Update: While the date for Brexit may have changed since this original blog went live, the answer is still the same. To prepare for Brexit, you need to know about every single piece of software and every cloud service that is used in the UK or by UK employees.
Last week I spent time talking to a group of Snow customers – as I left the meeting, we touched briefly on the need to prepare for Brexit and the possible implications from a contractual and taxation perspective. On the flight to my next destination I started to put together some notes – and the next day the same topic came up with a different group. I’d hoped that things would become clearer after the week’s negotiations and the UK vote at the weekend. However, it is still unclear as to when the Brexit process will begin, what any deal will involve and how long it will take.
On Oct. 4 I posted on LinkedIn about needing to renew my passport in preparation for a no-deal Brexit, and some of the questions that have been raised about how technology assets will be treated after Oct. 31. While I’d hoped that someone might know, I wasn’t holding out much hope – after all, until we know what the deal is, no government agency or software vendor can really be sure what they’re going to do.
What do people think the impact will be?
Back in April of this year we ran a survey across in the UK, Germany, France, Spain, Portugal and Italy* asking participants how they felt Brexit would impact them. When UK respondents were asked about whether they were worried about the impact Brexit would have on their job, 53% said yes and 47% said no, compared to the rest of Europe where 45% said yes and 55% said no.
Despite more information being made available by various government agencies across the EEA, anecdotal evidence (discussions with colleagues, customers, friends, acquaintances, members of the IT community, fellow passengers on flights and in airline lounges, taxi drivers, bartenders and others, representing a range of roles, industries, ages and geographies as well as observation of what’s being tweeted or posted on LinkedIn and Facebook) suggests that concern about the impact on business is increasing – uncertainty and an inability to prepare has already had an impact. Businesses are losing contracts or moving operations out of the UK to avoid this. The most concerning of these is the lack of communication to end users from within their organisations – many of those who work internationally haven’t heard anything from their IT departments, or indeed elsewhere in their organisations. A couple of people mentioned that they’d been advised to minimize travel commitments around the Brexit deadline, but these were the exception.
If no one knows what’s happening, what can you do to prepare?
When we finally know what’s going on – and this won’t magically happen on Oct. 31 or even Nov. 1, or even three months later – it will help if you have worked out:
- Which software installations are physically located in UK
- Which software is assigned to users employed in the UK
- Which SaaS subscriptions are assigned to users employed in the UK (and where that SaaS is delivered from)
- Which IaaS/PaaS/hosted services are accessed by users employed in the UK
- Which European Economic Area (EEA, which at the time of writing consists of the EU countries plus Iceland, Norway and Lichtenstein – Switzerland is not part of the EEA but is part of the single market) employees spend a significant amount of time in the UK and what devices are assigned to them
- Which UK employees spend time in EEA countries and what devices are assigned to them (identify roaming users and confirm their country of employment with HR)
- Where you purchase the software and where it is deployed to (i.e. are you exporting from the UK to the EEA or from the EEA to the UK)
Some of these may have been identified already for GDPR purposes, so make sure that you talk to your DPO or equivalent rather than duplicating effort. Of course, if you have the information easily available in your ITAM systems, then you can work together to validate both sets of data.
Ideally you should take a snapshot of the situation at midnight on Oct. 31 (or whatever the new date is if this changes) so you have a point in time reference.
Until we know what the deal is there is little more you can do to prepare, but armed with this information you’ll have an idea of the scope of the problem – the parts of the business impacted, the individuals involved and the technology vendors you’ll need to work with.
Once you’ve identified all the software and cloud services that are used in the UK/by UK employees, then you need to check the entitlement. If you have a global contract then there may not be any issues, but you do need to check whether the terms are consistent globally or whether there are any EEA-specific provisions that you need to be aware of. Where global agreements require geographic assignment and currently have the EEA as a single geography, you will need to ensure that you can split out the UK requirements if necessary (in the event of ‘no deal’ or one that leave the UK outside the single market). Once the taxation implications become clear you may find that at contract renewal you need to rethink where you contract for and purchase your licences in order to be most tax efficient (or minimize the bureaucracy).
Other activities to consider implementing immediately include:
- Amending your standard contract negotiation guidelines to ensure that new contracts (or renewals) address the geographic issue by either removing restrictions completely or adding ‘UK’ to the ‘EEA and Switzerland’ terminology that it usually included
- Creating a notification policy or process to identify any breach of terms of service
- Add a workflow that includes a requirement to provide details of ‘country of use’ or ‘country of residency’ to any request or input of contract and license documentation
Mature ITAM, with a strategic focus, takes a process-based approach
While many organisations focus their SAM or licence management activity on a vendor-by-vendor basis, often prioritising based on size of contract or spend, I have always advocated a process-based approach. The situation caused by Brexit is an example of why – while many software asset managers are focused on compliance from an individual vendor perspective (a legacy of the audit culture that has become less prevalent in recent years), there is more to SAM than licence compliance, and it is not simply the vendors where you spend the most money that you may be exposed to risks or have opportunities.
Taking a process-based approach means that once you have your processes working, then all consumption data can be held and understood. And likewise, any entitlement data can be added to the SAM system as and when it is delivered (or for historic data, when it is located/identified). Taking a process-based approach makes it easier for you to address business challenges (how much is the total cost of providing tech to support e.g. an individual/a business process; can you prove regulatory compliance e.g. assignment of contracts to the correct legal entities, payment of invoices by the entity that uses the product or service), and puts you in a position where events like Brexit (and hopefully there won’t be too many of those) don’t result in massive disruption as you have to start from scratch with the hundreds of vendors who haven’t been on your priority list previously.
To prepare for Brexit you need to know about every single piece of software and every cloud service that is used in the UK or by UK employees. Likewise, you need to understand their entitlement. If you’ve been focused on individual vendors you may have excellent data for a few key vendors (typically Microsoft, Oracle, IBM, SAP, Adobe and around half a dozen others), but be missing data for many of the others. If you have low SAM maturity and have been tactically focused you’ve got a lot of work to do.
If you have questions about the points raised above, or suggestions as to how to best deal with some of these challenges, please join the discussion with your peers on Snow Globe.
*The survey was conducted in April 2019 and included responses from 3,000 full or part time employees of organisations in the US, Europe and Asia Pacific who use technology as part of their job. A total of 1,021 respondents were from Europe (UK, Germany, France, Spain, Italy and Portugal).