Tech & Sourcing @ Morgan Lewis

Partners Ksenia Andreeva and Kristin Hadgis and associate Oliver Bell recently authored an Insight titled The Evolving Framework of Data Governance: A Global Perspective. The article explores and summarizes hot topics in data governance, data privacy laws, and the evolving global landscape, including in the United Kingdom, European Union, United States, and Middle East. As the focus on transparency and cybersecurity increases, and as markets become more globalized, keeping up to date on privacy regulations and rules can be a demanding undertaking.

Artificial intelligence (AI) is reshaping modern society, enabling the automation and modification of routine human activities and, consequently, enhancing efficiency and productivity. Like any technological development, AI presents both benefits and risks. Concerns include potential biases, privacy intrusions, and ethical dilemmas.

While artificial intelligence has not quite yet achieved singularity, the last fortnight brought about a substantial update to the AI regulatory landscape. As of February 2, Chapters I and II of the EU AI Act have entered into force. This includes Article 5, which prohibits certain AI systems whose use may intrude upon an individual’s privacy. This includes certain AI systems relating to emotion recognition in the workplace, subliminal manipulation, and predictive policing. Separately, EU AI Act obligations relating to AI literacy have also gone into effect.

Mike Pierides and James Mulligan co-authored an article in the Journal of Securities Operations & Custody which explores key themes of outsourcing and third-party risk management regimes that apply to financial entities and their service providers. The article serves as a compendium of key differences between regulatory expectations on resiliency and outsourcing, highlights key best practices and challenges to implementing these expectations, and, finally, considers the impact of artificial intelligence solutions on such regulatory expectations.

On January 14, the UK government published a consultation on new measures to tackle the increasing threat of ransomware attacks. Ransomware is malicious software (malware) that infects a victim’s computer system and prevents the victim from accessing IT systems, significantly impairs their use of ICT systems, and/or facilitates the theft of sensitive data. A ransom is then demanded for restoration of use and/or data and, as we previously noted, the cost of ransomware attacks is increasing nearly 20% year-on-year.

Please join us for our fourth annual Artificial Intelligence Boot Camp, during which Morgan Lewis lawyers will discuss the latest developments, insights, and impacts of AI usage and integration for companies of all sizes and industries.

Please join us on Wednesday, February 5, 2025, from 12:00–1:00 pm ET as partners Ksenia Andreeva and Kristin Hadgis and associate Oliver Bell provide a global update on data handling and compliance issues with a focus on the United States, Europe, and the Middle East.

On January 13, 2025, the United Kingdom’s Prime Minister Sir Keir Starmer announced the UK AI Opportunities Action Plan. The AI Opportunities Action Plan outlines the UK’s intentions to become a world leader in artificial intelligence technology for the benefit of private businesses and their customers as well as for all UK residents via AI-enabled public services.

On January 8, 2025, partners Doneld Shelkey, Mike Pierides, and Marina Aronchik presented an Outsourcing and Technology 2025 webinar as part of the Morgan Lewis Tech & Sourcing Webinar Series: Data 2025.

The Kingdom of Saudi Arabia’s (KSA’s) Personal Data Protection Law (PDPL) marks a significant milestone in protecting personal data in the region. Overseen by the Saudi Data and Artificial Intelligence Authority (SDAIA), the PDPL applies to all entities processing personal data of individuals residing in the KSA regardless of the physical location of the data processing activities, whether within the KSA or not.