PROTECTION OF SECURITY RELEVANT INFORMATION VS. ENHANCEMENT OF GLOBAL COMPETITION - GERMANY'S "NO SPY DECREE" FOR PUBLIC TENDERS UNDER CONTINUOUS SCRUTINY
By Felix Helmstädter, Christoph Nüßing, and Susan Borschel
In Spring 2014, the German Federal Ministry of the Interior ("BMI") issued a decree directed to its awarding authority that quickly became known as the "No Spy Decree." The Decree is intended to prevent vendors from disclosing, to the benefit of foreign security agencies or intelligence bodies, security-relevant information gathered when carrying out contracts concluded with German public authorities. Nevertheless, the Decree could impede competition because the measures required to prevent disclosure of security-relevant information will be difficult to meet for non-domestic bidders and for German bidders that are wholly owned, or controlled, by a foreign parent or that have other affiliated companies incorporated under a foreign jurisdiction.
The Decree, and respective administrative orders that are issued at the regional level, provide requirements that public authorities are required to incorporate into solicitation conditions for all security-relevant contracts. As a result, companies that are required to provide access, or disclose information, to foreign intelligence agencies cannot participate in or can be excluded from ongoing procurement procedures. Furthermore, those companies could lose contracts that have been signed and include language from the Decree. Due to the Decree's intrinsic interference with the general principles of non-discrimination and competitiveness, unspecified language used, and its substantial impact on the ability to participate in contract tender proceedings, the Decree is still the subject of strong criticism and a challenge for bidders that are part of a group of multinational companies.
The No Spy Decree was issued by the German Federal Ministry of the Interior, amongst others, as a reaction to information leaked in 2013 indicating that foreign governments were employing various surveillance measures with regard to German politicians and German government officials. The surveillance measures resulted in the foreign governments' collection of security-relevant data.
The Decree only applies to service and works contracts that have a security-relevant scope or require the service provider to access confidential information. Additional guidelines published by BMI in August 2014 clarify that the application of the Decree to a contract must be assessed in each individual procurement. Although it may be obvious that most information technology (IT) and telecommunications contracts are security-relevant, other projects, including construction or specific consultancy contracts, may also involve security-relevant information and may be subject to the Decree. For example, consultancy contracts may necessitate access to security-relevant information because consultants will be required to establish and maintain a close relationship with German Government officials and public officers.
Instruments and sanctions
In cases where the awarding authority considers a contract to be of specific security-relevance, the authority must oblige bidders to certify that they (i) are able to maintain the secrecy of confidential information disclosed to them under the contract...