Digital transformation continues to be a buzzword for 2025, with companies considering or implementing new user-facing and back-office artificial intelligence (AI) solutions and other digital tools to enhance end-user experience (UX), business operations, IT infrastructure and resilience, and data flow and connectivity between devices and environments. These digital transformation projects often require project-based resources with specific skill sets that may not be readily available within a company to meet the desired implementation timelines. As a result, many companies engage third-party providers to design, build, test, and/or implement their digital transformation strategies.
Tech & Sourcing @ Morgan Lewis
TECHNOLOGY TRANSACTIONS, OUTSOURCING, AND COMMERCIAL CONTRACTS NEWS FOR LAWYERS AND SOURCING PROFESSIONALS
As part of our Spotlight series, we welcome Marie Davy, who recently joined Morgan Lewis as a partner in our Paris office, to discuss key issues to consider when negotiating global distribution agreements.
Gone are the days when a company could outsource the “people” that perform a business process without considering, and likely including in the outsourcing arrangement, the digital enablement of the underlying workflows and activities.
UK financial regulators recently published their supervisory expectations for critical third party service providers (CTPs) to the financial sector under the United Kingdom’s new regime extending regulatory oversight to CTPs. The final rules align with key themes of other regulatory regimes seeking to reinforce operational resilience (e.g., the EU Digital Operational Resilience Act (DORA)) around risk management, supply chain management, and incident management, among other areas.
The UK Financial Conduct Authority (FCA) on October 31, 2024 published observations and key lessons from how firms responded to the CrowdStrike IT outage. The outage caused disruption across several industries globally, and the FCA highlights for UK financial services the importance of ensuring operational resilience in order to minimize the potential impact of future events on consumers and markets.
Employers in the Asian region face novel challenges in connection with the heightened competition for talent in the technology sector. Offering remote or flexible work arrangements can serve as a competitive advantage. However, it is essential for companies to consider implications related to immigration, tax, data privacy, security, and employment law.
In our latest blog post on preparing for the EU’s Digital Operational Resilience Act (DORA), entering into force on January 17, 2025, we take a look at second-level requirements under DORA covering the classification and reporting of major information and communications technology (ICT) related incidents. These requirements will need to be addressed through operational risk management frameworks and contract remediation efforts with technology vendors.
Beginning January 17, 2025, financial entities based in the European Union must have in place processes and policies, and mandatory contract provisions with their third-party technology vendors, that comply with the EU Digital Operational Resilience Act (DORA).
Starting January 17, 2025, financial entities based in the European Union must have in place processes and policies, as well as mandatory contract provisions with their third-party technology vendors, that comply with the EU’s Digital Operational Resilience Act (DORA). Financial entities are currently at varying stages of updating their operational risk management frameworks and remediating contracts with technology vendors. For banks, the European Central Bank has signaled that resiliency will be a top priority on its supervisory agenda.
As part of our Technology Marathon webinar series, partners Mike Pierides and Steven Stone recently discussed financial regulators’ increasing focus on artificial intelligence (AI).