Contact | Search |

Author: Julia Krol

Chris Moorcroft named in 2026 eprivateclient Most Influential

Posted on by Julia Krol

Chris Moorcroft has been recognised in the 2026 eprivateclient Most Influential.

This list celebrates the leading figures in the UK and global private wealth sector, highlighting those who are shaping the profession and delivering exceptional service to clients.

Those included were chosen by judges based on their achievements, innovation and contributions to the profession over the past year. The list also incorporates nominations submitted by eprivateclient readers.

Chris is a partner who advises individuals, families and trustees on preserving and transferring wealth, planning for death and incapacity, and managing complex cross-border tax and legal issues. Last year, Chris was part of a team that successfully effected new and innovative trust legislation in Bermuda. These landmark reforms modernised Bermuda’s law regarding responsible investment approaches, placing it at the forefront of global trust law evolution.

The full 2026 eprivateclient Most Influential list can be found here.

How blended families can avoid an inheritance argument

Posted on by Julia Krol

Charles Lloyd’s insights into the emotional and legal challenges of inheritance disputes in blended families have been featured in the Financial Times.

In the article, Charles discusses how the absence of the deceased in probate disputes can intensify tensions and lead to conflicting narratives, often making litigation “vitriolic.” Charles highlights the value of clear estate planning and communication to aid in avoiding litigation.

The full article is available here to those with a subscription.

The new hospitality playbook: co-branding the guest experience

Posted on by Julia Krol

With a growing need to stand out in the luxury hospitality sector, high-end hotels are increasingly collaborating with fashion houses, sports icons and other prominent brands to create exclusive guest experiences.

These partnerships are more than just marketing exercises; they are a strategic response to changing consumer expectations and the competitive landscape of modern luxury.

In an article for Tatler Address Book’s Experts’ Corner, managing associate Emily Miles examines the legal frameworks underpinning these innovative collaborations and the key issues that brands, hotels and personalities must navigate to ensure such ventures are successful. Emily highlights the importance of robust contractual foundations, intellectual property considerations and reputation risk management, alongside operational, tax and financial considerations.

As the intersection of hospitality, fashion and sport grows, these partnerships provide exciting opportunities for differentiation and growth. However, as Emily notes, success requires more than creative flair; it demands meticulous legal planning and alignment of values.

Read the full article on the Tatler website here.

Experts’ Corner is part of Tatler Advisory: a trusted network of influential private client experts, all at the pinnacle of their profession.

UK direct marketing laws made easier for charities

Posted on by Julia Krol

The UK’s new Data (Use and Access) Act 2025 will be changing the direct marketing laws to make it easier for charities to send electronic marketing to existing supporters and supporters who have expressed an interest in the charity without their express consent.

This is referred to as the “soft opt-in” rule which is currently relied on by many commercial businesses and will be amended to broaden the scope to charities.

How can charities rely on soft opt-in?

Charities can send electronic marketing such as, emails or text messages or direct messages on social media, without the consent of a person, providing:

  • The sole purpose of electronic marketing is to further the charity’s own charitable purpose(s)
  • The charity collected the contact details directly from the person themselves
  • The charity collected the contact details when a person:
    • expressed an interest in one or more of the charitable purposes; or
    • offered or provided support to further one or more of those purposes
  • People are given a simple and free of charge way of opting out of direct marketing at the time of:
    • collecting their contact details; and
    • every subsequent direct marketing message thereafter

How can charities start to rely on soft opt-in?

The UK’s data protection regulator, the Information Commissioner, has stated that this change allowing charities to rely on the “soft opt-in” rule is planned to commence from January 2026.

What is the latest from the UK regulators on soft opt-in?

The Information Commissioner has produced draft guidance and launched a consultation on the new rules aiming to gather feedback from charities. The consultation runs from 16 October to 27 November 2025 and details can be found here.

What can charities do now to prepare?

  • Review your privacy policy to inform people of the reliance on “soft opt-in”
  • Review your consent mechanisms and plan the changes needed to rely on “soft opt-in”
  • Review your current opt-out mechanism and plan the changes needed to rely on “soft opt-in”
  • Ensure you have a do not contact list of people who have opted out of receiving direct marketing
  • Review existing marketing lists to separate people who have given their consent to electronic marketing and people who will be sent it using the “soft opt-in” rule
  • Train staff on how to respond to queries and complaints from people about the direct marketing
  • Implement policies and procedures to ensure staff know how to implement “soft opt-in” and the rules around data protection

Identity verification and the Economic Crime and Corporate Transparency Act 2023: what you need to know

Posted on by Julia Krol

The Economic Crime and Corporate Transparency Act 2023 introduces important changes to how Companies House operates, aiming to improve transparency and reduce economic crime.

A key part of these reforms is mandatory identity verification for individuals involved in companies and certain other entities.

Who must verify their identity

You must complete identity verification if you are:

  • A director or proposed director of a UK company
  • A person with significant control (PSC) over a company
  • A member of a Limited Liability Partnership (LLP) or similar entity
  • An individual filing documents with Companies House on behalf of an entity

When must identity verification be completed?

  • Before incorporation for new companies
  • Before appointment for new directors and PSCs
  • Existing directors and PSCs will have a 12-month transition period, from Autumn 2025, to comply
  • Identity verification is mandatory — filings may be rejected if individuals are not verified

How can you verify your identity?

You have two options:

(a) Verify individually

  • Access the Companies House identity verification portal
  • Provide personal information (name, address, date of birth) and ID documents (e.g., passport or driving licence)
  • Submit a live photo (selfie) for biometric checks
  • If successful, you will receive a Verification ID

(b) Verify through an Authorised Corporate Service Provider (ACSP)*

  • Appoint an ACSP (e.g., your company secretary, law firm, or other regulated provider)
  • Provide your documents directly to the ACSP
  • The ACSP will complete checks on your behalf and notify Companies House

What happens after verification?

  • Your verified identity will be recorded at Companies House
  • You will not need to re-verify unless your circumstances change, or Companies House requires it
  • Verified individuals will be assigned a unique identifier for future filings

*What is an ACSP?

  • An Authorised Corporate Service Provider is a regulated professional (such as a legal or accountancy firm) authorised to verify identities and submit filings
  • Using an ACSP can streamline the process and ensure full compliance

How can we help?

Harbottle & Lewis LLP is an Authorised Corporate Service Provider.

We can assist you by:

  • Managing your identity verification process
  • Advising on your obligations under the new legislation
  • Ensuring seamless compliance with Companies House requirements
  • Compiling the unique identification number(s) required to submit filings for the Company at Companies House

Contact us

Please contact us to find out more and to ensure you meet the new requirements.

Nicola Tomlin
[email protected]

Olivia Osuigwe
[email protected]

Safeguarding your business in the wake of the ChatGPT share breach

Posted on by Julia Krol

In today’s fast-paced digital landscape, businesses are increasingly leveraging Artificial Intelligence (AI) tools such as OpenAI’s ChatGPT to streamline operations.

However, recent developments surrounding the now-discontinued “share” feature of ChatGPT should serve as a critical reminder of the importance of robust data governance and proactive measures to safeguard sensitive information, such as personal data and confidential business information.

What happened?

OpenAI recently faced scrutiny after its “share” feature in ChatGPT appeared to inadvertently expose private conversations to public search engines such as Google. While the feature allowed users to share chat links, discrepancies in the user interface and terms across platforms (e.g., Web, iOS, Android) led to confusion over whether shared chats were private or publicly discoverable. Although OpenAI has since removed the feature and requested the removal of indexed links from search engines stating it was a “short-lived experiment”, researchers have alleged that over 100,000 conversations, many containing personal data, were archived and remain accessible in some instances.

At the time of writing, it is also reported that chats from X.com’s “Grok” platform have been exposed online, highlighting a common risk within the industry.

Why it matters to your business

This issue underscores the risks associated with using AI tools and highlights potential vulnerabilities that could expose sensitive company or client data. For businesses, the key takeaways are:

  • Personal data: Conversations shared through AI platforms may include personal data about your employees, customers or clients. There are several data protection compliance issues that must be considered prior to sharing personal data with AI platforms from meeting transparency requirements via privacy policies to carrying out supplier due diligence on your data processing agreements with AI platforms.
  • Confidential information: As with personal data, conversations can be shared through AI platforms about your internal strategy, or intellectual property. Once shared outside of your business, such information can be challenging to remove entirely.
  • Reputational damage: Data leaks can severely impact your brand’s reputation, erode client trust, and lead to loss of business.
  • Regulatory implications: Mishandling of sensitive data could result in non-compliance with data protection laws such as the UK GDPR, leading to fines and legal challenges. Such fines can be up to £17.5m or 4% of your annual turnover (whichever the greater).
  • Legal claims: Clients or other individuals whose data is exposed may bring legal claims for breach of contract, breach of confidence, privacy or their data protection rights, and complain to the data protection regulator. Some larger data breaches have also attracted attempts to start ‘class-action’ claims.

What should you do?

If your organisation uses AI tools such as OpenAI’s ChatGPT, now is the time to review and strengthen your policies and practices. Below are some actionable steps to consider:

1. Implement an AI usage policy

If you haven’t already, establish a clear AI usage policy within your organisation. This should cover:

  • Approved AI tools and platforms
  • Guidelines on the type of information that can be inputted into AI systems
  • Specific processes for sharing data generated by AI tools

2. Train employees

Educate employees on the risks of using AI tools and ensure they understand how to use these platforms responsibly. Emphasise the importance of avoiding inputting personal data or confidential data into AI systems.

3. Conduct data audits

Review your organisation’s use of AI tools to identify any potential exposure of data. If you suspect that data may have been shared via ChatGPT’s “Share” feature, investigate whether these links have been indexed and take immediate steps to request their removal.

4. Monitor evolving AI risks

AI technology evolves rapidly, and so do its associated risks. Stay updated on developments in the AI space, including how tools such as ChatGPT handle data and privacy.

5. Seek legal support

If your business is impacted by the ChatGPT share breach or similar issues, legal advice can help you assess your exposure, address potential liabilities, and implement stronger safeguards.

How we can help

We understand the complex intersection of technology, data, and the law. Our team of experts can assist you with:

  • Drafting and implementing AI usage policies tailored to your business
  • Conducting data audits to assess your organisation’s risk exposure
  • Advising on regulatory compliance and potential liabilities
  • Supporting you with incident response and remediation in the event of a data breach, regulatory involvement, and legal claims

If you have any questions about how the OpenAI ChatGPT share breach might affect your business or need assistance in implementing preventative measures, please don’t hesitate to contact one of our specialists.

New measures announced to tackle ransomware attacks: what does this mean for businesses?

Posted on by Julia Krol

On 22 July, the UK government unveiled a set of measures designed to curb ransomware attacks and protect critical public and private sector services. Following public consultation, these steps aim to dismantle the business model of cyber criminals while fortifying national resilience against cyber threats.

Ransomware, a form of malicious software, is used by cyber criminals to encrypt victims’ systems or steal data, only unlocking access upon payment of a ransom. This cybercrime costs the UK economy millions of pounds annually, with recent high-profile attacks demonstrating risks ranging from operational disruption to life-threatening consequences.

Key Proposals

  1. Targeted ban on ransomware payments: aimed at public sector bodies, including local government and critical national infrastructure (CNI) operators, this ban intends to eliminate the financial motivation for ransomware attacks on essential services. Nearly 72% of respondents supported this targeted ban, with many agreeing it would reduce funds flowing to criminals and dissuade attacks. However, concerns about implementation, the need for clear guidance, and potential exemptions for life-threatening scenarios were raised.
  1. Ransomware payment prevention regime: this regime would require victims to report their intent to pay ransoms, allowing the Government to assess and potentially block payments to sanctioned groups. Feedback was mixed, with 47% supporting an economy-wide approach, but concerns were highlighted around thresholds creating loopholes for attackers. Respondents also stressed the importance of guidance and support for compliance, particularly for small businesses.
  1. Mandatory incident reporting regime: this proposal mandates victims to report ransomware incidents within 72 hours, followed by a detailed report within 28 days. It received strong backing, with 63% agreeing to an economy-wide mandatory reporting system. Respondents noted that such a regime would strengthen intelligence gathering and law enforcement’s ability to address ransomware threats. However, concerns were raised about reporting burdens on individuals and smaller organisations.

Next Steps

The Government is proceeding with developing these measures, taking into account the feedback received. Key actions include:

  • Publishing detailed guidance to clarify the scope and implementation of the proposals
  • Exploring proportional penalties and tailored compliance measures for organisations of different sizes and sectors
  • Strengthening victim support services, including expert guidance, operational updates, and intelligence sharing
  • Maintaining the proposed 72-hour reporting window for initial incident notifications

Read more about the Government’s position here and the outcome of the consultation here. If you would like more information, please feel free to reach out to one of our dedicated cyber security lawyers, or if you would like keep up to date on the latest in data protection, please subscribe to our quarterly newsletter, The Data Download, and watch our recent webinar here.

Harbottle & Lewis advises Amdax on its acquisition of a strategic stake in Custodiex

Posted on by Julia Krol

We have advised Amdax, a Netherlands-based digital asset service provider, on its acquisition of a strategic stake in UK-based Custodiex, a specialist in quantum-safe cold storage solutions for digital assets.

Founded to provide cutting-edge custody infrastructure for financial institutions, Custodiex has established itself as a key innovator in the digital asset custody sector. The Manchester-based company’s quantum-safe solutions are designed to be scalable and future-proof, and meet the stringent international ISO 27001 security standard. The transaction enables Amdax to enhance its comprehensive digital asset platform.

Our team was led by partner Tom Macleod and managing associate Rosie Marston, with support from managing associate Katerina Capras and associates Elizabeth Compton and Matthew Shannon. Partner Yvonne Gallagher and associate Elisabeth Davies advised on employment aspects, partner Shireen Peermohamed and associate Samuel Flack advised on IP matters and senior associate Matthew Stephenson advised on property law matters.

On working with Harbottle & Lewis, Martin Cernohorsky, Amdax Head of Legal, commented:

Working with the Harbottle & Lewis team was a great pleasure. Their broad range of expertise and professionalism proved invaluable in navigating throughout the twists and turns of this deal. From the start we were in good hands. We look forward to continuing our collaboration with Harbottle & Lewis.”

Tom Macleod added:

We are delighted to have supported Amdax on this strategically significant acquisition. The combination of Amdax’s regulated platform with Custodiex’s innovative custody technology creates a compelling proposition for institutional clients across Europe. We look forward to seeing the continued success of this partnership as the digital asset custody market matures.”

Supreme Court ruling on ‘sex’ in Equality Act: workplace implications for Film & TV

Posted on by Julia Krol

In April 2025, the Supreme Court gave a judgment on the meaning of “sex” in the Equality Act 2010. Widely reported in the mainstream press, and generating considerable debate, we explain the judgment and how it relates to practices in the workplace.

The case of For Women Scotland v The Scottish Ministers concerned the meaning of the terms “man”, “woman” and “sex” in the Equality Act 2010 (EqA) in light of the Gender Recognition Act 2004. It decided that these terms refer to biological sex. This means that if someone identifies as trans, they do not change sex for the purposes of the EqA, even if they have a Gender Recognition Certificate.

The decision is an important development in the entrenched conflict between those on either side of the trans rights and gender critical debate. Unless future legislation changes the position, the judgment puts the meaning of sex in the EqA in unequivocal terms. Sex = biological sex.

So what does this mean for UK film and TV companies, who are employers or engage freelance cast and crew on productions? We’ve identified some key areas where this judgment will have an on-the-ground impact for clients:

Facilities

Employers need to consider their provision of workplace facilities, in particular toilets and changing areas. Under health and safety law, employers have to provide separate toilet facilities for men and women. Unless toilets are individual lockable rooms with wash basins (not just cubicles) then they ought to be single sex and reserved for those of biological sex. This could be a change of policy for production companies, as the prevailing approach has been to allow staff to use facilities in line with the sex they identify as. To continue permitting this could give grounds for claims of discrimination or harassment based on sex.

Companies will need to consider how to communicate or even enforce any policy changes around facilities with sensitivity towards all those impacted, and where possible identify solutions to provide compliant gender neutral ‘third’ spaces. This is not an easy task for those in the film and TV sectors, where the physical workplace is subject to change. Options for practical solutions may have to be assessed for each production or shooting location on a case by case basis.

Support for staff

The Supreme Court decision could have a real impact on some members of the workplace. Companies should consider steps which could be taken to support staff, through people team and wellbeing services. They might also consider reiterating a commitment to EDI, or even introducing improved provision in this area. Employers need to be alive to the possibility of complaints or even claims when contemplating policy changes and approach the issue with care, appreciating the differing views which may exist whilst ensuring inclusion is not compromised.

Protection under the EqA against discrimination or harassment because of or related to the protected characteristic of gender reassignment, or a person’s perceived sex, has not changed. In this context gender reassignment means proposing to undergo, undergoing or having undergone a process to reassign sex; it does not require a Gender Recognition Certificate or gender affirming medical treatment. Companies must consider how to balance the requirement to provide single sex facilities (bearing in mind the risk of sex discrimination claims if they are not compliant) with the rights of trans people not to experience gender reassignment discrimination at work.

Communications and respect at work

The decision undoubtedly leaves employers and companies navigating a tricky emotive issue with no perfect answers on best approach. Establishing a culture of respect in the workplace and ‘disagreeing well’ will be important, with acknowledgment that conflicting opinions will exist in diverse workplaces. This can be done through relevant policies, defined values or codes of conduct, with training and role modelling behaviours also being key. Those in management or people teams will need to ensure an even handed approach when dealing with clash of opinions between staff or the enforcement of any changes.

Looking ahead

The Supreme Court decision did not provide all the answers for employers managing challenging situations where they encounter a clash of rights based on different protected characteristics. The Equality and Human Rights Commission is consulting to produce detailed advice through an updated Code of Practice, expected after June this year. In the meantime, concerned employers should consider seeking legal advice on any significant changes to policy or approach. It is important to be mindful of the complexity and emotion in this debate, and to listen to employee representations and lobby groups. However ultimately employers must take workplace and policy decisions with the clear legal judgment from the Supreme Court in mind.

Court of Appeal decision in digital transformation case

Posted on by Julia Krol

The Court of Appeal recently held that a customer who instructed a supplier to provide digital transformation services was not entitled to delay payments (liquidated damages) of c. £1.6m.

This is because the prompt issuing of a “non-conformance report” by the customer was said to be a condition precedent to the customer receiving delay payments, and no such report was promptly issued. The Court reached this result notwithstanding the term “condition precedent” not being used in the contract.

The relevant provision provided that:

“6.1. If a Deliverable does not satisfy the Acceptance Test Success Criteria and/or a Milestone is not Achieved due to the CONTRACTOR’s Default, the AUTHORITY shall promptly issue a Non-conformance Report to the CONTRACTOR … The AUTHORITY will then have the options set out in clause 6.2.”

“6.2 the AUTHORITY may at its discretion … choose to … require the payment of Delay Payments…”

The Court of Appeal reached this decision because:

  1. It is not necessary for the term “condition precedent” to be used if the contract clearly provides that the relief is conditional on a requirement.
  2. The “if .., then ..” structure in the clauses was clearly conditional and without the non-conformance report, the clauses would not operate properly.
  3. It is not necessary for the deadline for the condition precedent to be expressed as a precise time period – “promptly” is sufficient.

The case shows that both contract drafters and litigators must pay close attention to remedies provisions to ensure that conditions precedent are not inadvertently included and are fully complied with.

The case can be found here: Disclosure and Barring Service v Tata Consultancy Services Ltd [2025] EWCA Civ 380.