Risks
3.51 The review considered the key risks of having the single seller arrangements (SSAs), the potential for unintended consequences, and how to manage or further mitigate these risks.
3.52 The below table lists these key risks and the assessed risk rating. Overall, the review found the key risks identified were low to medium, and either already effectively managed or with some opportunity for improvement which are reflected within Chapter 7 Recommendations and actions.
Risk title | Risk rating |
|---|---|
Seller lock-out | Medium |
Buyer locked into seller | Low |
Single seller vulnerability | Medium |
Insufficient flexibility | Medium |
Increased administrative burden | Medium |
Misalignment with technology, policy or legislation | Medium |
Unrealised value for money | Low |
3.53 The following sub-sections contain a description of each risk using a simplified risk statement (sub-section title), followed by a rating of that risk, then a fuller discussion of that risk. Risk ratings were assessed in alignment with Appendix I: Risk matrix.
3.54 Note, additional risks are identified by sellers and buyers at contractual levels relevant to key aspects of discovery, design, implementation or sustainment of the products and services offered under the SSAs. Rightfully, these risks are best considered ahead of agreeing the relevant contract. These include risks associated with data privacy, security, architecture and delivery.
Seller lock-out
Assessed risk rating
Likelihood | Impact | Risk rating |
Possible | Moderate | Medium |
Description
3.55 Seller lock-out relates to the prevention of other sellers from competing to provide the same products, services and solutions as the SSA sellers. The review found the risk of seller lock-out is medium.
3.56 The review summarised a high-level competitive analysis, which can be found in Appendix G: Competitive landscape. This showed that there is strong competitive tension amongst the SSAs themselves within common product or service groupings, a dynamic that helps offset some of the seller lock-out risk. Nonetheless, decisions by buyers that result in the potential exclusion of alternative providers may lead to over-reliance on a limited pool of large sellers, which possibly diminishes the Australian Government's bargaining power over time and a concentration of specific capabilities. Proper procurement by buyers is essential to help the Commonwealth to mitigate these risks while supporting buyers to access reliable technologies.
3.57 As a contracting framework, the SSAs are most appropriately aligned with instances where specified products, locked down by intellectual property rights, are not available through alternative providers. These circumstances allow the Australian Government to leverage its buying power while ensuring access to essential technologies that are critical for operational continuity. By focusing on such uniquely positioned products, SSAs can serve to protect government interests while capitalising on the proprietary expertise of the seller.
3.58 Conversely, the use of SSAs for services is less compelling, especially given the establishment of numerous services panels (e.g. Digital Marketplace Panel 2, Management Advisory Services Panel, People Panel). These panels demonstrate the availability of diverse service providers capable of meeting government requirements. Furthermore, many of the SSA sellers maintain extensive Australian partner networks comprising thousands of local companies, indicating that the domestic services market is both strong and diverse.
3.59 Many of the agencies interviewed confirmed they do not utilise the SSAs as a procurement pathway, rather only as a contracting framework. Nonetheless, a commonly cited means through which the use of the Coordinated Procurement provisions within the CPRs can create a competitive advantage for SSA sellers is by lowering contracting costs and simplifying engagement processes. How this can happen is depicted below.
3.60 It is noted this is an inherent risk of all Coordinated Procurements (e.g. panels), and the Digital Transformation Agency (DTA) is actively working with buyers to manage this risk. In particular, the DTA is actively encouraging buyers to use established marketplaces as a mechanism to efficiently and effectively obtain competitive quotes from the market.
3.61 Another example is that the SSAs are automatically exempted from the upper limits imposed by the Contracts Limits and Reviews Policy.
3.62 The combination of greater contracting efficiencies, and longer term and larger contracts, means the SSAs can extend more competitive pricing (i.e. better discounts) than non-SSA sellers. Further, the desire for longer contracts was echoed by the SSA sellers, who noted that enabling this extended time enabled them to further improve discounts or other benefits. This can result in the SSA sellers’ ability to be more competitive in procurement processes.
3.63 From the perspective of transparency, there is room to make clearer how SSA sellers are being engaged. The review noted that it is not a requirement that all purchases under the SSAs must go through BuyICT, which limits the availability of data on the use of the arrangements.
3.64 The issues described above need to be balanced with the reality that the proliferation of the SSA sellers’ technologies stems from their proven reliability and efficacy. These sellers have invested extensively in the development, support, and refinement of systems that underpin critical government operations. This track record of performance has positioned them as the logical choice of technology for governments and businesses globally.
Key mitigations
3.65 The below key mitigations were identified:
- Strengthen DTA education efforts regarding the most appropriate use of SSA sellers as a Coordinated Procurement.
- Maintain competitive tension during buyers’ procurement activities, inviting multiple sellers.
- Establish CAIP Plans to support the growth of sovereign Australian industry technological capability.
- Implementation of the framework outlined in the Clarity through a framework section of this report will support setting clear expectations for seller qualification for SSAs.
- Distinguish within the CPRs whole of Australian Government digital contracts from Coordinated Procurements to address the risk of SSAs being utilised as a procurement pathway.
- Review the existing Contracts Limits and Review Policy to ensure competitive neutrality between sellers.
Buyer locked into seller
Assessed risk rating
Likelihood | Impact | Risk rating |
|---|---|---|
Unlikely | Moderate | Low |
Description
3.66 Buyers are locked into a seller when the buyer is prevented from being able to switch to another seller if they choose to.
3.67 The review found the risk the SSAs lock a buyer into a seller is low. SSAs themselves do not drive dependency on a specific seller. Rather, the nature of technology and the costs to exit drive lock-in and challenges with switching providers. SSAs have historically reflected pre-existing buyer needs and prior competitive technology decisions. In essence, by the time a seller has an SSA, technology reliance had already occurred.
3.68 SSAs simply increase the benefits of engaging major sellers of technologies already chosen by a large portion of government agencies.
3.69 The reality for many organisations including government agencies is, it is the technology choice, not the length or size of the contract, that creates the lock-in. Once a technology choice is made, what follows is a series of decisions that create mutual dependencies in architectural alignment, integration and interoperability with other systems, data sharing, as well as a range of organisational and operational design choices made to ensure the system works. All of these can make it difficult and expensive to move away from any technology choice, regardless of the contractual mechanism in place.
3.70 In addition, policy settings of the Australian Government more broadly can have the unintended consequence of lock-in. For example, the Australian Government’s Corporate Services Investment Moratorium (issued June 2016) halted investment by agencies in ERP platforms except for GovERP, a SAP solution, thereby locking in agencies to their ERP platform. This moratorium was subsequently lifted in late-2023. In February 2020 SAP announced the end of life of ECC6, aligned with a commercial strategic decision to move to a cloud-based model of delivery recognising the organisational benefits for customers in modernising their systems. This established a timeframe by which agencies using SAP will be required to transition from ECC6 by 2030, which could be either a SAP or other ERP product. Rather than the SSA creating lock-in, it was the 2016 decision of the Australian Government to implement the moratorium which created the lock-in between 2016 and 2023.
3.71 Further, technology often forms the foundation of operations and management of organisations. This makes significant changes or removal of technology complex, challenging, risky and costly, all of which are often prohibitive. As such, any choice of technology creates some level of lock-in, to both the product being used and the seller supplying the product.
3.72 Another factor raised as contributing to lock-in is the inadequate consideration of transition requirements and associated costs at the conclusion of a contract (or SSA more broadly). Sellers are sometimes seen as discouraging easy migration from their technology, rather than relying on the quality of their product to maintain market position and relevance. To not do so will provide opportunities for new products to outperform and replace the SSA seller. Furthermore, as strategic partners, they have a responsibility to exhibit good corporate behaviour by prioritising the interests of their customer base.
3.73 For instance, egress charges - specifically fees applied for removing data from instances - can create resistance to change due to their financial implications. The European Union has prohibited such charges to ease data movement between sellers, highlighting the need for similar protections within the Australian context. Whilst beyond the scope of this review, if an SSA was not willing to voluntarily extend the European requirements to Australian buyers, the DTA could consider engaging with the Treasury and the ACCC to determine if it is appropriate to implement similar legislative protections in Australia.
3.74 Further, while buyers benefit from free trials of innovative technology and other ‘value-adding’ services, sellers broadly use a range of tactics to secure additional market position, thereby further entrenching themselves, such as:
- Offering heavy discounts to deploy products, which then enables price adjustments to be made later once the buyer has already architecturally committed.
- Running pilots and proofs of concept to demonstrate ‘must have’ capability.
- Bundling products together, making it more difficult or more costly to purchase the respective products desired by the seller, and can make it difficult to remove unwanted products.
3.75 The choice of technology introduces an additional risk associated with lock-in, by creating a dependency such that it weakens the Australian Government’s bargaining position. By opting for a specific technology en masse, the Australian Government forfeits much of its negotiating leverage as the associated technology becomes integral to government operations. This is particularly relevant where the technology is critical infrastructure, and cannot be easily replaced competitively. This dependence not only reduces the Australian Government’s ability to seek alternative providers but also places it at a disadvantage in future contract negotiations, potentially leading to price gouging, inflated costs or reduced flexibility. Careful consideration must be given to balancing the benefits of an SSA with the strategic risks posed to the Commonwealth's long-term autonomy and negotiating power.
Key mitigations
3.76 The below key mitigations were identified:
- Maintain competitive tension during buyers’ procurement activities, inviting multiple sellers.
- Contractually exclude egress charges, or similar, to support data transitions and flexibility.
- Include exit and transition requirements in contracts, with clear provisions to address changes initiated by sellers as discussed in the Building in an exit plan section of this report.
- Enable contractual and usage flexibility as discussed in the Ensuring flexibility section of this report.
- Where technology is critical infrastructure, and cannot be easily replaced competitively, implement multi-year rolling contracts and negotiate annually the next out-year (e.g. in a 5-year contract, the 6th year is negotiated annually).
Single seller vulnerability
Assessed risk rating
Likelihood | Impact | Risk rating |
|---|---|---|
Rare | Catastrophic | Medium |
Description
3.77 The Buyer locked into seller risk section of this report considered the risk of the Australian Government being locked into a seller through the SSA. In examining that risk, the review identified that the extensive use of one or a few single sellers for critical technology across the Commonwealth poses a risk to maintaining critical services if one of these sellers fail.
3.78 Although rare, large global product and service sellers can fail, with potentially catastrophic impacts without viable alternatives, especially given the barriers to shifting technologies. Diversity within the SSA portfolio and ongoing access to broader market players can help mitigate this risk.
3.79 No seller is immune to global forces, which can result in large, multi-national corporate collapse (e.g. Enron, Lehman Brothers, Nortel Networks, Carillion, and Wirecard). For example, as an outcome of Defence’s efforts to consolidate their technology environment, Defence signed a 10-year lease agreement with GlobalSwitch for data centre services. However, in 2016, its parent company, London-based Aldersgate Investments, accepted $4 billion for a 49% stake from the Chinese consortium Jiangsu Shagang Group. This was increased to almost full ownership in 2019. Due to this ownership change, Defence and other Australian Government agencies had to re-evaluate their data centre strategies, incurring significant costs as a result.
3.80 Vulnerability can also be experienced at a product level. A recent example of this is CrowdStrike’s global IT outage in 2024, which caused major disruption to key infrastructure worldwide, including to several of Microsoft’s products.
3.81 Although these examples demonstrate that over-exposure to a single, large multi-national risks catastrophically affecting the capability to deliver core government services, there are commercial realities to consider (e.g. intellectual property rights and copyright). The Australian Government cannot simply carve up ownership of these products to address this risk. Given this, Australian Government agencies can limit their exposure by pursuing diverse, strong market relationships wherever realistic.
3.82 There is also a role for the DTA in identifying and understanding seller and product concentration risk across the Australian Government, and supporting buyers with determining appropriate strategies to mitigate this risk, without infringing buyers' autonomy of choice or limiting capability.
Key mitigations
3.83 The below key mitigations were identified:
- Work with buyers to identify areas of concentration risk with specific SSA sellers to determine potential exposure.
- Maintain competitive tension during buyers’ procurement activities, inviting multiple sellers.
- Continue to mandate transparency regarding changes in company structure or ownership, alongside mechanisms to protect buyer operations during such transitions.
Insufficient flexibility
Assessed risk rating
Likelihood | Impact | Risk rating |
|---|---|---|
Likely | Moderate | Medium |
Description
3.84 There is a medium level risk that SSAs, due to their scale, become too standardised and hinder full utilisation of products, services and value-adds (e.g. discounts, investments). In other words, there is a risk that SSAs lack flexibility to cater for everyone’s needs - this was echoed by buyers of all sizes.
3.85 The effectiveness of SSAs is limited where buyers cannot utilise the products or services on offer. The common barriers to using what was purchased cited by buyers were:
- Contractual commitments made by the DTA did not reflect respective buyers' strategic technology or business intent.
“Half the time agencies miss out on things they are entitled to”
- Contractual complexity making understanding what is available, and for what price, challenging.
- Insufficient training or a lack of awareness regarding how to access and deploy available features constrains agencies from realising the full value of the arrangement.
- SSAs which include bundling of products, of which some products were not required by buyers.
- SSAs can be restrictive and fail to adequately align with the specific operational requirements of agencies, particularly in relation to their unique environments. (A particular SSA requires agencies to commit to a minimum buy over three years. The review acknowledges this reflects commercial reality for the seller (i.e. the discount price was offered because of the commitment to buy).)
3.86 These limitations can further hinder agencies’ ability to fully leverage the agreements benefits, raising concerns about the SSAs’ effectiveness and flexibility in meeting diverse needs across government.
3.87 Feedback from several agencies indicates SSAs could deliver greater value if there was flexibility to amend contractual clauses, remove provisions unnecessary for the specific engagement and to clearly specify requirements (e.g. warranties). In particular, some larger agencies stated they have been able to negotiate more favourable outcomes directly with SSA sellers by committing to large, well-defined purchases. In some cases, buyers and SSA sellers negotiated separate contracts to better address the situation. This highlights the importance of tailored contract design in achieving cost efficiencies and meeting agency objectives, but also instances where the actions of SSA sellers could be regarded as less strategic and more opportunistic in nature.
3.88 Although the ability to amend the agreements to tailor them for the specific agency requirements is valuable, appropriate governance over such amendments is necessary, including DTA’s authority to approve changes given its role as the central owner of the SSAs.
3.89 States and Territories echoed the requirement to further tailor SSAs. For example, the South Australia Government could not use one of the SSAs it considered of interest because it does not comply with the State’s privacy requirements, appropriate Service Level Agreements cannot be incorporated and insufficient remedies for breach of warranty.
3.90 Another key factor cited by buyers regarding flexibility was the inability to adjusting (e.g. true up or true down) purchase quantities, especially where changes have occurred beyond their control (e.g. Machinery of Government changes). The review noted the shift to cloud and ‘as a service’ models have enabled more dynamic adjustments to be made to purchase quantities (e.g. daily or monthly subscription models).
Key mitigations
3.91 The below key mitigations were identified:
- Engage key buyers to determine strategic technology plans.
- Include a select group of buyers at the negotiating table to actively support the DTA in achieving the best possible outcome.
- Include mechanisms to enable flexible product reallocations across buyers, treating the Australian Government as a single buying entity.
- Ensure any contract entered which has the effect of modifying a head agreement is subject to DTA approval to ensure the impact on protections included in the head agreement are not circumvented inadvertently.
- Deliver training and education to support buyers in understanding the arrangements.
- ‘Bolt on’ addendums to alter the head agreement or contracts for specific agency or State and Territory needs, similar to the AWS agreement.
Increased administrative burden
Assessed risk rating
Likelihood | Impact | Risk rating |
|---|---|---|
Possible | Moderate | Medium |
Description
3.92 Another risk that relates to the SSAs is the risk or complexity in the head agreement. Many buyers, including States and Territories as well as Commonwealth agencies, reflected on the complex nature of some of the arrangements and the administrative burden required to negotiate individual agency contracts under the SSA, and manage and track use of the arrangements.
3.93 Efforts to maximise value frequently result in the inclusion of bespoke contract elements, tailored to address specific needs or circumstances. In the Australian Government context, examples of these include requirements associated with privacy, Indigenous or Australian industry procurement preferences, data sovereignty, and cyber and security. While beneficial, these customisations often introduce significant complexity into contract management processes. This added complexity can dilute potential efficiencies, undermining the advantages the arrangement is intended to deliver.
3.94 Buyers also noted that some inefficiencies they experience are due to how the clauses have been administratively designed. For example, the visibility of reporting credits available for use and processes for tracking usage of these could be streamlined. These inefficiencies are most heavily felt by large agencies. Defence, for example, manages hundreds of technology contracts, and requiring education across all of them is challenging at scale.
Key mitigations
3.95 The below key mitigations were identified:
- Clarify responsibilities across buyers, sellers and the DTA, for example through a Responsible, Accountable, Consult and Inform (RACI) model, for SSAs to identify where administrative activities exist.
- Where possible, drive contractual consistency to create commonality and support administrative efficiency.
- Include a select group of buyers at the negotiating table to actively support the DTA in achieving the best possible outcome.
- Deliver training and education to support buyers in understanding the arrangements.
Misalignment with technology, policy or legislation
Assessed risk rating
Likelihood | Impact | Risk rating |
|---|---|---|
Almost certain | Minor | Medium |
Description
3.96 The risk that SSAs do not remain aligned to evolving technology, policy or changes in legislation is rated medium. The review found evidence, as discussed earlier, of areas for improvement in how the SSAs apply policy in practice. However, the DTA have adopted review processes to ensure compliance on behalf of the Australian Government.
3.97 Over the past two decades there has been a significant shift within the Australian Government from an on-premises technology environment to cloud and ‘as a service’ models (e.g. Software as a Service, Platform as a Service, Infrastructure as a Service). In particular, this has seen a shift in the licence model from upfront purchase of software (e.g. buying and installing Windows Vista) to on-demand subscription models (e.g. month-to-month subscription for M365). Despite these changes, an overarching agreement (i.e. the SSA) is required so as to align to the specific policy the Australian Government has implemented.
3.98 Ongoing policy and legislative change inevitably affect long-term contractual arrangements. Despite this, long-term contracts are a key point of leverage in the Australia Government’s bargaining strategy. Therefore, whilst longer term SSAs will require updates to be periodically made as the policy and legislative environment changes, the DTA ought to continue to ensure appropriate mechanisms are in place to keep up with the changes. It is noted, all six of the SSA head agreements have clauses that allow for updates in response to legislative or policy shifts.
3.99 Responding to changes within the technology environment can be more challenging. Broadly, most of the SSAs provide for flexibility, however, there have been some successes and some challenges in responding to technological change. For example, the whole of Australian Government Microsoft Copilot trial and subsequent roll-out across Commonwealth agencies demonstrates how SSAs have been used to adapt to technological change.
3.100 Whilst the emergence of some technologies can be predicted with greater clarity (e.g. quantum), the exact timing of these changes cannot be easily foreseen. As such, mid-contract or periodic reviews are critical to address evolving requirements without conflating these reviews with exit provisions or option periods.
3.101 Given changes in these environments happen dynamically, there is not an optimal contractual length which could be agreed upon by stakeholders. Rather, implementing review points throughout the SSA's life will support addressing this challenge.
Key mitigations
3.102 The below key mitigations were identified:
- Retain clauses that enable alignment to policy and legislative changes.
- Establish periodic reviews, independent of provisions for contract termination.
- Enable the addition of emergent technologies to be negotiated into contracts following the completion of any procurement process (e.g. establishment of a new whole of Australian Government panel or an agency having identified a new technology it wants to procure).
Unrealised value for money
Assessed risk rating
Likelihood | Impact | Risk rating |
|---|---|---|
Possible | Minor | Low |
Description
3.103 The risk that the SSAs do not deliver value for money is low. Notwithstanding the importance of ensuring competition in procurement processes, buyers consistently stated the SSAs provide a useful mechanism to contribute to the achievement of value for money for the Commonwealth, including through non-financial benefits. In saying that, some raised the variability of these benefits at the individual agency level as an area for improvement.
3.104 As described in more detail in the Funding model section of this report, the current funding model is complex. While the Central Administration Fee (CAF) recovers the costs of administering the SSAs centrally, the Consolidated Revenue Fund (CRF) savings fee, collected and returned to the CRF, does not contribute to the administration of the SSAs. In a value for money assessment and comparison between an SSA seller and a non-SSA seller, an agency may find that financially it is more expensive (to the agency as opposed to the Commonwealth) to select the SSA seller, given the additional CAF or CRF savings fee it needs to pay.
3.105 Some larger agencies stated they could negotiate the same or even better discounts or terms and conditions for themselves, relative to those in the SSAs. This is indicative of the value of leveraging the large agencies at the negotiating table to maximise the value able to be derived for the benefit of all agencies across the Australian Government.
3.106 Some smaller agencies stated that specific thresholds for triggering certain discounts were not always aligned to their buy profile, and bundling can result in the provision of certain unnecessary products and services.
3.107 Another example is discounts being tied to a certain volumes of licenses, with limited ability to subsequently true down to reflect the actual usage over time at either a buyer or whole of Australian Government level (e.g. such as during times of machinery of government changes or reducing the APS workforce, and the resulting lesser need for licenses). This results in agencies sometimes paying for more than they require. Insufficient flexibility in this regard undermines whole of Australian Government value for money outcomes.
Key mitigations
3.108 The below key mitigations were identified:
- Engage buyers to understand strategic technology plans, buy profiles and respective requirements.
- Include a select group of buyers at the negotiating table to actively support the DTA in achieving the best possible outcome.
- Enable contractual and usage flexibility as discussed in the Ensuring flexibility section of this report.
- Reconsider the funding model with particular focus on minimising unintended consequences from the CRF savings fee.