Here’s your top 3

#1: The ‘AI literacy’ requirement under the EU AI Act

The landmark EU AI Act came into force on 1 August 2024. We’ve published a couple of snapshot pieces on the new Act – the first article provides an overview of the key elements, while the second article looks at who has to comply. Watch out for further articles in this series. Crucially, UK businesses may be subject to the Act if they deploy AI in the EU.

“While most of the Act’s provisions will apply in 2 years’ time, it’s important to be aware of the ‘AI literacy’ requirement which will apply from 2 February 2025. Providers and deployers of all AI systems (as defined) must take measures to ensure a sufficient level of AI literacy of their staff and others dealing with the operation and use of AI systems on their behalf. Practically, this means implementing appropriate training programmes and policies and procedures to ensure compliance. 

“If your business is caught by the Act, start thinking now about the steps you will take to make sure staff and others are AI literate, so that you can comply by the 2 February 2025 deadline.”

– Luke Jackson, Director, Commercial

#2: Preparing for a new digital markets competition regime

We mentioned back in July that the Digital Markets, Competition and Consumers Act was finally passed. The Act will significantly expand the Competition and Markets Authority’s powers to enforce consumer protection laws, allowing it to impose fines of up to 10% of worldwide group turnover on businesses that break the rules. There’s a new regulatory regime for digital markets, allowing the CMA to impose additional conduct requirements on firms with ‘strategic market status’ and to make ‘pro-competitive interventions’, including divestment of businesses, where markets aren’t functioning properly. In relation to merger control, the Act gives the CMA jurisdiction to review a transaction where 1 party has a share of supply of 33% or more and UK turnover of £350 million and the other has a UK nexus. The turnover threshold for CMA jurisdiction increases from £70 million to £100 million, and any transaction where both parties have UK turnover of £10 million or less is excluded from CMA jurisdiction.

“We’ve seen a flurry of recent activity from the CMA as it prepares for implementation of the Act. The regulator is currently consulting until 11 September 2024 on its draft rules and procedural guidance covering its consumer enforcement powers under the Act. It’s also consulting on a package of draft updated mergers guidance documents until 12 September 2024. The CMA also recently announced that it had closed its existing Competition Act cases into Google’s Play Store and Apple’s App Store as it plans for the roll out of the new regime.

“We’ll be publishing further guidance on how to prepare for these changes once regulations are passed establishing a commencement date for the Act. Watch this space.”

– Sarah Ward, Partner, Competition

#3: A cautionary reminder over data and cyber security

The UK’s Information Commissioner’s Office has provisionally decided to impose a fine of £6 million on a software provider following a 2022 ransomware incident that disrupted NHS and social care services. Its initial finding is that the provider failed to implement measures to protect the personal data, including sensitive personal data, of over 80,000 people.

“While the ICO has yet to make a final decision as to breach and the amount of any financial penalty, this incident and associated provisional fine serves as a cautionary reminder to both data processors and controllers of their responsibilities under data protection law and the consequences of failure”.

– Nick Stubbs, Partner, Commercial

More legal and regulatory developments…

• As part of its consultation series on generative AI and data protection, the ICO is consulting until 18 September 2024 on the allocation of accountability for data protection compliance across the generative AI supply chain.
• The Bank of England published a discussion paper on its approach to innovation in money and payments. Feedback is requested by 31 October 2024.
• Following the recent unrest in parts of the UK, Ofcom wrote an open letter to UK online service providers about their responsibilities. New duties on tech firms to protect their users from illegal content, under the Online Safety Act, come into force later this year. Ofcom is consulting until 4 October 2024 on draft industry guidance on transparency reporting and information gathering under the Act.
• The Dutch Data Protection Authority fined Uber €290 million for failing to appropriately safeguard European taxi drivers’ personal data transferred to the US, in breach of GDPR.
• The European Commission’s new AI Office is consulting until 18 September 2024 on trustworthy general-purpose AI models under the EU AI Act. It recently invited stakeholders to participate in drawing up the first general-purpose AI code of practice.
• The Law Commission published a supplemental report and draft Bill to confirm the existence of a distinct category of personal property rights, capable of accommodating crypto-tokens and other digital assets.
• Mattress firm Simba Sleep agreed to change its online selling practices following a CMA investigation.
• The CMA is investigating both Google’s and  Amazon’s partnerships with Anthropic.
• The Guardian recently reported that Anthropic is being sued by 3 authors in the US for copyright infringement over the way it trains AI-powered chatbot Claude.
• And the BBC reported on the recent ruling by a US judge that Google’s online search monopoly is illegal.

…and in other news

• The government announced a new project aimed at enhancing AI’s ability to help teachers mark work and plan lessons.
• Other recently announced initiatives include: a second group of semiconductor start-ups joining the government-backed chip support service ChipStart; and the unveiling of numerous AI projects set to receive a share of £32 million in government funding.
• The Guardian reported that the ‘algorithmic transparency reporting standard’ is now mandatory for all government departments following concerns that AI tools used on the UK public are racist and biased.
• A couple of recent stories from the BBC highlight the use of AI in healthcare: a ‘game changing’ AI model that detects hidden heart attack risk; and AI tech which is being kept after a successful cancer trial.
• The National Cyber Security Centre published a blog post setting out the different cyber services it offers to help organisations protect themselves.
• Another recent blog post explains how the NCSC will help organisations plan their migration to post-quantum cryptography.
• The government is conducting a survey of UK businesses to understand how it can support innovation and shape future policies.
• The TransiT hub is a new national collaboration of 8 universities and 67 partners across the transport, energy and digital sectors, focused on rapidly decarbonising transport in the UK. The hub will cover road, rail, air and maritime. It has already secured £46 million and will identify the lowest cost, least risky and most energy-efficient way to decarbonise transport by developing a digital twinning approach.
• The UK Civil Aviation Authority announced that 6 projects have been selected for new trials which will see drones used in everyday life.
• And finally, the Guardian picked up on the story of a mayoral candidate in Wyoming who planned to let an AI bot run the local government. It turned out voters weren’t so keen on the idea and the candidate ultimately conceded the race.

How we can support you

If you have queries about any of the points covered in this edition of the Technology & Digital round-up, or need further advice or assistance, please get in touch with Sally, Nick, Luke or one of our Technology & Digital experts.

Want to watch a previous webinar? Visit our digital academy, home to a library of digital content including webinars, our bite-sized video nuggets and podcasts, including our 60 second videos on what is an NFT and what is a blockchain.

Want to learn more from our Technology & Digital experts and be the first to receive important updates, developments and events from the team? Then visit our #WMTechTalk page or sign up for our newsletter, the Technology & Digital round-up here.