12. Dezember 2024
Radar - December 2024 – 1 von 2 Insights
2024, the year of elections, has seen many incumbent governments (including the UK's) unceremoniously ejected. That has held up or derailed some legislation in the UK and EU but it has been a busy year with the legislative and regulatory agenda pushing on despite political change.
In our annual roundup, we look back at key UK and EU-level legal and regulatory developments in:
You may also be interested in our predictions for what to expect in 2025 and don't forget our Digital Legislation Tracker and Digital and Data legislation guide.
AI – how to develop it, how to harness it, how to exploit it, and how to mitigate associated risks – has dominated 2024 with the highpoint (in legislative terms at least) being the finalised EU AI Act. As the UK hovers on the brink of introducing AI legislation itself, the US looks set to see a policy U-turn as President-elect Trump has said he will overturn President Biden's Executive Order on AI. A vast array of consultations and reports have come out from across sectors and countries, and there have been a number of cross-border initiatives but, unsurprisingly, no global consensus. Here are some of 2024's UK and EU legislative and policy highlights as well as some international initiatives – inevitably only a selection.
You can also see our predictions for next year here, view our full range of insights on AI here, and sign up to our AIQ quarterly AI newsletter here. Data protection issues relating to AI are covered in the Data section of this update.
AI Act
The EU's AI Act was published in the Official Journal on 12 July 2024. Hailed by the EU as a global first, the AI Act is the most comprehensive attempt to regulate the use of AI to date. It takes a risk-based approach to AI, aiming to strike a balance between innovation and regulation while protecting fundamental rights.
The AI Act covers all AI systems placed on the EU market, whether or not by an EU business (subject to limited exceptions).
The main obligations apply to providers and deployers of AI systems (subject to limited exceptions). However, importers, distributors, and product manufacturers are also caught. Those in scope will have to comply with a wide range of safety and governance duties which, depending on the nature of the AI system and the role of the business, may include transparency requirements, incident reporting, risk management, compliance and monitoring, and documentation and record keeping, to name a few.
The AI Act imposes penalties for non-compliance of up to €35 million or 7% of annual global turnover for prohibited AI practices, up to €20 million or 4% for high-risk system violations, and fines of up to €7.5 million or 1.5% for providing incorrect or misleading information. Smaller penalties apply to SMEs.
The AI Act came into force on 1 August 2024 and will be brought in largely over a three-year period with rules applying to prohibited systems applying at six months, to GPAIs at 12 months, to high-risk systems under Annex III at 24 months, and to high-risk systems that are products or safety components of products covered by legislation set out in Annex I, at 36 months.
You can see summary tables of AI Act obligations here, and of its impact on key sectors here.
In May, the European Commission announced the establishment of its AI Office which aims to enable future development, deployment and use of AI in a safe and beneficial way, collaborating with Member States and other relevant bodies. It will also play a key role in implementation of the AI Act. An AI Pact – a voluntary scheme to foster early implementation of measures in the AI Act - was launched in September and has been signed by over 130 companies including Amazon, Google and Microsoft.
Around the AI Act and AI-related issues more widely, the European Commission published a range of consultations, Q&As and other initiatives including:
AI Liability Directive
Progress on the draft AI Liability Directive has stalled this year although it remains on the legislative agenda of the new European Parliament. Intended to clarify liability rules around AI, there are concerns that it overlaps both with the AI Act and with the newly revised Product Liability Directive.
The most recent version of the Directive reportedly contains substantial revisions. Some changes have been made to tie in with the final version of the AI Act, but the new draft also includes wording which might significantly expand the liability of those who unlawfully make high-risk AI operational.
A European Parliament Committee impact assessment published in September 2024, proposed a Directive more focused on software liability than on AI although again it's unclear how this would work with the revised Product Liability Directive which does expand the definition of products it covers to software including AI systems.
New legislation to come
New AI legislation was announced by the government in the King's Speech of 17 July 2024. The aim of the legislation is to "seek to establish the most appropriate legislation to place requirements on those working to develop the most powerful AI models”. Curiously, there was no elaboration on what the legislation might cover in the background briefing notes to the speech although it seems clear that any proposed legislation would be far less comprehensive than the EU's AI Act and there is widespread agreement that it will focus on safety of frontier systems.
Transparency and the right to opt out of having copyrighted materials used to train AI models are expected to be a focus but there has also been talk of introducing an extended TDM (text and data mining) exemption similar to the one in the EU Copyright Directive – an initiative rejected by the then UK government in January 2024 – to cover TDM for commercial purposes under certain circumstances (see here for more on this issue). Another area in which there are mixed messages is whether or not the AI Office will be put on a statutory footing.
Whatever the AI legislation contains, it will be a departure from the previous government's policy as stated in its White Paper on AI, published in March 2023, and the subsequent response to the consultation, published in February 2024, which concluded there was no need for AI-specific legislation (although there were rumours the government was working on AI legislation just before the 2024 general election) and adopted a sector-focused, risk-based approach to AI.
Two Private Members' Bills on AI – the most recent focusing on the use of AI in the public sector - were variously debated and introduced. While unlikely to reach enactment, they provide a focus for discussion. The Trades Union Congress (TUC) also produced its own 'AI Bill' proposals focusing on the use of AI in the workplace as we discuss here.
Peter Kyle, Secretary of State for the Department for Science, Innovation and Technology (DSIT), is poised to publish the government's AI Plan by the end of the year (and may already have done so by the time you read this article), potentially alongside a consultation on new legislation. Matt Clifford’s AI Opportunities Action Plan will also look at infrastructure, talent and data access to boost AI adoption across the economy and public sector, alongside a new Treasury-commissioned review on digital adoption from Angle McLean and Dave Smith.
UK government reports and consultations
In addition to the above initiatives, the previous and current UK governments have published a range of reports, guidance and consultations on AI including:
UK regulators
In May the government published Regulators' strategic approaches to AI. Regulators were asked to submit these by the end of April to set out steps they are taking in line with expectations set out in the government's AI White Paper. It's unclear the extent to which these will still be relevant once the Labour government publishes its AI plans.
Over the course of the year, the Competition and Markets Authority (CMA) scrutinised but did not ultimately pursue Microsoft's aquihire of AI startup Inflection staff and Amazon's partnership with Anthropic. Nonetheless competition in AI remains a hot topic as Taylor Wessing's Paolo Palmigiano discusses here. The CMA also turned its attention to AI foundation models, publishing an update paper and a technical update report in April. In July, the CMA signed a joint statement with the US Federal Trade Commission, the US Department of Justice and the European Commission. They have agreed to share understanding of competition issues around foundation model AI and to use their powers to address any risks.
In April, The Digital Regulatory Cooperation Forum (DRCF) announced the launch of its pilot advisory service to provide informal advice to support innovation and enable economic growth. It will support innovators working on AI or digital products to help them tackle complex regulatory issues which span across more than one participating regulator's remit in relation to products, services or business models which are digital or use AI, which are innovative and which are likely to benefit consumers, businesses or the UK economy. The DRCF will publish case studies of queries and responses raised on the hub.
On 10 May 2024, the UK's AI Safety Institute unveiled a new AI-safety testing platform intended to strengthen and accelerate global safety evaluations. The platform, known as 'Inspect', will make it easier for a wide range of groups to develop AI evaluations and to test and develop new open source AI-safety tools. The platform is essentially a software library which allows testers to assess specific capabilities of individual models and produce a score based on their results. It is open source and free to use.
On 17 October 2024, the FCA announcedthe launch of an AI Lab intended to help firms overcome challenges in building and implementing AI solutions and enable them to support the government's work on safe and responsible AI development. On 4 November 2024, the FCA published a page on its AI Input Zone online feedback platform, seeking views on likely AI use cases in financial services.
International initiatives
It's impossible to list everything going on around regulating AI globally here, but as the world struggles with the issue that localised and therefore diverging regulation is not necessarily the most appropriate response, there have been some important cross-border and international developments, including:
In March 2024, the G7 countries issued declarations setting out how they will work together on a new report looking at ramping up AI adoption. They also plan to create a new semiconductor group to deepen collaboration on R&D priorities and sustainable manufacturing, and create an AI toolkit to support safe and trustworthy deployment of AI in the public sector.
The UN adopted its first resolution on AI safety on 21 March 2024. This calls on nations to stop using AI in ways that violate or pose risks to international human rights law. The resolution also calls for cross-border cooperation and was signed by 120 member countries.
The UK and US AI Safety Institutes signed an MoU on 1 April 2024 aiming to work together on AI safety research. This will include developing tests for advanced AI models and working together to align approaches and evaluation suites for AI models, systems and agents.
In May, the UK government published the interim International scientific report on the safety of advanced AI ahead of the AI Seoul Summit in May. The final report will be published ahead of the AI Action Summit in France in 2025. Leaders also signed the wider Seoul Declaration supporting international cooperation to develop safe AI suitable for tackling some of the world's biggest problems.
On 6 May 2024, France and China issued a joint declaration on AI. The declaration sets out the intention for greater exchange on international governance of AI and protections against related risks, and a commitment to promoting safe, secure and reliable AI systems.
The UK and Canada announced an AI safety partnership on 20 May 2024.
On 17 May 2024, the Council of Europe adopted a legally binding international treaty, the Framework Convention on artificial intelligence and human rights, democracy and the rule of law. It covers the use of AI by public bodies and their private sector contractors across the AI lifecycle and is aimed at protecting fundamental rights and freedoms. The UK, EU and USA are among those signed up to the legally binding treaty drafted by over 50 countries including Japan, Israel, Australia and Canada.
The OECD adopted revisions to the OECD Principles on Artificial Intelligence on 3 May 2024, to ensure they address AI-associated risks relating, in particular to the emergence of general-purpose and generative AI. The OECD is also working on a draft voluntary code of conduct proposed by the G7 as part of the Hiroshima process and published a report on data governance and privacy in AI. The report sets out six policy considerations to harmonise AI advancements and privacy principles, including fairness, transparency and explainability, accountability, and cooperation.
With major online safety legislation taking effect in the UK and the EU, this has been a hot topic all year and will continue to be going forward, particularly as the UK's Online Safety Act (OSA) starts to bite. Children's safety online is a significant area of focus in both the UK and across the EU. We're also seeing international collaboration efforts, notably by the Global Online Safety Regulators Network, which aims to enhance coherence and consistency between international regulators on online safety and to share information and expertise.
For more on online safety, see here and you can read our predictions for next year here.
The UK's Online Safety Act (OSA) was passed on 26 October 2023 and regulates user-generated online content, with a focus on illegal content and content that is harmful to children. Much of the detail around compliance has not yet been finalised although things are about to ramp up as Ofcom Codes of Practice and guidance are finalised and safety duties commence. As we discussed here, Ofcom published a revised compliance timeline on 17 October 2024. Illegal harms safety duties are likely to become enforceable in March 2025 as the illegal harms statement containing the illegal harms Codes of Practice and risk assessment guidance is due to be published imminently. Part 5 safety duties are likely to apply even earlier.
The biggest change to the timeline relates to categorised services. Owing to the timing of the election, the Secretary of State has not yet confirmed categorisation thresholds although this is expected by the end of the year. The register of categorised services will then be published in Summer 2025 with proposals on additional duties for categorised services due not later than early 2026.
Over the course of 2024, Ofcom has been ramping up towards an operational regime with a multitude of consultations including:
Ofcom has also been focusing on risks associated with GenAI, publishing a discussion paper on how red teaming can help mitigate the risk of harms caused by GenAI in July.
Over the course of 2024, secondary legislation was introduced to bring the majority of the OSA into force and, in some cases, to amend or complement it. This includes by adding new offences relating to sharing intimate images without consent (revenge porn) and creating deepfakes with sexual content (Ofcom published a discussion paper on Deepfake defences – Mitigating the harms of deceptive deepfakes on 23 July 2024), as well as to deal with the transition of the regulation of video sharing providers from the Communications Act to the OSA. The government is considering amending the Criminal Justice Bill to criminalise making a sexually explicit deepfake image where the perpetrator wants to cause alarm, humiliation or distress to the victim. The draft Data (Use and Access) Bill also makes some amendments to the OSA in relation to research information and information accessible to coroners on the death of a child.
On 20 November 2024, the government published its draft Statement of Strategic Priorities (SSP). Ofcom must have regard to these when carrying out its regulatory functions, including enforcement, and will be required to report back to the Secretary of State on the actions it has taken against the priorities. The reports against the SSP will help inform government action on online safety. The priorities will now be finalised with the input of online safety experts and campaigners ahead of Ofcom's starting to enforce the first safety duties under the OSA from Spring next year.
Partly but not entirely as a result of the riots over the summer in which Ofcom found mis- and dis-information on social media platforms to have played a part, Ofcom has urged social media platforms to begin complying with the Online Safety Act even though it is not yet fully applicable. The government has also said it will keep the new online safety rules under review, particularly in relation to social media platforms and children, and is widely reported to be considering banning under-16s from using them as part of an upcoming consultation.
Digital Services Act (DSA)
The EU's Digital Services Act (DSA) is similar to but different from the OSA in scope in that it deals with obligations and accountability of online intermediaries and platforms for illegal content. It began applying to Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs) in August 2023 and to other companies in February 2024. This year, we've seen more designations, although some have continued to challenge those designations, so far largely without success.
Notably, the EC hit the ground running in terms of enforcing the DSA, with a wide range of businesses including X, Temu, Meta, LinkedIn, Bing, Google search, Facebook, Instagram, Snapchat, TikTok, YouTube, AliExpress, TikTok, Pornhub, Stripchat and XVideos among those coming under scrutiny, whether in terms of receiving requests for information, or in some cases, on the receiving end of formal proceedings from both the Commission and national regulators.
The range of general compliance issues attracting attention across different businesses is extremely wide and includes:
Member States did less well on enforcement as by July, eight had still not appointed responsible authorities and/or had not given them sufficient resources leading to the EC opening infringement proceedings against them.
The EU published guidelines under the DSA in the Official Journal on 26 April 2024. These set out recommended measures for VLOPs and VLOSEs to help them mitigate systemic online risks which may impact the outcome of elections. On 31 July 2024, the European Commission launched a call for evidence to inform guidelines to help online platform providers comply with the requirement to protect the privacy, safety and security of minors online under the DSA. The draft guidelines will be subject to consultation in 2025.
The European Commission launched a consultation on draft delegated regulation under the DSA on 29 October 2024. The draft regulation will specify the technical conditions under which data sharing as required by Article 40 DSA will take place, what the data can be used for and the procedures for accessing it. The regulation is expected to be published in early 2025.
The Appeals Centre Europe was certified as the first independent out-of-court settlement body under the DSA. Based in Dublin, it will resolve disputes relating to social media, initially allowing EU users of Facebook, TikTok and YouTube to seek redress for the impact of incorrect content moderation decisions. See our article for more.
CSAM Regulation
The Regulation permitting continuation of certain derogations of the ePrivacy Directive under an Interim Regulation to combat child sexual abuse online (CSAM) was adopted on 29 April 2024. The original Interim Regulation is being extended to 3 April 2026 to allow time for the EU's CSAM Regulation to come into effect. Controversies relating to potential breaking of encrypted services like WhatsApp are reportedly delaying progress of the CSAM Regulation. Meanwhile, the EU is discussing amending the 2011 Child Sexual Abuse Directive to include AI-generated pornography.
Political Advertising Regulation
The EU's Political Advertising Regulation came into effect in April 2024. Read more on that here and read our series of articles on democracy in the digital age here.
We've seen a number of significant steps by businesses to address online safety concerns, Meta being a case in point. In January, Meta started rolling out new content policies for teenagers which involve it restricting potentially harmful content from under-18s where the content is sensitive or age-inappropriate. Certain types of content will not appear in feeds even where generated or shared by someone followed by the user. Meta has also begun hiding more search results on Instagram relating to suicide, self-harm and eating disorders from teenagers and redirecting them to resources to help them. Teens will automatically be placed on the most restrictive content settings on Instagram and Facebook. This already applies to teens joining the platforms but is now being rolled out to those already on them. Teens will also be regularly prompted to check their privacy settings.
In January, Meta also announced the launch of new safety tools and procedures to protect children on their platforms, including in encrypted chats. Teens will, by default, be set on Instagram so they can only be messaged or added to group chats by people they already follow or are connected to. The changes will apply to under-16s (or under-18s in some countries). On Messenger, the same groups will have their default settings changed so they can only receive messages from Facebook friends or phone contacts. Meta is also launching a new feature designed to help protect teens from seeing unwanted and potentially inappropriate messages from people and dissuade them from sending this type of message.
On 17 September, Instagram announced the introduction of Instagram Teen Accounts to provide greater privacy by default. Teen accounts will limit who can contact teens and the content they see. Teens will automatically be given teen accounts and those under 16 will require parental permission to change default settings. Teens will also get access to a new feature which allows them to select types of content they want to see more of and receive notifications suggesting they leave their devices after 60 minutes each day. Sleep mode will be activated between 10pm and 7am which will automatically mute notifications. Online safety campaigners say the controls are easy to circumvent. The ICO has reminded platforms that under the Children's Code, settings must be high-privacy by default. Ofcom has said that Instagram's measures are a "step in the right direction" in terms of online safety compliance but warns that it won't hesitate to take enforcement action against any company falling short of its obligations under the Online Safety Act once safety duties come into force early next year.
Meta also plans to introduce AI-powered software to check profile account data to determine whether or not users are under 18 in which case they will automatically be given a teen account, whatever their stated age.
Meta is not alone. Google search, Roblox, Lego and Pinterest voluntarily signed up to Ofcom's best practice principles for promoting media literacy on their platforms, pledging to become accountable for making media literacy a priority, develop user-centric design and to monitor and evaluate media literacy on an ongoing basis. Ofcom encourages other online service providers to follow. Roblox also introduced a range of safety measures in November.
Ofcom welcomed the steps but said many services would have to do much more once the OSA comes into force.
In addition to the areas covered elsewhere in this update, the UK passed significant legislation including the Media Act and the Automated Vehicles Act. Both the UK and the EU were focused on big tech and competition with the EU's Digital Markets Act (DMA) beginning to apply to gatekeepers, and the UK's reformed competition regime moving forwards under the Digital Markets Competition and Consumers Act (DMCCA). Here are some key developments during 2024.
Digital Government (Disclosure of Information) (Identity Verification Service) Regulations 2024
The Digital Government (Disclosure of Information) (Identity Verification Service) Regulations 2024 came into force on 8 February 2024. Their objective is to enable individuals to create a reusable digital identity in a convenient, secure and efficient way and to provide support for the administration and delivery of such services. Specified public authorities are permitted to check and share government-held personal data in order to make it easier for individuals to prove their identity when accessing digital services.
Automated Vehicles Act
The Automated Vehicles Act received Royal Assent on 20 May 2024. The AVA:
Almost the entire Act is to be brought in under secondary legislation. Read more.
Media Act
The Media Act received Royal Assent on 24 May 2024. It updates the UK's broadcasting regulatory framework, including by bringing a broader range of video-on-demand services into scope. Read more on various aspects of the Media Act here.
Property (Digital Assets etc) Bill
The Property (Digital Assets etc) Bill was introduced to the House of Lords on 11 September 2024 and published the following day. It has been introduced as a result of recommendations by the Law Commission and clarifies the status of digital and electronic assets under the law of England and Wales. It enshrines the common law position that certain digital assets can constitute property under the law despite not being a chose in possession or in action. The government also published a factsheet on the Bill on 6 November 2024. The Bill contains a single operative clause stating: "A thing (including something digital or electronic in nature) is not prevented from being the object of personal property rights merely because it is neither - (a) a thing in possession nor (b) a thing in action".
Self-flying and remotely piloted aircraft
The Law Commission launched a consultation on the regulation of aviation autonomy on 26 February 2024 as discussed here. The consultation looked at regulation of self-flying and remotely piloted aircraft (including drones), and advanced mobility vehicles including vertical take-off and landing (VTOL) aircraft. For more on automated and autonomous mobility in the UK and the EU, see here.
Space Industrial Plan
The government published a policy paper: Space Industrial Plan: from ambition to action – advancing UK space strategy. This builds on the government's National Space Strategy. It aims at helping target investment, particularly in the Connectivity in Low Earth Orbit R&D programme, and at focusing on bilateral partnerships with like-minded space-faring nations. For more on the space sector and accompanying legal issues, see here.
IPO reports on IP and the metaverse
The Intellectual Property Office published two reports looking at how IP rights interact with the metaverse. The first IPO-authored report looks at trends in IP filings relating to the metaverse. The second, a government-commissioned independent report, looks at potential IP issues relating to the metaverse. It argues that the UK's IP regime can be reformed to tackle challenges presented by the metaverse and suggests potential solutions to current issues.
CMA market investigation into supply of public cloud infrastructure services in the UK
On 6 June 2024, the CMA published an updated issues statement in its market investigation into the supply of public cloud infrastructure services in the UK. The updated statement set out the CMA's current thinking on potential harms created by technical barriers and egress fees (relating to switching), committed spend discounts and software licensing practices. Provisional findings are expected in January 2025 and a final report is due in July 2025.
Decentralised Autonomous Organisations (DAOs)
On 11 July, the Law Commission of England and Wales published a scoping paper on DAOs following on from its November 2022 call for evidence. The paper does not make formal recommendations for law reform but it does identify key workstreams which may be helpful to add clarity to the status of DAOs and support their uptake.
WTO Joint Initiative on e-Commerce
The UK announced on 26 July 2024, that it had joined this initiative (JI) and has published guidance setting out the elements of the JI and the benefits to the UK of joining. The government claims it will assist with enabling e-commerce and increasing trust, openness and transparency, as well as enhancing cooperation and development.
Mobile messaging scams
Ofcom published a call for information requesting industry opinions on options to tackle UK mobile telephone spoofing (falsification of caller ID to conceal the origin of the call or appear as a trusted number). In addition, Ofcom updated its guidance on GC C6. Network providers have six months to implement changes and the updated guidance will come into effect on 29 January 2025.
Digital identity or attributes services
In January, the government consulted on whether to amend the Licensing Act to allow digital identities and age assurance technology to play a role in age verification for alcohol sales in England and Wales, and when age verification should take place for distance sales.
On 18 September 2024, the government published guidelines on how to register as a provider of digital identity or attributes services which facilitate the use and re-use of digital IDs and the sharing of attributes. Providers have to be certified by an approved conformity assessment body before they can be registered. The new guidelines supplement earlier guidance on the framework.
On 28 November 2024, the government published the gamma (0.4) pre-release version of its updated identity and attributes trust framework, together with supporting documents which provide guidance on:
This version of the framework is not yet ready to be certified against. Certifications against the 0.3 framework will remain valid until the date published in the final gamma version.
Quantum computing
On 8 October 2024, the government published its response to recommendations made by the Regulatory Horizons Council on the regulation of quantum technology applications. The government is broadly supportive of the recommendations and agrees it is too early to establish regulatory requirements and legislation around quantum technologies. It says sustained action is required to increase regulatory capability and enable a sector and application-specific approach which is transparent, collaborative and evidence-based. All of the RHC's recommendations were accepted in full or in principle. In October, the government announced the opening of the National Quantum Computing Centre.
Regulatory Innovation Office
On 8 October 2024, acting on a manifesto commitment, the UK's Department for Science, Innovation and Technology, announced the launch of a new Regulatory Innovation Office (RIO) to speed up public access to new technologies. It is not entirely clear what the status of the RIO will be and its mission statement is somewhat vague. The Labour manifesto said it would bring together existing functions across government but it is also subsuming the functions of independent bodies including the Regulatory Horizons Council. Read more.
Competition regime under DMCCA
On 7 November 2024, the CMA published its letter to the Secretary of State asking it to approve the guidance on the new digital markets competition regime under the Digital Markets Competition and Consumers Act. The CMA is required to publish guidance on its new functions and powers which must be approved by the Secretary of State. The guidance will be published once approved.
The Digital Markets, Competition and Consumers Act 2024 (Commencement No.1 and Savings and Transitional Provisions) Regulations 2024, were made on 25 November 2024 and published on 28 November 2024. They come into force on 1 January 2025, and bring into effect the competition reforms under the DMCCA, specifically:
The government also published three sets of Regulations which deal with how turnover should be estimated or calculated for the purposes of non-compliance penalties and to determine Strategic Market Status, and the circumstances under which a person is considered to have control over an enterprise, alongside its response to consultations on the draft versions.
On 5 December 2024, Ofcom published an update to its Digital Markets Strategy to take into account the CMA's new role in regulating digital markets under the DMCCA.
Market investigation into the supply of mobile browsers and cloud gaming
On 22 November 2024, the CMA published its provisional decision in its market investigation into the supply of mobile browsers and the cloud gaming market. The CMA published a market study notice back in June 2021, which led to a market investigation reference in November 2022. Two years and multiple reports later, the CMA has now provisionally decided to use its powers under the DMCCA to prioritise significant market status investigations to assess whether it would be appropriate to designate Apple and/or Google for their respective digital activities in mobile ecosystems (including the supply of mobile browsers, browser engines and in-app browsing technologies). If a designation is made, the CMA will consider imposing appropriate interventions as set out in the provisional decision. The CMA provisionally found no adverse effects on competition in connection with the distribution of cloud gaming services through app stores on mobile devices in the UK. The CMA must publish its final report by 16 March 2025.
European Digital Identity Regulation
The European Digital Identity Regulation was published in the Official Journal on 30 April 2024. It creates a new voluntary Digital ID wallet which will allow users to authenticate themselves without having to use commercial authentication providers. It also provides for users to control what data is communicated and how it is used via a privacy dashboard. Users will be able to get free "qualified electronic signatures" with the same legal standing as written ones.
Gigabit Infrastructure Act
The EU's Gigabit Infrastructure Act (GIA) was published in the Official Journal on 8 May 2024. The GIA sets out measures to reduce the cost of deploying gigabit electronic communications networks. It replaces the Broadband Cost Directive (2014/61/EU) and amends the Open Internet Regulation (2015/2120) to harmonise retail prices for domestic and intra-EU communications from 1 January 2029 and extend existing price caps. The GIA came into force on 11 May 2024 and will apply from 12 November 2025 (subject to derogations). The amendments to the Open Internet Regulation have applied since 15 May 2024.
European Media Freedom Act
The European Media Freedom Act(EMFA) was published in the Official Journal of the European Union on 11 April 2024 and will apply from 8 August 2025. Exceptionally, Article 3 on rights of recipients of media services to have access to a plurality of editorially independent media content, has applied since 11 November 2024. Read more.
Platform Work Directive
The Platform Work Directive was published in the Official Journal on 11 November 2024. Among wider employment measures, it introduces new rules on algorithmic management and data protection measures for platform (gig) workers. It prohibits digital platforms from processing data on workers' emotional or psychological state or data that could infer sensitive information. Biometric data processing is only allowed for authentication and platforms cannot contact personal data when the person is not performing platform work. Workers cannot be fired or dismissed based on algorithmic or automated decisions. Human oversight is required for important decisions affecting platform workers. The Directive comes into force on 1 December 2024 and must be transposed by Member States by 2 December 2026. Read more.
Digital Markets Act (DMA)
The initially designated gatekeepers under the DMA had to begin complying with their obligations on 7 March 2024. Meta, Apple and ByteDance were among those who challenged some of their gatekeeper/core platform service designations with varying degrees of success and some appeals ongoing. A full list can be found here.
On 6 March, the Commission published its first annual report on the implementation of the DMA and progress on its objectives. The report focuses on cooperation between the Commission and national competition regulators.
On 25 March 2024, the European Commission announced that it had opened five non-compliance investigations against Alphabet, Apple and Meta under Regulation 2022/1925.
Apple
Apple has been in the spotlight in terms of DMA compliance and competition issues more generally. On 24 June 2024, the European Commission issued its preliminary view that Apple breaches the DMA by preventing app developers from freely steering consumers to alternative channels for offers and content. The Commission also opened non-compliance proceedings against Apple regarding its contract terms for third party app developers.
Apple then announced it would allow app developers to communicate with customers outside of its app store rather than via link outs from the relevant app. Developers will also be able to promote offers anywhere, not just on their own website from within their app. Apple is also introducing two new fees, an initial 5% acquisition fee for new users and a 10% store services fee for any sales made by app users on any platform within one year of the app's installation. Apple is also putting out a software update to make it easier for EU users to download non-Apple browsers and set them as defaults, as well as to delete certain Apple apps. These will be able to be set across devices. A new choice screen will allow users to download apps directly without having to do so via the App Store and will be shown on each device upon first launch of Safari after installing the update which will be made available to EU users.
Apple expressed frustration with these requirements, suggesting they could compromise privacy and security and facilitate illegal and harmful content. Larger app developers have also expressed concern about Apple's new charging model which accompanies the changes.
On 19 September 2024, the Commission announced it had launched two specification proceedings to help Apple comply with its interoperability requirements under Article 6(7) DMA. The specifications formalise the Commission's dialogue with Apple and look at iOS connectivity features and the functionality of the process Apple has set up to facilitate third party interoperability. The Commission will inform Apple of preliminary findings (which may include comments from third parties) and set out compliance measures within six months.
Separately, on 4 March, the European Commission announced it was fining Apple €1.8bn for abusing its dominant position in the distribution of streaming apps via the App Store to iOS users. The Commission found that Apple bans music streaming app developers from fully informing iOS users about alternative and cheaper music subscription services available outside the app and from providing any instructions about how to subscribe to such offers. Apple is appealing the fine saying the EC European Commission failed to uncover credible evidence of consumer harm and ignored the realities of the relevant market.
On 12 November 2024, following a coordinated enforcement action with the CPC Network, the EC announced it had notified Apple of several potentially unlawful geo-blocking practices on some Apple Media services including App Store, Arcade, Music and iTunes. This was found to potentially unlawfully discriminate against European consumers based on their country of residence including in relation to online access, downloading and payment methods. Apple has one month to respond and propose commitments to address concerns.
Meta
Meta has also been the subject of scrutiny in relation to the DMA. One of the requirements on gatekeepers under the DMA, is that users be allowed to sign up to individual services rather than being linked across multiple ones automatically. In preparation for this provision, Meta announced in January that it would allow EU, EEA and Swiss users to opt out of sharing information between Facebook and Instagram on sign up. Existing users will also be given the option to decouple their accounts.
Meta has also faced pushback in relation to its 'pay or consent' advertising model. On 1 July 2024, the European Commission informed Meta that its preliminary findings were that Meta's 'pay or consent' advertising model breaches the DMA. Under Article 5(2) of the Digital Markets Act, gatekeepers must seek user consent to combine their personal data between designated core platform services and other services. If a user refuses consent, they should be offered access to a less personalised but equivalent alternative service. Gatekeepers cannot make the provision of certain services or functionalities conditional on user consent. Meta has subsequently announced a 'third' model in the EU which would give users the option of a free service with 'less targeted' advertising based on fewer personal data points. See the Data Privacy section for more on the 'pay or consent' model.
Separately, in order to comply with its obligations under the Digital Markets Act, Meta announced major changes to WhatsApp and Messenger to enable interoperability with third-party messaging services. As part of this it will notify EU users when a new third-party messaging service becomes interoperable and give users the choice between receiving all messages in a single inbox or keeping them separate.
On 14 November 2024, the European Commission announced it is fining Meta €797.72m for abusing its dominant position EU-wide in personal social networks and nationally for online display advertising on social media, by imposing unfair trading conditions on other online classified ad services. Meta had tied its online classified ads service Facebook Marketplace to its Facebook social network, blocking out competitors and allowing it to impose unilateral terms and conditions on other advertisers and to use ad-related data generated by other advertisers for the sole benefit of Facebook Marketplace. In addition to imposing a fine, the Commission has ordered Meta to bring the conduct to an end and refrain from adopting similar practices in future.
On 10 September 2024, the ECJ dismissed Google and Alphabet Inc's appeal against the General Court of the European Union decision which found Google had abused its dominant position in the market for online general search services in 13 countries. The General Court found that Google had favoured its own comparison shopping service over competitor products and handed down a fine of €2.4bn. The ECJ rejected the appeal in its entirety.
On 18 September 2024, the General Court of the European Union annulled the so-called Google Ad-Sense decision under which the European Commission fined Google €1.49bn for abusing its market dominance in the online search intermediation market. The Court upheld the majority of the Commission's findings but also found that it had made errors in assessing the duration of the clauses at issue and of the market covered by them in 2016. It therefore followed that the Commission had not established that the three clauses it scrutinised had each constituted an abuse of a dominant position and together constituted a continuous infringement of Article 102 TFEU. As a result, the Court annulled the Commission's decision in its entirety.
Draghi report on future of European competitiveness
On 9 September, the European Commission published a report on the future of European competitiveness led by Mario Draghi, former European Central Bank president. The report looks at challenges faced by industry and companies in the single market and will inform the Commission's work on future plans, particularly regarding the Clean Industrial Deal and the employment market.
In the UK, the Digital Markets Competition and Consumers Act (DMCCA) was passed in May 2024 and will result in a shake-up of the UK's competition and consumer protection regimes. The EU's planned Digital Fairness Act looks set to emulate some of the DMCCA's ambitions but, meanwhile, it has made considerable progress with its New Green Deal.
The DMCCA received Royal Assent on 24 May 2024. It introduces a new competition regime and reforms consumer protection law. Crucially, it gives the CMA direct consumer protection enforcement powers for the first time. It also reforms the unfair contract terms regime (see here) and introduces new rules on subscription contracts and fake online reviews. Much of the DMCCA will be brought in by secondary legislation – in particular, the new rules on subscriptions won't be brought in until Spring 2026.
The government passed secondary legislation to bring Parts 1, 2 and most of Part 5 of the DMCCA into effect from 1 January 2025. It intends to publish the required secondary legislation and approve CMA guidance on how it will carry out its functions as soon as possible. Commencing Part 1 will bring the digital markets regime into effect and the CMA is expected to launch its first Strategic Market Investigations shortly afterwards.
The government expects to commence Part 3 (consumer enforcement) and Part 4 Chapter 1 (which replaces the unfair trading regulations) in April 2025. Secondary legislation will set out rules for the CMA's new direct enforcement powers alongside guidance. Read more.
A consultation was launched on the new subscription regime on 18 November 2024 (read more here) and closes in February 2025. Reforms to subscription contracts and ADR will follow later and subscription reforms will not commence before Spring 2026 at the earliest.
As we discussed here, on 17 October 2024, the government announced a consultation on measures to bring Buy Now Pay Later (BNPL) providers into the scope of consumer credit legislation. The previous government had been consulting on the issue after the FCA called for a change to the rules as far back as 2021, however, legislation was not introduced before the general election. The government proposes amending the Consumer Credit Act 1974 to enable the FCA to apply rules on affordability to BNPL offerings. BNPL businesses will be required to check shoppers are able to afford repayments before offering them credit. They will also need to provide clear, accessible and simple information about loan agreements in advance so that shoppers can make informed decisions and understand risks. Users of BNPL services will be given so-called section 75 rights which will entitle them to claim refunds and make complaints to the financial ombudsman.
The Product Regulation and Metrology Bill was published in the House of Lords on 4 September. The Bill was announced in the August 2024 King's Speech which said it would update product safety law including to help enable the UK to keep pace with technological advances such as AI. Among other things, the Bill would cover the role of online marketplaces in product safety, particularly where non-UK products are placed on the UK market via them. In fact, the Bill as published mainly provides for the Secretary of State to make secondary legislation about the marketing or use of products in the UK in order to reduce or mitigate risk, ensure they operate efficiently or effectively, and ensure they weigh and measure accurately. Read more.
On 5 November 2024, the government published its response to the Product Safety Review launched in August 2023 under the previous government. The government plans to use powers to be introduced under the Product Safety and Metrology Bill to introduce new requirements on online marketplaces. This will include information requirements, instructions, and warnings about products prior to purchase, and cooperation with regulators. It is also considering whether to align with the EU and mandate single standard chargers and whether to move towards the provision of default digital sharing of product safety information. Further consultations will follow. Read more.
The Packaging Waste (Data Reporting) (England) (Amendment) Regulations 2024 were made on 12 March 2024 and will come into force on 1 April. They amend the 2023 Data Reporting Regulations which require producers of packaging to report data on packaging placed on the market, which is used to calculate fees producers will be required to pay under the extended producer responsibility regime for packaging (the EPR) from October 2025. On 11 March, the Department for Environmental Food and Rural Affairs (DEFRA) and relevant regulators published guidance on the packaging EPR regime in the UK.
The draft Producer Responsibility Obligations (Packaging and Packaging Waste) Regulations 2024, were laid before Parliament on 24 October 2024. They will be made under powers in the Environment Act 2021 and the majority of the Regulations will come into force 21 days after they are made. These draft Regulations have changed significantly following a government consultation in July 2023. Producers are required to register by 1 April 2025 and will have to pay the full net cost of managing their products at the end of life. They will be required to ensure a proportion of their packaging by type is recycled and that they provide information about the packaging disposal. Most producers are expected to join a compliance scheme to meet their obligations.
A new and revised Tobacco and Vapes Bill was introduced to the House of Commons on 5 November 2024 after its predecessor failed to make it through the last Parliament. The new Bill is similar to the previous Bill, in that it makes it an offence to sell tobacco products to, or buy them for, anyone born on or after 1 January 2009. It gives the government powers to restrict flavours and flavour descriptions, packaging and product presentation. It also goes further than the previous version by including a ban on vape advertising and sponsorship, expanding the existing restrictions on selling vapes to under-18s to include non-nicotine products, includes new powers to introduce a licensing scheme and to extend existing indoor smoking bans to some outdoor settings eg school playgrounds, subject to consultation.
The government is also considering extending restrictions in places that are currently smoke free to include vapes and introduced a call for evidence on standardising packaging for all tobacco products and related devices. It has also passed legislation banning the supply of single-use vapes in the course of a business from 1 June 2025.
Read more on products and packaging, covering the UK and EU here.
On 18 March 2024, the Department for Business and Trade published a consultation on proposals to amend the legal framework for information sharing in relation to competition and consumer law enforcement matters in Part 9 of the Enterprise Act 2000. The proposed changes are intended to ensure information can be exchanged to assist relevant public UK bodies in discharging their statutory functions.
In January, The Department for Business and Trade published its response to its consultation on improving consumer price transparency and product information for consumers. The consultation focused on display of pricing information, hidden fees and drip pricing, fake and misleading reviews, online platforms and online interface orders, and on automatically unfair commercial practices and private redress in the DMCCA. The Price Marking (Amendment) Order was made on 21 October 2024.
Under the DMCCA, the CMA will be able to enforce consumer protection law directly rather than through the courts. This is expected to increase and speed up enforcement of consumer protection breaches. The CMA has been busy preparing for the new DMCCA regime this year but has also focused its attention on a number of other areas.
Trader recommendation platforms
On 12 November 2024, the CMA published consumer law compliance advice for trader recommendation platforms (TRPs) and its response to the public consultation on its draft guidance. The advice looks at compliance with the Consumer Protection from Unfair Trading Regulations. While these will be replaced by provisions in the DMCCA, the CMA does not expect that to alter its advice.
Secondary ticketing and dynamic pricing
In September, the government announced that it would consult on measures to provide stronger consumer protections in the ticketing sector. In a letter to business and culture ministers, the CMA said that it had particular concerns with the secondary ticketing market and the unlawful bulk-purchase of tickets which were later re-sold at inflated prices. The CMA pointed to its previous actions and recommendations in this area, urging the government to act on recommendations made in 2021.
On 5 September, the CMA launched an investigation into the sale of Oasis concert tickets by Ticketmaster and the use of dynamic pricing. A call for evidence was made to consumers. The CMA will also be gathering evidence from a variety of sources including consumers, event organisers and the band's management.
On 13 November 2024, the CMA launched a project to consider how dynamic pricing is being used in different sectors across the economy and whether this brings commercial and consumer benefits or creates challenges for consumers and competition. The information gathered under the project may inform the upcoming call for evidence on price transparency in the live events sector.
Dark patterns and harmful online choice architecture
On 9 July 2024, the Global Privacy Enforcement Network (GPEN) comprising 26 international data protection authorities, and the International Consumer Protection and Enforcement Network (ICPEN) announced the results of a global privacy sweep of over 1000 websites and apps. They found that the vast majority used at least one deceptive design practice and that over 75% of subscription services across the 26 countries used dark patterns in their advertising.
The CMA's enforcement programme looking at harmful online choice architecture continued in 2024.
In July, the CMA secured undertakings from Wowcher to change its online selling practices, in particular relating to the use of countdown timers and 'urgency' marketing claims. Wowcher was also required to refund over £4 million to 870,000 customers who were signed up to Wowcher’s ‘VIP membership’ via a pre-ticked box. In particular, the CMA was concerned that the overwhelming majority of products on Wowcher’s site continued to be available at a similar price once the daily countdown timer has ended.
On 1 August 2024, the CMA announced it had secured undertakings from Simba Sleep regarding its online sales practices and, in particular, misleading discount claims and the use of countdown clocks. The CMA also published new discount and reference pricing principles aimed at the online mattress sector but relevant more widely.
On 25 October 2024, the CMA announced it had issued proceedings against two German and one UK company and their directors in the Emma Sleep group in relation to its use of dark patterns to apply unfair pressure on consumers to purchase. While other businesses have complied with the CMA's requests, Emma Sleep has not taken the actions required to address the CMA's concerns. The CMA says it will drop the court action if Emma Sleep changes its practices via a consent order or undertakings to the court. The dark patterns at issue include the use of misleading discount claims and countdown timers.
On 8 November 2024, the Department for Business and Trade published a study into potentially harmful online choice architecture with a focus on online defaults. The DBT concluded that defaults are most frequently used in the retail sector and have significant potential to influence consumers. The study makes a number of recommendations but stops short of recommending legislation to ban defaults as it found that in the majority of cases, they are not used for harmful practices.
The EU made considerable progress with its circular economy legislation, part of the EU Green Deal, completing:
Progress was also made towards enacting:
Both are expected to be finalised next year.
See here for more.
The Product Liability Directive (PLD) was published in the Official Journal on 18 November 2024. It came into force on 8 December 2024 and Member States must introduce implementing legislation by 9 December 2026. The PLD modernises the previous Directive by updating definitions and concepts and makes the burden of proof hurdle easier for claimants involved in complex cases. It also removes limitations on low value compensation claims. See here for more.
As the new European Commission takes shape, it seems likely that a flagship project will be a new Digital Fairness Act to protect children and consumers online. On 4 October, the EC published a Working Document Fitness Check on EU consumer law on digital fairness. This evaluated the level of consumer protection in the digital environment under the Unfair Commercial Practices Directive, the Consumer Rights Directive and the Unfair Contract Terms Directive. The report identified a number of issues which the Digital Fairness Act might go on to cover including dark patterns, addictive design, digital subscriptions, AI chatbots, unfair contractual terms, personalisation practices (eg targeted advertising), social media and influencer marketing.
Some of these issues are covered to a degree by the Digital Services Act which a Digital Fairness Act would complement. For example, on 2 October 2024, Snapchat, TikTok and YouTube received information requests under the Digital Services Act, asking them a range of questions about their recommender systems, including how they use AI to direct illegal or harmful content to users.
The European Commission is expected to introduce a proposal for the Digital Fairness Act in February 2025. Read more.
On 31 October 2024, the EC issued formal proceedings against Temu under the DSA. On 8 November 2024, the EC and the Consumer Protection Cooperation Network (CPC) notified Temu of practices breaching EU consumer protection law which require remedial action. Highlighted practices include:
Temu has one month to respond and explain how it will address issues. If it fails to remedy the problems, national consumer protection authorities will be able to take enforcement measures.
In September, the ECJ held in a reference from Germany regarding a case against Aldi Sűd, that price reduction claims must be calculated using the lowest price in the preceding 30 day period in order to comply with the Price Indication Directive (PID). The ECJ said Article 6a of the Directive requires a price reduction claim in the form of a percentage or promotional statement, to be determined by reference to the prior price as defined in the PID (ie lowest in 30 days) and the reduced price as marketed cannot be the same as or higher than the prior price before the reduction.
Tackling greenwashing has been a major focus this year but advertising of foods high in saturated fat, salt and sugar (HFSS foods) remains a top priority and, with a focus on the UK, we also pick out some of the highlights of ASA/CAP/BCAP guidance. For more on digital advertising, see the Data section of this update.
Greenwashing – making false or misleading environmental claims, continues to be a focus for legislators and regulators in the UK and EU.
UK
On 27 March 2024, the CMA published an open letter to those in the fashion retail sector on environmental claims to inform them of the outcomes of the CMA’s investigation into environmental claims in the sector, and to highlight the need for businesses to consider their obligations under consumer protection law. The letter stated that, following the CMA’s investigation, three fashion retailers (Asos, Boohoo and Asda) had given undertakings whereby they agreed to change their practices to address the CMA’s concerns about certain environmental claims and commercial practices.
The CMA also published guidance for the fashion industry on making green claims which comply with consumer protection law in September 2024. The guidance was published alongside advice to 17 brands to review their green claims, particularly in light of the CMA's incoming enforcement powers under the DMCCA.
On 18 April 2024, the ASA published research into people's understanding of environmental claims in food ads and in August, it published a blog on Green claims (listing key advice and resources).
EU
Progress continued with the draft Green Claims Directive. The Council of the EU adopted its negotiating position which is expected to be finalised in 2025. The Directive sets out minimum requirements for the substantiation, communication and verification of explicit environmental claims and sets out a framework for use of environmental labels. For more on green legislation see Consumer protection, products and green legislation.
On 30 April 2024, the European Commission and European network of Consumer Protection Cooperation Authorities announced they had written to 20 airlines identifying several types of potentially misleading green claims and inviting them to bring their practices into line with EU consumer protection law within 30 days. Claims taken issue with include those suggesting carbon emissions caused by flights could be offset by consumers through climate projects or use of sustainable fuels with payment of additional fees. Other issues include making claims without supporting verifying information. The CPC can take enforcement action if the airlines do not comply within the specified period.
The UK's Advertising Standards Authority (ASA), the Committee of Advertising Practice (CAP) and its broadcasting equivalent (BCAP) have had another busy year. The ASA underlined its shift away from complaints-led investigations to "front-foot ASA-led monitoring and enforcement action". This approach is credited with helping the ASA with its focus on tackling ad-related societal concerns in areas including green claims, youth vaping, body image, gambling and prescription-only medicines during the previous year.
Here are some highlights among the guidance and initiatives published by them and others in the UK during 2024.
The Advertising (Less Healthy Food Definitions and Exemptions) Regulations 2024 were made on 2 December and laid before Parliament on 3 December 2024. They come into effect on 1 October 2025. The Regulations implement restrictions on advertising less healthy food and drink products (HFSS) under the Communications Act 2003 as amended by the Health and Care Act 2022. They will restrict advertising HFSS products on TV or regulated on-demand programme services between 5.30pm and 9.00pm, and ban paid-for advertising of HFSS products online.
The Regulations define the products and businesses in scope and also provide for some additional exemptions. These include audio services, Ofcom-regulated IPTV services and non-regulated IPTV services where the content is simultaneously available on a regulated service. Some products are also exempt where they are subject to separate regulation, including baby food and infant formula.
The government has published guidance on the restrictions which gives further information about in-scope products and which, the government stresses, should be read alongside any ASA guidance. The ASA has consulted on draft guidance but has not yet published a final version.
Here are some other 2024 legislative and policy developments in the UK to note which are not covered elsewhere in this update.
Retained EU law
The Retained EU Law (Revocation and Reform) Act 2023 (Commencement No.2 and Saving Provisions) Regulations 2024 (REUL Regs 2) were made on 28 May 2024. They were intended to bring into force s6 of the REUL Act from 1 October 2024, subject to saving provisions but were subsequently revoked by the new Labour government in September 2024. Read more.
New duty on employers to take reasonable steps to prevent sexual harassment
Since 26 October 2024, employers have had a legal duty to take reasonable steps to prevent sexual harassment of employees in the course of their employment under s51 of the Worker Protection (Amendment of Equality Act 2010) Act 2023. Read more.
White Paper on smarter regulation
On 16 May 2024, the DBT published a White Paper on "Smarter Regulation: Delivering a regulatory environment for innovation, investment and growth". This sets out the government's plan to improve the UK's regulatory landscape and encourage innovation and growth. The White Paper was published following a call for evidence.
Consultation on scrapping Commercial Agents Regulations
On 16 May 2024, the Department for Business and Trade launched a consultation on the deregulation of the Commercial Agents (Council Directive) Regulations 1993. It proposes introducing legislation which would prevent new commercial agents from being created under the Regulations. The Regulations would continue to apply to existing agents covered by the Regulations until the time of their deregulation.
Consultation on TUPE and abolishing the legal framework for European Works Councils in the UK
On 16 May 2024, the government launched a consultation on clarifications to TUPE 2006 and abolishing the legal framework for European Works Councils in the UK.
CMA call for inputs on review of assimilated Technology Transfer Block Exemption Regulation
On 26 July 2024, the CMA published a call for inputs to inform its review of the assimilated Technology Transfer Block Exemption Regulation (TTBER) and accompanying EC guidelines on technology transfer agreements. The current TTBER expires on 30 April 2026. The CMA is reviewing whether it continues to meet its purpose and meet the interests of the UK economy and both UK businesses and consumers.
Government proposals to tackle late payments
On 19 September 2024, the government announced a package of measures to tackle late payment of business invoices including: a new fair payment code; new legislation to be brought forward requiring all large businesses to include payment reporting in their annual reports; an increase in enforcement against businesses failing to comply with statutory reporting requirements; an upcoming consultation on the reform of audit and audit committees; and updated guidance on business payment practices and reporting requirements. The Fair Payment Code was published in December 2024.
Invest 2035 Industrial Strategy Green Paper
On 17 October 2024, the UK government published its Invest 2035: the UK's modern industrial strategy for consultation. The consultation closed on 24 November 2024. This is a green paper setting out the government's ten-year plan to promote growth, focusing on eight sectors including digital and technologies. Stakeholder feedback will be published in a response alongside a spending review in spring 2025.
Failure to prevent fraud offence guidance
On 6 November 2024, the government published guidance on the new offence of failure to prevent fraud. This comes into force under the Economic Crime and Corporate Transparency Act 2023 on 1 September 2025 and introduces an offence for failure to prevent fraud for large organisations which may be held criminally liable where an employee, subsidiary or other associated person commits a fraud intending to benefit the organisation. Organisations have a defence if they have reasonable procedures in place to prevent fraud.
12. December 2024
von Debbie Heywood
von Debbie Heywood
von Debbie Heywood
von Debbie Heywood und Louise Popple