Tech & Sourcing @ Morgan Lewis

In Part 1 of our Cracking AI and Outsourcing Conundrums series, we discussed at a high level the challenges of requiring outsourcing providers to drive generative AI (GenAI) innovation while at the same time complying with companies’ AI policies. One of the challenges we identified was that many outsourcing agreements impose aggressive savings commitments, to be realized through the implementation of technology solutions that enable headcount or other cost reductions.

The European Court of Justice (CJEU) recently issued a significant final decision affecting the online advertising industry, particularly concerning the Transparency and Consent Framework (TCF) developed by the Interactive Advertising Bureau (IAB) Europe. This framework is widely used across the industry to manage users' consent preferences for data processing, known as the Transparency and Consent String (TC String). In essence, the TCF is designed to facilitate the buying and selling of online advertising space by these operators. Here's a breakdown of the court's ruling and its potential implications.

Innovation: all companies want their outsourcing providers to be at the forefront, whether accomplished by proposing ideas, implementing solutions as part of their business-as-usual services, or offering savings based on productivity commitments or other demonstrable business impact. Some outsourcing providers may even use innovation as a key differentiator during the sales cycle, putting real dollars at risk if innovation projects don’t realize promised savings. And what innovation is more top of mind presently than the use of artificial intelligence?

The US Cybersecurity and Infrastructure Security Agency (CISA) has recently released draft rules that are set to reshape how critical infrastructure companies report cyberattacks to the US government. The rules are designed to improve the country's cybersecurity by making sure cyber incidents are reported quickly and thoroughly. This could help create a clearer understanding of cyber threats and may mitigate against future cyberattacks.

In Part 1, we discussed how companies rely on social media influencers to promote their products and services online, and certain items to consider when drafting an influencer agreement. In this Part 2 blog post, we’ll focus on drafting from the influencer’s side of the table.

As consumer products and services companies continually seek to find ways to market to their consumer base, over the last several years, many companies have begun relying on social media influencers to promote their products and services online. In this post, we’ll discuss some key areas a contract drafter may consider when drafting a social media influencer agreement on behalf of a company.

Please join us on Wednesday, April 10, 2024 from 12:00–1:00 pm ET, as partners Kristin Hadgis and Don Shelkey and of counsel Eric Pennesi discuss the latest trends in commercial contracts negotiations, including negotiating artificial intelligence (AI) provisions and recent trends in privacy and security.

New ICT incident reporting requirements under Circular 24/847 (Circular) of the Commission de Surveillance du Secteur Financier (CSSF), Luxembourg’s financial regulator, will come into effect on April 1. This introduces a new ICT-related incident reporting framework and underscores the critical importance of proactive measures in safeguarding financial institutions against ICT and cyber threats.

“March Madness” started early this year as the US District Court for the Eastern District of Tennessee recently granted a preliminary injunction enjoining the National Collegiate Athletic Association (NCAA) from enforcing rules prohibiting student-athletes from negotiating name, image, and likeness (NIL) agreements with third parties, including NIL collectives (i.e., “organizations created by alumni, boosters, or businesses with the purpose of providing NIL opportunities to their school’s athletes”), before the student-athlete enrolls in a particular college or university.

The European Central Bank (ECB) has published data showing that banks are increasingly using third-party providers to support their critical functions. However, more than 10% of outsourcing contracts covering critical functions are not compliant with the relevant regulations. During a key year for EU financial institutions and their critical service providers—with implementation projects for the Digital Operational Resilience Act (DORA) well underway—the ECB signals that outsourcing and resiliency, particularly risks associated with cloud outsourcing and concentration risks, will be a top priority on its supervisory agenda.