This Week’s Techlaw News Round-up

July 4, 2025

UK law

CMA consults on pricing under the DMCC Act

The CMA is consulting on draft guidance for businesses on the price transparency provisions of the Digital Markets, Competition and Consumers Act 2024 which is very relevant for online pricing. The guidance details:what an invitation to purchase is; what pricing information needs to be included in an invitation to purchase (and what to avoid including “drip” and “partitioned” pricing); what traders need to do to ensure they are complying with the new requirements to provide the total price of the product in their invitations to purchase, and what they need to do instead if this is not possible; and how the new requirements apply to specific types of charges and pricing practices and the steps that traders can take to ensure they are complying with the new requirements.  The consultation ends on 8 September 2025.

Investigatory Powers (Amendment) Act 2024 (Commencement No 3) Regulations 2025 made

The Investigatory Powers (Amendment) Act 2024 (Commencement No 3) Regulations 2025 (SI 2025/722) have been made. The Regulations are the third commencement regulations made under the Investigatory Powers (Amendment) Act 2024 which itself amends the Investigatory Powers Act 2016. The Regulations commence the remaining two provisions of the 2024 Act. Regulation 2 commences provisions relating to review of notices by the Secretary of State (section 18); and notification of proposed changes to telecommunications services etc (section 21).

Online Safety Act 2023 (Fees Notification) Regulations 2025 made

The Online Safety Act 2023 (Fees Notification) Regulations 2025 SI 2025/747 have been made under the Online Safety Act 2023. They describe the evidence, documents or other information that providers of regulated services must supply to Ofcom for the purposes of section 83 of the Act, including provision about the way in which providers must supply the evidence, documents or other information. Section 83 of the Act places a duty on the providers of regulated services to notify Ofcom in certain circumstances. These include the circumstances specified in section 83(1)(a) and (b)(i) of the Act. The purpose of a notification in these circumstances is to enable Ofcom to calculate any fees payable by that provider to Ofcom under Part 6 of the Act. Section 83(3) of the Act prescribes the details that must be included in a notification under section 83(1)(a) and (b)(i). Regulation 3(2) to (4) describes the evidence, documents or other information that are required to be included in such a notification, and which will substantiate the details prescribed in section 83(3) of the Act. Regulation 3(5) includes provision about the manner in which providers must supply such evidence, documents or other information to Ofcom. It does so by expressly incorporating a “Manner of Notification” document, published separately by Ofcom on its website.

Reporting Cryptoasset Service Providers (Due Diligence and Reporting Requirements) Regulations 2025 made

The Reporting Cryptoasset Service Providers (Due Diligence and Reporting Requirements) Regulations 2025 SI 2025/744 have been made.  The implement the rules and commentary set out in the OECD Crypto-Asset Reporting Framework first published in 2022 and subsequently amended in June 2023 and October 2023. They impose obligations on certain individuals and entities that make available a trading platform or provide a service effectuating exchanges between cryptoassets and fiat currencies or between one or more forms of certain cryptoassets, where those individuals or entities have a relevant nexus to the UK.  Those service providers are required to carry out due diligence on users of their services, to report information about those users to HMRC and to notify those users that the information will be reported to HMRC.  They come into force on 1 January 2026.

EU law

European Commission seeks feedback on the review of the Digital Markets Act

The European Commission has consulting on the first review of the Digital Markets Act. The Commission seeks feedback on the impact and effectiveness of the DMA and its readiness to face emerging challenges, such as the roll-out of AI-powered services. Based on feedback, the Commission will prepare a report assessing the impact of the DMA, which will be presented to the European Parliament, the Council and the European Economic and Social Committee. The Commission is required to conduct a review of the DMA by 3 May 2026, and subsequently every three years. The consultation ends on 24 September 2025.

European Commission launches strategy to make Europe Quantum leader by 2030

The European Commission has put forward the Quantum Strategy to make Europe a global leader in quantum by 2030. The Strategy aims to foster a resilient, sovereign quantum ecosystem that fuels startup growth and transforms breakthrough science into market-ready applications, while maintaining Europe’s scientific leadership. The Strategy targets five areas: research and innovation, quantum infrastructures, ecosystem strengthening, space and dual-use technologies, and quantum skills.

ENISA publishes technical guidance on cybersecurity risk management measures

The European Union Agency for Cybersecurity (ENISA) has published technical guidance aimed at supporting member states and in-scope entities to implement the technical and methodological requirements for the cybersecurity risk management measures that will apply to certain, critical entities in the digital infrastructure sector under Directive (EU) 2022/2555 (NIS 2 Directive). The NIS2 Directive sets out requirements for cybersecurity risk management measures in 18 critical sectors, such as digital infrastructures, energy, transport or health, which have to be transposed into national law. For the NIS2 Digital Infrastructure and the ICT service management sectors these cybersecurity requirements are further elaborated at EU level, by Commission Implementing regulation 2024/2690.