UK law
Online Safety Act 2023 (Priority Offences) (Amendment) Regulations 2025 made
The Online Safety Act 2023 (Priority Offences) (Amendment) Regulations 2025 SI 2025/1352 have been made. They amend the priority offences set out in Schedule 7 to the Online Safety Act 2023, adding offences under section 184 of the OSA 2023 (encouraging or assisting serious self-harm) into the Schedule. They come into force on 8 January 2025. Dating apps and social media platforms must also prevent cyberflashing, as it becomes a priority offence under the Online Safety Act. Ofcom will now consult on new codes of practice, setting out exactly what steps platforms must take to protect users from unsolicited sexual images.
UK government consults on draft Technology Transfer Agreements Block Exemption Order
The UK government is consulting on a draft Technology Transfer Agreements Block Exemption Order. The Secretary of State for Business and Trade has accepted the Competition and Markets Authority’s recommendation that an order should be made under section 6 of the Competition Act 1998 exempting certain technology transfer agreements from the prohibition of anticompetitive agreements set out in Chapter I of the Act. The Order will replace a similar block exemption, the assimilated Technology Transfer Block Exemption Regulation (TTBER), which was made under EU law and assimilated into UK law following the UK’s withdrawal from the EU. The assimilated TTBER expires on 30 April 2026. The new Order will largely maintain the current exemption regime, while introducing some limited changes. It will help make sure that businesses are not prevented or disincentivised from entering into agreements that the CMA considers to be essentially benign or beneficial. The draft explanatory memorandum provides a more detailed explanation of the draft legislation. The consultation ends on 9 February 2026.
House of Commons Public Bill Committee calls for evidence on Cyber Security and Resilience (Network and Information Systems) Bill
The House of Commons Public Bill Committee has issued a call for evidence on the Cyber Security and Resilience (Network and Information Systems) Bill. The Public Bill Committee will meet for the first time on 3 February 2026 to scrutinise the Bill line by line. and is expected to report by 5 March 2026.
Ofcom updates on investigation into online suicide forum
Ofcom has updated on its investigation into the provider of an online suicide forum under the Online Safety Act. Ofcom has put the provider of the suicide forum on notice that it is working towards issuing a provisional decision shortly in relation to breaches of the Act, and if its concerns are not addressed, it is prepared to seek a court order for business disruption measures.
Ofcom explains how AI chatbots are regulated under the UK Online Safety Act
Ofcom has published guidance about how AI chatbots are covered by the Online Safety Act. It sets out when providers of chatbot services must assess and reduce the risk of harm to users, especially children. The guidance explains which types of online services are in scope, where chatbots fall under the Act, how AI-generated content is treated, and Ofcom’s role as the UKs regulator for online safety.
Patents Court considers more RAND issues
In Acer Incorporated and others v Nokia Technologies Oy [2025] EWHC 3331 (Pat), the Patents Court considered two applications: Nokia’s challenge to jurisdiction and the Claimants’ (Acer, ASUS, and Hisense) requests for interim licence declarations. The Court dismissed Nokia’s jurisdiction challenge, confirming that the English court can determine RAND (Reasonable and Non-Discriminatory) terms for Nokia’s Standard Essential Patents (SEPs) declared to the International Telecommunication Union (ITU-T). Applying Swiss law, the Court interpreted the ITU-T RAND commitment as requiring Nokia to make offers on RAND terms that can be accepted and then grant licences, rejecting Nokia’s argument that it only required good faith negotiations. The Court held that RAND terms are objectively determinable under Swiss law and found Nokia in breach of its ITU-T commitment. It granted declarations that a willing licensor and licensee would enter interim licences pending the final RAND determination, setting out terms with adjustable payment mechanisms. However, it declined to declare Nokia an unwilling licensor.
Channel Islands
Jersey consults on new online safety law
The Government of Jersey is consulting on a new online safety law. It seeks feedback about proposed new legislation that places obligations on internet services to tackle illegal content and protect Islanders. The proposed legislation has two main objectives: to make it easier for people in Jersey to get illegal content or content which breaches the internet service’s own rules removed from social media, websites, and search engines, and to enhance online privacy by establishing clear guidelines to support the removal of images and videos that depict Islanders and are causing distress. Any proposed legislation needs to strike an appropriate balance between allowing freedom of expression and safeguarding the privacy of individuals in supporting needed cultural change. The consultation ends on 6 March 2026.
EU law
European Court of Justice considers privacy implications of body-worn cameras
In Integritetsskyddsmyndigheten v AB Storstockholms Lokaltrafik the ECJ held that when personal data is collected via body cameras worn by ticket inspectors on public transport, the obligation to inform data subjects falls under Article 13 of the GDPR, not Article 14. The case arose from a dispute between the Swedish Authority for Privacy Protection and AB Storstockholms Lokaltrafik, a public transport operator, over an administrative fine for failing to provide adequate information when collecting personal data through inspectors’ body cameras. The Court ruled that the decisive factor is the source of the data: because the data were collected directly from the individuals, Article 13 applies rather than Article 14. This interpretation was based on the wording of the provisions, their context within the GDPR’s transparency framework, and the overarching goal of ensuring strong protection of individuals’ fundamental rights regarding personal data. It means that data controllers must provide data subjects with all required transparency information immediately at the time they collect data.
European Commission publishes summary of responses to Digital Fairness Act consultation
The European Commission has published a summary of the responses to its consultation on a potential Digital Fairness Act. The feedback will inform the planned Digital Fairness Act, which the Commission intends to adopt before the end of 2026. The topics covered by the consultation were dark patterns; addictive design; specific features in digital products, such as video games; unfair personalisation practices; harmful practices by social media influencers; unfair marketing related to pricing; issues with digital contracts; and simplification measures.
European Commission publishes summary and responses to the consultation on the ongoing review of the Digital Markets Act
The European Commission has also published the responses to its consultation on the ongoing review of the Digital Markets Act. There was generally broad support for the DMA’s objectives and the view that the DMA has brought benefits. Some of the respondents sought a strengthening interoperability, data access and data portability, as well as support for SMEs. Some respondents also asked to expand the DMA’s scope, particularly in relation to AI and cloud services. Platforms expressed criticisms regarding impact on user experience, as well as concerns about proportionality. These contributions will feed into the Commission’s review report to be presented by 3 May 2026 to the European Parliament, the Council, and the European Economic and Social Committee.
