{"id":102540,"date":"2025-04-28T09:23:08","date_gmt":"2025-04-28T09:23:08","guid":{"rendered":"https:\/\/my.legal500.com\/guides\/?post_type=comparative_guide&#038;p=102540"},"modified":"2025-09-01T14:00:23","modified_gmt":"2025-09-01T14:00:23","slug":"the-netherlands-technology-outsourcing","status":"publish","type":"comparative_guide","link":"https:\/\/my.legal500.com\/guides\/chapter\/the-netherlands-technology-outsourcing\/","title":{"rendered":"The Netherlands: Technology Outsourcing"},"content":{"rendered":"","protected":false},"template":"","class_list":["post-102540","comparative_guide","type-comparative_guide","status-publish","hentry","guides-technology-outsourcing","jurisdictions-the-netherlands"],"acf":[],"appp":{"post_list":{"below_title":"<div class=\"guide-author-details\"><span class=\"guide-author\">Greenberg Traurig LLP<\/span><span class=\"guide-author-logo\"><img src=\"https:\/\/my.legal500.com\/guides\/wp-content\/uploads\/sites\/1\/2023\/10\/logo-1.png\"\/><\/span><\/div>"},"post_detail":{"above_title":"<div class=\"guide-author-details\"><span class=\"guide-author\">Greenberg Traurig LLP<\/span><span class=\"guide-author-logo\"><img src=\"https:\/\/my.legal500.com\/guides\/wp-content\/uploads\/sites\/1\/2023\/10\/logo-1.png\"\/><\/span><\/div>","below_title":"<span class=\"guide-intro\">This country specific Q&amp;A provides an overview of Technology Outsourcing laws and regulations applicable in The Netherlands<\/span><div class=\"guide-content\"><div class=\"filter\">\r\n\r\n\t\t\t\t<input type=\"text\" placeholder=\"Search questions and answers...\" class=\"filter-container__search-field\">\r\n\t\t\t<\/div>\r\n\r\n\t\t\t\r\n\r\n\r\n\t\t\t<ol class=\"custom-counter\">\r\n\r\n\t\t\t\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Market overview: Please provide a high-level overview of the outsourcing market in your jurisdiction (e.g. who are the key players and in what sectors (public and private) are you seeing outsourcing services being adopted)?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>The Dutch outsourcing market started already in 2000, with one of the first big ticket cross-border technology outsourcing deals on the continent (ABN AMRO bank outsourcing the better part of its global IT). Many of such deals have followed. The market has been mature for years. All kinds of technology are being outsourced, as well as almost all business processes. This occurs both in the public and private sector.<\/p>\n<p>Key players are the usual international\/global suspects, including those who offshore to India and other locations.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Market overview: What is the current attitude of the government and of regulators to the use of outsourcing in your jurisdiction?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>The Dutch government has a positive view on technology and the opportunities it offers. It is a trailblazer in the EU on negotiating favourable and compliant terms with large tech. Many government data are stored in the cloud. But pure outsourcing (so excluding straightforward hosting) is seen less than in the private sector.<\/p>\n<p>Regulators in banking and insurance also have a positive attitude towards outsourcing, provided banks and insurers comply with their regulations (refer to question 6 below). These regulations are bulky, but a lot of the requirements are covered in most outsourcing agreements anyway.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Procurement: Are there specific procurement-related laws or regulations governing outsourcing by public sector or government bodies?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>There are no specific procurement-related laws or regulations governing outsourcing by public sector or government bodies.<\/p>\n<p>The government uses general terms and conditions for procuring technology (ARBIT). These terms mention AI, cloud, agile and exit (re-transition), but not outsourcing specially. ARBIT is very one-sided and large tech usually does not accept these terms.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Procurement: Are there specific procurement-related laws or regulations governing outsourcing by private sector organisations?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>There are no specific procurement-related laws or regulations governing outsourcing by private sector organisations.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Laws and Regulations: Are there any other specific laws or regulations that apply to outsourcing? If not, what key general laws and regulations are most relevant?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>There are no other specific laws or regulations that apply to outsourcing.<\/p>\n<p>Most relevant are: general statutory contract law and \u201c<em><i>opdracht<\/i><\/em>\u201d, the chapter in the Dutch Civil Code that deals with commission of services. This chapter contains some non-mandatory provisions that are usually excluded. An example is the supplier\u2019s right to terminate in case of changed circumstances (!). The Copyright Act may also be relevant (refer questions on IP below).<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Laws and Regulations: Do any specific regimes apply to outsourcing arrangements in particular sectors (e.g. financial services)?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Industry-specific restrictions exist mainly in the financial, insurance, asset management and pensions industries and are mostly derived from EU legislation. The regulations concerned include the Dutch Financial Supervision Act (<strong><b>FSA<\/b><\/strong>) (and a number of directives and resolutions under that act), the Regulation on Digital Operational Resilience (<strong><b>DORA<\/b><\/strong>), the Solvency II Directive and the Solvency II Regulations, the Alternative Investment Fund Managers Directive (<strong><b>AIFMD<\/b><\/strong>), the Pensions Act, the Dutch Central Bank\u2019s (<em><i>De Nederlandsche Bank<\/i><\/em>, <strong><b>DNB<\/b><\/strong>) good practices for insurers and separate guidelines for other sectors, and the European Banking Authority (<strong><b>EBA<\/b><\/strong>) guidelines on outsourcing to cloud service providers. The main principles of these regulations boil down to the following:<\/p>\n<ul style=\"padding-left: 0\">\n<li>responsibility cannot be outsourced;<\/li>\n<li>a written agreement that contains sufficient means for the customer to monitor performance is mandatory;<\/li>\n<li>mandatory disclosure by the supplier of circumstances that may affect continuity is required;<\/li>\n<li>the financial institution should be granted sufficient audit rights;<\/li>\n<li>a risk analysis is required;<\/li>\n<li>in some sectors, the financial institution must be able to terminate at will (against a termination fee);<\/li>\n<li>there must be restrictions on the further subcontracting of obligations by the supplier and, where such further subcontracting does take place, control and transparency must be retained by the supplier in respect of the outsourced services; and<\/li>\n<li>notice of the intended outsourcing to supervisors is often required.<\/li>\n<\/ul>\n<p>The DORA, which defines standards aimed to ensure operational security, is not only directed to financial institutions, but also to the ICT third-party service providers the services are outsourced to. These standards impose binding requirements regarding governance mechanisms, security reviews and resilience testing, incident reporting, and the contract language used with third parties with the aim of ensuring that the financial institution remains fully in control of, and accountable for, IT security and risk management. Under DORA, financial institutions are directly supervised by the relevant European supervisory authorities. These supervisory authorities will assess compliance, require changes to non-compliant practices, and penalise ICT third party service providers for non-compliance.<\/p>\n<p>Carrying out activities for a financial institution may itself require a license as a financial institution, depending on the nature of the outsourced activities. An example of activities that require a license is the servicing of a loan portfolio for a bank.<\/p>\n<p>Financial institutions (understandingly) tend to down flow more obligations to (sub-) contractors than is required under DORA. This can lead to hefty debates or to the (sub-) contractor being forced to accept too much, since they don\u2019t\u2019 have sufficient leverage.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Competition law: To what extent might outsourcing arrangements require notification or approval under merger control rules?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Under Dutch (and European) merger control rules, if the outsourcing arrangement does not involve a transfer of assets or employees, there is, in principle, no merger control notification requirement. Even if the supplier to whom the services are outsourced (<em><i>i.e.<\/i><\/em>, the transferee) acquires the right to manage the assets and employees of the other contracting party (<em><i>i.e.<\/i><\/em>, the transferor), there is no merger control notification requirement if the assets and employees will be used exclusively to provide services for that other contracting party. The acquisition of control over assets in the context of outsourcing may trigger a merger control notification obligation if those assets constitute the whole or part of an undertaking \u2013 <em><i>i.e.<\/i><\/em>, a business that is present on the market and to which a market turnover can be attributed. This requires that the assets to be transferred will enable the transferee to perform services not only for the outsourcing transferor, but also for third parties, either immediately or within a short period after the transfer. In this case, the transfer associated with the outsourcing leads to a change in the market structure. This is the case if the transfer concerns an internal business unit or a subsidiary that already provides services for third parties. The assets transferred must include the necessary know-how (<em><i>e.g.<\/i><\/em>, the personnel involved and the IP) and the facilities enabling market access (<em><i>e.g.<\/i><\/em>, sales facilities). The transferred assets must therefore include at least those essential components that enable the acquirer to gain a foothold in the market within a short period of time. Business plans and the general characteristics of the market are taken into account. In the case of manufacturing, if no services are yet being provided for third parties, the assets transferred must include production facilities, product know-how (it is sufficient that the assets transferred make it possible to build up this capacity in the near future) and, if market access does not yet exist, the means by which the acquirer can develop market access within a short period of time (<em><i>e.g.<\/i><\/em>, on the basis of existing agreements or brands). Additional requirements must also be met for a merger control notification to be required. Leaving aside the EU merger control thresholds, a merger control notification in the Netherlands is only required if the contracting parties have a combined annual turnover of \u20ac 150 million or more worldwide, and each have an annual turnover of \u20ac 30 million or more in the Netherlands.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Competition law: To what extent are the terms of outsourcing agreements the subject of restrictions under competition law?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Like other arrangements, outsourcing agreements are subject to scrutiny under the Dutch (and\/or European) antitrust rules. The cartel prohibition provision of Article 6 and the dominance abuse provision of Article 24 of the Dutch Competition Act (<em><i>Mededingingswet<\/i><\/em>) thus apply to outsourcing agreements. As an example, outsourcing agreements between companies that prevent, restrict, or distort competition are essentially prohibited. Typical examples of prohibited behavior include price-fixing, market-sharing or territorial restrictions, limitations on innovation or technological development (<em><i>e.g.<\/i><\/em>, where the outsourcing agreement restricts one party\u2019s ability to develop new products or processes).<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Intellectual property (\u2018IP\u2019) rights: What IP (registrable and non-registrable) is typically created in the course of an outsourcing arrangement?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>In the course of an outsourcing arrangement sometimes copyrights are created. This is mainly the case if the supplier develops custom software.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Intellectual property (\u2018IP\u2019) rights: In an outsourcing arrangement, would any contractual terms or formal steps be required to vest supplier-created IP in the customer?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>To vest supplier-created IP in the customer the outsourcing agreement must contain the sacred wording from (article 2 of) the Dutch Copyright Act, which is based on the Berne Convention. It is crucial that the word \u201ctransfer\u201d (of copyrights) is used. This goes wrong very often, which means that the copyrights do not or not fully vest in the customer.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Intellectual property (\u2018IP\u2019) rights: How are confidential information, know-how and trade secrets protected in your jurisdiction?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Confidential information can be protected by contractual wording (non-disclosure etc). Know-how and trade secrets can be protected by contractual wording, but also by specific legislation based on an EU directive. This is the Act on the protection of trade secrets (\u201c<em><i>Wet bescherming bedrijfsgeheimen\u201d<\/i><\/em>). It is not required to register anything, to enjoy this protection.<\/p>\n<p>Legislation on tort may also offer protection.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Data: What is the regime in your jurisdiction for regulating the protection and processing of personal data and what are the main implications for outsourcing arrangements?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>In the event the outsourcing involves the processing of personal data, the restrictions on data processing and data security included in the EU General Data Protection Regulation (<strong><b>GDPR<\/b><\/strong>) must be taken into account. Depending on the circumstances, this could mean that the parties involved have to enter into agreements relating to the processing of personal data. The supplier may also have to implement measures to ensure that personal data is processed securely and only for purposes agreed with or allowed by the customer. If the outsourcing triggers cross-border personal data flows to countries that do not offer an adequate level of protection of personal data, the parties may have to enter into Standard Contractual Clauses (<strong><b>SCCs<\/b><\/strong>) (see question 20).<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Data: What is the regime in your jurisdiction for regulating the processing of non-personal data and what are the main implications for outsourcing arrangements?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>There are no general rules for regulating the processing of non-personal data. Sector-specific rules may be applicable to the security of non-personal data, as further discussed in the answer to question 14.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Cyber: Does your jurisdiction have specific cybersecurity legislation or regulations and what are the main implications for outsourcing arrangements?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>In the Netherlands, the main regulation regarding cybersecurity is the Network and Information Systems Security Act (<strong><b>Cybersecurity Act<\/b><\/strong>), which implements the EU Directive on the security of network and information systems (<strong><b>NIS Directive<\/b><\/strong>). The Cybersecurity Act identifies sectors that are vital for the aspects of economy and society that rely heavily on IT, such as transport, energy and healthcare. These sectors have to take appropriate security measures and ensure swift notification of any incidents to the relevant authorities. Providers of digital services (that are not small enterprises) also have to notify material data breaches in respect of their services to the authorities.<\/p>\n<p>The second EU NIS Directive (<strong><b>NIS 2<\/b><\/strong>) came into force in 2023 and should have been implemented into national legislation by 17 October 2024. The Dutch legislator held a public consultation of the draft legislation in 2024 and informed the public that the revised Cybersecurity Act will likely not come into effect before Q3 2025. NIS 2 can be summarized as follows:<\/p>\n<ul style=\"padding-left: 0\">\n<li>The scope is significantly broader that NIS, covering all medium-to large enterprises and public organisations that play an important role in the economy or society as a whole. For example, the NIS 2 covers social media service providers and the public administration.<\/li>\n<li>Covered entities have a duty of care to perform cybersecurity risk analyses on a continuous basis and to take measures to safeguard information and the continuity of their services.<\/li>\n<li>Cybersecurity incidents must be reported to the supervisory authorities within 24 hours. This includes incidents that potentially or actually disrupt the continuity of the services of the covered entity.<\/li>\n<li>Covered entities are subject to mandatory supervision.<\/li>\n<\/ul>\n<p>Although NIS 2 has not yet been implemented into Dutch legislation, parties entering into long-term agreements should take stock of the requirements imposed by NIS 2 to ensure future compliance.<\/p>\n<p>In addition to the cybersecurity Act, a number of sector-specific laws directly or indirectly govern cybersecurity relating to, among other things, energy production and distribution, water, telecommunications, air- and seaports, railways, healthcare, financial services (e.g. the DORA, see question 6), government entities and other critical infrastructure.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Technologies: To what extent are certain technologies commonly used in outsourcing arrangements (e.g. artificial intelligence, robotic process automation, cloud computing and blockchain\/distributed ledger technologies) the subject of specific regulations?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Technologies using artificial intelligence (<strong><b>AI<\/b><\/strong>) are subject to the EU Regulation on Artificial Intelligence (<strong><b>AI Regulation<\/b><\/strong>). In summary, the AI Regulation stipulates that:<\/p>\n<ul style=\"padding-left: 0\">\n<li>AI systems using unacceptable risk are prohibited (e.g. social scoring systems and manipulative AI)<\/li>\n<li>High-risk AI systems (e.g. with a safety component for regulated products or processing large amounts of personal data) must, among other requirements, establish a risk management system, conduct data governance and implement human oversight of the AI system<\/li>\n<li>Limited-risk AI systems are subject to transparency obligations, e.g. end-users must be aware they are interacting with AI when interacting with a chatbot<\/li>\n<li>Minimal risk AI systems (which covers many AI applications, such as standard robotic process automation and spam filters)<\/li>\n<\/ul>\n<p>In the financial sector, specific regulatory requirements may apply to the use of technologies such as algorithms (e.g. by high-frequency trading platforms) and the outsourcing of cloud computing.<\/p>\n<p>Blockchain in itself is not regulated in the Netherlands, but using this technology as a ledger for cryptocurrency, shares or other securities does require a license, among potential other requirements.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Employment law: Do your jurisdiction\u2019s employment laws and regulations have specific implications for outsourcing arrangements?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>In most outsourcing projects, the TUPE regulations (Transfer of Undertakings Protection of Employment regulations, based on the EU Directive) will apply. The purpose of these regulations (included in Section 7:662 et seq. of the Dutch Civil Code) is \u2013 as the name indicates \u2013 to protect the position of employees if (part of) the undertaking in which they predominantly work is transferred to the supplier. This means that the employee will automatically transfer to the supplier (refer the next question). Whether the TUPE regulations apply, is determined on a case-by-case basis. A condition for the applicability of TUPE regulations is that the outsourcing contract results in a transfer of a long-term economic activity. This is the case if the identity of (the part of) the undertaking in question is retained, whereby several factors play a role, such as the nature of the activity in question, whether material assets essential to the activity are transferred, whether the majority of the personnel (based on number or seniority) is taken over by the supplier and to what extent the activities carried out before and after the transfer correspond with each other.<\/p>\n<p>If the TUPE regulations do not apply to the outsourcing arrangement \u2013 for example, if the outsourcer\u2019s financial administration is outsourced without (the majority of) the personnel, the outsourcer has a statutory obligation to try to relocate\/redeploy staff members that become redundant as a result hereof.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Employment law: How are employees transferred under an outsourcing arrangement?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>If it concerns an outsourcing arrangement to which the TUPE regulations apply, the employees in question will transfer to the supplier by operation of law while retaining their rights and obligations. The supplier automatically becomes their new employer as of the transfer effective date. This not only concerns the rights and obligations that derive from the individual employment contract, but also the rights and obligations that derive from collective employment regulations and any collective labor agreement that may be applicable. Accrued seniority is also transferred, insofar as this is linked to a financial right that is also transferred, such as the applicable notice period or the statutory redundancy payment in the event of dismissal. A different arrangement may apply to pensions.<\/p>\n<p>If the employee objects to an automatic transfer of his employment, the employment relationship is deemed terminated by law on the transfer effective date.<\/p>\n<p>If the TUPE regulations do not apply to the outsourcing arrangement, there is no legal obligation for the supplier to take over employees from the outsourcer. However, if the supplier does want to take over employees, it is not bound by the employment conditions that apply between the relevant employee and the outsourcer. In that case, the supplier can in principle offer its own employment conditions. The employees cannot be forced to enter into an employment contract with the supplier. If the employee does not provide his consent, the employment contract with the outsourcer will remain in effect and the outsourcer will have to initiate a termination based on a redundancy ground if redeployment is no option.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Tax: What are the general tax considerations in your jurisdiction with implications for outsourcing arrangements?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>A foreign operation may constitute a permanent establishment (<strong><b>PE<\/b><\/strong>) abroad for a Dutch company. The presence of a PE largely depends on the tax treatment of the activities in the other jurisdiction. Under Dutch corporate income tax (CIT) law, profits taxed abroad through a PE are generally exempt from Dutch CIT. In line with transfer pricing rules, all intragroup transactions between related parties \u2013 including PEs \u2013 must be conducted at arm\u2019s length. These rules are designed to ensure that profits are taxed where the profit-generating activities actually take place. Transactions between related parties must therefore be priced as if they occurred between unrelated parties, under comparable conditions. Depending on local revenue thresholds, such transactions may need to be documented in transfer pricing documentation, such as a master file or local file. Some jurisdictions also levy withholding taxes on services. However, double taxation treaties may reduce the applicable statutory rates. Withholding taxes paid may be creditable against Dutch CIT, depending on the taxable results in the Netherlands. For most cross-border B2B services, the Netherlands applies the reverse charge mechanism, shifting the VAT reporting obligation to the Dutch recipient. As a result, the foreign PE may not need to register for Dutch VAT purposes. The Dutch \u2018innovation box\u2019 regime offers a reduced CIT rate for qualifying innovative R&amp;D activities. However, outsourcing these R&amp;D functions abroad may reduce eligibility for such tax incentives.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">ESG: Are there any specific ESG requirements in your jurisdiction (e.g. relating to carbon emissions, modern slavery, anti-bribery\/corruption, waste electronic equipment, etc.), and what are the implications of these for outsourcing arrangements?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>There are various ESG legislations applicable in the Netherlands, both at a national level and at an EU-wide level. These impose requirements on certain companies, corporate groups and their business partners. This includes ESG reporting, based on the Corporate Sustainability Reporting Directive, including on the impact of organizations&#8217; activities in their value chains. This requires outsourcing partners to provide detailed information to their customers, while customers are looking more critically to ESG performance of their outsourcing partners. In the future, the Corporate Sustainability Due Diligence Directive may also have an impact, but its implementation has been delayed. Specific rules can apply depending on the sector in which a company is active.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Cross-border: Do cross-border or multi-jurisdictional outsourcing arrangements raise any specific challenges or concerns in your jurisdiction (e.g. relating to export control or data transfer laws)?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Under the GDPR, personal data flows to countries outside the EEA are prohibited unless the parties can make use of a transfer mechanism included in Chapter V of the GDPR. Adequacy decisions of the European Commission (<strong><b>EC<\/b><\/strong>) are widely used as a transfer mechanism, as they do not require further action by the parties. The EC has made adequacy decisions regarding Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Republic of Korea, Switzerland, United Kingdom, United States (commercial organisations participating in the EU-US Data Privacy Framework) and Uruguay. Other transfer mechanisms that are often used are binding corporate rules incorporated by data controllers and Standard Contractual Clauses (<strong><b>SCCs<\/b><\/strong>).<\/p>\n<p>When using SCCs, it is required to carry out a data transfer impact assessment (<strong><b>DTIA<\/b><\/strong>) and if necessary, implement additional safeguards to mitigate any data protection risks. A DTIA includes an assessment of the laws and regulations of the country the personal data is transferred to, as well as an analysis of the level of data protection offered by foreign legislation and regulations against the EU data protection standards. The European Data Protection Board (<strong><b>EDPB<\/b><\/strong>) has issued guidelines on how these DTIAs should be carried out and the safeguards that can be implemented to mitigate risks. These safeguards may include ringfencing, proper encryption and pseudonymisation.<\/p>\n<p>Because of the additional protections awarded to special categories of personal data under the GDPR, cross-border transfer of such data is generally not permitted. Special categories of data are data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health, data concerning a natural person&#8217;s sex life or sexual orientation as well as data relating to criminal convictions and offences.<\/p>\n<p>Export control legislation is based on US and EU legislations and requirements. No specific rules apply to outsourcing.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Liability: Are there limits on what liabilities can be contractually excluded in your jurisdiction (e.g. are there certain liabilities which cannot be limited or excluded by law)?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>There are limitations to excluding liability with respect to personal data processing under the GDPR. In the event of damages of a data subject (i.e. a person whose personal data is being processed), liability cannot be completely excluded. Unless the outsourcing party and the supplier qualify as joint controllers, both parties are fully liable to the data subject.<\/p>\n<p>Furthermore, it is not possible to exclude or limit liability for wilful intent or gross negligence.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Disputes and enforcement: How are contractual disputes in outsourcing arrangements typically resolved in your jurisdiction and what remedies are commonly available in relation to contractual breaches?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Contractual disputes in outsourcing arrangements are typically resolved by the civil courts (70%). Mediation (10%) or arbitration (20%). The Dutch mediation and arbitration institute is of very high quality, but a lot cheaper than London and ICC. There is also an international chamber of the Dutch Court in Amsterdam, in which the proceedings are conducted in English. This is the Netherlands Commercial Court.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Disputes and enforcement: What, if any, other enforcement measures are typically relevant to outsourcing arrangements (e.g. regulatory fines and other sanctions)?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>No other enforcement measures are typically relevant to outsourcing arrangements.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\r\n<div class=\"word-count-hidden\" style=\"display:none;\">Estimated word count: <span class=\"word-count\">4071<\/span><\/div>\r\n\r\n\t\t\t<\/ol>\r\n\r\n<script type=\"text\/javascript\" src=\"\/wp-content\/themes\/twentyseventeen\/src\/jquery\/components\/filter-guides.js\" async><\/script><\/div>"}},"_links":{"self":[{"href":"https:\/\/my.legal500.com\/guides\/wp-json\/wp\/v2\/comparative_guide\/102540","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/my.legal500.com\/guides\/wp-json\/wp\/v2\/comparative_guide"}],"about":[{"href":"https:\/\/my.legal500.com\/guides\/wp-json\/wp\/v2\/types\/comparative_guide"}],"wp:attachment":[{"href":"https:\/\/my.legal500.com\/guides\/wp-json\/wp\/v2\/media?parent=102540"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}