In Part 1 of this Contract Corner, we discussed the renewed focus on resilience in outsourcing agreements for 2026 and how resilience is increasingly becoming a design requirement, not just an untested BCP. In Part 2 we look at how geopolitical pressures can quickly become delivery constraints and how many organizations are leveraging global capability centers as an anchor for critical knowledge and continuity, and provide a practical 90-day action plan and high-level contract checklist that deal teams can leverage during strategy planning.
Be sure to review Part 1 for more detailed information on the baseline contract mechanisms that make resilience more measurable and enforceable, including BCP/DR provisions “with teeth” (e.g., RTOs/RPOs, testing), portability and knowledge-transfer standards, surge capacity terms, step-in rights for critical services, and termination/exit assistance as a practiced operating capability.
Geopolitics: Impact on Delivery and Contracting
In 2026, geopolitics in the news is a near-constant. For outsourcing agreements, it is important to frame geopolitics not as a news topic, but as a potential delivery constraint impacting contracts and operating models.
In today’s environment, there are various layers of geopolitical risk exposure for outsourcing arrangements, including:
- Talent mobility constraints, such as visa and travel restrictions
- Physical continuity risk (i.e., whether a delivery center can keep operating through local disruptions or instability)
- Policy volatility, such as tariffs, procurement restrictions, or other sudden regulatory shifts
- Data localization and cross-border restrictions
- Sanctions and export controls, which may be sector-specific and low-frequency but are often high-impact
All this to say one should not solely be asking whether a particular country is risky. Instead, in contracting we should be looking at the types of services and workloads that are being placed in particular locations and assessing the potential risk exposures that could be triggered.
From a contracting perspective, the key building blocks to manage these geopolitical risks include the following:
- Service location transparency: A list of all approved service locations, including those used by subcontractors, and the services performed from each location
- Preapproved alternate locations: A list of preapproved alternate locations
- Location change control: Notice and customer approval requirements for service location changes, with appropriate security, data, and continuity assessments where appropriate
- Trigger-based governance mechanisms: Predefined relocation events and decision rights to enable location optionality for re-routing work when an event occurs
By setting up preapproved options and location change control, the contract can help avoid a common failure during disruptions: spending weeks debating options at the moment when the business needs action in days.
GCCs as a Resilience Anchor
As companies consolidate vendors and locations in the post–COVID-19 era, many are also establishing or expanding GCCs as a central component of their technology and shared services strategies.
As we discussed in our December 2025 webinar, organizations are leveraging GCCs to drive innovation, manage costs, and build strategic capabilities while addressing key challenges associated with resilience, such as greater control over talent and cross-border operations. In other words, a GCC is often positioned as a resilience anchor that allows a company to retain control over critical knowledge and continuity, use vendors for scale and specialization, and design an integrated model for failover where the GCC is able to absorb work during a disruption.
The contractual implications of incorporating GCCs into the operating model include:
- Ensuring MSAs allow for modular scope rebalancing to and from the GCC without punitive costs
- Ensuring access to facilities and personnel to enable the stand-up and scaling of the GCC
- Designing and implementing an integrated governance model between the GCC and third-party service providers that supports coordinated delivery and operational handoffs
Action Plan: The Next 90 Days
For strategic planning purposes, several near-term steps can help operationalize resilience without waiting for a major incident:
- Map the portfolio by criticality, portability, concentration, and location exposure
- Rationalize vendors with guardrails (consolidate, while monitoring concentration risk for critical services)
- Standardize “resilience” contract terms across the portfolio (e.g., BCP/DR tests, portability standards, location register, transition drills)
- Stand up a “geopolitics and talent” governance forum to manage location risks with defined triggers and decision rights
- Pilot a GCC and provider model, including defining what the GCC anchors and what the provider scales, with a measured time to reroute work
Contract Checklist: Resilience Readiness
To close, below is a practical checklist that can be used as a tool for contracting and negotiation planning:
- Can work be moved to a new location without a contract amendment or major delay?
- Does the organization have a live location and subcontractor register?
- Are RTO/RPO and DR tests mandatory and audited?
- Do we have surge capacity terms with defined activation time?
- Is knowledge transfer measurable (artifacts + training + shadowing)?
- Does the exit plan include priced transition assistance and tooling handover?
- Do we have governance triggers for geopolitical/regulatory shifts?
- If we build a GCC, do we have clean rights to rebalance scope and an integrated governance model?