UK law
Software development that built on existing code qualified as R&D
In Get Onbord Ltd (in Liquidation) v HMRC [2024] UKFTT 617 (TC) the First-tier Tribunal held that expenditure incurred by a company when it developed a new AI-based analytical process qualified for R&D tax relief. The project built on existing material, but its aim was to advance overall scientific knowledge by resolving an existing uncertainty, in this case to see if it was scientifically possible to automate an existing manual process.
Ofcom calls for evidence on Media Act 2024 listed events regime
Ofcom has called for evidence about the changes made by the Media Act 2024 to the listed events regime. The Media Act makes significant changes to the listed events regime. Instead of being restricted to traditional broadcast channels, the new regime will include any services which can be used to show live coverage of listed events to audiences in the UK, including the Public Service Broadcasters’ on-demand players, global media platforms and other internet-based streaming services. The Act also changes the definition of qualifying services to include only services provided by PSBs. All other services are non-qualifying. The regime aims to make sure that, where rights to a listed event are being sold, they are offered to both a qualifying and non-qualifying service. As part of implementing these changes, Ofcom is required to define several terms used in the regime such as “live coverage”, “adequate live coverage” and “adequate alternative coverage”.’ Ofcom must also revise its guidance to broadcasters on the listed events rules. Ofcom seeks evidence about how viewing of listed events has been affected changes in audiences’ viewing preferences, technology, and the wider media landscape. It is also interested in how rights for listed events are packaged and sold.? Views are sought by 26 September. Ofcom will consult further in 2025.
Ofcom consults on its General Policy on Information Gathering
Ofcom is consulting on a proposed update to its general information gathering policy, which explains how it will exercise its powers. It is required by the Communications Act 2003, Wireless Telegraphy Act 2006 and Postal Services Act 2011 to publish a statement of general policy on the exercise of its statutory information gathering powers. Its existing policy on information gathering was published in March 2005. It consulted on changes in 2015 which led to significant changes. It considers that now is an appropriate time to update the policy to reflect its new processes and additional powers. This policy will not apply where it has separately set out how it intends to use its powers, for example, under the Network and Information Systems Regulations 2018. It also plans to consult on separate standalone guidance on how we will exercise our new information gathering powers under the Online Safety Act 2023. This consultation ends on 30 September 2024.
Ofcom prohibits inflation price increases for contracts
In 2023, Ofcom consulted on making changes to its General Conditions to require providers, where they apply in-contract price rises, to set these out upfront, in pounds and pence, at the point of sale. It has now published a statement on its decision to proceed with these changes. When new rules come into effect, they will prohibit providers from including inflation-linked or percentage-based price rise terms in new contracts. Providers must draw information about in-contract price rises information to the customer’s attention prominently before they are bound by the contract, in a clear and comprehensible manner (including during a sales call or other verbal sale such as an in-store sale) to enable them to make an informed choice. Providers must also set out when any changes to the monthly price will occur. Providers may increase their prices during the contract period and the new rules do not restrict their ability to set the level of their prices. However, the rules will prohibit providers from including inflation-linked, or percentage-based, price rise terms that apply to the Core Subscription Price in new contracts. This aims to give consumers clarity and certainty about the price they will pay, helping them choose the best deal for their needs. Ofcom is also issuing guidance on the new rules which includes examples of how providers could present any in-contract price rises at the point of sale. The new rules and guidance will apply to new contracts from 17 January 2025.
Ofcom concludes investigation into BT following 999 emergency call service outage on 25 June 2023
Ofcom has issued its decision to BT under section 96C of the Communications Act 2003 regarding the outage in June 2023. This affected BT’s ability to connect calls to emergency services. Ofcom has found that BT has contravened section 105A(1)(c) of the Act and Regulation 9 of the Electronic Communications (Security Measures) Regulations 2022 by failing to take appropriate and proportionate measures to prepare for “security compromises” in its provision of Emergency Call Handling Services (ECHS). This contravenes some of the Security Duties that apply to BT which are in place to protect the security and resilience of the UK’s public networks and services. Ofcom has found that BT did not adequately prepare for the occurrence of an outage of the ECHS. As a result, it is imposing a financial penalty of £17.5 million on BT. This penalty was set having regard to its Penalty Guidelines and includes a 30% discount because of BT’s admission of liability and its completion of Ofcom’s settlement process.
Red Teaming for GenAI Harms – Revealing the Risks and Rewards for Online Safety
Generative AI applications are creating significant benefits for users but also pose risks, such as child sexual abuse material, low-cost deepfake adverts and synthetic terrorist content. Ofcom is exploring how online services could employ safety measures to protect their users from harm posed by GenAI. One such safety intervention is red teaming, a type of evaluation method that seeks to find vulnerabilities in AI models. This involves “attacking” a model to see if it can generate harmful content. The red team can then seek to fix those vulnerabilities by introducing new and additional safeguards, for example, filters that can block such content. Ofcom has published a discussion paper in which explores how Red Teaming differs from other evaluation techniques; unpacks the steps involved in a red team exercise; outlines a case study which illustrates the potential resource required; assesses the strengths and limitations of this method and set out ten practices that firms can adopt to maximise the impact of red teaming exercises they already conduct. Ofcom will continue to examine the merits and limitations of red teaming.
DJ software deal abandoned
AlphaTheta and Serato have abandoned their proposed deal. The CMA has therefore cancelled its Phase 2 merger investigation into the deal. AlphaTheta is involved in the manufacture of DJ equipment, including mixers, controllers, DJ players and all-in-one systems under the Pioneer DJ brand, and both parties supply DJ software for laptop and desktop applications globally. The merger was conditional on receiving merger control clearance from the New Zealand Commerce Commission. As the New Zealand Commerce Commission has declined clearance of the Merger, AlphaTheta and Serato have decided to abandon the deal. On that basis, the CMA has cancelled its investigation.
IPO launches one-stop SEPs Resource Hub
The IPO has launched a new Standard Essential Patents (SEPs) resource hub for businesses in the UK. It is widely accepted that SEPs are of growing importance to the UK economy, as they enable the development and implementation of innovative technologies across key sectors by ensuring that technologies are accessible and interoperable. However, there are challenges when licensing SEPs. These may include knowledge and information gaps between SEP holders and SEP implementers, concerns around a lack of transparency, and around the effective use of dispute resolution services. The Hub aims to help businesses improve their understanding of the SEPs ecosystem. It provides guidance and highlights other resources. The Hub forms part of a package of non-regulatory actions from the UK IPO to help achieve greater transparency and balance within the SEPs ecosystem, and to improve how the market functions for those who interact with it. These include working with other jurisdictions around the world to encourage greater collaboration and co-ordination on SEPs policy, and taking positive steps to engage and collaborate with Standard Development Organisations, particularly with regard to their IP rights policies.
CMA issues update on Google Privacy Sandbox investigation
Google has announced that it is changing its approach to Privacy Sandbox. Instead of removing third-party cookies from Chrome, it will be introducing a user-choice prompt, which will allow users to choose whether to retain third party cookies. The CMA will now work closely with the ICO to carefully consider Google’s new approach to Privacy Sandbox. The CMA welcomes views on Google’s revised approach, including possible implications for consumers and market outcomes.
Joint Statement on competition in generative AI foundation models and AI products published
The competition authorities of the UK, EU and US have published a joint statement on competition in generative AI foundation models and AI products, setting out their joint commitment to working together to protect competition and consumers. The statement sets out key principles to support competition, protect consumers and help businesses to innovate and thrive. The statement marks the latest step in the CMA’s work on AI foundation models. In April 2024, the CMA published an update which set out six principles to support competition and consumer protection as AI foundation models continue to be developed and deployed.
ICO acts against school for using facial recognition technology
The ICO has taken action against Chelmer Valley High School in Essex for introducing facial recognition technology (FRT) to take cashless payments. The school first started using FRT in March 2023 to take cashless canteen payments from students. However, the school failed to carry out a data protection impact assessment before using the technology. The ICO found that the school relied on assumed consent and affirmative ‘opt-in’ consent wasn’t sought at this time. The law does not deem “opt out” a valid form of consent and requires explicit permission. The school failed to consult with parents, guardians, students or the data protection officer before implementing the technology.
EU law
IAB Europe sends position paper to EDPB on “Consent or Pay” model
The Interactive Advertising Bureau (IAB) Europe has sent a position paper to the European Data Protection Board outlining key concerns and recommendations in connection to the EDPB’s Opinion about consent or pay models and connected with the EDPB’s upcoming draft Guidelines intended to have a broader scope. IAB has also published its significant concerns regarding the European Parliament’s and European Council’s positions on the GDPR procedural regulation. As the trilogue discussions are anticipated to begin later this year, IAB Europe emphasises the need to address key issues to ensure practical and effective regulatory implementation.