Ofcom issues guidance on mandatory age checks for pornographic content services

Last week we wrote about Ofcom’s new guidance on protecting children under the Online Safety Act 2023.  Among other things, it requires age assurance requirements for online services allowing pornographic content. From 25 July 2025, affected services must implement ‘highly effective age assurance’ measures to prevent under-18s from accessing such content. The requirements apply to services within scope of the Online Safety Act 2023, with Ofcom sending notification letters to hundreds of services whose primary purpose is hosting pornographic material.

Ofcom launches consultation on extending Online Safety Act user controls

Ofcom is consulting about amendments to the Illegal Content Codes of Practice under the Online Safety Act. The amendments would extend blocking and muting controls and comment disabling features to smaller user-to-user service providers likely to be accessed by children. The consultation ends on 22 July 2025.

Ofcom establishes Online Information Advisory Committee under Online Safety Act 2023

Ofcom has established its Online Information Advisory Committee under section 152 of the Online Safety Act 2023. Five expert members have been appointed to the committee for three-year terms.  The Committee will advise on misinformation and disinformation matters from 1 May 2025. The Committee will support Ofcom’s statutory duty to ensure platforms address illegal content and child-harmful material through appropriate systems, without making decisions on individual content.

CMA publishes guidance on 4Ps under the Digital Markets Competition Regime

The CMA has set out how the CMA plans to implement the so-called 4Ps under the digital markets competition regime. Through pace, predictability, proportionality and process, it says that it will promote business trust and confidence, encourage investment and innovation and deliver positive outcomes for UK businesses and consumers.  It sets out the approach the CMA will take, including how the CMA will pursue deeper collaboration with stakeholders to inform its work; ensure transparency around prioritisation of investigations and interventions and deliver efficient and streamlined processes to ensure stakeholders can meaningfully engage with its work. 

FCA publishes engagement paper for AI live testing

The Financial Conduct Authority has published an engagement paper for its proposal for AI Live Testing. The proposal builds on the FCA’s new five-year strategy which sets out how it aims to support growth through a tech-positive approach. It also aims to support the FCA to be a smarter regulator by embracing data and technology to be more effective and efficient. The FCA has asked for feedback on the engagement paper by 10 June 2025.

ICO issues statement following ramsomware attack on British Library

In October 2023, the British Library reported a ransomware attack to the ICO, which escalated because of the lack of multi-factor authentication on an administrator account.  Following the incident, the British Library published a cyber incident review in March 2024, which provided an overview of the cyber-attack and key lessons learnt to help other organisations that may experience similar incidents.  Having carefully considered this particular case, the Information has Commissioner decided that, due to its current priorities, further investigation would not be the most effective use of its resources. It has provided guidance to the British Library, which has reassured the ICO about its commitment to continue to review and ensure that appropriate security measures are in place to protect people’s data. 

The post This Week’s Techlaw News Round-up appeared first on Society for Computers & Law.

How do their legal systems address issues of safety in the digital age, privacy rights, and the interests of Indigenous communities? And in what ways do they align with, or diverge from, international standards set by Europe and the United States?

In this episode, host Mauricio Figueroa is joined by three experts to discuss the policy and normative landscape of Australia and New Zealand. Tune in for an interesting conversation and through-provoking conversation about privacy and tech in these two countries. Listen to the episode here: https://bit.ly/3Yquyz8

The Panel:

Mauricio Figueroa is a legal scholar and educator. His area of expertise is Law and Digital Technologies, and has international experience in legal research, teaching, and public policy. He is the host of the SCL podcast “Privacy and Technology Laws Around the World”.

Andelka Philipps is an academic and writer and her research interests are broadly in the areas of Technology Law, Privacy and Data Protection, as well as Medical Law, Intellectual Property, Cyber Security, and Consumer Protection. She has taught in law schools in four countries: the United Kingdom; the Republic of Ireland; New Zealand; and Australia. She is currently an Affiliate with the Bioethics Institute Ghent, Ghent University, Belgium and an Academic Affiliate with the University of Oxford’s Centre for Health, Law and Emerging Technologies (HeLEX). She is also an Associate Editor for the Journal of the Royal Society of New Zealand (JRSNZ), the first to be appointed from the discipline of Law. www.andelkamphillips.com

John Swinson is a former partner of a major international law firm and has 30 years of law firm experience in NY and Australia, with principle focus on technology law and intellectual property law. He is a Professor of Law at The University of Queensland, where he teaches privacy law, cybersecurity law, and Internet & IT law.

Raffaele Ciriello is Senior Lecturer in Business Information Systems at the University of Sydney, whose research focuses on compassionate digital innovation and the ethical and societal impacts of emerging technologies. His work critically examines issues of digital responsibility, decentralised governance, and public interest technology, with recent projects spanning AI companions, blockchain infrastructures, and national digital sovereignty.

About the podcast

Join host Mauricio Figueroa and guests on a tour of tech law from across the globe. Previous episodes have focused on the use of ‘robot judges’ in several jurisdictions and developments in India, the USA and Japan. Future episodes will look at South America, Africa and Europe.

Where to listen

• podcasts.scl.org
• Spotify
• Apple
• Amazon

The post SCL Podcast “Technology & Privacy Laws Around The World” – Episode 5: Australia and New Zealand appeared first on Society for Computers & Law.

Over seven episodes, recorded in November 2024, Ben Evans, Shruti Hiremath and guests will look beyond the current position to identify some of the pressures the changing landscape will bring to bear.

Episode 4: The EU Data Act and Cloud Analogies

Are analogies between cloud and open banking and telecoms appropriate? A deep dive into the EU Data Act and the potential unintended consequences

Building on the discussion in episode 3, this episode 4 analyses the cloud provisions of the EU Data Act with reference to an influential and widely cited paper co-authored by Ben Evans and Sean Ennis. The panel explore the concept of ‘equivalence’ between cloud services and question the merits of the controversial ‘functional equivalence’ requirement, which is designed to boost switching between cloud providers. This leads to a discussion over whether the analogy between cloud computing services, which exhibit high degrees of feature complexity and innovation, and banking services, which exhibit both a limited number of key features and a relatively low level of innovation, is appropriate. As articulated by the authors in an earlier SCL article, it is suggested that these two differences are critical for considering the nature and focus of future cloud regulation and may limit the value of analogies to prior experiences with portability and interoperability. Moreover, the panel considers the authors’ observation that a significant number of cloud customers already have the possibility and incentive to account ex ante at contract stage for the trade-off between complexity and customisation in service functionality and ease of portability and interoperability. The discussion turns attention to profound concerns that the Data Act may have the unintended consequences of disincentivising innovation, strengthening the position of incumbents, and harming smaller cloud service providers by inter alia effectively commoditising cloud services to the extent that competition is reduced to price competition.

Panel

Ben Evans (Chair) is a Postgraduate Researcher at the School of Law and Centre for Competition Policy, University of East Anglia. He is a member of the LIDC Scientific Committee.

Shruti Hiremath is Counsel in the Clifford Chance Antitrust Team in London.

Lauren Murphy is Founder and CEO of Friday Initiatives.

Sean Ennis is Director of the Centre for Competition Policy and a Professor of Competition Policy at Norwich Business School, University of East Anglia.

The LIDC NEX GEN Podcast Series on ‘Competition in Cloud and AI’ explores some the most topical and hotly debated questions  with a panel of leading international experts from academia, legal practice and industry.

The series was recorded  on 7 November 2024, and the views and opinions expressed therein reflect the legal context and state of affairs up to that date.

You can also watch or listen via the LIDC website, YouTube and Spotify.

The post Exploring Competition in Cloud and AI Podcast: Episode 4: The EU Data Act and Cloud Analogies appeared first on Society for Computers & Law.

It says that it is critical that viewers can easily find and discover the diverse range of high-quality content public service broadcasters (PSBs) offer for UK audiences, including trusted and accurate news. The Media Act 2024 introduced a new online availability and prominence regime for how PSB TV players – such as BBC iPlayer, ITVX, Channel 4 stream, 5, STV player, S4C Clic – are distributed on connected TV platforms – referred to in the Act as television selection services.

Television selection services designated by the Secretary of State for Culture, Media and Sport will be required to ensure designated PSB TV players and their content are available, prominent, and easily accessible. BBC iPlayer will be automatically designated under the legislation, but Ofcom will designate the other PSB TV players.

Following a consultation, Ofcom has now set out the principles and methods it intends to follow in preparing its recommendations to the Secretary of State on which television selection services should be designated.

Ofcom will:

• Proceed with its proposed principles and methods for assessing the number of users of services in the UK.
• Consider the number of people using such services and the manner of use;
• Consider a service to be capable of functioning as a regulated service if it can carry the designated PSB players, can present TV players and programmes with different levels of prominence, and can include features to ensure players and programmes are accessible to people with disabilities.

In Summer 2025, it will consult on our recommendations on the designation of television selection services, before submitting its final report to the Secretary of State.

The post Ofcom sets out principles and methods for designation of television selection services under Media Act 2024 appeared first on Society for Computers & Law.

The guidance includes more than 40 measures for tech firms to meet their duties under the Online Safety Act. These will apply to sites and apps used by UK children in areas such as social media, search and gaming. The steps include preventing minors from encountering the most harmful content relating to suicide, self-harm, eating disorders and pornography. Online services must also act to protect children from misogynistic, violent, hateful or abusive material, online bullying and dangerous challenges.

Ofcom’s Codes demand a ‘safety-first’ approach in how tech firms design and operate their services in the UK. The measures include:

• Safer feeds. Personalised recommendations are children’s main pathway to encountering harmful content online. Any provider that operates a recommender system and poses a medium or high risk of harmful content must configure their algorithms to filter out harmful content from children’s feeds.
• Effective age checks. The riskiest services must use highly effective age assurance to identify which users are children. This aims to ensure that they can protect them from harmful material, while preserving adults’ rights to access legal content. That may involve preventing children from accessing the entire site or app, or only some parts or kinds of content. If services have minimum age requirements but are not using strong age checks, they must assume younger children are on their service and ensure they have an age-appropriate experience.
• Fast action. All sites and apps must have processes in place to review, assess and quickly tackle harmful content when they become aware of it.
• More choice and support for children. Sites and apps are required to give children more control over their online experience. This includes allowing them to indicate what content they don’t like, to accept or decline group chat invitations, to block and mute accounts and to disable comments on their own posts. There must be supportive information for children who may have encountered, or have searched for harmful content.
• Easier reporting and complaints. Children must have straightforward ways to report content or complain, and providers should respond with appropriate action. Terms of service must be clear so children can understand them.
• Strong governance. All services must have a named person accountable for children’s safety, and a senior body should annually review the management of risk to children.

Providers of services likely to be accessed by UK children now have until 24 July to finalise and record their assessment of the risk their service poses to children, which Ofcom may request. They should then implement safety measures to mitigate those risks, From 25 July 2025, they should apply the safety measures set out in our Codes to mitigate those risks.

If companies fail to comply with their new duties, Ofcom has the power to impose fines and – in very serious cases – apply for a court order to prevent the site or app from being available in the UK.

In recent weeks, it has been suggested that the UK government is coming under pressure from the US government to reduce the protections in the Online Safety Act as part of a UK-US trade deal. In addition, the government has been keen that regulators prioritise growth. However, the Times reported on 24 April that Peter Kyle, the technology secretary, said that he was not afraid to encourage Ofcom to use their powers to fine technology companies over breaches.

Ofcom has also announced that it is consulting on proposals that seek to expand blocking and muting user accounts and disabling comments measures in the Illegal Content Codes to a wider range of services. This is because it now considers that it would be proportionate for these measures to apply to certain smaller services that are likely to be accessed by children. The consultation ends on 22 July.

The post Ofcom publishes final guidance on protecting children under Online Safety Act 2023 appeared first on Society for Computers & Law.

Over seven episodes, recorded in November 2024, Ben Evans, Shruti Hiremath and guests will look beyond the current position to identify some of the pressures the changing landscape will bring to bear.

Episode 3: Dissecting Cloud Competition

The investigations of the UK CMA and an introduction to the EU Data Act.

In episode three, the panel begin exploring the five-fold concerns raised by the UK CMA in its issues statement in relation to its cloud market investigation. First, the authority has expressed concern that potential market concentration may be limiting choice. Although a number of large firms hold substantial market share in public cloud, the existence of on-premises and hybrid cloud solutions may temper concerns. Second, the CMA is worried that data transfer fees may prohibit switching, an issue that has been addressed in the EU under the cloud provisions of the recently enacted Data Act. Third, there is a concern that impediments to portability and interoperability may create dependencies or impair customers’ ability to move assets and to integrate across providers. Although such concerns may be valid, the panel considers the reality that market-based solutions are already developing, with industry consortia and voluntary standards bodies emerging without the need for regulatory interference. Fourth, the CMA has considered whether committed spend agreements limit customer flexibility and cause lock-in. Any intervention should be mindful of the benefits of such agreements to consumers in terms of cost savings and price stability. Finally, unfair licensing practices have come under scrutiny and there is a legitimate question as to whether some large providers may restrict competition by, for example, requiring additional fees or adherence to restrictive terms when customers use software from rival providers.[1]

While there has been substantial regulatory interest in Japan, the Netherlands, South Korea and France, all of which have completed cloud market studies, and in Spain and the USA, which have started investigations, the UK authority has advanced arguably the most detailed research and analysis of competition in the sector. The panel observes that despite this, the initial conclusions reached by the CMA and the referring authority Ofcom do not necessarily follow from the empirical market research that underpins their respective studies. Indeed, this is an issue that has been raised by Ben Evans and Sean Ennis in their co-authored consultation responses to the CMA and Ofcom. The evidence suggests that generally customers are on the ‘way in’ on their cloud journey and that, as opposed to provider restrictions, one of the key factors leading to lock-in may be that those firms do not yet have the in-house technical capability to initiate cost and time efficient switch.

[1]  Since the recording of the podcast, the CMA has published its Provisional Decision Report on 28 January 2025. Further details are available at: https://www.gov.uk/cma-cases/cloud-services-market-investigation#provisional-findings.

Panel

Ben Evans (Chair) is a Postgraduate Researcher at the School of Law and Centre for Competition Policy, University of East Anglia. He is a member of the LIDC Scientific Committee.

Shruti Hiremath is Counsel in the Clifford Chance Antitrust Team in London.

Lauren Murphy is Founder and CEO of Friday Initiatives.

Sean Ennis is Director of the Centre for Competition Policy and a Professor of Competition Policy at Norwich Business School, University of East Anglia.

The LIDC NEX GEN Podcast Series on ‘Competition in Cloud and AI’ explores some the most topical and hotly debated questions  with a panel of leading international experts from academia, legal practice and industry.

The series was recorded  on 7 November 2024, and the views and opinions expressed therein reflect the legal context and state of affairs up to that date.

You can also watch or listen via the LIDC website, YouTube and Spotify.

The post Exploring Competition in Cloud and AI Podcast: Episode 3 – Dissecting Cloud Competition appeared first on Society for Computers & Law.

Courts and Tribunals Judiciary publishes updated AI guidance and introduces Copilot Chat for judges

The Courts and Tribunals Judiciary has published updated guidance to help judicial office holders to use AI. It updates and replaces the guidance document issued in December 2023. It sets out key risks and issues associated with using AI and some suggestions for minimising them. Examples of potential uses are also included. Any use of AI by or on behalf of the judiciary must be consistent with the judiciary’s overarching obligation to protect the integrity of the administration of justice. The guidance also introduces a private AI tool, Microsoft’s “Copilot Chat”, which is now available on judicial office holders’ devices through eJudiciary. This guidance applies to all judicial office holders under the Lady Chief Justice and Senior President of Tribunal’s responsibility, their clerks, judicial assistants, legal advisers/officers and other support staff.

Ofcom investigates misuse of telephone numbers

Ofcom is investigating if communications provider Primo Dialler has misused numbers sub-allocated to it, including to perpetrate scams. Ofcom allocates telephone numbers, usually in large blocks, to telecoms firms. They can then transfer the numbers to individual customers or other businesses. In line with Ofcom’s consumer protection rules and industry guidance, phone companies must not misuse numbers which have been sub-allocated to them. Services must also ensure numbers are being used correctly in accordance with the National Telephone Numbering Plan. Ofcom believes that the numbers sub-allocated to Primo Dialler are potentially being misused, including to facilitate scams. Its investigation will seek to establish whether Primo Dialler is complying with its obligations, specifically neral Conditions B1.8, B1.9(b), B1.9(c), and the Communications Act S128(5). The investigation falls under Ofcom’s enforcement programme, launched last year, looking specifically at phone and text scams. The aim of the programme is to protect customers by supporting best practice in the use of phone numbers and to ensure providers are following Ofcom’s rules. If Ofcom has reasonable grounds to suspect that rules have been broken, it may launch further investigations.

Ofcom takes action regarding “Global Titles” in mobile sector

Mobile operators use Global Titles as routing addresses for the exchange of signalling messages between 2G and 3G mobile networks and to support their provision of mobile services. Ofcom has now announced new rules to ban their leasing. This is because criminals can use Global Titles to intercept and divert calls and messages, and obtain information held by mobile networks. This could, for example, enable them to intercept security codes sent by banks to a customer via SMS message. In extreme cases they can be exploited to track the physical location of individuals anywhere in the world. The ban on entering new leasing arrangements is effective immediately. For leasing that is already in place, the ban will come into force on 22 April 2026. This will give legitimate businesses who currently lease Global Titles from mobile networks time to make alternative arrangements.  Alongside this, Ofcom has published new guidance for mobile operators on their responsibilities to prevent the misuse of their Global Titles.

ICO fines law firm £60,000 following cyber attack

The ICO has fined Merseyside-based DPP Law Ltd (DPP) £60,000, following a cyber attack that led to highly sensitive and confidential personal information being published on the dark web. It found that DPP failed to put appropriate measures in place to ensure the security of personal information held electronically. This failure enabled cyber hackers to gain access to DPP’s network, via an infrequently used administrator account which lacked multi-factor authentication and steal large volumes of data. DPP specialises in law relating to crime, military, family fraud, sexual offences, and actions against the police. The very nature of this work means it is responsible for both highly sensitive and special category data, including legally privileged information. As the information stolen by the attackers revealed private details about identifiable individuals, the ICO highlights that DPP has a responsibility under the law to ensure it is properly protected. In June 2022, DPP suffered a cyber-attack which affected access to the firm’s IT systems for over a week. A third-party consulting firm established that a brute force attempt gained access to an administrator account that was used to access a legacy case management system. This enabled cyber attackers to move laterally across DPP’s network and take over 32GB of data, a fact DPP only became aware of when the National Crime Agency contacted the firm to advise information relating to their clients had been posted on the dark web. DPP did not consider that the loss of access to personal information constituted a personal data breach, so did not report the incident to the ICO until 43 days after they became aware of it.

ICO fines compensation company £90,000 for unlawful marketing calls

The ICO has also fined AFK Letters Co Ltd (AFK) £90,000 for making more than 95,000 unsolicited marketing calls to people registered with the Telephone Preference Service, in a clear breach of electronic marketing laws. AFK writes letters seeking compensation and refunds for its customers. Between January and September 2023, AFK used data collected through its own website and a third-party telephone survey company to make 95,277 marketing calls without being able to demonstrate valid and specific consent from the people contacted. Despite AFK claiming it could not provide evidence of consent because it deleted all customer data after three months, when challenged by the ICO, it was also unable to provide consent records for several calls made within a three-month timeframe. AFK’s third-party data supplier was using consent statements which did not specifically name AFK when asking the public for consent to be called. Additionally, AFK’s own privacy policy only mentioned contact by email, and did not state that people would also receive phone calls. The ICO’s investigation found that AFK failed to comply with Regulation 21 of the Privacy and Electronic Communications Regulations.

EU law

European Commission consults on revision of EU Cybersecurity Act

The European Commission is consulting about revising the 2019 EU Cybersecurity Act. The consultation focuses on the European Union Agency for Cybersecurity mandate, the European Cybersecurity Certification Framework, and ICT supply chain security. It aims to simplify cybersecurity rules and streamline reporting obligations. The consultation ends on 20 June 2025.

Irish Data Protection Commission announces inquiry into X

The DPC has announced an inquiry into the processing of personal data comprised in publicly-accessible posts posted on the ‘X’ social media platform by EU/EEA users, for the purposes of training generative AI models, in particular the Grok Large Language Models (LLMs). The inquiry will examine compliance with the GDPR, including the lawfulness and transparency of the processing. Grok is the name of a group of AI models developed by xAI. They are used, among other things, to power a generative AI querying tool/chatbot, which is available on the X platform. Like other modern LLMs, the Grok LLMs have been developed and trained on a wide variety of data. The DPC’s inquiry considers a range of issues concerning the use of a subset of this data which was controlled by X, that is, personal data in publicly accessible posts posted on the X social media platform by EU/EEA users. The purpose of the inquiry is to determine if the personal data was lawfully processed to train the Grok LLMs. The DPC has notified X of its decision to conduct the inquiry under Section 110 of the Irish Data Protection Act 2018.

Coimisiún na Meán publishes Strategy Statement and Work Programme

Coimisiún na Meán has published its first three-year strategy, which sets out its vision for the media landscape in Ireland. The Strategy Statement 2025-2027 is accompanied by a 2025 Work Programme, which lists priority projects across Coimisiún na Meán’s remit of online safety, media sector development and regulation.  The Strategy Statement 2025-2027 is built on six key outcomes: children, democracy, trust, diversity and inclusion and public safety. Among the priority projects outlined in Coimisiún na Meán’s 2025 Work Programme are the development of a pilot programme for children at imminent risk of harm from online content, the development of an Election Integrity Strategy across all media sources, the creation of educational materials relating to online hate, the preparation of a new Broadcasting Services Strategy and a revised Media Plurality Policy, and the continuation of the Sound & Vision and Journalism funding Schemes.

The post This Week’s Techlaw News Round-up appeared first on Society for Computers & Law.

The Committee highlights that the UK government has described raising growth as its number one mission and has a target for the UK to achieve the highest rate of sustained growth in the G7. Currently the UK is not on course to meet that target, and the Committee says that a closer relationship with the UK’s largest export market, the EU, is mission critical to helping realise ambitions for growth. 

Among other things, it has made the following recommendations which may be of interest to tech lawyers:

• Any new UK-EU security arrangements should include an explicit recognition that it would be mutually beneficial to act together to guard the critical national infrastructure on which the UK and EU business community depends.

• The UK should work closely with the EU to strengthen coordinated action against non-market economies that undermine the international trading system through unfair practices, including abuse of forced labour, industrial subsidies, state-owned enterprise advantages, and forced technology transfers. Enhancing cooperation on trade defence instruments—such as anti-subsidy and anti-dumping measures—along with alignment of safeguards against use of forced labour in supply chains will help ensure a more effective and consistent response to market distortions that threaten fair competition.

• The Committee recommends that the UK government consults with the business community, unions, workers and consumer groups and identifies sectors of the economy where, over the next ten years, there will be mutual gains from maximising compatible regulation with the EU. This should include an assessment of the flexibilities the UK might need to maintain membership of existing trade deals like CPTPP, and to agree the free trade deals currently under negotiation with Switzerland, the Gulf Cooperation Council and India. Where there is significant mutual gain from compatible regulation with the EU, the government should commit to a regulatory roadmap that maintains compatible regulation with the EU and seek, where beneficial for both parties, mutual recognition of conformity assessments.

• The Committee notes the extensive cooperation between the UK government and the European Commission on the Data (Use and Access) Bill. It recommends that the government continues monitoring the EU’s Data Union Strategy when it is published and assess any relevant implications for UK policy, and take whatever steps are required to ensure a permanent data adequacy agreement is secured.

The post Business and Trade Committee issues report on strengthening UK-EU relations: techlaw aspects appeared first on Society for Computers & Law.

Over seven episodes, recorded in November 2024, Ben Evans, Shruti Hiremath and guests will look beyond the current position to identify some of the pressures the changing landscape will bring to bear.

Episode 2: Alternative Visions

A look at the emerging alternative visions of the AI stack around the world.

Episode 2 considers alternative visions for the AI stack. The discussion begins by thinking about the emergent ‘EuroStack’, which is a strategic initiative to develop independent digital infrastructure across all layers of the stack and reduce reliance on non-EU technologies that was launched in the European Parliament in 2024. At a high-level, this approach represents a significant transition away from the prevailing regulatory approach focussed on competition in  certain components of the stack towards an infrastructural approach driven by ambitious industrial policy. The panel proceeds to reflect on the approaches of different international jurisdictions, focussing in particular on the development of digital public infrastructure in emerging markets, and the issue of sovereignty. Crucially, the Indian examples of the Unified Payments Interface and the Open Network for Digital Commerce provide evidence that digital public infrastructure can promote significant competition. This prompts the panel to question whether regulatory intervention is necessary if there exists a sufficiently developed digital public infrastructure. Of course, it is essential that government initiatives are not mandated to the detriment of market-based solutions and are instead offered as alternatives. Ultimately, the co-existence of digital public infrastructure and private firm offerings may lead to a healthy competitive market.

Panel

Ben Evans (Chair) is a Postgraduate Researcher at the School of Law and Centre for Competition Policy, University of East Anglia. He is a member of the LIDC Scientific Committee.

Shruti Hiremath is Counsel in the Clifford Chance Antitrust Team in London.

Lauren Murphy is Founder and CEO of Friday Initiatives.

Sean Ennis is Director of the Centre for Competition Policy and a Professor of Competition Policy at Norwich Business School, University of East Anglia.

The LIDC NEX GEN Podcast Series on ‘Competition in Cloud and AI’ explores some the most topical and hotly debated questions  with a panel of leading international experts from academia, legal practice and industry.

The series was recorded  on 7 November 2024, and the views and opinions expressed therein reflect the legal context and state of affairs up to that date.

You can also watch or listen via the LIDC website, YouTube and Spotify.

The post Exploring Competition in Cloud and AI Podcast: Episode 2 – Alternative Visions appeared first on Society for Computers & Law.

Electronic Communications (Networks and Services) (Designated Vendor Directions) (Penalties) Order 2025

The Electronic Communications (Networks and Services) (Designated Vendor Directions) (Penalties) Order 2025 SI 2025/443 has been made.  It makes consequential amendments to the Electronic Communications (Networks and Services) (Penalties) (Rules for Calculation of Turnover) Order 2003, SI 2003/2712 which in summary covers how certain penalties are calculated in relation to turnover under the Communications Act 2003. It came into force on 3 April 2025.

CAP and BCAP update advertising codes to align with Digital Markets Act 2024

CAP and BCAP have published amendments to their advertising codes, which took effect on 8 April 2025.  The amendments align the Codes with the unfair commercial practices provisions in the Digital Markets, Competition and Consumers Act 2024 which came into force on 6 April. The changes include new rules on drip pricing and fake reviews.  Both the CMA and the ASA will delay enforcement on fake reviews for three months. The ASA has also said that it will align its enforcement on drip pricing with the CMA’s approach.

DSIT and NCSC launch new Cyber Governance Code of Practice for board

The Department for Science, Innovation and Technology (DSIT) and National Cyber Security Centre (NCSC) has published a new Cyber Governance Code of Practice on 8 April 2025, following industry consultation in 2024. The Code outlines actions for boards and directors to manage cyber security risks across five areas: risk management, strategy, people, incident planning, and assurance. It forms part of a wider governance package that includes training and implementation toolkit, primarily targeting medium and large organisations. The Code was developed in response to data showing 74% of large businesses experienced cyber attacks in the past year.

EU law

European Commission’s Expert Group on B2B data sharing and cloud computing contracts publishes final report

The European Commission’s Expert Group on B2B data sharing and cloud computing contracts has published its final report.  It contains non-binding model contractual terms on data access and use, as well as standard contractual clauses for cloud computing contracts under Article 41 of the EU Data Act.

Joint letter published on the EU’s need for AI liability rules

Several civil society organisations and BEUC have written to Executive Vice President Virkkunen and Commissioner McGrath to share their concerns that the AI liability directive proposal (AILD) is being withdrawn and to urge them to begin preparatory work on new AI liability rules. They seek at the very least a non-fault based liability approach that will make it easier for consumers who are harmed by an AI system to seek compensation.

European Commission launches AI Continent Action Plan

The European Commission has launched its AI Continent Action Plam.  It revolves around five pillars: building a large-scale AI data and computing infrastructure; increasing access to large and high-quality data, developing algorithms and fostering AI adoption in strategic EU sectors, strengthening AI skills and talents and simplifying regulation. The Commission will also launch the AI Act Service Desk, to help businesses comply with the AI Act. It will serve as the central point of contact and hub for information and guidance on the AI Act. In May it will consult on its Data Union Strategy.

European Commission consults on cloud and AI policies in the EU

The European Commission is consulting on the preparatory work for the Cloud and AI Development Act and the single EU-wide cloud policy for public administrations and public procurement. The Commission seeks views on the EU’s capacity in cloud and edge computing infrastructure, especially in light of increasing data volumes and demand for computing resources, both fuelled by the rise of compute-intensive AI services. As well as this, the Commission seeks views on the use of cloud services in the public sector.  It ends on 4 June 2025.

European Commission launches public consultation and call for evidence on the Apply AI Strategy

The Commission’s AI Office has called for evidence and is consulting on its Apply AI Strategy, planned to be published later this year. The Apply AI Strategy is part of President von der Leyen’s Political Guidelines to make Europe a global leader in AI innovation. The Strategy will serve as a blueprint for the full adoption of AI in EU strategic sectors. In particular, the Apply AI Strategy aims to foster the integration of AI technologies into strategic sectors. These sectors include advanced manufacturing; aerospace; security and defence; agri-food; energy; environment and climate; mobility and automotive; pharmaceutical; biotechnology; robotics; electronic communications; advanced material design; and cultural and creative industries. The consultation aims to identify priorities, current challenges to the uptake of AI in specific sectors as well as potential solutions and policy approaches. The consultation also includes specific questions on the challenges in the AI Act implementation process and how the Commission and member states can support stakeholders better in implementing the legislation. The consultation ends on 4 June 2025.

Commission updates guidelines on responsible use of generative AI in research

The European Commission’s Directorate-General for Research and Innovation has published the second version of its guidelines on responsible use of generative AI in research. One of the goals of the guidelines is that the scientific community uses generative AI responsibly. They take into account key principles on research integrity as well as existing frameworks for the use of AI in general and in research specifically.  The principles include honesty, reliability, respect and accountability. It is also consulting on its AI in Science Strategy. The consultation ends on 5 June 2025.

The post This Week’s Techlaw News Round-Up appeared first on Society for Computers & Law.