Stop press! As we were about to publish this edition, the government announced details of the new Cyber Security and Resilience Bill which will be introduced to Parliament later this year. We’ll be covering it in detail in upcoming commentary.

Here’s your top 3

#1: Unlocking the potential of personal data

We’ve heard a lot in recent months about the government’s growth agenda and the role that the various regulators are playing to support it.

The Information Commissioner’s Office recently announced a package of measures to drive economic growth. They include introducing a statutory code of practice for private and public sector businesses developing or deploying AI and new guidance on international data transfers. The Information Commissioner says that we’ll hear more in the coming months about exactly how the regulator plans to deliver on its commitments.

In related news, the Information Commissioner said in a recent speech that the ICO’s focus on AI and biometrics continues. Topics include foundation models, automated decision-making in recruitment and by government and how police forces use facial recognition technology. The ICO will closely scrutinise any proposed deployment of predictive profiling that could affect people’s rights.

#2: New Data Bill expected to pass in coming weeks

The Data (Use and Access) Bill is expected to be ready this spring as it makes its way swiftly through the various legislative stages.

The Information Commissioner published an updated response to the Bill after it completed its passage through the House of Lords. Significant debate centres on the proposed reforms which would remove the current general restriction on automated decision-making with a legal or similarly significant effect. There’s concern in some circles that this and other provisions could affect the UK’s data adequacy status which was due for renewal in June. The European Commission has proposed extending the current adequacy decisions until December to allow the new Bill to be enacted in the meantime.

In other developments, the House of Commons Public Bill Committee voted to remove clauses covering transparency and compliance with UK copyright law by operators of web crawlers and general-purpose AI models. Major planned changes to AI copyright are the subject of a separate recent consultation discussed by our Head of Intellectual Property, Trade Marks & Designs Alan Harper in this recent briefing.

#3: Transitioning to quantum-resistant encryption

We’ve talked in a number of recent editions about the rise of quantum technologies and the importance of preparing for them. In a significant development, the UK’s National Cyber Security Centre has unveiled a roadmap for organisations to migrate to post-quantum cryptography to mitigate the threat from future quantum computers.

The guidance sets out a three-phase timeline for organisations to transition to quantum-resistant encryption methods by 2035. The NCSC says that, while the timelines are relevant to all organisations, its guidance is primarily aimed at technical decision-makers and risk owners of large organisations, operators of critical national infrastructure systems including industrial control systems, and companies that have bespoke IT.

More legal and regulatory developments…

• The Master of the Rolls confirmed in a recent speech that the UK Jurisdiction Taskforce is currently working on producing a legal statement on liability for harms caused by AI.
• The Artificial Intelligence (Regulation) Bill was reintroduced to the House of Lords after being dropped ahead of the general election. While private members’ bills such as this one rarely become law, they can provoke debate and put pressure on the government. This bill comes at a crucial time, as we await publication of the government’s own bill on AI-specific legislation. There are no plans for wide-ranging legislation similar to the EU AI Act.
• The Financial Conduct Authority and ICO wrote a joint letter to trade association chairs and CEOs inviting them to attend a roundtable on 9 May 2025 to further develop both regulators’ understanding of the challenges faced by firms in relation to the use of AI and other tech and to make sure they continue to provide effective advice and guidance.
• The ICO and Competition and Markets Authority published a joint article on harnessing innovation and growth opportunities from AI foundation models.
• The FCA is seeking views on removing or increasing the £100 contactless limit. Feedback is requested by 9 May 2025.
• The ICO fined an IT and software provider of services to the NHS and others £3 million following a 2022 ransomware attack. The Information Commissioner is urging all organisations to make sure that every external connection is secured with multi-factor authentication.
• The ICO reiterated that online targeted advertising should be considered as direct marketing after Facebook agreed to stop targeting adverts at an individual user using personal data.
• A final report into mobile browsers and cloud gaming found that mobile browser markets aren’t working well for UK consumers and businesses, which is holding back innovation and could be limiting growth.
• The CMA’s Chief Executive delivered a wide-ranging speech on ‘promoting competition and protecting consumers in the digital age: a roadmap for growth’.
• Online platforms must start putting in place measures under the new Online Safety Act to protect people from criminal activity. Reducing online fraud is one of eight targets identified by regulator Ofcom for immediate action.

…and in other news

• The government responded to the call for views on a code of practice for software vendors and published a report on open source software best practices and supply chain risk management. A finalised code will be published in 2025. While the proposed audience is senior leaders in software vendor organisations, feedback suggests that it would be a helpful supply chain management tool for organisations procuring software.
• The government published a diagram showing how the five cybersecurity codes of practice apply to different organisations and technologies.
• The NCSC published guidance for organisations setting up a ‘privileged access workstation’ solution. The NCSC says that, when designed and implemented in the right way, this is an indispensable tool for organisations to help defend against real-world cyber threats.
• The UK Technology Secretary has been ‘banging the drum for closer AI partnership with the US’ in a recent visit to the country.
• This is one of a flurry of recent press releases from the Department for Science, Innovation and Technology, including: a British start-up winning the £1 million Manchester Prize in AI; the British space sector securing record-breaking contracts; a raft of new initiatives to supercharge innovation; and a third group of start-ups selected to bring new semiconductor products to market.
• A multi-billion pound data centre in Northumberland was given the green light by planners.
• The University of Oxford announced plans to expand its AI offering and capabilities with OpenAI, while a major new policy school due to open in the autumn at Cambridge University will research plugging AI into the private and public sectors.

How we can support you

If you have queries about any of the points covered in this edition of the Technology & Digital round-up, or need further advice or assistance, please get in touch with Sally, Nick, Andrew, Luke or one of our Technology & Digital experts.

Want to watch a previous webinar? Visit our digital academy, home to a library of digital content including webinars, our bite-sized video nuggets and podcasts, including our 60 second videos on what is an NFT and what is a blockchain.

Want to learn more from our Technology & Digital experts and be the first to receive important updates, developments and events from the team? Then visit our #WMTechTalk page or sign up for our newsletter, the Technology & Digital round-up here.