The Competition & Markets Authority (‘CMA’) published its response to the Department for Digital, Culture, Media & Sport (‘DCMS’) policy paper on establishing a pro-innovation approach to regulating artificial intelligence (AI) on 29 September 2022. This is in parallel with the coming into force of the new National Security & Investment Act 2021, under which the UK government is scrutinising transactions that use AI to produce goods, services and technology with the potential to track individuals, objects and events.

In its response, the CMA commented on the need to (i) adopt a risk based approach to the regulation of AI, (ii) consider whether existing regulatory powers are appropriate, and (iii) encourage collaboration between regulators.

Continue Reading The CMA’s shares its thoughts on a ‘pro-innovation’ approach to regulating artificial intelligence

The European Commission published a proposal for a Cyber Resilience Act on 15 September 2022 (the ‘Regulation’), which aims to:

  • ensure that cyber security is considered during the development of hardware and software products and is continuously improved throughout that product’s life cycle; and
  • improve transparency so that users can take cybersecurity into account when selecting and using a product with digital elements.


Continue Reading EU Commission proposes Cyber Resilience Act to bolster the EU’s cyber security rules.

The UK Financial Services and Markets Bill (“FSMB”) and the accompanying explanatory notes were published on 20 July. The FSMB signals upcoming reforms to the regulatory landscape in the UK financial services sector, including issues and challenges brought about by the adoption of technologies and digital assets.

Continue Reading UK Financial Services and Markets Bill – what it means to technology providers and users in the financial services sector

The Summer 2022 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released:

English version

German version

Continue Reading Get your Update on IT & Data Protection Law in our Newsletter (Summer 2022 Edition)

Join us in our latest Tech Law Talks podcast series as we explore the regulatory topic du jour: eComms.  What are eComms and why are they resulting in fines in the hundreds of millions of dollars for some of the world’s largest banks?  The answer is simultaneously simple and complex: rapidly changing technology means keeping up with the variety of eComms, or electronic communications, used by businesses and applying decades-old regulations to new functionality is more challenging than ever before.

Continue Reading What are eComms and why are they resulting in fines in the hundreds of millions of dollars for some of the world’s largest banks?

The 2022 National Association of Attorneys General (NAAG) Presidential Summit, held last week in Des Moines, Iowa, signaled a clear partnership between state AGs, the Federal Trade Commission (FTC) and the Consumer Financial Protection Bureau (CFPB) to accomplish Iowa AG Tom Miller’s “fight back” presidential initiative: Consumer Protection 2.0: Tech Threats and Tools. Picking up from the 2021 kickoff of Miller’s NAAG initiative this past December, the NAAG Summit featured a variety of speakers from the federal, state, and private sectors, including, most notably, from the FTC and CFPB.

Continue Reading Guardians of the Consumer: State AGs team up with FTC and CFPB to protect consumers online – Consumer Protection 2.0: Tech, Threats, and Tools

The UK HM Treasury recently published its proposal for regulating critical third parties (“CTP”) to the finance sector, which was followed by the UK financial regulators’ joint Discussion Paper.

Why regulating CTPs is necessary
Regulating CTPs to the financial sector is by no means a new concept. The EU’s Digital Operational Resilience Act (“DORA”), which looks to regulate critical Information Communication Technologies (“ICT”) service providers to the financial sector, has been provisionally agreed.  

Continue Reading UK announces plan to regulate critical third parties to the financial sector

On 17 June 2022, in response to its consultation in 2021 on the same topic (which we wrote about here), the UK government published more detailed proposals to reform data protection laws in the UK. The response to the consultation can be found here. The intention of the reforms is to achieve greater personal data use enabling economic growth by removing barriers and reducing obstacles for organisations whilst maintaining high standards of personal data protection and EU adequacy.

Continue Reading Government releases proposals to reform UK data protection laws

In Q1 2022, the UK’s Information Commissioner’s Office (ICO) issued 26 enforcement actions. There were 15 monetary penalties issued, ranging between £2k – £200k, and 11 enforcement notices. The majority of the fines and enforcement notices related to unsolicited marketing activities, two related to data subject rights infringements, and one related to a failure to ensure adequate security around personal data. The last related to a ransomware attack and despite the controller being subjected to a malicious cybercrime, it was penalised for a failure to address known vulnerabilities and to prevent the ransomware attack in time.

Continue Reading ICO enforcement actions in Q1 2022