Cpp Assistance Services Private ... vs Teleperformance Business Services ...
2026 Latest Caselaw 1163 Bom

Bombay High Court

Cpp Assistance Services Private ... vs Teleperformance Business Services ... on 3 February, 2026

 2026:BHC-OS:3228
                      Neeta Sawant                                                         CARBP(L)-475-2026.docx



                                     IN THE HIGH COURT OF JUDICATURE AT BOMBAY

                                        ORDINARY ORIGINAL CIVIL JURISDICTION

                            COMMERCIAL ARBITRATION PETITION (L) NO.475 OF 2026


                      CPP Assistance Services Private Limited                        .....PETITIONER

                                : VERSUS :

                      Teleperformance Business Services

                      India Private Limited                                          ....RESPONDENT



                      Mr. Naushad Engineer, Senior Advocate with Ms. Binsy Susan, Ms.
                      Shreya Gupta, Mr. Akshay Sharma, Ms. Palak Kaushal, Ms. Pavitra Singh,
                      Mr. Vishal Hablani, Ms. Prachi Gupta, Ms. Ayushi Jain, Mr. Sangram
                      Parab and Ms. Mehak Shah i/b M/s. Shardul Amarchand Mangaldas & Co.
                      for the Petitioner.

                      Mr. V. R. Dhond, Senior Advocate with Ms. Amita Katragadda, Ms.
                      Pallavi Singh Rao, Mr. Vineet Bhansali, Ms. Sukanya Singh, Mainak
                      Mukherjee and Ms. Deveesha Tudekar i/b M/s. Cyril Amarchand
                      Mangaldas for the Respondent.




                                                             CORAM :         SANDEEP V. MARNE, J.
         Digitally
         signed by
         NEETA
NEETA    SHAILESH
SHAILESH SAWANT
                                                             JUDG. RESD. ON : 20 JANUARY 2026
SAWANT Date:
         2026.02.03
         20:11:49
         +0530                                               JUDG. PRON. ON: 3 FEBRUARY 2026




                      _____________________________________________________________________________________________
                                                              PAGE NO. 1 of 30
                                                              3 FEBRUARY 2026




                            ::: Uploaded on - 03/02/2026                          ::: Downloaded on - 03/02/2026 20:51:56 :::
 Neeta Sawant                                                         CARBP(L)-475-2026.docx



JUDGMENT:

1) By this Petition filed under Section 9 of the Arbitration and Conciliation Act, 1996 (Arbitration Act), the Petitioner seeks interim measures prior to commencement of arbitral proceedings. The Petitioner has sought permission to conduct audit and inspection at Respondent's premises, systems and infrastructure in relation to the data theft incident through a third party. In the alternative, the Petitioner has sought direction for appointment of local commissioner to visit Respondent's premises for the purpose of identifying inventory and for recording the databases, servers, systems, devices and repositories on which the relevant confidential data is stored or processed. The Petitioner has also sought direction against the Respondent to preserve and maintain complete status quo in respect of confidential data, records, logs, backups, servers, databases and electronic system relating to the Petitioner and to restrain the Respondent from deleting, altering, destroying, overwriting, transferring or tampering with such data. The Petitioner has also sought direction for handing over all confidential data belonging to the Petitioner. The Petitioner has also sought direction against the Respondent to share findings, committee report or root cause analysis of its internal review or investigation of data theft incident.

2) The Petitioner is a company incorporated under the Companies Act, 1956 and engaged in the business of providing assistance solutions to insurance and financial services business partners and their customers. The Petitioner's key offerings include 'card

_____________________________________________________________________________________________ PAGE NO. 2 of 30 3 FEBRUARY 2026

Neeta Sawant CARBP(L)-475-2026.docx

protection', which protects customers in the event of card loss, theft, damage or fraud. The Respondent was formerly known as Sparsh BPO Services Limited and is renamed Teleperformance Business Services India Pvt. Ltd., which is engaged in the business of providing Information Technology enabled services. On 15 April 2008, the Petitioner and the Respondent entered into Service Agreement (Services Agreement) for provision of customer servicing and retention calling services by Respondent to the Petitioner. The services included inter alia handling customer requests relating to policy upgrading or downgrading, cancellations and refunds, renewals, card blocking, claims support and allied customer-facing functions. According to the Petitioner, for performance of the services, the Respondent was granted access to the personal and financial data of the Petitioner's customers. In the years 2020 and 2024, parties executed two addenda for introducing additional safeguards governing data security, incident reporting and confidentiality.

3) The Petitioner claims that in August 2025, it became aware of a large scale fraud perpetrated on credit card holders of its customer- SBI Cards and Payment Services Ltd. (SBI Cards) through various media reports published on 16 August 2025 and email by SBI Cards on 19 August 2025. According to the Petitioner, the fraud was perpetrated by some of the employees of the Respondent, who facilitated unauthorised access, misuse and exploitation of highly sensitive customer data. According to the Petitioner, it informed the Respondent on 17 August

_____________________________________________________________________________________________ PAGE NO. 3 of 30 3 FEBRUARY 2026

Neeta Sawant CARBP(L)-475-2026.docx

2025 about acquisition of knowledge about data theft incident through media reports and suspended operations of services under the Services Agreement. In its reply dated 17 August 2025, the Respondent sought to downplay the data theft incident and assured to the Petitioner that it would share the precise and comprehensive information regarding the data theft incident. On 18 August 2025, the Petitioner requested the Respondent to share the findings of fact of internal review undertaken by the Respondent. The Respondent failed to provide so. On 19 August 2025, the Petitioner received email from SBI Cards informing it that SBI Cards would conduct an investigative audit of Petitioner's process, including Petitioner's outsourcing activities.

4) The Petitioner issued show cause notice dated 19 August 2025 to the Respondent and sought full details of data theft incident, reasons for its occurrence, copy of internal investigation report, steps taken to curtail the losses, latest internal committee reports and background verification reports of the implicated employees. The Respondents responded stating that the ongoing internal review did not reveal any material findings, which would trigger reporting obligations. Another reply dated 20 August 2025 was issued by the Respondent.

5) The Petitioner disclosed intent to conduct forensic audit at the premises of the Respondent on 20 August 2025 in terms of various contractual clauses. The Respondent sought various details in relation to the proposed audit and the Petitioner provided the same by email dated

_____________________________________________________________________________________________ PAGE NO. 4 of 30 3 FEBRUARY 2026

Neeta Sawant CARBP(L)-475-2026.docx

20 August 2025. However, the Respondent did not allow conduct of such forensic audit by email dated 20 August 2025 on the ground that the services agreement stood suspended on 17 August 2025. The Petitioner once again requested the Respondent on 21 August 2025 for confirmation as to whether any notice was issued to the Respondent in relation to the data theft incident. However, the Respondent gave vague responses. On 31 August 2025, the Respondent terminated the Services Agreement under the pretext of non-payment of invoices for July and August-2025. The Petitioner gave response dated 27 October 2025 contesting the claim of termination. Thereafter, correspondence took place between the parties. On account of refusal by the Respondent to allow forensic audit by the Petitioner, the Petitioner issued legal notice to the Respondent on 6 December 2025 and shared with the Respondent the notice issued to the Petitioner by SBI Cards on 28 November 2025. Thereafter parties gave responses to each other's notices.

6) In the above factual background, the Petitioner has filed the present petition under Section 9 of the Arbitration Act for seeking following reliefs:-

a. Direct the Respondent to allow the Petitioner to conduct an audit and inspection at the Respondent's premises, systems and infrastructure in relation to the Data Theft Incident through a third party or otherwise;

b. In the alternative, and without prejudice to prayer (a) above, appoint a Local Commissioner to visit the Respondent's premises for the purpose of identifying, inventorying and recording the databases, servers, systems, devices and repositories on which the relevant confidential data is stored or processed, and to submit a report to this

_____________________________________________________________________________________________ PAGE NO. 5 of 30 3 FEBRUARY 2026

Neeta Sawant CARBP(L)-475-2026.docx

Hon'ble Court, so as to enable the Petitioner to effectively carry out the audit of such data;

c. Direct the Respondent to preserve and maintain complete status quo in respect of all confidential data, records, logs, backups, servers, databases and electronic systems relating to the Petitioner, and restrain the Respondent, its employees, agents or representatives from deleting, altering, destroying, overwriting, transferring or tampering with such data in any manner whatsoever;

d. Direct the Respondent to securely hand over to the Petitioner all confidential data belonging to the Petitioner, including copies thereof, in its possession or control;

e. Direct the Respondent to share the findings, committee report or root cause analysis of its internal review or investigation of the Data Theft Incident, including details regarding the mode by which the said internal review or investigation was conducted by the Respondent;

f. For ad-interim reliefs in terms of prayers (a) to (e) above;

g. For costs of the petition; and

h. For such further and other orders as this Hon'ble Court may deem just and proper in the facts and circumstances of the present case.

7) The Petition is opposed by the Respondent by filing affidavit-in-reply. Since the pleadings in the Petition are complete, the same is taken up for final disposal.

8) Mr. Engineer, the learned Senior Advocate appearing for the Petitioner submits that the Respondent is contractually obliged to allow the Petitioner to conduct an audit and on account of Respondent failing to do so, interim measures under Section 9(ii)(c) of the Arbitration Act are warranted in the facts of the present case. He takes me through clause 11 of the Service Agreement, clause 1.8 of Schedule to 2020

_____________________________________________________________________________________________ PAGE NO. 6 of 30 3 FEBRUARY 2026

Neeta Sawant CARBP(L)-475-2026.docx

Addendum and Clauses 3.2, 3.4 and 4 of Schedule II of 2024 Addendum for demonstrating the contractual obligations on the part of the Respondent to permit the Petitioner to conduct an audit of premises, documents, records, etc. Inviting my attention to Respondent's letter dated 4 November 2025, Mr. Engineer contends that the Respondent had admitted Petitioner's right to conduct the audit and that it was willing to cooperate in that area. That the Respondent merely sought advance notice and the audit plan. That the Petitioner provided both, reasonable notice as well as audit plan, despite which the Respondent has refused to permit the Petitioner to conduct the audit.

9) Mr. Engineer submits that the Respondent has been consistently changing its stand and demonstrates so by taking me through various correspondence exchanged between the parties. That therefore, interim measures for conduct of audit in the premises, documents, records, etc. of the Respondent is clearly warranted for the purpose of enabling the Petitioner to know the extent of fraudulent activities committed by the Respondent and its employees. Mr. Engineer further submits that the Respondent must be directed to maintain status quo and to handover confidential information in accordance with Clauses 7a, 7e, 7h and 12c of Services Agreement and Clauses 5 and 10 of Schedule II of 2024 Addendum. That the Respondent has admitted its liability to return the confidential information to the Petitioner vide letters dated 4 November 2025, 26 November 2025 and 26 December 2025. That the Respondent has also agreed to preserve status quo in

_____________________________________________________________________________________________ PAGE NO. 7 of 30 3 FEBRUARY 2026

Neeta Sawant CARBP(L)-475-2026.docx

relation to all evidence, material and records in its possession vide letter dated 4 November 2025. Mr. Engineer further submits that the Respondent has taken a fallacious stand in the affidavit-in-reply that the Petitioner already has the data pertaining to the incident on account of conduct of audit for the period from February to July 2025. That since the Petitioner became aware about data theft in August 2025, he could not have collected information relevant to the incident in the said audit. That correspondence between the parties clearly falsifies the contention of the Respondent.

10) Mr. Engineer further submits that the Respondent must provide findings of its internal review under Clause 3.2 of Schedule II of 2024 Addendum. That the Respondent had confirmed in its emails dated 17 August 2025, 19 August 2025 and 4 November 2025 that it was conducting internal assessment / review into the data leakage incident and had conveyed willingness to share its findings. However, despite repeated requests from the Petitioner, the Respondent has failed to share the relevant details. That the Respondent has wrongfully attempted to disassociate itself with the fraudulent activities of its employees contrary to contractual obligations arising out of breaches committed by its employees.

11) Lastly, Mr. Engineer would submit that relief sought for in the present Petition cannot await adjudication under Section 17 of the Arbitration Act as the Petitioner strongly apprehends that the

_____________________________________________________________________________________________ PAGE NO. 8 of 30 3 FEBRUARY 2026

Neeta Sawant CARBP(L)-475-2026.docx

Respondent would tamper with/destroy/delete the information. He submits that the SBI Cards issued notice dated 28 November 2025 alleging failure on the part of the Petitioner to carry out audit of the Respondent's facility and has sought urgent root cause analysis. That in a physical meeting held last week, the SBI Cards informed the Petitioner that it would take steps to withdraw its entire business in view of Petitioner's continued inaction. That without access to Respondent's premises and records, the Petitioner cannot comply with its obligations towards SBI Cards. That the SBI Cards forms 95% business of the Petitioner, who faces threat of termination and blacklisting. Additionally, police have also issued summonses to the Petitioner for production of various data. He would therefore submit that the Petitioner must be permitted to conduct audit of Respondent's premises, records, documents, data, etc. He would accordingly pray for making the Petition absolute in terms of prayers made therein. In support of his contention that mandatory injunction can be granted at interlocutory stage, Mr. Engineer relies on judgments of the Apex Court in Deoraj V/s. State of Maharashtra and Others 1, Hammad Ahmed V/s. Abdul Majeed and Others 2 and of Delhi High Court in Vishal Gupta V/s. L & T Finance Limited3.

12) The Petition is opposed by Mr. Dhond, the learned Senior Advocate appearing for the Respondent. He submits that none of the prayers sought for in the Petition deserve to be granted in the light of 1 (2004) 4 SCC 697 2 (2019) 14 SCC 1 3 2009 SCC OnLine Del 2806 _____________________________________________________________________________________________ PAGE NO. 9 of 30 3 FEBRUARY 2026

Neeta Sawant CARBP(L)-475-2026.docx

the fact that the entire data stands preserved on account of status quo notice dated 28 August 2025 issued by the Police. He submits that the Petitioner has previously undertaken audits under the contractual provisions and the new and broad 'scope of audit' sought for in the prayers travels far beyond the prior audits and is in the nature of a comprehensive forensic investigation. That the Respondent has consistently disputed the new and broad scope of audit demanded by the Petitioner as being beyond contractual rights. That there is vast difference between the scope of audit demanded by the Petitioner in letter dated 18 November 2025 and what is sought in the prayers of the present Petition. That the prayers are clearly outside the scope of contractual framework. That since the contract is executed 17 years ago, prior conduct of parties is a material consideration. That it is a well settled law that legal standard applicable to a mandatory direction is that of a strong case for trial where the Petitioner is able to ex ante show that it would in all likelihood succeed in the arbitration. That in the present case, the Petitioner has failed to demonstrate that it has a strong case.

13) Mr. Dhond would further submit that the Petitioner is deliberately misinterpreting Respondent's communications which do not contain any consent to the Petitioner's demand for a forensic audit. That the demand for new and broad scope of audit is sought for the first time by the Petitioner on 18 November 2025 i.e. after three months of its first letter demanding audit on 17 August 2025. That the Respondent has consistently disputed the scope of the audit demanded by the Petitioner.

_____________________________________________________________________________________________ PAGE NO. 10 of 30 3 FEBRUARY 2026

Neeta Sawant CARBP(L)-475-2026.docx

Mr. Dhond would further submit that no mandatory injunction can be granted at interlocutory stage and for the purpose of restoration of status quo ante as mandatory interlocutory injunction can be granted only to preserve or restore the status quo of the last uncontested status. He relies on judgment of the Apex Court in Dorab Cawasji Warden V/s. Coomi Sorab Warden and Ors. 4 That the Petitioner is seeking final relief in a Petition filed under Section 9 of the Arbitration Act.

14) Mr. Dhond would further submit that the Petitioner's own conduct demonstrated that there is no urgency and that the Petitioner has admitted that the alleged data theft incident has been in the knowledge of the Petitioner since August-2025. That the Petitioner has not invoked arbitration till date. That the Petitioner widened the scope of audit in November 2025 as compared to its initial demand in letter dated 19 August 2025. He submits that media reports relied upon by the Petitioner revealed a credit card fraud to the tune of Rs.2.60 crores. That the Petitioner is unwilling to perform its obligation to reimburse customers of SBI Cards by paying the said sum and the present Petition is filed to pre-empt any action by SBI cards against the Petitioner.

15) Mr. Dhond further submits that the root cause cannot be determined by conduct of audit. That the incident had occurred on account of criminal activities pertaining to multiple people outside of the Respondent, as only 2 out of the 18 accused had association with the Respondent. That the incident is being investigated by the police 4 (1990) 2 SCC 117 _____________________________________________________________________________________________ PAGE NO. 11 of 30 3 FEBRUARY 2026

Neeta Sawant CARBP(L)-475-2026.docx

authorities. That the Respondent is not the sole repository of this information and Reserve Bank of India (RBI) and State Bank of India (SBI) have better understanding of incident of the fraud. That the Petition is premised entirely on potential claim from SBI Cards and that the relief sought is speculative in nature.

16) Mr. Dhond further submits that a defaulting party is debarred from specific performance or injunction. That the Petitioner has failed to make payment as per contractual obligations, which led to the Respondent terminating the Agreement. That even the Petitioner has terminated the Agreement and has debarred itself from seeking performance of the Agreement. Mr. Dhond further submits that there is no contractual obligation to share any internal report. That the Respondent has repeatedly confirmed to the Petitioner that it is willing to transfer confidential data from May to August-2025 but cannot purge the information. That the Respondent cannot be directed to purge data which is subject to police investigation. Also retention of remaining data is necessary for Respondent's defence in legal proceedings. Mr. Dhond would accordingly pray for dismissal of the Petition.

17) Rival contentions of the parties now fall for my consideration.

18) Petitioner is a contractor for SBI Cards for performance of services relating to 'card protection' for protecting customers of SBI

_____________________________________________________________________________________________ PAGE NO. 12 of 30 3 FEBRUARY 2026

Neeta Sawant CARBP(L)-475-2026.docx

Cards in the event of cash loss, theft, damage or fraud. Petitioner apparently has taken over the liability to reimburse the customers of SBI Cards in respect of loss, theft or fraudulent transactions relating to the cards issued to the customers by SBI Cards. Part of the services have been outsourced by the Petitioner to the Respondent vide Services Agreement dated 15 April 2008. The contractual arrangement between the Petitioner and Respondent required the Respondent to adhere to data security standards. The contractual arrangement between the Petitioner and Respondent inter alia included provision of telecalling and customer data services. Two Addenda were also executed between the parties on 2 November 2020 and 12 February 2024.

19) Disputes and differences between the Petitioner and Respondent have arisen on account of data theft incident which has occurred in February 2025, where credit card holders of SBI are cheated on account of access to sensitive customers data made available by employees of Respondent to outsiders. According to IFSO, Cyber Crime Unit, Special Cell, Delhi Police, an organized criminal gang has used the sensitive customer data provided through employees of the Respondent for effecting unauthorized transactions of SBI credit cards. It appears that two employees of the Respondent, Mr. Vishesh Lahori and Mr. Durgesh Dhakad have been arrested by the Cyber Crime Cell, in addition to 16 other accused involved in the crime. Though FIR was registered on 15 February 2025, Petitioner claims to have acquired knowledge about the same when media reports were published on 16 August 2025 about

_____________________________________________________________________________________________ PAGE NO. 13 of 30 3 FEBRUARY 2026

Neeta Sawant CARBP(L)-475-2026.docx

data leaks from Respondent's call center at Gurugram leading to credit card fraud involving amount of Rs.2.60 crore.

20) After getting wind of the data breach, Petitioner suspended services of the Respondent by email dated 17 August 2025 and called upon the Respondent to provide full details of data breach including any report of internal review within two hours. On 18 August 2025, Respondent responded stating that it had not found any material evidence and that internal review was taking some time as Respondent had not received any details regarding the Data Theft Incident from the relevant authorities. Petitioner also received communication from SBI Cards, which also proposed conduct of investigative audits of Petitioner's process including its outsourcing activities. SBI Cards apparently came to know of outsourcing by the Petitioner to Respondent only through media reports. SBI Cards accused Petitioner of breaching contractual condition under the agreement dated 27 May 2019 which required prior confirmation by SBI Cards for outsourcing the services. Petitioner accordingly issued a show cause notice dated 19 August 2025 to the Respondent requesting for the following :

Without prejudice to our legal rights and remedies, we call upon you to immediately provide the following:

1. Full information about the alleged data theft as per Annexure B of the Addendum to the Agreement;

2. Reason behind the occurrence of the alleged security breach and the point of failure in your security measures;

3. Reason as to why this incident was not reported to us promptly as per the terms of the Agreement and the latest Addendum thereof;

4. Copy of the investigation report, which was carried out by you immediately after the alleged incident;

_____________________________________________________________________________________________ PAGE NO. 14 of 30 3 FEBRUARY 2026

Neeta Sawant CARBP(L)-475-2026.docx

5. Steps taken by you to curtail the loss caused by the alleged theft and with measures implemented by you to prevent further leak, damage or misuse of data;

6. Latest reports of your periodic internal audit relating to CPP data; and

7. Reports of the background check done by your company on the employees who have been accused of theft of CPP data.

21) According to the Petitioner, Respondent is contractually bound to permit it to conduct audit of its premises, documents, records etc. It would therefore be apposite to refer to the relevant contract conditions.

22) Petitioner and Respondent entered into Services Agreement on 15 April 2008. Clause-11 of the Service Agreement stipulated thus :

11. Records, Inspection and Right to Audit a. That Sparsh shall disclose to Client all information with regard to the services and the activities performed by Sparsh in relation to this Agreement and make available all records, data and information relating thereto, within a reasonable period on receipt of written request from the Client.

b. That Sparsh shall permit designated employees/representatives of Client to enter upon the premises of Sparsh, where the records relating to the services are kept by Sparsh for the inspection of all such documents and records including but not limited to the computer system and any other related information which may be required by Client, as per the mutually agreed schedule.

23) Petitioner and Respondent executed Addendum to the Service Agreement on 2 November 2020 and Clause 1.8 of the Schedule to the Addendum stipulated thus :

1.8. CPP Inspections. In order to facilitate CPP compliance with its internal policies, procedures and practices, as well as Applicable Processing Law, The Service Provider shall reasonably cooperate with CPP, its designees, in connection with inspections of The Service Provider and its affiliates or subcontractors storing Covered Data, on-site or by phone, and with self-

assessment security compliance reviews (including inspections and reviews for privacy, data Processing, data protection, data security, encryption or confidentiality-related compliance). On-site inspections will be performed _____________________________________________________________________________________________ PAGE NO. 15 of 30 3 FEBRUARY 2026

Neeta Sawant CARBP(L)-475-2026.docx

upon reasonable advance notice during The Service Provider's regular business hours.

24) Petitioner and Respondent executed further Addendum to the Service Agreement on 12 February 2024 and Clauses-3.2, 3.4 and 4 of Schedule-II to the said Addendum stipulated thus :

3.2 Service Provider agrees that the external and internal auditors or any representative of CPP shall have the right to inspect/audit the books, records, data, information, audit trails and logs of the Service Provider in relation to the Services provided under the Agreement, and to obtain copies of any audit or review reports and findings made on the Service Provider in conjunction with the Services performed for CPP. Service Provider shall render all necessary assistance and co-operation in this regard. Wherever possible, CPP shall provide reasonable notice before conducting audit. xxx 3.4 CPP's audit and due diligence rights shall survive the expiration or termination of the Agreement.

4) MONITORING, OVERSIGHT AND REVIEW CPP reserves the right to periodically oversee/monitor the operations and performance of Services under this Agreement.

Without prejudice to any other rights that CPP may have, CPP reserves the right to review the arrangement as and when required from time to time.

25) Thus, the Respondent is contractually bound to permit the designated employee/representative of the Petitioner to enter upon its premises where the records are kept for inspection of documents and records including computer system and other related information which may be required by the Petitioner. The contractual stipulations in the two Addenda executed in 2020 and 2024 further recognise Petitioner's right to inspect and audit the books, records, data, information, audit trails and logs of the Respondent in relation to the services provided by it under the Services Agreement. Petitioner agreed to give reasonable notice before conducting the audit. Clause 3.4 of the Schedule II to the Addendum of 2024 specifically provided that Petitioner's right to _____________________________________________________________________________________________ PAGE NO. 16 of 30 3 FEBRUARY 2026

Neeta Sawant CARBP(L)-475-2026.docx

conduct audit shall survive even after expiration of termination of agreement. It is thus prima facie established that Petitioner has contractual right to conduct audit of documents and records of the Respondent.

26) Now I proceed to examine how Petitioner's request for audit and inspection was dealt with by the Respondent.

27) As observed above, Petitioner demanded provision of various records by show cause notice dated 19 August 2025. Respondent initially sought to deny any irregularity worth reporting to the Petitioner and stated in paras-3, 4 and 5 of its letter dated 19 August 2025 as under :

3. We have also highlighted to CPP in our email dated August 18, 2025, that during our ongoing internal review we have not found any material findings pertaining to your allegations which could necessitate reporting requirements, if any, in the contractual provisions cited by you.

4. As you are aware, we have not received any formal information pertaining to this incident from authority concerned and the only information disseminating is hearsay information over media reports. Hence, in absence of such information the reporting obligations mentioned in the contractual provisions cited by you are not triggered.

5. We understand that CPP is seeking specific information lineated in Para 8 of your Show Cause Notice. Please note that we are in process of assessing each request contractually and will revert back with our detailed response on or before August 20, 2025.

28) Petitioner wrote to the Respondent on 19 August 2025 that a team of external auditors and Petitioner's team would conduct infosec audit at Respondent's premises at 11.00 am on 20 August 2025. It also named five external auditors from BP, two external auditors of Petitioner

_____________________________________________________________________________________________ PAGE NO. 17 of 30 3 FEBRUARY 2026

Neeta Sawant CARBP(L)-475-2026.docx

and five employees of the Petitioner. Petitioner also shared contact details of the audit team. Respondent responded on 19 August 2025 inquiring about specific information and areas that would be covered in the audit. Respondent also sought information relating to roles and responsibilities of each nominated individuals for streamlining the audit process. Respondent stated that after receiving clarity on roles of the audit team and the scope of the audit, Respondent would agree on the audit date. Petitioner provided the domains that would be covered in the audit by email dated 20 August 2025. Respondent gave response on 20 August 2025 contending that the audit rights remain inoperative during suspension of the contract. It expressed apprehension of exposure to confidential information of other clients and stated that the proposed audit did not comply with purpose and scope of limitation. It also complained of absence of reasonable advance notice. Respondent's email dated 20 August 2025 reads thus :

We refer to your email dated 17 August 2025 stating that "all operations are suspended until further notice," and your subsequent emails dated 19 and 20 August 2025 requesting an on-site audit at our premises tomorrow at 11:00 am. In furtherance to the same, we have following to provide:

1. Your communication that all operations are suspended places performance of the agreement in abeyance. The audit rights are exercisable during live operations and otherwise expressly stated to survive only upon expiration or termination of the contractual agreement. As there is no survival during "suspension," the audit rights remain inoperative during the ongoing suspension period;

2. Further, any audit/inspection must be limited to and conducted in connection with the services forming part of the contractual agreement. Broad review (as proposed in your email dated 20 August 2025) or domains unrelated to CPP data fall outside the said scope.

Given that several requested domains may expose confidential information of other clients, the proposed audit does not comply with purpose and scope limitation; and

_____________________________________________________________________________________________ PAGE NO. 18 of 30 3 FEBRUARY 2026

Neeta Sawant CARBP(L)-475-2026.docx

3. Additionally, on-site access requires reasonable advance notice. You would appreciate that a next-day on-site visit is not reasonable. Given the above, the proposed on-site audit cannot proceed under current circumstances. If and when operations resume, please provide the audit plan in advance so we can assess next steps. We remain available to discuss an appropriate protocol and timeline once these issues are addressed. In the meantime, we reaffirm that our company continues to maintain industry- standard and legally compliant data preservation systems and records.

29) In the meantime, Petitioner received notice from IFSO, Special Cell, Cyber Crime Unit calling it upon to provide internal/third party audit reports on Respondent's data, security monitoring and compliance check for the period 2020-2025. Petitioner was also directed to furnish comprehensive written explanation as to how credit card data was repeatedly stolen and leaked over several years despite outsourcing safeguards. Instead of permitting Petitioner to conduct audit, Respondent went ahead and terminated the contract by notice dated 31 August 2025 on the ground of failure to make due payments within a period of 15 days. In my prima facie view, the termination was resorted to possibly for avoiding the conduct of audit by the Petitioner. Be that as it may. Petitioner issued response dated 27 October 2025 rejecting termination of the contract. This time, Petitioner also terminated the Services Agreement on the grounds inter alia of failure to report Data Theft Incident, refusal to return confidential data. Petitioner called upon Respondent to allow it to conduct infosec audit either on standalone basis or jointly with SBI Cards. Respondent responded on 4 November 2025 and qua the requisition for conduct of audit and it stated in para- 8.1 of its response as under :

8.1 Re: Conduct of infosec audit on standalone basis or jointly with SBI Cards:

Teleperformance is well aware of CPP's right to conduct an audit and is willing _____________________________________________________________________________________________ PAGE NO. 19 of 30 3 FEBRUARY 2026

Neeta Sawant CARBP(L)-475-2026.docx

to cooperate in this regard. However, such audit cannot be conducted in the absence of a schedule/ audit plan which has been mutually agreed upon between Teleperformance and CPP.As such, in order to conduct the proposed audit, a detailed audit plan, containing the contours of the infosec audit must be shared with Teleperformance, post which Teleperformance will discuss and mutually agree on the logistics with CPP.

30) Thus, though the Respondent had made some attempts to wriggle out of obligations to permit Petitioner to conduct audit, this time it had shown willingness to cooperate in conduct of audit and demanded a detailed audit plan containing the contours of infosec audit. Petitioner gave the proposed audit plan to the Respondent and indicated names of its representatives for conduct of audit by letter dated 18 November 2025. Respondent however, refused to permit Petitioner to conduct audit even after the receipt of detailed audit plan by stating in its response dated 26 November 2025 that right to conduct audit was suspended on account of unilateral suspension of the services. It also protested against issuance of 24 hours' notice. This is how Respondent avoided to permit conduct of audit by the Petitioner though it had shown willingness and had demanded audit plan by letter dated 4 November 2025.

31) Thus, it is prima facie established that the Respondent is contractually bound to permit Petitioner to conduct audit of its premises, documents, records etc. and had specifically agreed for conduct of such audit from various correspondence. Thus, prima facie case is made out for grant of interim measures in favour of the Petitioner.

_____________________________________________________________________________________________ PAGE NO. 20 of 30 3 FEBRUARY 2026

Neeta Sawant CARBP(L)-475-2026.docx

32) Respondent is opposing prayers in the Petition by raising various objections. One of the objections is that the petition is not moved with necessary alacrity. I am unable to agree. Though the Data Theft Incident came to the knowledge of the Petitioner in August 2025, Respondent had shown willingness for conduct of audit on 18 November 2025. It has subsequently wriggled out of the contractual obligation in subsequent letter dated 26 November 2025. Thereafter, parties exchanged notices and correspondence through their advocates and this is how the present petition is filed in the first week of January 2026. In that view of the matter, it cannot be contended that the Petitioner has not moved the petition with necessary urgency.

33) Respondent has contended that it has already preserved the records on account of receipt of notice dated 28 August 2025 from Assistant Commissioner of Police, IFSO, Cyber Crime Unit, Special Cell, Delhi Police, and that since the police is already investigating the crime, Respondent cannot be permitted to tinker with the preserved data. This defence of the Respondent deserves outright rejection as Respondent had shown willingness for conduct of audit by the Petitioner by its letter dated 4 November 2025 well after receipt of letter dated 28 August 2025 from the Cyber Cell. Respondent's accusation that the audit and inspection is being conducted by the Petitioner to purge Respondent's data is outrageous, deserving summary rejection. The Petitioner has specifically prayed for the relief of preservation of data and considering the facts and circumstances of the case, it is highly irresponsible on the

_____________________________________________________________________________________________ PAGE NO. 21 of 30 3 FEBRUARY 2026

Neeta Sawant CARBP(L)-475-2026.docx

part of the Respondent to accuse Petitioner of attempting to purge Respondent's data. Petitioner is required to conduct audit, both for the purpose of making out its claims against the Respondent in the proposed arbitration, as well as for giving necessary information to SBI Cards and Cyber Crime Unit. Therefore, it is difficult to believe that Petitioner is attempting to destroy the data of the Respondent. Respondent's employees are accused of having committed the fraud and if any party is interested in destroying the data, it would be the Respondent and not the Petitioner. Raising of defence of attempt to purge the data on the part of the Petitioner by the Respondent is therefore highly objectionable deserving outright rejection.

34) Respondent contends that Petitioner has already conducted the necessary audits and that therefore there is no need of conducting any audit afresh. Reliance is placed on email exchanges during 2 August 2025 to 12 August 2025 under which the Respondent had provided the entire data relating to April 2025 for the purpose of purging by the Petitioner. In my view, however, the routine actions performed by the parties before discovery of fraud cannot be a ground for denial of contractual right of the Petitioner to conduct audit specifically in relation to the Data Theft Incident which has come to its knowledge.

35) It is contended by the Respondent that it had made genuine and bonafide attempts to provide inspection opportunity to the Petitioner and that Petitioner has enlarged the scope of audit putting

_____________________________________________________________________________________________ PAGE NO. 22 of 30 3 FEBRUARY 2026

Neeta Sawant CARBP(L)-475-2026.docx

confidential data of Respondent relating to other clients at risk of being exposed. This contention raised by the Respondent again is completely baseless. The correspondence discussed above would leave no manner of doubt that Respondent has tried every trick to avoid grant of inspection and audit to the Petitioner. It initially showed willingness for conduct of audit and has thereafter wriggled out by raising queries relating to audit, scope of audit, prior notice etc. It therefore cannot be held that Respondent's actions are bonafide and that Petitioner is responsible for non-conduct of audit. Nothing is brought before me to indicate that the audit plan given by the Petitioner defining the contours of audit travels beyond the scope of contractual clauses of Services Agreement and the two Addenda.

36) Respondent has raised an objection that mandatory injunction cannot be granted at an interlocutory stage and has relied upon the judgment of the Apex court in Dorab Cawasji (supra) in which it is held in paras-15, 16 and 17 as under :

15. In one of the earliest cases in Rasul Karim v. Pirubhai Amirbhai [ILR (1914) 38 Bom 381: 16 Bom LR 288: 24 IC 625] , Beaman, J. was of the view that the courts in India have no power to issue a temporary injunction in a mandatory form but Shah, J. who constituted a bench in that case did not agree with Beaman, J. in this view. However, in a later Division Bench judgment in Champsey Bhimji & Co. v. Jamna Flour Mills Co. Ltd. [(1914) 16 Bom LR 566:

28 IC 121] two learned Judges of the Bombay High Court took a different view from Beaman, J. and this view is now the prevailing view in the Bombay High Court. In M. Kandaswami Chetty v. P. Subramania Chetty [ILR (1918) 41 Mad 208: 1917 MWN 501: 41 IC 384] , a Division Bench of Madras High Court held that courts in India have the power by virtue of Order XXXIX Rule 2 of the Code of Civil Procedure to issue temporary injunctions in a mandatory form and differed from Beaman J.'s view accepting the view in Champsey Bhimji & Co. v. Jamna Flour Mills Co. [(1914) 16 Bom LR 566: 28 IC 121]

_____________________________________________________________________________________________ PAGE NO. 23 of 30 3 FEBRUARY 2026

Neeta Sawant CARBP(L)-475-2026.docx

In Israil v. Shamser Rahman [ILR (1914) 41 Cal 436: 18 CWN 176] , it was held that the High Court was competent to issue an interim injunction in a mandatory form. It was further held in this case that in granting an interim injunction what the court had to determine was whether there was a fair and substantial question to be decided as to what the rights of the parties were and whether the nature and difficulty of the questions was such that it was proper that the injunction should be granted until the time for deciding them should arrive. It was further held that the court should consider as to where the balance of convenience lies and whether it is desirable that the status quo should be maintained. While accepting that it is not possible to say that in no circumstances will the courts in India have any jurisdiction to issue an ad interim injunction of a mandatory character, in Nandan Pictures Ltd. v. Art Pictures Ltd. [AIR 1956 Cal 428] , a Division Bench was of the view that if the mandatory injunction is granted at all on an interlocutory application it is granted only to restore the status quo and not granted to establish a new state of things differing from the state which existed at the date when the suit was instituted.

16. The relief of interlocutory mandatory injunctions are thus granted generally to preserve or restore the status quo of the last non-contested status which preceded the pending controversy until the final hearing when full relief may be granted or to compel the undoing of those acts that have been illegally done or the restoration of that which was wrongfully taken from the party complaining. But since the granting of such an injunction to a party who fails or would fail to establish his right at the trial may cause great injustice or irreparable harm to the party against whom it was granted or alternatively not granting of it to a party who succeeds or would succeed may equally cause great injustice or irreparable harm, courts have evolved certain guidelines.

Generally stated these guidelines are:

(1) The plaintiff has a strong case for trial. That is, it shall be of a higher standard than a prima facie case that is normally required for a prohibitory injunction.

(2) It is necessary to prevent irreparable or serious injury which normally cannot be compensated in terms of money.

(3) The balance of convenience is in favour of the one seeking such relief.

17. Being essentially an equitable relief the grant or refusal of an interlocutory mandatory injunction shall ultimately rest in the sound judicial discretion of the court to be exercised in the light of the facts and circumstances in each case. Though the above guidelines are neither exhaustive nor complete or absolute rules, and there may be exceptional circumstances needing action, applying them as prerequisite for the grant or refusal of such injunctions would be a sound exercise of a judicial discretion.

_____________________________________________________________________________________________ PAGE NO. 24 of 30 3 FEBRUARY 2026

Neeta Sawant CARBP(L)-475-2026.docx

37) In the present case, the Petitioner is not only contractually entitled to conduct audit but wants to have the audit conducted for three purposes of (i) basing its claims against the Respondent, (ii) providing necessary information to SBI Cards, and (iii) providing necessary information of the investors to the Cyber Crime Cell. The typical nature of contract between the parties is such that the Respondent and its employees get access to confidential data of credit card holders of SBI Cards. Any data leak results in catastrophic consequences. Therefore, conduct of routine and special audits of outsourced agencies like the Respondent is of vital importance. Both the parties have terminated the Agreement. Whether Respondent has acted diligently or whether it is involved in the incident of data theft and whether it has acted negligently in permitting its employees to steal the data, would be borne out from the audit. Conduct of such audit is also necessary for the purpose of preservation of subject matter of arbitration. The final relief would be in the nature of damages, whereas what is sought at this stage is only opportunity to conduct audit and for preservation of data and information. Therefore, it cannot be contended that what is sought in the present petition is in the nature of a mandatory injunction. It is another case that there is no absolute prohibition on Court granting mandatory injunction at interlocutory stage. Reliance by Mr. Engineer on the judgment of Deoraj (supra) is apposite wherein the Apex Court held in para-12 as under :

12. Situations emerge where the granting of an interim relief would tantamount to granting the final relief itself. And then there may be converse cases where withholding of an interim relief would tantamount to dismissal of the main petition itself; for, by the time the main matter comes up for hearing _____________________________________________________________________________________________ PAGE NO. 25 of 30 3 FEBRUARY 2026

Neeta Sawant CARBP(L)-475-2026.docx

there would be nothing left to be allowed as relief to the petitioner though all the findings may be in his favour. In such cases the availability of a very strong prima facie case -- of a standard much higher than just prima facie case, the considerations of balance of convenience and irreparable injury forcefully tilting the balance of the case totally in favour of the applicant may persuade the court to grant an interim relief though it amounts to granting the final relief itself. Of course, such would be rare and exceptional cases. The court would grant such an interim relief only if satisfied that withholding of it would prick the conscience of the court and do violence to the sense of justice, resulting in injustice being perpetuated throughout the hearing, and at the end the court would not be able to vindicate the cause of justice. Obviously such would be rare cases accompanied by compelling circumstances, where the injury complained of is immediate and pressing and would cause extreme hardship. The conduct of the parties shall also have to be seen and the court may put the parties on such terms as may be prudent.

38) In Hammad Ahmed (supra), the Apex Court has summarized the principles of grant of interim mandatory injunction in para-59 of the judgment as under :

59. The argument that under Order 39 Rules 1 and 2 of the Code, the Court has the jurisdiction to maintain the status of the parties on the date of filing of the suit or on the date of passing of the order but cannot direct the parties to do something which was not in existence at the time of filing of the suit, is not a general rule of universal application. The nature of the orders claimed by the appellant are not passed ordinarily in a routine manner as the plaintiff is required to have a case which should be of higher standard than mere prima facie case. But in view of the agreement between the parties, as recorded by the Division Bench in an earlier round of litigation the primary question was agreed to be that who is to act as Chief Mutawalli. Both the learned Single Judge and the Division Bench have examined such question only. Even, before this Court, the parties have argued primarily on the question as to who shall be the Chief Mutawalli. Therefore, a prima facie opinion would lead to consequential order in respect of management of the affairs of Hamdard.

39) The Delhi High Court in Vishal Gupta (supra) has considered the judgment in Dorab Kawasji (supra) and has granted mandatory temporary injunction for issuance of relieving letter by

_____________________________________________________________________________________________ PAGE NO. 26 of 30 3 FEBRUARY 2026

Neeta Sawant CARBP(L)-475-2026.docx

holding that issuance of relieving letter would not amount to decreeing the suit.

40) In my view therefore, interim measures cannot be denied to the Petitioner by accepting Respondent's objection that no mandatory injunction can be granted at interlocutory stage.

41) Respondent's objection that the 'root cause' cannot be determined by audit is speculative and merely an attempt to somehow avoid conduct of audit. Petitioner is contractually entitled to conduct audit of premises, documents, records of the Respondent if it wants to know whether Respondent has acted diligently or whether it is responsible or involved in the incident of data theft. It is not for the Respondent to determine whether Petitioner would be successful in securing necessary information in the audit or not. Respondent's employees are arrested for data theft involving possible vicarious liability of the Respondent towards the Petitioner. This Court has also noticed deliberate attempts on the part of the Respondent to avoid conduct of audit which are aimed at obvious objective of hiding the records from the Petitioner.

42) It is also contended by the Respondent that Petitioner is not entitled to specific performance of terminated contract. However, in the present case, the contract is terminated initially by the Respondent vide Notice dated 31 August 2025. Petitioner responded to the said notice and in its response dated 27 October 2025, it has also terminated the _____________________________________________________________________________________________ PAGE NO. 27 of 30 3 FEBRUARY 2026

Neeta Sawant CARBP(L)-475-2026.docx

contract. The case also involves a special feature where Clause 3.4 of Schedule II of 2024 Addendum survives the right of audit even after termination of the contract. Respondent has breached the contractual obligations of providing opportunity to audit its premises, documents, records etc. and having done so, it cannot be permitted to contend that specific performance of contractual obligations of a terminated contract cannot be granted. It is another matter that what is sought at the moment, is mere interim measures and not a decree for specific performance. If and when Petitioner demands specific performance of contractual obligations under the Services Agreement and the two Addenda, the objection of permissibility to seek specific performance of terminated agreement can be adjudicated. For deciding Petitioner's prayer for interim measures, it is not necessary to delve deeper into this aspect.

43) Considering the overall conspectus of the case, I am of the view that prima facie case is made out by the Petitioner for grant of interim measures. The subject matter of arbitration is the claim of the Petitioner against the Respondent arising out of Services Agreement and the two Addenda. Therefore, the documents and records of which audit is sought by the Petitioner would form the subject matter of arbitration. It is necessary not only to preserve the subject matter but also grant opportunity to the Petitioner to conduct audit in accordance with the contractual arrangement between the parties. Respondent itself had shown willingness for conduct of audit on numerous occasions.

_____________________________________________________________________________________________ PAGE NO. 28 of 30 3 FEBRUARY 2026

Neeta Sawant CARBP(L)-475-2026.docx

Therefore, clear prima facie case is made out by the Petitioner for grant of interim measures. Petitioner would suffer irreparable loss if interim measures are not granted. Respondent is likely to tinker with or destroy the documents, data records etc. It is therefore necessary to make interim measures to ensure preservation of subject matter of arbitration till the arbitral proceedings are conducted. The balance of convenience is also tilted in favour of the Petitioner and against the Respondent.

44) The petition accordingly succeeds, and I proceed to pass the following order:

(i) Pending commencement and final disposal of arbitral proceedings between the parties, Respondent is directed to:

a) Allow the Petitioner to conduct audit and inspection of Respondent's premises, systems and infrastructure in relation to Data Theft Incident through a team of auditors comprising both of internal as well as external auditors.

b) Preserve and maintain complete status quo in respect of confidential information, records, logs, backups, servers, databases and electronic systems relating to the Petitioner and the Respondent and its employees, its agents, or representatives are restrained from deleting, altering, destroying, overwriting, transferring or tampering with such data.

_____________________________________________________________________________________________ PAGE NO. 29 of 30 3 FEBRUARY 2026

Neeta Sawant CARBP(L)-475-2026.docx

c) Share with the Petitioner, findings of any internal Committee constituted by it into the Data Theft Incident.

(ii) Petitioner shall file application under Section 11 of the Arbitration Act within 8 weeks for appointment of Arbitrator

45) With the above directions, the petition is allowed and disposed of.

[SANDEEP V. MARNE, J.]

46) After the judgment is pronounced, the learned counsel appearing for the Respondent seeks stay of the judgment for a period of 10 days. The request is opposed by the learned counsel appearing for the Petitioner. Considering the nature of findings recorded in the judgment, the request for stay is rejected.

[SANDEEP V. MARNE, J.]

_____________________________________________________________________________________________ PAGE NO. 30 of 30 3 FEBRUARY 2026