would include:

  • Service credits: outsourcing contracts often provide for the payment of service credits if the relevant service levels are not met. A smart contract could be used for the automatic payment of the service credit where the service level is not met without any party having to take any action or make a claim. The main advantages would be better cash flow, lower costs in verifying/administering the service levels regime and a reduction in human errors.
  • Expert determination: we also discuss whether artificial intelligence could be employed to automate other aspects of contracts, notably expert determination (although our conclusion is that this is likely to be some way off).

The briefing also contains a handy jargon-buster, together with a "back to basics" explanation of smart contracts and their current uses, including:

  • fintech and decentralised finance;
  • royalty payments; and
  • insurance.

AI, data and cybersecurity roundup

The EU AI Act is now in force

The EU's AI Act came into force on 1 August 2024 and has implications for businesses around the world, not just in the EU. Most of the obligations will apply from 2 August 2026 but the bans outlawing unacceptable systems, and the AI literacy requirement (an obligation to educate and train staff interacting with AI), each apply from 2 February 2025. Our briefing sets out more detail on how the Act applies, as well as some practical steps that organisations may consider taking.

See also our AI Insights podcast series, which explores key legal issues relating to the development and use of artificial intelligence, including regulatory, data protection, intellectual property, employment, financial services and competition law aspects.

No new AI Bill for the UK...yet

Whilst no AI Bill was announced in the King's Speech in July 2024, the new Labour government has said that it is considering regulation targeting the largest general purpose AI models/systems (systems such as ChatGPT).

In a separate development, the UK has signed the Council of Europe's Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law. This requires the UK (alongside other signatories, which include the US and the EU) to observe certain high level principles with regard to AI (such as ensuring respect for privacy). Our view is that this is unlikely to affect the UK's approach; if anything, it is likely to use its signing of the Convention as a further justification for its decision to pursue regulation.

A replacement for the Data Protection and Digital Information (DPDI) Bill?

A Digital Information and Smart Data Bill (DISDB) has been announced (but is yet to be introduced). It looks likely to resurrect elements of the its predecessor, the DPDI Bill, which fell away at the end of the last parliamentary session. It appears that the DISDB's focus will be the setting up of data verification (e.g. digital identification products and services from certified providers to make it easier, for example, to carry out pre-employment checks) and data sharing schemes, and freeing up access to public sector data, which may be relevant to certain outsourced services.

Whether the DISDB will encompass other data protection reforms is less clear. Targeted reforms to "some data laws" have been mentioned but there is no more detail yet on what these changes might comprise – e.g. nothing on the changes proposed by the previous Conservative government to combat GDPR "red tape" or changes to the marketing and cookie regime.

Reform of cyber resilience rules

The new Government recognises the need to respond to the increasing frequency and severity of cyber-attacks affecting entities in critical sectors and their supply chains. It is also concerned that the UK has fallen behind and is "comparably more vulnerable" than the EU in the cybersecurity sphere. It therefore plans to introduce a Cyber Security and Resilience Bill to reform the Network Information Security Regulations 2018 (NISRs). The last government had previously proposed extending the reach of the NISRs to bring into scope managed service providers. The new legislation will cover "more digital services and supply chains" and is likely to include a cost recovery mechanism for regulators in respect of data breaches and increased incident reporting, including for ransomware attacks.

Although information about the detail of the Bill is scant at this point, it looks likely to cover similar ground to the previous proposals. For information about these and how they compared with the EU's NIS2 Directive, read this briefing.

Public sector roundup

Providers of outsourced services to the public sector should note the following developments:

New public procurement regime postponed to 2025

The "go live" date for the UK's new post-Brexit public procurement regime, which governs how many public sector contracts are put out to tender, has been put back to 24 February 2025. Originally, it had been hoped that the new regime would start in the second half of 2024. Whilst the new framework does not represent a radical shift from the current EU-derived regime, it does contain some important changes – as we highlighted in the previous issue of Outsourcing Spotlight (see section 1).

Expiry of PFI/PPP deals

With the majority (582) of PFI/PPP deals due to expire over the next 15 years, there may be opportunities for private sector providers to take over provision of related services on an outsourced basis. Typically, PFI/PPP arrangements involve the private sector building assets such as hospitals or schools and then leasing them back to the public sector, but often providing various services in parallel (e.g. maintenance etc). On expiry, the assets will normally be handed back to the public authority, but the latter may not have the capability or expertise to provide related support services – hence the potential opportunities. For more background, see section 8 of Infrastructure Spotlight (Summer 2024). Bear in mind that Government guidance recommends planning for expiry at least 5 years in advance, so some public authorities may start looking at their options well ahead of the actual "end date" of the contract.

Our outsourcing experience and publications

Recent outsourcing publications

We wrote the UK chapter of the latest edition of the Chambers Global Practice Guide to Technology & Outsourcing. You may also be interested in the following very short (3 minute) "need to know" videos:

  • Dealing with inflation in an outsourcing: a 3 minute primer

  • Data protection and outsourcing: a 3 minute primer on key recent developments

  • Deploying Artificial Intelligence in an outsourcing: a 3 minute primer

If you missed our first edition (from Autumn 2023), you can read it here. Finally, for all our materials on outsourcing, see our Outsourcing Spotlight series page.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Richard Brown
Richard Brown
Photo of Louisa Chambers
Louisa Chambers
Photo of Dan Reavill
Dan Reavill
Photo of James Longster
James Longster
Photo of Michael Ross
Michael Ross
Photo of Richard Offord
Richard Offord
Photo of Mark Evans
Mark Evans
Photo of Sarah Robinson
Sarah Robinson
Photo of Jonathan Rush
Jonathan Rush
Photo of Rosie Westley
Rosie Westley
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More