For more information, please contact:
Tel: + 49 30 2200281 720
Tel: + 49 30 2200281 729
Current debate in Germany regarding U.S. IT companies and "no spy guarantee"
The German Federal Ministry of the Interior has recently published its administrative guidance regarding a "no spy guarantee" for companies that enter into certain procurement contracts with the German Federal Government. Several recent press articles also purport that a number of Federal States, so far including the states of Bremen, Hamburg, Schleswig-Holstein and Saxony-Anhalt, also plan to introduce comparable guarantee requirements for their IT tender procedures.
1. What is a "no spy guarantee"?
Pursuant to the guidance, the Procurement Office of the Federal Ministry of the Interior can demand from bidders in upcoming tender procedures with possible security relevance a binding self-declaration. In the self-declaration, the bidder declares that he is capable of complying with contractual confidentiality obligations and, in particular, under no obligation to disclose to third parties confidential information, business and trade secrets, of which he gains knowledge in the course of the contractual relation with the public authority. Pursuant to the guidance, confidential information is defined as any information which would be qualified as security-sensitive by an objective third party or which is marked as confidential. The declaration does not apply if the bidder is legally obliged to disclose such information to foreign public authorities that are not security authorities, such as securities and exchange supervisory bodies, regulatory authorities or financial authorities. However, he must not be obliged to disclose information to foreign security authorities. The guidance also recommends to supplement the contractual terms and conditions currently used in procurement procedures with a clause pursuant to which the bidder is required to give written notice to the public authority if he is no longer able to comply with the confidentiality clause.
Whether a self-declaration is requested or not may be left up to the contracting government agency to decide on a case-by-case basis, taking into account whether the procurement at hand requires a more stringent security-sensitive approach or not.
2. How will a "no spy guarantee" work?
Pursuant to the decree, the self-declaration will be part of the review of reliability (pre-qualification review) and shall also work as a presumption of proof concerning the obligation of the bidder to disclose confidential information to third parties. This means that bidders who submit a signed self-declaration even though they know that they are legally obliged to disclose confidential information to foreign security authorities will be excluded from the tender procedures. Bidders who do not submit a self-declaration will be excluded because bidders are requested to submit complete tender documents.
Jonathan C. Poling
Partner, Washington, D.C.
Tel: + 1 202 835 6170
Tel: + 49 69 2 99 08 189
The supplementary confidentiality clause in the contractual terms and conditions could lead to an extraordinary right to termination of contracts.
3. How could a "no spy guarantee" affect foreign IT companies?
The "no spy guarantee" is likely to affect foreign IT companies in at least three ways. First of all, even though a German subsidiary of a foreign company is not legally bound to disclose confidential data to foreign security authorities, there is a potential risk of exclusion. U.S.-based companies should be aware that the prevailing public opinion in Germany is that U.S. companies will not be able to submit a truthful declaration regarding a "no spy guarantee" due to their legal obligations in the U.S. (e.g. USA Patriot Act). Although the Patriot Act includes provisions where U.S. companies may be compelled to produce relevant information as part of national security investigations, it is unclear if the existence of lawful court orders in the U.S. and pursuant to the Patriot Act would be viewed as a permissible exception for U.S. companies to the “no spy guarantee.” Secondly, it might not be sufficient if a German subsidiary of a U.S.-based group that participates in a tender procedure in Germany submits the self-declaration because there might be spillover effects (e.g. due to personnel overlaps). It is finally important to note that the proposed "no spy guarantee" will not only be required from companies or entities who want to contract with public authorities, but also from companies who are subcontractors.
4. Are there remedies under public and procurement laws to challenge a "no spy guarantee"?
The implementation of the "no spy guarantee" as a self-declaration in the context of the review of reliability could be challenged with a review procedure before the Public Procurement Board and, in case the review procedure is not successful, an immediate appeal before a Higher Regional Court. The supplementary confidentiality clause in the contractual terms and conditions could be challenged in a civil law proceeding and also with a review procedure before the Public Procurement Board and, in case the review procedure is not successful, an immediate appeal before a Higher Regional Court.
5. Not yet discussed, but essential: eligibility of a "no spy guarantee" under the EU Treaty?
Following the current debate in Germany about a "no spy guarantee", one cannot help but think about the compatibility of the guarantee with EU law. Such a guarantee could be regarded as an infringement of the principle of non-discrimination, because certain U.S. companies who have been in a leadership position in IT tender procedures for years will now be confronted intentionally with obligations and requirements that they can most likely not comply with due to their national laws, even though they would like to do so. A "no spy guarantee" could also infringe with the principle of equal treatment since there could be IT companies from other countries which might have similar national laws as U.S.-based companies but are currently not discussed at all. This question of compatibility with EU law requires further intensive review.
This client newsletter is prepared for information purposes only. The information contained therein should not be relied on as legal advice and should, therefore, not be regarded as a substitute for detailed legal advice in the individual case. The advice of a qualified lawyer should always be sought in such cases. In the publishing of this Newsletter, we do not assume any liability in individual cases.
Baker & McKenzie - Partnerschaft von Rechtsanwälten, Wirtschaftsprüfern, Steuerberatern und Solicitors is a professional partnership under German law with its registered offices in Frankfurt/Main, registered with the Local Court of Frankfurt/Main at PR No. 1602. It is associated with Baker & McKenzie International, a Verein organized under the laws of Switzerland. Members of Baker & McKenzie International are Baker & McKenzie law firms around the world. In common with terminology used in professional service organizations, reference to a "partner" means a professional who is a partner, or equivalent, in such a law firm. Similarly, reference to an "office" means an office of any such law firm.