Skip to main content

Clifford Chance
All
Talking Tech<br />

Talking Tech

Legal insights for a digital age

Featured

Alternative Text

AI & Data

Agentic AI: The liability gap your contracts may not cover

Agentic AI is reshaping the nature of technology risk. These systems don’t just process data or generate insights – they take actions, make decisions and, increasingly, operate without human oversight. Unlike traditional generative AI, which primarily responds to prompts, agentic AI can initiate and execute tasks across connected systems. For example, a customer support AI agent might verify account status, reset passwords and send follow up communications to a customer automatically. An AI agent dealing with your travel plans might compare prices, scan your calendar and book your flights as part of an end to end process. Yet many of these systems are still deployed under legacy technology contracts written for passive, predictable software firmly under human control. As vendors release agentic capabilities faster than contracts can evolve, and regulatory scrutiny of automated decision making increases, a liability gap is emerging. Businesses relying on unmodified agreements may find that risk is no longer allocated fairly when it comes to agentic AI and they are exposed to significant contractual, legal, reputational and operational consequences. In this article we explore some of the key liability gaps and outlines how businesses using AI agents can manage agentic AI risk effectively.
Alternative Text

Data

EDPB and EDPS opine on bold changes to European digital regulation as proposed in Digital Omnibus

The EDPB and EDPS support the Digital Omnibus's goal of reducing compliance burdens but strongly oppose any proposals that might narrow the GDPR's scope or create legal uncertainty. This article identifies ten critical areas where these regulatory concerns are likely to shape the final outcome of legislative negotiations.
Alternative Text

Data

Key aspects of the Data (Use and Access) Act take effect

Key provisions of the Data (Use and Access) Act (DUA Act) came into effect on 5 February 2026. Businesses subject to the UK GDPR and/or PECR should ensure that policies and practices reflect this tranche of amendments to UK data protection law. We summarise some of the key changes relevant to businesses with operations in the UK.

Poland: Delayed Implementation of the NIS2 Directive

On 19 February 2026, the President Karol Nawrocki signed an amendment to the Act on the National Cybersecurity System (the “Amendment” and the "Cybersecurity Act"). This Amendment is designed to implement the NIS2 Directive and it will come into force on 2 April 2026.

Artificial intelligence

Deconstructing and achieving digital sovereignty for Europe

There are growing calls in Europe for digital sovereignty. This article examines what that actually means, how it can be realistically achieved without compromising on the ability to innovate, and what organisations are already doing to make it a reality.

Dive into a Topic

Antitrust

Artificial Intelligence

Cyber

Data

ESG

Fintech

Health & Life Sciences

Intellectual Property
All aboard the Digital Omnibus?

All aboard the Digital Omnibus?

On 19 November 2025 the European Commission published the much-anticipated EU Digital Simplification Package. Also referred to as the "Digital Omnibus". Our briefing provides an overview of the main proposals of the Digital Omnibus package and the practical implications of its proposals.

Read
When the Lights Go Out: Navigating Leadership in the Face of Cyber Threats

When the Lights Go Out: Navigating Leadership in the Face of Cyber Threats

Cyber threats have evolved into critical strategic risks that can severely impact global businesses, requiring boards to prioritize cyber resilience and preparedness. In this article co-authored with Odgers we examine how organisations can show effective leadership in cyber incidents thorough preparation, decisive response, and long-term governance.

Read
Cyber Security and Resilience (network and information systems) Bill issued by UK government

Cyber Security and Resilience (network and information systems) Bill issued by UK government

This article considers why the evolving threat landscape has necessitated an update to the existing NIS regime and provides a high-level overview of the Bill's proposed changes.

Read
EU cyber reforms proposed, including overhauled Cybersecurity Act

EU cyber reforms proposed, including overhauled Cybersecurity Act

On 20 January 2026, the European Commission proposed a new cybersecurity package intended to strengthen the EU's cybersecurity resilience and capabilities. The package responds to the increasing threat of cyber and hybrid attacks on essential services and democratic institutions. It has two parts: the first proposes to amend and restate the EU's Cybersecurity Act with a new version (Cybersecurity Act 2); and the second to amend the NIS2 Directive. This briefing overviews key changes.

Read
Regulatory Horizon Scanner: Fintech firms – Europe, Q1 2026

Regulatory Horizon Scanner: Fintech firms – Europe, Q1 2026

In this regulatory horizon scanner, we identify and summarise key legislative and non-legislative developments that are likely to have an impact on fintech sector firms providing services in the EU and UK, including: Markets related developments, Digital assets developments, Cross-sectoral developments. Key developments that impact all firms across the financial services sector, such as reforms to payments and AML frameworks. Where relevant, we set out projected timelines for the finalisation and implementation of the relevant developments, covering approximately the next two years.

Read
Data, Defamation and Disclosure in the English Courts: What to watch in media law in 2026

Data, Defamation and Disclosure in the English Courts: What to watch in media law in 2026

2025 saw the English courts, government and regulators grappling to keep up with evolving technology and the shifting landscape of the media and entertainment sector. As we enter 2026, we spotlight some of the key English law cases and developments from the past year and consider the trends and challenges that are likely to shape the media litigation landscape in England and Wales in the year ahead.

Read
ICO v Clearview AI: The reach of GDPR and the breadth of 'behavioural monitoring'

ICO v Clearview AI: The reach of GDPR and the breadth of 'behavioural monitoring'

Upper Tribunal decision says UK ICO did have jurisdiction to issue enforcement and penalty notices against Clearview AI Inc for data protection breaches, overturning a previous First-Tier Tribunal decision. This binding decision has important implications for non-UK companies, clarifying that passive data collection for 'behavioural monitoring' of UK residents can bring their processing activities under the scope of the UK GDPR.

Read
EU AI Act: Copyright compliance for GPAI model providers

EU AI Act: Copyright compliance for GPAI model providers

New copyright compliance obligations established by the EU AI Act for providers of general-purpose artificial intelligence (GPAI) models entered into force on 2 August 2025. These obligations require GPAI model providers to implement a robust copyright policy and to publish a “sufficiently detailed summary” of their model’s training content using the template issued by the European Artificial Intelligence (AI) Office in July 2025.

Read
UK ICO consults on new data protection enforcement procedural guidance

UK ICO consults on new data protection enforcement procedural guidance

The guidance provides additional detail on the processes to be followed at each stage of an ICO investigation into a potential breach of data protection legislation and offers the first insight into how and when the ICO envisages using new investigative and enforcement powers introduced under the Data (Use and Access) Act 2025

Read
Revolve Report – GenNext: Attracting Talent in Real Estate’s Digital Era
Real estate

Revolve Report – GenNext: Attracting Talent in Real Estate’s Digital Era

This latest paper explores the cultural, technological, and generational challenges and opportunities facing real estate and how to help position the industry as a career of choice for the talent it needs to thrive. The paper highlights how digital transformation such as AI and data analytics is reshaping the real estate sector, both in terms of skills required and the industry's ability to attract next-generation talent

Read
EU Data Act: A new era for data sharing has begun
Data

EU Data Act: A new era for data sharing has begun

On 12 September 2025, the majority of the EU Data Act's provisions became applicable. This article focuses on key points to know about the EU Data Act's data access and re-use provisions. The EU Data Act also includes provisions aimed at facilitating switching between data processing services and interoperability requirements for data processing services and data spaces.

Read
Cyber ICO fines Capita for UK GDPR infringements following March 2023 data breach
Cyber

Cyber ICO fines Capita for UK GDPR infringements following March 2023 data breach

On 15 October 2025, the Information Commissioner's Office (ICO) imposed a fine of £14 million on Capita plc and Capita Pension Solutions Limited for UK GDPR infringements which it found resulted in a cyber security breach that compromised the data of 6,656,037 individuals. The incident underscores the importance of sufficiently staffing cybersecurity roles, filling gaps in cybersecurity coverage identified by penetration testing, and operating in line with organisational policies.

Read
US-states_600x400px

US State Privacy Laws

U.S. data privacy has entered a new era. Historically, the data privacy legal landscape has been dominated by sector-specific legislation, such as the Graham-Leach-Bliley Act and Health Insurance Portability and Accountability Act, often with a focus on cybersecurity or preventing misuse of certain types of personal information. The California Consumer Privacy Act was the first comprehensive (i.e., broad sweeping) state data privacy law added to this U.S. regulatory framework that focused on consumer protection. Since its adoption, various state-level regulatory and legislative activity has been building momentum. Today, several states have enacted or are continuing to develop comprehensive data privacy laws with requirements that apply across nearly all business sectors. Understanding the scope, applicability, and requirements of these state data privacy laws are more crucial than ever for companies operating in the U.S.  Read our individual overviews of currently enacted comprehensive state data privacy laws to learn more.

 Read
about-us-news

Who we are

We are one of the world's pre-eminent law firms, with significant depth and range of resources across five continents. Our Tech Group is a single global team delivering strategic tech law advice to help clients stay ahead of the curve and outstrip the pace of change.

 Find out more

Talking Tech Newsletters

Global Fintech Update
Fintech

Global Fintech Update

Our weekly global fintech round-up, summarises fintech regulatory developments that have happened around the world along with our Clifford Chance fintech publications and upcoming events

Read latest edition
Tech Policy Unit Horizon Scanner
Tech

Tech Policy Unit Horizon Scanner

The Tech Policy Unit Horizon Scanner is our monthly dive into the key tech policy and legislative developments around the world. It's an easy way to keep on top of the developments you need to know about.

Read latest edition
Global Crypto Round-Up
Fintech

Global Crypto Round-Up

This monthly newsletter provides you with a monthly brief into the world of digital assets, keeping you up to date with regulatory developments, publications and events from across jurisdictions.

Read latest edition

The Advertising Brief

Our quarterly newsletter delivering concise summaries of the most interesting cases from the UK's Advertising Standards Authority (ASA) with our key takeaways for all brand owners to be aware of.

 Read

Latest Events

20 Sept 2025: Stablecoins – navigating the evolving global regulatory framework

New frameworks for stablecoins are emerging across global financial centres, including the US GENIUS Act for payment stablecoins, Hong Kong’s new regime for stablecoin issuers and a developing UK framework. As regulatory clarity grows, so do opportunities to leverage stablecoins for fast, cost-effective cross-border payments and transaction settlement, enhanced liquidity and collateral use. Join our international panel as they explore how different jurisdictions are approaching stablecoin oversight, including the lessons learned from more established regulatory frameworks such as the EU’s Markets in Crypto-Assets Regulation (MiCA), highlight key compliance challenges, and look at the future of stablecoin adoption.

08:00 EDT | 13:00 BST | 14:00 CEST | 20:00 HKT

 

 Register
See all our events

Log in