This Week's Techlaw News Round-up

DCMS publishes response to consultation on amending NIS Regulations, New plans to boost cyber security of UK's digital supply chains issued and more in this week’s round-up of UK, EU and international techlaw news developments not covered elsewhere on the SCL website.


DCMS publishes response to consultation on amending NIS Regulations

The Department for Digital, Culture, Media & Sport has published its response to its consultation about amending the Network and Information Systems Regulations 2018 SI 2018/506. It says that 45% of respondents agreed that incident thresholds should be moved from legislation to the ICO guidance. Some respondents disagreed; they said that they did not believe that the ICO should have should not have the power to amend the threshold without prior consultation. They also felt that amending the thresholds would diverge the UK's NIS Regulations from EU's reporting requirements, and that the thresholds should not be removed from legislation. DCMS has sought to allay these concerns. It says that the ICO has committed to engage with the industry regularly, consulting on any changes to the thresholds with relevant digital service providers to ensure reporting requirements are not too demanding or burdensome. The DCMS will ensure such consultations are taking place. Whilst the government is aware that allowing the ICO to amend the threshold levels may result in them diverging from the levels set for the EU, it believes this is a necessary risk. The current thresholds are not fit for purpose and do not meet the needs of the UK economy. Very few incidents are currently being reported. The government needs to ensure the NIS legislation is effective on a UK-basis.. The government strongly believes the proposed changes in the statutory instrument will maintain and enhance the effectiveness of NIS legislation in protecting the security of network and information systems for digital service providers.

New plans to boost cyber security of UK's digital supply chains issued

The UK government has issued its response to a consultation about enhancing the security of digital supply chains. It says that IT service providers could be required to follow new cyber security rules such as the National Cyber Security Centre’s Cyber Assessment Framework. The proposals aim to help British businesses manage the growing cyber threat. Other plans to protect the country’s digital supply chains include new procurement rules to ensure the public sector buys services from firms with good cyber security and plans for improved advice and guidance campaigns to help businesses manage security risks. The government will now develop more detailed policy proposals and it is currently carrying out a review of the laws and measures which encourage firms to improve their cyber security and will launch a new national cyber strategy later this year.

Oxford Commission on AI and Good Governance issues report on Surveillance as a Service

The Oxford Commission on AI and Good Governance has issued a report on Surveillance as a Service. It examines the European marketplace that produces and exports AI-assisted surveillance systems to governments around the world. In particular, it looks at “Surveillance as a Service” services and software that are provided for surveillance, and which consist of complex systems that are offered with user-friendly interfaces as well as continual maintenance, updates, and troubleshooting support (rather than a one-off purchase). Based on the latest evidence about the development of Europe’s Surveillance as a Service market, it says that wider policy and regulatory interventions are urgently needed. This includes the need to: (a) implement more stringent regulatory mechanisms for Europe’s surveillance industry, including sales moratoriums and bans of certain technologies that produce the most harm; (b) implement more rigorous evaluation and regulation over the far-reaching effects of the surveillance industry beyond the EU; (c) enact proportionate and clear sanctions for breaching rules and guidelines; and (d) better empower oversight mechanisms on the design, development, and deployment of machine learning applications in ways that do not place the burden of reporting human rights violation on civil society groups, journalists, researchers, and individual citizens.

EU law

EURid confirms that Brexit-related and non-compliant domain names will be revoked from 1 January 2022

EURid has confirmed that it will revoke all Brexit-related, non-compliant domain names in the ‘WITHDRAWN’ status on 1 January 2022. These domain names will then be released in batches. If a registrant wishes to reinstate a domain name. they must show that they meet the eligibility criteria. They must also contact EURid before 31 December 2021. The reinstatement procedure  requires registrants of a Brexit-related domain name to submit a request, and once EURiD has reviewed the case, and found that the registrant is eligible, they will activate the domain name with the registration data and move the domain name to a dedicated EURid Brexit holding account. It will then update the domain name status to ‘REGISTERED’ and a one-year term will be added to the registration.

BEUC makes recommendations for review of EU Roaming Regulation

The European Consumer Organisation (BEUC) has published a report on the subject of the review and extension of Regulation (EU) 2015/2120 (the EU Roaming Regulation). The report lists BEUC’s recommendations for the trilogue negotiations including issues such as guaranteeing the same quality of service abroad as at home; protecting consumers from inadvertent connections to networks of non-EU/EEA countries or to non-terrestrial networks; lowering price caps to bring them as close as possible to the real wholesale costs; limiting the application of “fair use” policies to actual abuses and determine the phasing out of such policies; ending surcharges for intra-EU communications; and improving transparency of and access to value-added services as well as access to emergency services.

Artificial intelligence: huge potential if ethical risks are addressed

A European Parliament committee has issued a draft report saying that AI regulation should focus on the level of risk associated with specific uses. The draft text says that the public debate should shift towards a focus on the enormous potential of AI. According to the draft document, AI can substantially increase productivity, innovation, growth and job creation. The EU should not regulate AI as a technology; instead, the type, intensity and timing of regulatory intervention should solely depend on the type of risk associated with a particular use of an AI system. The text warns that the EU is currently falling behind in the global tech race that will determine the future political and economic global power balance. To remain both economically competitive and a global power, the EU needs to become a global power in AI. The draft report identifies policy options for unlocking the potential of AI in health, environment and climate change, competitiveness, and the labour market. It notes that autonomous AI systems are at odds with the information duties laid down in the GDPR, which has led to legal uncertainty and lack of cooperation in the health sector. The draft report (and any amendments) will be put to a vote in committee in March 2022, followed by a plenary debate and vote in May.

EUIPO paper considers misuse of payment services by IP infringers

The electronic payment ecosystem is complex and changing fast. In addition to the different payment cards, the development of internet and mobile payments, digital money transfers and electronic currencies gives rise to new services and new types of payment intermediaries. The European Union Intellectual Property Office has published a discussion paper which identifies a number of emerging trends and challenges that electronic payment service providers, intellectual property owners and law enforcement authorities are facing in counteracting the misuse of payment services for IP-infringing activities. Most importantly, it identifies existing good practices from electronic payment services providers that are seeking ways to limit the risks of their services being misused for such activities.

Published: 2021-11-19T11:00:00

    Please wait...