How new protocol helps make sense of ISO 19650

The introduction of ISO 19650 has not been without misunderstandings – but a protocol has now been devised to clarify contracts for projects applying the ISO 19650 standards for BIM and other information management processes


  • May Winfield

10 May 2023

Overhead of building site in progress

It is often assumed that building information modelling (BIM) and digital information management has little in the way of contractual impact and few legal issues, other than respecting copyright. So can't organisations just say they will comply with ISO 19650? From a legal perspective, the answer is a resounding 'No'.

To start with, what is BIM? There are numerous definitions but at their heart, all of them appear to seek to confirm the widely held understanding that BIM is a series of processes, technologies and policies enabling stakeholders to collaboratively design, construct and operate an asset. For example, leading software company Autodesk defines it as 'the holistic process of creating and managing information for a built asset'.

The ISO 19650 suite of standards have been progressively developed since 2018 to standardise global best practice for digital information management. As an international suite, they introduced new terminology for appointing and for the lead appointed and appointed parties, and new concepts such as the level of information need and information containers.

Some provisions may not apply to your project appointments, though, and much of the contents are open to interpretation given that standards inform what should be done but not necessarily how to go about it.

Certificate in Building Information Modelling (BIM)

31 May | 90 hours CPD | Online


Embrace the transformative force of BIM in revolutionising the way buildings are constructed and managed.

Master BIM skills and develop the managerial competencies that the sector requires with our expert-led 10-month course.


Explore course

Lack of standard definition prompts questions

For example, ISO 19650 imposes an overriding standard of care or standard for compliance to the ISO 19650 standards as carrying out 'BIM according to the ISO 19650 series'.

This is defined in section 4 of the ISO 19650-1: 2019 as '[w]here a mixture of manual and automated information management processes are used to generate a federated information model. The information model includes all information containers delivered by task teams in relation to an asset or a project'.

Where the ISO 19650 series refers to an information model or a federated information model, that model could comprise different forms of information – such as a geometrical model, drawings, schedules or textual information including reports and certificates.

A federated information model might contain all or any of these although the UK national annex to ISO 19650-2 is explicit that an information model formally exchanged with a client includes geometrical information, alphanumerical information and documentation.

This is only relevant where ISO 19650-2 is implemented in the UK – the national annex being restricted in application to the UK; some other countries have their own National Annexes – and contract terms and documents terms can clarify or amend this requirement.

All this effectively does is confirm that compliance with the overall standard for BIM under the ISO 19650 series requires information management processes that generate a federated model. Can anyone explain exhaustively what that definition means in terms of specific outputs, obligations and rights?

While a strict obligation, this is vague and open to uncertain legal interpretation and consequently, potential disputes as to whether a party complied with this obligation. Note that the Information Protocol referred to in this article includes a legal or contractual definition for this phrase, to avoid such disagreements and differing expectations.

The potential causes of dispute due to uncertainty do not end there. Many contracts appear to require parties to fully comply with ISO 19650-2. However, if I were to ask each reader what models should be provided for a typical project using BIM, information management or in compliance with ISO 19650, or what outputs are required to satisfy the ISO 19650 suite, each would likely have a different answer.

Given the developing understanding of the ISO 19650 series and lack of standardised language and processes between parties, there are a host of other issues that may only arise for the first time in the course of a dispute.

Suppose there is a data error in the models – who bears responsibility for the consequential delay and additional costs? What happens if the project team are all using different software, naming conventions and processes, resulting in practical problems and delays: who pays for that?

And when it comes to that key issue of copyright, does the project team retain ownership of the elements that are the foundation of its digital ways of working, such as standard templates, coding or software? Or are these inadvertently given up to the unsuspecting client?

Related article

How to ensure cyber security in construction

Read more

Misunderstandings raise risk of disputes

With these new processes and ways of working come differing expectations and a lack of standardised procedures or understanding. This in turn leads to potential disputes, wasted money and inefficiencies, as parties misunderstand what they need to produce and how to collaborate effectively.

Industry articles and discussions, and feedback from the legal community often appear to assert that there are no disputes ongoing in this area; however, this is sadly mistaken. Specialists will assure you that such disputes are occurring, albeit privately and confidentially, as parties avoid the uncertainties of court proceedings given that this is such a new area.

I chair an industry group called IM4Legal and at a recent event, two information management disputes specialists confirmed as much, noting that many of these included allegations relating to design but were also affected by additional costs and delays.

One important way of mitigating or avoiding the risk of dispute and misunderstanding is to have clear contractual provisions, avoiding expensive and long-running arguments as to which party bears which risk, and who pays for what.

Protocols drafted to clarify all contract types

Realising as such, I assembled a small team of legal professionals to draft compliant template protocols plus accompanying legal guidance. The protocols were drafted in a form for general use to be attached as a schedule or appendix to each contract, and are suitable for standard form contracts, bespoke contracts, single party and multi-party contracts.

The ISO 19650-compliant protocols we have developed, which are available free of charge from the UK BIM Framework site, comprise one protocol for the ISO 19650-2 design and construction stage and another for the ISO 19650-3 operational stage.

As mentioned above, the same protocol template can be used for all contracts on a project. They are written based on English law, but have been adapted for use in a number of other countries worldwide. Multi-party and framework contracts will require an additional clause to clarify the standing of the protocol between parties or in multiple works orders as the case may be, but that is easy to arrange and a template wording is available in the legal guidance on the UK BIM Framework.

Those using the NEC3 or NEC4 standard form contracts should refer to the practice note and webinar on how to incorporate the protocol, as well as necessary amendments to the contract; the process is slightly more complicated than simply attaching the protocol in its entirety.

There is no need to use different protocols between different parties in a project, as there is one template that can be used in all contracts.

There are no schedules or appendices to the protocols, minimising confusion and the risk of non-completion as any incomplete protocol could be not legally binding, defeating the purpose of inserting it into a contract. This problem of incomplete protocol appendices was seen by me and others in the industry to occur frequently with the CIC BIM Protocol written for the PAS 1192 suite, which was then potentially non-binding as a result.

There is just one table on the front page for parties to fill in, which lists the location, e.g. which folder in the shared storage platform, key documents such as the exchange information requirements, within the BIM execution plan. This format maximises flexibility because parties can update the table as the location or version of the documents changes during the course of the project.

Guidance given on determining requirements

There is then the contents of the protocols themselves. The structures of those for the design and construction and for the operational stages are the same, but the content differs to reflect ISO 19650 parts 2 and 3; primarily to reflect the additional requirements around 'trigger events' in part 3. This is discussed further below.

First off when reading the protocol, work out which clauses apply to you. This will be a combination of the specific clauses between the parties of that contract and those applying due to your role under the ISO 19650 standards. For the former, parties are identified in the protocol as:


A. appointer, i.e. the party who appoints or is paying the other party to the contract, or

B. appointee, i.e. the party doing the services or works and is receiving payment.

There may be extra obligations imposed by the ISO 19650 standards depending on your role in the project, and these are identified according to the ISO 19650 language in the terms:


C. appointing party

D. lead appointed party, such as main contractor or lead consultant

E. appointed party, such as subcontractors or subconsultants.

The use of this general terminology and complete set of obligations for all parties means the same protocol can be used for different contracts without amendments to parties' descriptions and terms.

The front-page table on the protocols is referred to as the information particulars, listing the parties, project details and location of all the key BIM documentation. These details can all be completed and updated during the project.

This table is followed by the actual clauses, including definitions of key terms at clause 13; these definitions were prepared with reference to the authors of the ISO 19650 standards to ensure they reflected the intentions of the suite.

Clause 13 also defines the standard for carrying out BIM according to ISO 19650 to lock down the meaning, avoiding the risk of arguments about whether the standard has been satisfied.

'There may be extra obligations imposed by the ISO 19650 standards depending on your role in the project'

Breaking down the clauses

The basic content of the protocols is as follows:


  • clause 1: interpretation
  • clause 2: coordination of project information and method of resolving conflicts or inconsistent information
  • clause 3: specific obligations of the appointing party, and trigger event provisions where applicable
  • clause 4: obligations of the various parties
  • clause 5: the common data environment (CDE)
  • clause 6: management of information
  • clause 7: level of information need
  • clause 8: use of information, including compliance with the General Data Protection Regulation (GDPR) and copyright law; however, this provision states that it will be superseded by any clauses in the body of the actual appointment
  • clause 9: transfer of information
  • clause 10: liability
  • clause 11: security of the data; this complies with ISO 19650-5
  • clause 12: termination
  • clause 13: definitions.

Clause 1 contains some necessary – indeed, unavoidable – legal interpretation sections. It also clarifies that where there is a conflict in or between the content of the appointment or contract terms and the protocol, the former should be followed.

This ensures that the terms individually negotiated by parties always take precedence, and overcomes a criticism of the previous CIC BIM Protocol, which specified its precedence over the specific contract terms.

The protocols then set out what specific obligations or tasks need to be carried out by particular parties to meet the requirements and intentions of the ISO 19650 standards; watch out for which obligations apply to you. For example, clause 4 notes that the lead appointed party – that is, the lead consultant or main contractor – should establish a risk register.

Other obligations are clearly stated to apply to all parties, such as using the CDE solution and workflow as required by the ISO 19650 standards – clause 5 gives more detail on the rights and responsibilities for this – and keeping the information particulars updated.

It is worth noting that not every item in the information particulars table may apply to your contract. For instance, the parties will need to complete either a master or task information delivery plan (MIDP or TIDP) depending on their role in the project, but not necessarily both.

Clause 3 of the ISO 19650-3-compliant protocol has additional clauses to reflect the trigger event requirements and provisions of the standards. It gives a step-by-step process to follow where such an event is identified or occurs, and a helpful flowchart can be found in the protocol guidance on the UK BIM Framework website.

There is no specific requirement for appointing an information manager or built asset security manager, but clause 6 details the parties' obligations for carrying out information management tasks. It points out that if any third parties are appointed to carry out such functions, you should not forget to ensure their scope sufficiently describes their role and responsibilities, the aim being to avoid gaps that may result in disputes, mistakes and loss.

Level of information need, meanwhile, is a key concept for the operation of the ISO 19650 suite, but it does not have a standardised definition. Clause 7 therefore clarifies this, and provides a fallback definition if it has not been agreed at the time of contracting then it must be agreed later.

Clauses 8–11 go on to set out parties' rights and responsibilities regarding the use and transfer of the information issued and produced, including incorporating copyright, GDPR obligations and the compulsory security requirements of ISO 19650-5, so parties have everything on this topic in one place.

All these clauses take into account the drafting team's years of experience in this area and discussions with experts, while maintaining the flexibility to recognise the variety of projects and developing concepts in this area.

Protocols benefit from flexibility and further resources

It is important to bear in mind that the protocols are templates: they are intended to be a useful starting point but can be adapted and amended to suit your particular way of working.

As mentioned earlier, the UK BIM Framework offers a host of further guidance, templates and other resources, while the IM4Legal group (part of NIMA – the former UK BIM Alliance) runs legal and contractual events to keep professionals up to speed and gain knowledge about legal and contractual issues and developments. To be informed of future events, sign up to the mailing list at or follow bim4legal on Twitter.

May Winfield is global director of commercial, legal and digital risks at Buro Happold

Contact May: Email | LinkedIn | Twitter

Related competencies include: Data management, Legal, Technology

Related Articles


go to article How to get through your post-APC lull


go to article What key issues are SMEs facing this year?


go to article Why you should not conflate assignment and novation