Legal Practice Notes

This Practice Note explains open banking and relevant legal and commercial issues. It covers: Background The open banking standard Third party providers and authorisation Applicable law and regulations Contracting for open banking Effectiveness of implementation Key developments Open banking refers to deploying application programming interfaces ( APIs) to aggregate data and permit third parties to access (principally) current accounts with participating banks (and related data), subject to the account holder’s consent. A key aim of this access is to enable such third parties to design products and services for customers that are guided by the information they obtain and/or their ability, with the customer’s explicit consent, to initiate payments from in-scope accounts. The expectation is that these offerings, together with heightened customer awareness, will stimulate competition in the UK’s retail banking market. Open banking is closely linked to (and...

This Practice Note outlines the Network and Information Systems Regulations 2018 ( NIS Regulations), SI 2018/506, which gave effect in the UK to the Network and Information Systems Directive (the NIS Directive), Directive ( EU) 2016/1148. The NIS Regulations, as modified by a range of Brexit instruments, remain in force domestically. It explains the context and objectives of the regime, together with the duties placed on operators of essential services ( OESs) and relevant digital service providers ( RDSPs) under the NIS Regulations and the linked Assimilated Regulation ( EU) 2018/151 ( Assimilated DSP Regulation), insofar as it concerns RDSPs. Background to the NIS Directive The NIS Directive—also referred to as the Cybersecurity Directive or the Network and Information Security Directive—was passed by the European Parliament on 6 July 2016. EU Member States (including, at that time, the UK) were required to transpose the...

Net neutrality ‘ Net neutrality’ denotes the idea that the internet should operate without discrimination, ensuring every user enjoys the same opportunity to reach any online resource. Coined in 2003 by Tim Wu, a Columbia University media law scholar, the label sits within a wider set of principles upholding freedom in how the internet is used. Framed as a flexible answer to the technology sector’s evolving needs, it places decision-making over what people encounter online with the individual rather than the broadband company that provides their connection. In practice, this amounts to an open internet, where internet service providers ( ISPs) deliver connections and treat all content and services even-handedly, with service quality keeping pace with technological progress. Viewed through a legal lens, net neutrality is commonly expressed as a ban on limits and/or discriminatory measures that hinder people’s access to online material. The...

This Practice Note examines intellectual property ( IP) rights as they arise in the context of artist and songwriter-centred music deals. It specifically sets out the distinct rights inherent in a song and explains the various ways in which they may be commercially exploited. It also addresses matters relating to brand protection, AI, and image rights for musical artists. IP and other rights relevant in the music industry Copyright subsisting in music Copyright underpins, in practice, the licensing and commercial exploitation of songs and other musical works. It is important to recognise that there are different categories of copyright that may apply. Where the originality threshold is satisfied and the song is fixed in a tangible form, then the following will apply: copyright subsists in the musical composition (the score) as a musical work the song’s lyrics are...

Copyright is a proprietary right that grants the owner the exclusive ability to perform, and to permit others to perform, particular acts in relation to the work. Under UK law, as contained in the Copyright, Designs and Patents Act 1988 ( CDPA 1988), there is a closed list of categories eligible for protection, namely: original literary, dramatic, musical or artistic works sound recordings, films or broadcasts the typographical arrangement of published editions To qualify, a work falling within one of these categories must be fixed in some form. For example, writing down or electronically saving a song’s notes and lyrics creates a record that is protected, provided the work otherwise meets the CDPA 1988’s qualification requirements. For comprehensive guidance on those requirements and on subsistence generally, see Practice Notes:...

This Practice Note explains the rules that apply to UK mobile phones when they are used while roaming outside the UK. The regulation of roaming In telecoms, ‘roaming’ describes the capability for a mobile network customer to use their handset and continue to place and receive calls, send and obtain data, browse online, and access other communications services in another country beyond their home network’s footprint. Roaming operates through arrangements between customers’ domestic communications network operators and providers in other jurisdictions, which allow users to attach to overseas networks and roam on them. In return for these roaming privileges, communications network operators levy charges on one another. That additional cost is commonly passed by the home network to the customer. Historically, roaming—particularly for data use—was not regulated, which frequently led to the subscriber facing high charges. This was especially true where travellers were unaware of their...

This Practice Note outlines the key factors right holders should weigh when safeguarding and asserting their brands in the Metaverse. It addresses how to plan and define, from the outset, the ambit of trade mark or design protection, including spotting and closing protection gaps, and highlights matters to weigh up when licensing a brand for use in the Metaverse. On enforcement, the Practice Note addresses, among other matters: Ongoing monitoring of potential infringements; Tracing and identifying infringers; Assessing potential causes of action and navigating jurisdiction issues; Available remedies and common, general enforcement challenges; It finishes with practical pointers to assist right holders when protecting and enforcing their brands. What is the Metaverse? There is no universally agreed definition of the ‘ Metaverse’; however, it is widely understood to comprise immersive environments, frequently utilising augmented or virtual reality. The immersive...

This Practice Note provides an overview of media content regulation in the UK. The primary media regulators are: Broadcasting (television and radio) — Ofcom Press and magazines — Independent Press Standards Organisation ( IPSO) Advertising — Advertising Standards Authority ( ASA) Cinema and video — British Board of Film Classification ( BBFC) Video on demand ( Vo D) — Ofcom Video-sharing platforms ( VSPs) — Ofcom Social media platforms and search engines — Ofcom Broadcasting Ofcom oversees television and radio programme content by setting and enforcing codes that broadcasters must comply with. The key code for editorial standards is the Ofcom Broadcasting Code ( OBC). Broadcast advertising content is handled by the ASA—see Advertising below. In November 2025, Ofcom sought input on reforming broadcast regulation, inviting views on updates in three broad areas: licensing ...

ARCHIVED : This Practice Note has been archived and is not maintained. This Practice Note examines the rules for deciding which court has jurisdiction for the span between the UK’s departure from the EU on 31 January 2020 and the conclusion of the implementation period, which the EU refers to as the transition period. It considers whether the implementation period can be extended, whether the jurisdictional framework under the Brussels regime, including that set out in Regulation ( EU) 1215/2012, Brussels I (recast), applies during the implementation period, as well as the position after the implementation period. For a quick reference Brexit research aid that answers key questions on Brexit and includes helpful Brexit updates, research tips and resources, see: Brexit Bulletin—key updates, research tips and...

This Practice Note outlines and clarifies the principal legal and operational considerations tied to ending an IT outsourcing arrangement, and to the subsequent handing of the services either back to the customer in-house or over to a new provider. Termination—why the outsourced IT arrangement has ended This marks the closing and conclusive phase of the IT outsourcing life cycle. ( See Outsourcing lifecycle— UK-based IT services—flowchart and Outsourcing lifecycle—global sourcing of IT services—flowchart.) An IT outsourcing engagement may conclude for several causes, thereby prompting migration of the services to a successor supplier or a return to the customer, as appropriate. These comprise the following: expiry of the IT outsourcing agreement termination by a party for: convenience (though frequently only the customer holds this option) a general material breach by the other...

Introduction Valuation is needed at multiple stages in an IP asset’s life for diverse aims, including business or IP disposals, joint ventures, litigation outcomes, insolvency, financial reporting and tax matters (such as transfers between connected parties and transfer pricing). In every instance, a market value or arm’s length figure—or an arm’s length royalty for a licence—must be derived for a hypothetical transaction, ignoring owner‑specific synergies. There is no universal method; the chosen approach should reflect the putative deal and the level of robustness required, which depends on the asset’s significance, the nature of the transaction and the reason for valuing (eg loan security or a critical patent transfer). Comparison approach: references prices, bids or offers for comparable IP, often via specialist databases; typically a corroborative check due to scarce, non‑identical data and undisclosed...

STOP PRESS: On 19 June 2025, the Data ( Use and Access) Bill obtained Royal Assent, becoming the Data ( Use and Access) Act 2025 ( DUAA 2025), with elements taking effect that day. Measures addressing, among other things, responses to data subject access requests and the grant of powers to make further regulations commenced immediately on 19 June 2025. Other elements, including notices issued by the Information Commissioner and certain facets of law enforcement processing, began on 19 August 2025, two months after Royal Assent. The bulk of DUAA 2025 requires additional regulations, in the form of statutory instruments, before those provisions can start. Part 5 of DUAA 2025 revises aspects of the UK’s data protection and e Privacy framework, covering the United Kingdom General Data Protection Regulation, Assimilated Regulation ( EU) 2016/679 ( UK GDPR), the Data Protection Act 2018, and the...

This starter guide offers a primer on IP law. It is designed for trainee solicitors and anyone new to IP as a practice area. Inside you’ll find links to key IP materials on Lexis+® UK, alongside other Lexis+® UK resources that expand on the subjects discussed. Guidance is included on subscribing to the daily and weekly IP news alerts from Lexis+® UK. Newcomers will also find the Overviews within each IP subtopic helpful. These summaries outline the law for a specific right or issue and signpost relevant content within that subtopic to aid navigation. For example: Copyright & associated rights—overview and Copyright disputes—overview. If this guide does not address a point, you can explore additional Lexis+® UK material within the IP practice area. What do IP lawyers do? IP deals with intangible rights—copyright, database right, designs, trade marks and patents—and the legal frameworks that protect them. The field...

ARCHIVED: This Practice Note has been archived and is not maintained. IP law is among the most deeply harmonised branches of law within the EU, with much of the framework stemming from the EU through directives or regulations. For instance, EU rules allow applicants to obtain EU trade mark ( EUTM) and design registrations that deliver unitary protection across every EU Member State, as well as safeguarding unregistered designs on an equally extensive basis. Significant efforts have aimed to create uniform systems for the protection and enforcement of such rights throughout the EU, and many businesses have capitalised on the harmonised system to secure broad and cost-effective protection for their trade mark, design and other rights. Accordingly, the UK’s choice to depart the EU carries, potentially, a substantial impact for right holders. At 11 pm on 31 December 2020, the...

STOP PRESS: On 19 June 2025, the Data ( Use and Access) Bill attained Royal Assent, becoming the Data ( Use and Access) Act 2025 ( DUAA 2025) and partly commencing that same day. Provisions addressing matters such as handling data subject access requests and granting powers to make further regulations took effect immediately on 19 June 2025. Other elements, including notices from the Information Commissioner and certain aspects of law enforcement processing, commenced on 19 August 2025 (two months after Royal Assent). Most of DUAA 2025’s measures require additional regulations, in the form of statutory instruments, before they can be brought into force. Parts 5 and 6 modify aspects of UK data protection and e Privacy law, including the United Kingdom General Data Protection Regulation, Assimilated Regulation ( EU) 2016/679 ( UK GDPR), the Data Protection Act 2018 and the Privacy and...

STOP PRESS: On 19 June 2025, the Data ( Use and Access) Bill was granted Royal Assent, becoming the Data ( Use and Access) Act 2025 ( DUAA 2025), with parts taking effect on that day. Provisions dealing with matters such as handling data subject access requests, and the conferring of powers to create further regulations, commenced immediately on 19 June 2025. Other provisions, covering notices from the Information Commissioner and some aspects of law enforcement processing, took effect on 19 August 2025 (two months from Royal Assent). Most of DUAA 2025’s measures require additional regulations, in the form of statutory instruments, before they can commence. Parts 5 and 6 of DUAA 2025 amend elements of UK data protection and e Privacy law, including the United Kingdom General Data Protection Regulation, Assimilated Regulation ( EU) 2016/679 ( UK GDPR), the Data Protection Act 2018, and the Privacy and...

This Practice Note examines issues, considerations, and recommended approaches for sharing personal data among controllers—covering both joint controllers and independent controllers—in general, commonly encountered business-to-business commercial situations, in line with the United Kingdom General Data Protection Regulation, Assimilated Regulation ( EU) 2016/679 ( UK GDPR). It presumes a level of reader familiarity with the principal data protection concepts and terms, as well as the role and remit of the Information Commissioner’s Office ( ICO). For a high-level introduction to this topic and related issues, see: Data sharing and transactions—overview. For a higher-level introduction to UK data protection laws more generally, see Practice Note: Data protection law—new starter guide. The UK data protection law collection brings together further general guidance, including guidance on key terms used in the legislation and their meaning, and is a recommended starting point for data protection...

This Practice Note offers additional guidance on the principal definitions found in the United Kingdom General Data Protection Regulation, Assimilated Regulation ( EU) 2016/679 (the UK GDPR). For a high-level overview of UK data protection legislation, see Practice Notes: The UK General Data Protection Regulation ( UK GDPR) and Data protection law—new starter guide. The UK data protection law collection brings together further general guidance and is a recommended first point of reference for research. Scope of this Practice Note Given the significant volume of data moving between the UK and the EEA, corresponding EEA data protection rules remain particularly relevant to UK practitioners. There continues to be substantial similarity between: the EU GDPR (which was applicable under UK laws until the close of the Brexit implementation period at 11 pm UK time on 31 December 2020 and still applies within the EEA) the UK GDPR...

This Practice Note This Practice Note outlines how the United Kingdom General Data Protection Regulation, Assimilated Regulation ( EU) 2016/679 ( UK GDPR) operates differently for ‘public bodies’ (defined in the UK GDPR and also referred to as ‘public authorities’) and other public sector entities, when compared with private sector organisations. ‘ Assimilated law’ is the label applied to retained EU law ( REUL) that continues to have effect after the close of 2023. Re-labelling REUL (and related terminology) as assimilated law signifies a shift in its status and handling under UK law, namely that it is to be read by reference to ordinary domestic law and principles. From 1 January 2024, REUL becomes ‘assimilated’ into domestic law because, in general, it is divested of EU-derived interpretive effects (for example, the supremacy of EU law, directly effective rights, and the general...

This Practice Note sets out the requirements of the United Kingdom General Data Protection Regulation, Assimilated Regulation ( EU) 2016/679 ( UK GDPR), where a processor handles personal data for a controller in a commercial setting. It proceeds on the basis that readers are already familiar with core data protection concepts, terminology, and the functions of key regulators. For an initial overview of data protection law, consult the ‘key principles and concepts’ tab in the UK Data Protection toolkit, which is a recommended starting point for research. For a higher-level primer on this topic and connected matters, see: Data sharing and transactions—overview. This Practice Note also sits within the Data protection negotiation guide—controller: processor—collection, which practitioners drafting or negotiating data protection clauses between a controller and a processor may find helpful. In brief UK data protection legislation aims to ensure information about living people (within the scope of...