The QITC Framework

In August 2017, the Queensland State Government introduced the new Queensland Information Technology Contracting (QITC) framework for procurement of information and communications technology (ICT) products and services by the Queensland Government.

In this QWIK QITC Series, we are providing general information in respect of how the framework operates.

In the previous edition of the QWIK QITC Series, we considered how certain kinds of liability, such as Consequential Loss, can be excluded under the QITC contracts, and the extent to which these exclusions do not apply.

In this edition of the QWIK QITC Series, we follow on from last week’s topic of liability under the QITC contract and consider how the parties can cap their liability.

What is a liability cap?

A liability cap is a method of risk allocation that places a limit on the liability a party would otherwise have under the contract. The limit is usually a specific dollar amount, or is tied to another value in some way, for example, a percentage or multiple of the contract price. This inevitably creates a risk gap, with one party potentially being responsible for any losses which exceed the capped liability amount.

There are two separate liability caps in the QITC contracts: a general liability cap, and a liability cap specifically for loss or damage to Customer Data when supplying As-A-Service.

General liability cap

Both the Government Customer and the Supplier can limit their liability under a general liability cap by specifying the cap in the Comprehensive Contract Details or the General Contract Details (as applicable).

As with Consequential Loss (see last week’s QWIK QITC), certain liability is carved out from the general liability cap, being:

  • personal injury, sickness and death
  • property damage and loss
  • a claim for infringement of Intellectual Property Rights or Moral Rights (see QWIK QITC Week 5).

The Supplier’s liability is also not capped in respect of:

  • fraud by the Supplier or its Personnel; and
  • any breaches of the provisions regarding confidentiality or privacy obligations by the Supplier or its Personnel.

As with Consequential Loss, neither party is liable to the other for contributory liability, or where the other party has not taken reasonable steps to mitigate its loss (see last week’s QWIK QITC).

Customer Data liability cap

The Supplier has a separate liability cap for loss of or damage to Customer Data in the Supplier’s provision of an As-A-Service (see QWIK QITC Week 7). The parties can specify this cap in the General Contract Details, or in the Module Order Form for Module 3 (As-A-Service).

The cap also specifically applies to the Supplier’s liability under the Supplier indemnity in respect of compliance with laws and breach of confidentiality and privacy obligations under the QITC contract. We will discuss the indemnities in the QITC contracts in greater depth in the coming weeks.

As with the general liability cap, there is a specific carve out from this cap for loss or damage that was caused or contributed to by any fraudulent act or omission of the Supplier or its Personnel.

Takeaways

For Government organisations

  • When determining the Supplier’s liability cap, you should consider the risk of the procurement as opposed to the contract value. A low price does not necessarily mean the procurement is low risk, and vice versa. You should consider the total losses you could incur if the Supplier fails to supply the Products and/or Services in accordance with the QITC contract. You may want to obtain specialist assistance from your procurement or financial advisors in determining the Supplier’s liability caps, particularly if the procurement is considered of higher risk.
  • If the QITC contract is for a multi-stage procurement, you should consider whether it is suitable to vary the amount of the Supplier’s liability cap for each different stage. For example, a QITC contract for Developed Software could specify a different cap for the development phase, and the subsequent support and maintenance phase. This would reflect the changing risk profile at each stage. Additionally, consider whether a different cap is required where the Products and/or Services are recurring – for example, where fees are paid annually for subscription to a Software-As-A-Service.
  • A liability cap is commonly set as a specific dollar amount, or a multiple of the contract price, or the greater of a specific dollar amount and a multiple of the contract price payable. There are also other methods of capping liability, such as tying the cap to insurance coverage. As a Government Customer, it is generally not recommended to set the liability cap to a multiple of the contract price unless you can determine the total price payable under the QITC contract.

For suppliers

  • Take note of the carve outs from your liability caps, particularly noting any carve-outs which can be triggered due to the actions of your Subcontractors, such as fraudulent acts and breaches of confidentiality or privacy obligations . When passing through risk in your agreements with Subcontractors, in addition to including back-to-back protections to cover the gaps in excluded liability, you should ensure that any liability caps for the Subcontractor do not exceed your liability caps under the QITC contract.
  • When negotiating a liability cap under the QITC contracts, remember that the liability is a risk allocation tool. If the Government Customer is pushing for a higher liability cap, consider pricing accordingly. Take care with pricing if the liability cap is tied to a multiple of the contract price! Consider the level of insurance available in the event of a claim by the Customer. If the insurance cover is inadequate, insurance coverage may need to be increased, or the liability cap may need to be reduced.
  • Although you may take the view that they should be the same, if you are supplying As-A-Service, you should carefully consider the separate limits for your general liability cap and the Customer Data liability cap. Depending on the potential risk, and the sensitivity of the information involved, the Government Customer may push for a higher cap for Customer Data. You should also consider the potential penalties for data breaches under the Privacy Act 1988 (Cth) when determining this cap.