UK law
Online Safety Super-Complaints (Eligibility and Procedural Matters) Regulations 2025 made
The Online Safety Super-Complaints (Eligibility and Procedural Matters) Regulations 2025 SI 2025/919 have been made. They set out the criteria that an entity must meet to be an “eligible entity” for this purpose and contain provision about procedural matters relating to such complaints. They come into force on 31 December 2025.
CMA issues results of sweep of 100 businesses
The CMA published new fake reviews guidance in April 2025. It allowed for a three month adjustment period to enable businesses to digest the guidance and make any necessary changes. That has now concluded, and the CMA has now completed a website review of more than 100 businesses. The review has focused on whether those businesses have published policies on their websites prohibiting fake reviews; outlined how they approach incentivised reviews (such as banning them or making it clear that they must be labelled and genuine). The CMA found that more than half of the businesses (54 in total) could be failing to comply with the CMA’s guidance. Some companies appeared to have no policy in place banning fake reviews, nor could a policy be found setting out their approach to incentivised reviews. Others had policies in place, but they were unclear, incomplete or inaccessible. The results have raised concerns over businesses’ understanding of their obligations around the prevention of fake and misleading reviews. Therefore, the CMA is writing to those 54 firms highlighting that businesses must have measures in place to prevent fake reviews from appearing on their sites, including clear and easily accessible policies. The CMA is advising them to review the fake reviews guidance to see if further changes to their current approach and policies are needed. Any company that receives a letter is being asked to respond to the CMA explaining what changes, if any, they have made, or are making, to comply with the law.
Report on digitisation of shareholdings issued
The Digitisation Taskforce has published its final report regarding reforms to the UK’s shareholding framework. The Taskforce believes that an ultimate move to a fully intermediated system of shareholding is the right model for the UK in the longer-term but recommends a staged process to achieve this. In its report, which covers companies whose securities are traded publicly, the Taskforce sets out three steps, with various recommendations in each step, that it envisages for the digitisation process removal of paper shares and establishment of digitised registers; preparing for a fully intermediated system’ and all shares transition into the intermediated securities chain.
Human Rights Committee launches inquiry into AI and human rights
The Joint Select Committee on Human Rights has launched a new inquiry to examine how human rights can be protected in the age of AI. AI technologies may offer significant benefits to individuals and society, but there are fears that they also pose serious risks. Concerns have been raised around the data underpinning AI models perpetuating societal biases and discrimination. Increased use of AI in surveillance could conflict with an individual’s right to privacy or freedom of expression. Those who have their rights breached could also face increased difficulty in seeking justice where decisions have been made using opaque AI systems. The Joint Committee will examine the threats and opportunities AI offers for human rights in the UK. It will also consider whether existing legal and regulatory frameworks are sufficient to protect human rights and keep pace with AI development. It is accepting evidence until 5 September.
ASA issues statement on video sharing regulation
In last week’s techlaw round-up, we wrote that the video sharing regime was repealed. All in scope video-sharing platforms (VSP) are now regulated in full under the Online Safety Act. The ASA has issued a statement highlighting that advertising carried by VSPs continues to be regulated under the CAP Code, as it was throughout the four-year lifespan of the VSP regime, but no longer with the addition of rules originating in the Communications Act 2003 (as amended). The rules in question have been removed from Appendix 3 to the CAP Code and replaced with a short statement noting repeal of the regime on 25 July 2025.
Ofcom investigates 34 porn sites under new age-check rules
Ofcom has launched investigations into the compliance of four companies, which collectively run 34 pornography sites with new age-check requirements under the Online Safety Act. It is investigating if the following providers have highly effective age checks in place to protect children from encountering pornography across 34 websites: 8579 LLC, AVS Group Ltd, Kick Online Entertainment S.A. and Trendio Ltd. These companies have been prioritised based on the risk of harm posed by the services they operate and their user numbers. These new cases add to Ofcom’s 11 investigations already in progress into 4chan, an online suicide forum, seven file-sharing services, First Time Videos LLC and Itai Tech Ltd. Ofcom expects to make further enforcement announcements in the coming weeks and months. It will now gather and analyse evidence to determine whether any contraventions have occurred. If its assessment indicates compliance failures, it will issue provisional notices of contravention to providers, who can then make representations on its findings, before it makes its final decisions. It will provide updates on these investigations as soon as possible.
ICO publishes guidance on profiling in context of online safety rules
The ICO has published guidance explaining the data protection and privacy considerations to take into account when using profiling in trust and safety processes, including to comply with the requirements of the Online Safety Act 2023. The guidance follows the ICO’s guidance on content moderation and data protection and it should be read alongside this guidance where relevant (eg if firms deploy both content moderation and profiling tools in their trust and safety systems). This guidance sets out how organisations deploying profiling tools, or providing these tools, for trust and safety systems can comply with the UK GDPR and the Data Protection Act 2018, as well as the Privacy and Electronic Communications Regulations 2003.
Law Commission publishes discussion paper on AI and the law
The Law Commission has published a discussion paper on AI and the law. It aims to raise awareness of legal issues regarding AI, prompting wider discussion of the topic, and to act as a step towards identifying those areas most in need of law reform. The paper explains what AI is and how it works, and considers how it might raise legal issues in private, public and criminal law under the following themes: AI autonomy and adaptiveness; interaction with and reliance on AI.; and AI training and data. The paper does not contain proposals for law reform. The Law Commission has already completed work relating to or involving AI, including on automated vehicles, and with respect to AI deepfakes in its project on intimate image abuse. It also has an ongoing project relating to AI, on aviation autonomy, as well as a pending project on product liability, which will consider AI. It anticipates that AI will increasingly affect the substance of its law reform work, including, potentially, as the focus of future projects.
CMA ends its cloud services market investigation
The CMA was investigating the supply of public cloud infrastructure services in the UK. This market investigation has now closed. The market investigation has recommended that the CMA use its digital markets powers under the Digitla Markets, Competition and Consumers Act 2024 to prioritise commencing strategic market status (SMS) investigations, to consider designating the two largest providers, Microsoft and Amazon Web Services (AWS), with SMS in relation to their respective digital activities in cloud services. In June 2025 the CMA said in a press release that it will keep under review possible options for further designation investigations, and anticipates that the CMA Board will consider options in early 2026.
EU law
European Parliament publishes study on AI and civil liability
The European Parliament’s Policy Department for Justice, Civil Liberties and Institutional Affairs has published a study about AI and civil liability. The European Commission proposed a Directive to address liability in AI in 2022, but in February 2025, it announced that it was withdrawing its proposal for an AI Liability Directive (AILD) from the 2025 Work Programme. The study considers four options to deal with AI liability, preferring a strict liability regime targeting high-risk systems. However, it also says that a fault-based liability rule would improve on the AILD. The other options are withdrawing the AILD altogether and keeping it in its current form.
European Commission preliminarily finds Temu in breach of the Digital Services Act in relation to illegal products on its platform
The European Commission has preliminarily found Temu in breach of the obligation under the Digital Services Act (DSA) to properly assess the risks of illegal products being disseminated on its marketplace. Evidence showed that there is a high risk for consumers in the EU to encounter illegal products on the platform. Specifically, the analysis of a mystery shopping exercise conducted by the Commission found that consumers shopping on Temu are very likely to find non-compliant products among the offer, such as baby toys and small electronics. According to the Commission’s analysis, Temu’s risk assessment of October 2024 was inaccurate and relying on general industry information rather than on specific details about its own marketplace. This may therefore have led to inadequate mitigation measures against the dissemination of illegal products. The Commission will continue its investigation in relation to other suspected breaches opened in October 2024, including the effectiveness of its mitigation measures, the use of addictive design features, the transparency of its recommendation systems, and its access to data for researchers. Temu now has the possibility to exercise its rights of defence by examining the Commission’s investigation file and by replying in writing to the Commission’s preliminary findings. In parallel, the European Board for Digital Services will be consulted.
