Legal News

In this issue: New technologies Information technology Internet Media Advertising, marketing and sponsorship Telecommunications Lex Talk®TMT: a Lexis®Nexis community Daily and weekly news alerts New and updated content Dates for your diary Trackers Useful information New technologies Contractually measuring the performance of AI systems TMT analysis: Artificial intelligence ( AI) now underpins many technology services, yet framing clear performance obligations in contracts can be difficult. In contrast to classic software, AI evolves over time, depends on substantial, varied datasets, and must balance layered aims, including transparency and the mitigation of bias. Below, we examine methods to define and uphold AI performance within agreements, drawing out workable market approaches and key clauses that support consistency and compliance in a rapidly changing environment. Written by Marcus Bagnall and Mark Deem, partners at Wiggin LLP. See News...

Why is defining performance metrics and customer requirements more challenging for AI systems? AI’s intricacy and dependence on extensive datasets make it tougher to pin down clear success measures than in traditional IT projects. Key reasons include: non-deterministic behaviour. Numerous AI models, especially those built on machine learning or deep learning, may return different answers to the same inputs at different times. Whereas conventional software tends to be consistent, shifting model parameters blur simple pass/fail judgements. One test run can vary in outcome, so it’s wiser to define performance thresholds than fixed, single-shot checks. dynamic training data. Many AI solutions continue learning after deployment, risking ‘model drift’. As data or the surrounding context changes, accuracy and reliability can move unexpectedly. Contracts should recognise this and call for periodic evaluations or ‘recalibration’ to remedy any slide in...

EU AI Act timeline for GPAI Code of Practice Under the EU AI Act, the Code of Practice must be finalised by 2 May 2025 at the latest, and the European Commission’s AI Office is obliged to take the ‘necessary steps’ so the Code is recognised as an official compliance instrument. Yet, earlier this week the EU AI Office informed participants in the drafting work that ‘the final GPAI Code of Practice and the Commission guidelines on GPAI [are] expected to be published ahead of August 2025’. Its communication further notes: ‘ This extension of the deadline comes as a result of prioritising extended feedback cycles (as requested by all stakeholders), and to give stakeholders four weeks to respond to the consultation on guidelines’. According to the Commission’s updated website, the definitive Code will be presented at the closing plenary session and issued by August 2025,...

The rise of artificial intelligence in financial services has sparked an internal discussion at the PRA over a move away from its technology-agnostic stance, according to the regulator’s chief. To date, UK financial watchdogs have favoured technology-neutral requirements for areas like model risk oversight and operational resilience, built to span multiple tools and systems. The PRA has not yet introduced rules tailored to AI. As the chief indicated, the issue is under consideration internally and no definitive position has yet been reached......

In this issue: New technologies Internet Data protection Media Advertising marketing and sponsorship Telecommunications Reputation management Lex Talk®International Trade: a Lexis®Nexis community Daily and weekly news alerts Dates for your diary Trackers Useful information New technologies What do legal teams need to know about AI standards? TMT analysis: This piece reviews how key technical standards function across the information, communications and telecommunications landscape, with a particular focus on artificial intelligence ( AI). It outlines noteworthy AI-related standards already in place, the programme to develop standards pursuant to Regulation ( EU) 2024/168 (the EU AI Act), and the stance taken by the UK government. It also explores ways in which customers can use standards when sourcing AI solutions—within their organisations and during contractual discussions. Authored by Dr Sam De Silva, partner and global co-head of the...

Barclays Bank plc v VEB. RF [2024] EWHC 3088 ( Comm) Contrary to this, the Russian bank commenced proceedings in the Russian courts. The English bank applied to the English courts for anti‑suit and anti‑enforcement injunctions, which were granted. The Russian bank then initiated arbitration proceedings, as it was originally required to do. During the contractual notice period, however, the English bank notified the Russian bank that the dispute should be transferred to the English courts. The Russian bank maintained that the English bank had waived that right......

On 14 March 2025, delegates from EU Member States examined the interaction between the two regimes, aiming to pinpoint compliance hurdles for both supervised organisations and supervisory authorities. Following this exchange of views, Poland, the current chair of the EU diplomatic discussions, collated the contributions and prepared a synopsis — obtained by MLex — setting out principal takeaways on the core issues identified. The resulting summary will be tabled for debate at a meeting of national representatives. Differing regulatory approaches Most European governments underlined how the two laws diverge in regulatory design. The EU GDPR safeguards personal data through a fundamental‑rights lens, while the AI Act functions as product‑safety legislation, imposing targeted obligations calibrated to the level of risk. For a number of Member States, this divergence in underlying logic could produce contradictory regulatory outcomes, whereby an AI system is judged compliant with the AI Act but not...

Commission Guidance—clarifying early obligations Since the very start of the year, the Commission has issued six notable guidance documents to help support compliance with the EU AI Act. On 4 February 2025, it unveiled the AI Literacy Repository to support Article 4, in force from 2 February 2025, which obliges organisations to actively promote AI literacy internally (see: LNB News 05/02/2025 43). The repository showcases practical training initiatives from early adopters and provides a benchmark for companies developing internal competence frameworks. On the same day, it released draft Guidelines on Prohibited AI Practices under Article 5, also applicable from February, offering legal interpretation with illustrative examples (see: LNB News 05/02/2025 39). Prohibitions include subliminal manipulation, exploitative systems, real-time biometric surveillance, and social scoring. Although non-binding, the guidelines act as authoritative reference points for organisations and should be built directly into risk...

The European Commission has concluded its EU Digital Markets Act ( EU DMA) probe into Apple’s user choice obligations after i OS changes, featuring a redesigned browser choice screen and wider app removal options......

Suppliers of general‑purpose AI models, including Open AI, Anthropic, and Microsoft, witnessed the Commission set out its preliminary approach to implementing the EU AI Act’s pertinent provisions, preceding the publication, in due course, of administrative guidance on the matter itself. This initial approach was issued within a consultation intended to solicit input from AI companies, downstream actors, public authorities, and civil society on forthcoming GPAI guidance. See: LNB News 22/04/2025 37. The guidance will clarify core concepts in the EU AI Act, and this early approach offers a first view of how the Commission, which will also be the sole enforcer of the GPAI provisions, reads them. General-purpose AI models Among the first issues the guidance seeks to elucidate are the practical criteria for deciding when a model comes within the scope of the EU AI Act. In particular, the Commission notes that the key...

The three-judge Court of Appeal panel has held that Hipgnosis SFH Ltd may pursue its claims in the High Court, as the intellectual property investment fund’s agreement to acquire rights in Manilow’s music catalogue stipulates that Hipgnosis can bring proceedings solely in England. Under the contract, Hipgnosis is restricted from issuing any of its claims, including those concerning the purchase price, in any forum other than England, the judgment confirmed. The court also found no objection to the appellant seeking negative declaratory relief regarding the purchase price before the English courts... Sitting with Justices Stephen Phillips and Richard Snowden, Justice Julian Flaux accepted Hipgnosis’s argument that the High Court had erred in implying that Manilow’s decision to litigate in Los Angeles deprived the English court of jurisdiction. The appeal turned on an asymmetric jurisdiction clause in the agreement which permits only Manilow to advance...

Approach to Consumer Protection The CMA has indicated in its Approach to Consumer Protection that, over the first 12 months of the new regime, it will: home in on conduct causing the greatest possible harm to consumers and showing clear and obvious breaches of the new rules continue to give priority to areas of essential expenditure, supporting people who are facing pressure on household budgets undertake wide-ranging and ongoing engagement with businesses and produce further accessible guidance to help firms comply with the law The CMA will concentrate on what it deems the most egregious infringements of consumer law, such as: high-pressure sales tactics directly aimed at vulnerable consumers supplying consumers with information that is objectively untrue automatically unfair commercial practices, including the additional unfair practice of posting fake reviews fees that remain hidden until very late in the purchasing journey contract terms that are plainly one-sided and unfair, including those that impose unfair exit...

For adults-only websites offering pornography, gambling or alcohol sales, the position is straightforward: children must be kept out and stringent age checks are mandatory. By contrast, duties for other services are still being defined and are now seeing first-time enforcement. Under Regulation ( EU) 2022/2065, the EU Digital Services Act ( EU DSA), providers of online platforms that children can access must implement ‘appropriate and proportionate measures to ensure a high level of privacy, safety, and security of minors’. This wide-ranging obligation is due to be clarified by forthcoming guidance, with the Commission—responsible for enforcing the EU DSA—setting out what compliance entails. Although publication had been scheduled for this week, MLex understands the draft guidance has been postponed, with no fresh date yet confirmed. Alongside requiring platforms to limit harmful content, the Commission is weighing new rules in an upcoming consumer law that strike at the...

Key changes DMCCA 2024, Part 3 confers fresh, direct enforcement powers on the CMA in respect of specified consumer regulations. Those powers will apply under the new framework introduced by Part 4 of DMCCA 2024 (effective from 6 April 2025), while the predecessor Consumer Protection from Unfair Trading Regulations 2008 ( CPUTR 2008), SI 2008/1277, will continue to govern relevant actions—such as misleading statements and omissions—that took place before that date. The CMA may investigate suspected breaches of consumer protection law and, where a contravention is identified, direct companies to comply with remedial steps (for example, removing offending statements from public materials or communications) and/or levy a penalty of up to 10% of a company’s worldwide turnover, including the turnover of any parent company and subsidiaries. In addition, throughout an investigation, the CMA can require undertakings from a business, such as...

In this issue: New technologies Data protection Advertising, marketing and sponsorship Lex Talk®TMT: a Lexis®Nexis community Daily and weekly news alerts New and updated content Dates for your diary Trackers Useful information No Weekly Highlights on 24 April 2025 New technologies Commission opens consultation on AI in science strategy and guidelines The European Commission has started a consultation on a new European strategy for artificial intelligence in science, together with guidelines for responsible AI use in research. The initiative aims to harmonise AI uptake across Member States and establish a European AI research council. It sets out detailed guidance for researchers, research organisations and funders on using generative AI responsibly, addressing transparency obligations, data protection and research integrity. The consultation is open until 5 June 2025. See: LNB News 10/04/2025 43. Commission updates guidelines on...

Rukhadze and others v Recovery Partners GP Ltd and another [2025] UKSC 10 Background This appeal concerns the fiduciary ‘profit rule’. Fiduciaries, including trustees and company directors, owe a duty of loyalty to their beneficiary or principal (the person for whom they hold or administer property, eg the company in the case of a director). That duty includes a requirement that, where a fiduciary derives a profit by virtue of their position, they must account for that gain to the principal, unless the principal has given fully informed consent. The respondents to this appeal are a company incorporated in the British Virgin Islands (to which the claims of another such company have been assigned) together with an English LLP. The individual appellants were engaged by the respondents and occupied roles of trust and responsibility (for example serving as directors), thereby owing fiduciary duties to them. In...

In this issue: New technologies Information technology Internet Advertising, marketing & sponsorship Lex Talk®TMT: a Lexis®Nexis community Daily and weekly news alerts New and updated content Dates for your diary Trackers Useful information New technologies Futureproofing AI contracts The speed at which artificial intelligence ( AI) advances is continually increasing. A wave of enacted and forthcoming regulations aims to address the risks and challenges arising from developing and deploying the technology. This shifting landscape places demands on contract lawyers to ensure AI solutions used in service delivery are properly supported and evolved so they stay safe, secure, technically current, and compliant with the law. As customers’ needs can change at pace, the capacity to amend agreements or change suppliers is therefore vital. A range of safeguards and procedures can be embedded to...

The EU AI rulebook adopts a phased rollout: some headline provisions take effect from August 2025, with most following in 2026. As these milestones approach, organisations are rushing to interpret an opaque legal text. Uncertainty stems from doubts about Regulation ( EU) 2024/1689 (the AI Act), notably its relevance during development, any extraterritorial reach, the meaning of central legal concepts, and the limits of the scientific research and development exemption. Development phase The AI Act indicates it does not extend to research, testing, or development activities for AI systems or models before they are placed on the market or put into service. However, a European Commission question‑and‑answer paper on general‑purpose AI ( GPAI) recognises that certain duties for model providers, implicitly or explicitly, relate to the development stage. These include: Notifying the regulator if providers anticipate GPAI models will exceed the Act’s training compute...

Why do AI contracts differ from typical technology agreements and demand more flexibility? There are several ways in which AI contracts diverge from conventional technology agreements and therefore call for greater flexibility: New risks and applications. AI represents the latest shift in how technology services are delivered. Offerings vary widely by purpose, training and development, deployment, and territorial scope. As with open source code or agile development methods, AI pushes lawyers to craft bespoke warranties, procedures, and controls to address unfamiliar risks (eg data poisoning, biased outputs). Rapid change. AI is evolving and rolling out at speed, so obligations can become stale unexpectedly. At the same time, lawmakers are scrambling to tackle new AI concerns, producing fresh or amended rules (such as the EU AI Act) that can reset compliance expectations within months. Third-party data concerns. AI solutions...

Background The initial iteration of the MCC‑ AI appeared in September 2023 ahead of the EU AI Act, setting out a systematic route for sourcing AI. Following the EU AI Act’s formal entry into force on 13 June 2024, the Commission has updated the model clauses to better match regulatory expectations. The latest release comprises: a comprehensive edition for high‑risk AI systems a streamlined variant for non‑high‑risk AI systems a commentary detailing how to tailor and apply the clauses Why should companies get acquainted with the MCC- AI? The MCC‑ AI offers a practical framework for businesses buying or supplying AI services, by setting a shared baseline of obligations. The clauses foster alignment between parties on core compliance areas — transparency, risk management and accountability — consistent with the EU AI Act. By tailoring MCC‑ AI clauses to their...