Skip to main content

Clifford Chance

Clifford Chance
Digital regulation and strategy<br />

Digital regulation and strategy

Tech Trends 2023

1. Cyber gets serious

As reliance on digital infrastructure increases and data becomes more voluminous, valuable and vulnerable, we expect to see a rise in cyber incidents and attacks. "Cyber wars" between nations are predicted to be major threats to critical national infrastructure and services, as well as targeted ransomware attacks. With a flurry of new and revamped legislation impacting cybersecurity and operational resilience, regulatory requirements are becoming more numerous and stringent, often with formidable associated enforcement regimes.

What's next?

More sophisticated attacks: Deployment of artificial intelligence (AI) and machine learning technologies will become an increasingly critical component of the arms race between company security teams and cyberattack perpetrators. This increased automation of the security and attack process could see organisations fending off countless hyper-speed attacks each day. The next generation of cyberattacks will move from opportunistic to targeted, and deepfakes and natural language chat bots could move phishing attacks to the next level.

Incident management navigation: The management of cyber incidents will become increasingly complex as more laws come into force, existing laws are revised, and the trend of multiple regulators investigating cyber incidents continues. Increasingly, companies are subject to legal requirements to have incident response plans. Even where not legally required, companies are relying on such plans to navigate the various incident management and reporting requirements under a patchwork of laws governing cybersecurity and resilience, ransomware payments, privacy and, often, sector-specific requirements and regulators.

Partner Jonathan Kewley says...

"Cyberattacks can be so vast and unpredictable that they could be uninsurable. That's why we're seeing new legislation that requires businesses to think ahead." 

2. Data in the spotlight

The proliferation of heavy-hitting data protection laws continued in 2022. We are seeing some laws come into full effect as well as regimes developing the specificity of their requirements and others strengthening their sanctions. Privacy enforcement has been active, including large GDPR fines and the first ever CCPA enforcement action. Joining the data governance landscape are new laws and proposals tackling how certain data sets – containing both personal and non-personal data – may be shared and used.

What's next?

Increased complexity in data governance and transfer: Significant new privacy laws and changes to data protection regimes are on the horizon in 2023 – including in the USA, the UK, India, Nigeria and Saudi Arabia. Alongside these privacy developments, we will also see wider data governance laws and frameworks being introduced or developed, with the EU leading the charge as the Data Act and the Common European Data Spaces initiative follow hot on the heels of last year's enactment of the EU's Data Governance Act.

Senior Associate Arun Visweswaran says...

"Technology's growth goes hand-in-hand with how technology treats and respects data. The fact that the Middle East is pushing for technology to grow in this region, and is at the same time ensuring there are regulations in place to respect data, increases confidence in the market." 

What's next?

International co-operation for data transfers: High-profile enforcement activity in relation to data transfers has put pressure on international co-operation efforts to facilitate legal transfer of data between continents. With momentum building behind the Global Cross-Border Privacy Rules Forum and progress of the EU-US Data Privacy Framework expected to be fast-paced, we should see businesses being able to meaningfully leverage related transfer mechanisms. Of course, the testing of these frameworks in court will doubtless follow.

Partner Sharis Pozen says...

"The trend of conflation of antitrust, privacy and data will continue. Governments around the globe are concerned about the power that accumulated data represents and are enacting legislative initiatives around data accordingly." 

3. The AI legal landscape evolves

We are seeing significant evolutions in the capabilities of AI and machine learning technologies – including generative AI with greater capacity for seemingly creative action and personalisation. Interactions with other emerging technologies, such as neurotechnology and quantum computing, could hugely accelerate these developments. This presents both exciting opportunities and a range of legal, ethical and practical questions. In 2023, we will see significant milestones in the development of the regulatory frameworks for AI, and businesses will be stepping up their internal AI capabilities.

What's next?

Evolving legal frameworks: The EU's AI Regulation is expected to be finalised and adopted in the year ahead. It will sit alongside the proposed AI Liability Directive in regulating how AI can be used and who is liable for harms caused by use of AI. The UK is expected to issue an AI framework to underpin sector-specific rules. In the US, we expect to see progress of the AI Bill of Rights, and the testing of the practical application of New York City's law governing AI in recruitment. China's regulatory architecture for AI is expected to continue to emerge following its regulation on recommendation algorithms coming into effect last year and its recently released measures on production of 'deepfakes'. Such AI-focused legislation will form part of the andscape of privacy, product safety, consumer protection and other laws which regulate the use of AI. 

Ethics and risk management: Businesses will also be navigating ethical and risk management frameworks that will influence market practice, shape customer expectations and inform regulatory views of appropriate AI development, deployment and governance. Standards organisations and hubs are expected to release AI-related standards and guidance. In turn, we will likely see the rise of AI assurance ecosystems and audit services, as well as businesses making greater investments in hiring, developing and retaining talent that can deliver and govern AI projects.

Partner Kate Scott says...

"New AI-focused legislation will form part of the greater landscape of privacy, product safety and other laws which regulate the use of AI. In parallel, litigation and regulatory enforcement will test key issues, in particular around liability, fairness and transparency, and intellectual property rights." 

4. Regulatory frameworks for digital assets, services and markets

The power and real-world consequences of digital content, interactions and assets are more evident than ever before. Countries around the world are introducing regulation designed to protect consumers, promote data sharing, safeguard competition and manage the digital playing field. Courts are applying existing legal principles to new technologies. In 2023, we will see rapid evolution of the legal frameworks for the regulation of digital services, online content, digital assets and digital markets.

What's next?

Online services and content: Governments and law makers are focused on tackling unfair or harmful practices, dark patterns, disinformation, and the risk of deepfakes and other technologies being weaponised to manipulate people. From the recently introduced EU Digital Services Act and China's laws on deep synthesis technology, to the UK Online Safety Bill and the proposed US Kids Online Safety Act, we will see significant, if fragmented, progress in regulating an array of online services and technologies.

Digital markets: Antitrust authorities are continuing to focus on regulation of the digital sphere and have their sights set on curtailing the power of the largest players in the digital markets. The EU's Digital Markets Act (DMA) entered into force last year, and in 2023 we will begin to see which companies are designated gatekeepers and how aspects of the legislation will be implemented. The DMA is part of a global trend in tackling the regulation of competition in digital markets – with legislation at varying stages in the US, the UK, Australia, China and Korea. The year ahead will give a better picture of the degree of divergence in approach between jurisdictions as these laws develop. We will also see significant investigations and litigation as prominent companies come under scrutiny for alleged anti-competitive behaviour connected with their use of technology and data.

For more, see The Digital Services Act – What is it and what impact will it have? and The Digital Markets Act: A new era for the digital sector in the EU.

Partner Dessislava Savova says...

"This will be the year of strategic engagement in leveraging tech regulations in Europe. Part of the challenge will be to adopt a truly holistic approach. The winners will be those who embrace the new paradigm and make it an inherent part of their strategy, business model and brand reputation."

Partner Ling Ho says...

"We will see off-chain contracts playing a bigger role when it comes to the exploitation of digital assets – particularly with NFTs where rights of ownership and licensing of intellectual property are key considerations that have to be agreed between contracting parties." 

Read Tech Trends 2023 Part 2: Tech markets and supply chains

We look at the industrial metaverse, net zero tech, semiconductors, gaming and esports, space tech, tech M&A, digital infrastructure, digital capital markets and more.

  • Share on Twitter
  • Share on LinkedIn
  • Share via email
Back to top