This Week’s Techlaw News Round-Up

May 5, 2023

UK law

CMA refused permission to appeal CAT judgment regarding mobile browsers and cloud gaming

The Competition Appeals Tribunal has refused the CMA permission to appeal against its ruling in Apple and others v CMA [2023] CAT 21. The CAT had quashed the CMA’s decision to make a market investigation reference into the supply of mobile browsers and mobile browser engines and the distribution of cloud gaming services through app stores on mobile devices in the UK due to being out of time. The CAT considers that the Enterprise Act is unambiguous regarding the deadlines in sections 131A and 131B and when they apply.

UK’s consumer connectable product security regime will come into force on 29 April 2024

The UK government has announced that the UK’s consumer connectable product security regime will come into effect on 29 April 2024. From that date, the law will require manufacturers of UK consumer connectable products to comply with minimum security requirements. These minimum security requirements are based on the UK’s Code of Practice for Consumer IoT security and on advice from the National Cyber Security Centre. The regime will also aim to ensure other businesses in the supply chains of these products play their role in preventing insecure consumer products from being sold to UK consumers and businesses. The Product Security and Telecommunications Infrastructure Act 2022 received Royal Assent in December 2022. The government has now published draft regulations which will be introduced to Parliament when parliamentary time allows.

UK government publishes framework for monitoring new pro-competition regime for digital markets

The Departments for Business and Trade and for Science, Innovation and Technology have commissioned London Economics to create a framework for monitoring and evaluating the new pro-competition regime for digital markets. They will use the framework to help develop the monitoring and evaluation plan, which will set out the government’s proposals for the post-implementation review, and the approach to monitoring the regime’s implementation and outcomes. Responsibility for digital markets is now with DSIT.

NCSC issues guidance on mapping supply chain dependencies for businesses

The National Cyber Security Centre has issued guidance on mapping supply chain dependencies for medium to large businesses to better understand and manage risks. Supply chain mapping is the process of recording, storing and using information gathered from suppliers who are involved in a company’s supply chain. The NCSC guidance focusses explicitly on this process, aimed at procurement specialists, risk managers and cyber security professionals. Supply chain mapping follows the principles of all good risk management; organisations need to understand the risks inherent in their supply chain, and then introduce security measures that are in proportion to the likelihood (and impact) of those risks materialising. The goal is to have an up-to-date understanding of your network of suppliers, so that cyber risks can be managed more effectively, and due diligence carried out.

Ofcom seeks views on how CLI authentication could work in the UK

In 2021, Ofcom commissioned a report into the potential challenges of introducing Calling Line Identification (CLI) authentication in the UK. It has now launched a consultation inviting views on its initial thinking about how CLI authentication might work in the UK and the extent to which actions providers are already taking are likely to address the problem of number spoofing. It is not making any proposals for specific regulatory interventions at this stage. If its provisional view following this consultation is that there is a case for requiring the implementation of CLI authentication, it will publish a full assessment of the likely impact and its proposals for the regulatory rules that would be needed. The consultation ends on 23 June 2023.

CMA investigates Adobe / Figma merger

The CMA is investigating the anticipated acquisition of Adobe Inc. of Figma, Inc. It is considering whether it is or may be the case that this transaction if carried into effect, will result in the creation of a relevant merger situation under the merger provisions of the Enterprise Act 2002 and, if so, whether the creation of that situation may be expected to result, in a substantial lessening of competition within any market or markets in the United Kingdom for goods and services.

EU law

Digital Markets Act applies as of 2 May 2023

The European Commission has announced that the DMA applied as of 2 May 2023. The DMA aims to ensure contestable and fair markets in the digital sector. It defines gatekeepers as those large online platforms that provide an important gateway between business users and consumers, whose position can grant them the power to act as a private rule maker, and thus create a bottleneck in the digital economy. To address these issues, the DMA defines a series of specific obligations that gatekeepers will need to respect, including prohibiting them from engaging in certain behaviours in a list of do’s and don’ts. Within two months, companies providing core platform services will have to notify the Commission and provide all relevant information. The Commission will then have two months to adopt a decision designating a specific gatekeeper. The designated gatekeeps will have a maximum of six months after the Commission decision to ensure compliance with the obligations foreseen in the DMA.

European Commission reports on the implementation of the EU rules safeguarding open Internet access

The European Commission has published its second report on the implementation of the Regulation on open internet access, which aims to ensure that all users can benefit from online content and services without discrimination, prioritisation, restriction or interference from internet service providers. The findings of the report confirm that the Regulation is supporting the balance between the protection of end-users’ rights and the support of a competitive environment in the EU’s Digital Single Market. The report identifies areas where further guidance on the application of the open internet access rules may be appropriate to ensure that such rules remain relevant in the future. For example, the report finds that, as the development of technology continues and innovation services emerge, such as transport automation or remote surgery, greater legal clarity in the interpretation of certain notions and definitions included in the Regulation could be beneficial to both innovators and end-users.