Legal News

Deep Seek has been asked to explain how it protects the data of UK residents, the ICO has told MLex. The ICO is now also among a widening group of jurisdictions scrutinising the Chinese artificial intelligence ( AI) developer, with several renewing their enquiries after the company revised its privacy policy in what appears to be an effort to meet elements of data-protection legislation. The watchdog confirmed to MLex that it has 'written to Deep Seek, requesting information on its approach to data protection for UK residents', a spokesperson said......

In this issue: Practice Compliance forecast Financial sanctions AML, CTF & counter-proliferation financing Data protection and AI Other Risk & Compliance updates this week Daily and weekly news alerts New and updated content Practice Compliance forecast New Practice Compliance forecast as at 18 February 2025 Our latest Practice Compliance forecast (as at 18 February 2025) is now available. This month we highlight: (1) the JMLSG opening a consultation on proposed amendments to Part I of its Guidance; (2) the next FATF Plenary scheduled for 19–21 February 2025; (3) the ICO’s plan to roll out a Data Essentials training and assurance programme for SMEs; and (4) our improved and broadened fraud risk management content. See News Analysis: New Practice Compliance forecast as at 18 February 2025. Financial sanctions FCDO imposes new sanctions on Putin's inner circle and Russian entities The Foreign, Commonwealth & Development Office has unveiled a fresh set of sanctions directed at...

Our Practice Compliance forecast dated 18 February 2025 monitors anticipated regulatory developments affecting law firm compliance, helping you prepare for any updates pertinent to your organisation. Please read it closely; however, a few points that warrant attention are outlined below. New items we’re tracking this month JMLSG consultation on updates to Part I of its Guidance— The Joint Money Laundering Steering Group ( JMLSG) has opened a consultation on planned changes to Part I of its Guidance. Responses are due by 28 March 2025. See: AML, CTF and counter-proliferation financing. FATF Plenary— The forthcoming Plenary will be held on 19–21 February 2025. Agenda items include tackling illicit finance tied to global crime. It will additionally emphasise advancing financial inclusion through a risk-based approach to FATF Standards......

Key elements of the AI system definition Given the wide variety of AI systems, the guidance cannot offer a complete list. Each system must be evaluated on its own particular characteristics. The EU AI Act adopts a lifecycle-oriented approach and characterises an AI system as: a machine-based system designed to operate with differing degrees of autonomy that may show adaptability after deployment and, for explicit or implicit aims infers from the inputs it receives how to generate outputs such as predictions, content, recommendations, or decisions that can affect physical or virtual environments This seven-part definition spans two main stages: pre-deployment (building phase) and post-deployment (use phase). The seven elements need not be present throughout both stages; some may appear only at one point. The following offers a brief summary of each of the seven points listed...

The Bill’s principal aims, as signalled by its long title, are to create an independent Office of the Whistleblower ( OWB) and to safeguard both whistleblowers and the practice of whistleblowing. The OWB would be empowered to set, oversee and enforce minimum standards for managing whistleblowing matters. This would encompass establishing protocols for handling protected disclosures, providing independent disclosure and advice services, undertaking whistleblowing investigations, and directing redress for any detriment suffered by whistleblowers. Should the OWB be established, it would represent a substantial shift for organisations in how whistleblowing is addressed, notably by offering individuals the option to report concerns to an independent third-party body with investigatory powers. To understand the Bill’s impetus, how we have reached this point, the case for changing perceptions of whistleblowing, and the treatment of whistleblowers and the response to their reports, it is useful first to...

Reeves v Frain (aka Simon Kevin Reeves aka Bill Reeves) and another [2025] Lexis Citation 174 What was the background? The claimant instituted contested probate proceedings, disputing the validity of a will his father executed on 7 January 2014. The defendants’ representation was partly financed via Damages- Based Agreements ( DBAs) with LLP Solicitors. Green J gave judgment for the defendants on 31 January 2022. A further hearing on 4 March 2022 addressed consequential matters, among them costs. The defendants sought recovery of costs under the DBAs, which the claimant challenged as irrecoverable. The court considered preliminary issues concerning the enforceability of the DBAs and whether any fresh retainers were allegedly formed after judgment. What did the court decide? The court addressed preliminary issues regarding whether the DBAs were enforceable and whether any new retainers were allegedly established post-judgment......

In this issue: Financial sanctions Data protection Cybersecurity Other practice compliance updates this week Question of the week Daily and weekly news alerts Trackers New and updated content Financial sanctions Office of Trade Sanctions Implementation updates guidance on trade sanctions licence applications The Office of Trade Sanctions Implementation has updated its guidance for trade sanctions licence applications, with the latest revision on 10 February 2025 clarifying when an import licence cannot be issued. The guidance identifies three separate licensing authorities within the DBT: the Office of Trade Sanctions Implementation ( OTSI) for standalone services, the Import Controls and Sanctions team for import licences, and the Export Control Joint Unit ( ECJU) for strategic export licences. Import licences must be secured before goods are moved to the UK, and cannot be issued for consignments already at the UK border or held in...

See Q& A: When a law firm receives a data subject access request ( DSAR) from a third party in relation to a client matter, is there any legal constraint that stops the firm from telling the client that a DSAR exists under 6.4 of the SRA Code of Conduct for Solicitors? It is important to separate the requirements of the SRA Standards and Regulations from your obligations under data protection law. SRA Standards and Regulations At its core, you must conduct yourself in a manner that sustains public trust and confidence in the solicitors’ profession, act with integrity, and act in the best interests of every client. You are also obliged to notify clients of all information material to their matter that you know about, unless one of four exceptions is engaged. See Practice Note: Duties of...

The Code joins an expanding roster of UK cybersecurity measures, including: the Code of Practice for Software Vendors the Cyber Governance Code of Practice the Consumer Io T Code of Practice the Product Security and Telecommunications Infrastructure Act 2022 the Code of Practice for app store operators and app developers It also sits within a broader UK cybersecurity strategy that features a new UK Cyber Security and Resilience Bill and likely updates to the Network and Information Systems Regulations 2018, with the prospect of further legislation—for example, the recent consultation on ransomware payments. Background to the Code The UK Government acknowledged that software must be secure by design (a term familiar to those versed in data protection law) and that stakeholders across the AI supply chain need certainty on baseline security expectations. Developed by the Department for Science,...

The ICO stresses it has acted swiftly in step with rapid advances in generative AI. Demonstrating this agility, it opened a consultation series in January 2024 focused on generative AI and data protection. Its aim was to set out how organisations might build and implement generative AI while meeting UK data protection duties, especially those in the United Kingdom General Data Protection Regulation, Assimilated Regulation ( EU) 2016/679 ( UK GDPR). The ICO highlighted that adherence to the data protection framework is paramount when using generative AI, as such models are commonly trained on vast volumes of personal data. The consultation raised worries about insufficient transparency over how personal information is used within generative AI, which in turn creates the risk that data protection rights could be undermined......

In this issue: Financial sanctions Other financial crime Data protection Cybersecurity Other practice compliance updates Lex Talk®Practice Compliance: a Lexis®Nexis community Daily and weekly news alerts Trackers New and updated content Financial sanctions OFSI updates commodity code for ‘premium to crude’ in oil price cap guidance The Office of Financial Sanctions has revised the combined nomenclature/harmonised system commodity code for ‘premium to crude’ within the UK maritime services ban and oil price cap industry guidance. The entry changes from 2710 19 43 to 2710 19 42 with effect from 29 January 2025, supporting accurate categorisation of oil products under the UK’s sanctions on Russian oil. See: LNB News 30/01/2025 13. OFSI’s ‘troubling’ licensing regime dents sanctions win Law360, London reports the government’s process for authorising basic living expenses for designated individuals was slow and...

The Opinion arose from a referral by the Irish Data Protection Commission ( DPC) under Article 64(2) of the EU General Data Protection Regulation, Regulation ( EU) 2016/679 (the EU GDPR). Article 62(4) allows any EU data protection authority ( DPA) to put questions to the EDPB that are of general relevance or have implications across more than one EU Member State, with the aim of enhancing harmonisation and clarity on such matters. Over the past twelve months in particular, DPAs have been wrestling with AI, and the DPC—acting as lead DPA for many of the world’s largest technology companies—has frequently led on the most urgent issues. While EDPB Opinions, akin to guidelines, do not have binding legal force, they will strongly shape how DPAs proceed; accordingly, we should expect the Opinion’s principles to appear in national guidance and...

The World Economic Forum's Future of Jobs report Released on 7 January 2025, the report aggregates responses from 1,000+ employers worldwide, covering 14 million-plus workers across 55 economies, and concludes that uptake of DEI (also known as EDI) keeps climbing. For observers tracking the political turbulence—after a polarising US election and strident anti‑ DEI commentary from high‑profile politicians, corporate figures and Wall Street leaders—this may seem unexpected. Only months ago, Bloomberg News characterised DEI efforts on Wall Street as 'anxious, fraught and changing fast', while Subha Barry, ex‑diversity chief at Merrill Lynch, declared, ' We're past the peak'. Yet the WEF now reports 83% of employers have DEI measures in place, a sharp rise from 67% in 2023. It further notes that accessing diverse talent pools ranks within the top five most effective business practices for boosting talent...

Here, Law360 looks at why justices upheld Khan's designation and other takeaways from the Court of Appeal's 24 January 2025 judgment. The Office of Financial Sanctions Implementation ( OFSI) licensing route — designed to allow designated people to cover essentials like water and power — was overwhelmed to the point that, the Court of Appeal heard, Anzhelika Khan spent months waiting for official clearance simply to buy food for herself and her children. Delivering a scathing assessment, the judges observed that Khan could have faced prosecution for the mere act of eating. The court concluded that the government had given scant consideration to how those subject to an OFSI asset freeze were meant to get by without breaking the law. “ It is striking that the judges condemned this regime as profoundly inhumane, effectively forcing a mother to choose between obeying the law and...

In this issue: Financial sanctions AML, CTF & counter-proliferation financing Fraud Data protection Daily and weekly news alerts Trackers New and updated content Financial sanctions DBT updates guidance on reporting suspected breaches of trade sanctions The Department for Business and Trade ( DBT) has refreshed its guidance on how to report potential breaches of trade sanctions. It now sets out what follows when a submission concerns another person or organisation, rather than the reporter, their own business, or one they represent. See: LNB News 24/01/2025 41... FCDO imposes fresh sanctions on Belarus following sham election The Foreign, Commonwealth & Development Office has unveiled further measures against Belarus after the recent sham presidential vote, acting in step with Canada. Six individuals and three entities are designated, including the Chair of the Belarusian Central Election Commission and senior figures from...

‘ We will produce a single set of rules…for those developing or using AI products to make it easier for them to innovate and invest responsibly while safeguarding people's information rights’ He noted, reading from his letter. He argued that a statutory AI code of practice would offer greater regulatory certainty to companies seeking to invest in AI. He also cited an estimate that AI could contribute £47bn to the UK economy each year. In late December 2024, Prime Minister Keir Starmer wrote to a host of regulators requesting a set of five pro-growth proposals, and the Information Commissioner's Office ( ICO) replied with seven in total......

The developer’s privacy notice states that all user information is transmitted to China, where it is retained indefinitely, and it makes no reference to European data protection law or any lawful basis for processing personal data. Although the model’s apparently strong performance on a modest training budget has depressed the share prices of US technology companies, consumer organisations in Europe have begun contacting Italy’s Data Protection Authority ( DPA), noted for proactively challenging Open AI two years ago over comparable issues linked to the launch of Chat GPT. The user terms for the Deep Seek generative AI application, jointly controlled by two Chinese companies, present multiple concerns for authorities responsible for enforcing the EU’s General Data Protection Regulation, Regulation ( EU) 2016/679 ( EU GDOR). All personal data is stored on servers located in China. Transfers will be “in...

The guide has formed part of the FCA’s Handbook of Rules and Guidance since 2011, and the FCA is keen to keep it a practical source for firms, both now and in future. The aim of the revisions is to help businesses grasp the regulator’s expectations, judge whether their financial crime systems and controls are adequate, and remedy any issues uncovered during that review. As its title implies, the guide offers guidance only, not binding rules. It sets out clear, overarching direction on what a rounded, holistic approach to compliance should look like, followed by chapter-by-chapter detail closely aligned to specific financial crime prevention legislation and regulatory expectations. Key changes Sanctions systems and controls Following Russia’s invasion of Ukraine, the FCA carried out wide-ranging reviews of firms’ sanctions systems and controls, and has revised the relevant chapter to capture those insights. Respondents welcomed...

Maximilian Schrems v Meta Platforms Ireland Ltd , Case C-446/21 What are the practical implications of this case? The ruling in Schrems v Meta Platforms Ireland arrives 14 months after the Court of Justice, in Meta vs Bundeskartellamt ( Case C‑252/21), concluded that merely accessing a site or app does not, in itself, make a user’s personal data manifestly public—thereby eliminating reliance by a social network on Article 9(1)(e) of Regulation ( EU) 2016/679, the General Data Protection Regulation ( EU GDPR). Schrems v Meta Platforms Ireland narrows the scope for processing special category data on social platforms and offers significant clarification on handling data that has been manifestly made public (and where explicit consent is invoked). Notably, it emphasises the nexus between a person issuing a public statement—which can render particular information manifestly public—and a platform’s deployment of pixels and cookies to track online...

In this issue: Practice Compliance forecast Financial crime prevention Data protection Daily and weekly news alerts Other Practice Compliance updates this week New and updated content Practice Compliance forecast New Practice Compliance forecast as at 21 January 2025 Our latest Practice Compliance forecast (as at 21 January 2025) is now available. This month we highlight: (1) draft guidance from the Information Commissioners Office ( ICO) on deploying storage and access technologies and sharing information securely; (2) the launch of a consultation proposing measures to address the ransomware threat; (3) the first reading of a Private Members’ Bill to create an independent Office of the Whistleblower to safeguard whistleblowers and whistleblowing; and (4) ICO statements signalling several guidance documents expected during 2025. See News Analysis: New Practice Compliance forecast as at 21 January 2025. Financial crime prevention Key points from trade sanctions office 'no- Russia' guidance Law360, London: On 7 January 2025, the UK Office of Trade...