UK law
Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) (Amendment) (No 2) Regulations 2025 laid
The Department for Science, Innovation and Technology (DSIT) has laid the draft Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) (Amendment) (No 2) Regulations 2024 in parliament under sections 2(6), 6(4) and 77(5) of the Product Security and Telecommunications Infrastructure Act 2022. Under the draft regulations, a Japanese or Singaporean consumer connected device manufacturer, for example of smart televisions, will be able to make their product available in the United Kingdom provided they have a valid label issued by the certifying body in their home country and that the label has not expired. They will not need to separately demonstrate compliance with the UKs own security requirements, set out in Schedule 1 to the 2023 Regulations, or have their products accompanied by a statement of compliance as required by section 9 of the 2022 Act, because their qualification for the Japanese and Singaporean labelling regimes already demonstrates that they meet the UK’s security requirements.
Court of Appeal clarifies rules on keeping financial details confidential in patent disputes
In the case InterDigital Inc & others v Optis Cellular Technology LLC & others [2025] EWCA Civ 1263, the Court of Appeal decided that certain confidential financial information should stay redacted in a published judgment. The case involved a dispute over licensing terms for patents essential to industry standards (Standard Essential Patents or SEPs), specifically between Optis and Apple. The key issue was whether financial details from third-party licence agreements that had been shared during the case should be made public. The court looked at whether the judge had used the right legal test to decide what should stay confidential. There was debate over whether a newer legal approach from the case of JC Bamford Excavators v Manitou had replaced the older method used in Unwired Planet v Huawei and InterDigital v Lenovo. The Court of Appeal concluded that there isn’t a new test, just one established approach that balances the principle of open justice with the need to protect confidential information. Applying this, the court ruled that revealing the financial details would harm the companies involved, so they should remain redacted.
Regulations on child sexual exploitation and abuse content reporting repealed
The government is repealing two Regulations that would have brought into force requirements in the Online Safety Act 2023 for user-to-user (U2U) services to report child sexual exploitation and abuse (CSEA) content to the National Crime Agency (NCA).
Ministerial letter on cyber security sent to leading UK companies
Hostile cyber activity in the UK is growing more intense, frequent and sophisticated. In light of recent cyber incidents, the government has written to leading UK companies with urgent advice to help ensure they are best protected against cyber threats. The letter sets out three actions large businesses can take to improve their cyber resilience: make cyber risk a Board-level priority using the Cyber Governance Code of Practice; sign up to the National Cyber Security Centre’s Early Warning service; and require Cyber Essentials in the supply chain. The letter is being sent to all companies in the FTSE100 and FTSE250, as well as a number of other leading UK firms and also refers to the forthcoming Cyber Security and Resilience Bill, which aims to increase protections for essential and digital services.
Ofcom consults on designation of radio selection services (smart speakers)
The Media Act 2024 introduced rules aiming to secure the availability of online streams of broadcast radio services via voice-activated devices. It defines these services as radio selection services (RSS) and requires designated RSS (DRSS) to reliably provide the online stream of a UK broadcast radio service in response to a user’s voice command, amongst other requirements. Before deciding which services to designate, the Secretary of State must first receive a report from Ofcom setting out our recommendations. Ofcom is now consulting on which RSS it proposes to recommend for designation and why. Ofcom’s provisional view is that the following three RSS should be recommended for designation to the Secretary of State: Amazon’s Alexa, Google Assistant, and Apple’s Siri. Next year, Ofcom intends to consult on a Code of Practice setting out how DRSS can comply with their new duties under the Media Act. It will also provide information for internet radio services (IRS) about how they can notify us that they wish to benefit from the new regime. The consultation ends on 11 December 2025.
AI and Digital Hub pilot report published
The Digital Regulation Co-operation Forum has published a report about its AI and Digital Hub pilot. The AI and Digital Hub pilot was the Digital Regulation Cooperation Forum’s trial of a multi-agency advice service, designed to support innovators navigating the evolving regulatory landscape for AI and digital technologies. The Hub offered free, informal, cross-regulatory advice, particularly to organisations whose propositions spanned the remits of at least two DRCF member regulators. The pilot showed that a cross-agency Hub can offer significant value for both innovators and regulators. It highlighted several lessons that will shape future DRCF initiatives and may be useful for other regulators considering similar services. The AI & Digital Hub has demonstrated the value of a new model of regulation, one that is collaborative, adaptive, and connects with real world innovation. Insights from the pilot are now informing the next phase of the DRCF’s work. This next phase will focus on expanding the Hub’s reach and impact through more thematic engagements and advice, building on the DRCF’s role as a cross-cutting body that delivers benefits to innovators and strengthens the UK’s digital economy.
DRCF calls for views on Agentic AI and regulatory challenges
The DRCF has also called for views about Agentic AI and regulatory challenges. It is part of the DRCF’s Thematic Innovation Hub, which aims to foster dialogue and surface insights from innovators and stakeholders. The DRCF wants to understand the practical challenges and regulatory uncertainties businesses are facing when developing or deploying Agentic AI. It is asking what are the key regulatory challenges you face when adopting or developing Agentic AI? Are there specific areas (e.g. data protection, liability, consumer protection, competition, copyright) where clarity is most needed? How do current regulations support or hinder innovation in Agentic AI? What kinds of informal advice, engagement, or support would be most helpful? Are there sector-specific concerns (e.g. legal services, finance, telecoms) that should be considered? What future risks or opportunities do you foresee in the use of Agentic AI? The call for views ends on 6 November 2025
New HMRC manual pages listing partner and reportable jurisdictions for digital platform tax reporting rules
HMRC has published new pages in its International Exchange of Information Manual with updated lists of partner jurisdictions and reportable jurisdictions for the purposes of the tax reporting rules for digital platforms in the Platform Operators (Due Diligence and Reporting Requirements) Regulations 2023 (SI 2023/817) (which implement the OECD’s model tax reporting rules for digital platforms in the UK).
EU law
European Commission consults on evaluation of Geo-blocking Regulation
The European Commission is carrying out an evaluation of the Geo-blocking Regulation. The consultation aims to gather information on and insights into the Regulation’s functioning and collect evidence on its implementation, application and enforcement. The evaluation will consider issues raised by stakeholders, such as territorial supply constraints and cross-border availability of (and access to) copyright-protected content. The consultation ends on 29 December 2025.
EU AI Act service desk and information platform launched
The European Commission has launched the AI Act Service Desk and the Single Information Platform to help organisations find information about the EU AI Act and understand their compliance obligations. It will serve as a central hub where stakeholders can find all relevant information on the AI Act, navigate its content, understand how it applies, and access tailored guidance on its implementation.
EDPB selects EU GDPR transparency and information obligations as 2026 coordinated enforcement action topic
During its October plenary, the European Data Protection Board chose the topic for its fifth coordinated enforcement action, which will relate to compliance with the obligations of transparency and information under the GDPR. In a coordinated action, the EDPB prioritises a certain topic for national regulatory authorities to work on at national level. The results of these national actions are then aggregated and analysed to generate deeper insight into the topic and allowing for targeted follow-up at both national and EU level if needed. Participating regulators will join this new action on a voluntary basis in the coming weeks and the action itself will be launched over the course of 2026.
