A recent article over on Outsource Magazine had a good article on legal considerations when outsourcing to India that addressed core legal issues that should form the basis of your Master Services Agreement when outsourcing to India. The four issues addressed could be very problematic if not covered by your agreement.
This refers to the governing law, or proper law, of the contract. While the parties of a contract can choose the governing law, as the author notes, due to the fact that a major proportion of the services are to be rendered in India, consideration for services will be received in India and the Indian party may sign the contract in India, the applicability of Indian laws cannot be excluded by contract. So, even if the Indian party agrees to the governing law being a foreign law, it is possible that in case of any dispute, the Indian party could approach a court in India to seek appropriate relief and the court could also entertain the dispute on the basis of factors set out above. Keep this in mind when considering outsourcing to India. In addition, should you choose arbitration, Indian law mandates that for a foreign arbitral award to be directly enforceable in India, the award must meet the following conditions: the award must have attained finality in the country it has been passed; it must conform to and must not conflict with Indian law or public policy; both the parties and the arbitration venue should belong to a New York or Geneva Convention signatory country.
Data Protection and Privacy Laws
While India has been slow on the uptake with respect to data protection and privacy laws, compared to the US which has a number of industry specific federal laws and state laws (that also restrict cross-border transfer of personal and sensitive information) and the EU which has the European Data Protection Directive, it has moved quickly to catch up in an effort to insure it keeps the outsourced work that it has acquired. Since the Information Technology Act of 2000 didn’t have enough enforcement teeth in the eyes of the US or EU, the biggest outsourcers to India, it quickly passed the Information Technology Rules in 2011 that defined what would constitute “Sensitive Personal Data or Information”, laid down obligations for the data collector and data processor, and defined reasonable security practice and procedures. This may not be strong enough for extremely sensitive data, but is a great start. Just make sure you also insist on adherence to the IS/ISOIEC2700 as well.
It’s important to explicitly state that the service provider complies with all the necessary laws and that the overseas outsourcing company may not be threatened by any kind of claim by employees of the Indian company.
Licensing, Copyright in Database and Infringement Issues
Remembering that the outsourcing company is creating, developing, and processing data for you, the client, it is essential that you state that all data, product, programme, software, designs, and compilations constitute IP and that all IP rights are protected and assigned back to you, the client. Note that, in Indian law, the supplier will hold the copyright interest in the software developed by it but Indian law also provides for the assignment of the copyright interest by the service provider in favour of the client, by entering into an separate assignment agreement.
If not properly handled in the agreement, each of these could come back to bite your organization in its organizational behind if something goes wrong. Think it through, and get some expert legal help.