Recommendations of the Polish Public Procurement Office regarding public procurement for IT systems

The Polish Public Procurement Office has issued recommendations regarding indications and requirements related to public procurement for IT systems.

The guidelines are divided into two volumes and together they provide a collection of information on public procurement of IT systems. The first volume presents recommendations and guidelines relating to preparatory activities prior to the commencement of a public procurement procedure for information systems, while Volume II is devoted to recommendations and guidelines relating to the description of the subject of a contract and preparation of a public procurement procedure for information systems.

Process of preparing the proceedings

The contracting authority should undertake a number of actions which will have a significant impact on the shape of the subsequent procedures already at the stage of preparatory activities preceding the commencement of a public procurement procedure for IT systems.

The activities preceding the commencement of the procedure are of key importance from the point of view of the entire project, which consists both of the procedure aimed at selecting a contractor and of the implementation of the contract and operation of the purchased IT system. These activities should therefore be performed in a reliable manner and in cooperation with the persons responsible for the entire course of the project, both from the formal and substantive side.

• Digital asymmetry. Google’s self-preference assessed by the Court. Polish Ceneo wins over Google. The case concerned favoring one’s own comparison site
  by jakub
  Digital asymmetry. Google’s self-preference assessed by the Court. Polish Ceneo wins over Google. The […]
• New Technologies and medical devices procedures
  by jakub
  Publication date: April 17, 2024 Artykuł New Technologies and medical devices procedures pochodzi z […]
• “THE MOST EXPENSIVE PREVENTION IS ALSO CHEAPER THAN THE CHEAPEST TREATMENT” – LEGAL REGULATIONS FOR REPORTING PERFORMANCE TESTS OF A MEDICAL DEVICE FOR IN VITRO DIAGNOSTICS
  by jakub
  LEGAL REGULATIONS FOR REPORTING PERFORMANCE TESTS OF A MEDICAL DEVICE FOR IN VITRO DIAGNOSTICS […]
• ARTIFICIAL INTELLIGENCE IN CLINICAL TRIALS – PRACTICAL AND LEGAL ASPECTS
  by jakub
  ARTIFICIAL INTELLIGENCE IN CLINICAL TRIALS – PRACTICAL AND LEGAL ASPECTS Artykuł ARTIFICIAL INTELLIGENCE IN […]
• Few comments on Pseudo-anonymisation: secret key encryption, hash function, hash function with key, deterministic encryption and tokenization
  by jakub
  Few comments on Pseudo-anonymisation: secret key encryption, hash function, hash function with key, deterministic […]
• Next Generation virtual worlds – what opportunities may they bring? Human-Machine Interaction, Extended reality, digital twinning.
  by jakub
  Next Generation virtual worlds – what opportunities may they bring? Human-Machine Interaction, Extended reality, […]
• Real estate tokenization – Sales of 20 thousand shares of the most expensive apartment in Poland at 44 Złota Street
  by jakub
  Real estate tokenization Artykuł Real estate tokenization – Sales of 20 thousand shares of […]
• 15 new medical professions in Poland – from March 26, 2024
  by jakub
  15 new medical professions in Poland – Artykuł 15 new medical professions in Poland […]
• PLANNED AMENDMENTS TO ABORTION LAW IN POLAND – CONTROVERSIES
  by jakub
  PLANNED AMENDMENTS TO ABORTION LAW IN POLAND – CONTROVERSIES Artykuł PLANNED AMENDMENTS TO ABORTION […]
• KIELTYKA GLADKOWSKI TAKES PART IN IGNITE ON TOUR CENTRAL EASTERN EUROPE CYBERSECURITY FOR THE AI ERA
  by jakub
  On April 16, 2024, Crowne Plaza Warsaw, The HUB, KIELTYKA GLADKOWSKI’s lawyers will take […]

One of the most important issues facing the contracting authority is correct estimation of the contract value, which translates into the choice of the regime of the Public Procurement Law that is appropriate for conducting the procedure in the light of statutory provisions and has an impact on other formal aspects of the purchasing process, such as setting the value of the bid bond (art 97 section 2 of the Polish Public Procurement Law) or the obligation to call contractors to explain the abnormally low price (art 224 section 2 of the Polish Public Procurement Law). These actions are directly connected with further steps, and above all with the description of the subject of the contract.

Another key issue is the contract structure and content. If it focuses on formal instruments such as penalties, distribution of liability, withdrawal possibilities, etc., but does not correspond to the subject matter of the contract and does not properly describe the course of its implementation, the implementation may become significantly complicated, and the draft contract, instead of helping the parties, may be a source of disputes.

According to the recommendations, before the start of the procurement process, the contracting authority should ask a number of questions that will help it to conduct the process correctly.

1. Does the contracting entity have adequate staff to identify its needs and describe the subject matter on its own?

This involves verification of the competence of your team and checking whether you have specialists who will be able to competently conduct the procedure. It is particularly important whether they will be able to properly prepare the conditions for participation in the procedure and the tender evaluation criteria, prepare the description of the subject matter in a sufficiently precise manner (taking into account standards and guidelines as well as industry norms) and finally whether they will be able to correctly estimate the contract value and ensure efficient implementation of the procedure.

Before the contracting authority starts the tender, it must answer the question about what methodology will be optimal from the point of view of the project, but also from the point of view of its resources – whether, for example, there are competencies in the organization that allow the project to be carried out in an agile methodology, if such a methodology is chosen, or whether such competencies need to be acquired.

After such an analysis there may arise the need to provide appropriate technical, legal or economic advisors. The same question also applies to whether the contracting authority has the appropriate personnel to administer the already completed system.

• What are the ordering resources and needs? 

Does the contracting authority have the resources and IT infrastructure necessary to implement the system (hardware, licenses, software manufacturer support), and what scope of rights and technical tools necessary to operate the systems it already uses (licenses, source codes, update rules).

• Has the procuring entity consulted with other procuring entities that are performing similar procurements or with whom the entity is acting jointly regarding the need for the procurement?

If a contracting authority believes that it is unable to conduct the procurement on its own, it may consider using joint procurement with other contracting entities.

• Has the contracting authority checked the possibility of obtaining funding for the planned purchase of an IT system?
• Does the contracting authority have all the information to correctly estimate the contract value? (relevant in the context of the procurement plan)

This is a fundamental question that the contracting authority should ask itself during its preparatory activities. After estimating the value of the contract, it will be able to determine which regulations apply in its case. The key question in this case is whether the thresholds set by the European Union will be exceeded.

• Has the contracting authority reviewed its needs in terms of investment in on-premises solutions or procurement of systems in the cloud model in the SaaS (software-as-a-service) model or does it alternatively allow both?

The choice of one of the solutions is very important for the preparation of tender documentation, including both the description of the subject of the contract and the preparation of the content of the agreement. For example, if the contracting authority announces a procedure for software made available in the cloud model, and under the agreement specifies the expectation concerning the transfer of copyright, it may turn out that there are no suppliers on the market offering such products. A similar effect may be produced by formulating the description of the subject of the procurement in a manner that does not take account of the specificity of cloud procurement.

• Under what procedure does the contracting authority intend to procure the IT system?

Before commencing a contract with a value equal to or exceeding the EU thresholds, the contracting authority must decide in which mode to conduct the procedure. In this context, in proceedings with a value equal to or exceeding the EU thresholds, it should consider whether to use a restricted tender, an open tender, or whether there is justification to use negotiations with publication or a competitive dialogue. These two non-tender procedures are particularly appropriate when the contracting authority’s expectations and the parameters of the system are not precise enough to prepare a full description of the subject of the contract.

Main assumptions of the second volume of recommendations

At the outset, the authors of the recommendations indicate that the contract, depending on the specific needs of the contracting authority, may include a different range of services and consist in the supply of:

• hardware, standard software (including system and database software), dedicated software, implementation and maintenance services,
• only software that will be based on IT infrastructure owned by the contracting authority or purchased concurrently in another tender
• only standard off-the-shelf software that does not require any customization,
• standard software that requires configuration, parameterization, and extensions in the form of dedicated software developed by the contractor,
• system implementation in one of the above models, with additional maintenance or development services,
• a specific cloud computing service or a combination of cloud computing services with an IT solution purchased in one of the models indicated above.

The recommendations further point out the basic trends and directions that influence public procurement of IT systems. Among other things, the authors point out that the number of cases in which an order concerns a system built from scratch is decreasing, and more and more often IT systems are ordered as an extension of existing solutions. This results in the need to integrate them with the IT environment of the ordering party. In recent years, we have also observed a clear trend of procurers resigning from the development of their own hardware IT infrastructure in favour of moving part of the IT systems to the cloud computing, as well as ordering particular functionalities of IT systems and IT services in the IaaS (infrastructure-as-a-service), PaaS (platform-as-a-service) or SaaS (software-as-a-service) models. As demonstrated in the publication, this relatively new type of ordering IT services in the cloud computing model also brings completely new challenges for ordering parties, such as those related to ensuring appropriate protection of data processed in the cloud computing model, or preventing the occurrence of the vendor lock-in phenomenon, which requires a different formulation of contract terms and conditions and description of the subject of the order.

The introduction to Volume II of the Recommendation also points out that more and more often the contracting authority’s need is not so much to purchase an “IT system” understood as a separate IT solution with specific features and parameters, but rather to acquire a specific functionality or automate a given process.

The consequence of the diversity of IT systems procurement outlined above is the inability to formulate fully uniform, detailed recommendations applicable to all possible factual situations.

Structure and themes of the second volume of recommendations

The volume is divided into 8 chapters. The first chapter contains the main assumptions and methodologies. Subsequent chapters contain substantive discussion relating to separate topics together with recommendations. The authors of the document adopted a three-tier structure of recommendations. At the top level there are general recommendations, which are also subchapters and there are 18 of them in total. They contain the key obligations of contracting authorities. General recommendations are supported by detailed recommendations, which concretize the obligations of the ordering party. The last level of recommendations contains guidelines for specific types of procurements, such as specific requirements for ordering PaaS or SaaS.

Below we present all of the general recommendations, divided into individual issues to which they refer.

Division of contracts for lots

1. The contracting authority shall examine the subject-matter of the contract to determine whether it is appropriate to divide it into lots;

2. The contracting authority shall divide the contract into lots when the contract consists of severable lots and there are no grounds for not dividing into lots;

3. The contracting authority shall describe the reasons for not dividing the contract into lots in the contract documents;

4. The contracting authority should analyse the planned contracts with respect to their subject matter and economic purpose in order to prevent illegal subdivision of contracts that would lead to non-application of the provisions of the Public Procurement Law.

Definition of the subject matter of the contract

5. The contracting authority shall describe the subject matter of the contract in an unequivocal manner, using sufficiently precise and understandable terms;

6. The contracting authority should describe the subject matter of the contract in a comprehensive manner, taking into account the requirements and circumstances which may influence the preparation of a tender;

7. When describing the subject matter of the contract, the contracting authority should bear in mind both the principle of competitive procedure and the course of contract performance.

Non-discriminatory description of the subject matter of the contract, i.e. the principles of competitiveness and equal treatment

8. The contracting authority should describe the subject matter of the contract on the basis of fairly established and justified needs;

9. The contracting authority should strive to ensure that competition in the procedure is inter-brand rather than intra-brand.

Criteria for Assessing Equivalence

10. The contracting authority should structure equivalence criteria in such a way that there is no doubt as to what product, solution, or service will be considered equivalent;

11. The contracting authority should structure equivalence criteria in a proportionate manner;

12. The contracting authority should formulate equivalence criteria observing the rules of competition and equal treatment of contractors.

Adequate Description of Required Authorizations to Use Information Systems

13. The contracting authority shall describe in detail in the Tender Specification the required and expected entitlements to use the contracted IT system and the components of the implementation;

14. The contracting authority shall adapt the requirements of the Terms of Reference to the use of the ordered IT system and the components comprising the implementation of the ordered IT system, and the specifics of the subject matter of the contract;

Counteracting Vendor Lock-in

15. The contracting authority should prevent vendor lock-in and seek to minimize the risk of being tied to a single contractor or vendor;

Appropriately Describing Information Systems Cyber Security Requirements

16. The contracting authority should evaluate what cyber security regulations it should apply to its business;

17. The contracting authority should conduct a cyber security risk analysis to determine the level of risk associated with the use of the information system;

18. The contracting authority should specify in the Description of the Subject Matter the cyber security requirements that the information system should meet.

Changes to vendor lock-in regulation

According to general recommendation no. 15, the contracting authority should prevent vendor lock-in and strive to minimize the risk of being tied to a single contractor or manufacturer. While, as the authors of the recommendations point out, it is unavoidable to give some preference to an entity that has already delivered supplies or services for a given contracting authority (e.g. implemented an IT system), the contracting authority should avoid becoming too attached to a single contractor or manufacturer. According to the guidelines, contracting authorities should structure the description of the subject matter of the contract in such a way as to retain freedom to make future purchasing decisions.

The specific recommendations clarify how the contracting officer should counter such cases. According to them, the contracting authority should:

• strive to eliminate information asymmetry between contractors, i.e. should take into account the need to obtain relevant information and the right to disclose it to potential new contractors already at the stage of the first procurement of the solution;
• take into account the need for integration between IT systems;
• refer to known and documented IT technologies;
• define requirements to enable migration to a new service provider;
• seek appropriate rights of use.

A new approach to copyright

Volume II of the recommendations also contains guidelines regarding the requirements for a tender so that it is market-justified and does not unnecessarily restrict competition. The authors focused on the guidelines for the description of the subject of the tender, which should be described unambiguously, with sufficiently precise and comprehensible terms, as well as exhaustively, taking into account the requirements and circumstances that may influence the preparation of the tender.

In Chapter VI containing guidelines for describing authorizations to use IT systems, the authors included two general and as many as 11 specific recommendations. General recommendation No. 13 stresses that the scope of rights required by the contracting authority from the contractor with respect to the information system to be procured often has a significant impact on the value of the offer, and in many cases may even determine whether the contractor decides to submit a proposal. As an example, it was pointed out that if the contracting authority requires that the contractor assigns to it the proprietary copyrights to some or all of the software, which constitutes the ordered IT system, the contractor, as a result of concluding an agreement for performance of such a contract, loses the rights to the software and will not be able to use it in the future for execution of other IT projects. This may result in the contractor’s decision to withdraw from the procedure in which such requirements are set. In the following part of the chapter, detailed recommendation 14.3 clearly indicates that contracting authorities should not strive at all costs to acquire full copyright to the ordered system, because such a solution will not always be optimal and reasonable. Before deciding whether to include the transfer of copyrights in the Terms of Reference the contracting authority should check the following:

• whether software that addresses the contracting authority’s needs, or part of those needs, is already available on the market as a standard solution;
• to what extent the software to be procured is critical, and therefore to what extent the risks associated with the possible termination of the licence are critical to the contracting authority;
• how long the contracting authority wants to use the software and whether it wants to adapt it to its needs after the completion of the contract.

Cyber security as a new factor

The final section of the recommendation focuses on cyber security and is new from previous guidance. The authors note that due to increasing cyber threats that may result in a breach of confidentiality and integrity of information systems, as well as disruption of the continuous functioning of the system, the description of the subject matter for the procurement of an information system should include appropriate cyber security requirements, taking into account, among other things, the type of information system, the category and materiality of data stored or processed using it, or the level of risk associated with a possible breach of the system’s security. They also point out that a violation of IT system security may entail serious consequences for the contracting authority, both under civil, administrative and criminal law.

According to general recommendation No. 16, a contracting authority should evaluate which regulations regarding cyber security regulations should be applied in the course of its activities. Although no universally binding cyber security regulations have been issued for public administration, contracting authorities should take into account the recommendations and guidelines resulting from the National Security Standards. Moreover, depending on the type of activity of the contracting authority and the economic sector, specific security obligations may be imposed on the contracting authority.

Further, General Recommendation No. 17 also points out the need for the contracting authority to conduct a cyber security risk analysis to determine the level of risk associated with the use of the information system so as to appropriately define the detailed cyber security requirements that the information system provided by the contractor should meet, and to select the optimal information system implementation model from a security perspective. The last recommendation, No. 18, indicates the need to adequately specify in the description of the subject matter of the procurement the cyber security requirements that the information system should meet.

Summary

The recommendations issued by the Polish Public Procurement Office on the public procurement of IT systems in Poland are the result of the work of group created by practitioners and officials. Inviting various organizations and chambers of commerce to participate in the process of developing the recommendations, as well as subjecting them to extensive public consultations, had a great impact on adapting the recommendations and guidelines to the actual needs of the market and the ordering parties. The introduced recommendations aim to contribute to an increase in the quality and speed of procurement proceedings for IT systems in Poland.

Sources of information:

https://www.uzp.gov.pl/baza-wiedzy/dobre-praktyki/rekomendacje-dotyczace-zamowien-publicznych-na-systemy-informatyczne (access 26.01.2022)

https://www.uzp.gov.pl/strona-glowna/slider-aktualnosci/ii-tom-rekomendacji-dotyczacych-zamowien-publicznych-na-systemy-informatyczne/ii-tom-rekomendacji-dotyczacych-zamowien-publicznych-na-systemy-informatyczne (access 26.01.2022)

https://www.uzp.gov.pl/strona-glowna/slider-aktualnosci/zamowienia-publiczne-na-systemy-informatyczne-konsultacje-rekomendacji/zamowienia-publiczne-na-systemy-informatyczne-konsultacje-rekomendacji (access 26.01.2022)

https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20190002019/U/D20192019Lj.pdf (access 26.01.2022)