(5 min read)
As 2025 draws to a close, one theme stands out: resilience. Cloud outages reminded boards that contractual robustness and incident response belong at the heart of transformation. AI moved from pilot to governed deployment, while cyber threats and supplier risk intensified. Data centre investment surged, reshaping procurement, regulation, and dispute profiles globally. With change ever a constant, it looks as though 2026 will be another busy year for all of us in technology, so I hope you manage a small bit of downtime over the festive period!
Your regular insight into the legal edge of technology.
The most interesting thing that’s crossed my mind looking back on 2025?
As 2025 draws to a close, one theme stands out: resilience. Cloud outages reminded boards that contractual robustness and incident response belong at the heart of transformation. AI moved from pilot to governed deployment, while cyber threats and supplier risk intensified. Data centre investment surged, reshaping procurement, regulation and dispute profiles globally.
What GCs need to know this month
In this month's edition we spotlight key legal shifts from the EU’s “Digital Omnibus” to the UK’s Cyber Security and Resilience Bill and DORA designations, to help you plan confidently for 2026. Let’s dive in.
Chambers Technology M&A 2026 (UK): practical guidance from AG
Our Technology M&A partners authored the UK chapter of Chambers’ Global Practice Guide 2026, distilling the latest deal drivers, regulatory shifts (from AI/IP to FDI and competition), and execution know how for buyers, sellers and investors.
Explore the guide and book a 20 minute Tech M&A briefing with our team to discuss what these developments mean for your pipeline.
Read the Tech M&A Guide here.
New Report: Cloud without crisis
Recent high-profile outages have shown how a single failure can ripple across industries—shutting down operations and triggering legal, financial, and reputational challenges.
Our latest report reveals why resilience must be built into your cloud strategy from day one, not patched together after the fact.
Key Insights from the report
- Suspension rights: 81% of cloud contracts include suspension rights, creating a significant continuity risk for business-critical solutions.
- Termination rights: 69% provide termination rights for persistent or critical service-level failures.
- Data backup obligations: 58% include backup requirements, but many lack clarity on frequency and scope.
- Service credits: 71% offer service credits as a remedy for service-level failures.
Read the full report to learn how to contractually engineer resilience and reduce risk before the next outage hits.
Legal updates you might have missed
Digital omnibus to reform the EU's AI Act, cyber and data legislation
The recently published "Digital Omnibus" proposes sweeping changes to EU digital regulation, including a "stop the clock" on the AI Act, controversial changes to the GDPR and a new trade secrets exception to the sharing of IoT / connected products data required by the Data Act. You can read a quick digest from our Data and IP Teams here.
Cyber Security and Resilience Bill aims to strengthen UK cyber defences
Bringing data centres and managed service providers within the scope of the NIS Regulations, establishing a new critical supplier designation regime and implementing more robust incident reporting requirements are the key changes proposed by the UK's new Cyber Security and Resilience Bill. You can find the Government's full factsheet here.
EU ploughs ahead with FS Critical Third Party suppliers while UK justifies delay
The EU has designated the first Critical Third Parties under DORA, publishing the full list here. Meanwhile, pressure from the Treasury Committee has led the UK Government to confirm (in published correspondence between them available here) that its own timeframe for an equivalent designation under the CTP Regime is "within the next twelve months".
