Archive: September 2025

California has enacted the Transparency in Frontier Artificial Intelligence Act (Cal. SB 53).

Relief events clauses are included as standard provisions of most technology implementation, outsourcing and services contracts. Under such provisions, the supplier is relieved of its obligations if or to the extent that its failure to comply with contractual requirements is caused by the customer.

Liability is often a contentious topic (and typically the last provision to be agreed) in a technology or outsourcing contract negotiation.

Opt-out signals are now a cornerstone of modern privacy. These browser-based or device-level mechanisms tell companies not to ”sell” or “share” personal data to third parties.

The financial services sector is becoming increasingly reliant on cloud service providers (CSPs) to fulfil its growing data processing and storage needs. Financial services providers in the United States have reportedly had the highest levels of adoption, operating 54 percent of their workloads in the cloud; and according to the European Central Bank, banks spent 13.5 percent more on cloud outsourcing in 2024 than in 2023.

Cheat software has long been a thorn in the side of game publishers. But does it also constitute a copyright infringement? In a landmark decision, issued on July 31, 2025, the German Federal Court of Justice (BGH) ruled that cheat tools that merely manipulate in-game variables in RAM - without altering the program code - do not violate software copyright under EU law.

The European Banking Authority (EBA) is currently consulting on its draft guidelines on the sound management of third party risk (Draft Guidelines), which are intended to replace the 2019 guidelines on outsourcing arrangements (2019 Guidelines).

Thailand is advancing its efforts to establish a national, comprehensive framework for artificial intelligence, with new draft legislation currently under consideration.

Plaintiffs say Anthropic used pirated e-books for Claude LLMs.

The Court of Justice of the European Union (CJEU) has delivered its judgment on case C 413/23 P European Data Protection Supervisor (EDPS) v Single Resolution Board (SRB). The CJEU has confirmed that pseudonymised data will not be personal data in all cases. This will be a welcome confirmation for innovative uses of data, including AI models.