As ransomware threats, data breach litigation, and supply chain cybersecurity concerns become increasingly more common and costly, buyers of tech, SaaS, and outsourcing services are giving far more weight to cyberliability insurance requirements in their contracts. While cyberinsurance provisions are becoming a routine point of negotiation in technology and outsourcing agreements, expectations on coverage, limits, and scope may vary widely.
Tech & Sourcing @ Morgan Lewis
TECHNOLOGY TRANSACTIONS, OUTSOURCING, AND COMMERCIAL CONTRACTS NEWS FOR LAWYERS AND SOURCING PROFESSIONALS
The EU Data Act’s implementation date is already upon us. That’s right, it becomes applicable, in part, on September 12, 2025, marking a major milestone in Europe’s data transformation journey, impacting cloud services, connected products and other data-driven industries.
As businesses move quickly to adopt artificial intelligence agents, contracts for their development and implementation raise novel questions around ownership, accountability, and risk. In this first post of a two-part series, we explore why these issues matter and what technology and sourcing lawyers should be considering as clients engage vendors in this emerging space.
In a recent LawFlash, a team of Morgan Lewis lawyers discussed President Donald Trump’s July 24, 2025 executive order titled Saving College Sports. This order, which follows recent significant changes to compensation rules and limitations in the collegiate sports landscape, introduces certain guardrails intended to maintain competition and parity within intercollegiate athletics.
Join us for our Technology Marathon, an annual series of tailored webinars focused on hot topics, trends, and key developments in the technology industry that are of essential importance to our friends and clients. Now in its 15th year, our expansive curriculum kicked off after AI Boot Camp in April and continues into December.
The European Banking Authority (EBA) recently published a consultation paper (Consultation) that proposes to expand third-party risk management requirements for certain EU-regulated financial entities. The Consultation would extend the EBA’s current guidelines around outsourcing arrangements (EBA Guidelines) to all third-party services arrangements, excluding those services that are within scope of the EU Digital Operational Resilience Act (DORA), and would add further requirements to the existing guidelines, aligning with those requirements introduced under DORA.
The United Kingdom’s Online Safety Act (OSA or the Act), which received Royal Assent in October 2023, establishes a new statutory framework to address harmful online content, protect children, and promote accountability among digital service providers. For counsel advising platforms, publishers, and other organizations operating in the digital space, the OSA introduces a complex set of compliance considerations, particularly given its extraterritorial scope, risk-based obligations, and substantial enforcement powers.
The UK Information Commissioner’s Office has launched two consultations as part of the transition to the Data User and Access Act framework. These consultations will be of particular interest to organisations operating UK-facing websites, analytics tools, and online advertising services.
Clauses dealing with intellectual property (IP) rights in commercial agreements can present nuanced challenges, particularly when they relate to information exchange. Two such clauses that often surface in technology contracts are residuals clauses and affirmative feedback licenses. While both relate to information shared during the course of a commercial relationship, they serve very different purposes and have distinct implications for IP ownership, confidentiality, and future use.
Published in August 2025, the CrowdStrike Global Threat Report 2025 provides a detailed overview of the evolving cyber threat landscape, drawing on data from millions of endpoints and cloud workloads worldwide.