Regulation

Dubai: Outsourcing framework for public services

Kerri Gevers — Wed, 13 May 2026 09:31:00 Z

Dubai Law No. 5/2026 on the Regulation of the Outsourcing of Government Services creates an outsourcing framework for public services that will be familiar to those operating in the financial services sector. Here we explore how the new law compares to financial services sector outsourcing regimes, which elements are novel or enhance existing public procurement requirements, and what service providers to Dubai government entities should prepare themselves for.

European Commission updates competition rules for technology transfer agreements

Alexandra Rogers, Mai Muto, David Fila — Fri, 24 Apr 2026 09:30:56 Z

The revised Technology Transfer Block Exemption Regulation and accompanying guidelines will enter into force on 1 May 2026.

Tech in healthcare: Key trends for 2026

Fri, 10 Apr 2026 09:08:47 Z

Norton Rose Fulbright lawyers authored and edited key chapters in Digital Health 2026, covering artificial intelligence, the bio industrial technology stack and emerging technologies.

US national AI policy framework: White House sets priorities for Congress

Marc B. Collier, Ethan Glenn, Susan Linda Ross — Mon, 30 Mar 2026 13:33:02 Z

The White House’s National Policy Framework for Artificial Intelligence makes recommendations for legislative actions in seven key categories.

Financing data centers in Türkiye: Legal and financial landscape

Utku Ünver, Ezgi Alkım — Mon, 30 Mar 2026 13:21:21 Z

With growing demand and government support for data center development in Türkiye, we explore the key legal and financial considerations.

Data centres and AI infrastructure: Expectations for Australian developers

Ka-Chi Cheung, Peter Mulligan, Lisa Fitzgerald, Michael Muratore — Mon, 30 Mar 2026 13:08:52 Z

The Australian Government will prioritise proposals based on national interest, the energy transition, water usage, workforce development, and research and innovation.

Accessibility in e-commerce services: Compliance with European Accessibility Act

Laura Helloco, Geoffroy Coulouvrat, Nadège Martin — Tue, 17 Mar 2026 15:38:15 Z

With the European Accessibility Act transposed into French law, we examine accessibility rules for e commerce websites and apps, non-compliance sanctions and stakeholder considerations.

AI copyright: Six key rulings

Stephanie Schmidt, Marc B. Collier, Logan Woodward, Ethan Glenn — Fri, 13 Mar 2026 14:15:00 Z

Artificial intelligence continues to expand its capabilities and challenge existing legal principles, with copyright law at the forefront.

AI, algorithms and automation in the workplace: New South Wales’ Digital Work Systems Bill

Katherine Morris, Nicki Milionis — Mon, 09 Mar 2026 15:19:45 Z

The Parliament of New South Wales has passed a Bill introducing Australia’s first reforms of their kind to the Work Health and Safety framework. This article explores the key reforms and what they mean for organisations using digital tools to allocate, monitor or assess work.

Privilege challenges in the era of generative AI

Ellen Blanchard, Marc B. Collier, Susana Medeiros, Ethan Glenn, Susan Linda Ross — Wed, 04 Mar 2026 15:33:00 Z

Generative AI is quickly becoming part of everyday legal work, but recent court decisions show it can also create real risks for attorney client privilege.

NIS Regulations Keeling Schedule for the Cyber Security and Resilience Bill: How is the UK’s cybersecurity law changing?

Marcus Evans, Rosie Nance — Wed, 03 Dec 2025 14:01:40 Z

The UK’s Cyber Security and Resilience Bill (the Bill) has started making its way through Parliament. The Bill proposes amendments to the UK’s Network and Information Systems Regulations 2018 (NIS Regulations). The NIS Regulations implemented Directive (EU) 2016/1148, the EU’s first NIS Directive, and already impose cybersecurity obligations on some sectors.

UK Cyber Security and Resilience Bill: Headlines for the data centre sector

Marcus Evans, Rosie Nance — Wed, 03 Dec 2025 11:45:59 Z

AI in the Legal Sector in Thailand

Teerin Vanikieti, Thanthiti Seneewong Na Ayudthaya — Mon, 17 Nov 2025 15:22:25 Z

Thailand’s legal sector, both the courts and the Lawyers Council, is beginning to develop frameworks, standards and guiding principles for AI utilization by lawyers and the judiciary that aim to maximize public benefit while ensuring transparency, accountability and the preservation of human decision-making authority.

Thailand’s New AI Guideline

Teerin Vanikieti, Thanthiti Seneewong Na Ayudthaya — Mon, 20 Oct 2025 10:48:21 Z

Thailand is once again moving forward with AI regulation in an effort to establish a comprehensive framework for the use of artificial intelligence in the country. On 1 October 2025, the National Cyber Security Agency, the agency under the Ministry of Digital Economy and Society, published the “AI Securities Guideline” (the Guideline).

Italy enacts Law No. 132/2025 on Artificial Intelligence

Salvatore Iannitti, Francesco Gelmetti — Wed, 08 Oct 2025 16:04:53 Z

On September 23, 2025, Italy adopted Law no. 132/2025 on Artificial Intelligence (AI). The law will enter into force on 10 October 2025 and aims, inter alia, to complement the Regulation EU 2024/1689 (EU AI Act).

Banks outsourcing to the cloud: The economic drivers and regulatory implications

James Russell, Kerri Gevers, Kelsey Oosthuizen, Rosie Nance — Mon, 15 Sep 2025 13:27:45 Z

The financial services sector is becoming increasingly reliant on cloud service providers (CSPs) to fulfil its growing data processing and storage needs. Financial services providers in the United States have reportedly had the highest levels of adoption, operating 54 percent of their workloads in the cloud; and according to the European Central Bank, banks spent 13.5 percent more on cloud outsourcing in 2024 than in 2023.

Another contract remediation exercise for EU financial entities?

Kerri Gevers — Wed, 10 Sep 2025 10:04:30 Z

The European Banking Authority (EBA) is currently consulting on its draft guidelines on the sound management of third party risk (Draft Guidelines), which are intended to replace the 2019 guidelines on outsourcing arrangements (2019 Guidelines).

Thailand’s draft AI law: A new era for governance and innovation

Teerin Vanikieti, Tassanai Kiratisountorn, Patcharapol Sudsakorn — Wed, 10 Sep 2025 09:07:39 Z

Thailand is advancing its efforts to establish a national, comprehensive framework for artificial intelligence, with new draft legislation currently under consideration.

Can you access your outsourced data?

Kerri Gevers — Mon, 01 Sep 2025 13:03:29 Z

Financial regulators globally emphasise the importance of financial entities being operationally resilient, which includes the ability to manage and recover from disruptions caused by their service providers. The topic receives significant attention in the financial services sector because the sector is regulated, with the aim of promoting financial system stability.

Explain yourself: The legal requirements governing explainability

Marcus Evans, Rosie Nance, Lily Hands, Lisa Fitzgerald — Thu, 28 Aug 2025 11:31:57 Z

Agentic AI brings the promise of AI making a range of decisions autonomously. It has been proposed as the way forward for some of the most impactful decisions in our lives: interacting with customers and actioning requests, triaging requests for medical appointments, and hiring candidates — to name a few.

EBA consults on draft guidelines on third-party risk management with regard to non-ICT related services

Simon Lovegrove, Floortje Nagelkerke — Fri, 11 Jul 2025 12:12:00 Z

On 8 July 2025, the European Banking Authority (EBA) issued a consultation paper on the draft guidelines on the sound management of third-party risk.

Do your technology and outsourcing contracts properly address liability for cyber incidents?

James Russell, Kerri Gevers — Tue, 01 Jul 2025 14:48:34 Z

Most incidents handled by our Norton Rose Fulbright cyber team originate from the customer’s service provider. In many cases it is the service provider’s systems, infrastructure and environment which proves to be the most vulnerable to cyber breaches and security issues.

Navigating regulatory challenges in data centres

Thu, 01 May 2025 13:59:34 Z

Businesses investing in, financing or operating data centres face a complex matrix of laws and regulatory requirements. Ensuring compliance is important for lender and investor due diligence and is crucial to avoiding fines, penalties and contractual or regulatory breaches that can significantly impact the business and any investment in, or financing of, data centres.

New “Sensitive Technology List” to inform Canada’s national security efforts

Alexander Carden, Stephen Nattrass — Wed, 02 Apr 2025 13:54:31 Z

The Minister of Public Safety recently announced Canada’s first Sensitive Technology List (STL). The STL identifies the government’s priority categories of new technologies for regulation to safeguard Canadian national security.

Asset management: Risk allocation and liability profiles in technology contracts and outsourcings for asset managers

James Russell, Hannah Meakin — Wed, 19 Mar 2025 12:02:59 Z

Increased regulatory burdens on asset management businesses have resulted in additional cost pressures. However, regulation has also required more pricing transparency, which has led to an increasingly competitive market, with investors demanding either ultra-low cost or increasingly bespoke investment solutions.

Prohibited practices under the AI Act: Answered and unanswered questions in the Commission's guidelines

Marcus Evans, Rosie Nance — Wed, 05 Mar 2025 09:36:25 Z

The EU AI Act’s prohibitions came into effect on 2 February 2025 and carry fines of 7% worldwide annual turnover for non-compliance. The prohibitions at Article 5 and accompanying recitals (particularly recitals 28-44) set out a complex set of provisions.

European commission clarifies its consumer protection agenda for e-commerce

Jay Modrall, Julien Haverals — Thu, 20 Feb 2025 12:03:58 Z

Acting on one of the priorities laid out in President von der Leyen’s Mission Letter to Commissioner McGrath, the European Commission (EC) has published a communication on an EU toolbox for safe and sustainable e-commerce (the Communication).

The Commission’s guidelines on AI systems – what can we infer?

Rosie Nance, Marcus Evans, Peter John McBurney — Fri, 14 Feb 2025 16:16:00 Z

The EU’s AI Act imposes extensive obligations on the development and use of AI.

Online Safety Act: Protecting Children from Harmful Content Online – Ofcom’s Guidance on Age Assurance for Part 3 Services

Farah Mukaddam, Marcus Evans, Rosie Nance — Tue, 28 Jan 2025 09:49:46 Z

Ofcom has published its guidance for implementing age assurance measures for regulated service providers. User-to-user (U2U) services and search services take note: a decision not to implement highly effective age assurance measures means that your service may be deemed by Ofcom to be accessible by children.

Revised Product Liability Directive (introducing rules on strict liability for AI and other software) entered in the EU's statute book

Marcus Evans, Lucy Bruce Jones, Rosie Nance — Tue, 26 Nov 2024 14:19:39 Z

Directive (EU) 2024/2853 on liability for defective products (the Revised Product Liability Directive) was published in the Official Journal of the European Union on 18 November 2024.

Tech M&A Outlook: Investment and regulatory trends

Sean Murphy — Tue, 08 Oct 2024 10:43:24 Z

Earlier this year we looked at trends in M&A investment in the technology sector, highlighting the TMT sector was the best performing sector in 2023 in terms of deal value and volume. The sector has remained fairly subdued this year, but are there signs this could be changing? We explore with our colleagues in the UK, Europe and China the outlook for the sector in their regions, and the impact of regulation on M&A investment in the tech sector.

An overview of the European digital strategy

Polina Maloshchinskaia — Tue, 26 Sep 2023 16:08:00 Z

We have published an article, EU: An overview of the European digital strategy, explaining the aims and key components of the EU digital strategy, outlining at a high-level key legislation that has been published in this space in the past three years and highlighting the way in which the various legislative instruments interact with each other and with European data privacy rules.

Web 4.0 and virtual worlds: The next frontier

Thu, 31 Aug 2023 16:08:24 Z

As public awareness of Web 3.0, the metaverse and other associated technologies increases, there is further pressure on governments, businesses and regulatory bodies to keep abreast of both the possibilities and the risks of these new worlds.

The new Influencer marketing French law: from #LOL to #Advertising

Clement Monnet — Wed, 30 Aug 2023 16:08:00 Z

Influence and content creation have revolutionized the approach to marketing. In the absence of specific regulations applicable to this new form of advertising, influence marketing has been - until now - solely governed by existing law, in particular advertising law and consumer law.

AI, machine learning and big data laws and regulations 2023

Sean Christy, Chuck Hollis — Fri, 23 Jun 2023 08:35:00 Z

The usage and adoption of artificial intelligence (which refer to broadly herein to also include the application of AI to analytics of large data sets and in the context of machine learning (which includes the subsets of ML operations and deep learning)) has increased significantly over the past few years.

European digital and cyber regulation: Are you prepared?

Marcus Evans, Christoph Ritzer, Jurriaan Jansen, Nadège Martin — Fri, 09 Jun 2023 15:29:00 Z

In 2020, the European Commission published its central digital policy document “Shaping Europe’s Digital Future” which outlined its digital strategy for the next five years.

A new approach to referrals under the EU Merger Regulation

Heiko Bertelmann, Sean Murphy — Tue, 27 Sep 2022 09:06:05 Z

The European Commission (along with the US FTC and DOJ, UK CMA, German FCO and others), has been focused on ensuring that so-called “killer acquisitions” in the digital and life sciences sectors are reviewed. Against this background, the General Court’s decision in Illumina/Grail is of key importance to companies acquiring start-ups.

EU Vehicle Data Consultation and the evolving EU regulatory landscape for connected vehicles

Jay Modrall — Tue, 12 Apr 2022 08:41:16 Z

In the coming years, data collected by vehicles will be subject to a new EU regulatory regime consisting of horizontal rules applicable across many industries and vertical rules designed specifically for the automotive sector. In February 2022, the EU Commission adopted a proposal for a new Data Act, which sets out overall principles for data access to connected products, introducing user rights to access and share data, contractual principles for business-to-business data exchange, and switching principles for cloud services. However, according to the Commission, the Data Act may not go into sufficient detail for the provision of data-dependent services in the automotive sector.

UK proposes rules to protect against anonymous online trolls

Kerri Gevers — Fri, 18 Mar 2022 15:08:00 Z

The UK Government has added two new duties to the proposed Online Safety Bill (the Bill) that are aimed at protecting people against anonymous online abuse.

UK guidance for marketers in the cryptoasset space

Verity Quartermain, Hannah Meakin — Wed, 09 Feb 2022 14:46:24 Z

On 18 January 2022, HM Treasury announced that it will be bringing adverts for cryptoassets in line with other types of financial advertising by extending the financial promotion restrictions to encompass them. This will mean that adverts for cryptoassets will need to be either promoted by a firm authorised by the Financial Conduct Authority (FCA) or Prudential Regulatory Authority (PRA), or be approved by an authorised firm.

European commission considers new civil liability rules for the digital age and artificial intelligence

Nikolas Smirra — Thu, 03 Feb 2022 10:51:00 Z

In October 2021, the European Commission launched a public consultation (Consultation) on adapting liability rules to the digital age and artificial intelligence (AI).

New Singapore Copyright Exception will propel AI revolution

Mon, 15 Nov 2021 16:30:00 Z

Copyright, one of the fundamental intellectual property rights, grants the owner of copyright rights and control over the expression of ideas that are reduced to tangible forms such as literary, dramatic, musical and artistic works.

Digital transformation: Key technology, cybersecurity and privacy risks

Imran Ahmad — Thu, 09 Sep 2021 08:19:48 Z

In this blog we discuss the risks associated with digital transformation from technology, cybersecurity and privacy perspectives.

Telemedicine ads limited by Facebook

Kate Nelson — Tue, 24 Aug 2021 09:51:39 Z

As the telemedicine industry continues to grow, especially in light of COVID-19, businesses should reconsider their policies and procedures in connection with telehealth services and user safety.

IP monitor: Government of Canada initiates consultation on modernizing copyright framework for AI and the Internet of Things

David Yi, Maya Medeiros — Thu, 12 Aug 2021 10:20:35 Z

The Canadian federal government has launched a public consultation on adapting Canada’s copyright framework to ongoing developments in artificial intelligence and the Internet of Things.

Ground-breaking arbitration rules for digital disputes released

Holly Stebbing, Adam Sanitt — Mon, 09 Aug 2021 09:38:20 Z

The Digital Dispute Resolution Rules (the Rules) is a revolutionary set of arbitration rules designed to provide a framework to govern disputes relating to disruptive novel technologies.

Proposed Canadian law to regulate social media companies and streaming giants

Daniel Daniele — Thu, 05 Aug 2021 10:39:00 Z

The Bill proposes to subject social media platforms and streaming services to requirements similar to those imposed on traditional television and radio broadcasting companies in Canada.

Triple Point Technology Inc v PTT Public Company Ltd

Mon, 02 Aug 2021 09:35:13 Z

Triple Point Technology Inc v PTT Public Company Ltd will provide welcome clarity in relation to the drafting and interpretation of liquidated damages clauses in construction, commercial and technology contracts.

Climate change and sustainability disputes: Technology and innovation perspectives

Richard S. Zembek, Sean Murphy, Imran Ahmad, Daniel Prati — Mon, 05 Jul 2021 14:53:59 Z

The solutions to climate change and sustainability related issues offered by the Technology and Innovation sector.

EU’s possible Data Act

Jay Modrall — Thu, 01 Jul 2021 11:53:06 Z

Response to to the Consultation and Inception Impact Assessment are bound to shape the future of EU’s digital economy.