Tech & Sourcing @ Morgan Lewis

Please join us for our fifth annual Artificial Intelligence (AI) Boot Camp. Throughout the series, Morgan Lewis lawyers will explore the latest in AI developments, insights, usage, and integration, as they may impact companies of all sizes and across industries. Discussions will examine key challenges and opportunities presented by AI from a business and legal perspective.

Get ahead of the game by joining partner Don Shelkey and associates Charlotte Cavendish and Jesse Taylor on March 4, 2026, from 12:00 pm to 1:00 pm ET, for a discussion on emerging trends in sports business transactions. From artificial intelligence–driven fan engagement to innovative sponsorship models shaping the future of sports transactions, the Morgan Lewis team will explore the trends, opportunities, and challenges shaping these transactions.

Please join us on Thursday, February 5, 2026, from 12:00–1:00 pm ET as Morgan Lewis partners Don Shelkey and Heather Egan explore how artificial intelligence (AI) is transforming how business operate, innovate, and deliver value. The Tech & Sourcing team will dive into legal, commercial, and other strategic issues shaping AI adoption with topics ranging from contracting to compliance.

Join us for an enlightening webinar hosted by Morgan Lewis, Dawn of the GENIUS Era: Crypto Week, Stablecoin Summer, and What's to Come, at 11:00 am–12:00 pm EST on August 6, 2025.

In our latest blog post on preparing for the EU’s Digital Operational Resilience Act (DORA), entering into force on January 17, 2025, we take a look at second-level requirements under DORA covering the classification and reporting of major information and communications technology (ICT) related incidents. These requirements will need to be addressed through operational risk management frameworks and contract remediation efforts with technology vendors.

Beginning January 17, 2025, financial entities based in the European Union must have in place processes and policies, and mandatory contract provisions with their third-party technology vendors, that comply with the EU Digital Operational Resilience Act (DORA).

Starting January 17, 2025, financial entities based in the European Union must have in place processes and policies, as well as mandatory contract provisions with their third-party technology vendors, that comply with the EU’s Digital Operational Resilience Act (DORA). Financial entities are currently at varying stages of updating their operational risk management frameworks and remediating contracts with technology vendors. For banks, the European Central Bank has signaled that resiliency will be a top priority on its supervisory agenda.

Beginning January 17, 2025, the European Union’s Digital Operational Resilience Act (DORA) will require financial entities to maintain and submit to EU regulators a comprehensive register of their contractual arrangements with third-party information and communication technology (ICT) service providers. Financial entities are being given the opportunity to sign up for a voluntary reporting exercise by May 31, 2024, running between July and August 2024, to help them prepare for one of the most challenging aspects of implementing DORA.

The US Cybersecurity and Infrastructure Security Agency (CISA) has recently released draft rules that are set to reshape how critical infrastructure companies report cyberattacks to the US government. The rules are designed to improve the country's cybersecurity by making sure cyber incidents are reported quickly and thoroughly. This could help create a clearer understanding of cyber threats and may mitigate against future cyberattacks.

New ICT incident reporting requirements under Circular 24/847 (Circular) of the Commission de Surveillance du Secteur Financier (CSSF), Luxembourg’s financial regulator, will come into effect on April 1. This introduces a new ICT-related incident reporting framework and underscores the critical importance of proactive measures in safeguarding financial institutions against ICT and cyber threats.