{"id":103204,"date":"2025-04-28T09:23:08","date_gmt":"2025-04-28T09:23:08","guid":{"rendered":"https:\/\/my.legal500.com\/guides\/?post_type=comparative_guide&#038;p=103204"},"modified":"2025-09-01T13:54:41","modified_gmt":"2025-09-01T13:54:41","slug":"ireland-technology-outsourcing","status":"publish","type":"comparative_guide","link":"https:\/\/my.legal500.com\/guides\/chapter\/ireland-technology-outsourcing\/","title":{"rendered":"Ireland: Technology Outsourcing"},"content":{"rendered":"","protected":false},"template":"","class_list":["post-103204","comparative_guide","type-comparative_guide","status-publish","hentry","guides-technology-outsourcing","jurisdictions-ireland"],"acf":[],"appp":{"post_list":{"below_title":"<div class=\"guide-author-details\"><span class=\"guide-author\">A&amp;L Goodbody<\/span><span class=\"guide-author-logo\"><img src=\"https:\/\/my.legal500.com\/guides\/wp-content\/uploads\/sites\/1\/2019\/11\/al_new_logo_november_2017_copy-min.jpg\"\/><\/span><\/div>"},"post_detail":{"above_title":"<div class=\"guide-author-details\"><span class=\"guide-author\">A&amp;L Goodbody<\/span><span class=\"guide-author-logo\"><img src=\"https:\/\/my.legal500.com\/guides\/wp-content\/uploads\/sites\/1\/2019\/11\/al_new_logo_november_2017_copy-min.jpg\"\/><\/span><\/div>","below_title":"<span class=\"guide-intro\">This country specific Q&amp;A provides an overview of Technology Outsourcing laws and regulations applicable in Ireland<\/span><div class=\"guide-content\"><div class=\"filter\">\r\n\r\n\t\t\t\t<input type=\"text\" placeholder=\"Search questions and answers...\" class=\"filter-container__search-field\">\r\n\t\t\t<\/div>\r\n\r\n\t\t\t\r\n\r\n\r\n\t\t\t<ol class=\"custom-counter\">\r\n\r\n\t\t\t\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Market overview: Please provide a high-level overview of the outsourcing market in your jurisdiction (e.g. who are the key players and in what sectors (public and private) are you seeing outsourcing services being adopted)?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Outsourcing in Ireland is popular across a number of sectors (including e.g. financial services), with a high number of outsourcings relating to the procurement of IT services as companies seek to outsource functions or services which require external expertise and capabilities.<\/p>\n<p>Given the number of major international companies headquartered in Ireland, companies frequently outsource functions and services within their own company group, including group companies which are located elsewhere in the EU, in the UK or in the US.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Market overview: What is the current attitude of the government and of regulators to the use of outsourcing in your jurisdiction?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Across industries which are subject to greater regulation and oversight, regulators view outsourcing arrangements as having the potential to introduce risk which, if not managed, could be exploited, particularly in respect of continuity of key services within Ireland and cybersecurity vulnerabilities. The introduction of the EU Digital Operational Resilience Act (<strong>DORA<\/strong>) within Ireland and the impending transposition of the EU NIS2 Directive in Ireland are recent examples of an increasing focus on the way in which regulated entities and certain critical service providers manage supply chain and third-party risk.<\/p>\n<p>In recent times, we have also seen greater focus from financial services regulators on the outsourcing of services to entities within the same corporate group, with the expectation of some regulators being that intragroup arrangements ought to be treated as though the arrangements are with a third-party provider.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Procurement: Are there specific procurement-related laws or regulations governing outsourcing by public sector or government bodies?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Irish procurement law, regulations and guidelines apply to outsourcing by contracting authorities and contracting entities in the public sector, utilities and defence sectors. The substantive procedural rules apply where the estimated contract value exceeds applicable EU thresholds. The substantive rules are contained in the following Regulations which implement EU public procurement law in Ireland:<\/p>\n<ul style=\"padding-left: 0\">\n<li>the European Union (Award of Public Authority Contracts) Regulations 2016 (SI 284\/2016) (Public Contracts Regulations) which implements Directive 2014\/24\/EU into Irish law;<\/li>\n<li>the European Union (Award of Contracts by Utility Undertakings) Regulations 2016 (SI 286\/2016) which implements Directive 2014\/25\/EU (Utilities Regulations) into Irish law;<\/li>\n<li>the European Union (Award of Concession Contracts) Regulations 2017 (SI 203\/2017) (Concessions Regulations) which implements EU Directive 2014\/23\/EU into Irish law; and<\/li>\n<li>the European Union (Award of Contracts Relating to Defence and Security) Regulations 2012 (SI 62\/2012) (Defence Regulations) (as amended) which implements Directive 2009\/81\/EC into Irish law.<\/li>\n<\/ul>\n<p>The rules setting out the remedies for a breach of the substantive procurement rules are contained in the following Regulations:<\/p>\n<ul style=\"padding-left: 0\">\n<li>the European Communities (Public Authorities\u2019 Contracts) (Review Procedures) Regulations 2010 (as amended) (SI 130\/2010) (Public Contracts Remedies Regulations);<\/li>\n<li>the European Communities (Award of Contracts by Utility Undertakings) (Review Procedures) Regulations 2010 (as amended) (SI 131\/2010) (Utilities Remedies Regulations); and<\/li>\n<li>the European Union (Award of Concession Contracts) (Review Procedures) Regulations (SI 326\/2017) (Concessions Remedies Regulations).<\/li>\n<\/ul>\n<p>The Public Procurement Guidelines for Goods and Services apply to contracts which are both above and below EU thresholds.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Procurement: Are there specific procurement-related laws or regulations governing outsourcing by private sector organisations?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>The Utilities Regulations (referenced above) apply to certain private sector organisations operating in the water, energy, transport and postal sectors which have been granted special or exclusive rights by a competent authority of an EU Member State. There are no other specific procurement rules governing outsourcing by private sector organisations.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Laws and Regulations: Are there any other specific laws or regulations that apply to outsourcing? If not, what key general laws and regulations are most relevant?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>The general law in respect of contracts is the most relevant to outsourcing arrangements. While Irish contract law principles are mostly closely aligned with the approaches taken by UK courts interpreting English contract law, there are some specific divergences in the law which are relevant to note. For example:<\/p>\n<ol style=\"padding-left: 0\">\n<li><strong>penalty clauses:<\/strong> agreed sums (e.g. service credits or liquidated damages) which are not a genuine pre-estimate of loss will be unenforceable penalties; and<\/li>\n<li><strong>application of EU laws: <\/strong>in addition to general contract law principles, there are EU laws which apply to Irish contracts. Even if not specifically referred to in a contract, these EU laws may still apply. For example, the EU Commercial Agents Directive (86\/653\/EEC), implemented in Ireland by the Commercial Agents Regulations of 1994 and 1997 mandates certain rights and obligations of commercial agents and principals, including specifics of remuneration, termination rights and general duties.<\/li>\n<\/ol>\n<p>The Sales of Goods and Supply of Services Act 1980 (as amended) (<strong>SGSSA<\/strong>) also implies certain terms into contracts for goods and services on a business-to-business basis. Specifically, these include implied terms relating to merchantability and fitness for purpose of goods and in the case of services contracts, implied terms relating to the provider having the necessary skill to provide the services and that the supply of the service will be performed with due skill, care and diligence.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Laws and Regulations: Do any specific regimes apply to outsourcing arrangements in particular sectors (e.g. financial services)?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>For companies within the financial sector, the minimum contracting requirements set out in DORA and the Central Bank of Ireland\u2019s Cross-Industry Guidance on Outsourcing may apply. Specifically, DORA requires that certain in-scope financial entities ensure that all contracts for ICT services contain a minimum set of contractual rights and obligations, and the nature of such rights and obligations differ depending on the classification of the arrangement.<\/p>\n<p>DORA does not apply to all entities within the financial sector. If an entity is regulated by the Central Bank of Ireland, but is not subject to DORA, it will still be required to meet the contracting standards set out in the Central Bank of Ireland\u2019s Cross-Industry Guidance on Outsourcing. This guidance sets out similar minimum requirements as those identified under DORA.<\/p>\n<p>In insurance situations, the EU Solvency II regime also applies to outsourcings in that sector.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Competition law: To what extent might outsourcing arrangements require notification or approval under merger control rules?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>It would normally be reasonably unlikely that an outsourcing arrangement would trigger Irish merger control. The Irish merger control regime which is contained in part 3 of the Competition Act 2002 (as amended) applies to transactions where:<\/p>\n<ul style=\"padding-left: 0\">\n<li>two or more undertakings merge, or<\/li>\n<li>there is an acquisition of direct or indirect control of the whole or part of an undertaking or the creation of a full function joint venture, or<\/li>\n<li>there is an acquisition of assets (that may include goodwill) that constitute a business to which a turnover can be attributed.<\/li>\n<\/ul>\n<p>If the outsourcing arrangement constitutes a merger or acquisition (which is unlikely) the parties are required to notify the Competition and Consumer Protection Commission (<strong>CCPC<\/strong>) where certain financial thresholds are met. Mergers and acquisitions that do not meet the financial thresholds but which may raise competition concerns can be notified to the CCPC on a voluntary basis. The CCPC also has the power to \u2018call in\u2019 mergers or acquisitions which may, in its opinion, have an effect on competition.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Competition law: To what extent are the terms of outsourcing agreements the subject of restrictions under competition law?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>In Irish national competition law, section 4(1) of the Competition Act 2002 (as amended) prohibits agreements that have as their object or effect the prevention, restriction or distortion of competition in any market in Ireland. An agreement which falls within section 4(1) may nevertheless be compliant with competition law where it promotes technical or economic progress and provides a fair share of the resulting benefit to consumers. There are particular rules and guidance applicable to commercial agreements depending on whether an agreement is a horizontal agreement (i.e. an agreement between actual or potential competitors) or a vertical agreement (i.e. between companies operating at different levels of the supply chain).<\/p>\n<p>Particular care needs to be taken when drafting and negotiating outsourcing agreements between competitors to ensure, for example, that there is no exchange of competitively sensitive information. The CCPC has the power under the Competition Act 2002 to investigate and take action against undertakings that may have breached the competition rules.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Intellectual property (\u2018IP\u2019) rights: What IP (registrable and non-registrable) is typically created in the course of an outsourcing arrangement?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>The IP created in the course of an outsourcing arrangement will typically depend on the nature of the services being provided. Copyright is the most common type of IP created in outsourcing arrangements and, generally speaking, IP created in this context can be placed into two categories: (1) new IP which is developed by one or more parties for the purposes of the Agreement; and (2) modifications which are made to a party\u2019s pre-existing (i.e. background) IP.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Intellectual property (\u2018IP\u2019) rights: In an outsourcing arrangement, would any contractual terms or formal steps be required to vest supplier-created IP in the customer?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Yes, in addition to including a clause which specifies that any (or certain) IP created by the supplier during the course of, or in connection with, the services provided is to be vested in or owned by the customer, the contract should also include an express assignment from the supplier in favour of the customer and an obligation on the supplier to take any necessary further steps to effect that assignment.<\/p>\n<p>Any assignment of IP must be in writing in order to be valid and enforceable. If moral rights arise in connection with the outsourcing, such rights can be waived, but cannot be assigned (as set out in section 118 of the Copyright and Related Rights Act 2000).<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Intellectual property (\u2018IP\u2019) rights: How are confidential information, know-how and trade secrets protected in your jurisdiction?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Confidential information is protected in Ireland in accordance with common law principles (breach of confidence), but this is typically strengthened by the inclusion in an outsourcing agreement of bespoke confidentiality obligations.<\/p>\n<p>Know-how is not typically afforded specific protection outside of the copyright laws referred to above and the potential for trade secret protection mentioned below, although it is common to include know-how as a category of confidential information that is protected by the confidentiality provisions in an outsourcing agreement.<\/p>\n<p>Trade secrets are protected by the European Union (Protection of Trade Secrets) Regulations 2018 which transposed EU Directive 2016\/943 and which sets out remedies available in the event of the unlawful acquisition, use or disclosure of a trade secret.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Data: What is the regime in your jurisdiction for regulating the protection and processing of personal data and what are the main implications for outsourcing arrangements?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>The EU General Data Protection Regulation (<strong>GDPR<\/strong>) applies in Ireland, along with the Data Protection Act 2018.<\/p>\n<p>In accordance with the GPDR, the parties should consider and document their respective roles and responsibilities in connection with the personal data processed as part of the outsourcing. Typically, the view is taken that the service provider is acting on behalf of the customer and as such is a processor on behalf of the customer as controller of the relevant personal data. Any such processing of personal data in outsourcing contracts must comply with the specific contractual requirements of Article 28 GDPR.<\/p>\n<p>To the extent that an outsourcing involves the transfer of personal data outside of the EEA, outsourcing arrangements must also take account of the GDPR\u2019s transfers requirement, e.g. it is common that the parties include the relevant EU standard contractual clauses (also called model clauses) which reflect the relevant relationship between the parties (e.g. from an EU controller to a non-EEA processor).<\/p>\n<p>If a potential outsourcing relates to, or may involve, a processing which presents a high risk to the privacy of individuals, a data protection impact assessment must be undertaken in accordance with the GDPR.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Data: What is the regime in your jurisdiction for regulating the processing of non-personal data and what are the main implications for outsourcing arrangements?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>There are no specific existing regimes in relation to the processing of non-personal data, other than the requirement to ensure certain contractual provisions relating to the protection of personal and non-personal data are included in ICT services contracts which fall within the scope of DORA. The EU Data Act will apply from September 2025 and may be relevant to outsourcing post-that date.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Cyber: Does your jurisdiction have specific cybersecurity legislation or regulations and what are the main implications for outsourcing arrangements?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>The European Union (Measures for a High Common Level of Security of Network and Information Systems) Regulations 2018 (<strong>NIS1 Regulations<\/strong>) gives effect to the EU NIS1 Directive in Ireland. While there are no specific obligations relating to outsourcing under that directive, in-scope entities are subject to incident notification obligations which they may seek to impose on their key outsourcing providers.<\/p>\n<p>There are also other sector-specific laws such as the European Union (Electronic Communications Code) Regulations 2022 (<strong>EECC Regulations<\/strong>) which applies to certain entities in the telecommunications sector and imposes obligations relating to security measures and incident reporting obligations.<\/p>\n<p>The EU NIS2 Directive is currently in the process of being transposed in Ireland by way of the National Cyber Security Bill and will eventually replace and broaden the scope of the current NIS1 Regulations and EECC Regulations. For companies falling within the scope of NIS2 (e.g. certain transport undertakings, providers of social networking services platforms, cloud computing service providers), in order to enable them to practically comply with the cybersecurity risk-management measures identified in Article 21 of NIS2, contracts with suppliers of those entities should contain sufficient:<\/p>\n<ul style=\"padding-left: 0\">\n<li>information security and data protection standards which ensure the ongoing security of personal and non-personal data processed in connection with the outsourcing and which reflect the policies the regulated entity has adopted in respect of supply chain security;<\/li>\n<li>rights which enable the regulated entity to ensure the continuity of services provided to it (and in turn, services provided to its clients, end-users or customers);<\/li>\n<li>obligations imposed on the supplier in relation to incident reporting so that the regulated entity can appropriately report to the National Cyber Security Centre significant incidents in accordance with NIS2; and<\/li>\n<li>rights which enable it to comply with its own obligations under NIS2.<\/li>\n<\/ul>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Technologies: To what extent are certain technologies commonly used in outsourcing arrangements (e.g. artificial intelligence, robotic process automation, cloud computing and blockchain\/distributed ledger technologies) the subject of specific regulations?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>The EU Cyber Resilience Act has been enacted in the EU and the main obligations introduced by the Act will apply from 11 December 2027. The Cyber Resilience Act may be relevant where the outsourcing involves or relates to the manufacture, distribution or importing of products within the scope of the Act.<\/p>\n<p>The EU AI Act has been enacted and applies in Ireland, however, the obligations are being applied in a phased manner. The EU AI Act applies to providers and deployers, even where they are not located within the EU but are making available on the market or putting into service AI systems in the EU, or where the output produced by the AI system is used in the EU. The definition of an AI system is broad and could capture a range of uses of AI. Outsourcing arrangements which involve the provision or deployment of AI should be assessed against the then-current obligations under the EU AI Act and drafted to take account of those requirements, including for example by:<\/p>\n<ul style=\"padding-left: 0\">\n<li>requiring the parties to ensure that the use of the AI is not a use case prohibited by the EU AI Act (e.g. biometric categorisations of race, religion, sexual orientation), which is a prohibition in force as at the date of this Guide; and<\/li>\n<li>requiring the parties to comply with any specific obligations based on the nature of the AI system in use, including for example any obligations specific to high-risk AI systems.<\/li>\n<\/ul>\n<p>While there are no specific regulations in relation to blockchain, distributed ledger technologies or robotic process automation, providers of cloud computing services are subject to the NIS Regulations and will be subject to the National Cyber Security Bill once adopted. These laws do not require any specific treatment of cloud computing in outsourcing arrangements, however, cloud computing service providers may need to take steps to address supply chain risks identified in connection with any outsourcing to third parties.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Employment law: Do your jurisdiction\u2019s employment laws and regulations have specific implications for outsourcing arrangements?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>The relevant legislation in Ireland is the European Communities (Protection of Employees on Transfer of Undertakings) Regulations 2003 (as amended) (<strong>TUPE<\/strong> or the <strong>TUPE Regulations<\/strong>).\u00a0 These Regulations can apply to a range of business sales\/restructuring, including outsourcing arrangements.<\/p>\n<p>Any outsourcing (often described as a first-generation transfer) or insourcing or a change of service provider (often described as a second-generation outsourcing), involves an assessment of whether TUPE applies or not. In general, the Irish courts apply the established employment law analysis set out in the European case law in determining whether TUPE applies.<\/p>\n<p>The principles which apply to a second-generation outsourcing were summarised by the Irish High Court and include the following:<\/p>\n<ol style=\"padding-left: 0\">\n<li>All circumstances must be looked at (but none can be considered in isolation) including:\n<ul style=\"padding-left: 5\">\n<li>the type of undertaking or business in question;<\/li>\n<li>whether or not its tangible assets, such as buildings and movable property, are transferred;<\/li>\n<li>the value of its intangible assets at the time of the transfer;<\/li>\n<li>whether or not the majority of its employees are taken over by the new employer;<\/li>\n<li>whether or not its customers are transferred;<\/li>\n<li>the degree of similarity between the activities carried on before and after the transfer; and<\/li>\n<li>the period, if any, for which those activities were suspended.<\/li>\n<\/ul>\n<\/li>\n<li>The degree of importance to be attached to each criterion will vary depending on the business activity, its production or operating methods.<\/li>\n<\/ol>\n<p>The analysis is, obviously, very fact dependent and so it is generally difficult to be definitive as to whether TUPE applies to an outsourcing arrangement, without a detailed review of the fact pattern. Further, where the relevant activity is labour reliant, TUPE will generally only apply where a considerable portion of the workforce (in terms of skills or numbers) transfer and thus, it can be possible to trigger a TUPE (or not) depending on the approach taken.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Employment law: How are employees transferred under an outsourcing arrangement?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p><em>Transfer of rights and liabilities<\/em><\/p>\n<p>The rights and obligations of the transferor (i.e. the previous employer\/service provider) in respect of the transferring employees as at the date of transfer, will transfer to the transferee (with some limited exceptions). In practice, this means that the transferee essentially steps into the shoes of the transferor, as if the employees were always employed by the transferee i.e. the employee T&amp;Cs remain unchanged, service is recognised, rights\/terms arising from collective agreements generally remain in force and so on. As the transferee inherits any employment liabilities (e.g. employee claims), it is common for the transferor and transferee to agree to share these liabilities, often by way of reciprocal indemnities.<\/p>\n<p><em>Information and consultation<\/em><\/p>\n<p>In advance of the transfer, both the transferor and transferee must inform their respective employees affected by the transfer, via their representatives of:<\/p>\n<ul style=\"padding-left: 0\">\n<li>The date or proposed date of the transfer<\/li>\n<li>The reasons for the transfer<\/li>\n<li>The legal implications of the transfer for the employees and a summary of any relevant economic and social implications of the transfer; and<\/li>\n<li>Any measures envisaged regarding the employees (e.g. any potential redundancies).<\/li>\n<\/ul>\n<p>The transferor must provide this information at least 30 days before the transfer, where reasonably practicable, and in any event, in good time before the transfer occurs.<\/p>\n<p>Similarly, if any changes to transferring employee terms and conditions are envisaged\/expected, consultation with employee representatives should also take place within this time frame, with a view to reaching agreement.<\/p>\n<p><em>Replicating terms and conditions<\/em><\/p>\n<p>TUPE generally prohibits any changes to employee terms and conditions as a result of the transfer, and employees may take a claim under the TUPE Regulations in this regard. In practice, it is common for terms and conditions of employment to be harmonised post transfer, following a period of consultation with the relevant employees.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Tax: What are the general tax considerations in your jurisdiction with implications for outsourcing arrangements?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>The main Irish tax matter to be considered in an outsourcing arrangement is typically the VAT treatment of the outsourced service supplied. This is particularly the case where the Irish service recipient has no, or limited, VAT recovery entitlement, as is often the case in the financial services industry in particular.<\/p>\n<p>VAT does not arise where an activity is carried out by a company\u2019s own employees \u201cin-house\u201d. Where activities are outsourced, are chargeable to VAT, and that VAT cost is irrecoverable, in whole or in part, for the service recipient, that should result in a cost that should need to be taken into account when the benefits to be achieved by the outsourcing are being considered.<\/p>\n<p>Where a VAT chargeable outsourced service is provided by another Irish group company, thought may be given to an Irish VAT group registration in order to avoid a VAT cost arising. CJEU case law may be relevant when considering the VAT treatment of outsourced services, and whether VAT exemption may apply.<\/p>\n<p>Where outsourced services are supplied by a group company, Irish transfer pricing rules may apply in respect of the service fee, although SMEs are currently excluded from the scope of Irish transfer pricing rules.\u00a0Irish withholding tax should not be expected to apply in respect of service fees.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">ESG: Are there any specific ESG requirements in your jurisdiction (e.g. relating to carbon emissions, modern slavery, anti-bribery\/corruption, waste electronic equipment, etc.), and what are the implications of these for outsourcing arrangements?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>The majority of the ESG related legislation that is relevant from an outsourcing perspective stems from the EU including sustainability reporting and due diligence obligations. For example, to comply with their sustainability reporting obligations under the European Union (Corporate Sustainability Reporting) Regulations 2024 (as amended), organisations may require information from those in their value chain which would include outsourcing service providers.<\/p>\n<p>The EU Corporate Sustainability Due Diligence Directive introduces a due diligence duty for large EU companies and non-EU companies with significant EU activity to identify, prevent, mitigate, bring to an end and account for certain adverse human rights and environmental impacts including in their value chains. While this legislation has not yet been transposed into Irish law, its provisions should be borne in mind when entering into outsourcing arrangements with businesses that are likely to be in scope.<\/p>\n<p>Outsourcing arrangements should take account of other legislation imposing due diligence obligations on businesses, such as the Regulation on Deforestation-free products, as relevant.<\/p>\n<p>With outsourcing service providers forming part of an organisation\u2019s value chain, it is important that documentation relating to outsourcing arrangements clearly articulates how such obligations will be complied with and what steps can be taken in the event of non-compliance. For example, if as part of a due diligence process on an existing provider, an adverse impact on the environment is identified, the parties need to be clear on what this means for the business relationship and how this will be managed.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Cross-border: Do cross-border or multi-jurisdictional outsourcing arrangements raise any specific challenges or concerns in your jurisdiction (e.g. relating to export control or data transfer laws)?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>In addition to the data transfers (i.e. of data to outside the EEA) requirements of the GDPR mentioned above, the Control of Exports Act 2023 regulates the export of controlled goods, alongside EU export control regulations, with particular focus on the export of dual-use and military goods from Ireland to other countries. Outsourcing arrangements (e.g. IT\/software) involving any goods regulated by EU export control regulations, or the Control of Exports Act 2023 should take into account the respective obligations of the parties under those laws.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Liability: Are there limits on what liabilities can be contractually excluded in your jurisdiction (e.g. are there certain liabilities which cannot be limited or excluded by law)?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>For business-to-business contracts, liability cannot be contractually excluded in Ireland for misrepresentation or for access to any remedy available to a person by reason of the misrepresentation, unless the exclusion is fair and reasonable (section 46 of the SGSSA). There are otherwise no restrictions on the limitation of liability for death, personal injury or negligence under Irish law (in respect of business-to-business contracts only), but it is market practice for these losses not to be excluded.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Disputes and enforcement: How are contractual disputes in outsourcing arrangements typically resolved in your jurisdiction and what remedies are commonly available in relation to contractual breaches?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Contractual disputes in outsourcing arrangements are typically resolved in line with the agreed dispute resolution mechanisms of the parties, which most commonly include initial escalation to relevant management personnel of each party, followed by more formal dispute resolution options if the parties are unable to resolve the dispute (e.g. litigation in the courts or arbitration).<\/p>\n<p>The remedies available for contractual breaches are those available under law, including, most relevantly, damages or specific performance. Parties also commonly make use of other contractual remedies including termination for material breach of the agreement and the payment of service credits or liquidated damages on the occurrence of defined events.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Disputes and enforcement: What, if any, other enforcement measures are typically relevant to outsourcing arrangements (e.g. regulatory fines and other sanctions)?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Failure to comply with the GDPR or specific regulations relevant to the outsourcing arrangement can attract regulator attention and significant fines.<\/p>\n<p>For customers which are subject to cybersecurity regimes or oversight by regulators such as the Central Bank of Ireland, statutory audit rights granted under Irish law to regulators should be factored into outsourcing arrangements to ensure that the customer has appropriate rights to facilitate requests for information or audits by the relevant regulators. This is becoming an increasingly popular request from regulators in Ireland, meaning that audit rights need to be broad enough to allow prompt responses to regulators and confidentiality clauses require carve outs to ensure information can be shared with regulators as required.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\r\n<div class=\"word-count-hidden\" style=\"display:none;\">Estimated word count: <span class=\"word-count\">4566<\/span><\/div>\r\n\r\n\t\t\t<\/ol>\r\n\r\n<script type=\"text\/javascript\" src=\"\/wp-content\/themes\/twentyseventeen\/src\/jquery\/components\/filter-guides.js\" async><\/script><\/div>"}},"_links":{"self":[{"href":"https:\/\/my.legal500.com\/guides\/wp-json\/wp\/v2\/comparative_guide\/103204","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/my.legal500.com\/guides\/wp-json\/wp\/v2\/comparative_guide"}],"about":[{"href":"https:\/\/my.legal500.com\/guides\/wp-json\/wp\/v2\/types\/comparative_guide"}],"wp:attachment":[{"href":"https:\/\/my.legal500.com\/guides\/wp-json\/wp\/v2\/media?parent=103204"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}