Sub Topics We Cover
Latest Information News
Section 6 of the Victims and Prisoners Act 2024 supersedes VPA 2024, s 17, scrapping the prior constraint that protected disclosures had to be made to particular recipients for specified purposes. Any term in any agreement, including commercial non-disclosure agreements (NDAs), is void to the extent it seeks to stop a victim, or someone who reasonably believes they are a victim, from revealing relevant criminal conduct-or the counterparty’s reaction to it-to anyone, for any purpose. The new provision binds the Crown, subject only to a tightly drawn national security exception. This analysis examines how these reforms align with existing common law limits on confidentiality and their consequences for standard commercial NDA templates. It is written by Richard Hanstock, a barrister at Cornerstone Barristers and the founder of Deeptech Legal, an SRA-authorised firm specialising in cybersecurity, artificial intelligence, defence technology and national security...
In this issue: Cybersecurity Data protection Daily and weekly news alerts New and updated content Cybersecurity DSIT publishes speech by Digital Minister on rising cyber security threats The Department for Science, Innovation and Technology (DSIT) has released a speech delivered by the Digital Minister, Liz Lloyd, at the New Statesman Security and Resilience Conference on 5 May 2026, in which she characterised cyber security as ‘foundational’ to national security, economic resilience and business growth in a world facing growing instability. The minister cautioned that cyber threats are increasing in frequency, disruption and cost: 43% of businesses reported a cyber breach or attack in the past 12 months, rising to 69% among large organisations, while 29% encountered assaults at least weekly......
The Department for Science, Innovation and Technology (DSIT) stated that the UK AI Security Institute (AISI), together with the Australian AISI, has agreed a memorandum of understanding aimed at bolstering co-operation regarding AI safety and security risks......
In this issue: Data protection Cybersecurity Daily and weekly news alerts New and updated content Data protection EDPB unveils DPIA template to bolster uniformity in GDPR compliance workflows The European Data Protection Board (EDPB) has approved a template for Data Protection Impact Assessments (DPIAs), seeking to simplify adherence to the EU’s General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR), and to improve consistency and alignment across Europe. The template is designed to help organisations structure, harmonise, substantiate and evidence their DPIA reporting processes, and is accompanied by an explainer document intended to support its practical use. The template is open for public consultation until 9 June 2026. See: LNB News 15/04/2026 22. Commission to launch EU age-verification app The European Commission has announced and confirmed that its EU age verification app is technically ready and complete, and will soon be made available for citizens to use when accessing online...
Featured Information content
Practice Note This Practice Note offers practical guidance on the current border controls between the United Kingdom and the European Union, along with the changes scheduled to commence on 1 January 2022. It covers customs declarations, the payment of customs duty and VAT, and sanitary and phytosanitary checks. Introduction In November 2021, the UK released its updated border operating model, explaining how the UK border functions in relation to the EU. The model was originally brought in on 1 January 2021 following the UK’s departure from the EU customs union. From that date, certain border controls were introduced. These were phased in to allow time to build and prepare the necessary infrastructure to support those controls. In December 2021, the UK further updated the border operating model to temporarily prolong staged customs controls for goods moving from the island of Ireland into Great Britain. This interim step was taken...
Environmental law comprises the body of rules intended to protect the environment. It affects a local authority ( LA) through the LA’s own compliance responsibilities and because LAs hold statutory roles for consenting, enforcement and remediation across diverse environmental law regimes. This Practice Note assists practitioners working in or with LAs by describing scenarios in which environmental law issues might arise, and by offering guidance and links to the relevant environmental law content. Waste What is the LA’s duty in relation to the collection of waste? Subject to certain limited exceptions, waste collection authorities ( WCAs) in England and Wales have a statutory legal obligation to arrange for the collection of household waste and, where requested, commercial waste and industrial waste. Local authorities in England and Wales must also collect specified categories of waste, ensuring those types are collected separately as distinct streams. The...
Database right Database right is a proprietary entitlement in the UK, arising from the transposition of Directive 96/9/ EC (the EU Database Directive), and applies to a database where there has been substantial investment in acquiring, checking, or presenting its contents. Illustrations of what may amount to a database include: a hard copy or electronic encyclopaedia; collections of data hosted on websites; the intranet; a spreadsheet recording a database and a PDF version of that spreadsheet (see the Forensic Telecommunications Services Limited case); and a document management system. The EU Database Directive was put into effect in the UK by the Copyright and Rights in Databases Regulations 1997 ( CRD 1997, also called the Database Regulations 1997), SI 1997/3032. Database right is infringed by the extraction or re-utilisation of the whole or a substantial part of the database’s contents without the permission of the rights holder. Not every database benefits from database right....
Defined terms : In addition to the definitions set out below, this Precedent also uses the defined terms ‘ Agreement’, ‘ Business Day’, ‘ Customer’, ‘party’ / ‘parties’, ‘ Services’ and ‘ Supplier’, which are general rather than specific to data processing and are assumed to be defined separately in the relevant agreement. Refer to the drafting notes for further guidance. The Schedule 1 Definitions and interpretation 1.1 In this Schedule: Adequacy Regulation means any valid adequacy regulation referenced in Article 45A of the GDPR; Attached Standard Contractual Clauses means the provisions set out in [ Annex [ insert ] to ] Appendix 7; Binding Corporate Rules means the binding corporate rules referred to in Appendix 6; Controller has the meaning given in Data Protection Laws; Data Protection Impact Assessment shall be interpreted in line with Data Protection Laws; Data Protection Laws means all applicable laws relating to the...
STOP PRESS: On 19 June 2025, the Data ( Use and Access) Bill obtained Royal Assent, becoming the Data ( Use and Access) Act 2025 ( DUAA 2025), with provisions also coming into force in part on that day. Certain DUAA 2025 provisions, addressing matters such as handling data subject access requests and the conferral of powers to make further regulations, commenced straightaway on 19 June 2025. Other provisions, relating to notices issued by the Information Commissioner and specific aspects of law enforcement processing, took effect on 19 August 2025 (being two months from the date of Royal Assent). The majority of DUAA 2025’s provisions will only commence once additional regulations are made, in the form of statutory instruments, to bring them into effect. Parts 5 and 6 of DUAA 2025 serve to amend aspects of data protection and e Privacy law in the UK,...
This timeline outlines significant milestones and material concerning the UK’s Network and Information Systems Regulations 2018 ( NIS Regulations), SI 2018/506, and covers proposals to amend them by way of the Cyber Security and Resilience ( Network and Information Systems) Bill laid before Parliament in November 2025. It brings together strategies, consultations, progress updates, reform suggestions, plus commentary and guidance from various organisations on these developments. For further detail, see Practice Note: The Network and Information Systems Regulations 2018. Key developments 27 March 2026 — Ofgem. DESNZ and Ofgem opened a consultation seeking input on plans to recast cyber resilience regulation for downstream gas and electricity operators across Great Britain, reflecting the evolving energy system, Clean Power 2030, and a heightened cyber security threat. Proposals cover: setting baseline cyber resilience obligations for all Ofgem licensees via licence conditions, using Cyber Essentials or Cyber...
This Practice Note outlines the principal cybersecurity ramifications posed by artificial intelligence ( AI) in relation to duties under UK law, including those arising from the United Kingdom General Data Protection Regulation, Assimilated Regulation ( EU) 2016/679 ( UK GDPR). It further sets out practical guidance on embedding AI as a relevant factor within existing cybersecurity compliance frameworks already in place. Advances in AI prompt concerns about the implications for cybersecurity and, as adoption grows, so too do related cybersecurity concerns. In January 2024, the UK National Cyber Security Centre ( NCSC), the UK’s technical authority on cyber threats, warned that AI will almost certainly render cyberattacks on UK organisations more effective and widespread. In April 2026, DSIT and the Cabinet Office published an open letter to businesses on AI cyber threats, warning that the development of AI models is...
Popular documents
When evaluating a general damages claim, the practitioner ought initially to refer to the Judicial College Guidelines (JCG)...
This Practice Note This Practice Note reviews mechanisms used in settling litigation. A Tomlin order consists of a consent order paired with a schedule. It operates to stay proceedings on terms that have been agreed. The provisions contained in the schedule may remain confidential. This Practice Note describes the scope of confidentiality attaching to the schedule and sets out how it differs from a standard consent order. Sample wording for a Tomlin order is included, alongside links to precedents, as well as guidance on court approval. It also addresses varying, setting aside and enforcing a Tomlin order, including the considerations the court will take into account when handling applications for each. Further guidance is provided on interpreting and applying the relevant provisions of the CPR; however, some courts and divisions impose very specific requirements for both drafting and approval, and for approaching the schedule and confidentiality issues. Accordingly, you must consider the particular rules and court guide provisions in the forum where your claim is proceeding when drawing up the Tomlin order...
Date [ date ] Parties [ name of Landlord ] [ of OR incorporated in England and Wales (company registration number [ number ]) with its registered office at ] [ address ] (Landlord) [ name of Tenant ] [ of OR incorporated in England and Wales (company registration number [ number ]) with its registered office at ] [ address ] (Tenant) [ [ name of Guarantor ] [ of OR incorporated in England and Wales (company registration number [ number ]) with its registered office at ] [ address ] (Guarantor) ] [ [ name of Mortgagee ] [ of OR incorporated in England and Wales (company registration number [ number ]) with its registered office at ] [ address ] (Mortgagee) ] Definitions Within this Deed, the terms below shall be interpreted as follows: [ Annual Rent • the annual sum reserved under the Lease; ] [ Insurance Rent • the Tenant’s share of the Landlord’s costs of insuring the Property (as set out in the Lease); ] Lease • the lease of the Property dated [ date ], entered into between (1) [ the Landlord OR [ name ...
I, [ name ], of [ address ], solemnly and sincerely state that: [ Matters to be verified, set out in numbered paragraphs ] I make this solemn statement in good conscience, believing it to be true, and pursuant to the provisions of the Statutory Declarations Act 1835. DECLARED at [ details ] this [ day ] day of [ month and year ] Before me ................................................................................ [ signature of the person before whom the declaration is made ] A [ commissioner for oaths OR [ solicitor OR [ insert other qualification ] ] authorised to administer oaths ]...
Discover more from LexisNexis
