Legal Practice Notes

FORTHCOMING CHANGE : This Practice Note captures the Digital Omnibus proposal issued on 19 November 2025, aligned with the European Commission’s ‘simplification’ drive. Please note that certain elements and details will be shaped by the political deal concluded by the European Parliament and the Council of the EU on 7 May 2026. This Practice Note will be revised following formal adoption of that agreement in due course. This tracker closely monitors the progress of the European Commission’s proposals for a Digital Omnibus, originally released on 19 November 2025. Background The simplification agenda On 12 February 2025, the Commission approved its 2025 Work Programme setting out key initiatives for the year ahead, including measures to streamline existing regulatory regimes. The 2025 Work Programme builds on the longer‑term framework established by the Competitiveness Compass, published in January 2025. Alongside the 2025 Work Programme, the Commission issued a...

CASE HUB ARCHIVED This archived case hub sets out the position as at the decision dated 23 April 2025 and is no longer updated or revised. See the timeline for more details and context. Case facts Overview: Commission investigation under the Digital Markets Act into Meta’s ‘pay or consent’ advertising model. Latest development On 23 April 2025, the Commission adopted an infringement decision and imposed fines totalling €200m on Meta for breaching the DMA duty to give consumers the option of a service that relies on less of their personal data. Parties Meta Platforms Inc ( Meta): a US-based technology conglomerate. Meta offers various online products and services to UK users, including well-known platforms such as Facebook, Instagram, and Whats App. Background On 5 September 2023, the Commission designated Meta (amongst other undertakings) as a ‘gatekeeper’, meaning it must comply with all obligations under the DMA......

Practice Note on financial technology ( Fintech) This Practice Note explores how EU institutions, the European Supervisory Authorities ( ESAs) — namely the European Securities and Markers Authority ( ESMA), the European Banking Authority ( EBA) and the European Insurance and Occupational Pensions Authority ( EIOPA) — together with the European Central Bank ( ECB), pursue innovation in the EU Fintech landscape while maintaining robust oversight. For details of Fintech strategies and initiatives by UK authorities and regulators, see Practice Note: UK regulation of financial innovations and fintech. For insight into supranational activity in this field, see Practice Note: Supranational regulation of financial innovations and Fintech. Technology’s role in delivering financial services is reshaping the industry. Fintech spans an extensive array of technology‑enabled financial services and products. Examples include crowdfunding platforms such as peer‑to‑peer lending, online payments and credit services, digital wallets and e‑money,...

This Practice Note outlines Directive ( EU) 2019/770 ( OJ L 136/1) on certain aspects of contracts for the supply of digital content and digital services—the EU Digital Content Directive ( EU DCD)—brought in as part of the European Commission’s Digital Single Market strategy. The EU DCD sets out a range of consumer rights and remedies for business-to-consumer ( B2C) agreements covering digital content or digital services, and is complemented by Directive ( EU) 2019/771 ( OJ L 136/28) on certain aspects concerning contracts for the sale of goods, the EU Sale of Goods Directive ( EU SGD). For more on the EU SGD, see Practice Note: The EU Sale of Goods Directive. The EU DCD entered into force on 11 June 2019. EU Member States had to adopt and publish the measures needed to comply by 1 July 2021 and to apply them from 1...

This Practice Note reviews the EU legal landscape for digital advertising, encompassing the programmatic purchase and sale of advertising inventory and real-time bidding ( RTB). It examines the legal considerations impacting the digital advertising supply chain, including data protection and privacy, consumer protection, competition, and specific developments for digital markets. It also assesses the key industry, trade and self-regulatory bodies that oversee and regulate these activities across the EU. Introduction Any communication of advertising or marketing material aimed at a particular individual, or group of individuals, however delivered—digitally, by telephone or through print—constitutes direct marketing. Direct marketing is subject to specific rules, especially concerning data privacy and consumer protection. When such material is delivered digitally, these considerations can become even more complex. The term ‘digital’ advertising is an umbrella concept covering the wide array of digital, online and social media channels available to...

Relevant news analysis The Lexis®PSL Banking & Finance team regularly issues EMIR-focused analysis, outlined below. 6 February 2017 - Documentation ‘processes’ are overwhelming market participants. Antony Bryceson, principal at AB Trading advisers, notes a rising belief that the 1 March 2017 cut-off for putting documentation in place-and thus securing regulatory compliance with the new variation margin ( VM) requirements-is unlikely to be met. 29 November 2016 - EMIR Review. This analysis examines the EMIR Review released by the European Commission pursuant to article 85(1) of the European Markets Infrastructure Regulation ( EMIR) on 23 November 2016. The Review outlines areas where consultation feedback and targeted input from various authorities show that measures are required to achieve EMIR’s objectives in a more proportionate, efficient and effective way. 7 October 2016 - ESMA’s proposals for SFTR and EMIR technical standards. On 30...

Introduction The ability to trade is fundamental to debt securities. Investors’ capacity to buy and sell them rests on: standardisation of terms and conditions (see Practice Notes on Terms and conditions of debt securities and Terms and conditions—first time issuer's guide) the fungible nature of the instruments (see Practice Note: Key legal issues in English law in debt capital markets—fungibility) the presence of a secure, efficient and liquid market—allowing rapid, straightforward sales at steady prices This market relies on a wide-ranging framework of systems and services, grouped into four main areas: mechanisms that generate, sustain, or provide access to liquidity (trading infrastructure) arrangements that remove counterparty non-completion risk in concluded sale and purchase contracts (clearing infrastructure) systems that facilitate delivery of securities from one holder to another in fulfilment of an agreed sale and purchase or other...

STOP PRESS : This Practice Note reflects the law as it currently stands; however, be aware that some elements will be affected by the Digital Omnibus proposals released on 19 November 2025 under the Commission’s ‘simplification’ agenda. For more detail, see Practice Note: EU Digital Omnibus—tracker. The European Strategy for Data seeks to build a single European data market by enabling responsible access, wider sharing and re-use of personal and non-personal data, in line with EU values and existing legislation, notably on personal data protection, consumer protection and competition rules. Regulation ( EU) 2022/868, the Data Governance Act ( DGA), reinforces governance within the single European market and creates a framework to enable both general and sector-specific data sharing, while Regulation ( EU) 2023/2854, the Data Act ( DA), concerns the substantive rights to access and use data. It is estimated that data...

This Practice Note delivers a succinct overview of cybersecurity challenges for life sciences businesses, coupled with practical guidance for EU-based organisations. It charts the EU regulatory landscape for cybersecurity, including the NIS 2 Directive, Medical Devices Regulations ( MDR and IVDR), the EU AI Act, the EU Cyber Solidarity Act, the EU Cyber Resilience Act, and the European Health Data Space Regulation ( EHDS), and outlines compliance duties alongside the sanctions or enforcement outcomes for non-compliance. It also identifies key regulatory authorities and industry bodies, and closes with insights into legislative trends and the likely direction of travel... The cybersecurity landscape in the life sciences sector The life sciences sector—covering R& D of pharmaceuticals, medical devices and biotechnology; clinical trials; and healthcare services—now embeds digital technologies such as telemedicine, health apps and artificial intelligence to enhance operations and drive innovation. This digital shift, however, brings...

STOP PRESS This Practice Note sets out the law as it currently stands in legislative terms, but note that certain elements will be materially affected by the Digital Omnibus proposals issued on 19 November 2025 under the Commission’s ‘simplification’ programme. For further information and updates, see Practice Note: EU Digital Omnibus—tracker. It offers, by way of summary, a concise, high-level survey of EU cybersecurity legislation and regulation at EU level, with particular emphasis on: Regulation ( EU) 2016/679, the EU General Data Protection Regulation ( EU GDPR) Directive ( EU) 2022/2555, the EU’s second Network and Information Systems Directive ( NIS 2 Directive), which superseded and replaced Directive ( EU) 2016/1148, the NIS Directive Directive ( EU) 2022/2557, the EU Critical Entities Resilience Directive ( CER Directive) Directive 2002/58/ EC, the EU e Privacy Directive Directive ( EU)...

This Practice Note outlines the material, personal and territorial reach and application of Regulation ( EU) 2024/2847, the EU Cyber Resilience Act ( CRA). It further sets out how products are categorised under the CRA, including non‑critical, important and critical products. For further background on the CRA and the key obligations placed on economic operators, see the following Practice Notes: The EU Cyber Resilience Act—overview and regulatory framework The EU Cyber Resilience Act—obligations, compliance and enforcement The CRA is the first EU measure of its kind, imposing mandatory cyber security standards for ‘products with digital elements’ across the Union. Items failing to satisfy these requirements will be barred from sale on the EU market from December 2027 onwards. Meeting the CRA will therefore be vital for market entry into the EU for both hardware and software....

This Practice Note sets out the responsibilities of manufacturers, authorised representatives, importers and distributors under Regulation ( EU) 2024/2847, the EU Cyber Resilience Act ( CRA). It further considers enforcement and sanctioning under the CRA and explains what the new obligations mean for organisations in practical terms. For additional background and scope on the CRA, see the following Practice Notes: The EU Cyber Resilience Act—overview and regulatory framework The EU Cyber Resilience Act—scope and classification of products The CRA is landmark EU legislation introducing mandatory cybersecurity requirements for ‘products with digital elements’ across the EU. Any product that fails to meet those requirements will be ineligible for placement on the EU market from December 2027. Accordingly, adherence to the CRA will be critical for securing access to the EU market for both hardware and software products....

This Practice Note reviews Regulation ( EU) 608/2013 (the Customs Regulation). This Practice Note: explores the obligations under the Customs Regulation assesses how the framework differs from the earlier EU customs regime offers practical pointers for shaping a border detention plan and completing the ‘application for action’ ( AFA) The requirements of the Customs Regulation and changes from the previous system The Customs Regulation broadened and refined many aspects of its forerunner, Regulation ( EC) 1383/2003, while leaving core principles largely intact. In brief, it empowers customs authorities across all EU Member States to seize and destroy goods found to infringe specified IP rights. See below for which IP rights are in scope. Customs officials may detain items they suspect breach the IP rights of rights holders who have recorded those rights with customs. Once goods are held, responsibility rests with the rights holder to confirm that the items are...

This Practice Note outlines details of the Central Securities Depositories Regulation ( EU) 909/2014 ( EU CSDR). Development of the EU CSDR Central securities depositories ( CSDs) safekeep securities in dematerialised form and deliver clearing and settlement services to market participants. They underpin infrastructure and are integral to smooth market functioning. Recognising their systemic role in securities markets, and in the wake of the financial crisis, the Commission tabled a draft Regulation in March 2012 to strengthen securities settlement and establish rules for CSDs. The proposal aimed to enhance settlement efficiency and bring CSDs under a clear regulatory framework throughout the Union. Building on that initiative, EU CSDR appeared in the Official Journal of the EU on 28 August 2014 and took effect on 17 September 2014. EU CSDR seeks to make sure that securities transactions are cleared and settled securely and within appropriate...

This FLASHCARD aids you in taking in or recalling the key points on the EU CSDR settlement discipline regime, covering, in particular, reporting, allocation and confirmation requirements as well as the mandatory buy-in and cash penalty procedures in scope. What is the EU CSDR settlement discipline regime? The settlement discipline regime under the EU CSDR ( Regulation ( EU) 909/2014) is a suite of measures intended to prevent settlement fails and to deal with them when they do occur. The measures set out below include: central securities depositories ( CSDs) reporting settlement fails to the competent authorities investment firms obliging their professional clients to supply, on the business day the trade is concluded (or, for late trading, or where time zones differ by over two hours, by 12.00 CET on the following business day), an allocation of securities or cash to the trade, specifying the accounts to be...

What is clearing of derivatives? Clearing is the mechanism that removes the usual risk that a counterparty to a derivatives trade might default. The key participants in the clearing process are: a financial institution known as a clearing house or central counterparty ( CCP) other financial institutions, typically banks or brokers, that enter a clearing agreement with the clearing house—these are the clearing members, or simply clearing firms In cleared transactions: all trades are undertaken by clearing members, either for their own books or on behalf of their clients the clearing house inserts itself between the members to each trade, becoming party to every contract—each side, therefore, bears the CCP’s risk rather than the other party’s The manner in which the clearing house sits between the clearing members depends on whether it uses: the principal model—in this arrangement the clearing members ( Clearing Member A and Clearing Member B) enter into a...

Scope of this Practice Note This Practice Note examines EU supervision of crowdfunding platforms from a financial services angle, centring on Regulation ( EU) 2020/1503 (the ECSP Regulation). It summarises the actions taken by EU institutions in this field and notes the UK government’s response. It also outlines the subordinate level 2 measures the European Commission must adopt under PSD2, and provides a concise overview of the level 3 material released by the European Securities and Markets Association ( ESMA). The Note additionally highlights which forms of crowdfunding fall within, and which lie outside, the scope of regulation, with further detail in Practice Note: The UK regulation of crowdfunding platforms—essentials. Types of crowdfunding There are three main forms of crowdfunding, each defined by what the funder receives: Investment model — individuals invest in return for a share of the profits or revenue generated by the...

This Practice Note summarises Directive 2008/52/ EC of the European Parliament and of the Council of 21 May 2008 concerning particular aspects of mediation in civil and commercial matters. It explains the Directive’s application and terminology, and explores the mediation framework it establishes, including access to quality mediation, the European Code of Conduct for Mediators, confidentiality, and the handling of limitation and prescription periods. It also considers the enforceability of settlement agreements reached through mediation. For details on the Directive’s implementation and evaluation, see Practice Note: —implementation. Definitions Article 3 of the Directive sets out two key definitions: mediation—refers to a structured process, whatever its label, in which two or more parties to a dispute, acting voluntarily, seek to agree terms to resolve their dispute with the support of a mediator. The process may begin at the parties’ initiative, be proposed or ordered by a...

STOP PRESS : This Practice Note sets out the current legislative landscape; please note, however, that parts will be affected by the Digital Omnibus proposals released on 19 November 2025 under the Commission’s ‘simplification’ agenda. For further details, see Practice Note : EU Digital Omnibus—tracker. This Practice Note outlines the main features of Directive ( EU) 2022/2557 on the resilience of critical entities—the EU Critical Entities Resilience Directive ( CER Directive)—covering its scope, principal duties for critical entities, the sanctions framework and what the new obligations mean for organisations in practice. The CER Directive forms part of the EU’s wider drive to bolster the resilience of critical infrastructure across sectors. It is not chiefly a cybersecurity instrument, yet it overlaps with cybersecurity because cyber incidents can endanger the resilience of critical entities, alongside other risks such as natural hazards, terrorism, insider threats,...

Purpose of the Credit Institutions ( Reorganisation and Winding Up) Directive The Credit Institutions ( Reorganisation and Winding Up) Directive 2001/24/ EC ( CIWUD) was introduced to guarantee that a credit institution, together with its branches in other Member States, is reorganised or wound up in line with the principles of unity and universality, meaning there is a single set of insolvency proceedings in which the credit institution is handled as one single entity. Accordingly, the CIWUD therefore ensured that the institution’s assets, wherever they are found, are captured within a single, unified winding‑up procedure, thereby removing the confusion and uncertainty associated with any secondary proceedings. The CIWUD sought to prevent the separation of assets of the credit institution so that creditors outside of the......