Irish contracting authorities are increasingly looking to cloud services as possible solutions to their IT needs. Cloud IT services often present a number of clear benefits to the public sector:

• more attractive pricing models (with the ability to scale up and down as needed);
• greater functionality in most instances than on-premise solutions; and
• lower in-house IT support requirements.

As a consequence, the Office of the Government Chief Information Officer previously advised that the public sector should take a “cloud-first approach”, reinforced in its October 2019 Advice Note. However, there are four key issues faced by the public sector in tendering for cloud computing services:

1. The OGP Services Contract, used for almost all tender processes in Ireland, is unsuitable for the procurement of cloud services (and ICT in general). This is acknowledged by the OGP in the User Guide for the Services Contract and is largely due to the intellectual property provisions of the OGP Services Contract and the respective lack of a default liability cap. These provisions do not reflect market realities, and suppliers often refuse to sign up to these terms (instead proposing the use of their own terms and conditions).
2. The vast majority of tender processes conducted in Ireland are either open or restricted procurement processes, which do not allow for negotiations during tender processes and only permit post-tender changes that do not affect the commercial terms of the contract. This means that cloud computing suppliers are often faced with the dilemma of deciding not to bid for a public sector tender opportunity or hoping to force a contracting authority into accepting amendments after the tender has been awarded. Contracting authorities, likewise, are often forced into accepting amendments to the draft contract as issues only come to light after the successful supplier has been selected.
3. Cloud computing suppliers typically rely upon a complex interlinking set of terms and conditions, reflecting the “Russian doll” nature of their services. A cloud supplier could offer to a contracting authority a solution that consists of the configuration (subject to one set of terms and conditions) of a standard product (such to other general terms and conditions) which runs upon the infrastructure of a major cloud provider (such as Amazon Web Services or Microsoft Azure, bringing their own terms and conditions).[1]
4. Finally, cloud suppliers often have different commercial offerings – making it difficult for the public sector buyer to evaluate like for like. The traditional fixed cost model used for tender processes may not apply, as certain suppliers may offer a “pay as you go” model based on usage of the service (e.g. storage, tickets raised, expenses paid etc.).

The Office of Government Procurement’s Cloud Services Procurement Guidance Note published in February of this year provides some helpful clarification on the approach to be taken by public bodies. Whilst the note indicates several times that legal advice should be obtained, it does provide valuable guidance on key contract terms to be considered and how best to conduct a tender process for cloud services.

The Guidance Note cautiously endorses a common approach where a cloud service provider’s standard terms and conditions are included as a schedule to the contract tendered by the contracting authority, with the contracting authority’s terms and conditions taking precedence over the cloud service provider’s standard terms and conditions in the case of a conflict. This is a similar approach to that taken by the UK’s G-Cloud, where some minimum contractual terms are specified to allow for a degree of certainty for cloud suppliers.

The Guidance Note emphasises the need for the public sector to undertake pre-market engagement, and in particular the need to engage with the private sector on the contractual and commercial terms that would govern any contract. Pre-market engagement is permitted (and encouraged) by public procurement legislation, provided that equal opportunity is provided to suppliers – as a consequence, contracting authorities should consider publishing a prior information notice on eTenders and/or the OJEU to obtain the greatest level of input and to potentially “net out” any issues from potential suppliers (such as unrealistic liability caps or service requirements or discriminatory specifications).

As the public sector’s terms will take precedence, the form of contract issued with the tender must be fit for purpose in the first instance. As identified above, the open and restricted tender procedures do not allow for negotiation and if the contract terms that take precedence include terms that are too onerous the position will be very similar to that already experienced by the public sector. Appendix 1 of the Guidance Note contains a non-exhaustive list of issues to be considered in preparing a cloud services contract and (in our opinion) reflects many, if not most of, the key issues arising in public sector IT contracts. However, whilst the Guidance Note provides a number of considerations for the public sector to take into account for the preparation of cloud services tenders, it does not recommend any particular positions on key issues. On topics such as indemnification and liability caps – key commercial and risk sharing issues that frequently cause conflict between the public sector and cloud service providers – contracting authorities are simply informed that they should “conduct appropriate risk assessments and seek the advice of the State Claims Agency and/or their legal advisors, as required”.

Despite these drawbacks the publication of this Guidance Note should be welcomed – the considerations raised in Appendix 1 are sensible and provide some comfort to contracting authorities that are procuring cloud services. The procurement of cloud services by Irish contracting authorities is an inherently complex area and, as the Guidance Note suggests, contracting authorities should obtain expert assistance and legal advice on the preparation of its tender procedure and its proposed contract. In particular, we recommend that contracting authorities consider whether the competitive dialogue procedure is a more appropriate route to procure a cloud services provider (particularly in high value or complex procurements) as this permits discussion with the market on all aspects of the tender and greater flexibility to finalise the form of contract with the preferred tenderer.

Given these complexities and the emphasis placed on the procurement of cloud services by the Irish Government, it remains a great shame that the Government Cloud Services Catalogue (GCSC) was cancelled in 2015. With the proposed revitalisation of the Metrolink and DART expansion projects, perhaps the GCSC should be viewed with similar nostalgia.

[1] The OGP note provides a useful diagram showing this in Figure 1 (page 11).

Our IT procurement team advises the public sector on some of the largest public sector IT projects currently being undertaken in Ireland, including numerous competitive dialogue processes. For more information on this article, or our IT procurement team, please contact Kerri Crossen, Sean McElligott or Patrick Kane.