Jurisdiction snapshot

Market

What is the extent of outsourcing in your jurisdiction, including the most common sectors for outsourcing activities?

Outsourcing is a multidisciplinary matter under Italian law. In the IT sector, outsourcing contracts are either regulated under the Civil Code or special Italian legislation (eg, contracts for data processors in the field of data protection or system administrators in general contracts for IT services). Alternatively, outsourcing may be freely regulated by the parties based on the general principle of freedom of contract. In general, outsourcing consists of entrusting single phases of a process (eg, IT services) to external suppliers. The more common forms of outsourcing pertain to business-to-business relationships, as well as to agreements linked to the public sector (particularly regarding public tenders).

The most common sectors and forms in which IT outsourcing takes place are:

  • service agreements or subcontracts;
  • sub-supply contracts; and
  • transfers of company branches.

However, IT outsourcing can also take place in the form of temporary employment agency work contracts. Outsourcing has recently become more common in connection with personal data processing, under the applicable data processing legislation (eg, contracts appointing data processors or sub-processors).

The goal of these contracts is to outsource the related services by delegating under a master service agreement all or some of the activities relating to the development and operational management of IT systems. Software management and software development agreements, for instance, are regulated under service agreement regulations. In the field of data processing, outsourcing relies on the legal possibility to “process personal data on behalf of the controller” and according to the controller’s instructions (eg, in the marketing sector, for back office services and managing application systems).

IT outsourcing can be seen as an evolution of facility management (in which service and development activities are provided together). In the field of IT outsourcing, some of the roles that can be outsourced include:

  • IT managers;
  • help desk specialists;
  • privacy consultants;
  • IT consultants;
  • software analysts; and
  • system administrators.

Government approach

How would you describe the government’s approach to outsourcing arrangements? Are there any government-sponsored incentives for outsourcing, or restrictions on outsourcing abroad?

The Italian government has promoted outsourcing by:

  • providing a preferential value-added tax system;
  • introducing the Digital Administration Code in order to:
    • fully accomplish the digital transformation of the public administration’s documents;
    • create the so-called ‘digital administration’; and
    • benefit citizens by making their relationship with the public administration simpler and more accessible;
  • ‘radical outsourcing’ in the public sector (ie, privatising certain activities which were undertaken by the public administration by entrusting parts of those activities to private entities);
  • providing financial incentives for programmes which promote integration into extra-EU markets. The Italian legal system does not disregard outsourcing that is not limited to domestic outsourcers, but involves those residing in other countries (ie, global sourcing and offshoring).

At the same time, the government has limited outsourcing in some sectors:

  • In sub-supply contracts, special protection for sub-contractors (due to their status of financial dependence) is provided under Law 192/1998, which establishes:
    • guarantees regarding the form of the contract and its content;
    • the regulation of interests in arrears (Legislative Decree 231/2002, transposing EU Directive 2000/35/EC); and
    • the prohibition of abusing the sub-contractor’s status of financial dependence.
  • Regarding temporary employment agency work contracts, the government has set a cap of 30% for personnel who may be hired under such contracts, with additional rules provided for short-term jobs.

Additional information on financial incentives for insourcing is available at “www.sviluppoeconomico.gov.it/index.php/it/component/tags/tag/714-Finanziamenti%20per%20l'internazionalizzazione”.

Regulation

Legislation

Is there any overarching domestic legislation governing outsourcing?

For service agreements in the private sector the main legal references are Articles 1655 to 1677 of the Civil Code. These articles also apply to IT outsourcing contracts, which are generally structured in the same manner as the service agreement that they are linked to.

For temporary employment agency work contracts, the main legal reference is Article 1559 of the Civil Code. Sub-supplier contracts are regulated by Law 192/1998 and transfers of business branches are governed by Article 2112 of the Civil Code. These rules may also apply to IT outsourcing. Public tenders are governed by Legislative Decree 163/2006, as reformed by Legislative Decree 50/2016 and Legislative Decree 56/2017.

For digital matters relating to public administration, the main reference is the Digital Administration Code (DAC), included in Legislative Decree 82/2005, as modified by Legislative Decree 217/2017 and Legislative Decree 235/2010. In particular, Article 44(1)quarter of the DAC allows the public administration to use outsourcing in order to conserve and certify digital and ‘de-materialised’ documents. The Decree of the President of the Council of Ministers (13 November 2014) for the digitalisation of informatic documents also applies.

Are there any sector-specific laws or industry guidelines on outsourcing?

Yes. Some of them are Italian, others are European. Examples include:

  • the Digital Administration Code (DAC);
  • the General Data Protection Regulation (GDPR);
  • the Copyright Law (Law 633/1941); and
  • the Industrial Property Code.

Licences, permits and approvals

What licences, permits and/or approvals are required for outsourcing activities, if any? What are the penalties for non-compliance with these requirements?

No specific licences or permits are required for outsourcing in the private sector. Some administrative provisions may be necessary according to the type of activity outsourced, as is the case, for instance, with service agreements. Temporary employment agency work contracts can be performed only by agencies registered in the designated register established by the Ministry of Labour. In the public sphere, contractors must meet the prerequisites set in the relevant call for tender in order to be allowed to participate in the tender. Administrative fines can be issued where this is not complied with (eg, exclusion from the public tender, revocation of the award and the consequent invalidity of the contract entered into with the tenderer, following the public administration’s impact assessment of the failure to comply with the requirements).

Reforms

Are any legislative or regulatory reforms envisaged or underway which will affect outsourcing arrangements?

Yes. For example:

  • the GDPR (as well as Legislative Decree 101/2018), concerning outsourcing activities in the processing of personal data;
  • the new Public Contracts Code (Legislative Decree 50/2016 and previously Legislative Decree 163/2006) for public outsourcing;
  • the Decreto Dignità for temporary employment agency work contracts;
  • the DAC and its guidelines for outsourcing by the public administration; and
  • the International Organisation for Standardisation’s 9001:2015 standard, regarding risk management relating to outsourcing.

Legal structures

Types available

What legal vehicles/structures are available for outsourcing arrangements, and what are the advantages and disadvantages of each?

Regarding IT outsourcing, the same structure is used in service agreements as that in other contracts provided by Italian law (eg, the law governing sub-supplier contracts and the law concerning the transfer of business branches). In general, atypical agreements (ie, agreements not specifically regulated under the Civil Code) are relied on, as they allow the parties to adapt their content and framework to their concrete needs under the principle of freedom of contract (Article 1322 of the Civil Code). Atypical contracts can also be connected to typical ones in order to reach further goals which are not covered in the latter. Moreover, parties should consider and formalise non-disclosure agreements with outsourcees in order to protect data, know-how and industrial secrets which may be entrusted to them.

In general, the advantages of outsourcing that can be reflected in the relevant atypical agreements include:

  • increased efficiency (outsourcers may be more skilled to perform specific tasks required);
  • increased flexibility;
  • time efficiency (outsourcers may focus their efforts on core business activities);
  • savings on infrastructure;
  • access to highly qualified personnel (especially regarding information and communications technology outsourcing);
  • regarding personal data processing, access to highly competent workers and companies whose technical and security measures can be easily communicated, so that they can legitimately process data on behalf of the data processor (as a sub-processor);
  • regarding digital administration, a simplified operating system, more efficiency and less bureaucracy, a decrease in administrative burdens and more transparency; and
  • the possibility to outsource IT and telecoms activities, personnel and infrastructure, and the consequent reduction of costs and potentially higher technical ability of the outsourced expert workers; however, this does come at a higher risk to lose control of IT assets or of accidental loss of data.

Regarding outsourcing in the private sector and particularly for temporary employment agency work, such as through service or labour supply agreements, there are several advantages – for example, outsourcers will:

  • deal with only minor bureaucratic compliance matters;
  • have lower costs compared to directly employing personnel; and
  • have more contractual flexibility with those workers and more varied possibilities to address the company’s temporary work needs.

In general, the main advantages are:

  • the increased opportunities to access new technologies, skills and combined professional qualifications; and
  • the freeing up of efforts which can be redirected towards a higher focus on companies’ core businesses.

The main risks are as follows:

  • Regarding sub-supply contractual relationships, there is a higher risk for subcontractors (due to a contractual imbalance between the parties), which may lead to inequitable contractual clauses and even financial dependence of the subcontractor on the contractor.
  • Disadvantages connected to subcontracting may generally result in joint liability between the contractor and subcontractor regarding workers’ wages and contributions. However, this liability is limited to withholding tax on employment income (eg, wages) and value added tax relating to invoices issued for activities included in the contractual relationship.
  • Regarding IT subcontracting, there is a higher risk of losing control of data and limited guarantees from subcontractors regarding the data privacy and security.

In general, the main risks concern giving away core competencies and losing the positive effects of flexibility linked to outsourcing.

Contractual relations

Contract forms

What are the most common contract forms for outsourcing arrangements, and what are the advantages and disadvantages of each?

The most common contract forms for outsourcing arrangements are:

  • data processing agreements (concerning the processing of personal data);
  • service agreements (the most common contractual structure for outsourcing IT services);
  • sub-supplier contracts;
  • contracts regulated under the law concerning transfers of business branches;
  • temporary employment agency work contracts; and
  • public contracts, as regulated by the new Legislative Decree 50/2016.

Regarding service agreements in the private sector, one advantage is parties’ freedom to negotiate under Italian contract law. In the public sector, the adjudication of the contract follows the terms of the public call for tender and call for bids, which aim to find the best offer and regulate the entire procedure around this, with a narrow margin for negotiation between the public administration and private parties. All requirements set out the procedure must be met in order to participate in the call for bids; clauses may also apply which automatically exclude participants that fail to meet their requirements.

In service agreements, contractors take on entrepreneurial risk. In temporary employment agency work contracts, employers avoid directly hiring the workers which are to provide services. As for sub-supply agreements, there is the advantage for the contractor of hiring a sub-supplier which specialises in services and producing goods; however, sub-suppliers may be at a disadvantage if they become financially dependent on the contractor.

Service agreements usually reflect a single, sole contractual relationship, even if they can assume the form of a multilateral agreement. On the other hand, temporary employment agency work contracts are characterised by two contractual relationships (one between the worker and the agency and the other between the contractor and the agency).

In sub-supply agreements, sub-suppliers also have the advantage of guaranteed and ongoing orders for their services and goods; however, this carries the disadvantage of potentially becoming financially dependent on the contractor and therefore being forced to accept unfair contractual clauses (or an unbalanced agreement) in order to maintain the relationship.

In general, regarding IT outsourcing (in the form of a contract, sub-supply agreement or company branch transfer), the main advantage is the possibility of hiring highly qualified workers, while the main disadvantages are the possibility of losing control of data, poorly defined obligations for suppliers regarding privacy and data protection matters and engaging suppliers which are not up-to-date with the latest technological innovations.

Due diligence

Before entering into an outsourcing contract, what due diligence is advised?

For private agreements, there are no special forms of due diligence, other than verifying the professional and financial reliability of the suppliers and their existing infrastructure. However, it is advisable to maintain a liability policy governing the outsourcing process (the board of directors for the contractor usually maintains general liability) in order to keep the level of risk for the outsourced activities at a reasonable level. It is also advisable to:

  • verify that outsourcing agreements do not diminish the ability to respect all applicable regulatory requirements, including those set by supervisory authorities (eg, the Data Protection Authority where personal data is concerned);
  • verify that written agreements with suppliers are entered into in order to regulate the practical aspects of outsourcing;
  • implement systems and agreements intended to protect private information (ie, data and know-how); and
  • organise periodic audits.

In general, due diligence in IT outsourcing contracts should consist of:

  • a prior check of the network in use and of all its virtual extensions;
  • vulnerability test analysis;
  • a penetration test; and
  • an assessment of the supplier’s incident management process.

As regards outsourcing data processing activities, due diligence may involve a check of the supplier’s level of compliance with the General Data Protection Regulation (GDPR) in order to evaluate how secure the data processing activities will be and a check on existing security measures. In general, prior to outsourcing it is necessary for companies to consider their value chain, distinguish their core and non-core competencies and identify the value chain relating to their core competencies in order to understand which functions, activities and processes can be outsourced.

Duration and renewal

What is the common duration of outsourcing contracts? How does the renewal process commonly play out?

There is no common duration – it is determined by the parties. As the government generally disapproves of obligations or bonds which are temporally unlimited, where typical contracts (governed by the Civil Code) do not specify their duration in their contractual clauses, parties may stop the effects of the contract by mutual agreement or by withdrawing from the contract. Regarding IT outsourcing, for cases where temporary employment agency work contracts are used, Italian law provides for a maximum number of renewals to protect workers. Where parties decide on a specific duration for a contract, said parties may decide that the contract will be tacitly renewed prior to its expiration.

Supplier selection

What procedures and criteria are commonly used to select suppliers?

In the private sector, there are no specific procedures to select suppliers. However, a procedure could be created for contract finalisation, such as a sequence of a term sheet followed by a final agreement – that is, a sequence of proposal, acceptance and signing of the agreement or, for instance, a public offering. IT outsourcing contracts, which can be considered subcontracts or sub-supply agreements, are long-term contracts and, as a consequence, generally have a series of steps prescribed for them (eg, to define methods of payment and execution of activities). For this reason, there are generally also clauses that aim to control unexpected occurrences and maintain a certain contractual balance (eg, clauses that prescribe the possibility to change the price according to variations in the market). In a service-level agreement, the parties may agree on a time schedule for the provision of services.

There are no specific guiding principles regarding criteria to be used when selecting suppliers either. Suppliers’ financial reliability and level of technical and specialised competences can be considered as relevant criteria regarding IT outsourcing. In particular, in cases of IT outsourcing for data processing, the level of compliance with applicable regulations (eg, the GDPR) is also important. Other criteria include:

  • the supplier’s alignment with industry best practices;
  • the range of services offered; and
  • the supplier’s flexibility, financial stability and reputation.

Measures to ensure integrity, confidentiality and the availability of data (eg, business continuity, contingency and recovery plans) are also important.

In the public sector, outsourcing is characterised by the evidence procedure (evidenza pubblica) and is ruled by the Public Contracts Code, Legislative Decree 50/2016 and Law 241/1990. Different criteria for selecting suppliers may apply – in particular, specific award criteria will be set out in each public tender notice. These selection criteria may include, for instance, economic advantages offered or lowest price offered.

Service specifications

How are the service specifications agreed and monitored, and what service terms and parameters are commonly applied? Can any flexibility be provided for in these terms?

Service specifications for data processing agreements are typically agreed inside the agreement itself. In particular, the provisions of Article 28 of the GDPR must be included in these agreements and be binding on processors and sub-processors. For IT outsourcing and thus for service agreements, these specifications are typically included inside the contract or in an annex. In sub-supplier contracts and temporary employment agency work contracts, specifications will be included in the contracts themselves. In any case, service-level agreements may be entered into with suppliers in order to establish agreed and monitored specifications for the services to be provided. Specific parameters for providing services can be identified by the parties during pre-contractual negotiations.

Regarding forms of control during the provision of services, parties can agree on periodic audits in order to monitor the safety of the suppliers’ systems, networks and communications, physical and environmental safety, as well as to monitor the performance of statements of work, by maintaining a list of the activities which have and have not been developed.

Parties are also afforded flexibility by Article 1322 of the Civil Code, which allows them to determine the content of contracts they enter into (within the limits of the law). Parties may also choose to connect different agreements which they have entered into.

Charging methods

What charging methods are commonly used?

Common charging methods include monetary payments (including cash payments below a certain amount), bartering (pursuant to Article 1552 of the Civil Code) or transfers of company shares for more complex operations.

Warranties and indemnities

What warranties and indemnities are commonly stipulated in outsourcing contracts (for both the customer and the supplier)? Are there any mandatory or prohibited provisions in this regard?

Sub-supplier contract law restricts the content of these contracts in order to protect the weaker party (ie, the sub-supplier) by way of, for example, liability concerns, terms of payment and tax regimes. As regards the outsourcing of personal data processing, Article 28 of the GDPR regulates the contents of the data processing agreements to be entered into with processors and sub-processors: it is mandatory to include the minimum obligations of Article 28 in data processing agreements (eg, obligations relating to security measures, confidentiality, adequate technical and organisational measures and the return of personal data at the end of the contract). Italian law also sets out prohibitions concerning contractual clauses (eg, the prohibition on varieties of forfeiture agreement, Article 2744 of the Civil Code) or restrictive clauses. Where parties wish to include these types of clause, the contract must include a double signature in order for those clauses to be valid. Further, fraudulent contractual clauses (whether directly or indirectly fraudulent) cannot be included in a contract. Including forbidden clauses in a contract may result in the invalidity of the clause or of the entire contract.

Ending the agreement

What are acceptable grounds for terminating an outsourcing contract?

Acceptable grounds for terminating an outsourcing contract include:

  • the counterparty’s fulfilment of its contractual obligations;
  • exceeding a fixed-term contract’s expiration date;
  • the fulfilment of all contractual services and obligations;
  • a breach of contract;
  • an inability to perform contractual obligations;
  • cancelling the contract by mutual agreement between the parties;
  • the occurrence of a termination condition; and
  • the rescission of the contract.

How do contracts commonly address exit from the outsourcing contract?

The more common reasons for exiting an outsourcing contract are the fulfilment of the outsourcee’s obligations or the completion of the contract’s duration.

Is there a common or mandatory notice period for non-renewal of a contract?

There is no common or mandatory notice period for non-renewal. Normally, parties will agree to a period (eg, 30 days); otherwise, the contract will have an indefinite term. Where the contract has an indefinite term, both parties are free to stop the contract from taking effect at any time, with a notice period for non-renewal determined by good faith (which may vary according to the parties’ specific sectors or the agreed contractual obligations). Contracts may also terminate on the delivery of the goods or fulfilment of contractual obligations.

General tips

What can customers do to make their outsourcing contract more successful?

Parties are advised to respect the contractual balance in terms of obligations, liability and advantages, as well as writing contracts in a simple and clear way in order to avoid litigation concerning the contract’s interpretation. Clear and detailed service level agreements are crucial for the success of IT outsourcing. Using flexibility clauses will also allow the contract to adapt to unexpected occurrences (so-called ‘ius variandi’ clauses). Such clauses are considered ‘unbalanced’ and must be signed twice by the parties; however, they allow the contract to be preserved in situations where it would otherwise potentially be terminated. Parties are also advised to grant suitable guarantees for the fulfilment of obligations governed by a contract with clear clauses which are not subject to further interpretation and to foresee obligations to update technological systems used by the supplier.

Remedies and protections

Legal remedies

What legal remedies are available to the parties to an outsourcing contract in the event of contractual breach or unjust termination?

Judicial remedies include:

  • termination for breach of contract;
  • termination where obligations have subsequently become excessively cumbersome (Articles 1463 et seq of the Civil Code) or impossible to perform (Articles 1467 et seq of the Civil Code);
  • dissolution of the contract by mutual consent of both parties;
  • withdrawal (only where provided by the contract);
  • invalidation of the contract (Articles 1447 et seq of the Civil Code);
  • invalidation of a clause, which implies also the invalidation of the entire contract; and
  • cancellation of the contract.

Non-judicial remedies include:

  • risolutiva espressa clauses (Article 1456 of the Civil Code);
  • parties issuing a diffida ad adempiere (Article 1454 of the Civil Code); and
  • parties terminating a contract where it is not performed in the period considered essential for one of the parties (Article 1457 of the Civil Code).

The remedy for breach of contract is typically compensation, including for actual losses and loss of profit, as well as the spreads (on occasion). Compensation can be carried out in two forms:

  • specific redress (Article 2058(1) of the Civil Code); or
  • compensation by means of an equivalent (Article 2058(2) of the Civil Code).

Contractual penalties can also be applied as a means to reimburse losses.

Other remedies

What other remedies are available (eg, contractual)?

Other remedies include:

  • termination of the contract;
  • renegotiation of an unbalanced agreement;
  • the extension of the contractual term to perform an obligation;
  • curtailment of the performance of obligations; and
  • the division of the obligation to pay the price into instalments.

Liability

How can the parties to an outsourcing agreement limit or exclude their liability?

Liability may be limited under:

  • specific liability exemption or liability limitation clauses;
  • clauses that delimit the subject of the agreement;
  • liquidated damages clauses; and
  • clauses setting a reversed burden of proof (when legally possible).

Asset transfer and assignment

Movable and immovable property

What rules, standards and procedures govern the transfer and assignment of movable and immovable property in the context of an outsourcing arrangement?

Regarding IT outsourcing arrangements, transfers and assignments of movable and immovable property can be carried out by drafting a transfer outsourcing agreement, allowing the company to transfer the property of an entire branch to the service supplier.

There are also more complex forms of agreements, such as joint-venture outsourcing agreements (funding a joint company which the entire IT branch can be transferred to). For digital products, delivery can be considered symbolic (eg, by delivering the password to access a user profile or the source code for the product). As for other types of agreement (including IT outsourcing agreements), the so-called ‘transferring consent principle’ is valid, according to which the transfer of property takes place at the moment that the agreement between the parties is reached.

Additional standards allow transfers of property on a contractual basis, including private purchase agreements, in which ownership is not transferred immediately (eg, purchases of property owned by someone else or where one party acquires ownership from a third party). There are contracts to sell goods which the seller does not own at the time of entering into the contract (ie, goods are transferred once they exist). Payments may also be made in instalments and the goods transferred when the last instalment is paid. These forms of transfer also apply to digital goods. Regarding movable property, the transfer of ownership typically occurs with the delivery of the goods. The transferring effect can also occur through a connection between contracts.

Intellectual property

What rules, standards and procedures govern the transfer and assignment of intellectual property in the context of an outsourcing arrangement?

The rules on intellectual property are mostly defined by Article 2575 et seq of the Civil Code, but also by the rules on service agreements, as well as in Italian copyright law (Law 633/1941 modified by Decree-Law 148/2017 and Law 518/1992) and the Industrial Property Code (Legislative Decree 30/2005). In particular, it is possible to transfer ownership of software by using the same rules as those applying to contracts for purchases of goods and, in particular, Article 1470 of the Civil Code. In certain cases, software programmers may reserve ownership of the source code, leaving a buyer unable to access the software’s source code without performing reverse engineering operations, which are normally contractually forbidden. A buyer would thus be able to use only the program, without access to its source code. In these cases, buyers only have the right to use the software, granted by means of a specific licence.

Applicable standards may apply by incorporating standard contractual clauses, but also standard or typified contracts, such as development software contracts. As well as being the most common form of IT outsourcing, such contracts are where the main issues surrounding intellectual property arise. These contracts could include software transfer clauses or a licence agreement for use of the software after development (for this reason, it is possible to find standard contractual clauses which limit the number of allowed copies of software or the maximum number of users which can simultaneously use software). Some examples of standard clauses cover:

  • liability of the supplier in case of delay or breach of contract;
  • liability of the supplier in case of bugs or flaws in the software;
  • rules on checking the software’s intermediate versions (prior to the final version to be delivered);
  • rules on potential changes to set deadlines for deliverables (as may have been agreed in the service level agreement); and
  • rules on final checks and acceptance of the work developed (eg, program or software).

Transfer of ownership takes place under a contract for transfer of the software, which is different from a licence agreement which applies only to the use of software, without the transfer of ownership. In other words, licence agreements may lead to a transfer of the software in a material support, but not of the software’s ownership. In this case, the transfer concerns only the non-exclusive right to use the software, without transfer of ownership over the program. In the licence agreement, it is typically established that the author of the software retains all rights (including those granted via the licence) and may grant those rights without limitations to other licensees.

Rights transfer

How can a customer’s rights and obligations under another contract be transferred/assigned to the supplier?

Customers’ rights under another contract may be transferred to suppliers by:

  • assigning the contract under Articles 1406 to 1410 of the Civil Code (this must be established in the contract itself);
  • using a specific Italian institute regarding contractual obligations on either party’s side;
  • using a licence agreement which permits certain contractual rights, such as the right to commercially explore software, which includes the transfer of some connected rights; and
  • using a ‘contratto per persona da nominare’ under Articles 1401 to 1405 of the Civil Code.

Data protection

Regulation

What rules, standards and procedures govern the protection and transfer of data in the context of an outsourcing arrangement? Are there any sector-specific regulations in this regard? What are the penalties for non-compliance?

The main rules are set out in the General Data Protection Regulation (GDPR) and there are no specific standards other than those applying to data transfers outside the European Union; however, mandatory rules apply in regard to designating data processors.

The following procedures ensure validity and govern the protection and transfer of data in the context of outsourcing arrangements:

  • identifying and selecting a processor between those which are more GDPR compliant in terms of technical expertise and security measures for protecting personal data;
  • defining the processing activities assigned to the processor;
  • defining the security measures to be applied to the personal data, including the potential appointment of sub-processors and implementation of relevant safeguards;
  • identifying data controller and processor obligations;
  • ensuring parties cooperate (the principle of accountability);
  • identifying the locations (ie, within or outside the European Union) where data will be processed and stored on behalf of the data controller (if provided) and, in case of transfers to non-EU countries, defining the appropriate safeguards to ensure the lawfulness of said transfers, such as adequacy decisions, standard contractual clauses and binding corporate rules;
  • outlining provisions concerning the deletion and return of personal data (eg, in case the agreement is terminated) and further retention of personal data;
  • outlining obligations in case of a personal data breach;
  • establishing adequate privacy and confidentiality obligations (eg, non-disclosure agreements); and
  • defining disaster recovery and business continuity procedures.

As regards specific regulations on the protection and transfer of personal data, the GDPR has been integrated into the former Data Protection Code, as modified by Legislative Decree 101/2018. Where a sub-processor is also a system administrator, it is necessary to respect the Data Protection Supervisor Regulations of 27 November 2008 and subsequent amendments and integrations. Italian civil law provisions regarding contractual liability also apply.

Penalties for non-compliance with these rules are listed in Articles 83 and 84 of the GDPR and Section III of Legislative Decree 101/2018.

Employment and labour

Employee transfers

What rules, obligations and liabilities apply to the transfer of employees to and from the customer and supplier (including with regard to offshoring arrangements and termination of the outsourcing contract)?

The main rules that apply to the transfer of employees to and from customers and suppliers are set out in:

  • Legislative Decree 276/2003;
  • Law 99/2013;
  • Legislative Decree 81/2005, concerning temporary employment agency work contracts and Law 1369/1960, on the prohibition of interposition and intermediation of manpower; and
  • Legislative Decree 8/2016, concerning criminal liability for abusive temporary employment agency work contracts.

Liability concerns apply, particularly the abusive use of temporary employment agency work contracts, such as where temporary employment agency work contracts are relied on instead of standard employment agreements for fiscal and/or economic benefit (eg, to avoid having to hire employees).

Obligations and liability depend on the configuration of the contracts, particularly temporary employment agency work contracts (Article 30 of Legislative Decree 81/2015) and employment or service agreements (Articles 1655 et seq the Civil Code). The ‘contratto d’appalto’ framework can be used only if a company:

  • is responsible for its own risk management;
  • uses its own organisation (in terms of personnel and infrastructure); and
  • has an effective power to issue directives and instructions to workers.

Service agreements must fulfil one of a number of criteria in order to be classified as an ‘appalto’, as highlighted by the Consiglio di Stato, such as the requirement for a certain number of hours of work or for a worker to have been placed in an organisation in a stable manner. Where a fraudulent service agreement is entered into, criminal penalties are defined by Article 18 of Legislative Decree 276/2003. At the end of the outsourcing period, hired workers should not be terminated unless there are conditions for dismissal with objective and just cause. Article 2112 of the Civil Code establishes that, in case of transfer of a company branch, employees will retain their rights under employment law; however, outsourcing is sometimes unlawfully relied on in practice as a covert pretext to dismiss employees.

Definition of ‘employer’

How is ‘employer’ defined in the context of an outsourcing arrangement, and how does this affect the parties’ responsibilities and liabilities?

Italian law defines these workers as ‘interinali’. In this case, the formal employer for the work is not their effective employer. An interinale agency will hire these employees and comply with their corresponding salary and tax/duty payment obligations. As such, the agency remains responsible for these obligations, even if these employees actually perform work for another person or company.

Organised labour issues

To what extent are labour unions and works councils involved in outsourcing arrangements?

In certain cases (depending on the number of employees involved in a company), trade union agreements are put in place before an outsourcing project, with trade unions acting as a mouthpiece for employees’ rights, in order to handle concerns about potential termination or dismissal of employees.

Immigration

What immigration schemes and rules are pertinent in the context of outsourcing arrangements?

The rules on the so-called ‘distacco’ of employees (ie, the transfer of employees from one branch to another) and on transfers of company branches (as employees may also be transferred to other companies in this manner).

Tax

Liability

What tax liabilities arise in the context of an outsourcing arrangement? Can these be mitigated in any way?

It appears that there are no specific favourable tax provisions in the context of outsourcing arrangements. Contractual relationships generally originate deductible costs on an accrual accounting basis (at the conclusion of the service), as provided for all general costs which no longer generate utility for a company.

Dispute resolution

Common disputes and resolution forms

What are the most common types of dispute arising from an outsourcing agreement and how are they typically resolved? Is alternative dispute resolution (ADR) common and effective?

The most common types of dispute concern breaches of contract, contractual liability or tort liability, violation of copyright or disputes about withdrawal from a contract. The most common ADR mechanisms are civil and commercial mediation, assisted negotiation and arbitration (institutional or non-institutional). These kinds of ADR mechanism are commonly use in Italy as they avoid long and expensive judicial proceedings, achieving dispute resolution in a rapid time and saving on costs. Arbitration also allows the parties to choose competent and expert arbitrators and offers more detail and confidentiality than a standard judicial proceeding. In terms of effectiveness, sentences given in institutional arbitration proceedings have the same value as court judgments.

Recent case law

Has there been any notable recent case law which may affect the resolution of outsourcing disputes in future?

Case 3178/2017 (Cassazione) held that outsourcing is unlawful if the contractor is not independent and autonomous, but merely limits itself to functions relating to the administrative management of employees.