Tech & Sourcing @ Morgan Lewis

TECHNOLOGY TRANSACTIONS, OUTSOURCING, AND COMMERCIAL CONTRACTS NEWS FOR LAWYERS AND SOURCING PROFESSIONALS
A significant number of legacy software solutions are now incorporating generative artificial intelligence (GenAI), and most new software solutions have some form of GenAI capabilities. This is true across the majority of, if not all, industries and, as such, it is not surprising that we are seeing a large increase in GenAI-related queries from businesses that use, or are procuring, software.
Beginning January 17, 2025, the European Union’s Digital Operational Resilience Act (DORA) will require financial entities to maintain and submit to EU regulators a comprehensive register of their contractual arrangements with third-party information and communication technology (ICT) service providers. Financial entities are being given the opportunity to sign up for a voluntary reporting exercise by May 31, 2024, running between July and August 2024, to help them prepare for one of the most challenging aspects of implementing DORA.
The Federal Trade Commission (FTC) approved a Final Rule on April 23, 2024 banning almost all worker noncompetes. Questions abound regarding the authority of the FTC to create such a rule and the potential implications of its implementation. To help create some clarity, Morgan Lewis lawyers have prepared answers to frequently asked questions (FAQs) related to the Final Rule’s applicability and anticipated impact as well as what businesses can do to prepare.
This blog is the finale to our Cracking AI and Outsourcing Conundrums series, a series in which we’ve discussed thought-provoking topics and set the stage for dynamic discussions with outsourcing customers and providers on the opportunities and risks of generative AI (GenAI) solutions in the outsourcing space. In this Part 4, we examine certain top-of-mind issues arising in connection with ownership and use rights when leveraging GenAI.
Welcome to Part 3 of our Cracking AI and Outsourcing Conundrums series. In Part 1, we discussed at a high level the challenges of requiring outsourcing providers to drive innovation through the use of generative AI (GenAI) while at the same time complying with an outsourcing customer’s AI policies. In Part 2, we dove into the conundrum of balancing a company’s need for enhanced quality checks with the desire (by the company and the outsourcing provider) to drive productivity and realize savings.
In Part 1 of our Cracking AI and Outsourcing Conundrums series, we discussed at a high level the challenges of requiring outsourcing providers to drive generative AI (GenAI) innovation while at the same time complying with companies’ AI policies. One of the challenges we identified was that many outsourcing agreements impose aggressive savings commitments, to be realized through the implementation of technology solutions that enable headcount or other cost reductions.
Innovation: all companies want their outsourcing providers to be at the forefront, whether accomplished by proposing ideas, implementing solutions as part of their business-as-usual services, or offering savings based on productivity commitments or other demonstrable business impact. Some outsourcing providers may even use innovation as a key differentiator during the sales cycle, putting real dollars at risk if innovation projects don’t realize promised savings. And what innovation is more top of mind presently than the use of artificial intelligence?
New ICT incident reporting requirements under Circular 24/847 (Circular) of the Commission de Surveillance du Secteur Financier (CSSF), Luxembourg’s financial regulator, will come into effect on April 1. This introduces a new ICT-related incident reporting framework and underscores the critical importance of proactive measures in safeguarding financial institutions against ICT and cyber threats.
The European Central Bank (ECB) has published data showing that banks are increasingly using third-party providers to support their critical functions. However, more than 10% of outsourcing contracts covering critical functions are not compliant with the relevant regulations. During a key year for EU financial institutions and their critical service providers—with implementation projects for the Digital Operational Resilience Act (DORA) well underway—the ECB signals that outsourcing and resiliency, particularly risks associated with cloud outsourcing and concentration risks, will be a top priority on its supervisory agenda.
The Court of Appeal of the State of California (the Court of Appeals) recently ruled that Proposition 24, the California Privacy Rights Act of 2020 (CPRA), is enforceable without any further delay. The CPRA contains important changes to the California Consumer Privacy Act, including with respect to online advertising.