Starting as of Friday, January 17, 2025, financial entities must now be compliant with the EU’s Digital Operational Resilience Act (DORA). Implementation efforts have accelerated in recent months to meet the deadline and in...more
The European Securities and Markets Authority (ESMA) recently published its first formal guidance on the use of artificial intelligence (AI) in the provision of retail investment services. The guidance outlines AI’s potential...more
In our latest blog post on preparing for the EU’s Digital Operational Resilience Act (DORA), entering into force on January 17, 2025, we take a look at second-level requirements under DORA covering the classification and...more
The European Union’s new AI Act (the Act) went into efect on 1 August 2024. The Act is the first-ever comprehensive law focused on artifcial intelligence and machine learning (collectively, AI). The Act impacts many...more
Beginning January 17, 2025, financial entities based in the European Union must have in place processes and policies, and mandatory contract provisions with their third-party technology vendors, that comply with the EU...more
The Dutch Data Protection Authority—the Autoriteit Persoonsgegevens (AP)—recently announced that it will in many cases regard scraping of personal data by private sector organizations as an infringement of the EU General Data...more
Beginning January 17, 2025, the European Union’s Digital Operational Resilience Act (DORA) will require financial entities to maintain and submit to EU regulators a comprehensive register of their contractual arrangements...more
The European Central Bank (ECB) has published data showing that banks are increasingly using third-party providers to support their critical functions. However, more than 10% of outsourcing contracts covering critical...more
A recent decision by the Court of Justice of the European Union will extend the EU General Data Protection Regulation’s automated decision-making restrictions to many present and future use cases of such technologies. While...more
After lengthy negotiations, representatives of the EU Council, European Parliament, and European Commission have reached a compromise in principle on rules for the use of artificial intelligence (AI), ushering in new...more
The UK communications regulator and concurrent competition authority, Ofcom, announced on April 5 its proposal to refer the UK cloud services market to the Competition and Markets Authority (CMA) for further investigation....more
On September 15, the EU Commission published a proposal for a Cyber Resilience Act (Proposed CRA), which builds on the 2020 EU Cybersecurity Strategy and the 2020 EU Security Union Strategy, with the aim of ensuring the...more
As part of our Spotlight series, we speak with Simon White, one of the most senior and experienced technology lawyers in the UK market, who has held roles including deputy counsel, Chief Privacy Officer, and GC EMEA LATAM at...more
The German Higher Regional Court of Karlsruhe (OLG Karlsruhe) recently repealed the July 13, 2022, decision of the Procurement Chamber of the German state of Baden-Württemberg that had argued that the mere risk of access to...more
The financial services regulations relating to outsourcing by Luxembourg-headquartered financial institutions have been significantly simplified by the introduction of the Commission de Surveillance du Secteur Financier...more
Investment in UK technology companies continues apace, with 2021 marking another record year. The UK government announced in December 2021 that the UK tech sector achieved its “best year ever” in 2021 through investments...more
The Board of the International Organization of Securities Commissions (IOSCO) has published a set of revised outsourcing principles for regulated entities. IOSCO is an international policy forum for securities regulators and...more
11/19/2021
/ Confidential Information ,
EU ,
European Securities and Markets Authority (ESMA) ,
Financial Conduct Authority (FCA) ,
Financial Markets ,
Information Security ,
IOSCO ,
Outsourcing ,
Prudential Regulation Authority (PRA) ,
Regulatory Agenda ,
Regulatory Oversight ,
Securities Regulation ,
UK
Following an initial announcement in early 2021, the UK government has recently launched its first National Artificial Intelligence (AI) Strategy. This new strategy indicates that the United Kingdom may be planning on...more
The European Cloud User Coalition (ECUC) published a paper (the Position Paper) on May 17 recommending, among other matters, the adoption of “model clauses” for the long-term compliant use of cloud technologies....more
6/15/2021
/ Banks ,
Cloud Computing ,
Cloud Service Providers (CSPs) ,
Consumer Service Agreements ,
Cybersecurity ,
Data Privacy ,
Data Processors ,
Data Security ,
EU ,
European Commission ,
Financial Institutions ,
FinTech ,
Innovative Technology ,
Model Clauses ,
Standard Contractual Clauses
The European Securities and Markets Authority (ESMA) on May 10 published final guidelines on outsourcing to cloud service providers (ESMA Guidelines) to help firms and competent authorities identify, address, and monitor the...more
5/18/2021
/ Cloud Computing ,
Cloud Service Providers (CSPs) ,
Competent Authority (CA) ,
EU ,
European Securities and Markets Authority (ESMA) ,
Investment ,
Outsourcing ,
Regulatory Requirements ,
Reporting Requirements ,
Service Agreements ,
UCITS
The European Commission adopted a roadmap for the European Union's digital economy until 2030 on February 10, 2021. The roadmap aims to provide the following: This digital transformation targets European citizens, businesses,...more
In December 2019, we published a blog post introducing open banking; here, we provide an update for 2020. To briefly summarize, open banking comprises a set of rules which permit third-party providers (TPPs) of financial...more
10/1/2020
/ Cyber Crimes ,
Cybersecurity ,
Data Collection ,
Data Management ,
EU ,
Financial Institutions ,
Financial Services Industry ,
Open Banking ,
Personal Data ,
Risk Management ,
Third-Party Service Provider ,
UK Competition and Markets Authority (CMA)
The UK Financial Conduct Authority (FCA) announced on July 8 that the guidelines issued by the European Insurance and Occupational Pension Authority (EIOPA) on outsourcing to cloud service providers are not applicable to...more
The European Securities and Markets Authority (ESMA) published its draft guidelines on outsourcing to cloud service providers on June 3. Steven Maijoor, the chair of ESMA, indicated that the purpose of the guidelines is to...more
The UK government has indicated that the UK’s approach to public procurement will fundamentally change post-Brexit. While it remains to be seen whether such a fundamental change will be possible in practice, the UK...more