IT suppliers may be subject to a duty of care that determines what effort a customer can expect in addition to the contractually agreed-upon obligations. How far does this duty of care extend? Under what circumstances can a customer successfully complain that the IT supplier breached its duty of care? And what should IT suppliers pay attention to in order to avoid this?
In ICT services, knowledge is often not evenly distributed. While most customers are knowledgeable within their own field, they are not in the area of ICT. They therefore decide to enlist the help of a professional IT supplier. Then - precisely because of that difference in knowledge and expertise - a (special) duty of care on the part of the supplier is assumed. A breach of that duty of care can constitute breach of contract. Customers can then rescind the contract or claim damages.
An IT contract generally qualifies as a contract for services, in which the IT supplier is the contractor. In the performance of that agreement, he has the duty to exercise the care of a good contractor in his activities (Art. 7:401 of the Civil Code).
This duty of care is an open standard. In the RBC v. Brinkers judgment, the Supreme Court gave as a criterion that the supplier "must act at least as may be expected of a reasonably acting and reasonably competent professional in that situation." Although this case dealt with consultancy, the Amsterdam District Court ruled in CGI v. Steel Bankers that the duty of care also applies outside of consultancy work.
A "reasonably acting and competent professional" is a hypothetical person, on the basis of which the duties of a party can be tested in a concrete situation. To determine what requirements are placed on that person, industry customs play an important role. If the industry in which the supplier works sets quality standards for the way assignments are performed, then in principle this quality may also be expected by the client. In fact, these quality standards define what custom should be.
In this context, also read this blog by Jacintha van Dorp, in which she discusses quality of care standards.
In addition to the aforementioned duty of care under the law, case law has also developed the doctrine of the special duty of care. This is a heightened duty of care that falls on the party that - compared to the other party - has a significant advantage in knowledge, expertise or expertise. In this case, the IT supplier.
A special duty of care aims to balance the imbalance of knowledge and skill and does so through a heavier information, investigation and warning obligation. Ultimately, a special duty of care may even require suppliers not to accept an assignment or to push for termination of the IT agreement.
In order to assess whether there has been a breach of the duty of care, the facts and circumstances of the case must first be considered. What may lead to a breached duty of care in one case may not necessarily lead to the same outcome in another scenario. As mentioned, these are open standards that have been further colored in case law. Below I discuss a number of relevant rulings, grouped by topic.
The (special) duty of care entails a duty of information investigation and warning. In this context, the supplier must put the customer's interests first. This means, among other things, that he may not simply discontinue the service, even if the contract has been lawfully terminated. In addition, he must observe a reasonable deadline and, if necessary, perform migration work (Central Netherlands District Court, May 23, 2019 ANVA/Stepco).
The IT supplier is the one with final responsibility. In that capacity, he must monitor the progress of the project, observe at least the basic rules of proper project management when carrying out a project (Amsterdam Court of Appeal, November 22, 2001 KIN v Capgemini), and make every effort to bring a project - however complex - to a successful conclusion. To this end, he must employ skilled personnel and, if necessary, hire additional personnel. (Gerechtshof s-Hertogenbosch, November 3, 2015 Tweesteden Ziekenhuis/Alert). The IT supplier will also have to hold the customer accountable if it fails to cooperate energetically (Utrecht District Court, May 30, 2007 Kwetters/Profuse).
IT suppliers must, with respect to promised results and cost control, keep the reasonable interests of their client in mind and inform him about progress in an understandable and orderly manner (Overijssel District Court, February 20, 2007 TeamM/STZ). It may happen that the progress of a project will only cost more money without any benefit to the customer. In that situation, the supplier has a duty to inform and must point this out to the buyer. In certain cases, he must even push for suspension or termination of the contract (Amsterdam District Court, January 18, 2017 CGI v. Steel Bankers).
The duty of care also entails a number of information and warning obligations regarding functionality and cost control. With regard to the functionality of the system to be delivered, a customer may expect that an average employee can work with it. In this regard, quality standards from a particular industry may apply as benchmarks, even if they are not explicitly included in the agreement (Amsterdam District Court, December 18, 2019 Smart Connections/Allsafe Management).
When the client is an inexperienced buyer, this obligates the supplier to guide its buyer in testing the functionality, such as when there is an Agile project. Indeed, in that method, the progress and success of a project depends on the test feedback obtained (North Holland District Court, Nov. 14, 2018 VGB v. BettyBlocks).
If a supplier is aware that certain functionalities are important and may be required, then it must warn or inform its customer if these functionalities are missing (Court of Appeals of The Hague, March 31, 2015 Exact v. Firemaster).
In certain situations, the IT supplier has a specific warning obligation. This is in any case the case when the implementation of software involves major risks or a certain link with other software turns out not to be possible (Court of North Holland, July 4, 2018 Inktvis/TNR Software). When a customer refuses security measures in connection with a total solution to be delivered, that warning obligation goes a little further. The IT supplier is then obliged to warn intrusively and repeatedly, offer alternatives or refuse the order (Amsterdam District Court, Nov. 14, 2018 O'cliance v. Supplier).
An IT contract generally also contains a termination arrangement, which states when and with what notice period the contract can be terminated. However, IT suppliers' duty of care may mean that they cannot simply invoke that regulation. Indeed, a termination in accordance with those regulations may still prove unacceptable by the standards of reasonableness and fairness. Not only the interests of the parties, but also the interests of any third parties must be taken into account (Amsterdam District Court, August 18, 2020, Pinkroccade v. Uniface).
Finally, a number of other responsibilities rest on IT suppliers in connection with the special duty of care. For example, the supplier is expected to manage expectations, take responsibility for third parties and research its customer or the hardware it sells.
