Tech regulation insights

European Commission updates competition rules for technology transfer agreements

Alexandra Rogers, Mai Muto, David Fila — Fri, 24 Apr 2026 09:30:56 Z

The revised Technology Transfer Block Exemption Regulation and accompanying guidelines will enter into force on 1 May 2026.

Tech in healthcare: Key trends for 2026

Fri, 10 Apr 2026 09:08:47 Z

Norton Rose Fulbright lawyers authored and edited key chapters in Digital Health 2026, covering artificial intelligence, the bio industrial technology stack and emerging technologies.

US national AI policy framework: White House sets priorities for Congress

Marc B. Collier, Ethan Glenn, Susan Linda Ross — Mon, 30 Mar 2026 13:33:02 Z

The White House’s National Policy Framework for Artificial Intelligence makes recommendations for legislative actions in seven key categories.

Financing data centers in Türkiye: Legal and financial landscape

Utku Ünver, Ezgi Alkım — Mon, 30 Mar 2026 13:21:21 Z

With growing demand and government support for data center development in Türkiye, we explore the key legal and financial considerations.

Data centres and AI infrastructure: Expectations for Australian developers

Ka-Chi Cheung, Peter Mulligan, Lisa Fitzgerald, Michael Muratore — Mon, 30 Mar 2026 13:08:52 Z

The Australian Government will prioritise proposals based on national interest, the energy transition, water usage, workforce development, and research and innovation.

Accessibility in e-commerce services: Compliance with European Accessibility Act

Laura Helloco, Geoffroy Coulouvrat, Nadège Martin — Tue, 17 Mar 2026 15:38:15 Z

With the European Accessibility Act transposed into French law, we examine accessibility rules for e commerce websites and apps, non-compliance sanctions and stakeholder considerations.

AI, algorithms and automation in the workplace: New South Wales’ Digital Work Systems Bill

Katherine Morris, Nicki Milionis — Mon, 09 Mar 2026 15:19:45 Z

The Parliament of New South Wales has passed a Bill introducing Australia’s first reforms of their kind to the Work Health and Safety framework. This article explores the key reforms and what they mean for organisations using digital tools to allocate, monitor or assess work.

NIS Regulations Keeling Schedule for the Cyber Security and Resilience Bill: How is the UK’s cybersecurity law changing?

Marcus Evans, Rosie Nance — Wed, 03 Dec 2025 14:01:40 Z

The UK’s Cyber Security and Resilience Bill (the Bill) has started making its way through Parliament. The Bill proposes amendments to the UK’s Network and Information Systems Regulations 2018 (NIS Regulations). The NIS Regulations implemented Directive (EU) 2016/1148, the EU’s first NIS Directive, and already impose cybersecurity obligations on some sectors.

UK Cyber Security and Resilience Bill: Headlines for the data centre sector

Marcus Evans, Rosie Nance — Wed, 03 Dec 2025 11:45:59 Z

AI in the Legal Sector in Thailand

Teerin Vanikieti, Thanthiti Seneewong Na Ayudthaya — Mon, 17 Nov 2025 15:22:25 Z

Thailand’s legal sector, both the courts and the Lawyers Council, is beginning to develop frameworks, standards and guiding principles for AI utilization by lawyers and the judiciary that aim to maximize public benefit while ensuring transparency, accountability and the preservation of human decision-making authority.

Thailand’s New AI Guideline

Teerin Vanikieti, Thanthiti Seneewong Na Ayudthaya — Mon, 20 Oct 2025 10:48:21 Z

Thailand is once again moving forward with AI regulation in an effort to establish a comprehensive framework for the use of artificial intelligence in the country. On 1 October 2025, the National Cyber Security Agency, the agency under the Ministry of Digital Economy and Society, published the “AI Securities Guideline” (the Guideline).

Italy enacts Law No. 132/2025 on Artificial Intelligence

Salvatore Iannitti, Francesco Gelmetti — Wed, 08 Oct 2025 16:04:53 Z

On September 23, 2025, Italy adopted Law no. 132/2025 on Artificial Intelligence (AI). The law will enter into force on 10 October 2025 and aims, inter alia, to complement the Regulation EU 2024/1689 (EU AI Act).

Banks outsourcing to the cloud: The economic drivers and regulatory implications

James Russell, Kerri Gevers, Kelsey Oosthuizen, Rosie Nance — Mon, 15 Sep 2025 13:27:45 Z

The financial services sector is becoming increasingly reliant on cloud service providers (CSPs) to fulfil its growing data processing and storage needs. Financial services providers in the United States have reportedly had the highest levels of adoption, operating 54 percent of their workloads in the cloud; and according to the European Central Bank, banks spent 13.5 percent more on cloud outsourcing in 2024 than in 2023.

Another contract remediation exercise for EU financial entities?

Kerri Gevers — Wed, 10 Sep 2025 10:04:30 Z

The European Banking Authority (EBA) is currently consulting on its draft guidelines on the sound management of third party risk (Draft Guidelines), which are intended to replace the 2019 guidelines on outsourcing arrangements (2019 Guidelines).

Thailand’s draft AI law: A new era for governance and innovation

Teerin Vanikieti, Tassanai Kiratisountorn, Patcharapol Sudsakorn — Wed, 10 Sep 2025 09:07:39 Z

Thailand is advancing its efforts to establish a national, comprehensive framework for artificial intelligence, with new draft legislation currently under consideration.

Can you access your outsourced data?

Kerri Gevers — Mon, 01 Sep 2025 13:03:29 Z

Financial regulators globally emphasise the importance of financial entities being operationally resilient, which includes the ability to manage and recover from disruptions caused by their service providers. The topic receives significant attention in the financial services sector because the sector is regulated, with the aim of promoting financial system stability.

Explain yourself: The legal requirements governing explainability

Marcus Evans, Rosie Nance, Lily Hands, Lisa Fitzgerald — Thu, 28 Aug 2025 11:31:57 Z

Agentic AI brings the promise of AI making a range of decisions autonomously. It has been proposed as the way forward for some of the most impactful decisions in our lives: interacting with customers and actioning requests, triaging requests for medical appointments, and hiring candidates — to name a few.

Navigating regulatory challenges in data centres

Thu, 01 May 2025 13:59:34 Z

Businesses investing in, financing or operating data centres face a complex matrix of laws and regulatory requirements. Ensuring compliance is important for lender and investor due diligence and is crucial to avoiding fines, penalties and contractual or regulatory breaches that can significantly impact the business and any investment in, or financing of, data centres.

New “Sensitive Technology List” to inform Canada’s national security efforts

Alexander Carden, Stephen Nattrass — Wed, 02 Apr 2025 13:54:31 Z

The Minister of Public Safety recently announced Canada’s first Sensitive Technology List (STL). The STL identifies the government’s priority categories of new technologies for regulation to safeguard Canadian national security.

Prohibited practices under the AI Act: Answered and unanswered questions in the Commission's guidelines

Marcus Evans, Rosie Nance — Wed, 05 Mar 2025 09:36:25 Z

The EU AI Act’s prohibitions came into effect on 2 February 2025 and carry fines of 7% worldwide annual turnover for non-compliance. The prohibitions at Article 5 and accompanying recitals (particularly recitals 28-44) set out a complex set of provisions.

European commission clarifies its consumer protection agenda for e-commerce

Jay Modrall, Julien Haverals — Thu, 20 Feb 2025 12:03:58 Z

Acting on one of the priorities laid out in President von der Leyen’s Mission Letter to Commissioner McGrath, the European Commission (EC) has published a communication on an EU toolbox for safe and sustainable e-commerce (the Communication).

The Commission’s guidelines on AI systems – what can we infer?

Rosie Nance, Marcus Evans, Peter John McBurney — Fri, 14 Feb 2025 16:16:00 Z

The EU’s AI Act imposes extensive obligations on the development and use of AI.

Online Safety Act: Protecting Children from Harmful Content Online – Ofcom’s Guidance on Age Assurance for Part 3 Services

Farah Mukaddam, Marcus Evans, Rosie Nance — Tue, 28 Jan 2025 09:49:46 Z

Ofcom has published its guidance for implementing age assurance measures for regulated service providers. User-to-user (U2U) services and search services take note: a decision not to implement highly effective age assurance measures means that your service may be deemed by Ofcom to be accessible by children.

Tech M&A Outlook: Investment and regulatory trends

Sean Murphy — Tue, 08 Oct 2024 10:43:24 Z

Earlier this year we looked at trends in M&A investment in the technology sector, highlighting the TMT sector was the best performing sector in 2023 in terms of deal value and volume. The sector has remained fairly subdued this year, but are there signs this could be changing? We explore with our colleagues in the UK, Europe and China the outlook for the sector in their regions, and the impact of regulation on M&A investment in the tech sector.

An overview of the European digital strategy

Polina Maloshchinskaia — Tue, 26 Sep 2023 16:08:00 Z

We have published an article, EU: An overview of the European digital strategy, explaining the aims and key components of the EU digital strategy, outlining at a high-level key legislation that has been published in this space in the past three years and highlighting the way in which the various legislative instruments interact with each other and with European data privacy rules.

Web 4.0 and virtual worlds: The next frontier

Thu, 31 Aug 2023 16:08:24 Z

As public awareness of Web 3.0, the metaverse and other associated technologies increases, there is further pressure on governments, businesses and regulatory bodies to keep abreast of both the possibilities and the risks of these new worlds.

AI, machine learning and big data laws and regulations 2023

Sean Christy, Chuck Hollis — Fri, 23 Jun 2023 08:35:00 Z

The usage and adoption of artificial intelligence (which refer to broadly herein to also include the application of AI to analytics of large data sets and in the context of machine learning (which includes the subsets of ML operations and deep learning)) has increased significantly over the past few years.

European digital and cyber regulation: Are you prepared?

Marcus Evans, Christoph Ritzer, Jurriaan Jansen, Nadège Martin — Fri, 09 Jun 2023 15:29:00 Z

In 2020, the European Commission published its central digital policy document “Shaping Europe’s Digital Future” which outlined its digital strategy for the next five years.