30 April 2024
Share Print

Technol-AG: 4 tech law updates that have caught our attention this Spring

To The Point
(6 min read)

Welcome to the latest edition of Technol-AG - practical commentary on our pick of the latest tech law developments. Our picks for this edition are the UK's new consumer connectable product security regime, which came into force on 29 April 2024, the latest legal news regarding AI, the recent case of Parker-Grennan v Camelot, where the Court of Appeal considered for the first time how to validly incorporate online T&Cs, and the Department of Transport's futuristic plans for UK aviation and how they might impact supply chains.

4 tech law updates:

  1. Connectable products: New UK regime now in force
  2. The million-pound misunderstanding: Court of Appeal rules on valid incorporation of online T&Cs for the first time
  3. AI: Three key developments in the EU, UK and US
  4. Drones and flying taxis: UK Department of Transport sets out its vision of the future

 

Connectable products: New UK regime now in force

With cybersecurity continuing to be a hot topic and a key priority for Boards, the UK's new consumer connectable product security regime came into effect on 29 April 2024.  

What new legislation has come into force?

As of 29 April 2024, two new pieces of legislation are in force: 

What is the purpose of the new legislation?

The PSTI is intended to mitigate cyber security risks associated with consumer products which are internet or network connectable (Connected Products), such as smartphones, smart TVs, smart speakers, connected baby monitors and connected alarm systems, also known as consumer "Internet of Things" devices or consumer "smart" devices.

Who is subject to the new legislation?

The PSTI imposes obligations on manufacturers, importers and distributors of relevant Connected Products.  

What are the key obligations under the new legislation?

Key obligations under the PSTI include:
 
1. Manufacturers

      • Passwords: Passwords supplied to each individual product must be unique per product or capable of being changed by the user of the product and must not be easily guessable.
      • Information on how to report security issues: Information must be provided on how to report security issues about the Connected Product and on timescales regarding the response to these reports.
      • Information on minimum security update periods: The minimum length of time security updates will be provided, along with an end date, must be published and made available to consumers in a clear accessible and transparent manner.

2. Manufacturers, Importers and Distributors

      • Statement of compliance: Connected Products must be accompanied by statements of compliance.
      • Remedying compliance failures: All reasonable steps must be taken as soon as practicable to remedy compliance failures.
      • Reporting compliance failures: Compliance failures must be reported to the enforcement authority (and, in some circumstances, customers) as soon as possible. 

What are the penalties for failing to comply with the new legislation?

The PSTI will be enforced by the Office for Product Safety and Standards (OPSS). Penalties for failure to comply with the PSTI range from the issuance of compliance, stop and/or recall notices to financial penalties up to the greater of £10 million and 4% of an organisation's qualifying worldwide revenue.

Is there anything else to consider?

In March 2024, the European Parliament approved an equivalent piece of legislation, the Cyber Resilience Act (the CRA), which establishes product security regulations for all "products with digital elements" sold within the EU and includes both hardware and software products.

The CRA is expected to be formally adopted by the Council in Spring 2024, with laws coming into effect three years post-adoption.

Practical takeaways

The obligation to comply with the PSTI began as soon as it came into effect on 29 April 2024.

Businesses which manufacture, import or distribute Connected Products, should ensure that they have:

      • familiarised themselves with the requirements of the PSTI;
      • assessed whether the Connected Products they manufacture, import or distribute are subject to the PSTI; and
      • considered whether they need to implement changes to ensure compliance.

These businesses should also undertake a similar exercise in relation to the CRA to check whether their Connected Products are in scope of this EU legislation and, if so, that they will be compliant when it comes into effect in three years' time.

If you need any help assessing whether the products you manufacture, distribute or import are subject to the PSTI or the CRA or putting in place the necessary measures to ensure compliance, we would be happy to help. Please get in touch with Natalie Trainor or your usual Addleshaw Goddard contact for more information.

Back to the top >


 

The million-pound misunderstanding: Court of Appeal rules on valid incorporation of online T&Cs for the first time

Those who read our April 2023 Edition may remember our summary of the first instance decision in the Parker-Grennan v Camelot case. Just over a year later and we are already in a position to be able to report on the appeal of this decision, thanks to the Court of Appeal handing down its judgment on 1 March 2024.

What was the case about?

The initial dispute between the parties arose as follows:

  • Joan Parker-Grennan (the Appellant) had an online account with Camelot UK Lotteries Ltd (Camelot), a licensed operator of the National Lottery.
  • A software error led the Appellant to believe that they had won a £1 million prize (as displayed on an interim, optional and animated screen). However, Camelot contended that the actual prize amount was £10, as generated by their computer system and displayed on the final screen of the game.

In the first instance, an application for summary judgment was dismissed on the grounds that:

  • Camelot's T&Cs were properly incorporated into the online contract it had with each of its customers;
  • none of the terms relied upon by Camelot were unfair; and
  • it was clear upon interpretation of the T&Cs that only the amount shown on the final display screen was conclusive as to the amount won.

This case was an appeal of that first instance decision.

What did the Court of Appeal decide?

The Court of Appeal dismissed the appeal on the following grounds:

  • Incorporation: The legal test to be applied regarding incorporation was whether Camelot did what was reasonably sufficient to bring the various T&Cs to the notice of its customers (not whether it did everything in its power to try to make its customers read the terms). The Court considered on the facts that Camelot had done so as, for example, customers were required to manually "accept" the T&Cs on creating an account and significant updates were notified to customers.
  • The Court also noted that: 
    • The requirement for traders to signpost "onerous or unusual" terms simply means that more is required in terms of reasonable steps to draw these terms to customers' attention than is required in the case of other terms. In this case, there were no onerous or unusual terms.
    • It is not necessary for the purposes of incorporation to force consumers to scroll through several pages of "small print" before it is possible to click the box or button accepting the terms.
  • Enforceability: As none of the terms were individually negotiated, the Court next considered whether any term caused a significant imbalance in the parties' rights and obligations arising under the contract so as to be unfair and unenforceable against the consumer under the Unfair Terms in Consumer Contracts Regulations 1999 (UCCTR). The Court held that this was not the case as, amongst other factors, the terms on which Camelot relied "were clearly drafted and well signposted through the various hyperlinks" and the Appellant "had a real opportunity of becoming acquainted with" the terms before accepting them.
  • Construction: As a matter of contractual construction, it was obvious that £10 rather than £1 million was the correct prize amount.

Key takeaways

This is the first case in which the Court of Appeal has considered the issue of what needs to be done to incorporate standard terms and conditions into an online contract for goods or services.

Although the Court declined to lay down general principles of application, the judgment acts as a useful reminder that the requirements for proper incorporation apply within the digital environment. Businesses making goods or services available online should therefore seek to ensure that any T&Cs on which they intend to rely are:

  • drafted in a manner which is clear, concise and accessible to consumers;
  • signposted so as to bring them to the reasonable attention of consumers; and
  • provided in a way which allows consumers sufficient opportunity to read them.

Back to the top >


 

AI: Three key developments in the EU, UK and US

With so much in the news about AI, it is easy to lose track of key developments. Since our last edition at the beginning of March, there are three legal developments which we would draw to your attention:

EU AI Act

The European Parliament formally adopted the EU AI Act on 13 March 2024. While lots of news headlines gave the impression that this was the end of the road, it still needs to be formally endorsed by the Council. This is expected in Spring 2024, after which it will be published in the Official Journal of the European Union and enter into force 20 days later. It will be fully applicable 24 months later, with some exceptions, such as the bans on prohibited practices (which will apply six months after the entry into force date) and general-purpose AI rules (which will apply 12 months after entry into force). 

UK creator rights

In a report published on 26 March 2024, the House of Commons Culture, Media and Sport Committee (the Committee) criticised the UK Government for failing to address the concerns of the creative industries regarding AI.

Noting the Government's failure to put in place a code of practice on AI and intellectual property (as summarised by us in the previous edition of Technol-AG), the Committee gave the view that the status quo favours AI developers to the detriment of creators. They called on the Government to ensure that creators have proper mechanisms to require their consent and receive fair compensation for use of their work by AI developers. It remains to be seen whether this, together with a similar call on the Government to support copyright holders made by the House of Lords Communications and Digital Committee in February, will be enough to provoke the Government to address the concerns of the creative industries.

UK-US AI safety partnership

On 1 April 2024, the UK and the US announced a new partnership focussed on AI safety and a commitment to develop similar partnerships with other countries to promote AI safety globally. The two countries will now work together to develop tests for the most advanced AI models and will perform at least one joint testing exercise on a publicly accessible model. They will also share information about the risks and capabilities associated with AI models and systems and fundamental technical research on AI safety and security.

Practical Takeaways

Although AI remains a constant source of news, the legal developments continue to move more slowly than the technological ones.

Back to the top >


 

Drones and flying taxis: UK Department of Transport sets out its vision of the future

"A third revolution in flight is underway…offering radically new ways to connect people and transport goods. This is not science fiction. It has already started."

This is the bold statement with which the Department of Transport begins the UK Future of Flight Action Plan it published in March 2024. The plan which follows does not disappoint, focussing as it does on two emerging aviation technologies which previously would have been confined to the realms of science fiction: drones (Uncrewed Aircraft Systems or UAS) and flying taxis (electric, Vertical Take-Off and Landing or eVTOL) vehicles).

What are the main use cases of UAS and an eVTOL?

UAS are already used in relation to a range of tasks, such as cargo delivery, inspection and surveillance but do not carry passengers.

The plan suggests that UAS may provide public services, such as monitoring the environment and search and rescue, and highlights examples where drones are already being used, such as:

  • Delivery of mail to remote areas: A three month trial in the Orkney Islands in 2023 during which letters and parcels were transported from a delivery office to postal staff on the islands of Graemsay and Hoy.
  • Medical deliveries: During the winter months from 2022 to 2023, a drone solution was used to deliver surgical implants and pathology samples between two hospital trust sites in Coventry and Rugby.

eVTOL on the other hand can transport passengers and cargo at a lower price than helicopters and forecast reduced levels of noise. One example given in the plan is a battery-powered aircraft which is being developed to carry four passengers over a 100 mile range with no operating emissions. This could, for example reduce the 80 minute journey time between Brighton and Heathrow Airport by car to only 20 minutes.

What is the plan?

The overarching plan is to develop these emerging aviation technologies and integrate them at scale into the UK's aviation system, transport networks and aerospace industry.

By 2030, the aim is for the UK to be a leader in emerging aviation technologies. The government is tasked with making a cross governmental policy framework to enable this. The Civil Aviation Authority's role is to maintain regulations that enable technologies to safely develop and make new regulations as required. Industry will need to continue to develop technologies, make real world applications using technologies and communicate plans with the public, regulator and the government.

Practical Takeaways

There is a lot of work to be done to build the regulatory environment and infrastructure necessary to facilitate the plan. However, in the meantime businesses might want to start thinking about how they could use UAS and EVTOL in the future to make their supply chains and business operations more efficient and environmentally friendly.

Back to the top >

Don't miss out


Join our mailing list and receive the Top 3-5 technology law updates you need to know about  

Subscribe