The National Cyber Security Centre (“NCSC“) has published guidance for medium and large organisations on how to assess and improve cyber security in their supply chains. The guidance is a supplement to the NCSC’s supply chain principles. Continue Reading NCSC releases guidance on cyber security in the supply chain
Tech & Outsourcing
SEC proposal on outsourcing by investment advisers
On October 26, 2022, the Securities and Exchange Commission (SEC) issued a new rule proposal that would prohibit registered investment advisers (IAs) from outsourcing certain services without satisfying due diligence, monitoring and reassessment requirements.Continue Reading SEC proposal on outsourcing by investment advisers
New rules to strengthen and better enforce consumer rights in Germany and the EU
Introduction and Overview
The year 2022 is one of major changes to consumer protection laws in Germany and the EU, namely:
- Changes in connection with digital products and corresponding new provisions for the sale of consumer goods took effect on 1 January 2022 (see our earlier Reed Smith Client Alert Part I).
- New consumer protection rules regarding automatic renewal and notice periods took effect in March 2022.
- Requirements regarding termination buttons will come into force on 1 July 2022 (see our earlier Reed Smith Client Alert Part II).
Continue Reading New rules to strengthen and better enforce consumer rights in Germany and the EU
ECJ Top System ruling grants right to correct software errors
The European Court of Justice (ECJ) ruled on 6 October 2021 in Top System SA v. Belgian State (Case C‑13/20) EU:C:2021:811 that, under article 5(1) of the Software Directive (Council Directive 91/250/EEC) (the Directive), lawful purchasers of software are permitted to decompile programs (in whole or in part) in order to correct errors affecting the…
A summary of the proposed European regulation on digital operational resilience
The European Commission is considering amending the existing rules for the financial sector regarding digital operational resilience, with a view to unifying and strengthening the legal framework in this area.
The proposed change to legislation would amend the existing Network and Information Security (NIS) Directive and create a new regulation on digital operational resilience, known…
Tech Law Talks: Technology transactions trends in 2021
In this episode, Sarah Bruno and LiLing Poh discuss recent trends as organizations invest more in technology through the acquisition of new platforms or programs, or by working with a vendor to bring a product to market. Exploring a case study involving a global pharmaceutical company on the rollout of a health-related digital app,…
PRA extends deadline for responses to consultation on outsourcing and third-party risk management
At the end of 2019, the UK Prudential Regulation Authority (PRA) released its consultation paper (link here) setting out its proposals on a regulatory framework to modernise outsourcing and third-party risk management. The original deadline for responding to the proposals was 3 April 2020, but this has now been extended to 1 October 2020, which was announced as part of the Bank of England’s and the PRA’s measures to respond to the economic shock caused by COVID-19.
Background
In response to the growing dependency on third-party technology solutions (e.g. cloud outsourcing), the PRA wants to highlight the new risks associated with such an increasingly complex and constantly evolving area. As firms find themselves increasingly dependent on such services, any major disruption or outage could result in adverse consequences for financial stability. The consultation seeks to modernise the PRA’s expectations and sets out how firms should comply with existing requirements on such risks.Continue Reading PRA extends deadline for responses to consultation on outsourcing and third-party risk management
Singapore launches national e-commerce standard
On 12 June 2020, Enterprise Singapore and the Singapore Standards Council launched Technical Reference 76: the first-ever guidelines to set out a national standard for e-commerce transactions. The standard is aimed at boosting the digitalisation of SMEs, as well as the burgeoning e-commerce sector in Singapore.
Technical Reference 76 serves as a practical reference for e-retailers and online marketplaces. The guidelines cover a wide range of functions, from the pre-purchase activities of browsing and selection, to purchasing and payment processes, as well as post-purchase fulfilment, delivery, product tracking, returns, refunds and exchanges. They provide best practices for businesses looking to develop and implement the necessary operational procedures, customer support, merchant verification controls, as well as processes to ensure that consumer-facing communications are clear and enable customers to make informed choices.Continue Reading Singapore launches national e-commerce standard
The immediate actions that a general counsel and their in-house legal team should take as a priority during a crisis
All businesses are concerned with whether their revenue and custom will continue during a crisis.
When their services (more importantly those involving technology) depend on the use of third party suppliers, businesses should also think about their own ability to deliver.
Questions that business managers will be agonising over during a crisis include:
Will our…
New requirements for Singapore banks to include provisions in service contracts on protection of customer data
On 4 November 2019, Singapore’s Parliament published a draft amendment to the Banking Act.
Under the amendment, all banks will be required to evaluate the ability of their service providers (whether these be a branch or office, or an external party) to:
(a) safeguard the confidentiality and integrity, and ensure the availability, of the banks’ information; and
(b) protect all customer information against unauthorised disclosure, retention, or use.
Where the service provider is a branch or office of the bank, specific provisions covering the above must be included in the branch or office’s policies and procedures.
Where the service provider is an external party, however, then the relevant provisions must be included in the contract between the bank and the provider.
Such policies and procedures, or contract, as the case may be, must also confer on the bank, the regulator (the Monetary Authority of Singapore or MAS), or an auditor appointed by the bank, the right to audit the books of the service provider to ensure that the above requirements have been complied with.Continue Reading New requirements for Singapore banks to include provisions in service contracts on protection of customer data