#1: £12.7m ICO fine after GDPR infringements

The Information Commissioner’s Office (ICO) has welcomed a ruling by the First-tier Tribunal confirming its authority to issue a £12.7 million penalty to TikTok for unlawfully processing the personal data of children under 13, rejecting TikTok’s argument that its activities were protected under “special purposes” exemptions for artistic or journalistic content. The Tribunal found that the penalty notice was focused on safeguarding children’s data and did not fall under those exemptions, allowing the case to proceed to a full hearing. The ICO sees this decision as a significant step in holding digital platforms accountable for data protection, especially concerning children’s privacy.

#2: Supercomputing and AI Collaboration between UK and France

The UK and France have launched a joint initiative to strengthen the resilience of critical infrastructure—such as power supplies, transport, and emergency services—against hostile threats by developing advanced navigation and timing systems that are resistant to signal jamming. This includes collaboration on technologies like e-LORAN, a ground-based alternative to GPS, and broader partnerships in AI supercomputing and research. The initiative was announced during a visit by President Macron and UK Science and Technology Secretary Peter Kyle to Imperial College London, highlighting the strategic importance of UK-France cooperation in science, technology, and national security.

#3: ICO address their approach to a Ministry of Defence data breach

The ICO published two articles addressing its response to the Ministry of Defence (MoD) data breach involving the accidental exposure of personal information of Afghan nationals who supported British forces. The first article outlines the ICO’s approach, explaining its decision not to take further regulatory action due to the MoD’s swift internal investigation, the sensitive nature of the data, and the extensive mitigation efforts already undertaken. The second article is a formal statement reaffirming the seriousness of the breach, the ICO’s involvement in supporting the investigation, and its commitment to ensuring lessons are learned to prevent similar incidents in the future. Together, the articles highlight the balance between accountability, national security, and data protection.

#4: Notifiable Acquisition Regulations

The UK Government is consulting on changes to the scope of the Notifiable Acquisition Regulations (NARs) under the National Security and Investment Act 2021 (NSI Act). The NSI Act gives the Government powers to scrutinise and intervene in acquisitions of control of entities and assets in, or connected to, the UK economy that may pose a risk to national security. Where a target entity carries out activities in any of 17 sensitive areas of the economy described in the NARs, an acquisition of control over that entity will trigger a mandatory notification requirement.

The Government proposes to amend, among others, the definition of the Artificial Intelligence (AI) sector to remove the development of AI systems which are available to consumers, which it recognises are low risk. The focus will shift to assessing cases where the target is looking to create a new AI system, improve the capability of an AI system to do new things, the same things quicker, or the same things better. Entities that test the safety of AI systems, evaluate the risk of disinformation or misinformation, or conduct research into the capabilities of AI systems that could potentially create a risk to the health, safety or security of persons, will be in scope.

The Government is also proposing to create a standalone Semiconductors sector (currently captured in part by the Advanced Materials sector) and merge it with the Computing Hardware sector. The draft definition for the Semiconductors sector adds advanced packaging techniques and activities involving the wider design process of processing units and memory chips, such as R&D. It also has more comprehensive coverage of semiconductor-related devices and advanced chip designs.

The consultation ends on 14 October 2025. Click here to respond. If you have any questions on the NSI Act, please contact the WM Competition team.

More funding developments…

• The UK government is allocating at least £30 million to local leaders in every UK nation to boost regional innovation in science and technology, aiming to drive economic growth and improve lives through transformative research.
• The UK government has launched a £54 million Global Talent Fund, empowering 12 leading universities and research institutions to attract top international researchers in key sectors like AI and life sciences, as part of a broader strategy to boost innovation and economic growth.
• Meta and the Alan Turing Institute have backed $1m into a UK Government Open-Source AI Fellowship to bring AI experts into government to build open-source AI that improves public services and national security.
• Hundreds of UK tech start-ups and other innovative businesses can now apply for government support to protect their intellectual property from powerful competitors, including threats from other states and hostile actors.

…and in other news

• Google Cloud is working with the Government to help public services use advanced tech and leave behind legacy contracts which leave essential services vulnerable to cyber attacks.
• M&S are using AI technology on four smart farms to drive agricultural efficiency as part of its bid to hit net zero by 2040.
• Windows 10 is nearing end of life: the National Cyber Security Centre has provided guidance on how to prepare your organisation for Windows 11 before Autumn 2025.
• Ofcom have begun to enforce age checking services against online platforms with content that could potentially be harmful to children.
• The NCSC has issued an alert urging UK organisations to immediately apply security updates to mitigate two actively exploited vulnerabilities in Microsoft SharePoint Servers that allow unauthenticated remote code execution on on-premises installations.
• This year marks 2 years since the Freedom of Information Act came into force, and the ICO reports on FOI compliance across NHS trusts in England.
• The UK government has publicly identified Russian military intelligence group APT28 as responsible for deploying previously unknown malware to conduct espionage by targeting victim email accounts.
• Ofcom are proposing to strengthen guidance to telecoms companies on how to protect people from international scam calls that imitate UK mobile numbers.
• The NCSC’s release of CAF v4.0 enhances the Cyber Assessment Framework to better support essential service providers in managing growing cyber threats through clearer guidance, improved usability, and alignment with evolving risk landscapes.

How we can support you

If you have queries about any of the points covered in this edition of the Technology & Digital round-up, or need further advice or assistance, please get in touch with Sally, Andrew, Nick, Paul, Luke or one of our Technology & Digital experts.

Want to watch a previous webinar? Visit our digital academy, home to a library of digital content including webinars, our bite-sized video nuggets and podcasts, including our 60 second videos on what is an NFT and what is a blockchain.

Want to learn more from our Technology & Digital experts and be the first to receive important updates, developments and events from the team? Then visit our #WMTechTalk page or sign up for our newsletter, the Technology & Digital round-up here.