UK law
ICO issues direct marketing guidance tool
The ICO has launched a free online tool to help organisations ensure their direct marketing activities comply with UK law – including the Privacy and Electronic Communication Regulations (PECR), and the UK GDPR. The tool has been designed with small organisations in mind, who might have less time and resources. However, it is available for anyone to use – whether the organisation is a sole trader, start-up, a small or medium sized organisation, or a charity, group or club.
National Cyber Security Centre guidance on Content Credentials
The National Cyber Security Centre (NCSC) has published introductory guidance (which was originally published by the US National Security Agency) about using Content Credential technology. CCT can help systems evaluate the authenticity of content.
UK government publishes codes of practice on AI cyber security
The UK government has published an AI Code of Practice which sets out baseline cyber security principles aimed at helping secure AI systems and the organisations which develop and deploy them. The principles are collated in five categories: secure design, secure development, secure deployment, secure maintenance and secure end of life. Before the AI Action Summit hosted by France next month, the government has also published an independent International AI Safety Report which sets out shared scientific understanding of advanced AI systems and their risks. DSIT is also developing a Cyber Governance Code of Practice which has been consulted on and the final version is due “early” this year.
Ofcom assumes regulation of premium-rate services from PSA
Ofcom has formally adopted responsibility for regulating premium-rate services (PRS) from the Phone-Paid Services Authority (PSA). The two regulators have worked together with a view to ensuring a smooth handover. Ofcom has introduced new rules under the Communications Act, which maintain similar consumer protection standards, organisational requirements, and other obligations. Ofcom has emphasised that there will be negligible changes for consumers under the new regulatory framework, which covers various phone-paid services including charity donations, broadcast competitions, and in-app purchases.
IPO updates guidelines for examining AI patent applications
The Intellectual Property Office (IPO) has updated its guidelines for examining patent applications relating to AI inventions. A patent may only be granted if an invention is new, has an inventive step, is industrially applicable, and is not excluded from patent protection. The guidelines are primarily concerned with the requirement that an AI invention must not relate to so-called excluded subject matter. The guidance reflects the ruling in Emotional Perception, in which the Court of Appeal considered whether an artificial neural network engages the program for computer exclusion.
Ofcom consults on designation of Radio Selection Services under Media Act 2024
The Media Act 2024 contains rules about protecting the availability of UK radio on connected audio devices. It brings into regulation certain voice-activated online services, radio selection services (RSS), that have been designated by the Secretary of State (DRSS). It requires DRSS to reliably provide the online stream of a UK broadcast radio service in response to a user’s voice command, among other requirements. Ofcom has several roles regarding the new regulatory framework for online radio streams. It must provide the Secretary of State with a report making recommendations about which radio selection services should be designated. It is for the Secretary of State to decide which of the RSS available in the UK are designated. Ofcom must develop a set of principles and methods by which it will arrive at the recommendations in the report. It has launched a consultation which sets out proposals for these principles and methods. Ofcom’s proposed approach to its assessment in its report includes using a threshold to determine if a level of use of a radio selection service is significant. Ofcom’s report must include consideration of the number of members of the public using a service; how a service is used; whether the level of use is significant; and any other relevant considerations.
Court of Appeal allows appeal against refusal to permit amendment to raise claim for interim licence of SEPs
The Court of Appeal has allowed an appeal in Alcatel Lucent SAS v Amazon Digital UK Ltd [2025] EWCA Civ 43. The proceedings arose in the context of an infringement of a portfolio of standard-essential patents. Amazon had wanted to amend its case to raise a claim for an interim licence of the portfolio and appealed the previous court’s refusal. The Court of Appeal granted Amazon permission to amend its particulars of counterclaim subject to one adjustment, and in relation to the defence and counterclaim.
UK government to create offences of using AI to create child sexual abuse material
The government has announced that it will create offences in relation to using AI to create child sexual abuse material (CSAM) in its forthcoming Crime and Policing Bill. The Home Office proposes to make it illegal: to possess, create or distribute AI tools designed to generate CSAM with possible jail sentences of up to five years; for anyone to possess AI “paedophile manuals” that teach people how to use AI to sexually abuse children, with possible jail sentences of up to three years; and for operators of websites designed for paedophiles to share CSAM or advice on how to groom children, with jail sentences of up to ten years. The Home Office also proposes to give the Border Force powers to prevent the distribution of CSAM filmed abroad by permitting officers to require an individual who they reasonably suspect poses a sexual risk to children to unlock their digital devices to be inspected. Sentences could include up to three years in prison, depending on the seriousness of the conduct.
Court of Appeal dismissed appeal against decision refusing Motorola permission to appeal CAT judgment
In Airwave Solutions Limited and others v Competition and Markets Authority [2025] EWCA Civ 54, the Court of Appeal unanimously dismissed Motorola’s application for permission to appeal on both of its pleaded grounds, in which it claimed that the CMA had made errors in assessing competition in the relevant market and the profitability of the Airwave Network in 2021. In its original findings, the CMA said that Motorola was able to make supernormal profits because it has a virtually unconstrained monopoly in the market to supply communications network services to the UK’s emergency services. The CMA imposed a charge control order capping the price Motorola could charge. Motorola challenged the CMA’s original findings in the Competition Appeal Tribunal. The Tribunal unanimously dismissed that challenge and Motorola sought permission to appeal to the Court of Appeal. The Court of Appeal endorsed the CMA’s reasoning as set out in its original findings. Motorola cannot appeal the decision further.
Ofcom revises investigation into OnlyFans
Ofcom has revised the scope of the investigation into OnlyFans. It has decided to close its investigation into whether Fenix International Limited breached its duty under Section 368Z1(2) of the Communications Act 2003 to implement measures taken in such a way as to carry out the purpose of protecting persons under the age of 18 from encountering restricted material such as pornography. Where appropriate, Ofcom’s Supervision team will continue to engage with OnlyFans regarding how it implements measures to protect children from restricted material. It has also decided to close its investigation into whether Fenix International Limited failed to co-operate fully with Ofcom in breach of its duty under Section 368Y(3)(c) of the Act. Ofcom is making no findings on these issues and if further information comes to light, reserves its right to re-open the investigation. The investigation continues to examine whether there are reasonable grounds to believe that Fenix International Limited has failed to comply with its duties under Section 368Y(3)(b) and Section 368Z10(6) of the Communications Act to provide complete and accurate responses to statutory information requests. Ofcom will update further once it has completed its investigation.
EU law
European Commission consults on Technology Transfer Block Exemption Regulation
The European Commission has launched a call for evidence and a public consultation to seek feedback on possible revisions of the Technology Transfer Block Exemption Regulation and the accompanying Guidelines. The TTBER exempts certain categories of technology transfer agreements from the prohibition of anticompetitive agreements in Article 101(1) of the Treaty on the Functioning of the European Union. Its objective is to provide companies with clear and simple rules for pro-competitive technology licensing agreements, thereby facilitating technology dissemination, providing incentives for R&D, and promoting innovation. The call for evidence and consultation form part of the impact assessment phase, which follows the evaluation concluded in November 2024. The aim of the evaluation was to gather evidence on the functioning of the TTBER and the Guidelines, for the Commission to decide if it should let the rules expire, prolong their duration or revise them in view of their expiry on 30 April 2026.
European Commission requests information from Shein on illegal products and its recommender system
The European Commission has sent a request for information (RFI) to Shein under the Digital Services Act (DSA). The Commission is requesting that Shein provides internal documents and more detailed information on risks linked to the presence of illegal content and goods on its marketplace, on the transparency of its recommender systems, and on the access to data for qualified researchers. It also seeks detailed information on the measures adopted to mitigate risks relating to consumer protection, public health and users’ wellbeing. The Commission is also requesting details on the protection of users’ personal data. Shein must provide the necessary information by 27 February 2025. The Commission will then assess the replies and decide next steps. This action is separate to the investigation by the Consumer Protection Cooperation Network and coordinated by the Commission regarding Shein’s consumer law compliance. The Commission has already sent an RFI about measures Shein took to comply with the DSA obligations related to the so-called ‘Notice and Action mechanism’ to notify illegal products, ‘dark patterns’ on its online interfaces, the protection of minors, the transparency of recommender systems, the traceability of traders and compliance by design. Separately, the Commission has published a Communication on a Comprehensive EU Toolbox for Safe and Sustainable E-commerce, that seeks to tackle challenges stemming from low-value imports from non-EU traders at each stage of the product’s life cycle, including by focusing DSA enforcement actions on e-commerce practices.
