Tech & Sourcing @ Morgan Lewis

The European Parliament recently published a report (the Report) on the interplay between several key EU digital regulations to assess overlap and gaps and highlight the regulatory complexity that these different regimes have collectively imposed on businesses.

Morgan Lewis’s technology, outsourcing, and commercial contract team, along with Boston Consulting Group, recently hosted a roundtable dinner in London, during which senior stakeholders from technology suppliers and large businesses discussed how the rapid evolution of artificial intelligence (AI) is impacting offshoring and outsourcing.

The European Supervisory Authorities (ESAs) published on November 18, 2025 a list of 19 critical information and communications technology (ICT) third-party providers (CTPP) that will be subject to direct oversight under the EU Digital Operational Resilience Act (DORA). The list includes hyperscale cloud providers, data center providers, infrastructure and network providers, and providers of financial services-specific technology.

Open-source software (OSS), by its nature, is sometimes overlooked as part of technology transactions. OSS is often a key aspect of a business’s software ecosystem, whether it is used in internal systems or forms a fundamental part of solutions that are sold to customers or used to provide services to customers; however, OSS often sits in the background, as a foundation of a software solution, and can therefore go unconsidered by those not familiar with its uses, benefits, and risks.

On October 29, Morgan Lewis will be hosting the annual Tech & Sourcing Summit in New York. This full-day event will bring together our lawyers and industry leaders, focusing on this year’s theme: Navigating the Global Landscape through Innovation. A reception will follow the substantive portion of the program.

In Part 1 of this series, we discussed why artificial intelligence (AI) agents present unique challenges for technology and outsourcing contracts. As businesses move from development to deploying them in real-world operations, contracts must grapple with governance and accountability issues, such as how these tools are monitored, managed, and held accountable.

As businesses move quickly to adopt artificial intelligence agents, contracts for their development and implementation raise novel questions around ownership, accountability, and risk. In this first post of a two-part series, we explore why these issues matter and what technology and sourcing lawyers should be considering as clients engage vendors in this emerging space.

The European Banking Authority (EBA) recently published a consultation paper (Consultation) that proposes to expand third-party risk management requirements for certain EU-regulated financial entities. The Consultation would extend the EBA’s current guidelines around outsourcing arrangements (EBA Guidelines) to all third-party services arrangements, excluding those services that are within scope of the EU Digital Operational Resilience Act (DORA), and would add further requirements to the existing guidelines, aligning with those requirements introduced under DORA.

Clauses dealing with intellectual property (IP) rights in commercial agreements can present nuanced challenges, particularly when they relate to information exchange. Two such clauses that often surface in technology contracts are residuals clauses and affirmative feedback licenses. While both relate to information shared during the course of a commercial relationship, they serve very different purposes and have distinct implications for IP ownership, confidentiality, and future use.

In a recent report, a team of Morgan Lewis lawyers discussed enforcement of the US Department of Justice’s (DOJ’s) Data Security Program (DSP). The report outlines critical considerations for companies and entities that may be affected by the extensive requirements of this national security initiative.