UK law
The Digital Markets, Competition and Consumers Act 2024 (CMA Consumer Enforcement Rules) Regulations 2025
The Digital Markets, Competition and Consumers Act 2024 (CMA Consumer Enforcement Rules) Regulations 2025 have been made. In the Regulations, the Secretary of State, using the power under section 211 of the Digital Markets, Competition and Consumers Act 2024 approves the rules made by the CMA under section 210 of the Act (Regulation 2). The rules, which are set out in the Schedule, deal with procedural and other matters in connection with the carrying out of direct enforcement functions by the CMA under Part 3 (enforcement of consumer protection law) of the Act.
CMA decides to take no further action on Microsoft/Open AI merger
The CMA has decided that Microsoft’s partnership with OpenAI does not qualify for investigation under the merger provisions of the Enterprise Act 2002. In particular, the CMA does not consider there has been a change of control by Microsoft from material influence to de facto control over OpenAI.
Government responds to call for views on the code of practice for software vendors
A Call for Views on the Code of Practice for Software Vendors ran for 12 weeks in 2024. The UK government has now published its response. There is strong support for the creation of a Code of Practice for Software Vendors. The call for views has confirmed that government intervention to ensure a more consistent level of best practice adoption for security and resilience in software development, distribution, and maintenance is necessary. The government will make minor edits to the code before publishing it later in 2025. The NCSC and DSIT will further refine the technical controls and implementation guidance to publish alongside the code of practice. The NCSC and DSIT will also develop an attestation method and assurance regime to allow software vendors to demonstrate compliance with the code. Finally, the government will map the code of practice against other standards, regulation and guidance.
EU law
Commission updates AI procurement model clauses following EU AI Act adoption
To support responsible AI procurement, the Community of Practice published EU model contractual clauses on 29 September 2023 and has now published an updated version. It includes a full version for high-risk AI, aligned with the EU AI Act adopted on 13 June 2024; a light version, customisable to specific needs for non-high-risk AI; and a commentary, providing guidance on how to use, customise and apply the clauses in practice.
Commission experts publish third draft of General-Purpose AI Code of Practice
The third draft of the General-Purpose AI Code of Practice has been issued. The first two sections of the draft Code detail transparency and copyright obligations for all providers of general-purpose AI models, with notable exemptions from the transparency obligations for providers of certain open-source models in line with the AI Act. There is also a Documentation Form which aims to allow signatories to easily document the necessary information in a single place. The section on copyright contains core measures from the second draft but in a simplified and clearer form. The third section of the Code is only relevant for a small number of providers of most advanced general-purpose AI models that could pose systemic risks, in accordance with the classification criteria in Article 51 of the AI Act. Here, the Code outlines measures for systemic risk assessment and mitigation, including model evaluations, incident reporting, and cybersecurity obligations. The Code will be finalised based on stakeholder feedback to this proposal.
EU and Korea enter into digital trade deal
The EU and the Republic of Korea have concluded negotiations for a Digital Trade Agreement. The deal provides binding rules aiming to build consumer trust; ensure predictability and legal certainty for businesses, as well as trusted data flows; while removing and preventing the emergence of unjustified barriers to digital trade. The DTA promotes an approach for building digital and data rules with individuals and their rights at its core. It aims to ensure that the EU and Korea preserve policy space to develop and implement the policies required to address new challenges in the digital economy.
