Tech & Sourcing @ Morgan Lewis

In Part 1 of our Cracking AI and Outsourcing Conundrums series, we discussed at a high level the challenges of requiring outsourcing providers to drive generative AI (GenAI) innovation while at the same time complying with companies’ AI policies. One of the challenges we identified was that many outsourcing agreements impose aggressive savings commitments, to be realized through the implementation of technology solutions that enable headcount or other cost reductions.

Innovation: all companies want their outsourcing providers to be at the forefront, whether accomplished by proposing ideas, implementing solutions as part of their business-as-usual services, or offering savings based on productivity commitments or other demonstrable business impact. Some outsourcing providers may even use innovation as a key differentiator during the sales cycle, putting real dollars at risk if innovation projects don’t realize promised savings. And what innovation is more top of mind presently than the use of artificial intelligence?

New ICT incident reporting requirements under Circular 24/847 (Circular) of the Commission de Surveillance du Secteur Financier (CSSF), Luxembourg’s financial regulator, will come into effect on April 1. This introduces a new ICT-related incident reporting framework and underscores the critical importance of proactive measures in safeguarding financial institutions against ICT and cyber threats.

The European Central Bank (ECB) has published data showing that banks are increasingly using third-party providers to support their critical functions. However, more than 10% of outsourcing contracts covering critical functions are not compliant with the relevant regulations. During a key year for EU financial institutions and their critical service providers—with implementation projects for the Digital Operational Resilience Act (DORA) well underway—the ECB signals that outsourcing and resiliency, particularly risks associated with cloud outsourcing and concentration risks, will be a top priority on its supervisory agenda.

The Court of Appeal of the State of California (the Court of Appeals) recently ruled that Proposition 24, the California Privacy Rights Act of 2020 (CPRA), is enforceable without any further delay. The CPRA contains important changes to the California Consumer Privacy Act, including with respect to online advertising.

Join partners Don Shelkey, Kirstin Hadgis, and Ezra Church at 11:30 am–1:00 pm ET on Tuesday, February 27, 2024 as they discuss key considerations that may impact M&A transactions related to privacy and data security. The session will include a spotlight on the impact of artificial intelligence on such transactions.

An ever-increasing number of companies are choosing to use chatbots on their website, in their sales organizations, and to help with customer service. In fact, according to Vantage Market Research, the chatbot market will grow over 23% by 2030. A chatbot can provide a useful tool for consumers who are looking for quick and easy access to information as well as companies looking to provide a high level of attention and service, while allowing its employees to focus on other demands. However, companies should remain aware of and monitor the information the chatbot is sharing.

Although the healthcare industry is often focused on the Health Insurance Portability and Accountability Act (HIPAA) and compliance with its privacy regulations, there are many companies that service HIPAA-regulated entities that are not subject to such HIPAA regulations themselves, such as consumer-directed digital health companies, including those providing healthcare-related or focused mobile applications. Given the complexities of complying with various privacy rules, for those working with the healthcare industry or adjacent industries, evaluating their own and their vendor’s compliance with laws when HIPAA does not apply should be an ongoing process as privacy laws evolve.

There are many basic contracting principles that can help streamline and create a readable and clear contract, including the proper use of defined terms. Consistent with the phrase, a defined term is a word or term, often capitalized or otherwise distinguished from other text throughout the agreement, that is to be read to include the particular meaning given to it in the agreement.

Join Pittsburgh partner Peter Watt-Morse and Philadelphia partner Barbara Melby and associate Katherine O’Keefe at 12:00 pm ET on Wednesday, January 24, 2024 as they highlight considerations for companies in the financial services and insurance industries that contract for technology and outsourcing services.