The UK’s new Product Security and Telecommunications Infrastructure Act 2022 will take effect on 29 April 2024, and will require manufacturers to implement minimum-security standards on all consumer products with internet or network connectivity, such as smartphones, smart meters, CCTV cameras, smart speakers, games consoles, smart doorbells, and medical devices and wearables before they can be made available for purchase.

Continue Reading From Smartphones to Alarm Systems: UK Mandates Minimum Security for Connected Devices

Digital Markets Act: Developments since its proposal  

Following the European Commission’s initial proposal of the Digital Markets Act (DMA) in December 2020, its adoption by the European Parliament in March 2022 and the entry into force on November 1, 2022, the DMA will finally apply from May 2, 2023. The DMA contains a list of obligations and prohibitions, subject to fines, that core platform services (CPS) provided by so-called gatekeepers must comply with in their daily operations. CPS should therefore be assessed at an early stage regarding whether or not they fall within the scope of regulation of the DMA.

As is set out in the following, the DMA poses significant business challenges for (potential)
gatekeepers, which should be addressed in a legally sound, comprehensive and systematic manner in order to prevent disruptions to the relevant businesses. 

Continue Reading Countdown to compliance: The DMA to apply to digital gatekeepers from May 2, 2023  

On 13 March 2023, the Information Commissioner’s Office (‘ICO’) published new guidance, ‘Privacy in the product design lifecycle’, to help technology professionals, such as UX designers, product managers and software engineers, keep data protection considerations at the forefront of their products and services. The guidance describes how to tackle privacy issues arising at each stage of the design and development process, as summarised below.

Continue Reading Takeaways from ICO’s “Privacy in the product design lifecycle” guidance

The winter 2023 edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released:

English version

German version

Continue Reading Get your update on IT & data protection law in our newsletter (Winter 2023 edition)

The Competition & Markets Authority (‘CMA’) published its response to the Department for Digital, Culture, Media & Sport (‘DCMS’) policy paper on establishing a pro-innovation approach to regulating artificial intelligence (AI) on 29 September 2022. This is in parallel with the coming into force of the new National Security & Investment Act 2021, under which the UK government is scrutinising transactions that use AI to produce goods, services and technology with the potential to track individuals, objects and events.

In its response, the CMA commented on the need to (i) adopt a risk based approach to the regulation of AI, (ii) consider whether existing regulatory powers are appropriate, and (iii) encourage collaboration between regulators.

Continue Reading The CMA’s shares its thoughts on a ‘pro-innovation’ approach to regulating artificial intelligence

The European Commission published a proposal for a Cyber Resilience Act on 15 September 2022 (the ‘Regulation’), which aims to:

  • ensure that cyber security is considered during the development of hardware and software products and is continuously improved throughout that product’s life cycle; and
  • improve transparency so that users can take cybersecurity into account when selecting and using a product with digital elements.


Continue Reading EU Commission proposes Cyber Resilience Act to bolster the EU’s cyber security rules.

The UK Financial Services and Markets Bill (“FSMB”) and the accompanying explanatory notes were published on 20 July. The FSMB signals upcoming reforms to the regulatory landscape in the UK financial services sector, including issues and challenges brought about by the adoption of technologies and digital assets.

Continue Reading UK Financial Services and Markets Bill – what it means to technology providers and users in the financial services sector

The Summer 2022 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released:

English version

German version

Continue Reading Get your Update on IT & Data Protection Law in our Newsletter (Summer 2022 Edition)

Join us in our latest Tech Law Talks podcast series as we explore the regulatory topic du jour: eComms.  What are eComms and why are they resulting in fines in the hundreds of millions of dollars for some of the world’s largest banks?  The answer is simultaneously simple and complex: rapidly changing technology means keeping up with the variety of eComms, or electronic communications, used by businesses and applying decades-old regulations to new functionality is more challenging than ever before.

Continue Reading What are eComms and why are they resulting in fines in the hundreds of millions of dollars for some of the world’s largest banks?