Snapshot
A summary of key UK legal and market developments affecting businesses
© 2025 Dentons. All rights reserved. Attorney Advertising. Dentons is a global legal practice providing client services worldwide through its member firms and affiliates. This website and its publications are not designed to provide legal or other advice and you should not take, or refrain from taking, action based on its content.
All Developments
Technology & E-commerce
Real Estate
Planning
Employment
Pensions
International Trade & Sanctions
Restructuring & Insolvency
Financial Services & Banking
Environment
Disputes & Risk
Data Protection & Cybersecurity
Corporate
Construction & Infrastucture
Competition & Foreign Investment
Commercial Contracts
Capital Markets (Equity & Debt)
Business Crime & Investigations
// Edition 3, February 2025
Paul Langford, Managing Practice Development Lawyer D +44 20 7246 7032
Email
Adam Pierce, Partner D +44 20 7246 7789
// HIGHLIGHTS
// GET IN TOUCH
// ALL DEVELOPMENTS
Read more
Failure to prevent fraud
This new offence, introduced by the Economic Crime and Corporate Transparency Act 2023, comes into effect in 2025. What should in-scope businesses be doing to prepare?
A number of key consumer protection law changes are about to come into force – what action do you need to take now?
DMCC Act 2024: Consumer aspects
We consider what you can do to stay one step ahead of an expanding e-commerce regulatory framework.
Online trading
Artificial Intelligence
Go to homepage
// MORE FROM DENTONS
Client experience (CX)
Our CX programs will help you gain the insights you need to successfully drive the in-house legal agenda.
Open link
Laws of AI traction report
Our extensive survey explores where large organisations are in their AI adoption journey.
Global AI trends report
The legal issues in AI you need to know about for the year ahead.
As the government outlines its plans for regulating AI, what will you need to do to ensure you are fully prepared?
AI regulation in the UK
Artificial intelligence
What sort of wording should you add to a remedies clause to help avoid it being deemed an unenforceable penalty?
The modern test for penalties
What are the wider implications for consumer-facing businesses with third-party commission arrangements in place?
Litigation on motor finance commissions
// Coming UP
Snapshot Live Thursday 6 March 2025
Want to know more about the developments in this edition of Snapshot?
Register for Snapshot live webinar
Dr Kuan Hon Of Counsel D +44 20 7320 3940
View All Developments
What does the Public Authority Algorithmic and Automated Decision-Making Systems Bill (PAAADMS) do?) This is a private members' bill which was introduced in September 2024. It is intended to ensure that algorithmic and automated decision-making systems are deployed by the public sector in a way that accounts for and mitigates risks to individuals, public authorities, groups and society; and leads to efficient, fair, accurate, consistent and interpretable decisions. How would PAAADMs work? The bill would regulate the use of automated and algorithmic tools in decision-making processes in the public sector (including AI) by requiring public authorities to complete an impact assessment of automated and algorithmic decision-making systems, to ensure the adoption of transparency standards for such systems and provide for an independent dispute resolution service. At what stage is the legislation? The bill has gone through first and second readings and is expected to reach Committee stage in late January 2025. Typically, most private members' bills do not make it fully through the legislative process – it will be interesting to see if this one is a rare exception.
The PAAADMS Bill
Nick Graham Partner D +44 20 7320 6907
Antonis Patrikios Partner D +44 20 7246 7798
www.dentons.com
Further material
What is the AI Safety Institute? The AI Safety Institute is a research organisation within the Department for Science, Innovation and Technology. Its mission is to provide government with an empirical understanding of the safety of advanced AI systems. What is the development? Peter Kyle, the Secretary of State for Science, Innovation and Technology, announced in the autumn of 2024 that the AI Safety Institute will be made a statutory body.
AI Safety Institute
When will we see a draft of a UK AI Act? The government has stated that it will "seek to establish the appropriate legislation to place requirements on those working to develop the most powerful artificial intelligence models". It is likely that this will materialise in the form of a legally-binding statutory code of conduct. However, the government has not yet introduced any AI bill as such. What is the government's direction of travel? The government's manifesto included two key statements on AI: Statement 1: Ensuring creators are properly protected and remunerated for their work, while also making the most of the opportunities of AI and its applications for creativity in the future. The government issued a consultation in December 2024, seeking views on how to achieve its objectives for the AI and creative sectors of: supporting right holders' control of their content and ability to be remunerated for its use; supporting the development of world-leading AI models in the UK by ensuring wide and lawful access to high-quality data; and promoting greater trust and transparency between the sectors. It has outlined measures that would require increased transparency from AI developers, which includes"… the content they use to train their models, how they acquire it and any content generated by their models" (training data information including provenance, etc.). Another proposal would introduce an exception to copyright law for "text and data mining", to improve access to content by AI developers, but allow right holders to reserve their rights and thereby prevent their content being used for AI training. The consultation closes on 25 February 2025. Statement 2: Ensuring "the safe development and use of AI models by introducing binding regulation on the handful of companies developing the most powerful AI models and by banning the creation of sexually explicit deepfakes". The government plans to introduce new offences (which it has indicated will be punishable by up to two years' imprisonment) as an amendment to the Data (Use and Access) Bill. This will enable perpetrators to be charged for both creating and sharing sexually explicit deepfake images without consent (it has already introduced related laws, see the Technology & E-commerce section under Online safety). The government’s plans also include the creation of new offences for the taking of intimate images without consent and the installation of equipment with intent to commit these offences. It acknowledged that, while it is already an offence under the Sexual Offences Act to share, or threaten to share, an intimate image without consent, it is only an offence to take an image without consent in certain circumstances, such as upskirting. Further developments on the proposed new offences are awaited. Does the EU AI Act have any direct effect in the UK? The EU AI Act is now in force and may apply to UK entities. For example, if the output of an organisation's AI systems is used in the EU, the AI Act would apply (irrespective of the general position post Brexit) but the organisation's role must be considered carefully. The bulk of the AI Act's provisions will not be fully applicable until August 2026, including most of those applicable to high-risk AI systems.
Back to top
Sarah Partridge-Smith Senior Associate D +44 20 7320 5527
Timeline The Economic Crime and Corporate Transparency Act 2023 introduced a new corporate strict liability offence of "failure to prevent fraud" (FTP). Following publication of guidance for firms, the offence will come into effect from 1 September 2025. What does it do? The FTP offence holds in-scope organisations criminally liable in specific circumstances for fraud offences committed by associated persons which benefit the organisation or its customers. How might a UK business be affected? The offence applies to incorporated entities and partnerships across all sectors meeting at least two of the following criteria: more than 250 employees; turnover exceeding £36 million; and/or assets exceeding £18 million. The offence applies where a fraud offence is committed which is capable of being prosecuted under UK law – i.e. where the offence is committed in the UK, or by a UK-based employee, or where the gain or loss occurred in the UK. If committed by a UK subsidiary, legal action can be taken against the parent company, even where based outside the UK if the fraud was intended to benefit the parent company. Organisations will have a defence against corporate liability where they have reasonable procedures in place to prevent fraud, or where they can demonstrate that it was not reasonable to expect the organisation to have such measures in place. In assessing "reasonable" measures, the focus is on six principles: top management commitment; risk assessment; proportionate prevention procedures; due diligence; communication and training; and monitoring and review.
UK government publishes guidance on "failure to prevent fraud" offence
David Cohen Partner D +44 20 7246 7535
Timeline The new Financial Conduct Authority UK Listing Rules sourcebook took effect on 29 July 2024. What does it do? The key change is a new single listing category for equity shares in commercial companies (ESCCs) which has replaced the previous premium and standard listing categories. The main features of an ESCC, compared with the previous regime for premium listed companies, are: reduced eligibility criteria for companies wishing to undertake an initial public offering; and a simplified, more disclosure-based continuing obligations regime, with reduced regulatory intervention. The changes are designed to encourage a more diverse range of companies to list and grow in the UK and to promote more investment opportunities for investors, without compromising high standards of market integrity and consumer protection. For debt securities, the main change is that all listing principles are now applicable to issuers of debt securities. How might a UK business be affected? This liberalisation of the UK listing regime for ESCCs should encourage a broader range of companies wishing to undertake an initial public offering to consider a UK listed market, notably the Main Market of the London Stock Exchange. Companies which were previously premium-listed and are now in the ESCC category will benefit from the lighter touch continuing obligations regime.
New UK Listing Rules
Timeline FCA consultation draft published on 26 July 2024. The FCA aims to finalise the rules by the end of the first half of 2025. There will be a further, currently unspecified, period before the new rules come into force. In addition, a consultation on the retail disclosure regime is currently in progress. What does it do? The consultation draft sets out the FCA's proposed new prospectus rules for companies seeking to admit securities to a UK regulated market (e.g. the Main Market of the London Stock Exchange) or primary multilateral trading facility (MTF) (e.g. AIM for equity, or the ISM for debt). The FCA is making these new rules under the powers granted to it by the Public Offers and Admission to Trading Regulations 2024. These replace the EU-derived UK Prospectus Regulation and provide the framework for a more regulator-led approach. How might a UK business be affected? Issuers wishing to have their securities admitted to trading on a regulated market or primary MTF will have to comply with the new prospectus requirements once they are in force. For initial public offerings and debt security offerings on a UK regulated market, there is a large degree of consistency between the current and new regimes, with the main deregulatory change relating to secondary issues – it is proposed that the threshold for triggering a prospectus for further issuances should increase from 20% (of existing fungible securities) to 75%, for both equity and debt securities. For debt, other notable proposals include the ability to automatically incorporate future financial information within the 12-month validity of a debt issuance programme. New requirements in relation to primary MTFs are designed to encourage retail participation.
UK prospectus regime: draft rules on public offers and admissions to trading published
Neil Nicholson Partner D +44 20 7246 7624
Nik Colbridge Partner D +44 20 7246 7102
Paul Langford Managing Practice Development Lawyer D +44 20 7246 7032
Timeline Court of Appeal decision – August 2024. What does it do? Do you ever draft damages clauses? Remedy clauses, regardless of their particular type, all potentially face the same challenge: drafting them to ensure they are not unenforceable penalties. This case concerns default interest – not the sort of interest we tend to prescribe for late payment, but here being the interest to be charged for a failure to make loan repayments on time. The actual setting is unimportant and, in fact, no decision is reached by the Court of Appeal as to whether or not the specified interest rate was an unenforceable penalty. What is key here (and what we can learn from) is the specific focus of the decision in considering whether the current test for penalties had been correctly applied. London Credit agreed a facility letter with CEK Investments for a loan with an interest rate of 1% per month. The default interest rate was 4% per month. Following an alleged default under the facility letter, London Credit claimed default interest on outstanding amounts. CEK argued that the 4% per month default rate was a penalty and therefore unenforceable. In the High Court, experts agreed that a more typical default rate was 3% in total per month. Given there was nothing unusual about this transaction or the breach, the court felt there was nothing to justify an additional 1% per month. The court applied the test set in Cavendish Square Holdings BV v. Makdessi (SC, 2015), concluding that as the default rate did not protect any legitimate interest of London Credit, it was a penalty. The Court of Appeal considered that the judge had not correctly applied the test for penalties, as effectively it only considered the legitimate interest element of the test. Crucially, the High Court failed to consider whether the provision was extortionate, exorbitant or unconscionable in attempting to protect those interests. Therefore, the Court of Appeal sent the issue back to the High Court to apply the correct test to determine whether there was a penalty. How might a UK business be affected? Key lessons from this case: For a remedy clause to be enforceable, generally the innocent party must show that it protects a legitimate interest. A remedy clause will generally be unenforceable where the remedy is extravagant, exorbitant or unconscionable. The full test requires the provision in question to be a secondary obligation. To be penal, this needs to impose a detriment on the contract-breaker out of all proportion to any legitimate interest of the innocent party in the enforcement of the primary obligation. Where your agreement includes a remedy mechanism, such as liquidated damages, consider including language along the following lines: "Both Parties acknowledge that [state contractual remedy] are proportionate to protect the operational and financial interests of the Customer in the event of [state trigger] and that the figures specified in that Schedule are reasonable."
How should (and do) the courts apply the modern test for penalties? Houssein v. London Credit
Timeline Supreme Court decision – July 2024. What does it do? This high-profile case considers the use of endeavours obligations in force majeure clauses. It focuses on what a party affected by force majeure needs to do to comply with a clause requiring it to use reasonable endeavours to overcome the force majeure. In 2016, RTI entered into a shipping charter agreement with MUR. The US imposed sanctions in April 2018 against a number of Russian individuals and entities, including the parent company of UK entity, RTI. As a result, MUR invoked a force majeure clause in the contract with RTI, claiming it would be a breach of sanctions for MUR to continue with the performance of the contract, and that the sanctions prevented US dollar payments, as required under the contract. The tribunal found that MUR was able to rely on the force majeure clause, but that this could have been overcome by using its reasonable endeavours – as required under the clause – to accept payment in euros. The High Court felt that the tribunal was wrong to conclude that MUR was required to use reasonable endeavours to accept payment in euros and held that MUR was able to rely on the force majeure clause. The clause was not confined to cases where loading or discharge was physically or legally impossible. Therefore, MUR was absolved from any liability for its non-performance. RTI appealed on the issue of whether the force majeure event could have been overcome by reasonable endeavours. The Court of Appeal unanimously disagreed with the High Court's decision that the requirement to exercise reasonable endeavours could not be applied to accepting payment in euros. It focused on the key purpose of RTI's proposal that payment be made in euros. Applying commercial common sense, the Court of Appeal concluded that this avoided the ultimate problem at hand, being the inability to make US dollar payments due to sanctions. The Supreme Court reversed the Court of Appeal's decision, finding in favour of MUR. It held that, in the circumstances, "reasonable endeavours" to overcome a force majeure event did not include accepting an offer of non-contractual performance. How might a UK business be affected? Key lessons from this case: Contracts commonly provide that force majeure can only be invoked where it could not have been overcome or avoided by the taking of reasonable steps/endeavours. Generally, this means the affected party must show that failure to perform could not have been avoided by taking reasonable steps/endeavours. Contracts commonly provide that force majeure can only be invoked where it could not have been overcome or avoided by the taking of reasonable steps/endeavours. Even if your force majeure clause does not contain specific reference to using reasonable endeavours, it may be interpreted as containing a reasonable endeavours obligation. Generally, this means the affected party must show that failure to perform could not have been avoided by taking reasonable steps/endeavours.
What do reasonable endeavours require in a force majeure clause? MUR Shipping v. RTI
Timeline Court of Appeal decision – March 2024. What does it do? How do you ensure the terms for use of your website are binding on your customers? The classic way of doing so is by way of a clickwrap, which typically forces users to scroll through an incredibly long set of legal provisions, before entering into a contract. In practice, is this approach any more effective than pointing clearly to a prominent hyperlink? Mrs Parker-Grennan (Mrs PG) had an online National Lottery account with Camelot, the licensed operator of the National Lottery. The following appeared on the screen: "Terms and Conditions…By ticking the box below you confirm that if you play the National Lottery Games interactively, you have read, accept and agree to be bound by the [relevant terms]. In addition, when you play a particular game, you agree to be bound by the [relevant terms] that apply to that game and confirm your acceptance of the Privacy Policy. I have read, accept and agree to be bound by the relevant Terms and Conditions and Rules of this website and the Privacy Policy of this website." To the right was a box marked with an asterisk next to which appeared the words "Accept terms and conditions" and a button marked "Confirm", which Mrs PG clicked. At the bottom of the page was a box with a link to the main account terms, with contained hyperlinks to the other terms and conditions mentioned in the text on the screen. Mrs PG played on her laptop one of Camelot's latest online instant-win games and appeared to have won the top prize of £1 million. When she clicked the "Finish" button, her prize, according to Camelot's computer, was £10. The reason why Mrs PG saw what looked like a winning combination was due to a coding issue which generated an error in the on-screen animations on certain devices. She argued that, if a software error had caused it to look as if she had won a prize when it was not intended that she should, it was Camelot's problem. Camelot would have a claim against its software suppliers. The High Court considered all the potentially relevant contractual terms and conditions, and found in favour of Camelot. Mrs PG appealed, arguing that Camelot's terms were not incorporated in the contract and, even if they were, they were unenforceable. The Court of Appeal dismissed her appeal. Mrs PG had won only £10, not £1 million. Incredibly, this is the first-ever case in which the issue of what needs to be done to incorporate online terms has been considered by the Court of Appeal. Although it declined to lay down any general principles, there is still much we can learn from this case. How might a UK business be affected? Key lessons from this case: Depending on the facts and circumstances of a particular case, a "sufficient opportunity to read the terms" may be afforded simply by providing a hyperlink to the terms, or a dropdown menu which the consumer can click (or not) as they choose. Following a clickwrap procedure will not be sufficient to incorporate standard terms and conditions in every case of an online contract for goods or services. The question is not whether the trader has done everything in its power to try to make the other contracting party read the terms. A trader only needs to take reasonable steps to bring the terms and conditions to their attention.
What are the rules of incorporation for online terms? Parker-Grennan v. Camelot
Rebecca Owen-Howes Counsel D +44 77 3330 7375
Digital Markets, Competition and Consumers Act 2024 – competition aspects
Timeline December 2024: the CMA published draft consumer protection guidance. April 2025: implementation of consumer protection law changes. Spring 2026: expected reform to the law on subscription contracts. What does it do? The Digital Markets, Competition and Consumers Act 2024 overhauls UK consumer enforcement. It migrates, with some minor amendments, the Consumer Protection from Unfair Trading Regulations 2008 and enhances consumer protection in a number of ways including: granting the CMA the power to take direct enforcement action against businesses, without recourse to the courts; enhancing the existing court-based regime for other public bodies and the Consumers' Association; imposing fines of up to 10% of a business's global annual turnover (or £300,000 if higher); combatting drip pricing. This is a "dark practice" which operates by a consumer being shown an initial price, but unavoidable additional fees are added at a later stage in the transaction. (Further "dark practices" are expected to be added by secondary legislation, to deal with issues such as "confirmshaming", "harmful sludge" and "biased framing"); and introducing a new regime for subscription contracts. These are contracts which automatically renew for an indefinite or fixed period and under which consumers incur liability until they terminate the contract. How might a UK business be affected? Now is the time for consumer-facing businesses to review their consumer protection compliance policies, contracts and business practices, to make sure they comply with the new rules when they enter into force. We can expect the CMA to use its direct enforcement and fining powers, particularly given the CMA's increased focus over recent years on protecting consumers.
Digital Markets, Competition and Consumers Act 2024 – consumer aspects
Timeline High Court decision - 22 April 2024. What does it do? In one of 2024's key competition cases, the High Court overturned a finding by the Competition Appeal Tribunal (CAT) that a higher standard of evidence is required for a warrant for a raid at domestic premises. The CAT had previously found that the CMA must show that the occupier had a "propensity" to destroy physical or electronic documents held on their property, in order to obtain a warrant for a domestic raid (unlike a raid on business premises). The High Court held that this was not a requirement to issue a warrant to search domestic premises. It noted that this evidence could be very difficult to obtain, given that raids often take place at the start of an investigation, where little such information is available. How might a UK business be affected? With the increase in remote-working – and electronic communication – the CMA will want to be able to search domestic premises to secure evidence of potential breaches of competition law. Companies therefore should establish clear protocols for home dawn raids and provide training to employees.
A lower threshold for UK raids at domestic premises
Timeline 1 January 2025. What does it do? The Digital Markets, Competition and Consumers Act 2024 introduces significant changes to UK competition law. These include: strengthening the CMA's investigative and enforcement powers to allow the CMA to take faster and more effective action against anti-competitive conduct; widening the UK merger control regime to capture "killer acquisitions", where the transaction has a sufficient UK nexus and at least one party has an existing share of supply of 33% in the UK and a UK turnover of at least £350 million; expanding the territorial reach of the UK prohibition on anti-competitive agreements to capture agreements where there are (or are likely to be) direct, substantial and foreseeable effects within the UK, even if such agreements are implemented outside the UK; updating procedures for market studies and investigations (e.g. allowing the CMA to accept undertakings at any stage of a market study or investigation); and restricting foreign state ownership, control or influence over UK newspapers and news magazines. How might a UK business be affected? The changes are wide-ranging and mean that firms are potentially at greater risk of competition enforcement action. Firms that are active in M&A will need to be aware of the CMA's enhanced jurisdictional reach and extraterritorial investigative powers.
Construction & Infrastructure
Esther McDermott Partner D +44 20 7320 3938
Mark Macaulay Partner D +44 20 7246 7544
Timeline Ongoing. What does it do? The evolution of collaborative contracting in the UK construction industry represents a significant shift from traditional adversarial relationships to a more integrated and co-operative approach. This transition has been influenced by various: reports (starting with Egan's Rethinking Construction in 1998); contractual frameworks (such as the New Engineering Contract); and industry initiatives, that have recognised the benefits of collaboration in delivering successful construction projects. Recent examples of this new approach can be seen in the government's Construction Playbook. This advocates commercial models incentivising collaboration, innovation and improved performance, including shared risk and reward mechanisms. The industry itself has developed Integrated Project Delivery, a project delivery method emphasising collaboration and integration among stakeholders from a project's earliest stages. Most recently, the JCT updated its suite of contracts in 2024 to include a requirement to work with other project team members in a co-operative and collaborative manner, in good faith, and in a spirit of trust and respect. How might a UK business be affected? Reliance on standard contract terms alone will not secure collaborative working. For this approach to flourish, construction businesses must build trust with supply chain partners, communicate openly and commit to common objectives early in the project process.
Collaborative contracting in the UK construction industry
Timeline Ongoing. What does it do? Supply chain insolvency continues to plague the construction industry. The combined effects of: recent world events (the war in Ukraine and Covid-19); changes on the domestic front such as Brexit and tax changes; and the cost of implementing statutory changes aimed at improving industry processes (such as the Building Safety Act 2022), continue to put pressure on labour and material resources. Supply chain issues can very quickly result in programming issues, party underperformance, squeezed profit margins and erratic/zero cash flow across the supply chain. It is little wonder that disputes and insolvencies emerge. How might a UK business be affected? There is action you can take to head off insolvencies – but only if you can spot the issues and address them early and head-on. With many businesses facing some or all of these challenges, parties should monitor their supply chains for signs of financial pressure such as: failure to pay on time or at all; reduced labour on site; incompetence/defective work; and parties that avoid communication. Prompt action to understand the reasons for such issues and a level of frankness can sometimes lead to practical solutions such as a new payment schedule or materials being paid for by another party.
Insolvency in the construction industry
Darren Acres Partner D +44 20 7246 7745
Timeline Phased implementation from March 2024 and continuing until 2027. What does it do? This legislation increases the oversight and transparency of corporate entities in the UK by: giving Companies House new and enhanced powers to query information supplied to it, requesting supporting evidence and removing incorrect information; and making changes to Companies House filing and administrative requirements for UK companies, limited liability partnerships and limited partnerships. How might a UK business be affected? Businesses need to continue to ensure that they are ready for the new filing and administration requirements as they come into force. So far, the direct changes for businesses have been relatively minimal, but much of the legislation is yet to be implemented, including the new rules on mandatory identity verification for directors, significant controllers and others delivering documents to Companies House. Companies House has published a high-level timetable indicating that it is working towards a phased roll-out of mandatory identity verification from autumn 2025, with voluntary verification possible from the end of March 2025.
Economic Crime and Corporate Transparency Act 2023
Brian Moore Partner D +44 131 228 7181
Jayne Schnider Partner D +44 20 7246 7711
Data (Use and Access) Bill
Dr. Kuan Hon Counsel D +44 20 7320 3940
Timeline In October 2024, the government introduced the Data (Use and Access) Bill (DUA Bill). What does it do? We compare the latest proposal with the now-defunct Data Protection and Digital Information Bill (DPDI Bill): New: Most of the new provisions do not directly amend existing data protection legislation but may still affect privacy or data. These include powers regarding information/IT standards for health and social care. The DUA Bill also includes an amendment to the OSA. This enables regulations to require providers of regulated services to supply information for purposes related to the carrying out of independent research into online safety matters (similar to that which is provided under the EU Digital Services Act). Not particularly new: Proposals from the DPDI Bill which were retained include: provisions on processing for scientific research (even if commercial); certain exceptions to purpose limitation; the alignment of personal data breach notification time limits under PECR 2003 with the UK GDPRs (where feasible, not later than 72 hours after becoming aware); the expanded definition of "direct marketing" ("the communication (by whatever means) of advertising or marketing material which is directed to particular individuals", which could conceivably catch personalised ads on websites); greater potential flexibility on international transfers; various changes to the regulator and regulatory powers (e.g. establishing the new Information Commission). Powers, which allow the Secretary of State and Treasury to make provision on access to both customer and business data, remain. Other provisions retained include those on registers of births and deaths, digital verification services and the National Underground Asset Register. Different: The list of recognised legitimate interests remains, except that the democratic engagement section has been deleted. Provisions facilitating automated decision-making also remain, no doubt with an eye to AI. There is flexibility for additional or supplemental safeguards to be added and to specify what would not suffice. The Secretary of State is also empowered to expand special category protections. Omitted: Certain anticipated issues are not addressed, such as the definition of "personal data" and the meaning of identifying someone "directly" or "indirectly". This is probably an oversight, given the DUA Bill's long title still refers to "identified or identifiable living individuals". Also gone are controller-favourable provisions on "vexatious or excessive" requests by data subjects. Various provisions viewed as impairing accountability have also been dropped. A proposal not to require appointment of a UK representative for non-UK controllers/processors has also been dropped. The Secretary of State will no longer be able to designate any statement of strategic priorities to which the Information Commissioner must have regard. What is the position on adequacy? The House of Lords European Affairs Committee has stressed the importance of the UK's adequacy status under the EU GDPR being renewed by the European Commission on its expiry in June 2025. Overall, the DUA Bill seems less likely than the DPDI Bill to jeopardise the UK's adequacy, but some provisions will no doubt still be much critiqued and debated in the months to come. Indeed, many amendments have already been put forward – currently, the Bill is very much a moving target.
Cyber Security and Resilience Bill
Timeline A Cyber Security and Resilience Bill (CSR Bill) will be introduced in 2025. What does it do? The focus will be on the security of critical infrastructure and essential services. The main functions of the CSR Bill are: expanding the remit of existing regulation (the UK NIS Regulations) to bring more digital services and supply chains within scope; putting regulators on a stronger footing, including potential cost recovery mechanisms and giving them power to investigate vulnerabilities proactively; and expanding reporting requirements (type and nature of reportable incidents, including ransom attacks).
Ransomware
Timeline Ongoing. Current consultation on ransomware deadline is 5pm on 8 April 2025. What are the current plans? In 2024, DSIT had consulted on various elements of these proposals, such as: bringing into scope managed service providers; changing the definition of a "reportable incident" to capture a wider range of incidents including incidents capable of resulting in a significant impact to service continuity and incidents that compromise the integrity of a network and information system; changing the reporting deadline from 72 hours to 24 hours; introducing a transparency requirement to ensure customers are notified of incidents which significantly compromise the integrity of a digital service upon which they rely; and further queries on aspects such as whether data centres should be regulated, the costs of organisation-wide rollout of multi-factor authentication and password resets, and to what extent regulators reviewed supplier contracts of regulated entities. On 14 January 2025, the UK Home Office issued a consultation on its proposals on ransomware, which will be aligned with the CSR Bill's provisions. These include: A targeted ban on ransomware payments for all public sector bodies and critical national infrastructure – this aims to expand the existing ban on ransomware payments by government departments to make the essential services upon which the country relies the most unattractive targets for ransomware crime. A ransomware payment prevention regime – this aims to increase the National Crime Agency's awareness of live attacks and criminal ransom demands, provide victims with advice and guidance, and enable payments to known criminal groups and sanctioned entities to be blocked. A mandatory reporting regime for ransomware incidents – this aims to maximise the intelligence used by UK law enforcement agencies to warn of emerging ransomware threats and to target their investigations on the most prolific and damaging organised ransomware groups.
Dan Bodle Partner D +44 20 7246 7540
Timeline Not yet confirmed (expected to come into effect later this year). What does it do? The Bill modernises the framework of rules governing English-seated arbitration as set out in the Arbitration Act 1996. Key changes include: introducing a new default rule providing that, where parties have not expressly selected a law to govern their arbitration agreement, the applicable law will be the law of the seat (though this will not apply in certain investment treaty cases); codifying an arbitrator's common law duty to disclose any matters which might reasonably give rise to justifiable doubts as to their impartiality; and expressly empowering arbitrators to summarily determine issues which have no real prospect of success. It was reintroduced after the general election in July 2024, having not been passed in the pre-election wash-up, and is currently progressing through the House of Commons. How might a UK business be affected? The Bill will further promote England as an attractive seat for international arbitration. For example, the new rule as to the governing law of the arbitration agreement largely simplifies the existing position in case law, leading to greater predictability in cross-border disputes.
Arbitration Bill: modernising the rules of English arbitration
Timeline Ongoing. What does it do? The group actions domain continues to be a very active one. Recent cases before the courts have tested the limits of the representative action procedure under CPR 19.8 in securities group actions and claims involving flight delay compensation and data privacy, and the first trial in Municipio de Mariana v. BHP, the largest opt-in class action in the UK to date, is scheduled to conclude in March 2025. Other significant developments are expected over the next few months: The Competition Appeal Tribunal is expected to consider the parties' settlement in the first-ever opt-out claim to be brought under the UK's collective action regime at an approval hearing in February. Looking further ahead, the Civil Justice Council anticipates publishing its final report and recommendations as part of its review of third-party litigation funding in England and Wales by this summer. How might a UK business be affected? At present, opt-out collective proceedings can only be brought in the UK for breaches of competition law. As the courts continue to develop their interpretation of the other procedural mechanisms for bringing group claims, one key question will be whether this leads to an expansion of the types of claims which can proceed on a collective basis. It will be important to keep a close eye on the developing case law.
Group actions: a bustling start to the year
Louisa Caswell Partner D +44 20 7320 6084
Timeline From 1 July 2025. What does it do? The Hague Convention on the Recognition and Enforcement of Foreign Judgments in Civil or Commercial Matters (the 2019 Hague Convention) provides for signatory states to mutually recognise and enforce judgments in respect of civil and commercial matters which satisfy one of the "bases" listed in Article 5 (for example, where the judgment is given further to a non-exclusive or asymmetric jurisdiction clause). This supplements the more limited scope of the 2005 Hague Convention, which applies only where there is an exclusive choice of jurisdiction, and is particularly important given the wide-ranging EU law rules for recognising and enforcing judgments can no longer be relied upon to enforce judgments of UK courts post Brexit. The 2019 Hague Convention comes into force for the UK on 1 July 2025 and will apply to judgments from the courts of England and Wales where the judgment is given in proceedings commenced after the Convention came into force for both the UK and the enforcing state. (The UK has restricted application of the 2019 Hague Convention to England and Wales only. It will therefore not apply to judgments from the courts of Scotland or Northern Ireland.) While the EU (excluding Denmark), Ukraine and Uruguay are the only other contracting states at present, it is anticipated that other states will sign and ratify the 2019 Hague Convention in due course. How might a UK business be affected? The 2019 Hague Convention will enable English judgments to be readily enforced abroad in a wider range of circumstances and so helps to further promote the UK as an international dispute resolution forum.
The 2019 Hague Convention: facilitating the enforcement of English judgments abroad
Alison Weatherhead Partner D +44 141 271 5725
Timeline Most measures will not take effect before 2026. What does it do? The government published an Employment Rights Bill to fulfil the significant employment law reforms it pledged to introduce in its "Deal for Working People", including: unfair dismissal protection to become a day-one right, subject in most cases to a statutory probation period; parental and paternity leave to become a day-one right and stronger dismissal protections after maternity leave; zero-hours workers, and those on low-hour contracts, to gain a right to a "guaranteed hours" contract; dismissal in "fire and rehire" or "fire and replace" situations to become automatically unfair, except in very limited circumstances involving serious financial difficulties; the trigger for collective redundancy consultation will apply across an employer's business, rather than treating each workplace separately; repealing strike minimum service laws, simplifying union processes and improving access; the re-introduction of employer liability for harassment of employees by third parties; and increasing the time limit to bring any tribunal claim from three months to six months. The government has said that most measures will not come into force until 2026, with the changes to unfair dismissal not coming into force before autumn 2026. It also promised an Equality (Race and Disability) Bill, to extend the equal pay regime to cover race and disability, along with pay gap reporting. The government will consult on this legislation "in due course" and intends to publish the draft Bill during this parliamentary session. How might a UK business be affected? Nothing changes immediately but, if implemented, these reforms would mark the biggest employment law overhaul in a generation. Employers should start auditing their processes, policies and contracts to prepare.
Major employment law reforms
Timeline Now. What does it do? In the last edition of Snapshot, we reported on an EAT decision, which introduced a potential new requirement for an employer to carry out "general workforce consultation" at a formative stage, even where the numbers at risk did not trigger the obligation to consult collectively. The Court of Appeal has overturned the EAT's decision, confirming that there is no such requirement. The Court of Appeal's ruling provides welcome clarity that general workforce consultation is not a prerequisite for a fair dismissal in small-scale redundancies. What does it do? Employers can continue to follow the well-established principles of fair redundancy consultation when dealing with small-scale redundancies. Ensuring consultation with affected individuals begins at a formative stage remains a crucial aspect of a fair redundancy process.
General workforce consultation not required in small-scale redundancies
Timeline Came into force on 26 October 2024. What does it do? On 26 October 2024, a new legal duty came into force requiring employers to take reasonable steps to prevent sexual harassment of employees. The new duty is proactive, aimed at preventing future incidents of sexual harassment rather than just responding to them. Tribunals can increase compensation by 25% for breaches and the Equality and Human Rights Commission can enforce this duty, even without an employee complaint. It only applies to sexual harassment (although the defence of taking "all reasonable steps" to prevent harassment based on any relevant protected characteristic will still be available). How might a UK business be affected? What is reasonable will vary from employer to employer and will depend, among other things, on size, resources and the nature of the workplace. Practical steps to take now are set out in more detail in our linked articles below. Employers should conduct a risk assessment and consider taking the same preventative steps in relation to all forms of harassment.
New duty to prevent sexual harassment
Helen Bowdren Partner D +44 20 7246 4866
Timeline The pEPR regime came into force on 1 January 2025, replacing the existing packaging waste producer responsibilty regime. Data reporting obligations have been applicable since 2023, but the first charges will be levied in 2025 (in respect of 2024 packaging data). What does it do? The pEPR regime places reporting and financial obligations on businesses responsible for producing packaging waste, with the aim of funding waste collection and recycling operations. As well as changing existing producer responsibility obligations, the regime imposes a new obligation to contribute to local authority costs of collecting and recycling household packaging waste, through payment of a waste management fee. In-scope businesses can reduce the fee they must pay by using more sustainable packaging. How might a UK business be affected? A UK business that is responsible for producing packaging waste and meets the pEPR regime thresholds will be required to comply. Activities involving the supply of packaging or packaged goods may bring a business in scope, including: having its branding on packaging; being the distributor, packer or filler of empty unbranded packaging; importing packaged goods; or in some circumstances, being an online marketplace.
New extended producer responsibility regime for packaging waste in force
Tom Hanson Senior Associate D +44 20 7246 7110
Timeline Court of Appeal decision - 25 October 2024 in the cases of Hopcraft, Wrench and Johnson. Supreme Court - permission to appeal granted; appeals scheduled to be heard on 1-3 April 2025. What does it do? The decision addresses disclosure requirements and potential lender liability in respect of the payment of commission in motor finance arrangements. The Court of Appeal held that, in the commonly encountered scenario of a motor dealer who also acts as a credit broker, the lender can owe liability to the customer for insufficient or non-disclosure of the payment of commission to the dealer. The court also found that, on the facts of the cases being appealed, the motor dealers owed an ad hoc fiduciary duty to their customers which ran in tandem with a duty to provide impartial information and advice. How might a UK business be affected? While the decision directly concerns the motor finance industry, it has potentially broad reach across other sectors. Consumer-facing UK businesses with third-party commission arrangements in place should carefully consider those arrangements and make appropriate adjustments following this ruling. They may need to revise customer contracts to include clear disclosures as to commission, implement new compliance procedures to ensure that customers are fully informed about commission arrangements and provide explicit consent. Staff will require training to understand and implement these new disclosure requirements effectively. Motor finance firms can expect an increase in complaints but have an extended deadline to deal with them.
Landmark decision on motor finance commission and upcoming appeals
Timeline The deadline for consultation responses was 17 December 2024. The FCA intends to publish final interim rules within the first six months of 2025. Firms will have six months to comply from the date of publishing. The FCA will publish the final end-state rules when the revocation of the safeguarding requirements in the Electronic Money Regulations 2011 (EMRs) and Payment Services Regulations 2017 (PSRs) commences. Firms will have 12 months to implement changes from the date of publishing. What does it do? The FCA has proposed changes to reform the safeguarding regime for firms carrying out payment services under the PSRs or issuing e-money under the EMRs. The FCA intends to improve the safeguarding regime in line with its statutory objective to protect consumers and markets. These changes will affect books and records, monitoring and reporting, strengthening elements of safeguarding practices and holding funds under a statutory trust. How might a UK business be affected Firms in scope will be required to undertake a gap analysis to understand the changes required to existing practices. These may include changes to payment flows, processes and procedures, and reconciliations, and may also require firms to review and negotiate their arrangements with any third parties.
FCA consultation on the safeguarding regime for payments and e-money firms
Morag Campbell Consultant D +44 141 271 5781
Andrew Barber Partner D +44 20 7246 7291
Timeline The Scottish Parliament has now fixed the commencement date for the Act at 1 April 2025. What does it do? From 1 April 2025, it will be possible to create the following in Scotland: a valid assignation (assignment) of a claim (including a future claim) both outright and in security without intimation (notice) to the debtor – the assignation will instead be registered in the new Register of Assignations; a pledge over corporeal (tangible) property without the creditor having to have possession of the property – the pledge will instead be registered in the new Register of Statutory Pledges (RSP); and a pledge over intellectual property without the need to transfer it outright and then license it back – the pledge will instead be registered in the RSP. It is hoped that an order will be made by the UK Parliament to extend the scope of the new statutory pledge regime to shares and other financial collateral from the same date. Intimation (notice) of an assignation is still an option and the Act simplifies how that is to be given, replacing outdated and cumbersome rules. How might a UK business be affected The Act will make it easier for businesses to: raise finance against sums due by customers (including sums due under future contracts), without notice having to be given to the customers; grant security over rents due under future leases; and raise finance on security of major items of plant and equipment, or of IP. For lenders, assuming the order relating to shares and other financial collateral is made, it will be possible to take security over shares without having to transfer them to the lender or a nominee.
Moveable Transactions (Scotland) Act 2023
Dan Lund Partner D +44 20 7320 3754
Timeline Effective from 10 October 2024. What does it do? The UK has formally announced the establishment of the Office of Trade Sanctions Implementation (OTSI) and has adopted the Trade, Aircraft and Shipping Sanctions (Civil Enforcement) Regulations 2024. The Regulations give OTSI the power to issue monetary penalties to firms or individuals who breach (applying civil law standards) certain trade sanctions on a strict liability basis (as an alternative to the criminal enforcement which already applies). OTSI sits alongside ECJU and HMRC in relation to trade sanctions – it does not replace them. The Regulations also provide for mandatory reporting for "Relevant Persons" (i.e. financial services providers, legal services providers, money services businesses) who become aware of breaches of trade sanctions (reporting obligation to OTSI) or transport sanctions (reporting obligation to the Department for Transport). OTSI also has the power to request information from individuals in order to monitor potential breaches. How might a UK business be affected? This development increases the tangible risk of sanctions enforcement – both because OTSI's remit covers the aspects of trade sanctions that HMRC is least well equipped to investigate and because it indicates enhanced political interest in this area. In particular, UK businesses who are "Relevant Persons" must ensure they have robust processes in place to identify and report apparent breaches of trade or transport sanctions which they become aware of.
Establishment of UK Office of Trade Sanctions Implementation
Roger Matthews Partner D +44 20 7246 7469
Timeline Ongoing (latest designations effective from 10 January 2025). What does it do? With effect from 31 July 2024, the UK added a new designation criterion under which the UK government may add a person or business to the designated persons list. Persons can now be designated for providing financial services, or making available funds, economic resources, goods or technology to persons involved in or obtaining a benefit from or supporting the Russian government. Previously, financial services providers could only be sanctioned if their activities enabled the destabilisation of Ukraine. Separately, the UK added on 10 January 2025 the main Russian oil companies, Gazprom Neft and PJSC Surgutneftegas, to the designated persons list. How might a UK business be affected? The change in designation criteria opens the door for the UK government to designate foreign (i.e. non-Russian) financial institutions which facilitate transactions in support of sectors of specified strategic significance to the Russian government (even if those institutions are outside the UK's jurisdiction). Separately, we anticipate that the new designations of Gazprom Neft and PJSC Surgutneftegas will affect a large proportion of the remaining oil trade with Russia.
UK Russia sanctions
Timeline Entered into force on 1 September 2024. What does it do? The UK, US and Australia have agreed historic reforms to defence trade controls to further the goals of the AUKUS security partnership. The new UK Open General Export Licence and the US ITAR licence exemption, both of which took effect on 1 September 2024, enable easier transfer of defence material amongst approved parties. How might a UK business be affected? UK defence contractors can apply to become part of the AUKUS Authorised User Community (AUC). Only AUC members can benefit from the new UK Open General Export Licence and the US ITAR licence exemption. Given the significant benefits of the new licence exemptions, we recommend that UK defence contractors consider whether applying to AUC may be relevant for their business. Finally, UK contractors should be aware that the UK Form 680, which is used when defence-related classified material is released to foreign entities, has been updated so that a UK contractor can apply for UK F680 approval to release US ITAR material.
AUKUS – landmark changes to defence export controls
Carolyn Saunders Partner D +44 20 7320 6585
Timeline A Pensions Bill is expected later this year. What does it do? The Bill is expected to focus on: consolidation of small defined contribution pension pots; requiring pension schemes to deliver value through the Value for Money framework assessed against a standardised test, which should also increase consolidation; requiring pension schemes to offer retirement products, which is intended to lead to more funds being invested for longer, increasing investments in productive assets and boosting economic growth; and consolidating the defined benefit market through a framework for commercial "superfunds". To support this, consultations on value for money, investment and the Local Government Pension Scheme were announced in the Chancellor's November 2024 Mansion House speech. How might a UK business be affected? Further pensions legislation will impose additional requirements on scheme trustees and potentially others involved with schemes, which is likely to increase the costs of pension provision. Key actions: Monitor progress on the Pensions Bill and consultation responses.
Government's pension plans
Timeline Court of Appeal decision – 25 July 2024. What does it do? From 6 April 1997 to 6 April 2016, pension schemes could contract out of the additional state pension if they met statutory requirements, including getting actuarial confirmation for certain amendments. This case, relevant to occupational defined benefit pension schemes, confirmed that actuarial confirmation was required for any such amendments to be valid. How might a UK business be affected? Check that changes to affected scheme rules included the relevant actuarial confirmation. If they did not, they are invalid. It may be necessary to adjust benefits and payments to members, which may increase scheme liabilities and employer contributions. Industry bodies are lobbying the government to legislate to address the issue, but nothing has been announced. Key actions: Consider reviewing scheme documentation to confirm whether amendments are valid. Given this decision's implications, we can provide second opinions on the validity of amendments.
Virgin Media Ltd v. NTL Pension Trustees II Ltd
Timeline The Funding and Investment Strategy Regulations (FIS Regulations) became effective from 22 September 2024, followed by the Pensions Regulator (TPR) issuing a new Funding Code of Practice and, in December 2024, the publication of its Covenant Guidance. What does it do? Trustees and employers of defined benefit (DB) pension schemes need to comply with the FIS Regulations for scheme valuations under the new regime. How might a UK business be affected? The FIS Regulations introduce new rules for how DB schemes manage their funding and investment strategies, with the new Funding Code and Covenant Guidance providing more detailed guidance, including setting out how TPR evaluates compliance. The Code influences TPR's consideration on the use of its powers for breaches of the requirements. TPR has said it may update the guidance as needed and provide industry feedback. Key actions: If you have a DB scheme, ensure you are prepared for your first valuation under the new regime.
Defined Benefit Funding Code
Eleanor Hart Partner D +44 7741 323250
Michele Vas Partner D +44 20 7320 5448
Roy Pinnock Partner D +44 20 7246 7683
Timeline Supreme Court decision – 20 June 2024. What does it do? The Supreme Court found that downstream greenhouse gas (GHG) emissions are a direct effect of oil extraction and must be assessed as part of the project's Environmental Impact Assessment (EIA). A council's decision to grant planning permission for an oil well was unlawful. This is because it is known with certainty that, if the project goes ahead, the oil extracted from the ground will be burnt, so releasing GHGs into the atmosphere in a quantity which can readily be estimated. The case had been considered in the High Court (December 2020, rejecting the claim) and in the Court of Appeal (February 2022, upholding one of the High Court grounds). How might a UK business be affected? This judgment sets a precedent that planning authorities must consider the full lifecycle emissions of fossil fuel projects, including those from the eventual use of the extracted resources. It could lead to more stringent EIAs and potentially impact the approval of future fossil fuel projects in the UK. The need to assess downstream effects will need to be considered on a case-by-case basis.
Downstream environmental impacts R (on the application of Finch on behalf of the Weald Action Group) v. Surrey County Council and others
Timeline Court of Appeal decision – 28 June 2024. What does it do? The case considered whether the Conservation of Habitats and Species Regulations 2017 required an "appropriate assessment" before a local planning authority could discharge conditions on the approval of reserved matters, despite the authority having previously granted outline planning permission without such an assessment. Regulation 63 is designed to capture a wide range of "authorisations", of differing kinds, and allows an "appropriate assessment". To limit the scope would be incompatible with the purpose of the legislation and against the "precautionary principle". Regulations 63 and 70 allow for appropriate assessment to be undertaken at the final stage in a multi-stage consent process. If this were not the case, there would be a gap in the regime for assessment, which would enable development to proceed with potentially harmful effects on a protected site. Where the provisions for appropriate assessment are engaged, an assessment must be carried out before development is authorised to proceed by the "implementing decision". How might a UK business be affected? This case impacts the multi-stage consenting process. Potential effects on protected sites have to be thoroughly assessed at all relevant stages of the planning process. The Court of Appeal held that the government was exercising its proper and accustomed role in producing national planning policy (by using paragraph 181 of the NPPF), which may then be a material consideration in decision-making. When it became evident that the harmful effects on the Ramsar site were likely the result of the phosphates created by the development, the NPPF policy was then a material consideration in the decision whether to discharge the outstanding conditions. National policy can potentially extend protections to sites not explicitly covered by specific legislation by becoming material considerations. The Supreme Court is to hear an appeal against the findings of the Court of Appeal in 2025.
CG Fry & Son Ltd v. Secretary of State for Levelling Up, Housing and Communities
Brian Hutcheson Partner D +44 141 271 5431
Timeline The Bill has completed its report stage and third reading in the House of Commons. It is currently in the House of Lords and is expected to become law in the spring. What does it do? The Bill rebalances the existing law significantly in favour of tenants. Key changes include: Abolition of fixed-term assured and assured shorthold tenancies – all new assured tenancies will be periodic and any existing fixed terms will be converted to periodic. Abolition of "no fault" evictions under section 21 of the Housing Act 1988. Rent increases to be limited to once a year to the market rate, to avoid "backdoor evictions". Landlords will have to register on a new Private Rented Sector Database. Most of the Bill applies only to England and Wales, but some anti-discrimination provisions apply to Scotland. How might a UK business be affected? Increased regulation and new duties will increase costs for residential lettings businesses. It will be more difficult to recover possession of rented properties. Breaches by landlords will carry fines and local authorities will have investigative powers to assist with enforcement.
Renters' Rights Bill: significant changes ahead for the private residential lettings sector
Bryan Johnston Partner D +44 20 7320 4059
Timeline Newly in force – local authorities may start using the powers in 2025. What does it do? Local authorities can hold rental auctions to let vacant high street and town centre properties in designated areas without requiring the consent of the owner, superior landlords or mortgagees. The powers are exercisable where the premises have been vacant for the immediately preceding year (or 366 days in the last two years) and are considered by the local authority to be suitable for a high street use. The powers are not confined to empty retail premises. While the terms of the letting are largely prescribed, the rent payable is determined by the successful bidder at auction (with no prescribed minimum). How might a UK business be affected? Any business that has an interest in relevant vacant premises could be vulnerable to the exercise of these powers which effectively allow a local authority to impose a letting.
High street rental auction powers in England and Wales
Timeline The first consultation closes in February 2025. A second more detailed consultation is likely to follow, though no timeframe has been set. What does it do? Security of tenure is the statutory right of qualifying business tenants to renew their lease. Relevant tenants have the right to remain in occupation following lease expiry until such time as their lease is renewed or ended by service of the relevant statutory notices. The current consultation considers whether tenants of business premises should continue to have security of tenure and, if so, whether it should: be mandatory with no ability to contract out; be based on a contracting-in approach; or continue to apply by default with the option of contracting out. What does it do? Any changes to security of tenure could affect the: rights of business tenants to remain in occupation of premises following lease expiry; ability and strategy of commercial landlords for obtaining vacant possession of let premises; bargaining power of parties negotiating lettings; and process for letting business premises.
Law Commission's consultation on security of tenure in England and Wales
Luci Mitchell-Fry Partner D +44 7795 618258
Timeline Wright v. Chappell (wrongful trading case) – High Court decision of 11 Jun 2024. Wright v. Chappell (subsequent breach of duty quantification of claim case) – High Court decision of 19 August 2024. What does it do? The decisions provide further guidance on the time when a director's knowledge (or deemed knowledge) of a company's financial difficulty is sufficient for a successful wrongful trading action or misfeasance action to be made against them (the relevant time for each type of action does not have to be the same). They pave the way for an increase in such claims in the future. How might a UK business be affected? Boards need to understand their duties and responsibilities as directors of companies facing financial difficulty (however far in the future) and monitor their company's financial position and to whom their duties as directors are owed, because this will impact on the commercial decisions they make. They need to be mindful that the date on which the "creditor duty" is triggered in a potential wrongful trading claim made by an insolvency office holder against a director could be found by a court to be earlier or later than it is triggered in a separate misfeasance/breach of duty claim. This means they must monitor their decisions continuously when insolvency threatens, or risk facing large liabilities to contribute to the assets of the company if the company enters an insolvency or rescue procedure such as administration or liquidation.
Landmark BHS directors' liability cases secure unprecedented contributions to insolvent company's estate and its creditors Wright v. Chappell
Susan Moore Partner D +44 20 7320 5420
What are the key developments? Work continues on the Online Safety Act's (OSA) commencement, with key developments in the following areas: Guidance and deadlines In December 2024, Ofcom published guidance documents and codes of practice on illegal harms. Organisations must now: conduct a risk assessment evaluating the risks of illegal harms on their in-scope services, by 16 March 2025 (for which exercise Ofcom released an online tool and template record-keeping document on 21 January); and start taking steps to ensure that, by 17 March 2025, they will have implemented the safety measures for their in-scope services required by the codes (if approved by Parliament by then), or take other effective measures to protect users from illegal content and activity. On 16 January 2025, Ofcom published its final documents on children's access and age assurance. All services that allow pornography must implement "highly effective age assurance" (as per Ofcom's guidance) to ensure that children are not normally able to access pornographic content by July 2025 at the latest. All regulated user-to-user and search services must carry out a children's access assessment by 16 April 2025 to determine whether they are likely to be accessed by children. If "highly effective age assurance" measures (per Ofcom's guidance) have not been implemented for a service, Ofcom will probably consider it likely that children can access the service, with the result that a separate children's risk assessment will also need to be conducted. For Part 5 services (certain pornographic content), the duty to implement highly effective age assurance and some related duties came into effect on 17 January 2025, following commencement of this aspect of Part 5 of the Act. Ofcom has stated it will take enforcement action on their services if providers do not act promptly to address the risks. This includes fines of up to £18 million or (if greater) 10% global worldwide revenue. Updates A new priority offence in respect of "Intimate Image Abuse offences" was added in December 2024 to the OSA. The duties on certain online services to protect users from illegal content/activity now also extend to the Sexual Offences Act offence of sharing or threatening to share intimate images (photographs or films, including deepfakes) of others without their consent, as a priority offence under the OSA. A draft statutory instrument was laid before Parliament in December 2024. The draft sets out the threshold conditions for so-called "categorised" services under the OSA, which will be subject to further and more stringent obligations. The draft is expected to become law in early 2025. On 17 January 2025, various OSA provisions regarding regulated provider pornographic content were brought into force. OSA updates Further OSA provisions coming into force are outlined in Ofcom's updated timeline. We are already advising clients on their assessments and preparing for their children's access assessments. If you would like to discuss Dentons assisting with your assessment, please get in touch. The EU Digital Services Act may also apply (to some degree) to the same online services. Therefore, a practical approach to the overlaps and conflicts will be important.
Online safety
What are the key developments? Online marketplaces will need to prepare for the following: Product Regulation & Metrology Bill Online marketplaces will be caught under the recently-introduced Product Regulation & Metrology Bill. This is designed to give wide-ranging powers to the government to make provisions in relation to the UK's product safety and metrology regulatory framework, taking into account technological advances, such as AI. Delegated legislation will set out substantive obligations which should be monitored. The definition of "online marketplace" is currently very broad, extending to "website, mobile app or any other platform by means of which information is made available over the internet", in each case "which facilitates the marketing of products in the United Kingdom by that means". The definition can be amended by secondary legislation. Online Safety Act Online marketplaces will also need to consider the OSA generally, in respect of risks such as those arising from the sale of offensive weapons. In November 2024, the government consulted on proposals that include giving the police the power to issue notices to senior executives of online companies, being able to order them to remove specific pieces of content, potentially within two days. If a company fails to act on this, the police will send a second notice to the senior executive in that company, who would then be personally liable for a significant fine if they too fail to act. Defences similar to those afforded to senior executives under the OSA may be available.
Online marketplaces
© 2024 Dentons. All rights reserved. Attorney Advertising. Dentons is a global legal practice providing client services worldwide through its member firms and affiliates. This website and its publications are not designed to provide legal or other advice and you should not take, or refrain from taking, action based on its content.
Sarah Partridge-Smith, Senior Associate D +44 20 7320 5527
Timeline Expected to come into force in the second half of 2024.
Find out more
Economic Crime and Corporate Transparency Act 2023: new failure to prevent fraud offence
Timeline From 26 December 2023. What does it do? The ECCTA has expanded the "identification doctrine" for all UK firms, by attributing criminal liability for financial crime offences – including fraud, money laundering, sanctions breaches and bribery – to a corporate entity where the offence is committed with the involvement of a "senior manager" of that entity. Previously, corporate criminal liability could only attach where a prosecuting agency could evidence that the "directing mind and will" of the company possessed the required state of mind. How might a UK business be affected? This expansion will deliberately make it much more straightforward for criminal prosecutions to be taken against firms as a result of individual misconduct. Where senior managers are involved, it will be harder for firms to distance themselves both financially and reputationally. If charged, firms face potentially unlimited financial penalties from the court. We expect a significant increase in corporate crime prosecutions across each of the key economic crime offences (fraud, bribery and money laundering). Senior individuals within a firm with responsibility for financial crime compliance and oversight will want to ensure the firm's internal controls are robust, to ensure that risks are managed effectively and any misconduct identified early. Where misconduct is identified, firms will want to consider their own potential criminal liability as part of any internal investigation.
Economic Crime and Corporate Transparency Act 2023: extension of the identification doctrine
Jessica Thorpe, Dentons Global Advisors, Business Intelligence
DGA's Business Intelligence team anticipates that the new failure to prevent fraud offence will lead to increased requests for pre-employment checks or due diligence reports for executive management. It may also lead to increased internal investigations into suspected or alleged violations of FCPA or the UK Bribery Act.
What does it do? The ECCTA has introduced a new corporate offence of failure to prevent fraud. Following the failure to prevent offences set out in the Bribery Act 2010 and Criminal Finances Act 2017, the ECCTA has introduced strict corporate liability (with no requirement to show misconduct by senior managers or the "directing mind and will" of the company) where: In these circumstances, the relevant corporate entity will be deemed to be liable for failure to prevent it, unless it can show that it has reasonable systems and controls in place at the time of the offence. How might a UK business be affected? The "failure to prevent" offence will initially only be applicable to "large firms" (those with at least two of the following: more than 250 employees; more than £36 million in annual turnover; more than £18 million in assets). However, all firms in scope or approaching those metrics should think about reviewing their internal financial crime control framework to ensure that it is sufficiently robust to provide a potential defence in the event of a fraud. Guidance on government expectations of "reasonable systems and controls" will be published this year. Firms should consider this carefully as part of their compliance horizon scanning. We are already working with clients on what this review work should cover.
a fraud is committed by a person "associated" with the business; and the fraud is intended to benefit the business, its subsidiaries, or a person to whom services are provided on behalf of the business (e.g. customers or clients of the business).
Get in touch
// Edition 3, October 2024
Share
Capital Markets (Equity)
Neil Nicholson, Partner D +44 20 7246 7624
Timeline The FCA is currently consulting and working towards substantial progress by the end of 2023, though there is no firm date for adoption. What does it do? The core proposal is for a single listing category for equity shares in commercial companies (ESCC) to replace the current prem ategory, the ESCC will be a simpler, more disclosure-based regime, including reduced eligibility criteria for companies seeking to IPO. The proposal is designed to streamline and enhance the competitiveness of the UK listing regime for equity shares and promote access to listing for a wider range of companies. How might a UK business be affected? Commercial companies (wherever incorporated) with an existing UK premium or standard listing of equity securities will move to the new ESCC segment (subject to transitional arrangements). Separate listing categories and rules will remain for equity shares issued by investment vehicles and for issuers of non-equity securities. However, certain proposed changes will cut across listing categories and therefore may, to some extent, affect issuers outside the n ew ESCC segment.
No Further Material
Timeline The Financial Conduct Authority expects the new rulebook to be in force early in the second half of 2024. What does it do? The key change is a new single listing category for equity shares in commercial companies (ESCCs) which will replace the current premium and standard categories. Compared with the current premium listing category, key features of the ESCC listing category are reduced eligibility criteria for companies seeking to IPO and a simplified, more disclosure-based continuing obligations regime. How might a UK business be affected? The change is designed to encourage a more diverse range of companies to list and grow on UK markets and promote more investment opportunities for investors. Commercial companies with an existing UK premium listing of equity securities will automatically move to the ESCC category. A new transition category will preserve the status quo for existing standard listed companies (pending any decision to move into the ESCC category). For other issuers not falling within the ESCC category (such as companies with a secondary listing, investment vehicles and issuers of non-equity securities), separate listing categories will remain.
Nik Colbridge, Partner D +44 20 7246 7102
Timeline Proposals are currently subject to FCA engagement with market participants, with formal consultations on rules expected in 2024. What does it do? Fundamentally reforms the structure of the UK prospectus regime, by repealing the current UK Prospectus Regulation and introducing a new regime which gives the FCA enhanced rule-making powers. An overarching aim is to improve the flexibility and responsiveness of the markets by providing a prospectus regime better tailored to the type of capital raising (e.g. on regulated market, off-market primary, rights issues, acquisition related). How might a UK business be affected? Companies accessing public markets for the first time and those raising further capital should benefit from more proportionate and streamlined processes. While a prospectus will remain a key feature of an IPO in the UK, the FCA will have greater discretion to determine when a prospectus is required and power to make rules on disclosure requirements, allowing for a more proportionate disclosure regime.
Further materials
Multiple Further Materials
DGA Quotes/written commentary
DGA Video
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus non gravida dolor. Etiam porta ante nec lacus maximus fermentum.
Etiam porta ante nec lacus maximus fermentum.
UK Prospectus Regime Review Outcome: replacement of the UK Prospectus Regulation
Video title here
Home
Tax
People
Insolvency
Data Privacy & Cybersecurity
Construction
Capital Markets (Debt)
Timeline The Regulations were made on 29 January 2024, but will have limited practical effect until the FCA has made new rules on public offers and admissions to trading. The FCA will consult on these proposed rules in summer 2024. What does it do? The Regulations provide the framework to allow the FCA to make the rules that will replace the UK Prospectus Regulation. This forms part of the UK's Smarter Regulatory Framework. An overarching aim is to improve the flexibility and responsiveness of the markets by providing a prospectus regime better tailored to the type of capital raising (primary, secondary etc.) and facilitate greater access to capital for companies that are not publicly traded. How might a UK business be affected? Equity issuers should benefit from more proportionate and streamlined processes. While a prospectus will remain a key feature of an IPO in the UK, the FCA will have greater discretion to determine when a prospectus is required and power to make rules on disclosure requirements, allowing for a more proportionate disclosure regime. Until the new FCA rules come into effect, the UK Prospectus Regulation continues to apply to any public offers of securities in the UK, or applications to list securities on a UK regulated market.
Reform of the UK Prospectus Regime – the Public Offers and Admissions to Trading Regulations 2024
Timeline Published in January 2024, applicable from 2025. What does it do? The 2024 Code updates the 2018 edition. The substantive changes largely focus on those parts of the Code that deal with risk management and internal controls. Most significantly, there are new reporting obligations which will require a board to include in its annual reporting a declaration as to the effectiveness of the company's material controls. New guidance providing advice, further detail and examples of good practice accompanies the updated Code. How might a UK business be affected? Premium listed and other companies that apply the UK Corporate Governance Code will have to apply the 2024 Code for financial periods beginning in 2025 onwards. However, the requirement for the new board declaration will come in one year later, giving boards additional time to strengthen their internal control processes and implement the new arrangements.
New UK Corporate Governance Code
James Melville Ross, Dentons Global Advisors, Complex Communications
Given the ongoing uncertain macroeconomic picture and political landscape, we anticipate a lag in IPOs until year end 2024, with 2025 seeing a possible capital markets rebound. DGA's Complex Communications team is on hand to guide companies through the listing process, providing an effective communications strategy throughout.
Commercial Contracts Blogs v Snodrgass
Brief details here Due to be in force by September 2024
Employment Development
Insolvency Item
Capital Markets Economic Crime & Corporate Transparency Bill
View all key legal and market developments affecting UK businesses
View
// Edition 2, March 2024
Economic Crime and Corporate Transparency Act 2023 How does the Act change the risk of a business incurring liability as a result of financial misconduct by an individual?
Paul Langford Managing Knowledge Development Lawyer D +44 20 7246 7032
Adam Pierce Partner D +44 7795 618323
View Business Crime & Investigations
Reforms to UK listing rules and prospectus regime What's changing for issuing companies and investors using the UK public capital markets?
View Capital Markets (Equity) and Capital Markets (Debt)
Commercial contracts - case law update Is it ever possible to exclude liability for fraud? Is a unilateral right to extend a contract repeatedly enforceable? Once a novation has taken place, can it be cancelled?
View Commercial Contracts
International trade - UK importing rules How will changes to rules on EU imports and the proposed UK Carbon Border Adjustment Mechanism affect UK manufacturers and UK importers?
View International Trade & Sanctions
UK AI Roadmap With the EU introducing a statutory legal framework for AI, how is AI regulation progressing in the UK?
View Data Privacy & Cybersecurity
Employment law update How are obligations on employers changing, including obligations to consult staff during a redundancy process, and to offer family friendly employment terms?
View People
// highlights
// CONTACTS
// all developments
Single Further Material
Antonis Patrikios, Partner D +44 20 7246 7798
Timeline The UK currently has no concrete plans for comprehensive AI regulation. By contrast, the EU is a significant step ahead, courtesy of the AI Act. However, there are various domestic AI activities and actions currently in motion. We set out below a snapshot of key aspects, as flagged in the UK government's recent response to its consultation on AI regulation, in our UK AI roadmap/timetable for 2024. What are the key components of the UK AI roadmap?
UK AI roadmap 2024
Nick Graham, Partner D +44 20 7320 6907
Dr. Kuan Hon, Counsel D +44 20 7320 3940
The UK government now considers that "some mandatory measures" will be necessary in all jurisdictions to address potential AI-related harms. How might a UK business be affected? Nothing has yet materialised in terms of domestic legislation. This is despite plenty of activity and discussion in this important area, as illustrated by the roadmap. We can expect to see proposals put forward and developed in 2024, particularly for advanced AI systems such as foundation models. In the meantime, businesses are advised to keep track of the above developments and make use of the numerous resources available, so that they are in the optimal position when UK AI regulation eventually arrives.
Ben Lewis, Dentons Global Advisors, Complex Communications
Cyber risk is also reputational risk. A business is judged on its ability to keep people's data safe, maintain business continuity and provide a safe operating environment for its people and customers. It is important to have a robust playbook which can be deployed during cyber-related crises, as the quality, timeliness and transparency of communication all feed into the regulatory process where penalties are assigned after major breaches.
DRCF AI and digital hub cross-regulatory advice: Pilot launch, where organisations can seek advice on innovative AI/digital issues that engage at least two UK regulators and benefit consumers, businesses or the UK economy. AI Safety Institute: Update on the new UK Institute's approach to evaluating/testing advanced AI systems – this update is now out. AI assurance introduction: For practitioners interested in finding out how assurance techniques can support the development of responsible AI. Also now out. An outline summarises this introduction. Monitoring/evaluation plan: The UK government will conduct a targeted consultation with a range of stakeholders on its proposed plan to continuously assess the effectiveness of the regulatory framework.Monitoring/evaluation plan: HR/recruitment AI use: Updated DSIT guidance is due in the spring. AI management essentials: For AI vendors to the public sector – there will be a consultation on whether this should be mandatory. Science of AI safety: An international report is due out. Securing AI models: A consultation will consider issues such as a potential Code of Practice for AI cybersecurity based on the NCSC AI cybersecurity guidelines. (Note that the UK PSTI Act applies from April, affecting consumer smart IoT products such as smartphones.) Regulators' approach to AI: UK regulators must issue updates on their approach to AI by 30 April. Responses from UK regulators and other UK public bodies have just been published.
Summer 2024
AI guidance to regulators: The UK government's initial guidance to UK regulators on implementing the UK's AI principles is to be expanded "by" the summer. Highly capable AI systems, including their open release: The government will engage on possible interventions regarding such systems. On possible scenarios that may arise in the context of AI development, proliferation and impact, a "non-policy" report is to be published "shortly".
During 2024
AI-related risks to trust in information, deepfakes, disinformation etc.: There will be a call for evidence ("shortly", possibly in the spring). Regulatory powers/remits: There will be a review to highlight any gaps. Cross-economy AI risk register: There will be a targeted consultation on the register, which will include risk assessment methodology. Democracy and electoral interference risks: We now have the Online Safety Act and an international dialogue will be promoted before the next AI Safety Summit. Creative industries: The government will explore the approach to take here (e.g. transparency on IP rights holders' content input into AI models). Bias/discrimination in AI systems – solutions: Further work with the Equality & Human Rights Commission and ICO. Criminal law scope: To consider AI-enabled offences/harms.
Probably in 2024
Automated decision-making (ADM): The Data Protection and Digital Information Bill will clarify various aspects of ADM and provide more lawful bases for ADM. AI-driven markets' competitiveness: The CMA will have tools in this regard, under the Digital Markets, Competition and Consumers Bill. Automated Vehicles Bill: This will regulate self-driving technologies.
By end of 2024
Highly capable general-purpose AI systems: There will be an update on possible developer responsibilities/obligations in relation to such systems. Frontier AI safety emerging processes guide: An update will be issued.
Ongoing
AI Safety Institute: This will continue its testing and other work. There will be broad information sharing, including with other countries. AI lifecycle accountability: Consideration may be required with regards to the possible legal responsibilities and liability for other actors in the AI supply/value chain, including data or cloud hosting providers. Potentially, this could also extend to AI users. AI governance: The UK is working on increasing international collaboration on AI governance.
Spring 2024
Ultimately
