EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Compliance

George Kimball and Mark W. Heaphy

Chapter 13 in Outsourcing Agreements, 2025, pp 382-428 from Edward Elgar Publishing

Abstract: The chapter discusses allocations of responsibility, risk, and costs to comply with, monitor, and interpret applicable laws. It then summarizes (i) essentials of US and European data protection, (ii) export controls, and (iii) emerging regulation of artificial intelligence. Contracts often distinguish laws that apply primarily to customers (e.g., to regulated industries) from those that apply primarily to suppliers (e.g., because suppliers operate offshore); and then allocate responsibility for identifying, implementing, and paying for operational changes required in order to comply with changing regulations. US companies face industry-specific federal laws (e.g., banking, health care), plus state laws concerning privacy, data protection, and notice of incidents. The EU and UK apply comprehensive regulations, notably the EU's General Data Protection Regulation (GDPR), founded upon data subjects’ express rights and enforced by data protection authorities. Some US state laws increasingly resemble GDPR. Pertinent contract terms concerning privacy include security obligations, geographic constraints (eg, upon data transfers); customers’ audit rights, and indemnities. Contracts must also address export controls upon cross-border transfers of sensitive technologies, especially dual-use technologies with defense and security applications. Sanctions imposed for national security and foreign policy reasons preclude service to and from places and parties subject to sanctions. Regulation of artificial intelligence is in its infancy, but the EU's AI Act takes a comprehensive approach, based upon principles of safety, transparency, traceability, non-discrimination and environment protection. Alternatively, through an executive order issued in 2023, the US directed federal agencies to conduct assessments and develop standards; but the initial executive order was revoked in 2025 and the future direction of federal policy remains to be seen as of 2025. However many US states have enacted significant AI-related.

Keywords: Outsourcing; Business Process Outsourcing; BPO; Information Technology Outsourcing; ITO; Compliance; Compliance with laws; Regulation; Privacy; Data privacy; Data protection; European privacy; General Data Protection Regulation; GDPR; Export controls; International trade compliance; Sanctions; Artificial Intelligence; Generative AI; Regulation of AI (search for similar items in EconPapers)
Date: 2025
ISBN: 9781035316984
References: Add references at CitEc
Citations:

Downloads: (external link)
https://www.elgaronline.com/doi/10.4337/9781035316991.00021 (application/pdf)
Our link check indicates that this URL is bad, the error code is: 403 Forbidden

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:elg:eechap:22570_13

Ordering information: This item can be ordered from
http://www.e-elgar.com

Access Statistics for this chapter

More chapters in Chapters from Edward Elgar Publishing
Bibliographic data for series maintained by Jack Sweeney ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2026-04-20
Handle: RePEc:elg:eechap:22570_13