Tech & Sourcing @ Morgan Lewis

TECHNOLOGY TRANSACTIONS, OUTSOURCING, AND COMMERCIAL CONTRACTS NEWS FOR LAWYERS AND SOURCING PROFESSIONALS
As many of our readers are aware, President Joseph Biden issued an executive order on May 12 to improve the nation’s cybersecurity. While much of the executive order focuses on strengthening the federal government’s networks from cybersecurity threats, “[t]he private sector must adapt to the continuously changing threat environment, ensure its products are built and operate securely, and partner with the Federal Government to foster a more secure cyberspace.”
Draft law “On Activities of Foreign Companies in the Internet in the Territory of the Russian Federation,” introduced to the State Duma, a lower chamber of the Russian parliament, on May 21, 2021, aims to extend Russian jurisdiction to certain non-Russian internet businesses by requiring them to open local offices in Russia and to comply with orders of Roskomnadzor, a Russian internet and data privacy regulator. Failure to do so may result in restrictive measures limiting ability to work with Russian users and businesses.
The European Securities and Markets Authority (ESMA) on May 10 published final guidelines on outsourcing to cloud service providers (ESMA Guidelines) to help firms and competent authorities identify, address, and monitor the risks and challenges arising from cloud outsourcing arrangements. Subject to a few clarifications, the ESMA Guidelines are broadly consistent with the draft guidelines.
Annual spending worldwide on cloud services is expected to increase by 23% in 2021, according to a recent article in The Wall Street Journal, which cites a forecast by IT research and consulting firm Gartner Inc. Since the beginning of the COVID-19 pandemic, businesses have shifted to cloud-based services to support remote work, but businesses are also using the shift in attitudes toward cloud services to move more complex IT needs to the cloud. The article reasons that the push to use cloud services may also be due to the hybrid workplace model that many businesses are adopting, where workers can work both in the office and from home. This model requires that remote workers have access to critical software and infrastructure.
Last week, we posted on the guidance issued by the US Department of Labor (DOL) for plan sponsors, plan fiduciaries, recordkeepers, and plan participants on cybersecurity best practices. Last week’s post focused on the guidance provided for hiring a service provider. In this week’s post, we will highlight some the DOL’s cybersecurity program best practices for use by recordkeepers and other service providers responsible for plan-related IT systems and data.
The US Department of Labor (DOL) recently announced guidance for plan sponsors, plan fiduciaries, recordkeepers and plan participants on cybersecurity best practices. The guidance focuses on three areas: (1) tips for hiring a service provider; (2) cybersecurity program best practices; and (3) online security tips. In this post, we will focus on the DOL’s tips for plan sponsors and plan fiduciaries in selecting a service provider.
Customers engaging a software as a service (SaaS) vendor often end up using the vendor’s form agreement, which can range from being extremely vendor friendly to middle of the road. Regardless of where it falls on the spectrum, a SaaS vendor’s agreement will most likely contain one or more provisions giving the vendor rights to suspend the services being provided under the agreement. Some common suspension rights we have seen in vendor agreements include suspension rights relating to nonpayment, disruptive use of the services, and violation of law through use of the services.
In a recent Lawflash, our colleagues Ken Kulak and Ariel Braunstein reported that at the Leaders Summit on Climate, hosted by the Biden-Harris administration on April 22 and 23 in Washington, DC, President Joseph Biden set aggressive goals for reducing greenhouse gas emissions in the United States and set forth his aim to encourage the investment in and use of new green technology and to explore pollution reduction strategies.
The European Commission (the Commission) began to invite feedback on April 1 on its roadmap to strengthen the Code of Practice on Disinformation (the Code) via new guidance. The roadmap was released in response to perceived failings of the Code to date to tackle the spread of disinformation on online platforms.
The EU Commission recently released its proposal to legislate a European Union–wide artificial intelligence (AI) framework. The EU Commission’s intention is that the proposed regulation on AI will provide greater safety and fundamental rights protection, while also supporting innovation and enabling trust without preventing innovation.