Tech & Sourcing @ Morgan Lewis

There are often misconceptions in connection with negotiating intellectual property (IP) development agreements with developers located in Russia. This post details five common misconceptions and provides tips for complying with applicable laws in connection with such agreements.

In a recently published article on TechRadar, Morgan Lewis partner Mike Pierides and associate Charlotte Roxon consider both the UK government’s plans to publish a National Artificial Intelligence Strategy and the EU Commission’s proposed EU-wide artificial intelligence legislative framework, and any potential alignment between the two.

Read the full article >>

As discussed in a post from earlier this week, President Joseph Biden issued an executive order on May 12, 2021 to improve the nation’s cybersecurity. The White House has put its proverbial money where its mouth is by proposing a $58.4 billion information technology spending plan that includes $9.8 billion specifically earmarked for civilian government cybersecurity measures as well as an expedited push towards SaaS and cloud services solutions.

As many of our readers are aware, President Joseph Biden issued an executive order on May 12 to improve the nation’s cybersecurity. While much of the executive order focuses on strengthening the federal government’s networks from cybersecurity threats, “[t]he private sector must adapt to the continuously changing threat environment, ensure its products are built and operate securely, and partner with the Federal Government to foster a more secure cyberspace.”

Draft law “On Activities of Foreign Companies in the Internet in the Territory of the Russian Federation,” introduced to the State Duma, a lower chamber of the Russian parliament, on May 21, 2021, aims to extend Russian jurisdiction to certain non-Russian internet businesses by requiring them to open local offices in Russia and to comply with orders of Roskomnadzor, a Russian internet and data privacy regulator. Failure to do so may result in restrictive measures limiting ability to work with Russian users and businesses.

The European Securities and Markets Authority (ESMA) on May 10 published final guidelines on outsourcing to cloud service providers (ESMA Guidelines) to help firms and competent authorities identify, address, and monitor the risks and challenges arising from cloud outsourcing arrangements. Subject to a few clarifications, the ESMA Guidelines are broadly consistent with the draft guidelines.

Annual spending worldwide on cloud services is expected to increase by 23% in 2021, according to a recent article in The Wall Street Journal, which cites a forecast by IT research and consulting firm Gartner Inc. Since the beginning of the COVID-19 pandemic, businesses have shifted to cloud-based services to support remote work, but businesses are also using the shift in attitudes toward cloud services to move more complex IT needs to the cloud. The article reasons that the push to use cloud services may also be due to the hybrid workplace model that many businesses are adopting, where workers can work both in the office and from home. This model requires that remote workers have access to critical software and infrastructure.

Last week, we posted on the guidance issued by the US Department of Labor (DOL) for plan sponsors, plan fiduciaries, recordkeepers, and plan participants on cybersecurity best practices. Last week’s post focused on the guidance provided for hiring a service provider. In this week’s post, we will highlight some the DOL’s cybersecurity program best practices for use by recordkeepers and other service providers responsible for plan-related IT systems and data.

The US Department of Labor (DOL) recently announced guidance for plan sponsors, plan fiduciaries, recordkeepers and plan participants on cybersecurity best practices. The guidance focuses on three areas: (1) tips for hiring a service provider; (2) cybersecurity program best practices; and (3) online security tips. In this post, we will focus on the DOL’s tips for plan sponsors and plan fiduciaries in selecting a service provider.

Customers engaging a software as a service (SaaS) vendor often end up using the vendor’s form agreement, which can range from being extremely vendor friendly to middle of the road. Regardless of where it falls on the spectrum, a SaaS vendor’s agreement will most likely contain one or more provisions giving the vendor rights to suspend the services being provided under the agreement. Some common suspension rights we have seen in vendor agreements include suspension rights relating to nonpayment, disruptive use of the services, and violation of law through use of the services.