Digital

Updated September 20, 2024.  Originally posted September 11, 2024.

On September 17, California Governor Gavin Newsom (D) signed two bills into law that limit the creation or use of “digital replicas,” making California the latest state to establish new protections for performers, artists, and other employees in response to the rise of AI-generated content.  These state efforts come as Congress considers the NO FAKES Act (S. 4875), introduced by Senator Chris Coons (D-DE) on July 31, which would establish a federal “digital replication right” over individual’s own digital replicas and impose liability on persons who knowingly create, display, or distribute digital replicas without consent from the right holder.Continue Reading California Enacts Digital Replica Laws as Congress Considers Federal Approach

This year, the UK’s Competition and Markets Authority (“CMA”) is set to gain a range of new enforcement powers under the Digital Markets, Competition and Consumers (“DMCC”) Act (the final text is now available here). The DMCC Act received Royal Assent on 24 May 2024. However, with certain exceptions, the Act’s provisions will not come into force until secondary legislation is passed. The CMA initially expected its new responsibilities to become operational in the Autumn, but this timeline may be delayed due to the UK’s election on 4th July. On the same day as the DMCC Act became law, the CMA published for consultation its new Digital Markets Competition Regime Guidance.

An outline of the key provisions of the DMCC Act can be found here. As the CMA sets the groundwork for exercising its powers under this new regime, this blog post considers five practical considerations for firms active in the UK.

Key takeaways:

  1. The CMA will administer the new regime through a specialist Digital Markets Unit, which was established over three years ago.
  2. The DMCC Act may diverge from the EU’s Digital Markets Act, both in the companies being designated, and the obligations imposed on designated companies.
  3. The interplay between the DMCC regime and existing regulatory obligations – particularly the GDPR – is likely to raise practical challenges.
  4. We expect the CMA to exercise its powers under the digital markets regime alongside existing antitrust tools (which the DMCC Act amends).
  5. The CMA’s jurisdictional thresholds to review mergers under the UK’s merger control regime will change as a result of the DMCC Act.

Continue Reading The UK’s New Digital Markets Regime: Some Key Takeaways

The Digital Markets, Competition and Consumers (“DMCC”) Act received Royal Assent on 24 May 2024 (the final text is now available here). The DMCC Act will only enter into force, however, when secondary commencement legislation has been enacted (with some minor exceptions). This is expected to occur in Autumn 2024, but it could be delayed due to the General Election taking place on 4th July. This secondary legislation could also stagger the dates on which separate provisions become effective.

This legislation ushers in a new rulebook for the largest digital firms active in the UK, alongside some consequential changes to the broader UK competition law framework. In relation to digital markets specifically:

  • The Competition and Markets Authority (“CMA”) may designate certain companies active in digital markets in the UK as holding “Strategic Market Status” (“SMS“) in relation to a specific digital activity. Companies designated with SMS will need to comply with tailored conduct requirements imposed by the CMA and report certain transactions to the CMA ahead of completion.
  • The CMA can make “pro-competition interventions” (“PCIs“) to impose requirements to remedy or prevent conduct in relation to digital activities which the CMA considers to have an adverse effect on competition.
  • The CMA will be able to impose fines of up to 10% of worldwide group turnover for non-compliance with SMS conduct requirements or “pro-competition orders”.

More broadly, the DMCC Act includes some amendments to the UK’s existing competition law regime which apply to all sectors of the economy. In particular, the DMCC Act introduces a new merger control jurisdictional review threshold designed to capture vertical and conglomerate mergers where the parties do not overlap, applicable to any industry. Additionally, the DMCC Act introduces a fast-track route to a Phase 2 review without the need to concede at Phase 1 that there is a realistic prospect that the merger gives rise to a substantial lessening of competition.

This post outlines each of these changes. For an analysis of some key practical considerations for companies in light of the DMCC Act, please see this separate post here.Continue Reading Overview of the UK’s New Digital Markets Regime

The field of artificial intelligence (“AI”) is at a tipping point. Governments and industries are under increasing pressure to forecast and guide the evolution of a technology that promises to transform our economies and societies. In this series, our lawyers and advisors provide an overview of the policy approaches and regulatory frameworks for AI in jurisdictions around the world. Given the rapid pace of technological and policy developments in this area, the articles in this series should be viewed as snapshots in time, reflecting the current policy environment and priorities in each jurisdiction.

The following article examines the state of play in AI policy and regulation in China. The previous articles in this series covered the European Union and the United States.Continue Reading Spotlight Series on Global AI Policy — Part III: China’s Policy Approach to Artificial Intelligence

From February 17, 2024, the Digital Services Act (“DSA”) will apply to providers of intermediary services (e.g., cloud services, file-sharing services, search engines, social networks and online marketplaces). These entities will be required to comply with a number of obligations, including implementing notice-and-action mechanisms, complying with detailed rules on terms and conditions, and publishing transparency reports on content moderation practices, among others. For more information on the DSA, see our previous blog posts here and here.

As part of its powers conferred under the DSA, the European Commission is empowered to adopt delegated and implementing acts* on certain aspects of implementation and enforcement of the DSA. In 2023, the Commission adopted one delegated act on supervisory fees to be paid by very large online platforms and very large online search engines (“VLOPs” and “VLOSEs” respectively), and one implementing act on procedural matters relating to the Commission’s enforcement powers. The Commission has proposed several other delegated and implementing acts, which we set out below. The consultation period for these draft acts have now passed, and we anticipate that they will be adopted in the coming months.Continue Reading Draft Delegated and Implementing Acts Pursuant to the Digital Services Act

The UK Government has announced plans to introduce new rules on online advertising for online platforms, intermediaries, and publishers.  The aim is to prevent illegal advertising and to introduce additional protections against harmful online ads for under-18s.  Full details are set out in its recently published response (“Response”) to the Department for Culture, Media & Sport’s 2022 Online Advertising Programme Consultation (“Consultation”). 

The new rules would sit alongside the proposed UK Online Safety Bill (“OSB”), which addresses rules on user-generated content (see our previous blog here).  Since the EU’s Digital Services Act (which starts to apply from February 2024, see our previous blog here) will not apply in the UK following Brexit, the OSB and any new rules following this Response, form the UK’s approach to regulating these matters, as distinct from the EU.Continue Reading Further Regulation of Illegal Advertising: UK Government Publishes Response to its Online Advertising Programme Consultation

On 29 March 2023, the UK Information Commissioner’s Office (“ICO”) published updated Guidance on AI and data protection (the “Guidance”) following “requests from UK industry to clarify requirements for fairness in AI”. AI has been a strategic priority for the ICO for several years. In 2020, the ICO published its first set of guidance on AI (as discussed in our blog post here) which it complemented with supplementary recommendations on Explaining Decisions Made with AI and an AI and Data Protection risk toolkit in 2022. The updated Guidance forms part of the UK’s wider efforts to adopt a “pro-innovation” approach to AI regulation which will require existing regulators to take responsibility for promoting and overseeing responsible AI within their sectors (for further information on the UK Government’s approach to AI regulation, see our blog post here).

The updated Guidance covers the ICO’s view of best practice for data protection-compliant AI, as well as how the ICO interprets data protection law in the context of AI systems that process personal data. The Guidance has been restructured in line with the UK GDPR’s data protection principles, and features new content, including guidance on fairness, transparency, lawfulness and accountability when using AI systems.Continue Reading UK ICO Updates Guidance on Artificial Intelligence and Data Protection

2023 is set to be an important year for developments in AI regulation and policy in the EU. At the end of last year, on December 6, 2022, the Council of the EU (the “Council”) adopted its general approach and compromise text on the proposed Regulation Laying Down Harmonized Rules on Artificial Intelligence (the “AI Act”), bringing the AI Act one step closer to being adopted. The European Parliament is currently developing its own position on the AI Act which is expected to be finalized by March 2023. Following this, the Council, Parliament and European Commission (“Commission”) will enter into trilogue discussions to finalize the Act. Once adopted, it will be directly applicable across all EU Member States and its obligations are likely to apply three years after the AI Act’s entry into force (according to the Council’s compromise text).  Continue Reading EU AI Policy and Regulation: What to look out for in 2023

This quarterly update summarizes key legislative and regulatory developments in the fourth quarter of 2022 related to Artificial Intelligence (“AI”), the Internet of Things (“IoT”), connected and autonomous vehicles (“CAVs”), and data privacy and cybersecurity.Continue Reading U.S. AI, IoT, CAV, and Privacy Legislative Update – Fourth Quarter 2022

This quarterly update summarizes key federal legislative and regulatory developments in the second quarter of 2022 related to artificial intelligence (“AI”), the Internet of Things, connected and automated vehicles (“CAVs”), and data privacy, and highlights a few particularly notable developments in U.S. state legislatures.  To summarize, in the second quarter of 2022, Congress and the Administration focused on addressing algorithmic bias and other AI-related risks and introduced a bipartisan federal privacy bill.Continue Reading U.S. AI, IoT, CAV, and Data Privacy Legislative and Regulatory Update – Second Quarter 2022