Photo of Joshua Gray

Joshua Gray

Joshua Gray is a technology and data-focused lawyer with a distinctly international practice that combines commercial and regulatory expertise. He excels in assisting clients for deals with no precedent where technology and data are at the heart of the project.

Joshua advises on the structuring and negotiation of bespoke technology projects, with a particular focus on AI technologies and large-scale digital infrastructure transactions. His practice includes advising on the full life cycle of data centre projects—from regulatory diligence and corporate transactions to strategic commercial arrangements, co-location and other operational agreements. He also advises leading AI model providers on regulatory matters and strategic collaborations with government agencies on AI safety and testing issues.

Joshua otherwise advises on the full spectrum of technology transactions, including IT services agreements, outsourcing, software development and licensing, cloud computing and infrastructure, M&A and joint ventures.

Joshua has deep industry knowledge and experience in the AI, digital infrastructure, technology, life sciences and travel sectors. This experience has been bolstered through client secondments to Illumina Inc, Barclays Bank and du, a leading telecoms operator in the UAE.

Contact:Read more about Joshua GrayEmail

In this blog post we set out key practical steps for technology-focused deal-making, having regard to the regulatory, antitrust and foreign investment screening issues identified in our earlier blogs here and here.

Key impacts of technology regulation on deal outcomes

The evolving regulatory landscape is having a significant impact on deal outcomes, including (i) longer timelines due to complex regulatory approval requirements; (ii) higher diligence burden, especially around data, AI and ownership transparency; (iii) greater risk allocation pressure in deal terms; and (iv) increased use of creative structures to mitigate regulatory exposure. Continue Reading Technology Industry Trends and M&A Outlook in the EU and UK, Part 3: Recommendations for Tech M&A and Strategic Transactions

Until the last year, merger control in the UK has been fairly hostile towards tech deals, with a highly interventionist competition authority taking an uncompromising line on global deals; even where those deals had only a limited nexus to the UK. The EU has generally taken a more pragmatic approach, clearing Google’s acquisition of Fitbit in 2020, and Microsoft’s acquisition of Activision in May 2023, following the acceptance of remedies by the tech firms. However, it, too, has taken some more hardline positions, such as prohibiting the Booking.com/etraveli merger based on a novel theory of harm related to the Booking.com travel ecosystem. 

This has all taken place against the backdrop of an explosion of tech regulation (see our prior blog post here). The wave of new rules also introduced new merger filing requirements for those tech firms who have been designated as gatekeepers in the EU (under the Digital Markets Act (DMA) (2022)), or firms with strategic market status in the UK (under the Digital Markets Competition and Consumers Act (DMCCA) (2024)). Just this month the CMA designated Google with strategic market status (SMS) in general search and search advertising services. This comes, almost to the day, two years after the EU’s designation of Google’s parent company and five others as gatekeepers. More tech regulation is on the horizon, for example the remaining parts of the AI Act, on general-purpose AI, are due to enter into force in the EU in August 2026.Continue Reading Technology Industry Trends and M&A Outlook in the EU and UK, Part 2: Antitrust/FDI Environment for Tech

Technology-focused deals are driving many of the largest global M&A and strategic transactions—whether digital infrastructure, artificial intelligence (AI), digital services or gaming. The successful execution of these transactions and ultimate success of the business opportunities promised by them, depends on understanding how emerging technology, regulation and market norms are evolving. In this three-part blog series, from an EU and a UK perspective, we will cover: (1) the new regulatory landscape for tech, (2) the evolving antitrust and foreign investment screening environment and (3) recommendations for planning, structuring and executing technology-focused M&A and other strategic transactions.Continue Reading Technology Industry Trends and M&A Outlook in the EU and UK, Part 1: The New Regulatory Landscape for Tech

The “market” for AI contracting terms continues to evolve, and whilst there is no standardised approach (as much will depend on the use cases, technical features and commercial terms), a number of attempts have been made to put forward contracting models. One of the latest being from the EU’s Community of Practice on Public Procurement of AI, which published an updated version of its non-binding EU AI Model Contractual Clauses (“MCC-AI”) on March 5, 2025. The MCC-AI are template contractual clauses intended to be used by public organizations that procure AI systems developed by external suppliers.  An initial draft had been published in September 2023.  This latest version has been updated to align with the EU AI Act, which entered into force on August 1, 2024 but whose terms apply gradually in a staggered manner.  Two templates are available: one for public procurement of “high-risk” AI systems, and another for non-high-risk AI systems. A commentary, which provides guidance on how to use the MCC-AI, is also available.Continue Reading EU’s Community of Practice Publishes Updated AI Model Contractual Clauses

While the EU Directive on Unfair Terms in Consumer Contracts prohibits certain clauses in standard (i.e., unilaterally imposed) contracts between businesses and consumers, some recently enacted EU laws restrict the use of certain clauses in standard contracts between businesses (“B2B”).  The Data Act is the latest example of such a law, as it prohibits certain “unfair contractual terms” (“Unfair Clauses”) in standard contracts between businesses relating to the access and use of data.  As such, it has a potentially very wide scope.  Businesses entering into such a contract should therefore ensure that they do not include any clause that could be considered “unfair” because such a clause would not be binding on the other party to the contract. This blog post focuses specifically on the Data Act’s provision on Unfair Clauses.  For more information on the Data Act, see our previous blog post.Continue Reading EU Data Act Regulates Business-to-Business Contracts Relating to Access and Use of Data

Over the last year we have seen increasing interest from our global client base in investing in strategic, transformational technology transactions with European counterparties.  These transactions often facilitate access to key technologies, geographies and, of course, data.  In this note we set out 6 key points to keep in mind when planning, negotiating and executing these types of transactions across Europe.
Continue Reading Strategic Technology Transactions in Europe – Considerations for U.S. and Global Companies

NHSX recently published “A Buyer’s Checklist for AI in Health and Care” (Guidance) that sets out 10 key questions which will be of use to parties deploying AI solutions or conducting data driven projects (in a health and care setting or otherwise).  For example, the Guidance highlights:

  • key data-related considerations, such


Continue Reading AI Update: NHSX Publishes “Buyer’s Checklist” for AI Solutions

As a sign of increasing localised investment in IoT networks, in recent days both the Scottish Government and Australia’s City of the Gold Coast have announced IoT networks using low power technology solutions.  The Scottish Government’s plan is part of a wider initiative to promote IoT services across the Scottish economy whereas the Gold Coast City Council’s approached is more focused on the immediate delivery of public services.  The contrasting approaches highlight the wide potential for IoT deployments whether as major platforms of technology and telecommunications projects or as localised responses to improving defined problems.  As both projects show, the successful delivery of an IoT network project requires an end-to-end view of potential legal issues that may arise, e.g., vendor/RFP management, network rollout agreements, spectrum licensing, security, interoperability and privacy.

Continue Reading IoT Update: Scotland and Australia’s Gold Coast announce IoT network initiatives