The countdown to the United Kingdom’s separation from the European Union began in late March when U.K. prime minister Theresa May officially triggered the “Brexit.” With just less than two years until the U.K. is officially out of the EU, the date of departure is one of the few certainties regarding the situation. “No country has ever travelled this path, and there is no turning back,” says Craig Wright, managing director for business transformation and outsourcing advisory firm Pace Harmon.
[ Related: Brexit: a project doomed to fail ]
But global CIOs cannot afford to simply wait and see what the post-Brexit world holds. They must begin preparing now for the impact of potential legal and regulatory changes on their IT services strategies.
“While all current U.K. laws and regulations will remain in place during the Brexit process, all IT service providers and recipients of such services must be highly vigilant and plan for significant restructuring of commercial agreements, regulatory compliance requirements, and the associated redefinitions of controls and audits,” Wright says.
Since the U.K. triggered Article 50 (the portion of the Lisbon treaty that enables a member of the EU to leave), the European Parliament has voted overwhelmingly to back a plan that calls for a three-phased negotiation:
- Phase 1 will settle key questions regarding U.K.'s exit, such as the EU’s costs of U.K. exit, reciprocal rights of EU citizens, and issues regarding the one EU-U.K. land border between the Republic of Ireland and Northern Ireland.
- Phase 2 will focus on the future trade agreement (FTA).
- Phase 3 will define a possible transitional arrangement to cover a period of no longer than three years.
Once the U.K. and EU come to terms over the estimated $62 billion in costs the EU says will arise directly from Brexit, the trade talks will begin. “With 43 years of treaties and agreements covering thousands of topics to disposition, the future UK-EU trade deal is expected to be highly complex,” says Wright. “It will also be subject to last minute changes as it will require the approval of parliaments across Europe’s remaining 27 EU nations.”
The ‘Great Repeal Bill’
For its part, the British government has drafted its “Great Repeal Bill,” that would eradicate EU legal powers over the U.K. and automatically transform existing EU laws into British statute so that "the same rules will apply after exit day" as the day before. “The Great Repeal Bill has many implications for outsourced IT services agreements as the whole regulatory and legal basis in the UK is subject to change,” Wright says.
“In addition, there is concern that Prime Minister Theresa May might consider ‘no deal for Britain is better than a bad deal for Britain.’” If the UK leaves the EU without a trade agreement, it would operate under World Trade Organization (WTO) rules, requiring customs checks, tariffs and significant tax liabilities. “This scenario would result in chaos for British-based IT services as well as inhibiting cross-border service delivery to EU nations,” Wright says.
That would most directly impact the U.K. IT services market with an estimated value of $74.5 to $93 billion a year and growing at a rate somewhere between 2.6 percent and 4.2 percent a year. “The market for UK clients is expected to continue to grow,” Wright says, “however significant slowdown or contraction depending on the nature of the services is expected for IT services delivered from the UK to EU countries.”
Global companies that outsource to the UK will need to restructure contracts
Global companies with significant IT infrastructure and operational support services that outsource to the U.K. must revisit and potentially restructure their IT services deals. Companies in the remaining EU nations that outsource to the UK will face the most turmoil. Once the specifics of the UK’s negotiated departure from the EU are clarified, CIOs will have to quickly reassess their IT services deals, potentially restructure them to address new tax, customs, and regulatory requirements, and continue to assure service delivery for their companies.
“To put it in simple terms, they will need to continue in the short term to operate business as usual as a fully compliant EU-member and—post Brexit, within the to be negotiated transition period — demonstrate compliance with both the new UK regulations and re-establish the EU services as a non-EU member compliant solution,” says Wright.
Certain sectors of IT services will be most affected “For core digital infrastructure there is a very real risk that the UK could be deemed inadequate as a data host owing to the lack of ability to certify compliance with EU laws such as the new General Data Protection Regulation (GDPR) and Network Information Security (NOS) directive post-Brexit,” says Wright.
Following the introduction of GDPR in 2018, for example, UK data centers will need to rapidly transition from an EU to non-EU treatment, and somehow overcome the lack of a mature equivalent framework, processes, and procedures for certifying UK-based data services. Any failure to comply with GDPR may result in fines as high as 5 percent of a company’s annual revenue. “The No. 1 concern will be how to ensure the continued free flow and protection of data,” says Wright.
For traditional infrastructure services—data center, service desk, remote infrastructure management, managed security, end user computing--the expected future restrictions on cross border trade, tax implications, and custom tariffs may erode the business case for outsourcing IT to the UK. “It could even impede performance to a level that such services may no longer be viable across UK-Europe borders,” Wright says.
“Global CIOs must pay particular attention to Brexit to ensure that discretionary spend budget and key resources have the appropriate plans or commitments to address essential changes pre-Brexit exit on March 29, 2019 and through the end of the negotiated transition period,” Wright says. “In addition, IT organizations will need the support of enabling functions such as human resources, legal procurement, and vendor management to review Great Reform Bill and Brexit negotiated outcomes.”
The major milestones for CIOs to keep an eye on include the following:
- U.K. parliamentary review of Great Repeal Bill (Late 2017): This will provide the first opportunity for an initial assessment of legal impacts on managed service agreements and other IT contract documents.
- Royal assent of Great Repeal Bill (Mid 2018): At this point, any gaps in the legislation should be addressed, enabling IT organizations to confirm legal impacts and initiate contractual change activities.
- Brexit negotiations wrap up (Fall 2018): This will create clarity the regulatory, operational, audit, and reporting impacts on IT services.
- U.K. Houses of Parliament, European Council, EU Parliament, and remaining 27-member Parliament vote on deal (Early 2019): This will confirm IT impacts and enable CIOs to begin related IT change programs
- Transition period begins (March 2019): CIOs can structure timelines for completion of IT projects to address necessary digital transition and transformation requirements.
While the Brexit process will be challenging for global CIOs, global IT services providers recognize this as an opportunity to help those IT organizations structure and execute their transition plans. “Also potential restructuring of service delivery locations may provide growth opportunities within EU alternate business centers as well as sustained growth in UK markets,” Wright says.