Morgan Lewis’s technology, outsourcing, and commercial contract team, along with Boston Consulting Group, recently hosted a roundtable dinner in London, during which senior stakeholders from technology suppliers and large...more
The European Parliament recently published a report (the Report) on the interplay between several key EU digital regulations to assess overlap and gaps and highlight the regulatory complexity that these different regimes have...more
The European Supervisory Authorities (ESAs) published on November 18, 2025 a list of 19 critical information and communications technology (ICT) third-party providers (CTPP) that will be subject to direct oversight under the...more
The European Banking Authority (EBA) recently published a consultation paper (Consultation) that proposes to expand third-party risk management requirements for certain EU-regulated financial entities. The Consultation would...more
8/29/2025
/ Banks ,
Consultation Papers ,
Contract Terms ,
Digital Operational Resilience Act (DORA) ,
EU ,
European Banking Authority (EBA) ,
Financial Institutions ,
Information Technology ,
Outsourcing ,
Regulatory Oversight ,
Regulatory Requirements ,
Risk Management ,
Third-Party Risk
Artificial intelligence has become one of the most transformative forces in modern finance, reshaping how investment firms operate, analyze data, and interact with clients. AI is no longer a futuristic concept but rather a...more
The UK government published on April 1 a policy statement setting out its proposals for the much-anticipated Cyber Security and Resilience Bill (the Bill). The proposals include bringing data centers and managed service...more
The demand for data centers is continuing to accelerate, fueled largely by generative artificial intelligence (Gen AI), broader digital transformation, and organizations migrating to cloud infrastructure. Gen AI adoption...more
A day does not go by this year without news of another major investment in data centers or the infrastructure—including facilities, power, and cooling systems—that is needed to run data centers. Notwithstanding all the data...more
The UK Supreme Court’s ruling on undisclosed commissions earned by brokers will significantly impact the automotive sector and lenders. Although banks have been the focus of debate, the decision by His Majesty’s Treasury to...more
On January 14, the UK government published a consultation on new measures to tackle the increasing threat of ransomware attacks. Ransomware is malicious software (malware) that infects a victim’s computer system and prevents...more
European regulators recently published clarifications on the scope of ICT services under the EU Digital Operational Resilience Act (DORA), prepared by the European Commission, which confirms previous guidance and enables...more
On January 13, 2025, the United Kingdom’s Prime Minister Sir Keir Starmer announced the UK AI Opportunities Action Plan. The AI Opportunities Action Plan outlines the UK’s intentions to become a world leader in artificial...more
Starting as of Friday, January 17, 2025, financial entities must now be compliant with the EU’s Digital Operational Resilience Act (DORA). Implementation efforts have accelerated in recent months to meet the deadline and in...more
On January 8, 2025, partners Doneld Shelkey, Mike Pierides, and Marina Aronchik presented an Outsourcing and Technology 2025 webinar as part of the Morgan Lewis Tech & Sourcing Webinar Series: Data 2025....more
The landscape for outsourcing, technology, and artificial intelligence (AI) transactions continues to undergo significant transformations as businesses navigate technological advancements, regulatory changes, and data privacy...more
UK financial regulators recently published their supervisory expectations for critical third party service providers (CTPs) to the financial sector under the United Kingdom’s new regime extending regulatory oversight to CTPs....more
The UK Financial Conduct Authority (FCA) on October 31, 2024 published observations and key lessons from how firms responded to the CrowdStrike IT outage. The outage caused disruption across several industries globally, and...more
In the weeks following a defective software update that disrupted several industries globally, including financial services, aviation, retail, and emergency services, remediation efforts remain ongoing while organizations...more
The European Securities and Markets Authority (ESMA) recently published its first formal guidance on the use of artificial intelligence (AI) in the provision of retail investment services. The guidance outlines AI’s potential...more
In our latest blog post on preparing for the EU’s Digital Operational Resilience Act (DORA), entering into force on January 17, 2025, we take a look at second-level requirements under DORA covering the classification and...more
The European Union’s new AI Act (the Act) went into efect on 1 August 2024. The Act is the first-ever comprehensive law focused on artifcial intelligence and machine learning (collectively, AI). The Act impacts many...more
Beginning January 17, 2025, financial entities based in the European Union must have in place processes and policies, and mandatory contract provisions with their third-party technology vendors, that comply with the EU...more
As the United Kingdom prepares for the upcoming general election on July 4, 2024, attention turns to if there will be a potential change in government. This transition may not only bring changes in fiscal governance, but also...more
In this blog post we explore build-operate-transfer (BOT) models in relation to businesses setting up offshore delivery centers, commonly becoming known as Global Capability Centers (GCCs). Morgan Lewis is seeing a rise in...more
Starting January 17, 2025, financial entities based in the European Union must have in place processes and policies, as well as mandatory contract provisions with their third-party technology vendors, that comply with the...more