Sourcing Speak

The UK Government Announces Ambitious Proposals to Improve Software Security and Resilience

Posted June 20, 2024

By Lee Rubin, Johanna Lipponen and Steven Farmer

Lee Rubin

Johanna Lipponen

Steven Farmer

In light of the increasing organizational use of and reliance on software and the concerns raised regarding the malicious use of the same, the UK Government has published a response to its call for views on software resilience and security for businesses and organizations. (See here for details of the call for views.) The UK Government has unveiled an ambitious plan to enhance software security practices in the UK by proposing baseline security expectations for software vendors in an effort to seek more transparency and consistency for customers.

Why Are Cloud Transformations Challenging?

Posted May 23, 2024

By Michael McCann

Michael McCann

More than two decades in, cloud computing is no longer a technology that requires a herald or proselytizer. What began with government agencies and then financial institutions seeking expanded storage solutions and an alternative to enterprise applications anchored to physical locations has matured into a cornerstone of many services the average person uses and benefits from every day.

But even as companies ponder exactly how, when, and to what extent cloud services such as IaaS (infrastructure as a service), PaaS (platform as a service), and cloud native solutions might best serve their needs, one thing remains constant—cloud transformation is complex and fraught with potential pitfalls.

Is Your AI Testing Tool a Breach of Contract Claim Waiting to Happen?

Posted April 8, 2024

By Mia Rendar and Samuel Reno

Mia Rendar

Samuel Reno

Reliability, security, and legal compliance. These are assurances that customers purchasing technology products expect from their providers, and which are often required as part of the contracts for such products. AI Providers, however, are lagging in their willingness to contractually commit to such assurances, let alone deliver in practice. Thus, as AI products grow in both popularity and technical complexity, robust testing tools become indispensable. Unfortunately, utilization of such tools may unwittingly expose companies to legal risks, particularly in that user testing breaches the use rights, license restrictions, or allocation of intellectual property rights to which the parties commit in the contract for the AI product.

Operational Resilience Requirements May Be Coming for Large U.S. Banks Soon

Posted April 4, 2024

By Brian H. Montgomery, Andrew L. Caplan and Samuel C. Markel

Brian H. Montgomery

Andrew L. Caplan

Samuel C. Markel

On March 12, 2024, Acting Comptroller of the Currency Michael Hsu indicated in a speech that regulations may soon be forthcoming that would be designed to bolster larger depository institutions’ ability to withstand disruptions to their critical operations. If enacted, these regulations would require covered financial institutions (and by extension, their third-party service providers) to satisfy operational resilience requirements at a level of granularity that has previously been absent from United States financial regulations.

eIDAS 2.0 Paves the Way for a Unified Digital Identity Framework in the EU

Posted March 28, 2024

By Steven Farmer, Scott Morton, Johanna Lipponen and Mark Booth

Electronic identification and trust services (eIDAS) refer to a range of services that include verifying the identity of individuals and businesses online and verifying the authenticity of electronic documents. Since 2014, such services provided in the EU have been subject to the eIDAS Regulation, which aimed to create a predictable regulatory environment across the EU and ensure that interoperability across different EU Member States. The eIDAS Regulation’s complexity, inflexibility and perceived limitations resulted in limited adoption, while the COVID-19 pandemic simultaneously fueled an increased demand for electronic identification. Consequently, the European Commission committed to revising the eIDAS Regulation to establish an EU-wide attribute-based electronic identity framework, incorporating a government-issued digital identity wallet to eliminate the dependence on commercial authentication providers.

Old Tricks for the New Dog: Why Traditional Technology Sourcing Best Practice Is Relevant for Cutting-Edge AI

Posted March 22, 2024

By Mia Rendar

Mia Rendar

Since the release of OpenAI’s ChatGPT, the intense hype around large language models (LLMs) and complex AI systems has exploded. Organizations have rushed to both try and buy these new tools. Along with it, a flood of commentary continues to flow regarding how to use the tools productively and responsibly, along with the legal issues that might arise through such use. Those topics are certainly novel—but when it comes to procuring AI tools, what if the key to successfully purchasing the products is not?

EU Reaches Agreement on New “AI Act”: The World’s First Comprehensive AI Law

Posted December 11, 2023

By Steven Farmer, Tony Phillips, Scott Morton and Mark Booth

The Council of the European Union and the European Parliament reached a provisional agreement on a new comprehensive regulation governing AI, known as the “AI Act,” late on Friday night (December 8, 2023). While the final agreed text has not yet been published, we have summarized what are understood to be some of the key aspects of the agreement.

The Impact of AI Foundation Models on Competition, Consumers and Regulation: A View from the UK’s CMA

Posted November 29, 2023

By Lee Rubin and Johanna Lipponen

Lee Rubin

Johanna Lipponen

The Competition and Markets Authority (CMA), the UK’s competition regulator, announced this month that it plans on publishing an update in March 2024 to its initial report on AI foundation models (published in September 2023). The update will be the result of the CMA launching a “significant programme of engagement” in the UK, the United States and elsewhere to seek views on the initial report and proposed competition and consumer protection principles.

Key Takeaways from the UK’s AI Summit: The Bletchley Declaration

Posted November 7, 2023

By Steven Farmer and Johanna Lipponen

Steven Farmer

Johanna Lipponen

The United Kingdom hosted an Artificial Intelligence (AI) Safety Summit on November 1 – 2 at Bletchley Park with the purpose of bringing together those leading the AI charge, including international governments, AI companies, civil society groups and research experts to consider the risks of AI and to discuss AI risk mitigation through internationally coordinated action.

Drafting Limitation of Liability Clauses: Practical Tips from the UK High Court

Posted November 2, 2023

By Lee Rubin and Johanna Lipponen

Lee Rubin

Johanna Lipponen

A decision of the High Court of the United Kingdom earlier this year is an important reminder that the limitation of liability clause remains a crucial piece of any high value or complex contractual arrangement. The importance of such a clause seeking to restrict a party’s financial exposure in the event of a lawsuit or other claim is that, when enforceable, it can “cap” the amount of potential damages incurred. The issue considered in the High Court’s decision was whether a party could rely on a single liability cap rather than being subject to multiple liability caps for multiple claims. The decision hinged largely on the wording of the contract clauses and serves to remind us of key considerations when drafting limitation of liability clauses.

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this: