India Covers common issues in technology sourcing, including issues relating procurement process, dispute resolution procedure, intellectual property rights, data protection and employment law – in 18 jurisdiction.

1 Procurement Processes

1.1 Is the private sector procurement of technology products and services regulated? If so, what are the basic features of the applicable regulatory regime?

There is no central legislation governing procurement in India. The broader framework is provided by the Indian Contract Act, 1872 (Contract Act), the Sale of Goods Act, 1930, the Limitation Act, 1963, the Information Technology Act, 2000 (IT Act) and allied rules and regulations. In addition, specific obligations could be placed on interacting companies under the company law, and applicable intellectual property law.

1.2 Is the procurement of technology products and services by government or public sector bodies regulated? If so, what are the basic features of the applicable regulatory regime?

The General Financial Rules, developed by the Ministry of Finance establish the procedures for government procurement. Separately, the broader legal framework discussed at 1.1 also extend to government contracts. As India is a union of states, each state, including the Union Territories, have their own guidelines, rules, legislations, on the matters of procurement.
Additionally, the courts in India have laid down basic principles of public procurement, mandating fair and transparent procedures during technology acquisition.

2 General Contracting Issues Applicable to the Procurement of Technology-Related Solutions and Services

2.1 Does national law impose any minimum or maximum term for a contract for the supply of technology-related solutions and services?

No, there is no prescription in law for any minimum or maximum term of contract, for such contracts. The same is left to the exclusive and mutual agreement of the contracting parties.

2.2 Does national law regulate the length of the notice period that is required to terminate a contract for the supply of technology-related services?

No, the law does not regulate the notice period for termination of these contracts, they can be mutually agreed upon. In the absence of a mutually agreed notice period, the Courts have allowed a “reasonable” notice period to be read into the contract. What is reasonable will depending on facts and circumstances of each case.

2.3 Is there any overriding legal requirement under national law for a customer and/or supplier of technology-related solutions or services to act fairly according to some general test of fairness or good faith?

There is no express mention in a statute, of a general ‘duty to act in good faith’ in law. As our law has developed from common law, hence this requirement is an underlying thread of the law of contract. It is on account of the said requirement that the Indian Contract Act, 1872, inter alia, provides for rendering the contract voidable at the option of the affected party, in the event that the contract is vitiated by misrepresentation or fraud or undue influence.

2.4 What remedies are available to a customer under general law if the supplier breaches the contract?

The customer may choose to file a suit seeking specific performance of the supplier’s obligations and/or damages. However, specific performance will not be granted if (i) the customer has obtained substituted performance of the contract(ii) the contract requires performance of a continuous duty that the court cannot supervise; (iii)the contract is dependent upon the personal qualifications of the parties; or (iv) the contract is determinable in nature i.e. if the contract can be terminated by the parties, at will or upon instances of breach by either party.
Where the contract falls under any of the aforesaid exceptions, the customer is at liberty to terminate for breach of agreement and file a suit seeking damages for breach of agreement. The claim of damages and their quantification would depend upon (i) the nature of injury; (ii) the injured party’s responsibility therefore and the extent thereof; and (iii) the nature and extent of injuries caused to the parties on each other. If the contract provides for liquidated damages, the customer must prove that the amount is a genuine pre-estimate of loss or injury suffered.

2.5 What additional remedies or protections for a customer are typically included in a contract for the provision of technology-related solutions or services?

As this could involve flow and availability of data, an incontrovertible migration clause is in place, enabling seamless transfer of data and information in case of termination of services to another service provider within a defined timeline. Typically, the Service Level Agreement (SLA) contained within a contract, covers uptime guarantee, remedies, warranty periods, and similar undertakings. Additionally, clauses ensuring data privacy, continued access to data, confidentiality, ownership of intellectual property, indemnity, limitation of liability, right to termination and refund, appropriate representations and warranties are essential.

2.6 How can a party terminate a contract without giving rise to a claim for damages from the other party to the contract?

In addition to having performed its own set of obligations imposed by Contract, the terminating party ought to have strictly adhered to the provisions of the termination clause, including provision of a remedy/cure period prior to effecting termination, if any, as set forth in the contract.

2.7 Can the parties exclude or agree additional termination rights?

Parties can mutually agree on the terms that will apply to the termination of a transaction concerning technology-related solutions or services. However, exclusion of termination right will not disentitle a party to exercise its statutory right to terminate on account of breach, subject to the statute of limitations. It has been held by the Supreme Court of India that all commercial contracts are terminable by their very nature and hence exclusion of termination right may not be upheld.

2.8 To what extent can a contracting party limit or exclude its liability under national law?

There is no express statutory bar in India against contractually excluding or limiting liability. However, in contracts between parties having unequal bargaining power, courts may refuse to enforce clauses excluding or limiting liability, which are found to be unconscionable. Indirect liabilities are usually excluded but a clause specifying such exclusion is advisable nevertheless.

2.9 Are the parties free to agree a financial cap on their respective liabilities under the contract?

Yes. Please see refer to 2.4 and 2.8.

2.10 Do any of the general principles identified in your responses to questions 2.1–2.9 above vary or not apply to any of the following types of technology procurement contract: (a) software licensing contracts; (b) cloud computing contracts; (c) outsourcing contracts; (d) contracts for the procurement of AI-based or machine learning solutions; or (e) contracts for the procurement of blockchain-based solutions?

No, contractual rights are afforded to all contracting parties, irrespective of the subject matter.

3 Dispute Resolution Procedures

3.1 What are the main methods of dispute resolution used in contracts for the procurement of technology solutions and services?

The parties in the Information Technology (IT) and IT Enabled Services sector tend to opt for alternate dispute resolution (ADR) mechanisms, consisting of adjudication by way of mediation and/or arbitration. However, arbitration will not be available as an option, in case a party seeks to file a suit for infringement of intellectual property, and such cases are referred to appropriate courts of law. There is also a trend for parties to opt for mediation and also an online arbitration process.

4 Intellectual Property Rights

4.1 How are the intellectual property rights of each party typically protected in a technology sourcing transaction?

India has an established statutory and judicial framework for safeguarding intellectual property rights; the legislations include the Trade Marks Act, 1999 (Trademarks Act), the Copyright Act, 1957 (Copyright Act), the Patents Act, 1970 (Patents Act), the Designs Act, 2000 (Designs Act), the Semiconductor Integrated Circuits Layout-Design Act, 2000. Trade secrets are currently protected by contract and the common law of confidentiality. Further, the parties must execute an agreement and state such contractual obligations which will protect each party’s respective interests, or waive their rights, as the case may be, in part or in full. Certain rights are considered to be inalienable, by their very nature, and shall continue to be so, even when waived by way of a contractual provision. As trade secrets are not statutorily protected in law, it is important that the contracting parties specifically delineate the extent of their rights, transmission of rights, and consequences of termination.

4.2 Are there any formalities which must be complied with, in order to assign the ownership of Intellectual Property Rights?

Yes, in addition to execution of a valid contract, there are formalities enlisted in the legislations identified at 4.1 above, as applicable. As per the Copyright Act , an assignment can be made in whole or in part. The Copyright Act also illustrates the manner in which the assignment of the ownership is supposed to take place and also provides for revocation of assignment in very limited circumstances. Similarly, the Trademarks Act defines the scope of assigning trademark (both registered as well as unregistered) from one person to another, and along with execution of an agreement recording such transmission, requires registration of the intent of the parties with the Trademarks Registry, where applicable. The Patents Act also lists down the manner in which an assignment will be effected.

4.3 Are know-how, trade secrets and other business critical confidential information protected by national law?

At present, there is no specific legislation in India to protect know-how, trade secrets and confidential information. In the absence of statutory protection, several judicial decisions have upheld trade secret protection on the basis of the law of confidentiality and principles of equity.

5 Data Protection and Information Security

5.1 Is the manner in which personal data can be processed in the context of a technology services contract regulated by national law?

The IT Act and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (IT Rules) framed thereunder govern the realm of data privacy and protection. There is no specific legislation governing data privacy and protection; however, the Personal Data Protection Bill, 2019, which will become the central legislation on the subject is pending enactment.
The Rules state that an entity/person, who collects, receives, possess, stores, deals or handles information of provider of information, is required to provide a privacy policy and seek written informed consent of the person to whom such data pertains to, prior to processing of such data.
The notice should conform to the standards of transparency (categories of information processed, purpose and usage), and must also ensure that retention schedule, along with the rights of the individual is conveyed sufficiently.

5.2 Can personal data be transferred outside the jurisdiction? If so, what legal formalities need to be followed?

Personal data can be transferred outside the jurisdiction where the recipient is located in any other country, which ensures the same level of data protection as prescribed under the IT Rules . Such transfer will be allowed only if it is necessary for the performance of the lawful contract between the body corporate and information provider or where such person has consented to data transfer.
The banking regulator, the Reserve Bank of India in 2018 had issued a direction requiring data relating to payment systems to be stored in systems only in India. With respect to payments processing done outside of India, the data has to be deleted from those systems and stored in India not later than one (01) business day. For overseas transactions, the domestic component of payments data can be stored in such jurisdiction, or otherwise if required.

5.3 Are there any legal and/or regulatory requirements concerning information security?

As per the IT Rules , a body corporate or a person is required to implement standard security practices and standards which are commensurate to the industry standards. Additionally, it is required that documented information security programme and information security policies containing managerial, technical, operational and physical security control measures are maintained.
Per the Information Technology (The Indian Computer Emergency Response Team and Manner of Performing Functions and Duties) Rules, 2013, expects voluntary reporting of data breaches, and mandates reporting under certain exclusive circumstances.
Additionally, the Reserve Bank of India (RBI), also prescribes specific security standards to be complied with, for regulated banking and financial institutions.

6 Employment Law

6.1 Can employees be transferred by operation of law in connection with an outsourcing transaction or other contract for the provision of technology-related services and, if so, on what terms would the transfer take place?

The terms of employment in India are largely governed by the law of contract. As employees enjoy certain statutory benefits under the law, in case of transfer of employees in an outsourcing transaction, or other contracts provisioning technology-related services, the parties will have to ensure that there is a continuity of accrual of such benefits in favor of the concerned employees. In case where any formalities are to be met with the statutory welfare authorities, it is incumbent on the individual as well as the employer to enter submissions, as necessary. This is for consideration of transfer of high-skilled employees only.

On transfer, the transferor can assign agreements made between itself and its employees to the transferee including Confidentiality agreements and IP assignment agreements. This ensures that the transferee is responsible for the obligations under these agreements.

6.2 What employee information should the parties provide to each other?

There are no specific obligations prescribed in law. However, where any information has to be submitted to the welfare authorities to ensure that benefits accruing in favor of the employee concerned are unaffected, such information must be exchanged between the parties. In practice, parties may exchange information pertaining to terms of employment agreement, designation, performance, salary at the time of transfer, etc. In the event where the payroll is also transferred, details required under the laws of taxation will also have to be exchanged, for compliance.

6.3 Is a customer or service provider allowed to dismiss an employee for a reason connected with the outsourcing or other services contract?

Yes, subject to the understanding between the contracting parties as per the terms of the contract.

6.4 Is a service provider allowed to harmonise the employment terms of a transferring employee with those of its existing workforce?

Yes. The intent for the same must be conveyed to the employee concerned. In the event where the employee is deputed, the understanding between the original hirer and the recipient of the services, should discuss the obligations, working conditions, and associated rights of the employee.

6.5 Are there any pensions considerations?

The transfer of ownership or management of the business would result in transfer of the balance of the employees’ provident fund account to the transferee company, as per the provisions of the Employees’ Provident Funds and Miscellaneous Provisions Act 1952 (EPF Act). The EPF Act holds the transferor and the transferee jointly and severally liable to pay other sums and contributions in case of such transfers. However, the liability of the transferee in respect of such contributions is limited to the extent of the value of the assets obtained by the transferee from the transfer.
Also, as private employers may have their own pension funds available to the employees, the specific terms of such an internal policy of the employer will prevail and could vary.

6.6 Are there any employee transfer considerations in connection with an offshore outsourcing?

There is no specific rule limiting Indian businesses from having outsourced services performed outside India or vice versa, this shall be subject to work authorizations, permits, and associated tax credits and laws.

7 Outsourcing of Technology Services

7.1 Are there any national laws or regulations that specifically regulate outsourcing transactions, either generally or in relation to particular industry sectors (such as, for example, the financial services sector)?

There is no central legislation to regulate this behavior. However, RBI has issued Guidelines on Managing Risks and Code of Conduct in Outsourcing of Financial Services by Banks , by which scheduled/commercial banks which choose to outsource financial services are prohibited from outsourcing their core management functions (opening of accounts, loan sanctioning, management of investment portfolios etc.), including internal audit, compliance, and decision-making functions. Further, the aforesaid guidelines state that the outsourcing agreement between the bank and the service provider must be flexible to enable the bank to control and intervene, if the need arises. Similarly, the Department of Telecommunications enlists guidelines relating the other service providers (OSPs). As per the guidelines, OSPs refers to entities providing voice based BPO services. These latest guidelines have done away with registration security deposit, bank guarantee in order to accommodate the constant innovations in technology.

7.2 What are the most common types of legal or contractual structure used for an outsourcing transaction?

Typically, outsourcing transactions are effected by way of a service agreement, which has an associated SLA which are for specific requirements agreed between parties for a limited period of time or until the service is rendered to the satisfaction of the customer and are typically part of the parent agreement, scope of work delineating specific requirements. Several professionals also operate on a build-operate and transfer model, whereby they engage with the companies for a predefined period of time, for defined functions, as per the specific requirements of the companies engaging them, as an internal function of the company, on an exclusive basis.

7.3 What is the usual approach with regard to service levels and service credits in a technology outsourcing agreement?

SLAs typically ensure that there is an identified escalation matrix, levels of urgency and associated response timelines. This allows either party to connect on a real time basis, or as per agreed timelines to remedy issues. In practice, service credits are provisioned to ensure offsetting any deficiency in services rendered by the service provider. The SLA typically allows a set number of defaults, failing which the service credits are rolled out.

7.4 What are the most common charging methods used in a technology outsourcing transaction?

Charging methods differ based on the size of the outsourcing transaction as well as the existing or prior business relationship between the parties. Since the main focus of outsourcing any function is to reduce costs, very often, these transactions are priced on the basis of the following models:
Fixed price model – This model is usually employed in project-based engagements where the scope of the transaction is clearly defined.
Time and materials model – This charging model involves fixation of price on an hourly basis or by the resources (time and manpower) to be used for an outsourcing transaction.

These are the most common pricing models in technology outsourcing transactions. Lately, parties have begun to opt for incentive-based pricing models such as bonus model, risk/reward model and gain-sharing model, that generally focus on the outcome of the services rather than the input.

7.5 What formalities are required to transfer third-party contracts to a service provider as part of an outsourcing transaction?

Third party contracts may be assigned to a service provider if the contract permits assignment, and when the conditions, if any, provided thereunder for assignment are satisfied. If the contract can be assigned without the approval of the other party, then the customer and supplier can enter into a simple assignment agreement to transfer the contract. Generally, a notice of assignment is sent to the other party to the contract. If prior consent is required, then the customer and supplier must either enter into an assignment agreement after obtaining consent from the other party to the contract or a tripartite agreement between the parties to the contract and the supplier.
However, personal contracts i.e., contracts where the obligations depend on the personal skills and qualifications of the parties involved are not typically assigned.

If the transfer involves transfer of personal data, then the consent of the data subject must be taken and the transferor should ensure that the transferee accords the same level of data protection as the transferor, in accordance with the provisions of the IT Act and the rules framed thereunder .

7.6 What are the key tax issues that can arise in the context of an outsourcing transaction?

Provision of services – Invoices raised by suppliers under outsourcing contracts are subject to Goods and Services Tax, 2017, the burden whereof can be mutually agreed to be borne by the customer. The supplier is also entitled to deduct applicable withholding taxes at the time of raising the invoice.
Transfer of employees – There exists a lack of clarity on whether customer contracts or employees transferred to an Indian supplier can be defined as “capital assets” for the purpose of calculating capital gains under the Income Tax Act, 1961. In addition, if the employees of a foreign outsourcing entity (customer) are transferred to an Indian supplier yet continue to function as the customer’s employees, tax authorities could treat this as evidence of permanent establishment of the customer in India, especially if the employees carry on the business of the foreign entity through the supplier’s premises.

8 Software Licensing (On-Premise)

8.1 What are the key issues for a customer to consider when licensing software for installation and use on its own systems (on-premise solutions)?
In addition to what has been indicated at 2.5, the customer has to ensure that there is no access which is granted to the service provider, in excess of what is required for continued maintenance and support. This is further discussed at 8.2.

8.2 What are the key issues to consider when procuring support and maintenance services for software installed on customer systems?
The key considerations in case of installation of software on customer systems would include implementation of a robust data privacy network, which restricts interaction of the personal data available on site from being freely shared with the software/ tool. Additionally, ongoing maintenance and round the clock support is necessary for large enterprises, which rely on such software, so SLAs and service credits would also be a major consideration. Support could range between bug fixes, simple escalations, to updates and upgrades, as covered under the contract. Also, it is important to have business continuity plans to ensure there is back-up available to the customer.

8.3 Are software escrow arrangements commonly used in your jurisdiction? Are they enforceable in the case of the insolvency of the licensor/vendor of the software?

Yes, software escrow arrangements can be traced to various Indian segments, including, banking & finance, information technology, health, and infrastructure. These arrangements permit a third party to hold and test a copy of the supplier product software’s source code to make sure it is accurate, complete and can be compiled independently in the event of vendor failure.
Such arrangements will be enforceable in the case of insolvency of the licensor/vendor of the software, only when it is necessary for continuation of the business as a going concern. Additionally, deference will be made to termination provisions of the parent agreement itself. This must be adjudged on a case-to-case basis.

9 Cloud Computing Services

9.1 Are there any national laws or regulations that specifically regulate the procurement of cloud computing services?
There is no specific provision in law; however, cloud services have been acknowledged under the Goods and Services Tax Act, 2017 and therefore the services rendered by cloud services providers are subject to tax implications. Further, cloud service providers, are required to comply with the security standards and procedures (with respect to collection, storage, and processing of data) as stipulated under the IT Act along with the allied IT Rules.
The Telecom Regulatory Authority of India (TRAI) had also issued its recommendations which are yet to be adopted and governed by the Government of India.

9.2 How widely are cloud computing solutions being adopted in your jurisdiction?
According to a NASSCOM, in 2019, the Indian cloud computing market was valued at $2.2 billion and is expected to grow at 30 per cent (year-on-year) to reach $7.1 billion by 2022 . The statistical number is a testimony to the fact that the cloud computing solutions are largely being adopted. The new age technology start-ups are all focused on services reliant upon cloud computing.

9.3 What are the key legal issues to consider when procuring cloud computing services?
One of the biggest challenges concerns overseas transfer of data, and storage restrictions. Owing to overlap between industries, and interaction between the data sets, it becomes increasingly difficult to filter data prior to transfer.

10 AI and Machine Learning

10.1 Are there any national laws or regulations that specifically regulate the procurement or use of AI-based solutions or technologies?

No. However, in deference to increased reliance on AI based solutions, the government think-tank NITI Aayog has been instrumental towards creating guidance documents concerning AI and Machine Learning (ML) and have demonstrated general inclination in adopting the practices at a public, as well as a private level. Incidentally, the recently notified amendment to the Indian Medical Council (Professional Conduct, Etiquette and Ethics) Regulations, 2002, recognized use of AI to assist in clinical decision making but has also cautioned the user of complete reliance on the automated tools. The Securities Exchange Board of India has also released discussion papers, accepting the practice of AI/ ML techniques in matters related to stock exchange transactions.

10.2 How is the data used to train machine learning-based systems dealt with legally? Is it possible to legally own such data? Can it be licensed contractually?

The datasets used to train machines, would typically involve proprietary data, or publicly available data; depending on the source of such data, the related information may be licensed contractually.

10.3 Who owns the intellectual property rights to algorithms that are improved or developed by machine learning techniques without the involvement of a human programmer?

As the algorithms are typically codified in the form of a software, the associated intellectual property rights would mostly be in the form of a copyright, or a computer related invention, as protected in law. There is no specific jurisprudence with respect to the creation of a solution, by an automatic function, without human intervention, in this jurisdiction.

11 Blockchain

11.1 Are there any national laws or regulations that specifically regulate the procurement of blockchain-based solutions?

India has no dedicated law or regulation that governs the development, use and operation of blockchain/distributed ledger technology (DLT). Recently, the Supreme Court of India, recognized the prevalence of cryptocurrencies in the country, and also directed the government to enact a legislation regulating the sector . Additionally, RBI has also issued guidance to the regulated banking and financial institutions to ensure compliance with know-your-customer norms, anti-money laundering guidelines, as well as foreign management rules.

11.2 In which industry sectors in your jurisdiction are blockchain-based technologies being most widely adopted?

Banking, financial services and insurance industry have onboarded innovations in blockchain based technologies to effect cross border payments, loan issuance and tracking, insurance, securities and commodity trading, collateral and ownership registries such as land records. Furthermore, technology firms in India have introduced various pilot projects and proof of concepts based on blockchain technology across various sectors and geographies.

11.3 What are the key legal issues to consider when procuring blockchain-based technology?

As discussed earlier, India does not have a dedicated regulatory framework for blockchain regulation and must fall back upon the prevailing legal position in intellectual property, contract law and data protection principles. Principles of data localization and data permanency on a ledger, may contradict with the provisions to safeguard the privacy of an individual under the Indian data protection regime.
Furthermore, given the decentralized nature of blockchain, the nodes may be operating from different jurisdictions, which may necessitate guidance from a regulatory body to define ownership and associated liabilities for participants of the blockchain, including tracing the originator of such information.

Author 1: Abhishek Malhotra, Managing Partner, TMT Law Practice 

Abhishek Malhotra is the Founding Partner of TMT Law Practice. He graduated from National Law School India University, Bangalore and went on to earn an LLM degree from the Franklin Pierce School of Law, USA. He is admitted to the State Bar of California and Delhi. Abhishek has nearly two decades of experience, with strong expertise in Intellectual Property, Technology, Media and Telecoms, as well as Commercial Disputes.

Abhishek has been advising Fortune 500 companies, MSMEs and Start-Ups across a host of issues including Strategy, Dispute resolution, Data Protection, navigating the Indian Regulatory landscape, Policy advisory, Emerging technology, Commercial Space & Satellite Communication, Sports & Gaming and all aspects of Media laws.

Author 2: Bagmisikha Puhan, Associate Partner, TMT Law Practice 

Bagmisikha is a technology lawyer and is licensed to practice in India. She specializes in commercial transactions, telecommunications, privacy, healthcare and corporate law.

Prior to working with TMT Law Practice, Bagmisikha worked with Bharucha and Partners, and the enterprise risk management (privacy team) practice at Wipro Limited.

She regularly acts for multinational companies carrying out commercial transactions, advising on general corporate affairs, and has extensive experience in implementing data privacy measures at an enterprise level. She has advised and assisted healthcare institutions, industry associations and premier thinktank of the country in regulatory and policy matters.

Her representations range from multinational companies to start-up companies and industry associations.

Bagmisikha completed her BA. LL. B (Hons.) at the School of Law, KIIT University.

    Work With Us