Tech & Sourcing @ Morgan Lewis

TECHNOLOGY TRANSACTIONS, OUTSOURCING, AND COMMERCIAL CONTRACTS NEWS FOR LAWYERS AND SOURCING PROFESSIONALS
One of the commonly advertised features of AI is that it is beneficial for automation and increasing productivity. When a company considers improving its productivity and employing an AI tool, it will typically go through a contracting process with the service provider and assess the terms of use and associated risks for the business. But what happens if an employee presses on and starts using an AI tool that was not vetted by the company?
As we continue to see AI steadily and increasingly be incorporated into service offerings, businesses should pay special attention to previously “standard” provisions when contracting for the provision and use of services that incorporate AI. This is especially true considering there may be situations where service providers use AI at some point in the workstream without the recipient even realizing.
In our latest blog post on preparing for the EU’s Digital Operational Resilience Act (DORA), entering into force on January 17, 2025, we take a look at second-level requirements under DORA covering the classification and reporting of major information and communications technology (ICT) related incidents. These requirements will need to be addressed through operational risk management frameworks and contract remediation efforts with technology vendors.
Beginning January 17, 2025, financial entities based in the European Union must have in place processes and policies, and mandatory contract provisions with their third-party technology vendors, that comply with the EU Digital Operational Resilience Act (DORA).
In this blog post we explore build-operate-transfer (BOT) models in relation to businesses setting up offshore delivery centers, commonly becoming known as Global Capability Centers (GCCs).
Starting January 17, 2025, financial entities based in the European Union must have in place processes and policies, as well as mandatory contract provisions with their third-party technology vendors, that comply with the EU’s Digital Operational Resilience Act (DORA). Financial entities are currently at varying stages of updating their operational risk management frameworks and remediating contracts with technology vendors. For banks, the European Central Bank has signaled that resiliency will be a top priority on its supervisory agenda.
Please join us for another Morgan Lewis Technology Marathon event. In this webinar, partner Doneld Shelkey and associate Jesse Taylor will explore the legal and technology issues that arise in the sports industry in connection with the use of artificial intelligence, digital sponsorships for events and in stadiums, and data security and personal privacy. They will be joined by Cameron Hammel, counsel at the Boston Red Sox.
A significant number of legacy software solutions are now incorporating generative artificial intelligence (GenAI), and most new software solutions have some form of GenAI capabilities. This is true across the majority of, if not all, industries and, as such, it is not surprising that we are seeing a large increase in GenAI-related queries from businesses that use, or are procuring, software.
Please join us for our upcoming Automotive Hour webinar on Technology Transactions, Outsourcing, and Commercial Contracts in the Automotive Sector.
Beginning January 17, 2025, the European Union’s Digital Operational Resilience Act (DORA) will require financial entities to maintain and submit to EU regulators a comprehensive register of their contractual arrangements with third-party information and communication technology (ICT) service providers. Financial entities are being given the opportunity to sign up for a voluntary reporting exercise by May 31, 2024, running between July and August 2024, to help them prepare for one of the most challenging aspects of implementing DORA.