Search results

Please enter search term
Major update to ICO international transfers guidance: key takeaways for organisations The UK Information Commissioner’s Office (ICO) has published a major update to its international transfers guidance to help organisations navigate the UK GDPR transfer regime. As well as addressing changes made by the Data (Use and Access) Act (DUA Act),... NCSC insights into what the CSRB means for the UK’s critical suppliers The UK’s long‑awaited Cyber Security and Resilience Bill (CSRB) is progressing through Parliament - and it lands at a moment when global geopolitics, supply chain complexity, new technologies and the evolving tactics of threat actors are all impacting the... Digital Fairness Act: European Commission publishes responses to consultation On 19 December 2025, the European Commission published a summary report of the responses to its consultation on the Digital Fairness Act (DFA), which ended on 24 October 2025. The Commission aimed to gather opinions from stakeholders on how to ensure... ICO publishes new guidance on data subject access requests The Information Commissioner’s Office (ICO) has published updated guidance on data subject access requests (DSARs), reflecting both changes brought in by the Data (Use and Access) Act 2025 (DUA Act) and recent case law developments. Timed to coincide with... High Court grants Getty permission to appeal copyright aspects of Gen AI claim The UK High Court has granted Getty Images permission to appeal certain aspects of the court’s findings in Getty’s copyright infringement claim against generative AI provider, Stability AI. Background As readers of this blog will know, on 4 November 2025,... Hotel La Tour Supreme Court decision: no VAT recovery on share sale deal fees The Supreme Court in Hotel La Tour has unanimously rejected the taxpayer’s appeal and determined that the input tax on deal fees connected with an exempt share sale is irrecoverable because of the direct and immediate link with the share sale. Hotel La... Lessons in online safety: Ofcom’s £1 million fine against AVS and end of year review Earlier this month, Ofcom published its most significant fine to date – a £1 million fine against adult website provider AVS Limited (AVS) in relation to age assurance failings. At the same time as announcing this fine, Ofcom released two papers analysing... EU proposes single-entry point for cyber incident reporting, but is it really “report once, share many”? As part of the recently announced Digital Omnibus simplification package (see our blog on that here), the European Commission plans to streamline cybersecurity and data incident reporting in the EU, by channelling incident notifications through a new... X fined €120m for breaches of EU Digital Services Act – including ‘deceptive’ blue ticks The European Commission has issued its first fine under the Digital Services Act (“DSA”), to X for breaches of transparency obligations under the Act. The breaches relate to X’s use of “deceptive” blue checkmarks, its failure to meet transparency... AI Act changes: What does the Digital Omnibus propose for the EU AI Act? The European Commission has outlined a number of proposed amendments to the EU AI Act (the “Act”) to ensure the “timely, smooth and proportionate implementation” of its provisions. These proposals are set out in the much-anticipated Digital Omnibus on AI...