Outsourcing Agreements: Legal Clauses NZ

Outsourcing can be a game-changer for small businesses. It can free up your time, reduce overheads, and give you access to specialist skills (without hiring a full-time employee).

But outsourcing also comes with a classic SME risk: you’re trusting an external provider with important parts of your business - your customers, your systems, your data, your IP, and your reputation.

That’s why outsourcing agreements matter. A clear, well-drafted outsourcing agreement helps you stay in control, set expectations, and avoid the “we thought that was included” disputes that can quickly turn an outsourcing relationship sour.

Below, we break down the key legal considerations for outsourcing agreements in New Zealand, in plain English, so you can outsource with confidence (and stay protected from day one).

What Is An Outsourcing Agreement (And When Do You Need One)?

An outsourcing agreement is a contract where your business engages another business (or contractor) to provide services that you could otherwise do in-house.

In practice, outsourcing can cover a huge range of arrangements, including:

IT support, cloud services, cybersecurity monitoring, and system administration
bookkeeping, payroll, and finance support
marketing services (content, ads management, SEO, social media)
customer service call handling or live chat support
manufacturing, packing, or fulfilment
HR support and recruitment

Even if you’re “just testing it out” with a freelancer or small provider, you’re still outsourcing. If money is changing hands and someone is delivering services for your business, you want a written agreement.

In many cases, an outsourcing agreement will look like a tailored Service Agreement, sometimes supported by:

a statement of work (SOW)
service levels (SLAs)
a data processing schedule (if personal information is involved)
confidentiality and IP clauses

If you’re tempted to rely on an email chain and an invoice, it’s worth pausing. It might “work” until something goes wrong - and that’s usually when you realise the gaps.

Getting The Structure Right: Contractor, Supplier, Or Something Else?

Before you draft the contract, you need to be clear about what you’re actually doing.

In New Zealand, the legal classification of the relationship matters because it can affect liability, tax treatment, and even whether someone could claim they’re really an employee.

Contractor vs Employee Risk

A common outsourcing pitfall for SMEs is engaging an individual in a way that looks and feels like employment (set hours, ongoing work, close control, integrated into the business), but calling them a contractor.

In New Zealand, there isn’t a single “tick-the-box” test for whether someone is an employee or a contractor. Courts and the Employment Relations Authority look at the real nature of the relationship, including a mix of factors like control, integration into the business, who bears financial risk, and whether the person is truly operating their own business.

If the relationship is later found to be employment, your business could face:

claims under the Employment Relations Act 2000
issues around holiday pay, sick leave, and other minimum entitlements
tax and ACC-related obligations (it’s worth getting accountant advice on your specific setup)

This is why it’s important to make sure your contract and your day-to-day practices line up. If you’re weighing up roles and responsibilities, the contractor vs subcontractor distinction is also worth understanding, particularly where your provider is bringing in their own team.

Where you are engaging individuals directly, a fit-for-purpose Sub-Contractor Agreement (or contractor agreement) can help set the right boundaries, deliverables, and expectations.

Business-to-Business Outsourcing

If you’re engaging an established service provider (for example, an IT provider, marketing agency, or fulfilment warehouse), you’re usually dealing with a business-to-business contract.

That’s often simpler from an employment-law perspective, but it can be more complex in other ways - especially around:

service levels and performance standards
data security and privacy compliance
intellectual property ownership
transition and exit (handback of access, data, accounts)

Key Clauses In Outsourcing Agreements (What SMEs Should Look For)

A good outsourcing agreement isn’t just “legal paperwork”. It’s a practical playbook for how the relationship will run.

Here are the clauses SMEs should pay close attention to in outsourcing agreements.

1. Scope Of Services (And What’s Not Included)

Most outsourcing disputes come down to scope. You want the contract to clearly describe:

what services are included
what deliverables must be provided (and in what format)
timeframes and milestones
what you (the client) must provide to enable the work
what services are excluded (or treated as “out of scope”)

It’s often useful to attach a statement of work (SOW) so you can update deliverables over time without renegotiating the entire contract.

2. Fees, Invoicing, And Variations

Make sure the agreement answers the money questions upfront, including:

is pricing fixed-fee, hourly, retainer-based, or per project?
when are invoices issued, and what are the payment terms?
what happens if you dispute an invoice?
how are changes handled (and how are extra costs approved)?

As an SME, you don’t want “surprise invoices” because the provider assumed a task was in scope and you assumed it wasn’t.

3. Service Levels, KPIs, And Quality Standards

If the outsourced function is business-critical (think: IT uptime, customer support response times, fulfilment timeframes), consider including:

service level standards (SLAs)
KPIs and reporting requirements
remedies if standards aren’t met (service credits, rework, escalation)

This doesn’t need to be complicated - it just needs to be clear enough that both sides know what “good performance” looks like.

4. Confidentiality And Sensitive Information

Outsourcing often requires sharing confidential business information - customer lists, pricing, strategies, internal processes, and system access.

Your agreement should include a confidentiality clause that covers:

what counts as confidential information
how the provider can and can’t use it
how it must be stored and protected
what happens when the contract ends

In many cases, it’s also worth having a standalone Non-Disclosure Agreement, particularly if you’re still in the “quoting and pitching” stage or sharing information before a final services contract is signed.

5. Intellectual Property (Who Owns What Gets Created?)

This is a big one for SMEs - especially if you’re outsourcing creative, technical, or product development work.

Your outsourcing agreement should be clear about:

pre-existing IP: what each party already owns before the relationship starts
new IP (foreground IP): who owns what is created during the project
licences: whether you get a licence to use tools, templates, code, or frameworks the provider uses
moral rights and attribution: relevant for branding, design, and content

For example, if you outsource website development or software work, you don’t want to find out later you only have a limited licence - or that you can’t easily hand the project to a new provider.

6. Subcontracting And Third-Party Tools

Many outsourcing providers subcontract parts of the work or use third-party platforms to deliver services.

That can be totally fine - but your contract should address:

whether subcontracting is allowed without your consent
what obligations subcontractors must comply with (confidentiality, privacy, security)
whether third-party terms apply (and if so, who is responsible for them)

This is particularly important where data or customer communications are involved.

7. Liability, Indemnities, And Limitations

Most suppliers will want to limit their liability. That’s normal, but you need to understand what you’re agreeing to - and whether the risk allocation makes sense for your business.

As an SME, consider:

what types of loss are excluded (for example, “indirect or consequential loss”)
whether liability is capped (and if so, at what level - fees paid, annual fees, etc.)
what happens if the supplier causes a data breach or IP infringement issue
whether you need the supplier to hold insurance (professional indemnity, cyber insurance)

These clauses often look “standard”, but they can make a major difference when something goes wrong.

Compliance Issues SMEs Often Miss (Privacy, Employment, And Fair Trading)

Outsourcing isn’t just a contract issue - it can trigger compliance obligations too. Here are the areas that commonly catch small businesses off guard.

Privacy Act 2020: If Personal Information Is Involved

If your provider will handle personal information (customer details, payment information, employee data, support tickets, mailing lists), you should treat privacy compliance as a shared risk: your provider will have its own obligations, but your business can still be exposed if things go wrong (especially if you chose the provider, set the purpose for collection/use, or are the party customers deal with).

Under the Privacy Act 2020, agencies generally need to take reasonable steps to protect personal information. In an outsourcing context, this often means doing due diligence on the provider and putting contractual protections in place that match the sensitivity of the data and the service.

Depending on the setup, a Data Processing Agreement can help document:

what personal information is processed and why
security standards (access controls, encryption, breach response)
subprocessor rules (who else can access the data)
data breach notification processes
return or deletion of data on exit

If you collect personal information via your website or platform, it’s also worth checking that your public-facing disclosures match what’s happening behind the scenes - for example, via a clear Privacy Policy.

Health And Safety At Work Act 2015: Shared Duties

If you’re outsourcing work that involves physical work sites, equipment, or on-site services, don’t forget health and safety.

Under the Health and Safety at Work Act 2015, multiple parties can have overlapping duties. Even if the provider is “independent”, you may still need to coordinate and consult on risks where your work overlaps.

In outsourcing agreements, health and safety clauses may cover:

compliance with your workplace policies and site rules
incident reporting
training, PPE, and supervision responsibilities
right to remove unsafe personnel from site

Fair Trading And Consumer Guarantees: Don’t Outsource Your Reputation

If the outsourced function affects what customers experience (like customer service, fulfilment, or marketing claims), your business can still wear the reputational and legal risk.

For example:

marketing providers should not make misleading claims that could breach the Fair Trading Act 1986
fulfilment or service issues can impact your ability to meet obligations under the Consumer Guarantees Act 1993 (where applicable)

That doesn’t mean you shouldn’t outsource - it just means your agreement should include quality controls, approval processes, and clear accountability.

Overseas Outsourcing: Extra Things To Consider Before You Sign

Many Kiwi SMEs outsource to offshore providers for cost or specialist expertise. That can work well - but it adds extra layers of risk that your contract should address.

Governing Law And Dispute Resolution

Make sure the agreement clearly states:

which country’s laws apply (often New Zealand law, where possible)
how disputes will be handled (negotiation, mediation, arbitration, court jurisdiction)

If you sign a contract governed by another country’s law, enforcing your rights may become harder and more expensive.

Cross-Border Data Transfers

If personal information is being stored or accessed overseas, your privacy obligations may require extra care. For example, the Privacy Act 2020 has specific rules around disclosing personal information overseas (including ensuring comparable safeguards apply, or relying on another permitted basis).

Your contract should spell out:

where data is stored
who can access it
what security standards apply
what happens if there is a breach

Practical Enforceability

Even with a well-written agreement, enforcement can be tricky if the provider is based offshore and has no assets in New Zealand.

This doesn’t mean “don’t do it” - it just means you should think about risk management upfront (for example, staged payments, access controls, and clear exit steps). If you’re engaging offshore talent directly, the overseas contractors considerations are worth keeping in mind early.

Exit Planning: How To End An Outsourcing Agreement Without Chaos

When outsourcing works, it can feel like a long-term partnership. But SMEs should always plan for the “what if”: what if the provider underperforms, changes staff, increases prices, or you simply want to bring the function back in-house?

Your outsourcing agreement should clearly cover exit and transition, including:

termination rights: can you terminate for convenience, and with what notice?
termination for breach: what counts as breach, and is there a cure period?
handover obligations: returning data, passwords, admin access, files, and documentation
transition support: will the provider help migrate to a new provider (and at what cost)?
retention/deletion: when and how confidential info and personal information must be deleted

One practical tip: make sure key accounts (domains, ad accounts, software subscriptions, hosting) are set up in your business name wherever possible, with appropriate admin access. Otherwise, you can get “locked out” during a transition.

If you’re not sure what a fair exit clause looks like, or you’re dealing with a supplier’s one-sided terms, it’s worth getting advice before you sign - it’s much easier to negotiate upfront than after a dispute starts.

Key Takeaways

Outsourcing agreements help SMEs set clear expectations, manage risk, and avoid disputes about scope, costs, and quality.
Getting the relationship structure right matters - especially where outsourcing could accidentally look like employment (which depends on the real nature of the relationship, not just the label used).
Strong outsourcing agreements usually cover scope, fees, service levels, confidentiality, IP ownership, subcontracting rules, and liability limits.
If your provider handles personal information, your agreement should align with the Privacy Act 2020 and include clear security and breach response obligations (including any cross-border requirements where data is accessed or stored overseas).
Overseas outsourcing adds extra complexity around governing law, cross-border data, and enforceability - so it’s worth planning and documenting carefully.
A good exit clause (handover of access, data, documentation, and transition support) can save you major headaches later.

Note: This article is general information and isn’t tax or accounting advice. If your outsourcing arrangement involves individuals, it’s a good idea to speak with an accountant about PAYE/withholding and ACC treatment for your specific circumstances.

If you’d like help putting the right outsourcing agreements in place, or you want a lawyer to review a supplier’s terms before you sign, you can reach us on 0800 002 184 or email team@sprintlaw.co.nz for a free, no-obligations chat.

Outsourcing Agreements in New Zealand: Clauses, Liability and Privacy