Written by: Griffiths and Armour on: 10 Dec 2019

Common Data Environments – Paradise Lost?

We have recently fielded a number of questions from clients relating to the increasing use of Common Data Environments (or CDEs) on construction projects.  Conceptually, the idea is not a new one, and the notion of a shared project space hosted on a project team member’s server, or by a specialist third party provider, has been around for some while.  As many will know, the usefulness and scope of what the CDE will be used for runs a wide spectrum from being nothing more than a repository for information, to something altogether more sophisticated, involving close integration of the CDE within a broader cloud-based BIM environment.

That practical problems exist with setting up such environments is not new either.  As was widely reported, the first ‘BIM case’ hit the TCC in July 2017 in Trant Engineering v Mott MacDonald.  In reality, the underlying issues between the parties had little to do with BIM and everything to do with getting paid.  The interest in the case arose from the fact that the consultant had blocked access to the CDE, leaving the client unable to access the design data which had been provided up to the point the parties became locked in their fee dispute.  The matter unsurprisingly led to numerous questions being asked in the industry about who owns the model, who should manage the CDE, on what basis access should be permitted or revoked, and in the end how can parties using a CDE avoid bringing further complexity to problems resolving fee disputes?

The answers to these questions are as relevant today as they were then and although there has been progress, it’s clear that the same issues are giving rise to other questions too.  Questions such as: against the backdrop of a burgeoning list of potential providers of commercial CDE environments, what happens if they go bust?  If this occurred during the currency of the contract, this would be challenging enough, but what steps can a consultant take to help protect itself, should the provider head over the cliff after the project has finished, potentially taking all the project data with them?  The consultant might have access (and rights) to information they have uploaded, but what about physical and legal access to everyone else’s?

As is often the case, the key questions need to be addressed at the beginning:

Who is best placed to host the CDE?

Historically, this would have been the main contractor/consultant, or perhaps the client.  As the recent influx of questions suggest, the role is increasingly being sub-contracted out to specialist IT firms who operate with little liability to the appointing party.  When considering the project information strategy, consideration should be given to how has the CDE host, be it consultant, contractor, client or IT firm, catered for matters when things go wrong?

If a specialist IT firm has been appointed, then how has the party which has appointed them dealt with the issue that the IT firm will almost certainly have very limited liability for any problems which might arise?

If you’re the appointing party, then you need to have a conversation with your broker about whether your package of insurance cover is enough for your purposes as ‘host’, or as someone legally responsible to others for its hosting.  Outside insurance, hosting parties need to consider what liabilities can and are flowed down to any service provider.  Equally importantly, are they a bona fide operator with a track record and substantial assets?  Consider them a critical part of your supply chain and risk assess them accordingly.

Has the protocol around the CDE been agreed?

Most contracts which mandate the use of a CDE, whether or not the broader tools of BIM are utilised, should provide for a protocol in which the foundation stones of the CDE laid.  If there is an intent to use BIM, the process around the use of the CDE will generally be catered for in the BIM protocol.  In other circumstances, the process by which the parties will use the CDE should still have a contractual basis so that everyone’s rights and obligations are clear.  This should all follow the employer’s project information strategy which sets out what information they want, in what format and to what use it will all be put.

Whilst there is often a presumption that the project team will be expected to upload data to a CDE, this is all too often simply something that is done first and thought about later.  With the meatier contractual issues taking more time than ever to resolve, getting at least preliminary agreement on this issue early in the design phase will help with the problem of disputes arising after starting work, but before a contract has been definitively agreed.  Of course, all contractual issues should be addressed before commencing work, but they often aren’t and if at least this (hopefully) non-contentious area can be dealt with, so much the better.  For those looking to protect against the insolvency of any CDE provider, the document can provide protections by virtue of the protocols and processes for which it provides.

What is the nature of the protocol being established between the project team as to how the CDE will be used?

This documentation will typically include obligations and rights between the project team members and the ultimate client, as regards any information uploaded to the CDE system.  This will generally cover the basics, such as providing for the workflows under which project team members are expected to upload and access the project information through the CDE system.  A well thought out protocol will provide opportunities for those unfortunate enough to find themselves with an insolvent CDE provider.

These protections are several: often it provide for ‘milestones’, the passing of which triggers a data drop of appropriate information to the project team, but a really well thought out protocol will also provide for the right that each team member can download a record copy of the whole set of project information at the end of the project/on termination of their appointment.  This would all partly address issues with the CDE provider going bust after project completion – you’d have a complete set of information that could be easily stored on your own systems for the relevant limitation period.

These principles are relatively commonplace and similar provisions can be found in the CIC BIM protocol and the ‘old’ PAS1192 standards.  The PAS documents asked the project team to deal with the issue of what happened to the project data on completion of the project, who was responsible for the continuing storage and integrity of the project data, and who could have access to it and on what terms.  The PAS1192 suite of documents is now been replaced with BS 19650, where similar principles apply.  There is guidance available around the operation of the BS and this should be the starting point for those looking to familiarise themselves with good practice in this area

IPR needs to be addressed

In addition to who owns what in relation to the data which has been uploaded, consideration needs to be given to the operation of the licenses.  Can parties terminate or suspend the licence on non-payment of fees, for example, and has the knock on effect of that in the fast paced world of a cloud enabled BIM project been considered?

The protocols and processes around the use of the CDE (with or without a BIM aspect) need also consider a myriad of other issues, and we would certainly recommend reviewing the guidance published around the introduction of the BS 19650 standard.  At the very least, we should be armed with the appropriate questions to ask those who are tasking us with implementing a CDE to ensure that the project has the best chance of getting it to work.

For more information, download the Cyber Risk Guide below:

If you found this article useful, you may be interested in the following insurance solutions:

  • Professional Indemnity Professional service protection for claims brought against you by a client.
  • Office Covering the cost of accidental damage, breakdown, lost or stolen office equipment.
  • Cyber Risk Protection in the event of a data breach or a malicious cyber attack.
  • Directors’ and Officers’ Protecting your personal liabilities and assets in the event of legal action.