Skip to main content

Clifford Chance

Clifford Chance

Talking Tech

Legal insights for a digital age

Featured

cyber 6x4

EU Cyber Resilience Act Approved by European Parliament

On Tuesday 12 March, the European Parliament approved the Cyber Resilience Act, a milestone EU regulation which will set cyber security rules for 'products with digital elements' made available on the EU market. The CRA is now awaiting formal approval by the Council and is expected to enter into force in the coming months, with its rules becoming fully applicable over various transition periods. We overview key aspects of the CRA and flag some of the changes that have been introduced since the original Commission proposal.

Read
Healthtech

Remote Health Treatment - The Legal Challenges

Some medical treatment can be carried out using digital technology without a doctor being physically present. But what legal challenges does the use of digital technologies entail? This is an issue faced by stakeholders across the global healthcare sector. There is not currently any specific legal framework for inpatient treatment where doctors are physically separated from their patients and potential legal challenges are faced by all stakeholders involved – not just healthcare companies, hospitals and medical staff, but also health insurance companies and legislators.

Read
Healthcare & life sciences

Commercial Implications for Health Insurers in the Latest AI Guidance from the US Government

Artificial Intelligence (AI) is fuelling discussions on regulation, appropriate oversight, and ethical use. For the healthcare industry, the use of AI has at its core a range of social policy issues that intimately relate to individuals' medical treatment and ultimately, wellbeing, and new U.S. Government guidance will have a significant impact on health insurers

Read
Healthcare & life sciences

Doing Business in the United States? Steps to Comply with Washington's My Health My Data Act

Washington State's My Health My Data Act (MHMDA), passed in 2023, contains several mandates that will require many organizations doing business in the United States to update their operational and legal processes by March 31, 2024. MHMDA applies to any legal entity that operates in Washington, or provides products or services targeted to Washington consumers, and that acts as a data controller with respect to consumer health data (each such entity is defined in the MHMDA as a "regulated entity").

Read
2402-009756_LI Postcard3

Digital Services Act (DSA) Checklist

The EU Digital Services Act applies in full since 17 February 2024. We have prepared a PDF which contains an overview of some of the key items to confirm as part of a business's Digital Services Act status checks given this major milestone. The document is interactive – if you want to find out a bit more detail on some aspects, just click where marked. 

 

Download
Media & entertainment

Foul Play: ASA gives a 'red-card' to former footballers for breaching UK advertising rules

In its recent decision the UK advertising regulator, the Advertising Standards Authority (ASA) has upheld complaints against Supreme CBD Ltd (Supreme CBD) for four posts on X (formerly Twitter) which were not obviously identifiable as advertisements and making medical claims that a food supplement CBD product could treat insomnia and anxiety.

Read

German Court Rules on Disclosure of Trade Secrets in Competition Law Investigations

In a landmark decision, the German Federal Supreme Court has adjudicated on the balance between the need for transparency in competition investigations and the protection of a party's trade secrets. The German Federal Supreme Court (the "Court") has delivered a pivotal judgment on 20 February 2024, concerning the disclosure of trade secrets in antitrust proceedings. The case (KVB 69/23) revolves around the German Federal Cartel Office's (Bundeskartellamt – "FCO") intention to share Google's confidential information with competitors during an investigation into Google's business practices.

Read
Cyber

Cybersecurity: where are we now?

Four years into the 2020s there is a clear push in the European Union harmonisation of the rules within the cyber security landscape, with the financial services sector, devices, and cloud security being key areas of focus. This has been a long time coming. Under the guise of its 2020 Cybersecurity Strategy for the Digital Decade, the EU has embarked on a flurry of regulatory developments and proposals that, between them, aim to enhance the baseline cybersecurity of organisations operating in the EU, and levy stronger obligations on certain sectors such as financial services and critical infrastructure. In this overview article, we examine some of these key regulatory developments in the EU, whilst highlighting equivalent efforts, where applicable, in the UK.

Read
dna-molecules

Legal 500: Life Sciences Comparative Guide

We are very proud to have launched the new Legal 500 Life Sciences Comparative Guide as a joint project of The Legal 500 and Clifford Chance. The aim of this guide is to provide its readers with a pragmatic overview of life sciences law across a broad variety of jurisdictions. We have provided the Q&A template for each chapter and also contributed country-specific chapters for the EU and UK. Each chapter provides information about the current issues affecting life sciences practice in a particular country and addresses topics such as legislative framework, regulatory processes, advertising, restrictions, risks of liability and compliance standards as well as insight and opinion and any upcoming legal changes planned for their respective country.

Read the Guide
Data

The European Commission Cookie Pledge the state of play and way forward

The European Commission is working towards introducing a voluntary Cookie Pledge in April this year, with the aim of better empowering consumers to make effective ad choices and alleviating cookie fatigue. The Commission hopes to see adoption by organisations across sectors, with a focus on those in the advertising space. While the Commission has attempted to engage externally through a series of discussions, stakeholders continue to have concerns about the latest draft of the Cookie Pledge. This article sets out our updated analysis on the latest pledging principles for the Cookie Pledge published by the Commission

Read
Fintech

Navigating Digital Securities Sandbox: what is it, and how do I apply?

HM Treasury (HMT) has introduced legislation to launch the UK's Digital Securities Sandbox (DSS).In this article we cover what you need to know, including how to apply, key considerations, and how the DSS compares with its EU equivalent, the DLT Pilot Regime.

Read
Insurtech

Proposed Changes to Reporting and Underwriting Requirements for Pricing Insurance

The New York State Department of Financial Services (DFS) recently issued a proposed circular letter regarding the "Use of Artificial Intelligence Systems and External Consumer Data and Information Sources in Insurance Underwriting and Pricing" (PCL). The PCL incorporates obligations contained in the DFS's 2019 Insurance Circular Letter No. 1 and tracks key themes of the recent National Association of Insurance Commissioners model bulletin on the "Use of Artificial Intelligence Systems by Insurers" and the Colorado regulations on the use of algorithms and predictive models by life insurers.

Read
US-states_600x400px

US State Privacy Laws

U.S. data privacy has entered a new era. Historically, the data privacy legal landscape has been dominated by sector-specific legislation, such as the Graham-Leach-Bliley Act and Health Insurance Portability and Accountability Act, often with a focus on cybersecurity or preventing misuse of certain types of personal information. The California Consumer Privacy Act was the first comprehensive (i.e., broad sweeping) state data privacy law added to this U.S. regulatory framework that focused on consumer protection. Since its adoption, various state-level regulatory and legislative activity has been building momentum. Today, several states have enacted or are continuing to develop comprehensive data privacy laws with requirements that apply across nearly all business sectors. Understanding the scope, applicability, and requirements of these state data privacy laws are more crucial than ever for companies operating in the U.S.  Read our individual overviews of currently enacted comprehensive state data privacy laws to learn more.

Read

Fintech: Five Trends to Watch

While 2023 saw ongoing uncertainty and high-profile financial sector failures, it also brought regulatory progress around the world, including for landmark regulations on digital assets and AI. In 2024, we will see the next stage of pioneering regulation as blueprints and best practices begin to emerge, alongside compliance challenges.

Read

Global M&A in 2024: Five trends to watch

Following a challenging year for mergers and acquisitions (M&A), the macroeconomic climate is now stabilising, and confidence returning to boardrooms. As a result, we expect the recent growth in M&A to gain momentum into 2024, with deal-making influenced by geopolitics, new technology, and the regulatory response to it.

Read

2024 Data Centre Industry Outlook

The data centre industry continues to develop at an increasing pace due to technological advancements and market trends. Significant global market growth, rising rack density and pricing dynamics present a number of challenges and opportunities. In this briefing we examine the drivers of change in the evolution of digital infrastructure such as sustainability and AI, and how they will impact data centres and the companies that use them.

Read
Data

CJEU decisions on administrative fines under the GDPR

On 5 December 2023, the Court of Justice of the European Union (CJEU) published its preliminary rulings in Cases C-683/21 (Nacionalis visuomenés sveikatos centros prie Sveikatos apsaugos ministerijos) (NVSC) and C-807-21 (Deutsche Wohnen SE) (DW). In these cases, factually unrelated but raising overlapping issues of principle, the CJEU reached several key decisions clarifying the position under the EU General Data Protection Regulation (GDPR) regarding the imposition of administrative fines by data protection supervisory authorities

Read
Intellectual Property

UK Supreme Court ruled that AI cannot be an inventor for UK patents

After hearing the case of Thaler v Comptroller General of Patents Trade Marks and Designs in March earlier this year, the UK Supreme Court has ruled, in a hotly anticipated judgment, that an inventor within the meaning of the Patents Act 1977 (the "1977 Act") must be a natural person who devises a new and non-obvious product or process (the invention), and that an AI system cannot be an inventor.

Read
Artificial intelligence

Biden Executive Order on AI: what businesses can do (for now) about the safety and security mandates

On November 16, 2023, we published an article titled "What businesses need to know (for now) about the Biden Executive Order on AI", where we summarized President Joe Biden's Executive Order on the Safe, Secure and Trustworthy Development and Use of Artificial Intelligence (EO) in a global context and offered practical recommendations for business use. This article focuses on the safety and security aspects of the EO and similarly, seeks to offer practical guidance and perspective.

Read

Webinar

Fibre-600x400-3

Webinar: Space tech for smart cities

Smart cities are using technology to make cities faster, smarter, more efficient and sustainable. The market for smart city related services is growing fast, with the European Space Agency referencing a forecast growth of +57% between 2020-2025. Many of these smart city services and associated technology are heavily reliant, if not entirely dependent, on space tech. In this webinar, from 5 December 2023, our speakers explore the importance of space tech to smart cities, the latest developments, and the opportunities and risks for financial investors in the sector.

Watch Here
Artificial intelligence

What businesses need to know (for now) about the Biden Executive Order on AI

On October 30, 2023, President Joe Biden announced an Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (EO), which marks a historic milestone in the regulation of artificial intelligence systems and technologies in the United States.

Read
Consumer

The new UK Online Safety Regime

After being in the works for half a decade, the Online Safety Act 2023 (OSA) received Royal Assent on 26 October 2023. It will join the EU's Digital Services Act (EU DSA) as one of the newest and boldest tech regulations in Europe and is aimed at making the UK 'the safest place to be online'. The OSA will deploy a diverse set of rules, obligations, and regulatory powers designed to protect users, particularly children, from online harms. Whether the OSA, and its regulator, Ofcom, will be successful in striking the balance between freedom of speech and other rights, and the need for online safety, will remain in contention for years to come.In this first of a series of three articles on the online safety regime in the UK, we will provide an overview of the OSA and what it entails for the 100,000 services estimated to be in scope. The following articles in this series will unpack compliance obligations and practical guidance for businesses in more detail.

Read
Data

First-tier Tribunal dismisses UK ICO's Clearview enforcement and monetary penalty notices on jurisdictional grounds

In its judgment dated 17 October 2023, the First-tier Tribunal held that the UK Information Commissioner's Office (ICO) did not have jurisdiction to issue its 18 May 2022 enforcement and monetary penalty notices, which alleged breaches of the UK and EU General Data Protection Regulations (together, GDPR), to Clearview AI Inc (Clearview).

Read
AI-600x400px-1

Responsible AI in Practice

Public awareness of AI is increasing and, with it, questions on how AI will be used and the impact it will have on our lives. To help identify the pressures faced by policymakers and demands from stakeholders, our report, in partnership with Milltown Partners – Responsible AI in Practice – analyses the results of focus groups of policy-informed individuals conducted in the US, the UK and Germany. Groups were asked about issues such as bias, consent, copyright, transparency,  content moderation and AI governance.  We found that people's attitudes towards AI are developed and nuanced. They are optimistic about the potential of AI, but there is work to do to demonstrate that it will be used responsibly and safely.

Read the Report
Data

German Data Protection Authorities comment on new EU-U.S. Data Privacy Framework

On 4 September 2023, the Conference of the German Data Protection authorities (DSK) published a guidance on the EU Commission's "adequacy decision" under the GDPR on the EU-U.S. Data Privacy Framework dated 10 July 2023 (DPF) (see our article European Commission approves EU-US data privacy framework). In the guidance, the DSK explains the background and the main content of the adequacy decision on the DPF. They focus on the scope of the new mechanism, the use of alternative instruments for transfers to the U.S. and enforcement of data subjects' rights against certified organizations in the U.S

READ
Data

European Commission approves EU-US data privacy framework

On 10 July 2023, the European Commission reached an "adequacy decision" under the European Union General Data Protection Regulation (GDPR), approving transfers of personal data to organisations located in the United States that will be certified under the newly-established Trans-Atlantic Data Privacy Framework (DPF) agreed between the U.S. and the EU.

READ
Antitrust

The EU Court of Justice's CK Telecoms Judgment

The recent CK Telecoms ruling of the Court of Justice of the EU (CJEU) has overturned a previous judgment of the General Court, which had sought to create stricter and more structured tests for the European Commission to meet before prohibiting certain mergers in concentrated markets under the EU Merger Regulation.

READ
about-us-news

Who we are

We are one of the world's pre-eminent law firms, with significant depth and range of resources across five continents. Our Tech Group is a single global team delivering strategic tech law advice to help clients stay ahead of the curve and outstrip the pace of change.

Find out more

Talking Tech Newsletters

Fintech

Global Fintech Update

Our weekly global fintech round-up, summarises fintech regulatory developments that have happened around the world along with our Clifford Chance fintech publications and upcoming events

Read latest edition
Tech

Tech Policy Unit Horizon Scanner

The Tech Policy Unit Horizon Scanner is our monthly dive into the key tech policy and legislative developments around the world.

Read latest edition
ESG

Sustainability: ESG Developments

This monthly newsletter is intended to assist banks, financial investors and corporates in keeping up to date with ESG developments.

Read latest edition
Media & entertainment

The Advertising Brief

Our quarterly newsletter delivering concise summaries of the most interesting cases from the UK's Advertising Standards Authority (ASA) with our key takeaways for all brand owners to be aware of

Read latest edition
Fintech

Global Crypto Round-Up

This monthly newsletter provides you with a monthly brief into the world of digital assets, keeping you up to date with regulatory developments, publications and events from across jurisdictions.

Read latest edition
Cyber

Stories from the Wild

This monthly newsletter will bring you the latest stories in information security and cybersecurity.

Read latest edition

Latest Podcast

australia-tech-connectivity

LabChat: Blockchain in Asia Pacific (with Joanne Chuang, Jack Hardman and Marc Liew)

Create+65 Innovation Lead Joanne Chuang and Dubai Partner Jack Hardman talk to Marc Liew, Head of Ecosystem Development for APAC at R3, about some of the key developments in the blockchain space including whether the current state of the market still presents an opportunity for reflection and innovation, as well as Clifford Chance's collaboration with R3 through the Venture Development Programme.  

Listen

Latest Events

cyber-attack-A01

EVENT: 18 April: Navigating cybersecurity and resilience in 2024 (online)

The global trend towards increased cybersecurity and resilience regulation will tighten existing requirements and affect a broader range of businesses than ever before. From updates in SEC and NYDFS cyber requirements, to Singapore’s proposed Cybersecurity Amendment Bill, our global panel will examine developments in the US, APAC, Europe and the Middle East

Time: 08:00 EDT / 13:00 BST / 14:00 CEST / 20:00 HKT

To Register, please complete the online registration form.