The UK Cyber Security and Resilience Bill

Share

Background

The UK government has recently announced that it plans to introduce a Cyber Security and Resilience Bill (Bill). The Bill seeks to update the 2018 Network and Information Security Regulations, which implemented the European Union (EU) NIS 1 Directive when the UK was a member of the EU.

A key driver behind the UK government’s plans is a desire to stay broadly aligned with evolving EU legislation, particularly with the significant expansion in scope of the new EU NIS 2 Directive. Once presented to Parliament, the Bill could become law by early 2026.

Continue reading “The UK Cyber Security and Resilience Bill”

New UK Consumer Laws on Fake Reviews, Subscription Contracts and Drip Pricing: Impact on US Businesses

Share

In May of this year, the UK Government passed the Digital Markets, Competition and Consumers Act (DMCC) into law. The DMCC is wide-ranging and covers three key areas: consumer law, digital markets, and merger and antitrust law.

In the first of our series of blog posts, we set out key points on the significant changes to consumer laws and regulatory enforcement powers of which US businesses selling to UK consumers need to be aware ahead of the law coming into force, which is expected to be later this year.

Continue reading “New UK Consumer Laws on Fake Reviews, Subscription Contracts and Drip Pricing: Impact on US Businesses”

UK AI Regulation Bill Proposes New AI Regulator

Share

While the focus of attention in the world of AI has been the EU AI Act: EU AI Act Agreed – Discerning Data in recent weeks, there have also been some other noteworthy legislative developments. On 22 November 2023, the Artificial Intelligence (Regulation) Bill (the “Bill”) was introduced to the UK Parliament and passed the first reading in the House of Lords. The Bill seeks to establish a central AI authority (“AI Authority”) to oversee the UK’s regulatory approach to AI. The proposal for an AI Authority comes after the UK Government formally announced a UK AI Safety Institute at the global AI Safety Summit at Bletchley Park (summarised here).

Whilst the Bill largely reflects the approach of the UK Government, this is a Private Members’ Bill (“PMB”). PMBs are legislative proposals introduced into one of the UK Houses of Parliament by ‘backbench’ members (members who are not Government Ministers). Most PMBs fail to pass unless the UK Government steps in to support their progress through the legislative process.

Continue reading “UK AI Regulation Bill Proposes New AI Regulator”

EU AI Act Agreed

Share

Late on Friday (December 8th), the European Union Commission, Parliament and Council concluded its “trilogue” negotiations for the EU Artificial Intelligence Act. The summary below is based on the information available to date. It will be some time before the definitive text is finalized and released since it will have to go through various committee stages and its legal language finalized in multiple languages.

Prohibited AI Applications

The following applications of AI will be prohibited:

Continue reading “EU AI Act Agreed”

Bletchley Park AI Safety Summit 2023

Share

On 1 and 2 November 2023, world leaders, politicians, computer scientists and tech executives attended the global AI Safety Summit at Bletchley Park in the UK. Key political attendees included US Vice President Kamala Harris, European Commission President Ursula von der Leyen, UN Secretary-General António Guterres, and UK Prime Minister Rishi Sunak. Industry leaders also attended, including Elon Musk, Google DeepMind CEO Demis Hassabis, OpenAI CEO Sam Altman, Amazon Web Services CEO Adam Selipsky, and Microsoft president Brad Smith.

Day 1: The Bletchley Declaration

On the first day of the summit, 28 countries and the EU signed the Bletchley Declaration (“Declaration”). The Declaration establishes an internationally shared understanding of the risks and opportunities of AI and the need for sustainable technological development to protect human rights and to foster public trust and confidence in AI systems. In addition to the EU, signatories include the UK, the US and, significantly, China. Nevertheless, there are notable absences, most obviously, Russia.

Continue reading “Bletchley Park AI Safety Summit 2023”

The European Commission Adopts Adequacy Decision on EU-U.S. Data Privacy Framework

Share

On 10 July 2023, the European Commission adopted its long-awaited adequacy decision for the EU-U.S. Data Privacy Framework (the DPF). With immediate effect, the adequacy decision provides a new lawful basis for transfers from the EU to the U.S. This means that companies that participate in the DPF are able to transfer data from the EU to the U.S. without relying on another data transfer mechanism, such as Standard Contractual Clauses (SCCs) or binding corporate rules (BCRs).

Background to the Adequacy Decision

Pursuant to Article 45(3) of the GDPR, the European Commission has the power, by means of an adequacy decision, to decide that a non-EU country has sufficient standards of data protection to be treated as equivalent to those afforded in the EU.

Continue reading “The European Commission Adopts Adequacy Decision on EU-U.S. Data Privacy Framework”

©2024 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Attorney Advertising.
Privacy Policy