UK law
Law Commission reviews law relating to liability for defective products
The Law Commission of England and Wales has announced that it is going to review the law on product liability. It has been nearly 40 years since the Consumer Protection Act 1987 came into being. It was intended to give consumers a straightforward route to claiming compensation for certain harms caused by defective products. Since the legislation was introduced, the range of available products – particularly in the context of digital technology – has developed significantly. The product liability regime has not kept pace with those developments. In addition, there are concerns that the existing product liability regime is failing in practice to achieve one of its key aims: balancing protecting people from harm caused by defective products, with support for business by enabling innovation and growth. It has proven difficult to bring successful claims under the current product liability regime. The Law Commission’s project will consider issues with the operation of the existing product liability regime, particularly in light of emerging technologies, to determine what law reform might be required to ensure the product liability regime is fit for purpose. Such a review will help determine and, if necessary, correct the balance between protecting people from harm and supporting industry. It would also provide increased certainty regarding managing harm caused by products, especially in the digital age. The Law Commission expects to begin this work in 2025. The project will start by determining the scope of work, including agreeing the terms of reference for the project with Government. The Law Commission will then publish in a consultation paper.
ICO issues new guidance on disclosing documents to the public
The ICO has published new guidance to help organisations disclose documents securely. Personal information can be hidden or not immediately visible in documents. If they are not checked properly, it may be disclosed by accident – sometimes with serious consequences. The ICO’s guidance includes practical steps and videos to help organisations understand how to check documents, including spreadsheets, for hidden personal information and to reduce the risk of a data breach.
UK government calls for evidence on trust services
Trust services like electronic signatures aim to make online transactions more secure and reliable. They do this by confirming the authenticity and integrity of electronic documents and transactions. There is an existing UK legal framework for trust services, and the Information Commissioner’s Office (ICO) is the established regulator. However, despite this infrastructure being in place and the increasing digitisation of the UK economy, there are no registered qualified trust service providers in the UK. The government says that it doesn’t have evidence that qualified trust services are widely used, and where they are used, the market currently relies on providers registered in the EU for the provision of qualified trust services. The call for views is open for response until 20 September 2025 and aims to collect essential information about the UK trust services market to help inform government policy development. If the call for views suggests government action is needed, it will seek to gather information more widely, including from individuals.
EU law
EU rules on general-purpose AI models start to apply
The AI Act obligations for providers of general-purpose AI (GPAI) models have entered into application across the EU. This aims to bring more transparency, safety and accountability to AI systems on the market. The rules also aim to facilitate mean clearer information about how AI models are trained, better enforcement of copyright protections and more responsible AI development. To help providers, the European Commission published guidelines clarifying who must comply with the obligations. GPAI models are defined as those trained with over 10^23 FLOP and capable of generating language. Additionally, the Commission published a template to help providers in summarising the data used to train their models. The Commission and the member states have also confirmed that the GPAI Code of Practice is an adequate voluntary tool for providers of GPAI models to demonstrate compliance with the AI Act. From August 2, providers must comply with transparency and copyright obligations when placing GPAI models on the EU market. Models already on the market before 2 August 2025 must ensure compliance by 2 August 2027. Providers of the most advanced or impactful models presenting systemic risks — i.e. those exceeding 10^25 FLOP — will need to meet additional obligations, such as notifying the Commission and ensuring the model’s safety and security.
