Skip to content

Key legal developments for in-house lawyers: recent updates

Insight

LB wave

The legal landscape for in-house teams continues to shift at pace, particularly in areas shaped by rapid technological and regulatory change. From artificial intelligence and data protection reform to employment law and corporate governance, recent developments in the UK and EU present both risk and opportunity.

We outline the most significant updates and what they mean in practical terms for in-house counsel.

Artificial Intelligence

AI continues to occupy many an in-house lawyer's time, with more questions than answers on the legal framework underpinning the technology.

  • In the UK Getty has been granted permission to appeal the High Court's ruling in its case against Stability AI – on the dismissal of its secondary infringement of copyright claim. The Court of Appeal will be asked to consider how the provisions of the CDPA should be construed – specifically the phrase 'infringing copy' – in the context of an AI model.
  • We are no clearer on the UK government's position on the use of copyright material in developing AI systems. It has issued a 'statement of progress' on its consultation over the issues with no discernible direction of travel. The responses were overwhelmingly in favour of strengthening copyright protection. However this would be at odds with the government's intention to put AI at the heart of its plan for economic growth.
  • The EU and the UK are increasingly diverging on their approach to AI and copyright. The high profile ruling by the Munich Regional Court on GEMA v OpenAI took a notably different (and more protectionist) approach to the issue of copyright infringement in AI training. 
  • The EU AI Act is the world's first comprehensive regulatory framework for artificial intelligence and has significant extraterritorial effect. In our latest article, we look at the ways in which the EU AI Act may catch the activities of UK businesses, even when they do not directly sell AI systems into the EU market.

UK adequacy decision

The UK adequacy decision has been renewed until 27 December 2031. The European Commission has formally confirmed the UK adequacy decision for a further six years, allowing personal data to flow between EU member states and the UK without the need for extra safeguards.

Data (Use and Access) Act 2025

Key provisions of the Data (Use and Access) Act 2025 (DUAA) came into force on 5 February 2026, marking a further step in the UK’s divergence from the EU data protection framework. The provisions introduce greater flexibility in some areas, eg exemptions for the setting of certain cookies and the use of solely automated decision‑making without an individual's consent, while also strengthening regulatory enforcement and expectations around children’s data.

Of particular note for in‑house teams:

  • the ICO is now able to impose fines of up to £17.5 million, or up to four percent of global worldwide turnover for breaches of the PEC Regulations 2003 (which deal with cookies and direct marketing);
  • clarification that controllers can 'stop the clock' when seeking further information on complex or unclear DSARs (essentially crystallising in to legislation what has for some time been set out in ICO guidance);
  • restrictions on purely automated decision‑making (eg by AI systems) are relaxed where appropriate safeguards are in place (this representing a slight divergence from the European approach under the EU GDPR); and
  • organisations providing online services likely to be accessed by children must be able to evidence how their technical and organisational measures protect users across different age groups.

Further ICO guidance is expected across several of these areas and will be key in shaping how the reforms operate in practice.

Digital Omnibus Regulation

A key legislative development in the European Union is the proposed Digital Omnibus Regulation, or rather two proposed Omnibus Regulations:

  • One to amend the (not yet fully in force) EU AI Act; and one to amend existing EU data, cyber and privacy legislation including the much-renowned (but not universally loved) GDPR, and the related ePrivacy Directive (which has been due to be replaced since at least 2018).
  • These Omnibus proposals are designed to streamline voluminous EU legislation governing data protection and digital technologies, in part driven by the 2024 Draghi report which warned that the EU would face "slow agony" if it did not become more competitive in order to keep pace with its major economic rivals including the United States and China.
  • The proposals are, however, not without their critics – including privacy campaigners who are concerned about the plans to amend the GDPR to narrow the definition of 'personal data', to make it easier for AI developers to use personal data without consent, and to create a new DSAR exemption to combat abuse of privacy rights by individuals. Proposed changes to the EU AI Act, including its implementation timeline, have also been criticised given that this could create uncertainty for organisations preparing for those new rules.
  • Many businesses and other organisations will welcome the Digital Omnibus Regulations, seeing this detailed package of changes as being helpful to encourage competition and innovation. Others will likely fight the proposed amendments on the basis of their concerns about privacy rights, and perhaps taking the view that – while this package of tweaks is intended to streamline digital legislation and cut red tape – the resulting time and cost for organisations is just not worth it for the marginal gains that could then follow.

Employment Rights Act 2025

The Employment Rights Act 2025 came into force at the very end of last year and marks the most significant overhaul of UK employment law in over a generation. Our Employment Rights Act 2025 insights page provides clear, practical guidance to legal teams and HR professionals in navigating the rapidly evolving legal landscape. 

Virtual AGMs

The GC100 has recently published its position on fully virtual AGMs. Although investor expectations still strongly favour physical meetings (there continues to be a decline in the market of companies holding hybrid AGMs), proposed legislative changes may pave the way for wholly virtual AGMs. The GC100 guidance confirmed that the government has committed to amend the Companies Act 2006 to clarify that fully virtual meetings are permitted. However, these changes are not expected to override companies' articles of association so once we have sight of the legislation, businesses may look to update their constitutional documents to give them the flexibility to hold virtual‑only meetings in the future.

Further resources

Visit our in-house lawyers events calendar, our focused programme of legal updates and practical sessions for in-house counsel. If you would like to find out more about the programme, please visit our In-House Lawyers Programme page.

This publication is a general summary of the law. It should not replace legal advice tailored to your specific circumstances.

© Farrer & Co LLP, February 2026

Want to know more?

Contact us

About the authors

Ben Longworth lawyer photo

Ben Longworth

Partner

Ben is an experienced commercial litigator who advises businesses, high net worth individuals and senior executives on resolving complex and high value commercial disputes.

Ben is an experienced commercial litigator who advises businesses, high net worth individuals and senior executives on resolving complex and high value commercial disputes.

Email Ben +44 (0)20 3375 7195
Paul Jones commercial lawyer

Paul Jones

Partner

Paul Jones is a commercial contracts expert with an exceptional track record of delivering complex, business-critical projects for high-profile clients operating in the worlds of media, sport, education and culture.

Paul Jones is a commercial contracts expert with an exceptional track record of delivering complex, business-critical projects for high-profile clients operating in the worlds of media, sport, education and culture.

Email Paul +44 (0)20 3375 7254
Jane Randell

Jane Randell

Senior Counsel

Jane is Senior Counsel and the knowledge lawyer in the Intellectual Property & Commercial team. Jane supports the IP&C team to ensure they can deliver the best possible service to clients. She keeps the team up to speed with the latest developments in both law and practice, provides the team with resources required to undertake client work efficiently and accurately, and provides regular training sessions to all team members. She also provides supervisory support to junior members of the team.

Jane is Senior Counsel and the knowledge lawyer in the Intellectual Property & Commercial team. Jane supports the IP&C team to ensure they can deliver the best possible service to clients. She keeps the team up to speed with the latest developments in both law and practice, provides the team with resources required to undertake client work efficiently and accurately, and provides regular training sessions to all team members. She also provides supervisory support to junior members of the team.

Email Jane +44 (0)20 3375 7198

More by the authors

Further reading

Related sectors & services

Continue to next section
Back to top