Tech & Sourcing @ Morgan Lewis

TECHNOLOGY TRANSACTIONS, OUTSOURCING, AND COMMERCIAL CONTRACTS NEWS FOR LAWYERS AND SOURCING PROFESSIONALS
The UAE enacted a new Federal Law No. 38 of 2021 concerning copyright and neighboring rights (New Law) that replaced the old Federal Law No. 7 of 2002 (Old Law) and came into force in January 2022. The New Law provides a clearer framework in an increasing digital environment for businesses.
In March 2022, President Joseph Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022, which tasked the Cybersecurity and Infrastructure Security Agency (CISA) with developing and implementing regulations around cyber incident and ransom payment reporting. Under the act, the CISA is to gather the information it receives from covered entities and analyze it to the extent that such information can be used to help identify ways to avoid similar incidents in the future, or minimize the harmful potential impacts.
IT service provider performance has long been measured by service level agreements (SLAs) that set quantifiable standards for many aspects of a sourcing arrangement. These standards range from how quickly customer support is provided and an incident is resolved to application uptime and availability, and beyond.
On September 22, the Office of Communications (Ofcom)—the United Kingdom’s communications regulator—announced and released a program of work stating its intention to examine the position of the largest providers of cloud services (known as “hyperscalers”) in the United Kingdom’s £15 billion ($16.7 billion) cloud services market.
Contract Corner
A sole and exclusive remedy clause allows parties to a contract to choose specific remedies and relief available under the terms of the agreement. Essentially, exclusive remedy provisions restrict a party's available remedies for specified claims to the remedies set out in the contract and exclude the party from seeking other types of remedies for that action. In commercial contracts, often you will see sole and exclusive remedy clauses in relation to breach of warranty, indemnification, and failure to perform.
On September 15, the EU Commission published a proposal for a Cyber Resilience Act (Proposed CRA), which builds on the 2020 EU Cybersecurity Strategy and the 2020 EU Security Union Strategy, with the aim of ensuring the cybersecurity of products with digital elements and the provision of sufficient information to consumers about the cybersecurity of the products they buy and use.
Spotlight
As part of our Spotlight series, we speak with Simon White, one of the most senior and experienced technology lawyers in the UK market, who has held roles including deputy counsel, Chief Privacy Officer, and GC EMEA LATAM at Cognizant, one of the largest multinational IT services companies in the world with over 300,000 personnel spanning across five continents. Prior to joining Cognizant nearly 15 years ago, Simon White was a corporate associate at Morgan Lewis.
The German Higher Regional Court of Karlsruhe (OLG Karlsruhe) recently repealed the July 13, 2022, decision of the Procurement Chamber of the German state of Baden-Württemberg that had argued that the mere risk of access to personal data stored in the European Union by US authorities would constitute a data transfer that would not comply with the EU General Data Protection Regulation (GDPR).
The UK’s Law Commission (the Commission) published a consultation paper on July 28, 2022, proposing certain reforms to private property law in relation to digital assets, which was in response to the UK government requesting the Commission to ensure that the law can accommodate digital assets as they continue to evolve and expand. The Commission acknowledged the increasingly important role digital assets play and that property rights are key for the proper characterization of novel and complex legal relationships involving digital assets.
The financial services regulations relating to outsourcing by Luxembourg-headquartered financial institutions have been significantly simplified by the introduction of the Commission de Surveillance du Secteur Financier (CSSF) outsourcing circular CSSF 22/806 (Outsourcing Circular).