Digital transformation is a strategic priority for many Belgian public authorities, and the related contracts are among the most complex to award and manage. While many factors determine their success, a carefully designed and well-managed tender process can provide the legal guardrails necessary for a successful implementation.

Below we highlight several key legal points of attention when launching a public tender for digital transformation or major technology projects.

Choosing the right tender procedure is a strategic legal decision

Under Belgian public procurement law, the chosen procedure determines the degree of dialogue, negotiation, and flexibility available during the tender process.

For complex technology projects, an open procedure combined with fully detailed technical specifications may initially appear legally safe. In practice, however, this approach can prove counterproductive where requirements cannot be exhaustively defined upfront.

In many cases, procedures allowing structured interaction with the market – such as the competitive procedure with negotiation, competitive dialogue or, in some cases, an innovation partnership – may offer a more appropriate legal framework.

The choice of procedure should reflect: (i) the level of technical uncertainty, (ii) the need for market input, and (iii) the complexity of the service delivery model.

Selecting the wrong procedure may structurally limit flexibility for the remainder of the project.

The general rules for execution are not technology contracts

The General Rules for Execution (GRE) provide the mandatory framework governing the performance of public contracts in Belgium. However, they were not drafted for today’s fast-evolving technology landscape, and do not specifically consider the procurement of digital services (such as cloud services, ERP services, AI solutions, cybersecurity services, etc.). 

Technology projects raise contractual issues that are only partially addressed, not adequately addressed, or not addressed at all by the GRE, including (i) acceptance and testing mechanisms, (ii) intellectual property ownership and licensing, (iii) allocation of responsibilities and limitations of liability, and (iv) exit arrangements and transition assistance. 

Strategic technology contracts therefore almost always require tailored contractual provisions and carefully motivated deviations from the GRE.

Simply relying on the GRE as the main contractual framework is rarely workable in practice and may discourage serious bidders. At the same time, there is no one-size-fits-all contracting approach: the contractual model for cloud infrastructure, ERP subscriptions, custom software development, or system integration services will differ significantly.

Carefully designing the contractual framework before launching the tender is therefore essential. Well-structured contracts are not merely legal safeguards – they form the foundation for clear accountability, balanced risk allocation, and sustainable long-term partnerships with technology providers.

Managing change within the limits of procurement law

Technology projects rarely evolve exactly as initially planned. Requirements may evolve, functionalities may be added or removed, and regulatory developments may require adjustments.

However, public procurement law strictly regulates post-award contract modifications.

If revision clauses are insufficiently drafted, necessary adjustments during the project lifecycle may risk being considered unlawful modifications, potentially exposing the public authority to annulment risks.

Tender documents should therefore: (i) scope the project sufficiently broadly, (ii) include robust and transparent change management procedures, and (iii) foresee compliant revision clauses that allow the contract to evolve within the boundaries of procurement law.

Contract duration also deserves careful attention. While framework agreements are generally limited to four years under the GRE, strategic technology projects often require longer time horizons due to significant implementation investments and transformation efforts. A well-substantiated motivation on a longer duration combined with structured and flexible extension rights may therefore be required.

Vendor lock-in: both a technical and legal risk

Vendor lock-in, i.e. the situation whereby a public authority becomes dependent on a single technology provider or technological ecosystem, remains one of the most common risks in large digital transformation projects.

In response to this concern, the European legislator has adopted the Data Act, which aims, among other objectives, to reduce lock-in risks in cloud environments by facilitating switching and interoperability. In addition, public authorities have a general obligation to avoid creating a dependency on a single supplier, as recognized by the Court of Justice of the EU in its judgment of 9 January 2025 (C-578/23).

In practice, however, replacing a technology provider remains difficult, even with the right contractual safeguards. A number of factors may contribute to this reality: limited internal expertise on alternative technologies, the absence of a budget or business case to migrate to another technology, and the operational burden associated with launching a new, often complex, tender process.

Technology providers are generally aware of this dynamic. Once a contract has been awarded and a strategic system is being implemented, replacing the technology provider can become costly and disruptive for the public authority, even where the project does not deliver the expected results.

For that reason, preventing excessive dependency from the outset remains one of the most effective ways to mitigate vendor lock-in risks.

Digital sovereignty and geopolitical risk

Technology procurement increasingly intersects with broader geopolitical and strategic considerations.

Issues such as the jurisdictional exposure of technology providers, potential access to (governmental) data under foreign legislation (for example the US Cloud Act), or reliance on non-European digital infrastructure can raise concerns relating to digital sovereignty, cybersecurity, and operational resilience.

For public authorities responsible for critical public services, these considerations cannot be ignored. 

Tender design and contractual frameworks should therefore carefully address: (i) data localization and processing arrangements, (ii) subcontracting chains, (iii) supply chain security, (iv) compliance with European cybersecurity frameworks, and (v) audit and transparency mechanisms. Embedding these considerations into the procurement strategy helps ensure that critical public services remain secure and resilient.

Understanding the technology market

The technology procurement landscape is evolving rapidly. While public authorities traditionally engaged with suppliers willing to adapt their contracts to public procurement requirements, the growing presence of global technology providers is changing this dynamic.

Large technology companies often operate with highly standardized contractual models, limited negotiation flexibility, and risk allocations that may not easily align with Belgian public procurement rules. This can create significant friction during tender processes.

Understanding the relevant technology market, including the business models and contractual practices of potential bidders, is therefore critical when designing the procurement strategy and contractual framework.

Bringing the right expertise to the table

Successful technology procurement requires more than a well-drafted tender. It requires bringing together the expertise from the outset.

IT, procurement, legal, finance, cybersecurity, and business teams all have a role to play – each with their own objectives and risk perspectives. 

Aligning these interests while maintaining project momentum requires strong governance and coordination. In practice, successful tenders are the result of a genuine “A-team” effort, combining technical, operational, and legal expertise.

From a legal standpoint, professionals who understand both technology contracting and public procurement law are essential to navigate the complexity of strategic digital projects.

***

To conclude, digital transformation projects are strategic programs that raise complex questions around procurement law, contractual frameworks, cybersecurity, and digital sovereignty.

While no tender design can fully eliminate the inherent risks of large technology programs, a carefully structured procurement strategy and robust contractual framework significantly increase the chances of success and a resilient implementation.

By selecting the right procedure, designing technology-appropriate contracts, anticipating change, and ensuring strong governance from the outset, public authorities can create the legal foundations for sustainable digital transformation projects.

If you require further information or legal advice in this respect, please contact us! (Marlies Martin & Raf Schoefs).