David Baines and Caroline Lorkin examine new guidance and a model contract for public sector bodies buying complex data and technology services.
The new Model Services Contract v2.0
The Cabinet Office and the Government Legal Department has published a new Model Services Contract (version 2.0). This replaces the previous Model Services Contract core terms (version 1.7) and accompanying Schedules (version 1.9). The Model Services Contract version 2.0 is intended to be used by government bodies for complex and high-risk services contracts with a total contract value over £20 million.
The new version reflects developments in government policy, regulation and the market. Key changes include:
- Intellectual Property Rights: provisions for intellectual property rights (IPR) have been overhauled to allow for customisation depending on the intended ownership model for foreground IPR. Previously the Model Services Contract only contained one model (authority ownership with limited supplier rights), but there are now five different possibilities ranging through to supplier ownership with limited authority rights (a more palatable model for SaaS suppliers). There is also optional wording for situations where the authority wishes to gain a profit share in the exploitation of any developed IPR. This is helpful in view of suppliers’ approach to IPR.
- Data protection: references to outdated EU legislation have been updated/deleted, including GDPR provisions, to reflect the UK data protection landscape post-Brexit. The supplier liability cap for data protection breaches has been updated from £10m per contract year to a suggested range of between £10-20 million per contract year (which can be amended depending on the individual circumstances of the contract).
- Sustainability: the previous version of the contract introduced new environmental standards which were contained in an Annex to Schedule 4 (Standards). This Annex has now been renamed ‘Sustainability’ and has been streamlined and includes some new sustainability requirements, including requirements around the Public Sector Equality Duty (in line with PPN 01/13 – Public sector equality duty), carbon reduction under PPN 06/21, the Supplier Code of Conduct v.2 and the Government Buying Standards. Version 2.0 also introduces some optional sustainability requirements which authorities may find helpful to include in their procurements, depending on how appropriate, relevant, and proportionate these are to the subject matter of the procurement. Sustainability is increasingly relevant in public sector contracts (for information on the new guidance published in relation to NHS buyers and suppliers and sustainability, see here).
- Security management: The Security Management Schedule has been amended, including updating the security requirements set out for suppliers and subcontractors in relation to relevant end user devices processing or holding Authority Data, and encryption requirements.
- Further changes:
- Updates have been made to the Financial Distress Schedule, including adding some new Financial Distress Events.
- Updates have been made to the Service Continuity Plan and Corporate Resolution Planning Schedule.
- The provision around mandatory terms in subcontracts has been amended, to take account of the fact that some subcontracts may have been entered into before the main contract.
- The Exit Management Schedule has been updated, including adding 2 new Termination Assistance Services and updating the Ethical Wall Agreement.
- Updates have been made to the Financial Reports and Audit Rights Schedule to make clear that any financial reporting required by the supplier is to the extent permitted by applicable law.
- Clauses covering the supplier’s compliance with Whistleblowing, Modern Slavery, Employment Law, and Conflicts of Interest have been added.
- The ability for authorities to enter into direct agreements with third parties when they have more favourable terms than the supplier has been removed.
The Model Services Contract v2.0 can be accessed here.
Digital, Data and Technology Playbook (DDTP)
The Digital, Data and Technology Playbook (DDTP) was published on 28 March 2022. This follows the same format and structure of other playbooks published by central government (ie The Construction Playbook) by setting out key policy reforms which intend to transform how public bodies assess, procure and manage ICT products and services.
Government bodies are required to apply the DDTP to all new Digital, Data, and Technology projects and should consider the DDTP alongside the Model Services Contract when embarking on large scale IT procurement exercises over £20 million. The DDTP also expects that wider public sector bodies will take the guidance into account.
Legacy IT guidance
Furthermore, on 28 March 2022 the Government Commercial Function published a guidance note entitled ‘Commercial and Supplier Management Approach to Mitigating and Preventing Legacy IT’.
Legacy IT can be defined to include software which is now considered to have reached its end-of-life, out of support or on extended support from the supplier, impossible to update, no longer cost-effective, or no longer considered to be within an acceptable risk-threshold.
Dealing with legacy IT is a huge problem for public sector entities, and millions could be saved from the effective procurement, negotiation, and management of ICT contracts to prevent legacy IT issues from arising at the outset.
This guidance assists public sector bodies in preventing and mitigating legacy IT and supports the DDTP, by setting out 2 Policies and 12 Guidelines to follow when procuring and managing ICT contracts.
The Legacy IT guidance can be accessed here.