As businesses move quickly to adopt artificial intelligence agents, contracts for their development and implementation raise novel questions around ownership, accountability, and risk. In this first post of a two-part series, we explore why these issues matter and what technology and sourcing lawyers should be considering as clients engage vendors in this emerging space.
Tech & Sourcing @ Morgan Lewis
TECHNOLOGY TRANSACTIONS, OUTSOURCING, AND COMMERCIAL CONTRACTS NEWS FOR LAWYERS AND SOURCING PROFESSIONALS
In a recent LawFlash, a team of Morgan Lewis lawyers discussed President Donald Trump’s July 24, 2025 executive order titled Saving College Sports. This order, which follows recent significant changes to compensation rules and limitations in the collegiate sports landscape, introduces certain guardrails intended to maintain competition and parity within intercollegiate athletics.
Join us for our Technology Marathon, an annual series of tailored webinars focused on hot topics, trends, and key developments in the technology industry that are of essential importance to our friends and clients. Now in its 15th year, our expansive curriculum kicked off after AI Boot Camp in April and continues into December.
The European Banking Authority (EBA) recently published a consultation paper (Consultation) that proposes to expand third-party risk management requirements for certain EU-regulated financial entities. The Consultation would extend the EBA’s current guidelines around outsourcing arrangements (EBA Guidelines) to all third-party services arrangements, excluding those services that are within scope of the EU Digital Operational Resilience Act (DORA), and would add further requirements to the existing guidelines, aligning with those requirements introduced under DORA.
The United Kingdom’s Online Safety Act (OSA or the Act), which received Royal Assent in October 2023, establishes a new statutory framework to address harmful online content, protect children, and promote accountability among digital service providers. For counsel advising platforms, publishers, and other organizations operating in the digital space, the OSA introduces a complex set of compliance considerations, particularly given its extraterritorial scope, risk-based obligations, and substantial enforcement powers.
The UK Information Commissioner’s Office has launched two consultations as part of the transition to the Data User and Access Act framework. These consultations will be of particular interest to organisations operating UK-facing websites, analytics tools, and online advertising services.
Clauses dealing with intellectual property (IP) rights in commercial agreements can present nuanced challenges, particularly when they relate to information exchange. Two such clauses that often surface in technology contracts are residuals clauses and affirmative feedback licenses. While both relate to information shared during the course of a commercial relationship, they serve very different purposes and have distinct implications for IP ownership, confidentiality, and future use.
Published in August 2025, the CrowdStrike Global Threat Report 2025 provides a detailed overview of the evolving cyber threat landscape, drawing on data from millions of endpoints and cloud workloads worldwide.
Today’s retail operations depend on far more than the products on store shelves or the design of an ecommerce site. Behind the scenes, a fulfilment provider may rely on regional couriers, a payment processor on a cloud host, and a call center on an outsourced customer service team. These multi-tiered networks enable retailers to meet rising expectations for speed, convenience, and availability, but they also introduce points of failure that can disrupt service, delay deliveries, or compromise sensitive customer data.
On 19 June 2025, the UK Parliament enacted the Data (Use and Access) Act 2025 (DUAA), marking the most significant UK data protection reform since the UK General Data Protection Regulation (UK GDPR). Rather than overhauling the current regime, DUAA introduces targeted amendments to the UK GDPR, the Data Protection Act 2018, and Privacy and Electronic Communications Regulations (PECR), aiming to support responsible data use while preserving core privacy protections.