The Lens Newsletter - May 2025

Podcasts

The Evolving Cyber Risk Landscape

In this two-part podcast series, members of our Cyber Hub, Richard Jeens and Natalie Donovan, were joined by PwC’s Director for Cyber Threat Detection and Response, David Cannings, to discuss all things cyber. They cover lessons learnt from recent retail attacks, what to expect from the Cyber Security and Resilience Bill, the UK Government’s ransomware proposals and what organisations can learn from recent ICO cyber fines. Listen here for Part 1 and here for Part 2.

Marketing Compliance in 2025 - how should legal teams respond?

2025 is expected to be a defining year for marketing compliance - with increased regulatory scrutiny, expanded enforcement powers, and shifting consumer expectations, legal teams need to reassess how marketing compliance is managed across digital channels. In this podcast, Rebecca Cousin and Rosie Wilson explore what’s driving this renewed regulatory focus, what it means for in-house legal teams, and suggest how they can stay ahead of the curve. Listen here.

Blogs

Cyber 2025 – an update on recent developments in a busy cyber year

2025 is shaping up to be a busy year for cyber, as discussed in our new cyber podcast series. The recent retailer headlines are a stark reminder of the devastating impact a cyber-attack can have on an organisation, but they are not the only... Read more 

Go compare! Court of Appeal confirms comparables approach for assessing FRAND royalties

The Court of Appeal has confirmed, in Optis v Apple, that a conventional comparables-based approach should be adopted by the English courts when assessing FRAND royalties, overturning the first instance decision and rejecting the High Court’s... Read more 

AI Act deadline missed as EU GPAI Code delayed until August

As readers of this blog will know, the final version of the EU’s General Purpose AI (GPAI) Code of Practice was due to be published by 2 May. We, like many others, had been keeping a keen eye out for that final draft, but, alas, the deadline has... Read more 

The countdown to the European Accessibility Act is almost over – businesses must comply by 28 June

Businesses have just over one month to comply with the European Accessibility Act (EAA). The new Directive aims to enhance the inclusion of persons with disabilities and imposes accessibility requirements for certain products and services across... Read more 

Commission updates Model Contractual Clauses for AI procurement

As organisations look to procure AI, many are developing contractual clauses to manage AI specific risks. But what should those clauses include? And will they help compliance with laws such as the EU’s AI Act? The European Commission have recently... Read more 

Cyber and data incident preparedness: Know your insurance

Cyber is in the headlines again, with M&S and other retailers suffering attacks and the cause of the power outage in the Iberian peninsula not yet clear. What is clear, however, is that cyber attacks continue to increase among medium and large... Read more 

The UK Formalises Pathway for AI Growth Zones Designation

On 30 April 2025, the UK government launched the formal qualifying process of its Artificial Intelligence Growth Zones (AIGZ) initiative. AIGZs intend to catalyse the deployment of AI technology infrastructure—principally hyperscale data... Read more 

When Decentralisation Meets Regulation: How Blockchain and GDPR Can Coexist

We have prepared a more detailed client briefing on this topic. Read our full client briefing here. The European Data Protection Board (EDPB) has released its long-awaited draft Guidelines on processing of personal data through blockchain... Read more 

Targeted ads in the line of fire: Regulators target targeted ads

2025 continues to prove to be a year of considerable change for marketing compliance. We’ve previously covered new guidance in this area and UK and EU data protection reforms, and in this blog we’re providing a roundup of recent regulatory action... Read more 

A “leading AI continent” – the EU publishes new AI action plan

The European Commission recently published its AI Continent Action Plan, which sets out the EU’s strategy for becoming a “leading AI continent”. The plan is part of the Commission’s attempts to boost the EU’s competitiveness, addressing issues... Read more 

Anonymisation and pseudonymisation are in vogue: first the EDPB, and now the UK ICO issues new guidance

The Information Commissioner’s Office (ICO) has finally issued long-anticipated guidance on anonymisation and pseudonymisation practices, consolidating and streamlining a series of drafts that it had previously consulted on. Authorities appear... Read more 

Copyright and the third draft of the EU GPAI Code

As we’ve previously reported on this blog, the third draft of the EU’s General-Purpose AI Code of Practice was published on 11 March.  Whilst the majority of the commitments set out in this voluntary Code only apply to providers of... Read more 

Sharing is caring – NIS360’s prescription for stronger cyber risk management

As many jurisdictions scramble to transpose the NIS2 directive into national law across the EU, the European Union Agency for Cybersecurity (“ENISA”) recently released the NIS360, a first-of-its-kind assessment giving cyber practitioners the... Read more