A fight might be brewing over the Division’s longtime conclusion that IT monitoring services can constitute taxable protective services. Here, Petitioner offered managed and monitored security services, giving customers information to prevent, detect, respond to, and predict cyberattacks. The question in the case was whether these services constituted either taxable protective and detective services or taxable information services.

Petitioner generally provided two broad services: (1) management (i.e., making changes to the hardware or software to help the customer keep its hardware or software operating properly), and (2) monitoring (i.e., reviewing the events that a device or software is producing and advising customers when they should investigate an event further). The ALJ looked to both the language of the Tax Law as well as the definition of “watch, guard or patrol agency” provided in the General Business Law to conclude that Petitioner’s managing, monitoring, and scanning services constituted protective services subject to tax. The ALJ did not cite to any case law to support this conclusion. Indeed, the only case discussed in detail regarding the “protective/detective” analysis was the Tax Appeals Tribunal case AlliedBarton Security Services Inc. cited by Petitioner. In AlliedBarton, the Tribunal concluded that checking visitors’ identification and issuing them passes to enter a building did not rise to the level of taxable protective and detective services. The ALJ distinguished this case by concluding that Petitioner’s services were more akin to alarm services, which are clearly taxable under the law and referenced as taxable in AlliedBarton. Though the Division has long treated IT monitoring services as taxable protective services (see TSB-A-15(47)S; TSB-A-10(14)S), there is a lack of binding interpretive authority and case law on the issue. So, we won’t be surprised to see this case on the Tribunal’s docket.

Though the Judge found Petitioner’s services to be taxable protective services, the Judge also addressed whether the services constituted taxable information services. Here, the Judge applied a primary function analysis to conclude that most of the services did not qualify as information services. A few of Petitioner’s charges: those for its Threat Intelligence Service, Attacker Database add-on and Enterprise Brand Surveillance, were deemed to be information services because they entailed access to – in most cases – public information regarding the current threat landscape.