Tech & Sourcing @ Morgan Lewis

The European Parliament recently published a report (the Report) on the interplay between several key EU digital regulations to assess overlap and gaps and highlight the regulatory complexity that these different regimes have collectively imposed on businesses.

Morgan Lewis’s technology, outsourcing, and commercial contract team, along with Boston Consulting Group, recently hosted a roundtable dinner in London, during which senior stakeholders from technology suppliers and large businesses discussed how the rapid evolution of artificial intelligence (AI) is impacting offshoring and outsourcing.

The European Supervisory Authorities (ESAs) published on November 18, 2025 a list of 19 critical information and communications technology (ICT) third-party providers (CTPP) that will be subject to direct oversight under the EU Digital Operational Resilience Act (DORA). The list includes hyperscale cloud providers, data center providers, infrastructure and network providers, and providers of financial services-specific technology.

The European Banking Authority (EBA) recently published a consultation paper (Consultation) that proposes to expand third-party risk management requirements for certain EU-regulated financial entities. The Consultation would extend the EBA’s current guidelines around outsourcing arrangements (EBA Guidelines) to all third-party services arrangements, excluding those services that are within scope of the EU Digital Operational Resilience Act (DORA), and would add further requirements to the existing guidelines, aligning with those requirements introduced under DORA.

Today’s retail operations depend on far more than the products on store shelves or the design of an ecommerce site. Behind the scenes, a fulfilment provider may rely on regional couriers, a payment processor on a cloud host, and a call center on an outsourced customer service team. These multi-tiered networks enable retailers to meet rising expectations for speed, convenience, and availability, but they also introduce points of failure that can disrupt service, delay deliveries, or compromise sensitive customer data.

In a recent LawFlash, a team of Morgan Lewis lawyers discussed the US Court of International Trade and the US District Court for the District of Columbia’s ruling that invalidated President Donald Trump’s actions imposing tariffs pursuant to the International Emergency Economic Powers Act of 1977, and the temporary, administrative stay granted by the US Court of Appeals for the Federal Circuit while it considers whether to stay the orders during the pendency of the government’s appeal of the ruling. These recent events demonstrate the continued uncertainty businesses and consumers face in light of this economic policy.

We are excited to welcome Mathilde Carle as a partner in Morgan Lewis’s Paris office and as a guest contributor to our Tech & Sourcing Spotlight series to discuss intellectual property (IP) protection and other related issues in agreements to design, build, license, host, and support digital solutions, including automation, AI, and software as a service (SaaS) products.

2025 has seen a notable push by companies to establish dedicated capability centers—or global capability centers (GCCs)—in countries with lower-cost resources and access to a strong talent pool. According to S&S Insider, the global GCC market was estimated at about $128.5 billion in 2023 and is expected to increase to more than $300 billion by 2032, growing at a rate of 13.51% CAGR. NASSCOM reports that India leads the GCC market, currently hosting over 1,700 GCCs, employing more than 1.9 million people, and having an 11% CAGR.

Digital transformation continues to be a buzzword for 2025, with companies considering or implementing new user-facing and back-office artificial intelligence (AI) solutions and other digital tools to enhance end-user experience (UX), business operations, IT infrastructure and resilience, and data flow and connectivity between devices and environments. These digital transformation projects often require project-based resources with specific skill sets that may not be readily available within a company to meet the desired implementation timelines. As a result, many companies engage third-party providers to design, build, test, and/or implement their digital transformation strategies.

As part of our Spotlight series, we welcome Marie Davy, who recently joined Morgan Lewis as a partner in our Paris office, to discuss key issues to consider when negotiating global distribution agreements.