Starting January 17, 2025, financial entities based in the European Union must have in place processes and policies, as well as mandatory contract provisions with their third-party technology vendors, that comply with the EU’s Digital Operational Resilience Act (DORA). Financial entities are currently at varying stages of updating their operational risk management frameworks and remediating contracts with technology vendors. For banks, the European Central Bank has signaled that resiliency will be a top priority on its supervisory agenda.
Tech & Sourcing @ Morgan Lewis
TECHNOLOGY TRANSACTIONS, OUTSOURCING, AND COMMERCIAL CONTRACTS NEWS FOR LAWYERS AND SOURCING PROFESSIONALS
As part of our Technology Marathon webinar series, partners Kristin Lee, Mike Pierides, and Steven Stone recently discussed financial regulators’ increasing focus on artificial intelligence (AI).
Worldwide IT spending is forecast to total more than $5 trillion in 2024, with 10% year-on-year growth of spending on data center systems, according to recent analysis from Gartner. The increasing adoption of artificial intelligence (AI) solutions is driving demand for technology infrastructure in order to meet greater data storage and network infrastructure requirements and more compute-intensive workloads.
Beginning January 17, 2025, the European Union’s Digital Operational Resilience Act (DORA) will require financial entities to maintain and submit to EU regulators a comprehensive register of their contractual arrangements with third-party information and communication technology (ICT) service providers. Financial entities are being given the opportunity to sign up for a voluntary reporting exercise by May 31, 2024, running between July and August 2024, to help them prepare for one of the most challenging aspects of implementing DORA.
We recently published a report based on our four-part series on Tech & Sourcing @ Morgan Lewis, in which we consider a number of conundrums facing companies looking to leverage artificial intelligence (AI) as part of their outsourcing arrangements. As outsourcing remains a key tool through which companies can streamline operations, cut costs, and access specialized expertise, the explosive advancements in AI and related technologies have introduced new and exciting opportunities and complexities for companies in implementing and maintaining outsourcing relationships.
The UK Competition and Markets Authority (CMA) recently published an update paper outlining its concerns with artificial intelligence (AI) foundation models (FMs). Market players in this space should remain mindful of the CMA’s growing interest as the regulator continues its dedicated program to consider the impact of FMs on markets throughout 2024, with a further update anticipated in August.
In the rapidly evolving world of software licensing and distribution, many vendors (and therefore customers) are considering a shift from traditional customer-hosted software solutions to Software as a Service (SaaS) platforms, which are hosted by the vendor and then accessed by the customer’s users remotely. This transition is not merely an infrastructure change, and may also involve significant modifications to business operations and legal agreements. Here are some key considerations for businesses planning to make this shift.
Please join us on Wednesday, April 10, 2024 from 12:00–1:00 pm ET, as partners Kristin Hadgis and Don Shelkey and of counsel Eric Pennesi discuss the latest trends in commercial contracts negotiations, including negotiating artificial intelligence (AI) provisions and recent trends in privacy and security.
New ICT incident reporting requirements under Circular 24/847 (Circular) of the Commission de Surveillance du Secteur Financier (CSSF), Luxembourg’s financial regulator, will come into effect on April 1. This introduces a new ICT-related incident reporting framework and underscores the critical importance of proactive measures in safeguarding financial institutions against ICT and cyber threats.
The European Central Bank (ECB) has published data showing that banks are increasingly using third-party providers to support their critical functions. However, more than 10% of outsourcing contracts covering critical functions are not compliant with the relevant regulations. During a key year for EU financial institutions and their critical service providers—with implementation projects for the Digital Operational Resilience Act (DORA) well underway—the ECB signals that outsourcing and resiliency, particularly risks associated with cloud outsourcing and concentration risks, will be a top priority on its supervisory agenda.