Tech & Sourcing @ Morgan Lewis

Starting January 17, 2025, financial entities based in the European Union must have in place processes and policies, as well as mandatory contract provisions with their third-party technology vendors, that comply with the EU’s Digital Operational Resilience Act (DORA). Financial entities are currently at varying stages of updating their operational risk management frameworks and remediating contracts with technology vendors. For banks, the European Central Bank has signaled that resiliency will be a top priority on its supervisory agenda.

Beginning January 17, 2025, the European Union’s Digital Operational Resilience Act (DORA) will require financial entities to maintain and submit to EU regulators a comprehensive register of their contractual arrangements with third-party information and communication technology (ICT) service providers. Financial entities are being given the opportunity to sign up for a voluntary reporting exercise by May 31, 2024, running between July and August 2024, to help them prepare for one of the most challenging aspects of implementing DORA.

In the rapidly evolving world of software licensing and distribution, many vendors (and therefore customers) are considering a shift from traditional customer-hosted software solutions to Software as a Service (SaaS) platforms, which are hosted by the vendor and then accessed by the customer’s users remotely. This transition is not merely an infrastructure change, and may also involve significant modifications to business operations and legal agreements. Here are some key considerations for businesses planning to make this shift.

As we reach the end of 2023, we have once again compiled all of the links to our Contract Corner blog posts, a regular feature of Tech & Sourcing @ Morgan Lewis. In these posts, members of our global technology, outsourcing, and commercial transactions practice highlight particular contract provisions, review the issues, and propose negotiating and drafting tips.

Deloitte has issued a biennial report that identifies trends that are impacting customer/client contact center operations. The respondents surveyed by Deloitte represented both internal- and external-facing contact centers. This blog post summarizes some key trends outlined in the report.

While the regulatory landscape around artificial intelligence (AI) continues to evolve, navigating contractual arrangements and apportioning risk for the use of AI may seem like stepping into the unknown. In this blog post, we consider how a few familiar concepts within commercial contracts may be applied to the provision and use of AI tools as part of services.

The EU-US Data Privacy Framework (DPF) became effective on July 10, and on the same day, the European Commission adopted an Adequacy Decision relating to the DPF, as a successor of the EU-US Privacy Shield. While only those companies subject to the jurisdiction of either the Federal Trade Commission or the US Department of Transportation are eligible to self-certify their compliance with the DPF, the scope of eligibility is likely to broaden in the future.

We recently wrote about the emerging trend of content moderation outsourcing. In this blog post, we turn our attention to another growing trend: legal process outsourcing.

Open-source software (OSS) representations and warranties are an integral part of the intellectual property (IP) representations and warranties in mergers and acquisitions (M&A) transactions and financings, as M&A transaction documents regularly include requests for a seller to represent and warrant that it has policies in place regarding the use of OSS, has provided such policies to the acquirer or investor, and has not deviated from such policies. These representations and warranties are important, but they are routinely and necessarily backstopped by the due diligence process.

In our prior post in this two-part series on less commonly discussed technology commercialization options, we addressed how open-source software (OSS) providers may make money on their products. In this Part 2, we’ll look at another technology commercialization strategy, white labeling.