Morgan Lewis’s technology, outsourcing, and commercial contract team, along with Boston Consulting Group, recently hosted a roundtable dinner in London, during which senior stakeholders from technology suppliers and large businesses discussed how the rapid evolution of artificial intelligence (AI) is impacting offshoring and outsourcing.
Tech & Sourcing @ Morgan Lewis
TECHNOLOGY TRANSACTIONS, OUTSOURCING, AND COMMERCIAL CONTRACTS NEWS FOR LAWYERS AND SOURCING PROFESSIONALS
The European Supervisory Authorities (ESAs) published on November 18, 2025 a list of 19 critical information and communications technology (ICT) third-party providers (CTPP) that will be subject to direct oversight under the EU Digital Operational Resilience Act (DORA). The list includes hyperscale cloud providers, data center providers, infrastructure and network providers, and providers of financial services-specific technology.
Open-source software (OSS), by its nature, is sometimes overlooked as part of technology transactions. OSS is often a key aspect of a business’s software ecosystem, whether it is used in internal systems or forms a fundamental part of solutions that are sold to customers or used to provide services to customers; however, OSS often sits in the background, as a foundation of a software solution, and can therefore go unconsidered by those not familiar with its uses, benefits, and risks.
From routine commercial contracts to complex technology transactions and global outsourcing arrangements, terms relating to artificial intelligence remain a key point of negotiation in agreements of all sizes and across the full spectrum of subject matter.
As ransomware threats, data breach litigation, and supply chain cybersecurity concerns become increasingly more common and costly, buyers of tech, SaaS, and outsourcing services are giving far more weight to cyberliability insurance requirements in their contracts. While cyberinsurance provisions are becoming a routine point of negotiation in technology and outsourcing agreements, expectations on coverage, limits, and scope may vary widely.
The European Banking Authority (EBA) recently published a consultation paper (Consultation) that proposes to expand third-party risk management requirements for certain EU-regulated financial entities. The Consultation would extend the EBA’s current guidelines around outsourcing arrangements (EBA Guidelines) to all third-party services arrangements, excluding those services that are within scope of the EU Digital Operational Resilience Act (DORA), and would add further requirements to the existing guidelines, aligning with those requirements introduced under DORA.
Clauses dealing with intellectual property (IP) rights in commercial agreements can present nuanced challenges, particularly when they relate to information exchange. Two such clauses that often surface in technology contracts are residuals clauses and affirmative feedback licenses. While both relate to information shared during the course of a commercial relationship, they serve very different purposes and have distinct implications for IP ownership, confidentiality, and future use.
Today’s retail operations depend on far more than the products on store shelves or the design of an ecommerce site. Behind the scenes, a fulfilment provider may rely on regional couriers, a payment processor on a cloud host, and a call center on an outsourced customer service team. These multi-tiered networks enable retailers to meet rising expectations for speed, convenience, and availability, but they also introduce points of failure that can disrupt service, delay deliveries, or compromise sensitive customer data.
Commercial contracts are typically represented by two separate, yet equally important, components: the master agreement that contains primarily legal terms, and the ordering documentation that contains primarily commercial terms.
Logistics issues in all phases of the supply chain have their own set of challenges at an international level.