Tech & Sourcing @ Morgan Lewis

Dr. Sultan Almasoud, managing partner of Morgan Lewis’s Riyadh office, has been closely involved in the Kingdom of Saudi Arabia’s rapid evolution into a global hub for innovation. His insights on the questions below shed light on the trends reshaping technology and esports—and the opportunities they unlock for investors and operators entering the market.

Kari Krusmark, a partner in our technology transactions, outsourcing, and commercial contracts practice, is a leading advisor in complex technology initiatives, outsourcing arrangements, and digital transformation projects. With deep background guiding global companies through high-value technology deals, evolving regulatory requirements, and vendor ecosystem shifts, Kari has a unique perspective on how organizations should prepare for the rapidly changing technology and outsourcing landscape. Her insights highlight the key trends shaping 2026 and what businesses should be doing now to stay ahead.

The UAE and Saudi Arabia have rapidly transformed into two of the most dynamic technology markets in the world. Driven by ambitious national strategies—Dubai’s digital-first initiatives and Saudi Arabia’s Vision 2030—both countries are positioning themselves as regional leaders in artificial intelligence, cybersecurity, fintech, cloud computing, and smart infrastructure. Despite extraordinary public-sector investment and momentum, the path to sustained innovation and commercialization is shaped by a mix of high-value opportunities and structural challenges.

The European Parliament recently published a report (the Report) on the interplay between several key EU digital regulations to assess overlap and gaps and highlight the regulatory complexity that these different regimes have collectively imposed on businesses.

Morgan Lewis’s technology, outsourcing, and commercial contract team, along with Boston Consulting Group, recently hosted a roundtable dinner in London, during which senior stakeholders from technology suppliers and large businesses discussed how the rapid evolution of artificial intelligence (AI) is impacting offshoring and outsourcing.

The European Supervisory Authorities (ESAs) published on November 18, 2025 a list of 19 critical information and communications technology (ICT) third-party providers (CTPP) that will be subject to direct oversight under the EU Digital Operational Resilience Act (DORA). The list includes hyperscale cloud providers, data center providers, infrastructure and network providers, and providers of financial services-specific technology.

Open-source software (OSS), by its nature, is sometimes overlooked as part of technology transactions. OSS is often a key aspect of a business’s software ecosystem, whether it is used in internal systems or forms a fundamental part of solutions that are sold to customers or used to provide services to customers; however, OSS often sits in the background, as a foundation of a software solution, and can therefore go unconsidered by those not familiar with its uses, benefits, and risks.

Please join us for a webinar co-hosted with local Indian counsel examining the key issues impacting deployment and use of technology in India.

The European Banking Authority (EBA) recently published a consultation paper (Consultation) that proposes to expand third-party risk management requirements for certain EU-regulated financial entities. The Consultation would extend the EBA’s current guidelines around outsourcing arrangements (EBA Guidelines) to all third-party services arrangements, excluding those services that are within scope of the EU Digital Operational Resilience Act (DORA), and would add further requirements to the existing guidelines, aligning with those requirements introduced under DORA.

Mike Pierides co-authored an article in the Journal of Securities Operations & Custody which explores key themes of outsourcing and third-party risk management regimes that apply to financial entities and their service providers. The article serves as a compendium of key differences between regulatory expectations on resiliency and outsourcing, highlights key best practices and challenges to implementing these expectations, and, finally, considers the impact of artificial intelligence solutions on such regulatory expectations.