Contract terms for technology deals: Five key risk areas

Whether your business is procuring or providing technology, your contract is one of the key tools to mitigate the risks associated with implementation and maintenance of technology solutions. This article sets out 5 key considerations for technology deals that are often overlooked in contract negotiation.

1. Scope of services and/or deliverables 

The agreed scope of the work and/or services should be clearly defined. The contract should set out the details and specification of the technology, the basis of that supply (i.e. any licensing or assignment terms) and any installation, integration, hosting, training and maintenance services related to its use. Equally, it should be clear what is not included within the price. Where there is a possibility that the scope or customer’s requirements might change during the term, the contract should include a formal change control process.

2. Customisation

Technology solutions are often adapted to meet the customer’s needs and work with their existing systems. Where customisations are agreed, ownership of any custom-built elements needs to be made clear, as well as ownership and the terms of use of underlying intellectual property, how the solution will interface with the customer’s infrastructure and where the parties’ respective responsibilities for integration begin and end. Whilst bespoke software allows the customer to define exact specifications, customisations may not have undergone the same level of testing as the standard product. This can mean the parties need to allow more time to address bugs and technical errors arising after implementation compared to for a more standardised product, and this may need to be reflected in the support and maintenance provisions.

3. Getting to ‘Go Live’

If either of the parties has a fixed date by which the solution should be operational, this should be recorded as a milestone event and suitable provision made for what happens (e.g. cost or damages implications) if the milestone is not met. Contract terms may address different causes of delay, and whether the fault of either party or external factors. Clearly setting out dependencies and the parties’ responsibilities for getting to go live (e.g. provision of access and information) also helps navigate disputes if milestones are missed. Acceptance testing is a key feature of getting to go live and creates certainty as to when delivery of the solution, or any project stage, is complete. Typically, this triggers the customer’s obligation to pay some or all of the fees. Acceptance testing provisions should set out specific and measurable acceptance criteria, detail how, when and by whom the tests will be conducted, and prescribe resolution and retesting processes if the solution fails any test.

4. Improvements, support and maintenance

As technology does not stand still, your contract needs to anticipate future changes affecting the solution and specify to what extent patches, updates or upgrades are included within the contract price and who is responsible for implementing them. If updates are not included, the solution may become outdated and the parties should consider what lifespan they expect the solution to have and any support arrangements or exclusions for solutions that are either not maintained or have reached end of life. The contract should make clear the extent of training, support and maintenance (if any) that are included. Where the solution is provided with additional services, it is best practice to agree service levels for matters such as uptime, response times and any service credits or other remedies offered.

5. External standards and compliance

With the ever-rising profile of data protection, cybersecurity and corporate compliance matters (e.g. anti-bribery and supply chain diligence), customers are increasingly require assurance that their data, systems and reputation are safeguarded under the contract. In addition to contractual obligations to comply with applicable laws and regulations, it is increasingly common for contracts to require suppliers to hold certifications (such as ISO 27001 and Cyber Essentials) as well as to comply with the customer’s internal information security standards and policies. Having a clear record in the contract of the standards agreed, can give both parties clarity in the event that the solution is affected by a data or cybersecurity incident.

Moving forwards

Effective negotiations for a technology deal will typically address each of the points above and, as with any deal, the final contract will also provide for financial limits on the parties’ respective liability and any specific insurance requirements. Time spent exploring this issues during contract negotiation and drafting can pay dividends should complications arise after the contract has been signed. 

If you need support with structuring a technology services solution, advice on managing risk in tech contracts, or assistance with negotiating or drafting a contract, or if you have any questions on the issues covered in this article please get in touch with our Commercial and Technology lawyers at [email protected].