Legal News

Businesses operating in Great Britain must stay course on DEI If you are based in Great Britain ( GB) and curtail DEI measures for your workforce here in reaction to the recent stance of the US Administration on DEI, you materially heighten the likelihood of unfavourable findings of discrimination against your organisation. For GB businesses, mirroring US companies by scrapping or diluting DEI commitments makes no legal sense within the existing GB framework. Should US jurisprudence track the current Administration’s line on ‘affirmative action’, it would simply bring the US into closer alignment with established GB law and practice. In GB, ‘positive action’ has never allowed race (or any other protected trait) to be used as a selection device to prefer applicants or candidates in recruitment or promotion, save for a narrow, seldom-invoked tie-break exception where contenders are genuinely evenly matched. US law has not...

Late last year, the Home Office issued a policy paper. It was triggered by a House of Lords committee review into the effect of MSA 2015. While the committee hailed MSA 2015 as pioneering, it emphasised that ‘the world has changed and best practice has moved on’. It urged government to introduce ‘proportionate sanctions’ for organisations that fail to comply with the Act’s obligations; most notably the annual requirement for companies to report on measures to identify and prevent modern slavery. The report also portrays a ‘current approach of no enforcement’ in relation to MSA 2015. Under the Act, businesses with turnover exceeding £36m must publish a yearly slavery and human trafficking statement. However, it does not set out what that statement must contain. The policy paper further notes that, although the Home Secretary can seek an injunction to enforce...

In this issue: Data protection Financial sanctions Other financial crime Cybersecurity Other Risk & Compliance updates this week Daily and weekly news alerts Trackers New and updated content Data protection Model contractual clauses for AI procurement in the EU—key takeaways for AI companies EU Law analysis: The European Commission has issued a refreshed set of Model Contractual Clauses for AI Procurement ( MCC- AI), offering additional helpful direction to public-sector purchasers navigating AI buying under the EU Artificial Intelligence Act ( EU AI Act). These clauses equally function as a practical instrument to assist any private organisation in meeting their legal duties when supplying or sourcing AI systems, especially high-risk AI solutions. Patrick Van Eecke, partner, and Enrique Capdevila, special counsel, at Cooley, outline the principal insights of the MCC- AI for companies. See News Analysis: Model...

The EU AI rulebook adopts a phased rollout: some headline provisions take effect from August 2025, with most following in 2026. As these milestones approach, organisations are rushing to interpret an opaque legal text. Uncertainty stems from doubts about Regulation ( EU) 2024/1689 (the AI Act), notably its relevance during development, any extraterritorial reach, the meaning of central legal concepts, and the limits of the scientific research and development exemption. Development phase The AI Act indicates it does not extend to research, testing, or development activities for AI systems or models before they are placed on the market or put into service. However, a European Commission question‑and‑answer paper on general‑purpose AI ( GPAI) recognises that certain duties for model providers, implicitly or explicitly, relate to the development stage. These include: Notifying the regulator if providers anticipate GPAI models will exceed the Act’s training compute...

Background The initial iteration of the MCC‑ AI appeared in September 2023 ahead of the EU AI Act, setting out a systematic route for sourcing AI. Following the EU AI Act’s formal entry into force on 13 June 2024, the Commission has updated the model clauses to better match regulatory expectations. The latest release comprises: a comprehensive edition for high‑risk AI systems a streamlined variant for non‑high‑risk AI systems a commentary detailing how to tailor and apply the clauses Why should companies get acquainted with the MCC- AI? The MCC‑ AI offers a practical framework for businesses buying or supplying AI services, by setting a shared baseline of obligations. The clauses foster alignment between parties on core compliance areas — transparency, risk management and accountability — consistent with the EU AI Act. By tailoring MCC‑ AI clauses to their...

Nick Ephgrave Nick Ephgrave acknowledged it was no secret that the SFO has witnessed a slight drop-off in the number of companies approaching the specialist anti-corruption body with suspected fraud and bribery within their organisation. To address this, the SFO intends to invest further in covert intelligence-gathering so it can better understand what is happening in corporate settings and, in turn, either pursue targets or encourage them to come forward, he told Law360 and reporters from other news outlets. Ephgrave said he wants to be more in control of the referrals received by an agency that largely depends on businesses volunteering information, with the aim of invigorating and provoking self-reporting by companies. He added that he is really seeking to drive up the number of corporates the SFO deals with, whether through self-reporting supported by revised corporate guidance, via...

Arguably, the priority is to designate a whistleblowing champion for the whole of government, rather than limiting the role to regulators, enforcement bodies, or a lone department. The moment is right. A proposed Office of the Whistleblower Bill—intended to set up an independent office to protect whistleblowers—was most recently brought before Parliament in December 2024. Honed over more than five years, its evolution has been shaped not only by whistleblower experience, but also by leading legal specialists who practise in this area day in, day out. Consequently, it marks a significant leap beyond other legislation, because it tackles fundamental questions such as: Who qualifies as a whistleblower? How can information be reported securely? What does protection from retaliation entail, and how can it be delivered promptly and effectively? How do we remedy the inequality of arms between...

Risk & Compliance weekly highlights—3 April 2025 In this issue: Data protection Financial sanctions AML, CTF & counter-proliferation financing Other financial crime Other Risk & Compliance updates this week Daily and weekly news alerts Trackers New and updated content Data protection Automated decision-making and DSARs: right to access means a right to explainability ( CK v Magistrat Der Stadt Wiendun & Bradstreet Austria GMBH) The Court of Justice offered a series of clarifications on the reach of data subject access requests where automated decision-making is involved. It determined that the touchstone for ‘meaningful information about the logic involved’ under Article 15(1)(h) of Regulation ( EU) 2016/679 ( EU GDPR) is whether the information allows the individual to grasp the logic used when their personal data is processed by automated means. The court also confirmed that...

Cole v Marlborough College (incorporated by Royal Charter) [2024] EWHC 3575 ( KB) What are the practical implications of this case? Although this was merely a case management hearing, the court reviewed earlier law (the Data Protection Act 1998), the current regime (the DPA 2018) and a prospective measure (the Data ( Use and Access) Bill) to identify the proper principles for assessing exemptions when dealing with DSARs. In this matter, the College’s position drew on X v The Transcription Agency LLP [2023] EWHC 1092 ( KB), asserting that, as a matter of principle, it was entitled to withhold documents from inspection. In X, the issue concerned whether the claimant should be given documents placed within closed bundles that were themselves being challenged. That issue arose because DPA 1998, s 15(2) contained an express rule permitting the court to examine documents holding the disputed...

A campaign led by Ekō is urging Meta to cease displaying targeted adverts to users. The effort refers to the settlement in letters sent to the company. ‘ This settlement confirms our right to object to the use of personal data for direct marketing’, Ekō notes in the project, which enables citizens to e-mail Meta to register their objections. O’ Carroll’s case could also significantly shape decisions on the pay-or-consent model, which Meta said it would pursue after the settlement, as the Commission prepares a final ruling in early April 2025 on whether such models align with Regulation ( EU) 2022/1925, the EU Digital Markets Act ( EU DMA). ‘ The potential ramifications [of the settlement] are massive, because it could provide a gateway not just for UK citizens, but also for a lot of Europeans to object to online...

Hanson outlined in full the ongoing programme of work that is under way, as ministers prepare for reform, during his keynote address to the Global Anti- Scams Alliance summit, staged in London on 26 March 2025 and 27 March 2025, according to the Home Office. The programme features detailed plans for partnering with industry and cross-border collaboration, as well as confronting technology-enabled fraud. ' Fraud is an ever more international business, driven by some of the most appalling criminal gangs operating in the world today', Hanson said in a statement......

Risk & Compliance weekly highlights—27 March 2025 In this issue: Sanctions and export controls AML, CTF & counter-proliferation financing Other financial crime Other Risk & Compliance updates this week Daily and weekly news alerts Trackers New and updated content Sanctions and export controls OFSI annual review reveals £25bn of Russian assets frozen The Office of Financial Sanctions Implementation ( OFSI) has published its 2023–2024 annual review, noting £25bn of Russian assets frozen since February 2022 alongside 396 enforcement matters. It records OFSI’s first proactive monetary penalty, the exercise of its disclosure power, and its initial counter-terrorism designation. The workforce rose to 135, and 564 additional designated persons were placed on sanctions lists. The review underlines strengthened enforcement capability and wider international co-operation. See: LNB News 21/03/2025 20. OFSI issues penalty to HSF Moscow for Russia sanctions...

The ECCTA 2023 obtained Royal Assent on 26 October 2023, and is being rolled out gradually in stages across the UK. The legislation aims to bolster corporate openness and visibility, enhance the UK's capacity to combat economic crime meaningfully and widen enforcement powers—especially regarding crypto-assets, fraud prevention and relevant company rules. Before ultimately taking office in 2024, the Labour Party condemned the failure to secure criminal convictions against financial services firms for wrongdoing linked to the 2008 financial crisis. Did they have a fair argument? Were the corporate criminal liability provisions then in force adequate? Should the Labour government reopen this field to craft effective measures to address corporate wrongdoing? Regrettably, recent Conservative reforms appear to have set the UK on a course likely to underperform and potentially be hard for Labour to unwind swiftly. The chances of achieving successful...

Risk & Compliance weekly highlights—20 March 2025 In this issue: Risk & Compliance forecast Data protection Financial sanctions AML, CTF & counter-proliferation financing Other financial crime Other Risk & Compliance updates this week Daily and weekly news alerts New and updated content Risk & Compliance forecast The latest Risk & Compliance forecast, dated 18 March 2025, is now available. This month we cover: planned refreshed ICO guidance on reporting data breaches; the tabling of the Crime and Policing Bill 2025; work by the government’s JFT on a new Fraud Strategy; and the SRA application window for specified solicitors to remain on the roll. Refer to News Analysis: New Risk & Compliance forecast as at 18 March 2025. Data protection Commission proposes six-month extension of UK data adequacy decisions The European Commission has proposed a further six months for the two 2021 UK...

Mojzesowicz told the Annual Conference on European Data Protection Law 2025 that the Polish government, which is presently leading the talks, is ‘very committed’ to concluding them within its term chairing the body representing Member States, a mandate running until the end of June 2025. She noted that the Commission shares this goal, saying there is genuine momentum and a broad recognition of how essential this procedural regulation has become, with everyone acutely aware of its necessity. The timetable, she cautioned, is exceptionally tight, with numerous ‘technical trilogues’, pointing to several March 2025 sessions where outstanding technical points might be settled ahead of a final political......

New Risk & Compliance forecast as at 18 March 2025 Our Risk and Compliance forecast, as at 18 March 2025, tracks proposed regulatory changes affecting risk and compliance, helping you plan for potential impacts on your organisation. Please review closely; key points to note are below. New items we’re tracking this month Data breach reporting — In February 2025 the ICO confirmed it will publish updated guidance on breach reporting in spring 2025. See: Data protection, AI and cybersecurity. Crime and Policing Bill 2025 — Laid before Parliament on 25 February 2025, the Bill widens ECCTA 2023 corporate criminal liability beyond certain economic crimes. After second reading on 10 March 2025, it went to a Public Bill Committee for line-by-line scrutiny, which is due to report by 13 May 2025. See: Economic Crime and Corporate Transparency Act 2023. New Fraud Strategy —...

What new offences, powers or reforms in relation to corporate crime are being proposed? This Bill is remarkably broad, spanning multiple governmental policy aims and priorities......

The ECJ held that the General Court, when reviewing the European Council’s move to sanction Igor Shuvalov, was justified in concluding there was adequate evidence that he had supported Russia since 2014 ‘on a continuous basis’. As recorded by the ECJ, the General Court considered that, by virtue of his role as president of VEB RF, Shuvalov implemented the Russian government’s economic policy and thereby contributed to Crimea’s economic development, so it could be concluded that he provided active support, the ECJ found. Shuvalov, previously deputy prime minister in Dmitry Medvedev’s cabinet and, before that, in the cabinet of now- President Vladimir Putin, had sought to set aside a February 2024 General Court judgment that upheld the Council’s sanctions on the former statesman......

These appeals mark the Supreme Court’s initial look at challenges to sanctions within the UK’s post‑ Brexit framework, and the first since its landmark ruling in Bank Mellat v HM Treasury [2013] UKSC 39 in 2014, which set out the test for assessing a measure’s proportionality. They stem from the UK’s Russia sanctions regime and follow several lower court judgments dismissing challenges to sanctions designations. At the heart of these cases is whether the measures accord with rights under the European Convention on Human Rights ( ECHR), and whether they are proportionate in light of Bank Mellat. Guidance from the Supreme Court on these key questions will have a significant bearing on future sanctions disputes. This article considers the issues raised that are likely to be examined by the UK Supreme Court in due course concerning...

A revised edition of the Employment Rights Bill ( ERB), including the amendments agreed at Report Stage on 11 and 12 March, has been posted on the Parliament website. The 310‑page Bill has moved on to the House of Lords, where it is set for its second reading on 27 March. Employment Rights Bill (as brought from the Commons) We will provide more detail on the Bill’s new provisions in a separate bulletin, and will update our Employment Rights Bill—tracker to mirror these changes as soon as possible......