Here’s your top 3

The government has published its much-anticipated Cyber Governance Code of Practice and is urging directors and company boards to shore up their cyber defences using the new guidance. The Code, which is voluntary at this stage, is described as a first point of reference and is part of a wider governance package which includes online training modules. It shows how senior leaders can build resilience to a wide range of cyber risks.

The Cyber Security and Resilience Bill moved a step closer, with the government publishing a policy statement on the legislative proposals and confirming that the Bill will be introduced to Parliament later this year.

The government is particularly concerned about supply chain vulnerabilities and their effect on essential services. The Bill will make crucial updates to the current framework – the Network and Information Systems Regulations 2018 – including bringing managed service providers (and possibly data centres) into the scope of regulation and strengthening supply chain security.

Current incident reporting requirements for entities regulated under the NIS Regulations will be improved. This is separate from recent proposals to introduce a ransomware incident reporting regime, with the government exploring whether this should be economy-wide or only affect organisations and individuals meeting a certain threshold. The government is keen to make sure that future frameworks are aligned and don’t create duplication.

The European Commission launched an ambitious AI Continent Action Plan to boost the EU’s AI innovation capabilities and make it a global leader in AI.

A network of AI factories will strengthen Europe’s AI and supercomputing infrastructure, and the Commission is calling for ideas to set up AI gigafactories which will ‘lead the next wave’ of frontier AI models.

The Commission is currently consulting on proposals for a Cloud and AI Development Act to stimulate private sector investment in cloud capacity and data centres.

And with AI adoption among EU companies on the low side at 13.5%, the Commission is also consulting on a new ‘Apply AI Strategy’ to develop tailored AI solutions and boost their industrial use and full adoption in strategic sectors such as healthcare, automotive and advanced manufacturing.

Regulatory simplification is another key pillar of the Action Plan. A new AI Act Service Desk will launch in summer 2025 to help businesses comply with the EU AI Act.

On the subject of the EU AI Act, the Commission’s AI Office launched a new survey for organisations to share their examples of AI literacy practice to feed into a ‘living repository’. And the Commission is currently consulting on non-binding guidance on general-purpose AI models. The guidelines and a final code of practice are expected to be published ahead of August 2025.

In the latest article in our series on the EU AI Act, we focus on the strict obligations associated with high-risk systems and what steps in-scope businesses can take now.

On 6 April 2025, the long-awaited changes to the consumer protection regime under the Digital Markets, Competition and Consumers Act came into effect.

‘Drip pricing’ – where a consumer is given an initial price for a product, only for additional, mandatory charges to be revealed as the transaction proceeds – is now an offence. Businesses must include all mandatory charges in the headline price of the product.

Fake reviews are also banned. The scope of this practice is broad and covers a wide range of activities, from publication to the offering of related services. Businesses now have a duty not only to prevent the publication of fake reviews but also to take proactive steps to remove them from their websites.

These changes are backed up by a new dual enforcement regime which means that both the courts and the Competition and Markets Authority have jurisdiction over enforcement. The regulator has the power to impose fines of up to 10% of a firm’s global turnover.

The CMA has published guidance on unfair commercial practices, its approach to consumer protection, and specific guidance on fake reviews.

Measures protecting against subscription traps will come into effect in April 2026.

More legal and regulatory developments…

• We touched in a recent briefing on technology’s growing role in sports. Join us for a free webinar on 7 May on managing digital transformation projects and navigating the legal challenges in this sector.
• Our Construction & Engineering and Planning experts recently discussed the legal and technical considerations in data centre development.
• The ICO said that more can be done by the financial services sector when dealing with children’s data, as it concluded its review and set out areas of good practice and room for improvement.
• The ICO published new guidance on anonymisation and pseudonymisation.
• In a statement on police use of facial recognition technology, the ICO confirmed that an AI and biometrics strategy will launch later in spring.
• The FCA’s head of innovation services wrote a blog post feeding back on the regulator’s recent AI Sprint event and setting out next steps.
• The Law Commission published its second consultation paper examining the law around autonomous flight to support the safe development of rapidly advancing technology. An earlier paper looked at drones and vertical take-off and landing aircraft. Final recommendations for reform and a final report will follow.
• Ofcom finalised new rules for children’s safety on sites and apps under the Online Safety Act.
• The Courts and Tribunals Judiciary published updated guidance to assist judicial office holders in relation to the use of AI.
• The European Accessibility Act, a directive to improve the accessibility of products and services in the EU, takes effect on 28 June 2025. The focus is primarily on digital products and services, including consumer banking and e-commerce. Retailer websites, for example, will need to be updated to make sure they comply with certain accessibility requirements. While this is EU legislation, it extends to any businesses offering the relevant goods or services in the EU, even if they’re based in the UK.
• Big Tech continues to come under scrutiny, with Google facing a multi-billion pound damages action on behalf of UK search advertisers; the European Commission fining Apple and Meta €500 million and €200 million respectively for breaches of the Digital Markets Act; and Google under fire in the US over antitrust laws.

…and in other news

• The NCSC published guidance for organisations setting up a ‘privileged access workstation’ (PAW) solution. The NCSC says that, when designed and implemented in the right way, this is an indispensable tool for organisations to help defend against real-world cyber threats. It describes a PAW as a highly restricted and audited physical device that helps an organisation minimise the attack surface for its high-risk systems.
• The NCSC also published new guidance on securing HTTP-based APIs (application programming interfaces).
• The government unveiled £13.9 billion of research and development funding in areas including life sciences, green energy and space, to drive growth and innovation.
• The first meeting of the UK’s AI Energy Council took place on 8 April. With AI advancement a key component of the government’s growth agenda, the Council was launched to support the use of sustainable energy to power AI.
• The government is investing £121 million in quantum technology to tackle crime, fraud, and money laundering. This is part of the UK’s National Quantum Technologies Programme.
• A European-first semiconductor facility was launched in Southampton.
• A Scottish boarding school announced that it’s the first school in the UK to accept Bitcoin for tuition payments.
• And finally, the BBC reported on plans to put data centres in orbit and on the Moon.

How we can support you

If you have queries about any of the points covered in this edition of the Technology & Digital round-up, or need further advice or assistance, please get in touch with Luke, Nick, Sally, Sarah or one of our Technology & Digital experts.

Want to watch a previous webinar? Visit our digital academy, home to a library of digital content including webinars, our bite-sized video nuggets and podcasts, including our 60 second videos on what is an NFT and what is a blockchain.

Want to learn more from our Technology & Digital experts and be the first to receive important updates, developments and events from the team? Then visit our #WMTechTalk page or sign up for our newsletter, the Technology & Digital round-up here.