For more information, please contact:
Tel: + 49 30 2200281 720
Tel: + 49 30 2200281 729
First decision on "no spy guarantee" issued by German Federal Public Procurement Chamber The German Federal Ministry of the Interior only recently published its administrative guidance introducing a "no spy guarantee" requirement for companies entering into certain procurement contracts with the German Federal Government. The German Federal Public Procurement Chamber has now issued the first decision regarding the admissibility of a "no spy guarantee" under public procurement law (VK Bund, VK 2-39/14, dated 24 June 2014). 1. Decision of the Federal Public Procurement Chamber The decision of the Federal Public Procurement Chamber might be the starting point for a number of future proceedings regarding the implementation of a "no spy guarantee" as a self-declaration into tender procedures. What comes quite as a surprise - and what should particularly alert German subsidiaries of U.S.-based parent companies - is that the proceeding before the Procurement Chamber was initiated by the German competitor of a German subsidiary of a U.S.-based company, whereas many may have expected that the first proceeding before a Procurement Chamber would be initiated by a German subsidiary of a U.S.-based company after being excluded from a tender procedure by a public authority. In the proceeding at hand, the public authority planned to award the contract to the German subsidiary. However, the competitor claimed in the review procedure that the public authority was required to restart the tender procedure and to reenter into the review of suitability and to require the bidders to submit for this purpose a "no spy" self-declaration pursuant to the administrative guidance issued by the Federal Ministry of the Interior. The Procurement Chamber rejected this argument mainly due to formal reasons: The tender procedure had been initiated before the administrative guidance was published. Bidders should note that the Procurement Chamber confirms the prevailing public opinion in Germany and states that U.S. companies and their German subsidiaries are obliged to disclose data to U.S. security authorities (e.g., pursuant to the USA Patriot Act). 2. Self-declaration not part of review of reliability
Jonathan C. Poling
Partner, Washington, D.C.
Tel: + 1 202 835 6170
Tel: + 49 69 2 99 08 189
Pursuant to the administrative guidance, the self-declaration has to be part of the review of reliability and it will be implemented into the tender procedure as a supplementary proof of suitability. However, in its decision the Procurement Chamber clearly states that the problem of a data disclosure by U.S.-based companies cannot be solved with such a supplementary proof of suitability; because the review of reliability can only take into account circumstances that can be attributed to the bidder and can be influenced by him. Only these circumstances can be considered for the assessment of his reliability. This, however, is not the case for a bidder's legal obligations in his national jurisdiction: " Only circumstances that the bidder can influence are attributable to the bidder. However, if the bidder is subject to particular obligations under the laws of another country he cannot circumvent (here the USA Patriot Act 2001), it is inadmissible to question the bidder's reliability even if, subsequently, the bidder inevitably violates the provisions of another law, in this case with regard to the disclosure of data." (VK Bund, 2-19/14, dated 24 June 2014) The Chamber underlines that the fact that only circumstances that a bidder can influence may be part of the review of reliability also derives from the European Directives on Procurement Law: Pursuant to Art. 57 Para. 4 lit. c) Directive RL 2014/24/EC, a contracting authority may only exclude a bidder from a tender procedure (inter alia) if the contracting authority can demonstrate by appropriate means that the bidder is guilty of grave professional misconduct which renders its integrity and reliability questionable. According to the Procurement Chamber, it seems questionable whether it can be qualified as grave professional misconduct if a bidder is obliged to disclose data due to the laws in his national jurisdiction. 3. Self-declaration as a further requirement for execution of the contract According to the Procurement Chamber, the self-declaration should rather be qualified as a further requirement regarding the execution of the contract pursuant to Sec. 97 Para. 4 Sentence 2 GWB. However, the Chamber did not assess this question any further because the requirement of a self-declaration in the tender at hand was already rejected due to formal reasons (see above). If the self-declaration is indeed qualified as a supplementary requirement regarding the execution of the contract it will require a formal legal basis, which does not (yet?) exist in Germany. The administrative guidance is no such statutory basis. 4. Key learning points The requirement of a "no spy" self-declaration is likely to be applied to all tender procedures which involve security-sensitive data and have been initiated after 30 April 2014. German subsidiaries of U.S.-based parent companies should be aware that German competitors or competitors from other countries will review thoroughly upcoming
tender procedures which could include security-sensitive data. It is likely that they will initiate proceedings whenever a "no spy" self-declaration was not required in the tender procedure, but also whenever a German subsidiary of a U.S.-based company submits such a self-declaration (questioning the validity of such a declaration). The legality of future tender procedures will depend on how the "no spy" self-declaration will be implemented and on the content of the self-declaration. This will determine whether or not a statutory basis (i.e., an amendment of the German public procurement legislation) is required. Furthermore, the admissibility of a contractual "no spy" clause under German civil law, in particular the applicable rules governing general terms and conditions deserves detailed review. In view of the legal uncertainties surrounding the "no spy" clause, affected bidders should file complaints against the public authority immediately after receiving tender documents that include a "no spy" self-declaration in order to preserve their rights and to prevent from being forced to submit a self-declaration which may be wrongful. Since the legal situation is rather unclear at the moment, bidders should seek legal advice if they intend to participate in a tender procedure. Current debate in Germany regarding U.S. IT companies and "no spy guarantee" The German Federal Ministry of the Interior has recently published its administrative guidance regarding a "no spy guarantee" for companies that enter into certain procurement contracts with the German Federal Government. Several recent press articles also purport that a number of Federal States, so far including the states of Bremen, Hamburg, Schleswig-Holstein and Saxony-Anhalt, also plan to introduce comparable guarantee requirements for their IT tender procedures. 1. What is a "no spy guarantee"? Pursuant to the guidance, the Procurement Office of the Federal Ministry of the Interior can demand from bidders in upcoming tender procedures with possible security relevance a binding self-declaration. In the self-declaration, the bidder declares that he is capable of complying with contractual confidentiality obligations and, in particular, under no obligation to disclose to third parties confidential information, business and trade secrets, of which he gains knowledge in the course of the contractual relation with the public authority. Pursuant to the guidance, confidential information is defined as any information which would be qualified as security-sensitive by an objective third party or which is marked as
confidential. The declaration does not apply if the bidder is legally obliged to disclose such information to foreign public authorities that are not security authorities, such as securities and exchange supervisory bodies, regulatory authorities or financial authorities. However, he must not be obliged to disclose information to foreign security authorities. The guidance also recommends to supplement the contractual terms and conditions currently used in procurement procedures with a clause pursuant to which the bidder is required to give written notice to the public authority if he is no longer able to comply with the confidentiality clause. Whether a self-declaration is requested or not may be left up to the contracting government agency to decide on a case-by-case basis, taking into account whether the procurement at hand requires a more stringent security-sensitive approach or not. 2. How will a "no spy guarantee" work? Pursuant to the decree, the self-declaration will be part of the review of reliability (pre-qualification review) and shall also work as a presumption of proof concerning the obligation of the bidder to disclose confidential information to third parties. This means that bidders who submit a signed self-declaration even though they know that they are legally obliged to disclose confidential information to foreign security authorities will be excluded from the tender procedures. Bidders who do not submit a self-declaration will be excluded because bidders are requested to submit complete tender documents. The supplementary confidentiality clause in the contractual terms and conditions could lead to an extraordinary right to termination of contracts. 3. How could a "no spy guarantee" affect foreign IT companies? The "no spy guarantee" is likely to affect foreign IT companies in at least three ways. First of all, even though a German subsidiary of a foreign company is not legally bound to disclose confidential data to foreign security authorities, there is a potential risk of exclusion. U.S.-based companies should be aware that the prevailing public opinion in Germany is that U.S. companies will not be able to submit a truthful declaration regarding a "no spy guarantee" due to their legal obligations in the U.S. (e.g., USA Patriot Act). Although the Patriot Act includes provisions where U.S. companies may be compelled to produce relevant information as part of national security investigations, it is unclear if the existence of lawful court orders in the U.S. and pursuant to the Patriot Act would be viewed as a permissible exception for U.S. companies to the “no spy guarantee.” Secondly, it might not be sufficient if a German subsidiary of a U.S.-based group that participates in a tender procedure in Germany submits the self-declaration because there might be spillover effects (e.g., due to personnel overlaps). It is
finally important to note that the proposed "no spy guarantee" will not only be required from companies or entities who want to contract with public authorities, but also from companies who are subcontractors. 4. Are there remedies under public and procurement laws to challenge a "no spy guarantee"? The implementation of the "no spy guarantee" as a self-declaration in the context of the review of reliability could be challenged with a review procedure before the Public Procurement Board and, in case the review procedure is not successful, an immediate appeal before a Higher Regional Court. The supplementary confidentiality clause in the contractual terms and conditions could be challenged in a civil law proceeding and also with a review procedure before the Public Procurement Board and, in case the review procedure is not successful, an immediate appeal before a Higher Regional Court. 5. Not yet discussed, but essential: eligibility of a "no spy guarantee" under the EU Treaty? Following the current debate in Germany about a "no spy guarantee", one cannot help but think about the compatibility of the guarantee with EU law. Such a guarantee could be regarded as an infringement of the principle of non-discrimination, because certain U.S. companies who have been in a leadership position in IT tender procedures for years will now be confronted intentionally with obligations and requirements that they can most likely not comply with due to their national laws, even though they would like to do so. A "no spy guarantee" could also infringe with the principle of equal treatment since there could be IT companies from other countries which might have similar national laws as U.S.-based companies but are currently not discussed at all. This question of compatibility with EU law requires further intensive review.