Outsourcing: Spain overview
A Q&A guide to outsourcing in Spain.
This Q&A guide gives a high level overview of legal and regulatory requirements on different types of outsourcing; commonly used legal structures; procurement processes; formalities required for transferring or leasing assets; data protection issues; customer remedies and protections; contracting parties' remedies; dispute resolution; and the tax issues arising on an outsourcing.
To compare answers across multiple jurisdictions, visit the Outsourcing Country Q&A tool.
This Q&A is part of the global guide to outsourcing. For a full list of jurisdictional Q&As, visit www.practicallaw.com/outsourcing-guide.
For the rules relating to transferring employees, visit Transferring employees on an outsourcing in Spain: overview.
Regulation and requirements
The regulation of outsourcing has largely been driven by international regulations such as the EU Capital Requirements Directives (CRD), which establish a legal framework for credit institutions in the EU. The original CRD were replaced by a new legislative package, Directive 2013/36/EU on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC (Capital Requirements Directive IV), applicable from January 2014. In Spain, the Capital Requirements Directive IV has been implemented through the following rules:
Royal Decree-law No. 14/2013 of 29 November, on urgent measures to adapt Spanish law to EU regulations on the subject of supervision and solvency of financial entities.
Law No. 10/2014 of 26 June, on the organisation, supervision and solvency of credit institutions.
Royal Decree No. 84/2015 of 13 February, implementing Law No. 10/2014.
Royal Decree No. 358/2015 of 8 May, amending Royal Decree No. 217/2008 of 15 February, on the legal framework of investment firms and other entities providing investment services, and partially modifying the Regulation of Law No. 35/2003 of 4 November, on investment firms, approved by Royal Decree No. 1309/2005.
These rules establish a specific framework on outsourcing in the financial sector (see Question 3). In addition to this legislative framework, the Committee of European Banking Supervisors (CEBS), currently, European Banking Authority (EBA), 2006 Guidelines on Outsourcing, and the EBA 2011 Guidelines on Internal Governance must also be considered.
The Securities Market Commission (Comisión Nacional del Mercado de Valores) (CNMV) and the Bank of Spain are the statutory regulators under the Spanish financial legislative framework.
Other than in relation to financial institutions, there are no additional regulations relevant to a business process outsourcing.
IT and cloud services
There are no specific regulations on the outsourcing of IT systems. However, IT outsourcing usually involves the application of certain rules, for example:
Organic Law No. 15/1999 of 13 December, on the Protection of Personal Data (Data Protection Act).
Royal Decree No. 1720/2007 of 21 December, approving the Regulations implementing Organic Law No. 15/1999 (Data Protection Regulation).
Intellectual Property Law approved by Royal Legislative Decree No. 1/1996 of 12 April.
General Telecommunications Act No. 9/2014 of 9 May (Telecoms Act).
These rules apply in particular to IT outsourcing services such as cloud computing. While there is no comprehensive Spanish legislation on cloud computing, certain rules set out in the above legislation regulate specific aspects of this particular service. Additional regulations can also apply to the provision of cloud services depending on the particular sector.
Telecoms services in Spain are regulated by the Telecoms Act, which does not directly prevent or restrict a telecommunications operator from outsourcing.
Spanish procurement regulation is based on EU legislation. The Law No. 30/2007 of 30 October, on Public Sector Contracts (PSCL) is the key law applicable to public works, supply and services agreements signed with public administrations before December 2011. The PSCL was amended by a consolidated text adopted by Royal Legislative Decree No. 3/2011 of 14 November. At national level, other relevant regulation is the Royal-Decree No. 1098/2001 of 12 October approving the General Regulations of the Law on Public Sector Contracts Law.
Furthermore, different regulations at sub-national level apply. In particular:
At regional level, some Spanish regions (Autonomous Communities) have passed legal provisions governing public procurement in their respective territories.
At local level, the public procurement framework comprises various laws applicable to all Spanish local entities:
Law 7/1985 of 2 April, regulating Local Government;
Law 30/1992 of 26 November, on the Public Administration Legal System and General Administrative Procedure.
Article 42 of the Statute of Workers regulates outsourcing processes when they affect a company's core activities. Article 42 defines the following:
Valid outsourcing processes (rather than illegal assignments of employees, which take place when the supplier does not actually provide any services and only provides manual labour to the client).
Client and supplier's:
employment and social security liabilities; and
Health and Safety regulations also establish specific provisions for cases where the supplier provides services at the customer's place, whether owned or leased (that is, co-ordination obligations in health and safety regulations for companies that share their premises with other companies) (Article 24, Law No. 31/1995, of 8 November, on Occupational Risks Prevention).
Outsourcing covers an extremely wide range of activities. Therefore, the regulations applicable to other kinds of outsourcing must be assessed on a case-by-case basis.
Credit institutions can delegate the provision of services or the exercise of functions to a third party if they adhere to the following conditions (Royal Decree No. 84/2015):
Outsourcing must not leave a void in the credit institution's functions/activities.
Outsourcing must not reduce the internal control capacities of the credit institution and the supervision capacities of the Bank of Spain and the European Central Bank.
Outsourcing must not cover activities reserved exclusively to credit institutions.
Delegation by credit institutions to a third party does not reduce their liability for compliance with all legal obligations.
When delegating essential services or functions, the following requirements apply:
Delegation must never involve the transfer of liability by the institution's board and senior management.
Delegation cannot affect the relations and obligations of credit institutions with their clients and the supervision authority.
The conditions that credit institutions must meet to obtain and keep the authorisation to exercise their banking functions cannot be altered, eliminated or modified as a result of the existence of a delegation agreement.
The delegation agreement must be in writing and specify the parties' rights and obligations.
Credit institutions must formulate and execute an objective and integral policy for the appropriate management of their delegation of essential services or functions.
A service or a function is considered essential if any deficiency in its execution can either:
Considerably affect the credit institution's capacity to permanently comply with the conditions and obligations under its authorisation.
Affect the credit institution's financial results, its solvency or the continuity of its banking activity.
The Bank of Spain can specify the requirements and conditions under which delegation by credit institutions can be carried out. Bank of Spain Circular No. 3/2008 contains more detail on the extent to which delegation is permitted. However, a new Draft Circular regulating these aspects is currently being developed.
The Bank of Spain or, where appropriate, the European Central Bank supervise compliance with the provisions of Royal Decree No. 84/2014 regarding outsourced activities.
Credit institutions providing investment services must comply with additional requirements set out in Royal Legislative Decree No. 4/2015 of 23 October, approving the consolidated text of the Securities Market Law.
Outsourcing agreements are usually structured as follows:
Direct/indirect outsourcing. Most outsourcing transactions adopt the traditional model, that is, a services agreement between supplier and client/customer. Outsourcing is indirect when the supplier subcontracts the services simultaneously to a third supplier. Many relationships are based on a framework or master services agreement. This approach facilitates the addition of further services and can accommodate local service agreements where required under multi-jurisdictional arrangements.
Multi-sourcing. This is where the customer signs agreements with various suppliers. Some companies implement a multi-sourcing strategy to avoid being over-dependent on a single supplier and to get greater business flexibility. However, managing multiple suppliers adds increased complexity and costs. Therefore, some companies also outsource their procurement function to assist with the management of multiple suppliers.
Joint venture. This is where the customer and supplier set up a company or partnership for the outsourcing. This structure looks commercially attractive and offer a customer greater control, but it adds additional complexity to the arrangement and can require more management time.
Captive entity. Some companies have established captives (usually a wholly owned subsidiary) in lower cost offshore jurisdictions. These provide services to support the company's core business, often using a shared services structure. This provides the outsourcing company greater control over the services. However, the outsourcing company bears the cost of setting up (to the extent required) and operating the captive. Therefore, the cost savings associated with outsourcing may not be realised.
There are many other outsourcing structures, which are used depending on the sector and the circumstances of each case.
The most appropriate sourcing strategy depends on the customer's needs and objectives. Engaging multiple suppliers can limit risks, encourage suppliers to be competitive and provide a fallback strategy if one supplier withdraws. However, managing multiple suppliers is more complex and time consuming.
Typically, a customer identifies its business requirements for outsourcing and undertakes a baseline review to assess current services, systems and associated costs. This forms benchmarks for performance and service levels, and confirms its outsourcing business case.
The customer can issue a request for information (RFI) describing the services to be outsourced and requesting information about suppliers' capabilities and experience. It also investigates the market, to understand the likely price for the required services.
If a tender is chosen, the customer prepares a detailed request for proposal (RFP), containing all relevant information to enable suppliers to submit their best bids, including a full description of the customer's business, the required services and the expected outcomes.
Suppliers are then given time for due diligence and preparation of their responses to the RFP.
The customer evaluates bidders' responses and undertakes due diligence into each potential supplier (for example, personnel interviews, reference site visits, verifying references and financials) before selecting its preferred supplier.
Transferring or leasing assets
Formalities for transfer
The sale and purchase of immovable property in Spain must be formalised in a public deed before a notary that must be registered at the Land Registry to have legal effect. The transferor must pay tax on capital gain resulting from the transfer. The transferee must pay VAT and stamp duty as a general rule and, in some cases, must pay the transfer tax. Transfer of title to immovable property outside Spain is governed by the laws of the relevant jurisdiction.
IP rights and licences
The transfer of Spanish patents, designs and trademarks (registered or applied) is generally carried out by way of assignment. Patent and design assignments must be in writing to be effective and registered to become enforceable. Assignments for trade marks do not have to be in writing to be effective. However, they must be in writing to be registered in the Trade mark Register managed by the Patents and Trade marks Office (Oficina Española de Patentes y Marcas) (OEPM) to be enforceable.
For copyright, exploitation rights (for example, reproduction and distribution) can be validly assigned but moral rights (for example, authorship) cannot. Although it is not required to be effective, assignments are usually in writing. If the work is registered in the relevant registry (which is uncommon), then the assignment can also be registered.
Generally, the transfer of movable property is not subject to formal requirements but there are exceptions, for example, the transfer of shares must be formalised in a public deed. However, these transfers are usually formalised in a sale and purchase agreement.
Contracts can be assigned and the effects, rights and obligations of the original contract are transferred to a third party. The agreement of all parties involved is required for the assignment to be valid. The original contract must be reviewed to determine whether the assignment has already been agreed, or whether the counterparty's prior consent is required.
Contracts can also be transferred by novation by either:
Extinguishing the original agreement.
Modifying certain terms, but with no extinguishing effects.
Although no formalities are required, it is recommended that assignment and novation are effected in writing. The original contract must be reviewed to confirm whether a written document is required or whether other formalities have been contractually agreed.
Data and information
In outsourcing deals suppliers often have to access and process personal data controlled by the customer.
Data transfers to third parties can only be made for purposes directly related to the transferor and transferee's legitimate functions and, generally, require the data subject's prior consent.
Access to data by a third party is not considered a data transfer when it is necessary for the provision of a service to the data controller. However, data processing on behalf of third parties is subject to certain rules (see Question 10).
Data transfers to countries not providing a level of protection comparable to that provided by Spanish Law require prior authorisation from the Director of the Data Protection Agency, except for certain derogations, for example where the:
Data subject has given his unambiguous consent to the proposed transfer.
Transfer is necessary for the performance of a contract between the data subject and the controller or the adoption of pre-contractual measures taken at the data subject's request.
Transfer is necessary for the conclusion or performance of a contract concluded, or to be concluded, in the interest of the data subject, between the controller and a third party.
Transfer is necessary or legally required to safeguard a public interest.
Formalities for leasing or licensing
Lease contracts are not subject to formal requirements, although any party to a verbal lease can require the other party to formalise the contract in writing. In this case, the contract must contain an identification of the parties and the leased property, the initial rental fees and any other agreed terms.
Furthermore, certain covenants regarding the lease must be in writing to be valid (for example, those relating to the property's general maintenance costs).
The parties usually have the contract notarised and registered at the Land Registry.
If a property is leased for business or professional activities, it can be subleased or the contract assigned without the landlord's consent. However, the landlord must be notified of these circumstances and can increase the rental fees by:
10% in case of partial sublease.
20% in case of assignment or entire sublease.
A change of tenant is not deemed an assignment when due to a merger, transformation or spin-off of the lessee entity. However, the landlord can increase the rental fees (see above).
The concept of an immovable property being licensed is not generally recognised under Spanish law.
IP rights and licences
See Question 7.
Exclusivity, duration, geographical scope and other related aspects are of paramount importance when drafting and executing a licence contract.
A lease or licence of movable property must be in writing as a matter of good practice. It is recommended that it includes sums payable, applicable term, restrictions on use of the property and termination provisions mirroring the termination provisions of the outsourcing arrangement.
The concept of a contract being leased or licensed is not generally recognised under Spanish law. Contracts are normally assigned or novated (see Question 7).
Data and information
The concept of personal data being leased or licensed is not generally recognised under Spanish law (see Question 7).
Transfer/leasing considerations on offshoring
There are various practical and financial considerations when outsourcing offshore.
Customers are responsible for their own risk management and compliance issues. They must weigh the economic, political, and geographic stability of the country they are transacting with. This is especially important in countries with an increased risk of corrupt practices and geopolitical instability. Companies must also be aware of the usual financial considerations, such as the exposure to foreign exchange controls and withholding tax.
Transfer by operation of law
Employees are transferred provided that the (Article 44, Statute of Workers and Spanish case law):
Outsourcing transaction qualifies as a transfer of an undertaking (for example, there is a transfer of all the essential assets of an undertaking, business or parts of the undertaking or business, which can qualify as an independent and organised production unit).
Transferee continues the operation of the business or undertaking.
If these requirements are met, the customer's employees working on the service being outsourced automatically transfer to the supplier. The employees can opt-out of the transfer and resign from their employment without any compensation (except for senior executives, who are entitled to the compensation agreed in their employment contract or, by default, seven days of salary in cash per year of service, capped at six months' worth of pay).
Parties cannot contract out of Article 44 of the Statute of Workers. However, they have certain flexibility to apportion the financial consequences of its effects.
Some collective bargaining agreements establish transferring obligations even in cases where Article 44 does not apply.
Change of supplier
The employees working on the outsourced service transfer if the change of supplier transaction qualifies as a transfer of an undertaking (see above).
Article 44 of the Statute of Workers can also apply where the outsourcing terminates and the customer brings the services back in-house. In this case, the supplier's employees transfer to the customer. The customer can end up taking on more employees than it originally transferred.
Data protection and secrecy
Data protection and data security
General requirements. The processing of personal data is mainly governed by the Data Protection Act and the Data Protection Regulation.
Companies intending to have files containing personal data must comply with certain obligations with regard to the:
Collection, processing, custody and destruction of data.
Rights of the persons to whom the data refers (data subjects).
These obligations include, among many others:
Notification to and registration of data files with the Data Protection Agency.
Collection of the data subjects' unambiguous consent before collecting and processing their data.
Provision of certain information before collecting data.
Observance of the specific rules relating to sensitive data.
In an outsourcing, the supplier typically needs to access and process personal data controlled by the customer. Data processing by third parties is subject to the following rules:
Access to data by a third party is not considered as a transfer or communication of data if it is necessary for the provision of a service to the controller. Therefore, the data subject's consent is not necessary.
There must be a contract in writing or in any other form, which allows its performance and content to be assessed. The contract must expressly provide:
that the processor will process the data only in accordance with the controller's instructions; not apply or use the data for a purpose other than that set out in the contract; not communicate the data to other persons even for their preservation; and
the security measures set out in the Data Protection Regulation, which the processor must implement.
Once the service has been provided, the data must be destroyed or returned to the controller, together with any media or documents containing data processed.
If the processor fails to comply with these obligations, it will also be considered as controller and will be personally liable for its infringements.
If the supplier processes personal data on behalf of the customer, as a general rule it cannot sub-contract any processing to a third party, unless authorised by the data controller.
Data transfers to countries not providing an adequate level of protection comparable to that provided by Spanish law are generally not permitted, unless previously authorised by the Director of the Data Protection Agency.
Security requirements. The controller or, where applicable, the processor must adopt the technical and organisational measures necessary to ensure the security of the data and prevent its alteration, loss, unauthorised processing or access, having regard to the state of the art, the nature of the data stored and the risks to which it is exposed by virtue of human action or the physical or natural environment.
Data can only be recorded in files meeting the conditions laid down by rules regarding its integrity and security, and the rules governing the processing centres, premises, equipment, systems and computer programs.
The Data Protection Regulation specifies the security measures applicable to data files and processing operations. There are three levels of security measures (basic, medium and high), depending on the nature of data, which must be implemented by data controllers and processors whatever may be the processing system.
Mechanisms to ensure compliance. Best practice is as follows:
To undertake an appropriate level of due diligence to ensure that the supplier can comply with the data protection regulations.
If the supplier or if its servers or systems are based abroad, the customer should ensure that the:
country has an adequate level of protection; and
rules on international data transfers can be duly implemented, where appropriate.
To include appropriate contractual protections in the outsourcing agreement, including:
both parties' obligation to comply with data protection regulations;
the minimum content required for data processing agreements;
identification of services that may be sub-contracted by the supplier, where appropriate, and of the sub-contractor if possible;
the customer's right to audit the supplier's systems and processes for handling personal data. Suppliers will want to limit the scope, have an appropriate notice mechanism and limit the number of times this right can be exercised; and
a right to immediate termination and indemnity protection in relation to breaches of data protection regulations.
For suppliers to include appropriate back-to-back obligations in their agreements with sub-contractors (see above).
International standards. The 31st International Conference of Data Protection and Privacy Commissioners, held in Madrid in November 2009, adopted a resolution including the International Standards on the Protection of Privacy with regard to the processing of Personal Data (Madrid Resolution). The document is not legally binding but advisory, and its purpose is:
To define a set of principles and rights guaranteeing the effective and uniform protection of privacy at international level relating to the processing of personal data.
The facilitation of the international flows of personal data needed in a globalised world.
In April 2010, the Spanish Parliament and Senate issued a proposal and a motion respectively, urging the government to disseminate and promote these standards. However, no further initiatives have yet been developed.
Sanctions for non-compliance. The sanctions are as follows:
Minor infringements: fines ranging from EUR900 to EUR40,000.
Serious infringements: fines ranging from EUR40,001 to EUR300,000.
Very serious infringements: fines ranging from EUR300,001 to EUR600,000.
General requirements. Banking secrecy is regulated by Law No. 10/2014 of 26 June, on the organisation, supervision and solvency of credit institutions.
Entities and other persons subject to the regulation and discipline of credit institutions must keep confidential the information relating to balances, positions, transactions and other customer operations (unless otherwise permitted by the customer or the law and except for those cases where the information must be submitted to supervision authorities or under anti-money laundering and counter-terrorist financing obligations). Therefore, such information cannot be disclosed or communicated to third parties. Exchanges of information between credit institutions belonging to the same consolidated group are exempted.
Security requirements. There are no specific data security or privacy acts, rules or laws for the financial services industry. Spanish general data protection rules are of general application (see above,Data protection and data security).
However, certain provisions in this regard can be found in the financial regulations.
Mechanisms to ensure compliance. Financial institutions are subject to both the banking secrecy rules and the Data Protection Act (see above, Data protection and data security). Therefore, if a financial institution outsources operations and this requires the sharing of customer or employee data with third parties, it must have in place systems and operational processes, as well as contractual documentation, to ensure compliance with both sets of rules.
International standards. No specific international security standards must be complied with.
Sanctions for non-compliance. Breach is considered a serious infringement and the following sanctions may apply:
Fine of between two and three times the amount of the benefits resulting from the breach, if they can be quantified.
Fine of between 3% and 5% of the total annual of net turnover; or a fine of between EUR2 million and EUR5 million, if that percentage is lower than this amount.
Public warning published in the Spanish Official Gazette or private warning.
Confidentiality of customer data
Other than express contractual obligations in an outsourcing agreement or under the data protections and banking secrecy requirements (see above, Data protection and data security and Banking secrecy), there are no other specific confidentiality requirements. However, disclosure of secrets can also represent a criminal offence under the Spanish Criminal Code.
Service specification and levels
The services specification describes the outsourced services being provided. Therefore, it is typically prepared by the customer's technical and commercial teams. Once a draft is produced, the legal team works closely with those teams and the supplier, to ensure that the specification is robust, legal and works with the rest of the agreement.
The service level scheme, which aligns closely with the service specification:
Sets out the performance measures that the supplier must meet when providing the services.
Provides, through the application of service credits (a monetary payment), a means to incentivise the supplier to provide the services to the required performance and compensate the customer if this performance level is not met.
It is common to distinguish between service levels that are fundamental to the service performance (for example, availability and fault fix times) and those that are less fundamental (for example, reporting and monitoring). Different compensation levels are often applied depending on how fundamental a performance measure is.
Some service level schemes also allow for the payment of "service bonuses", a monetary payment to reward suppliers if they deliver exceptional services well or consistently above the required performance measures.
Service levels and service credits are typically set out in a separate schedule or annex to the main terms and conditions. While they are often proposed by the technical and commercial teams, the legal team usually takes a proactive approach in drafting and refining these.
Flexibility in volumes purchased
Charging methods and key terms
Many different charging methods are used in outsourcing arrangements, ranging from:
Fixed price, where the scope of services is very clear and easy to define.
Variable price, based on defined deliverables such as unit or service pricing and full time employees.
Wholly "pay for what you use" or output based pricing is rare because it does not give the supplier enough certainty.
Costs are also considered in the context of other key terms in an outsourcing arrangement. For example:
The charges can be subject to benchmarking provisions (that is, the supplier agrees to benchmark the services to ensure that the price the customer is paying remains competitive in the market). Benchmarking is often strongly resisted by suppliers in fixed costs outsourcing arrangements.
The supplier may want some flexibility to increase costs if its own cost base changes. This is often done through an agreed change control process.
Audit rights allow customers to obtain information to verify costs and performance issues.
In multi-jurisdictional outsourcing arrangements currency issues are important.
Tax provisions must be considered, depending on the structure and type of arrangement.
If a customer wants to reserve the right to terminate for convenience, the supplier seeks to include a termination payment in its favour.
Customer remedies and protections
A customer can sue for damages that are directly or indirectly caused by the breach and those derived from non-contractual liability.
The parties can agree the payment of penalties in case of breach. Unless otherwise contractually agreed, these replace damages and the payment of interest.
If a breach is so significant that the customer can show that it is fundamental to the outsourcing arrangements, the customer can also terminate the contract.
Typical outsourcing arrangements allow for many different customer protections, many of which a customer seeks to exercise before seeking remedies and relief under general law. In addition to the service level scheme (see Question 11) and the benchmarking right (see Question 15), typical examples include:
Rights of (whole or partial) termination in case of material defaults or a number of persistent breaches which, when taken together, amounts to a material default.
Indemnity provisions protecting the customer against breaches of key obligations, usually around IP rights, data protection, confidentiality and loss of data.
Step-in rights enabling the customer or a third party nominated by the customer to replace the supplier and take over the services for a period of time.
Structured governance, escalation and dispute resolution processes.
Adjustment of charging mechanisms, perhaps allowing a withholding of payment or the removal of any volume commitments.
Removal of any exclusivity granted to the supplier.
Warranties and indemnities
Typical warranties or indemnities are:
That the documentation and information provided by the customer when the supplier made its bid and did its due diligence is complete and accurate. This is often discussed at length. A customer can seek the same comfort from a supplier in respect of the information given by the supplier in any tender stages and before the agreement was concluded.
To be entitled to enter into the agreement (both customer and supplier).
To provide comfort in relation to any assets provided to the supplier (customer only).
To perform the services in accordance with the agreement, particularly the Service Level Agreement (SLA) and the services specification.
To perform the services with reasonable skill and care and in accordance with industry standards (supplier only).
To comply with applicable laws and regulations (supplier only).
Various indemnities (see Question 17).
There are no limitations on fitness for purpose or quality of service warranties. Since the provision of services does not involve consumer agreements, parties are entitled to exclude, limit or even extend service warranties. If the customer is a company, the relationship between the parties is governed by the Commercial Code (CC). If the outsourcing activity involves works contracts, the CC's provisions on liability for latent or manifest faults apply.
Apart from the typical protections and provisions set out in Questions17 and 18, the supplier usually indemnifies the customer and any replacement supplier against employees transferring to the customer/replacement supplier on termination of the outsourcing contract (in the case of a transfer of an undertaking (see Transferring employees on an outsourcing in Spain: overview)).
The customer usually indemnifies the supplier against historic liability relating to employees transferred to the supplier as part of the outsourcing.
Customers can demand that the supplier obtains civil liability insurance in private outsourcing agreements.
With increasing awareness and sophistication of risk management systems, the insurance product offerings have evolved across various sectors, including increased capabilities to underwrite specialised risks (for example, cyber insurance).
The types of insurance which are most applicable for outsourcing risks and available on the market are:
Professional indemnity insurance.
Business interruption insurance.
Comprehensive crime insurance which includes fraud committed by employees.
Comprehensive general civil liability insurance.
Directors' and officers' insurance (covering companies directors and officers against claims brought against them in that capacity).
Commercial property (for example, all risks commercial insurance).
Currency exchange insurance.
Term and notice period
There is no legal requirement for a maximum or minimum term for outsourcing agreements. However, under competition legislation, if one party has a dominant position in the market and the contract is signed on an exclusive basis, the term cannot exceed five years.
Typical outsourcing agreements include an initial term with an automatic extension until the agreement is terminated by either party with notice to the other party.
The law does not regulate the length of notice period required. The parties determine this length in the outsourcing agreement.
Depending on the outsourced services and the relevant industry, a longer or shorter notice period is required. For example, in case of IT or telecommunications services, a technically feasible period (usually six months) is required to facilitate the migration to a new provider.
Termination and termination consequences
Events justifying termination
Material breaches (that is, where a condition of the agreement is breached or there has been fraud or negligence) justify termination of an outsourcing without giving rise to a claim in damages.
Insolvency events do not typically justify termination. There is one insolvency procedure (concurso de acreedores). Clauses that entitle a party to terminate the agreement due to the sole cause of a declaration of insolvency are null and void. The outsourcing agreement can include a clause entitling either party to terminate if the other party is subject to an insolvency procedure and there is a judicial decision authorising termination.
Termination for convenience
Outsourcing contracts are generally of a long-term nature. The parties are usually reluctant to lock themselves into a partnership for a long period of time considering the changes that the business can experience over time and the associated uncertainty and risks this entails. Therefore, they normally agree termination-for-convenience mechanisms. Penalties for early termination by the customer are also commonplace.
A force majeure event that persists for a significant period of time justifies termination of an outsourcing without giving rise to a claim in damages against the terminating party.
Outsourcing arrangements are agreed commercially between the parties. They can agree additional termination rights or to exclude termination rights that are implied by law. Examples of typical termination rights in favour of a customer include the following events:
Material or persistent breach. The supplier is usually given a period of time to remedy the breach before the customer can terminate.
Change of control of the supplier.
Insolvency events in cases where there is a judicial decision authorising termination.
Termination rights if liability caps are reached.
Termination for convenience.
IP rights and know-how post-termination
Liability, exclusions and caps
Certain liability provisions cannot be excluded:
Liability for death or personal injury.
Gross negligence and wilful misconduct.
Contractual clauses, covenants or conditions cannot be contrary to laws, morals or public policy (for example, those affecting a person's dignity or physical integrity, or implying an abuse of the economic position of one of the parties).
Clauses that seek to exclude liability entirely are null and void.
Clauses limiting liability derived from a criminal offence are null and void.
Subject to these provisions, the parties are free to negotiate the liability provisions, including liability caps (seeQuestion 30).
The parties are free to agree caps on liability and caps on indemnities. This is usually fixed by reference to a percentage of the charges, either over a contract year or with reference to the total charges over the life term of the arrangement. Liability caps are sometimes linked to the insurance levels set under the agreement.
Outsourcing arrangements usually include escalation provisions, which often must be followed before other more formal mechanisms for resolution are triggered. Escalation provisions allow for a structured process that is tailored to the outsourcing arrangement itself, both:
Setting out levels of seniority of the people who will meet to try to resolve a dispute.
Defining the periodicity of the meetings.
The top level in the escalation process is typically a board member (for example, CEO or COO).
The parties can refer their dispute to an impartial tribunal (with one or more arbitrators) and agree to be bound by the tribunal's decision. Arbitration is an alternative to court litigation and can only take place if the parties have agreed to it in writing, either by:
Including an arbitration clause in the agreement.
Signing an independent arbitration agreement.
The key benefits of arbitration are:
Choice and specialisation of arbitrators (legal and subject matter).
Privacy and confidentiality.
Lack of an appeals process.
Ability to enforce an award in 148 other jurisdictions under the New York Convention on the Recognition and Enforcement of Foreign Arbitral Awards 1958.
Faster than court litigation (but significantly more expensive).
The choice of arbitration removes recourse to the courts except for certain functions related to support in aid and control of the arbitration. The challenge or judicial review of arbitral awards is very limited, as awards can only be subject to annulment or review/rectification proceedings based on very limited grounds.
Judges in court proceedings can join third parties to the proceedings. Therefore, subcontractors or other suppliers can be made part of the proceedings and all related disputes can be resolved in a single set of proceedings.
Court proceedings are public by nature, unless the judge grants confidentiality in certain exceptional circumstances. Parties cannot choose which judge and the number of judges they would like. Court proceedings are usually quite protracted and it can take about one year to receive a decision from a first-instance court.
Other alternative dispute resolution (ADR)
Apart from arbitration, the most common forms of ADR are negotiation, transaction or settlement, conciliation and mediation. Negotiation is conducted by and between the parties themselves.
The transaction or settlement is an agreement both:
Under which each party gives, promises or retains something.
Which avoids bringing a dispute to the courts or terminates the judicial proceedings already initiated.
In conciliation and mediation, the dispute resolution process is assisted by a neutral third party (that is, the mediator or conciliator).
It is becoming increasingly common to have multi-tier clauses in which parties have to undergo a process of negotiation, conciliation or mediation before submitting the dispute to arbitration or litigation.
Unlike arbitration and litigation, the outcome of the ADR process is not formally binding unless the parties subsequently decide to execute a settlement agreement.
Transfers of assets to the supplier
Value Added Tax (VAT) is generally levied on the transfer of assets when transferors act in the course of their business and the assets transferred are linked to their business activity. In certain transfers of real estate assets, transfer tax can apply instead of VAT, in which case the purchaser pays transfer tax at a tax rate ranging from 6% to 11%, depending on the applicable regional tax law, on the fair market value of the real estate asset transferred.
Stamp duty is levied on public deeds connected to the transfer of property (except for those subject to transfer tax) and mortgages by entrepreneurs. The taxable base is the value declared by the taxpayer (that is, the market value of the asset transferred) and the tax rates vary from 0.5% to 1.5% depending on the applicable regional tax law. These rates can be up to 2% for certain real estate transfers subject to and not exempt from VAT. No stamp duty is levied on transfer of other tangible assets such as equipment and machinery.
Transfers of employees to the supplier
The transfer of employees is not a taxable event.
However, when a company outsources services or works related to its core business activity to a third party, it is secondarily liable for certain tax debts of the supplier (for example, VAT and withholding taxes applicable to the supplier's employees and professionals providing the outsourced services). No such liability will exist if the supplier provides the payers with a special certificate issued by the tax authorities stating that the relevant supplier is in compliance with its tax obligations. This certificate must be renewed on an annual basis.
VAT or sales tax
VAT is levied on the supply of goods and services by entrepreneurs acting in the course of their business. The standard tax rate is 21%. There are several exemptions and reduced tax rates. Companies can deduct input VAT under certain conditions.
Corporate Income Tax (CIT) applies to companies and certain entities that are tax resident in Spain.
Spanish tax resident entities are taxed on their worldwide income. The CIT taxable base is calculated on the taxpayer's net accounting result plus any book-to-tax corrections. Some expenses are not tax deductible and some are subject to certain special rules (for example, related party transactions).
The general CIT rate will be 25% for tax periods starting on or after 1 January 2016. However, lower tax rates can apply in certain cases (for example, newly created companies are subject to a 15% tax rate for the first two years in which they obtain taxable profits). Companies can enjoy certain tax credits (for example, tax credit to avoid foreign taxes).
*The authors thank the contribution and comments from Santiago Valentín-Gamazo and Víctor M. Martín Samaniego.
Spanish Official Gazette – Spanish legislation
EUR-Lex – European Union law
Bank of Spain – Financial Services Regulation
Stock Exchange National Commission - Financial Services Regulation
Ministry of Employment and Social Security – Employment
Ministry of Tax and Public Administrations – Tax and Public Procurement
Tax Agency – Tax
Telecommunications Market Commission – Telecommunications
Spanish Data Protection Agency – Data Protection
Ministry of Education, Culture and Sports – IP
Spanish Patent and Trademark Office – IP
Ministry of Justice – Translations of Spanish law
Blanca Escribano Cañas, Partner
Professional qualifications. Lawyer, admitted ICAM, 1995
Areas of practice. Telecommunications; media; technology; outsourcing; competition law.
Non-professional qualifications. Doctorate in Law, Carlos III University, 1997; LLM in European Union Law, Carlos III University, 1995; degree in Law and European Law, Complutense University and K.U. Leuven, 1994; piano player (Conservatorio de Madrid)
- Partner and the head of the Media, Communications and Technology Group at Olswang Spain.
- Practiced law for more than 18 years in international firms, advising clients operating in the communications, technology and media sectors.
- Advises different agents in the full value chain of the communications industry, from the content producers to the network providers, including applications, software, web pages, service providers, distributors and manufacturers.
- Broad experience in negotiating and drafting sophisticated agreements within the telecoms and technology industries, including outsourcing of telecom networks and IT platforms and cloud computing agreements.
- Recently represented a European telecom operator in the litigation against a main Spanish player regarding the migration process to a new IT platform.
Languages. Spanish, English
- Member of the Madrid Bar Association (ICAM), IBA, ABA, ENATIC, DENAE and European Outsourcing Association (EOA) España.
- Officer at the Communications Committee of the International Bar Association.
- In addition, Blanca has been named to, Chambers Europe Edition, Legal 500, Best Lawyers and the International Who's Who of Telecoms and Media Lawyers as one of the leaders practitioners in Spain.
- Authored the EU chapter for "International Telecommunications law" (CILS) (in progress).
- Co-authored the "EU regulatory framework" chapter of the International Comparative Legal Guide to Telecommunication Laws and Regulations 2014 (ICLG).
- "Telecommunications and media industry developments in Spain" published in the "Spain: Telecom & Media" Section of the Global Competition Review 2009. September 2008.
- "2006 eCommunications Market Review in the European Union", published in "The Partyline", Communications Industry Committee Newsletter of the American Bar Association. Section of Antitrust Law. Summer 2006.
- Spanish Section of the "Communications Law Newsletter" of the International Bar Association (September 2005).
- Co-authoring "Prospective Model in the Telecommunications Sector, Risks of a Dual Analysis" (Control de Concentraciones Empresariales, Reforma de las normativas Comunitaria y Española). Instituto de Estudios Europeo. 2004.
- Co-authoring "Frustrated Merger Between the US Satellite pay TVs. Competition v Regulation and Public Interest Licence". 2002 Competition review. Fundación ICO.
Sofía Fontanals, Senior Associate
Professional qualifications. Lawyer, admitted ICAM, 2006
Areas of practice. Telecommunications; media; technology; outsourcing; privacy and data protection; advertising; consumer law.
Non-professional qualifications. Masters degree in Telecommunications and IT Law, Carlos III University; degree in Law, Complutense University of Madrid
Languages. Spanish and English
Professional associations/memberships. Member of the Madrid Bar Association (ICAM), ENATIC, DENAE and European Outsourcing Association (EOA) España.