Tech & Sourcing @ Morgan Lewis

TECHNOLOGY TRANSACTIONS, OUTSOURCING, AND COMMERCIAL CONTRACTS NEWS FOR LAWYERS AND SOURCING PROFESSIONALS
On January 14, the UK government published a consultation on new measures to tackle the increasing threat of ransomware attacks. Ransomware is malicious software (malware) that infects a victim’s computer system and prevents the victim from accessing IT systems, significantly impairs their use of ICT systems, and/or facilitates the theft of sensitive data. A ransom is then demanded for restoration of use and/or data and, as we previously noted, the cost of ransomware attacks is increasing nearly 20% year-on-year.
European regulators recently published clarifications on the scope of ICT services under the EU Digital Operational Resilience Act (DORA), prepared by the European Commission, which confirms previous guidance and enables financial entities to take out of scope certain services which form part of regulated financial services.
On January 13, 2025, the United Kingdom’s Prime Minister Sir Keir Starmer announced the UK AI Opportunities Action Plan. The AI Opportunities Action Plan outlines the UK’s intentions to become a world leader in artificial intelligence technology for the benefit of private businesses and their customers as well as for all UK residents via AI-enabled public services.
On January 8, 2025, partners Doneld Shelkey, Mike Pierides, and Marina Aronchik presented an Outsourcing and Technology 2025 webinar as part of the Morgan Lewis Tech & Sourcing Webinar Series: Data 2025.
Starting as of Friday, January 17, 2025, financial entities must now be compliant with the EU’s Digital Operational Resilience Act (DORA). Implementation efforts have accelerated in recent months to meet the deadline and in many cases are still ongoing. The European Supervisory Authorities (ESAs) published a joint statement last month emphasizing the importance of financial entities adopting a robust, structured approach in order to meet their obligations in a timely manner.
We invite you to join us for Data 2025, our upcoming Tech & Sourcing webinar series. In this series of webinars, our lawyers will consider the key global challenges facing businesses in their use of data.
UK financial regulators recently published their supervisory expectations for critical third party service providers (CTPs) to the financial sector under the United Kingdom’s new regime extending regulatory oversight to CTPs. The final rules align with key themes of other regulatory regimes seeking to reinforce operational resilience (e.g., the EU Digital Operational Resilience Act (DORA)) around risk management, supply chain management, and incident management, among other areas.
Our technology transactions, outsourcing, and commercial contracts team on October 30, 2024 held its annual industry summit in New York. The theme this year was Unleashing the Potential of Technology, with a focus on artificial intelligence (AI). Attendees included in-house counsel and sourcing professionals across a number of industries, including representatives from the client and vendor side. The diverse audience led to highly interactive discussions among some of the leading voices in the tech and sourcing fields.
The UK Financial Conduct Authority (FCA) on October 31, 2024 published observations and key lessons from how firms responded to the CrowdStrike IT outage. The outage caused disruption across several industries globally, and the FCA highlights for UK financial services the importance of ensuring operational resilience in order to minimize the potential impact of future events on consumers and markets.