With the decision of 21 October 2015 (file no.: Verg 28/14), the procurement senate of the Higher Regional Court Düsseldorf confirmed and complemented the previously sole legally binding case law of the Federal Procurement Chamber, according to which public principals may request so-called “No Spy Guarantees” in factually justified cases to protect IT security in Germany in a manner admissible under procurement law as particular conditions for performance of contracts pursuant to Section 97 para 4 sentence 2 GWB (Act against Restraints of Competition).

“No Spy Guarantee“ – What is this about in public procurement law?
In connection with the current debate on IT security in Germany which was in particular initiated by the “Snowden” revelations, public principals increasingly request so-called “no spy guarantees” during public procurement processes in the fields telecommunication and IT, with which the participating companies guarantee that they are not legally obliged to transfer confidential data to foreign secret services and security authorities.

Such an obligation to transfer data may exist due to national statutory provisions, for example. This is mainly relevant for companies subject to US law. US companies and their foreign subsidiaries were or respectively are legally obliged to transfer information to US security authorities (FBI and others) under the USA PATRIOT Act or the subsequent provision in the USA Freedom Act which has been enacted in the meantime.

At present: No legal basis
The Federal Ministry of the Interior (Bundesministerium des Inneren, BMI) reacted to the public debate with a decree of 30 April 2014 addressed to the procurement office of the BMI for the “use of a self-declaration and a contractual clause in procurement procedures with regard to risks due to undisclosed information outflows to foreign security authorities” (so-called “no spy decree”). Accordingly, for “procurement procedures with a possible security relevance of bidders”, the use of a self-declaration of the bidders “in the context of the eligibility check” is envisaged, as well as respective contract clauses for confidentiality compliance. As a follow-up to the case law of the Federal Procurement Chamber which was subsequently passed in June 2014 (file no.: VK 2-39/14) and according to which the request of a “no spy declaration” as an eligibility criterion would be inadmissible and to be qualified as a so-called condition for performance of contracts pursuant to Section 97 para 4 sentence 2 GWB in the view of the Procurement Chamber, the BMI furthermore published an adjusted complementary handout regarding the scope and interpretation of the so-called “no spy decree” on 19 August 2014.

While the “no spy decree” of the BMI and the complementary handout of 19 August 2014 are only internally addressed to the procurement office of the BMI, they were published by the BMI nonetheless due to the wide public discussion. However, a general legal basis for the request of “no spy guarantees” by the public principals does not yet exist in German and European procurement law. But the requirement of a legally certain solution is becoming increasingly clear in practice - also in view of the reports on cyber-attacks which have come to light more frequently lately, such as the cyber-attack on the Bundestag at the start of this summer or the NSA spy attacks, amongst others on members of the federal government and other authorities.

Case Law: No exclusion due to unreliability, but so-called condition for performance of contracts
In its widely acclaimed and for a long time sole legally binding decision regarding the “no spy guarantee” issue in June 2014 (see VK Bund, judgment of 24 June 2014, VK 2-39/14), the Second Federal Procurement Chamber deemed the request to have bidders provide a “no spy declaration“ in order to prove their reliability to be inadmissible under public procurement law.

The obligation of US companies and its subsidiaries to transfer data to US security authorities on the basis of the US PATRIOT Act also without court order would be “highly problematic”, but it should not be considered in the context of the reliability check (eligibility). Because eligibility requirements would be bidder-related, so that “just those facts” should be considered in the context of the eligibility examination “which are attributable to the bidder in whichever form” and in this regard could be influenced by the bidder. However, this would not be the case for statutory obligations to which a bidder is subjected. With reference to the case law of the Higher Regional Court Düsseldorf regarding the issue of the admissibility of declarations of commitment regarding the ILO key working norms (see judgment of 29 January 2014, Verg 28/13), a request for the “no spy guarantee” would have to be regarded as admissible as a “particular conditions for performance of contracts” pursuant to Section 97 para 4 sentence 2 GWB, in the Procurement Chamber’s view.

This case law of the VK Bund was now confirmed by the current decision of the Higher Regional Court Düsseldorf of 21 October 2015 (file no.: Verg 28/14) insofar as the request of “no spy guarantees” by public principals would not constitute legally admissible requirements to the eligibility of the applicant or bidder. These requests of “no spy guarantees” would only be admissible as particular conditions for the performance of contracts within the meaning of Section 97 para 4 sentence 2 GWB and permitted as such if the request for data security would be made on the basis of an acceptable objective reason justified by the subject matter of the contract, and all companies interested in the contract - irrespective of their seat - would be subjected to the same requirement without discrimination.

Requirement for a clarifying statutory regulation
In order to create more legal certainty in practice when “no spy guarantees” are used, a statutory regulation is supported. It is currently becoming apparent that the German legislative authority also strives for clarification in the context of the pending procurement law reform (see the GvW newsletter of May 2015). In its current edited version of 8 October 2015 (BT printed matter 18/6281), the government draft regarding the procurement law modernization act provides for a standardization of the solution preferred by the jurisdiction to allow the request of “no spy guarantees” as an admissible  condition for performance of contracts (condition for performance). Insofar, the wording of Section 128 para 2 GWB-E goes beyond the specifications of Article 70 of regulation 24/2014/EU in that it provides for the stipulation of individual conditions for performance of contracts in particular also for the “protection of the confidentiality of information” if they are in relation to the subject matter of the contract and “follow from the announcement of the contract or the procurement documents.” The implementation period for the new EU procurement guidelines ends on 18 April next year, so that it should be clear at that time at the latest whether the new procurement law will create more legal certainty in connection with the requirement of “no spy guarantees”.

Practical information
Until a clarifying statutory regulation is issued, the method supported by the jurisdiction to request the “no spy guarantee” as a condition for performance of contracts is recommended as the solution admissible under public procurement law.

Dr Ingrid Reichling and Nina Kristin Scheumann, Munich