Sub-contracting

World Commerce and Contracting provides the following principles relating to sub-contracting:

1. As solutions to customers’ needs and the breadth of offerings become more complex and require expertise and technology not necessarily resident in one single supplier, it is common for suppliers to “team” or “partner” with other companies to meet those customer requirements. However, customers rightfully look to suppliers to serve as their sole contracting party (i.e., prime contractor) with respect to the entire solution or scope of work being provided.
2. The supplier should take full responsibility for ensuring that the entire solution works, or the entire scope of work is delivered and performed as contracted for, including those elements provided by Subcontractors, as if the supplier was providing the solution/scope of work entirely by itself. Accordingly, the supplier should accept liability (subject to the applicable limitations and exclusions) for all acts and omissions of Subcontractors in connection with the transaction.
3. If the customer and supplier have agreed to certain terms that apply, either explicitly or implicitly, to Subcontractors, it is the supplier’s responsibility to ensure that those terms are flowed down to the Subcontractors as appropriate. Similarly, terms mandated by a Subcontractor may have to be flowed up to the customer to ensure that the supplier, who may be liable to the Subcontractor for acts or omissions of the customer, is not in breach of the Subcontractor contract.
4. With respect to software licenses, it may be appropriate for Subcontractor licenses to flow directly to the customer, in which case those licenses create contractual privity between the customer and the Subcontractor for that limited purpose.
5. Except as set forth in Principles 6 through 10 below, as far as possible, the sharing of responsibilities between the supplier and its Subcontractors should be transparent to the customer, and the customer should not have to undertake any role in overseeing the activities of Subcontractors.
6. The extent to which a customer should have the right to pre-approve Subcontractors should be a function of the access any Subcontractor has to the customer’s sensitive information or internal networks or databases or if the Subcontractor will be badged or given the freedom to work in a customer location on an unescorted basis. Customers may also have a right to pre-approve any Subcontractor if it will be providing a very large proportion of the overall solution or work. However, if the supplier will be unable to provide its solution/services/product without the use of certain Subcontractors, it is important that the supplier should request for pre-approval of the use of such Subcontractors in the contract itself (as opposed to waiting to ask for that consent post-contract) and, If need be, state that without use of that Subcontractor, it may be impossible for the supplier to provide the solution/service/product to the customer at the agreed price or under the same terms (e.g., SLA).
7. A customer should have a right to approve or reject a Subcontractor if it is a competitor to the customer (albeit in some cases the customer may not have a choice but to approve a competitor if it is the only provider of a key component of the solution, in which case it is fair that the customer impose additional confidentiality safeguards to protect its interests).
8. Customers have a right to impose the same requirements on Subcontractor employees as they do on supplier employees (e.g., background checks, adherence to confidentiality obligations, prohibitions to human trafficking and child labor, compliance with security policies) if the Subcontractor personnel will be performing particular functions or activities that are the subject of those requirements under the customer-supplier contract.
9. A customer should have the right to require the supplier to remove and replace a Subcontractor or a Subcontractor’s employee if either engages in activities that violates applicable customer policies or procedures or that are illegal.
10. The supplier should ensure that any audit rights a customer may have under the contract are extended to its Subcontractors who are performing functions or have obligations that fall within the scope of permitted audits (e.g., audits related to activities that form the basis for charges).
    Personal data handling, data protection, and the movement of data across jurisdictional lines need to reflect activities of Subcontractors and not just the supplier. Subcontractors’ roles will determine the applicability of GDPR and other laws and regulations to those activities, particularly with respect to whether they are Processors or Controllers. These must be explicitly handled in the relevant contract provisions.