GIBIT: What Do I Need to Know and Arrange?

The moment the term “GIBIT” is introduced in an IT procurement discussion, the dynamic changes almost immediately. Suppliers understand this is not a lightweight contract. Municipalities recognize it as a foundational framework. Yet somewhere between the legal provisions and the technical reality, an uncomfortable silence often arises. One key question tends to remain:

Have we truly secured continuity?

GIBIT, the General Municipal IT Procurement Terms and Conditions in the Netherlands, is designed to maintain control over IT projects and vendors. It is robust and carefully developed, shaped by years of experience with failed projects, dependencies, and unforeseen risks. It addresses liability, security, intellectual property, and termination of agreements. It provides structure and clarity.

But contracts alone do not keep systems running.

The Dependency Few Like to Discuss

Imagine a municipality that has relied for years on a case management system deeply embedded in its public services. Permits, objections, applications, everything runs through this platform. The contract complies with GIBIT. Service levels are agreed upon. An exit arrangement is included.

Then the unexpected happens. The supplier faces financial distress. Or is acquired by a party with a different strategy. Or decides to phase out the product.

At that moment, it becomes clear what has and has not been arranged.

Can the municipality continue independently?
Is the knowledge transferable?
Can the software be reproduced?

These are no longer purely legal questions. They are operational ones. And this is precisely where GIBIT touches on a critical theme: continuity.

The Promise of an Exit

Most agreements under GIBIT include an exit arrangement. Suppliers must cooperate in transferring data, providing documentation, and supporting migration. This sounds logical and reassuring.

However, an exit only works if the supplier is still capable of cooperating. What if that cooperation is no longer possible? What if there is no development team available? What if the source code has never left the organization?

Continuity requires more than good intentions.

Escrow as Silent Assurance

Escrow is rarely the first topic raised in negotiations. It can feel like an instrument of distrust, as though the end of the relationship is already being anticipated. In reality, it reflects professional risk management.

An escrow arrangement ensures that critical components of the software, such as source code, documentation, and technical configurations, are deposited with an independent third party. Not for immediate use, but to be available if needed.

It is comparable to fire insurance. One hopes never to rely on it, but is relieved it exists when circumstances demand it.

For municipalities, this is not a luxury. Public services do not pause because a software supplier encounters difficulties. Citizens expect systems to function. Permit applications do not wait for insolvency proceedings to conclude.

“But We Use SaaS”

A common response is that escrow is less relevant for SaaS solutions. After all, the software runs in the cloud. Updates are automated. The supplier manages everything.

In reality, this often increases dependency.

With traditional on premise software, something tangible remained within the organization’s own environment. With SaaS, everything is external. If the service stops, nothing remains accessible.

Escrow has therefore evolved. It is no longer limited to depositing source code files. Modern arrangements may include infrastructure documentation, deployment configurations, and technical descriptions required to rebuild an environment. Continuity in the cloud requires a contemporary approach to safeguarding.

The Real Question Behind GIBIT

When a municipality applies GIBIT, it is effectively stating that IT is taken seriously. Software is not viewed as a simple delivery, but as a long term dependency.

The relevant question is not only whether the organization complies with GIBIT. The real question is whether the risks identified by GIBIT are genuinely mitigated in practice.

Intellectual property must be clear, not only legally but also operationally. An exit arrangement must be workable, not merely a contractual clause. Continuity must be demonstrable, supported by concrete measures rather than trust alone.

Escrow aligns naturally with this perspective. It is not an add on to GIBIT. It is a logical extension of its underlying philosophy: maintaining control over essential IT.

Arranging It in Advance Is Professional Collaboration

Escrow should not be seen as a sign of distrust. It reflects mature cooperation. Both supplier and customer acknowledge that risks exist, without questioning each other’s integrity or quality.

In fact, many professional suppliers view escrow as confirmation of their reliability. They understand that public organizations must be able to demonstrate continuity.

GIBIT provides the framework. Escrow provides practical assurance of continuity. Ultimately, the goal is simple: ensuring that public services continue to operate, even when circumstances change.

IT contracts may last four, six, or eight years. Public service, however, continues indefinitely.

The question “GIBIT, what must I arrange?” is therefore another way of asking: how can we ensure that our organization does not come to a standstill when the unexpected occurs?

Those who take that question seriously inevitably arrive at continuity. And those who take continuity seriously will find it difficult to ignore escrow.

Want to learn more about digital escrow and GIBIT? Get in touch to ensure your continuity is secured.

To be sure.