Business Process Outsourcing Agreement (UAE)
BUSINESS PROCESS OUTSOURCING AGREEMENT
Dated: [Agreement Date]
Service Provider: [Provider Name] (Trade Licence: [Provider Licence]), of [Provider Address] (the "Service Provider");
Client: [Client Name] (Trade Licence: [Client Licence]), of [Client Address] (the "Client").
1. OUTSOURCED PROCESSES AND SERVICE LEVELS
1.1 The Service Provider shall perform the following business processes on behalf of the Client: [Outsourced Processes].
1.2 The Service Provider shall meet the following service level commitments: [Service Level].
1.3 Remedy for service-level breaches: [SLA Penalty].
1.4 The Service Provider shall perform all services in good faith and with the care of a competent service provider, in accordance with Article 246 of the UAE Civil Code (Federal Law No. 5 of 1985).
2. TRANSITION AND KNOWLEDGE TRANSFER
2.1 Transition and knowledge-transfer period: [Transition Period].
2.2 The Client shall provide the Service Provider with all information, access, and co-operation reasonably necessary to enable the Service Provider to assume and perform the outsourced processes.
3. TERM AND RENEWAL
3.1 This Agreement begins on [Start Date] and continues for the initial term of [Contract Term].
3.2 Either party may prevent renewal by giving not less than 90 days' written notice before the end of the then-current term.
4. FEES AND PAYMENT
4.1 The Client shall pay the Service Provider [Service Fees].
4.2 Payment terms: [Payment Terms].
4.3 All amounts are subject to Value Added Tax at the prevailing rate under the VAT Law (Federal Decree-Law No. 8 of 2017), where applicable. The Service Provider shall issue valid tax invoices meeting Federal Tax Authority (FTA) requirements.
4.4 Overdue amounts bear commercial interest under Articles 76 and 77 of the Commercial Transactions Law (Federal Decree-Law No. 50 of 2022).
5. DATA PROTECTION AND SECURITY
5.1 Data storage and processing location: [Data Location].
5.2 The Service Provider shall process personal data of the Client and the Client's employees or customers only as instructed by the Client and shall comply with the Personal Data Protection Law (Federal Decree-Law No. 45 of 2021), its implementing regulations, and any standards issued by the UAE Data Office.
5.3 The Service Provider shall implement appropriate technical and organisational security measures to protect the Client's data and systems against unauthorised access, loss, or disclosure.
5.4 The Service Provider shall notify the Client promptly of any actual or suspected data breach and shall co-operate with the Client in any required notification to the UAE Data Office.
6. CONFIDENTIALITY
6.1 The Service Provider shall keep confidential all non-public information of the Client obtained in connection with this Agreement and shall use it only for performing the outsourced processes.
6.2 Confidentiality obligations survive termination of this Agreement for a period of five years.
7. LIABILITY AND TERMINATION
7.1 Liability for breach is governed by Articles 282 and 389 of the UAE Civil Code (Federal Law No. 5 of 1985). The Service Provider's aggregate liability under this Agreement shall not exceed 12 months' service fees, except in cases of fraud, wilful default, or data protection breaches.
7.2 Either party may terminate this Agreement on 90 days' written notice, or immediately for a material breach not remedied within 30 days of written notice.
7.3 On termination or expiry, the Service Provider shall provide exit assistance for a period of up to 90 days and shall return or destroy the Client's data and confidential information.
8. GENERAL
8.1 This Agreement is governed by the laws of the United Arab Emirates and the parties submit to the exclusive jurisdiction of the [Governing Forum].
8.2 This Agreement is the entire agreement between the parties on its subject matter and may be amended only in writing signed by authorised representatives.
8.3 The Service Provider shall not subcontract any outsourced process without the prior written consent of the Client.
Signed for and on behalf of the Service Provider: [Provider Name]
Signed for and on behalf of the Client: [Client Name]
Service Provider
________________
Signature
Client
________________
Signature
What Is a Business Process Outsourcing Agreement (UAE)?
A Business Process Outsourcing Agreement in the United Arab Emirates is a long-form commercial contract under the UAE Civil Code (Federal Law No. 5 of 1985) and the Commercial Transactions Law (Federal Decree-Law No. 50 of 2022) through which an organisation — the client — transfers the management and execution of defined recurring business functions to an external specialist service provider in exchange for a recurring service fee. Article 125 of the Civil Code confirms that the contract is formed when the parties agree the essential terms — the processes to be outsourced, the service levels, and the fees — and Article 246 requires both parties to perform in good faith. BPO arrangements have become a significant part of the UAE business landscape, with organisations in banking and finance, healthcare, government, logistics, and technology outsourcing functions ranging from payroll and accounts processing to IT helpdesk, customer contact centre operations, and regulatory compliance support.
The distinguishing characteristic of a BPO agreement is that the client is not simply buying a one-time service but delegating the ongoing management of a critical business function to an outside party for a multi-year term. The service provider assumes operational responsibility for the process — deploying its own staff, technology, and methodology — and the client measures performance against agreed service levels rather than supervising day-to-day execution. This creates a fundamentally different risk profile from a project-based services contract: the client depends on the provider's continued performance for its own internal operations, and any interruption can disrupt the client's business.
The legal framework combines the UAE Civil Code (Federal Law No. 5 of 1985) for contract formation, good faith, and remedies, with the Commercial Transactions Law (Federal Decree-Law No. 50 of 2022) for commercial obligations between merchants and overdue interest under Articles 76 and 77. The service provider must hold a valid trade licence from the relevant Department of Economic Development or free-zone authority covering the outsourced activities, in accordance with the Commercial Companies Law (Federal Decree-Law No. 32 of 2021).
Data protection is central to BPO agreements because the service provider accesses and processes large volumes of the client's business data, including personal data of employees and customers. The Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) applies onshore, classifying the provider as a data processor acting on the client's instructions as data controller. The UAE Data Office, established as the supervisory authority, enforces data protection obligations, and the agreement must address permitted processing purposes, security standards, breach notification, and conditions for sub-processing. For providers or clients within the Dubai International Financial Centre, the DIFC Data Protection Law (DIFC Law No. 5 of 2020) and the DIFC Commissioner of Data Protection apply; for the Abu Dhabi Global Market, the ADGM Data Protection Regulations 2021 and the ADGM Registration Authority govern.
Service levels are the operational core of the BPO contract. The service-level agreement, typically appended as a schedule, defines performance metrics such as system uptime, transaction turnaround times, error rates, and helpdesk response times; sets the measurement methodology; and provides the remedies — commonly service credits — for failure to meet the agreed standards. Value Added Tax at 5% under the VAT Law (Federal Decree-Law No. 8 of 2017), administered by the Federal Tax Authority (FTA), applies to BPO services supplied within the UAE. Corporate Tax at 9% above the threshold applies under the Corporate Tax Law (Federal Decree-Law No. 47 of 2022). Electronic execution is valid under the Electronic Transactions and Trust Services Law (Federal Decree-Law No. 46 of 2021), and disputes are heard by the Dubai Courts, the Abu Dhabi Judicial Department, the DIFC Courts, or the ADGM Courts, or referred to arbitration before the Dubai International Arbitration Centre (DIAC) under the Federal Arbitration Law (Federal Law No. 6 of 2018).
When Do You Need a Business Process Outsourcing Agreement (UAE)?
A Business Process Outsourcing Agreement in the United Arab Emirates is needed whenever an organisation delegates the ongoing management of a defined business function to an external provider and requires enforceable terms to protect its operations, data, and commercial position under the UAE Civil Code (Federal Law No. 5 of 1985). The agreement records the scope of the outsourced processes, the service levels, the fees, the data protection obligations, and the exit provisions, reducing the risk of operational disruption and dispute before the Dubai Courts or the Abu Dhabi Judicial Department.
Finance and accounting outsourcing is one of the most common BPO arrangements in the UAE. Companies delegate accounts payable processing, payroll administration, general ledger management, and management reporting to specialist providers, freeing internal teams to focus on strategic finance while benefiting from the provider's scale and technology. The BPO Agreement must set precise turnaround times — for example payroll processed by the 25th of each month — and link payment instalments to VAT-compliant invoices under the VAT Law (Federal Decree-Law No. 8 of 2017).
IT infrastructure and helpdesk outsourcing is particularly common among mid-sized UAE businesses that cannot cost-effectively maintain an in-house technology team. BPO agreements for IT services must address system access rights, data security standards consistent with the Personal Data Protection Law (Federal Decree-Law No. 45 of 2021), escalation protocols, and business-continuity obligations.
Human resources outsourcing covers onboarding documentation, leave management, and employee records maintenance, with obligations that touch on the Labour Law (Federal Decree-Law No. 33 of 2021), Cabinet Resolution No. 1 of 2022, and the Ministry of Human Resources and Emiratisation (MOHRE) portals. The BPO Agreement must ensure the provider understands its obligations under UAE employment law.
Government and semi-government entities in Abu Dhabi and Dubai increasingly use BPO arrangements for administrative, back-office, and citizen-facing processes. These arrangements require the BPO Agreement to incorporate the relevant public sector procurement framework, sector-specific regulatory approvals, and data sovereignty requirements for processing government data within UAE boundaries.
What to Include in Your Business Process Outsourcing Agreement (UAE)
A UAE Business Process Outsourcing Agreement compliant with the UAE Civil Code (Federal Law No. 5 of 1985) and the Commercial Transactions Law (Federal Decree-Law No. 50 of 2022) must contain the following elements. The forms-legal.com UAE BPO agreement template addresses each component in a structure accepted by the Dubai Courts, the Abu Dhabi Judicial Department, the DIFC Courts, and the ADGM Courts.
Party identification must record the full legal name, trade licence number, and registered address of the service provider and the client. The service provider must hold a valid trade licence covering the outsourced activities, and the signatory of each party must have authority to bind the entity under the Commercial Companies Law (Federal Decree-Law No. 32 of 2021).
Scope of outsourced processes must list each business process being delegated — naming the specific process, the volumes or workload assumptions where relevant, and the geography of operations. A precise scope is essential because the Dubai Courts interpret the contract on its express terms under Article 257 of the Civil Code, and an ambiguous scope is the most common source of BPO disputes.
Service-level commitments must define the performance metrics, the measurement methodology, the reporting frequency, and the remedies for failure, typically service credits applied as a percentage of the monthly fee. The credits should be accompanied by credit notes for VAT purposes under the VAT Law (Federal Decree-Law No. 8 of 2017).
Term and renewal must state the initial contract period — commonly 2-3 years — the auto-renewal provisions, and the notice period required to prevent renewal, giving both parties adequate planning time.
Fees and payment terms must state the service fee in AED — fixed monthly, per-transaction, or volume-banded — the payment schedule, whether fees are inclusive or exclusive of VAT, and the mechanism for annual adjustments. Valid tax invoices must meet Federal Tax Authority (FTA) requirements.
Data protection and security must require compliance with the Personal Data Protection Law (Federal Decree-Law No. 45 of 2021), specify where data is stored and processed, define security standards, address sub-processing consent, and set breach notification obligations to the client and the UAE Data Office.
Confidentiality must require the provider to protect the client's business information and survive the contract for at least five years after expiry or termination.
Liability must cap the provider's aggregate liability — commonly 12 months' fees — carving out fraud, wilful default, and data protection breaches, in accordance with Articles 282, 389, and 296 of the Civil Code.
Sub-contracting must state whether it is permitted and on what conditions, requiring equivalent protections in any sub-contract and the provider's continued primary liability.
Exit and transition assistance must require the provider to continue performing during a defined exit period, co-operate with data migration and knowledge transfer, and return or destroy the client's data.
Governing law and dispute resolution must state UAE law and identify the forum — the Dubai Courts, the Abu Dhabi Courts, the DIFC Courts, the ADGM Courts, or DIAC arbitration under the Federal Arbitration Law (Federal Law No. 6 of 2018).
How to Fill Out Your Business Process Outsourcing Agreement (UAE)
Completing a Business Process Outsourcing Agreement for the United Arab Emirates requires careful attention to the operational detail of the processes being outsourced and the commercial terms, because this is a long-term relationship that will govern critical business functions for multiple years. Work through the template in order.
Start with the parties. Enter the full legal names, trade licence numbers, and registered addresses of the service provider and the client exactly as they appear on the relevant trade licences — whether issued by the Dubai Department of Economy and Tourism, the Abu Dhabi Department of Economic Development (ADEO), or a free-zone authority such as the DMCC or DIFC. Confirm the signatory's authority under the Commercial Companies Law (Federal Decree-Law No. 32 of 2021).
Enter the agreement date in DD/MM/YYYY format.
Describe the outsourced processes with precision. List each process separately — for example accounts payable processing, monthly payroll administration, and Level 1 IT helpdesk — because the service-level metrics will be attached to each specific process. Vague process descriptions lead to disputes about what is included in the scope and what constitutes a service-level failure.
Complete the service-level commitments by stating the specific metrics — uptime percentages, transaction turnaround times, first-response times — for each outsourced process. Choose the service-credit remedy that best reflects market standard and the materiality of the processes being outsourced.
Set the commencement date and the initial contract term, for example three years from the commencement date, renewable for successive 12-month periods absent 90 days' notice.
Describe the transition period if processes are being migrated from an incumbent provider or from an in-house team. A 60-day knowledge-transfer period is common for complex process migrations.
Complete the service fees in AED, state the payment terms — monthly in advance is standard for BPO — and confirm whether fees exclude VAT under the VAT Law (Federal Decree-Law No. 8 of 2017). Include the annual adjustment mechanism.
State the data storage and processing location, particularly whether data may be processed outside the UAE — the Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) restricts cross-border transfers without adequate protections.
Select the governing forum and arrange signature by authorised representatives. Electronic signatures are valid under the Electronic Transactions and Trust Services Law (Federal Decree-Law No. 46 of 2021). Retain the signed agreement and all approved service-level schedules as part of the contract record.
Legal Requirements for Business Process Outsourcing Agreement (UAE)
A Business Process Outsourcing Agreement in the United Arab Emirates is governed by the UAE Civil Code (Federal Law No. 5 of 1985) as the primary framework for contract formation, good faith, and remedies. Article 125 confirms contract formation when the parties agree the essential terms. Article 246 requires performance in good faith, Article 257 makes the express terms binding on the parties, and Articles 282 and 389 govern damages for breach. Article 296 prevents the exclusion of liability for a harmful act and operates as a ceiling on how broadly a liability cap can be drafted.
Where both parties are merchants, the Commercial Transactions Law (Federal Decree-Law No. 50 of 2022) supplements the Civil Code. The service provider must hold a valid trade licence covering the outsourced activities under the Commercial Companies Law (Federal Decree-Law No. 32 of 2021). For financial services BPO — including payment processing or banking back-office — the Central Bank of the UAE has published outsourcing guidelines that impose additional requirements on licensed institutions using external service providers.
Data protection obligations are central to BPO agreements. The Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) requires the client as data controller to ensure its data processors apply appropriate security measures and restricts transfers of personal data outside the UAE without adequate safeguards. The UAE Data Office is the enforcement authority. The DIFC Data Protection Law (DIFC Law No. 5 of 2020) and the ADGM Data Protection Regulations 2021 apply within their respective free zones.
VAT at 5% under the VAT Law (Federal Decree-Law No. 8 of 2017) applies to BPO services supplied within the UAE, administered by the Federal Tax Authority (FTA). Corporate Tax at 9% above the threshold applies under the Corporate Tax Law (Federal Decree-Law No. 47 of 2022). Electronic execution is valid under the Electronic Transactions and Trust Services Law (Federal Decree-Law No. 46 of 2021). Arbitration is governed by the Federal Arbitration Law (Federal Law No. 6 of 2018).
Common Mistakes to Avoid in Your Business Process Outsourcing Agreement (UAE)
A UAE Business Process Outsourcing Agreement protects both client and provider only when it is drafted with care. The following errors are particularly common and damaging in long-term BPO relationships.
1. Undefined process scope. Listing 'finance and accounting' without specifying the sub-processes, volumes, and geographic scope creates disputes about what the provider must deliver. Define each process at the transaction level — accounts payable invoice processing, monthly payroll run, quarterly VAT return preparation — and attach workload assumptions.
2. Weak service-level metrics. Stating that the provider will perform services 'in a timely manner' without measurable metrics and a reporting framework gives the client no practical remedy when performance deteriorates. Attach specific numeric targets to each outsourced process and provide for monthly performance reviews.
3. No data protection obligations. Failing to incorporate obligations consistent with the Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) exposes the client to regulatory risk before the UAE Data Office if the provider mishandles employee or customer data. The BPO Agreement must specify permitted processing, security standards, breach notification timelines, and the prohibition on processing data outside the UAE without prior written consent.
4. Silent on sub-contracting. Allowing the provider to sub-contract freely without consent enables the provider to delegate critical processes to unknown third parties. Require written consent and impose equivalent obligations on any permitted sub-contractor.
5. No exit provisions. Failing to include transition assistance and data-return obligations allows a departing provider to hold the client's data and processes hostage. A 90-day exit-assistance obligation, at no additional charge, is standard market practice.
6. Ignoring VAT. BPO service fees are VAT-taxable at 5% under the VAT Law (Federal Decree-Law No. 8 of 2017). Quoting fees inclusive of VAT without a breakdown prevents the client from recovering input tax. State fees exclusive of VAT.
7. No liability cap for data breaches. A standard liability cap capped at 12 months' fees may be inappropriate for data breaches, which can generate regulatory fines and claims from data subjects under the Personal Data Protection Law. Consider a separate and higher cap, or specific indemnity, for data protection failures.
Cite this page
Reference this free template in an article, syllabus, or research note:
Forms Legal. (2026). Business Process Outsourcing Agreement (UAE) (United Arab Emirates) [Legal document template]. Forms Legal. https://forms-legal.com/uae/business/contracts/business-process-outsourcing-agreement-uae
"Business Process Outsourcing Agreement (UAE) (United Arab Emirates)." Forms Legal, 2026, https://forms-legal.com/uae/business/contracts/business-process-outsourcing-agreement-uae.
@misc{formslegal-business-process-outsourcing-agreement-uae,
author = {{Forms Legal}},
title = {Business Process Outsourcing Agreement (UAE) (United Arab Emirates)},
year = {2026},
howpublished = {\url{https://forms-legal.com/uae/business/contracts/business-process-outsourcing-agreement-uae}},
note = {Free legal document template. Based on UAE Civil Code (Federal Law No. 5 of 1985)}
}Frequently Asked Questions
A Business Process Outsourcing Agreement in the United Arab Emirates is a commercial contract under the UAE Civil Code (Federal Law No. 5 of 1985) and the Commercial Transactions Law (Federal Decree-Law No. 50 of 2022) through which a client delegates the ongoing management of specific business functions to an external service provider in exchange for a recurring fee. Article 125 of the Civil Code confirms that the contract is formed when offer and acceptance meet on the essential terms, and Article 246 requires both parties to perform in good faith.
BPO agreements in the UAE cover a wide range of back-office and middle-office processes. Finance and accounting outsourcing covers accounts payable and receivable processing, general ledger maintenance, payroll administration, and management reporting. Human resources outsourcing covers onboarding documentation, leave management, employee records maintenance, and benefits administration. Information technology outsourcing covers helpdesk support, infrastructure management, cybersecurity monitoring, and application support. Customer service outsourcing covers contact-centre operations, complaint handling, and CRM management. Compliance and regulatory outsourcing covers VAT filing support under the VAT Law (Federal Decree-Law No. 8 of 2017), economic substance notification under the Economic Substance Regulations, and Ultimate Beneficial Owner filing with the Ministry of Economy.
The agreement must define each outsourced process precisely, because the Dubai Courts and the Abu Dhabi Judicial Department interpret contracts on their express terms under Article 257 of the Civil Code. A vague BPO scope — for example 'finance support' without specifying processes, volumes, and standards — invites disputes about what the service provider is required to deliver.
A service-level agreement in a UAE business process outsourcing contract is a schedule or set of provisions within the BPO Agreement that defines the performance standards the service provider must meet, the metrics by which performance is measured, the reporting obligations, and the remedies when the service provider falls below the agreed standard. The SLA forms part of the binding contract under the UAE Civil Code (Federal Law No. 5 of 1985) and is enforceable before the Dubai Courts or the Abu Dhabi Judicial Department.
Common SLA metrics for UAE BPO engagements include system uptime percentages for technology processes, turnaround times for transaction processing, error rates, first-response and resolution times for helpdesk services, and timeliness of month-end financial close. The SLA should set a baseline for each metric, define how it is measured, and state the reporting frequency — typically monthly — so that both parties have objective data on performance.
Remedies for SLA failure commonly take the form of service credits applied against the next monthly invoice, typically in the range of 5-15% of the monthly fee per material breach. The Federal Tax Authority (FTA) treats credit notes as adjustments to taxable supply, so service credits should be accompanied by a credit note under the VAT Law (Federal Decree-Law No. 8 of 2017) where VAT was charged on the original invoice. For persistent or repeated SLA failures, the agreement should give the client a right to terminate after written notice, drawing on the rescission right in Article 272 of the Civil Code.
A business process outsourcing provider in the United Arab Emirates is subject to the Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) when it processes personal data on behalf of the client. The law classifies the service provider as a data processor acting on the instructions of the client, who is the data controller. The BPO Agreement should set out the permitted purposes for which the provider may process personal data, the categories of data to be processed, the security standards to be applied, and the rules on sub-processing and international data transfers.
The Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) requires the controller — the client — to ensure that its processors implement appropriate technical and organisational security measures. The BPO Agreement should therefore require the service provider to comply with those security standards and to notify the client promptly in the event of a data breach. The UAE Data Office is the regulatory authority and may require notification of certain types of breach.
For BPO providers operating in or for the Dubai International Financial Centre, the DIFC Data Protection Law (DIFC Law No. 5 of 2020) applies and is enforced by the DIFC Commissioner of Data Protection. For the Abu Dhabi Global Market, the ADGM Data Protection Regulations 2021 apply and are enforced by the ADGM Registration Authority. The BPO Agreement should identify the applicable data protection law based on the parties' locations and the geography of the processing, and should include provisions allowing the client to conduct data protection audits.
A business process outsourcing agreement in the United Arab Emirates should include detailed exit provisions because the transition from one service provider to another, or the repatriation of processes to the client, is operationally complex and can be disrupted if the outgoing provider is not contractually obliged to co-operate. The UAE Civil Code (Federal Law No. 5 of 1985) gives parties freedom to agree exit terms, and a well-drafted BPO agreement protects the client's business continuity on exit.
The exit provisions should require the service provider to provide a transition assistance period — typically 60 to 90 days after notice of termination — during which it continues to perform the outsourced processes, co-operates with knowledge transfer, and assists in migrating data and systems to the client or a replacement provider. The provider should be required to maintain its staff and systems in good order during the transition period and should not be permitted to reduce service levels or obstruct the exit.
Data return and destruction is critical. The agreement should require the provider to return all client data in a usable format and, after the client has confirmed receipt, to certify destruction of all copies held by the provider and any permitted sub-processors. This obligation aligns with the Personal Data Protection Law (Federal Decree-Law No. 45 of 2021), which restricts the retention of personal data beyond the purpose for which it was collected. The exit fee — if any — for transition assistance should be agreed upfront, because a provider's exit-assistance obligation without a fee is a reasonable expectation in the market.
A UAE business process outsourcing provider can sub-contract outsourced processes only if the BPO Agreement expressly permits it, because the client has chosen the provider based on its specific capabilities and operational model. Under the UAE Civil Code (Federal Law No. 5 of 1985), Article 894 allows a contractor to sub-contract unless the contract prohibits it or the nature of the work requires personal performance, but in BPO engagements the client's consent to sub-contracting is a commercial standard that should be explicitly addressed.
The BPO Agreement should state whether sub-contracting is prohibited entirely, permitted with the client's prior written approval, or permitted to named approved sub-contractors listed in a schedule. Where sub-contracting is permitted, the agreement should require the provider to impose on the sub-contractor obligations no less protective than those in the main BPO Agreement, particularly in relation to data protection under the Personal Data Protection Law (Federal Decree-Law No. 45 of 2021), confidentiality, and service-level performance. The provider should remain fully liable to the client for the acts and omissions of its sub-contractors.
Sub-contracting to entities outside the UAE raises additional concerns, particularly in relation to the data protection rules on cross-border transfers and the regulatory requirements of the Central Bank of the UAE for financial services BPO. For regulated industries, such as banking, insurance, and capital markets, the client should verify that the Central Bank's outsourcing guidelines or the relevant sectoral regulator's framework permit the proposed sub-contracting arrangement.
A business process outsourcing arrangement in the United Arab Emirates generally attracts Value Added Tax at 5% under the VAT Law (Federal Decree-Law No. 8 of 2017), because services supplied within the UAE to a UAE-established client are a standard-rated taxable supply. The Federal Tax Authority (FTA) administers VAT, and the service provider must be registered if its taxable turnover exceeds the mandatory threshold, must charge VAT on its fees, and must issue a valid tax invoice for each payment showing its Tax Registration Number, the invoice date, a description of the services, and the VAT amount separately.
The BPO Agreement should state whether the quoted service fee is exclusive of VAT, which is the cleaner commercial practice, so that the position is clear if the rate changes. The client, if VAT-registered for taxable activities, is generally entitled to recover the input VAT charged by the provider, subject to the standard input-tax recovery rules. The service credits issued for SLA failures should be accompanied by credit notes adjusted for VAT under the FTA's credit note requirements.
Where the outsourced processes are performed by a provider in a designated free zone that qualifies as a Designated Zone under the VAT Law, specific VAT rules on the supply of services may apply. The BPO Agreement should confirm the VAT registration status of both parties, the basis on which VAT is charged, and the mechanism for issuing compliant tax invoices and credit notes, to allow the client to recover input tax efficiently.
This template is provided for informational purposes only and does not constitute legal advice. Laws vary by jurisdiction and change over time. Consult a qualified attorney for advice specific to your situation.Full disclaimer
Found an error? Let us knowRelated Documents
You may also find these documents useful:
Master Services Agreement (UAE)
A master services agreement (MSA) for UAE technology, consulting, and professional services engagements under the UAE Civil Code (Federal Law No. 5 of 1985) and the Commercial Transactions Law (Federal Decree-Law No. 50 of 2022), covering Statement of Work framework, payment, IP ownership, confidentiality, PDPL compliance, liability cap, and dispute resolution.
Service Agreement (UAE)
A commercial service agreement setting out the scope, fees, and obligations between a service provider and client under the UAE Civil Code (Federal Law No. 5 of 1985) and the Commercial Transactions Law (Federal Decree-Law No. 50 of 2022). Includes VAT and data protection clauses for the United Arab Emirates.
Data Processing Agreement (UAE)
A data processing agreement for the UAE governing how a data processor handles personal data on behalf of a data controller, fully compliant with the Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) administered by the UAE Data Office.
Non-Disclosure Agreement (UAE)
A mutual confidentiality agreement binding both parties to protect proprietary information under the UAE Civil Code (Federal Law No. 5 of 1985) and the Personal Data Protection Law (Federal Decree-Law No. 45 of 2021). Suitable for joint ventures, M&A due diligence, and technology licensing in the United Arab Emirates.
IT Support Agreement (UAE)
An IT support agreement for the UAE governing helpdesk services, hardware and software support, incident response times, and data protection obligations under Federal Decree-Law No. 45 of 2021, compliant with the UAE Civil Code.