Category: Insights

Can IP rights protect your image and persona?

Posted on May 27, 2026May 27, 2026 by Dea Dragashi

We are seeing an increasing trend towards celebrities applying to register aspects of their image and persona as trade marks, including in the UK, EU and US. This is no doubt an attempt to bolster their toolkit to prevent deepfakes and generative AI models from outputting voices or likenesses, and in controlling how their personal brand is used.

Following on the heels of Matthew McConaughey, who registered his “Alright, alright, alright” catchphrase, Taylor Swift is reported to have filed trade mark applications in the US covering voice clips such as “Hey, it’s Taylor” and a promotional image from her Eras tour.

In the UK, Jeremy Clarkson has registered a series mark containing two specific images, Cole Palmer has registered one image, and an application by Luke Littler for one image is currently pending. There is no reason in principle why an individual cannot apply to register their image, or even a video or audio clip, as a trade mark in the UK. In the EU, Dutch model Maartje Verhoef has succeeded in registering an image of herself as a trade mark, whilst an application by Jan Smit is still pending.

There are some question marks over the extent to which these trade marks can protect against images or
sounds that are not identical to the trade mark which has been registered, or which are not piggybacking on, or tarnishing, their reputation. However, they could be a useful tool against commercially driven clones, particularly where they cover recognisable and distinctive features such as a well-known soundbite or promotional image. They also potentially have deterrent value.

In the UK, trade marks can become vulnerable to challenge if they are not used for the goods and services for which they have been registered. They can also be challenged on bad faith grounds if they are registered without any genuine intention to use them. It is therefore important to consider the scope of protection sought very carefully, as well as how the trade marks will be used. The fact that individuals are considering registering elements of their persona as trade marks is perhaps also indicative of the fact that the UK does not have a standalone right of publicity or personality, unlike other jurisdictions. Existing protection for digital reproductions relies on a patchwork of rights such as passing off, misuse of private information, misuse of personal data and defamation. The recent government report on AI and copyright indicates that the government is considering introducing standalone personality rights protection.

In the meantime, however, we are advising a number of clients on generative AI and protection against digital replicas, and specifically on trade mark protection for names, images, likenesses and voices, and the use of them in AI training and outputs.

Do please reach out to our IP team if you would like to discuss this topic further.

Technology Briefing – May 2026

Posted on May 14, 2026 by Deborah King

Welcome to the spring edition of our technology briefing, designed to keep you updated on the latest legal and regulatory developments in the technology sector.

In this edition, we unpack the EU AI Act’s transparency obligations, highlighting recent developments and timelines for compliance. Additionally, we explore how businesses can challenge procurement decisions in government IT contracts and review the CMA’s updated guidance on unfair contract terms marking 10 years since the Consumer Rights Act 2015 was introduced. We also address the latest updates in data protection law. Finally, we cover the UK Government’s recently published Report on Copyright and Artificial Intelligence, which follows its consultation.

Recent Harbottle highlights include advising on the sale of After Party Studios to SISTER Group and launching our Indie Games Collective to mentor early-stage games businesses. We also published a thought leadership piece on AI-enabled cyber threats and, at C5’s AI & crypto fraud conference, Lizzie Williams shared insights on resolving smart contract disputes.

IN THIS EDITION

EU AI Act transparency obligations: latest developments and key obligations

A core requirement imposed by the EU AI Act (the Act) is in respect of transparency obligations for the AI systems used. The majority of the Act is expected to come into force on 2 August 2026. The European Parliament, however, has agreed a proposal that would delay the obligations imposed in respect of high risk AI systems.

Government IT contracts: how to challenge the procurement process

If your business enters into contracts with public sector entities for the provision of IT or related services, you will be familiar with the public sector tender and procurement processes. But are you familiar with what can be done to challenge the outcome of those processes?

Unfair contract terms in consumer contracts: new draft guidance from the CMA

If you deal with consumers, then you need to know how consumer law applies to your contract terms and notices. Ten years on from the introduction of the Consumer Rights Act 2015, the Competition and Markets Authority is revising its current guidance on unfair contract terms.

UK Government holds off on immediate AI Copyright reform

The Government has published its much-anticipated Report on Copyright and Artificial Intelligence, which follows a consultation that ran from 17 December 2024 to 25 February 2025.

Data protection update

This update includes key developments such as the ICO-HMG memorandum on data protection, new provisions under the Data (Use and Access) Act, guidance on international data transfers and age assurance, and significant enforcement actions like fines for unsolicited marketing, misuse of biometric data, and breaches involving children’s data, alongside global concerns over AI and high-profile investigations.

HARBOTTLE HIGHLIGHTS

Deal announcement: sale of After Party Studios

We have recently advised the shareholders of After Party Studios, a digital-first creative production company, on the sale of a majority stake to SISTER Group.

Harbottle & Lewis Indie Games Collective (IGC)

We recently launched our IGC, a mentorship programme which offers legal guidance to early-stage games businesses, to help them navigate in their next steps in the industry.

AI-enabled cybercrime

Our new thought leadership piece, developed with Sodali & Co and LevelBlue, builds on insights from our recent event. It highlights key AI-enabled cyber threats, offers practical talking points, and provides actionable recommendations to support informed discussions with risk, legal, and cyber security teams.

Read here >

AI & crypto fraud and asset recovery conference

Lizzie Williams recently spoke at this annual conference hosted by C5 Communications. She joined a panel to discuss smart contract disputes: what they are, how to avoid them and how to resolve them. The session proved valuable for those interested in coded contracts.

Please contact our technology experts if you would like to discuss anything in this briefing.

Data protection update

Posted on May 11, 2026May 11, 2026 by Deborah King

This update includes key developments such as the ICO-HMG memorandum on data protection, new provisions under the Data (Use and Access) Act, guidance on international data transfers and age assurance, and significant enforcement actions like fines for unsolicited marketing, misuse of biometric data, and breaches involving children’s data, alongside global concerns over AI and high-profile investigations.

General updates

On 8 January, the Information Commissioner’s Office and His Majesty’s UK Government (HMG) signed a Memorandum of Understanding (MOU) to formalise their shared commitment to improving data protection standards which includes appointing a Government Chief Data Officer to oversee data protection risks and compliance across HMG departments and key governance boards, such as the Transformation Board and Government Security Board, will monitor data protection risks and progress.
On 3 February, the ICO opened formal investigations into X Internet Unlimited Company (XIUC) and X.AI LLC (X.AI) covering their processing of personal data in relation to the Grok artificial intelligence system and its potential to produce harmful sexualised image and video content.
On 5 February, most of the remaining data protection provisions of the Data (Use and Access) Act have come into force, except for the requirement for organisations to have a complaints procedure which is due to commence on 19 June 2026 and some ICO governance provisions which will follow at a later date. Such provisions now in force include only having to carryout, a “reasonable and proportionate” search in response to data subject access requests and the maximum fine issued under the Privacy and Electronic Communications Regulations is no longer £500,000 but, now matches the GDPR of up to £17.5 million or 4% of global turnover (whichever the greater).
On 23 February, privacy regulators from around the world issued a joint statement addressing mounting concerns over artificial intelligence (AI) systems that create realistic images and videos of identifiable individuals without their consent.
On 11 February 2026, the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) issued a joint opinion on the European Commission’s Digital Omnibus Regulation proposal, which seeks to streamline digital regulations, reduce administrative burdens, and enhance competitiveness across the EU. The EDPB and EDPS strongly oppose proposed changes to the definition of personal data, warning that they could narrow its scope, weaken privacy protections, and create legal uncertainty.
On 25 April, John Edwards, the UK’s Information Commissioner, announced that he has temporarily stepped back from his role as the ICO conducts an independent investigation into unspecified “HR matters.” Edwards, who has held the position since January 2022, announced his cooperation with the inquiry in a LinkedIn post.

Latest guidance

On 15 January 2026, the Information Commissioner’s Office released updated guidance on international transfers of personal data under the UK GDPR. Key updates include: a three-step test for restricted transfers and explanations on roles and responsibilities, particularly for complex, multi-layered transfer scenarios. The regulators back several provisions aimed at reducing administrative burdens, including raising thresholds for mandatory data breach notifications and extending deadlines for reporting.
On 12 March 2026, the UK’s data protection regulator, the Information Commissioner’s Office has published an open letter to social media and video-sharing platforms operating in the UK calling on them to urgently strengthen their age assurance measures.
On 25 March 2026, Ofcom and the Information Commissioner’s Office released a joint statement outlining regulatory expectations for age assurance measures under the Online Safety Act and UK data protection laws. The statement aims to help online services protect children from harmful content and data risks while ensuring compliance with both legal frameworks.
On 31 March, the ICO called on businesses to review their use of automated decision-making in recruitment to ensure compliance with data protection laws and to protect jobseekers from unfair or biased outcomes.
On 29 April 2026, the Information Commissioner’s Office (ICO) released its finalised guidance on Storage and Access Technologies alongside an update on its online tracking strategy. This guidance addresses the application of the Privacy and Electronic Communications Regulations and, where relevant, the UK GDPR to technologies such as cookies, tracking pixels, device fingerprinting, and similar tools. It incorporates updates following two consultations and amendments introduced by the Data (Use and Access) Act 2025.
On 14 April 2026, the European Data Protection Board announced a new Data Protection Impact Assessment template to simplify compliance with the General Data Protection Regulation and promote consistency across Europe.

Latest enforcement action

On 15 January, the Information Commissioner’s Office fined Allay Claims Ltd £120,000 for sending over 4 million unsolicited marketing SMS messages between February 2023 and February 2024. These messages promoted PPI tax refund services and were sent without valid consent or compliance with the ‘soft opt-in’ exemption. Allay argued that recipients were existing customers who had engaged with the company in 2019 and signed terms of engagement, which it believed satisfied the ‘soft opt-in’ exemption. However, aggravating circumstances included Allay was previously investigated by the ICO in 2020 for PECR breaches and despite the investigation and complaints, Allay failed to suspend its marketing activities, resulting in further complaints. The distress caused to recipients, as unsolicited marketing is intrusive and can lead to financial harm, particularly in the context of PPI tax refund services, which often involve high fees and hidden charges.
On 2 January, The President of the Personal Data Protection Office (Poland’s data protection authority) imposed a fine of PLN 978,128 (approximately €232,379) on T. S.A. for the failure to ensure the independence of the Data Protection Officer (DPO) and the absence of measures to prevent conflicts of interest in the DPO’s role. The DPO of T. S.A. simultaneously held a managerial role (Director V.) and other positions within the company. The company’s history of GDPR violations was considered an aggravating factor, as it demonstrated ongoing compliance challenges. The company resolved the identified issues by restructuring the DPO’s role before the administrative proceedings concluded. This led to a 40% reduction in the fine.
On 29 January, the Italian Data Protection Authority (GPDP) fined e-Campus Online University €50,000 for unlawfully using facial recognition technology to verify student attendance during a teacher qualification course. The university processed biometric data without a valid legal basis, relying on invalid consent while failing to conduct a proper Data Protection Impact Assessment (DPIA) before implementation. The GPDP highlighted several violations of GDPR, including unnecessary data retention, lack of alternatives for students, and the power imbalance inherent in requiring biometric data for course participation. While the university cooperated with the investigation and ceased using the system, the fine reflected the serious nature of processing sensitive biometric data and the large number of students affected.
On 13 February, the ICO and Ofcom responded to an open letter from approx. 20 MPs urging the ICO to investigate Tattle Life for potential breaches of data protection laws after the death of a social media influencer’s 16 year old daughter.
The ICO confirmed it has an ongoing investigation into Tattle Life, examining its compliance with data protection laws. These include obligations to process personal data lawfully, transparently, and fairly, and to address user requests for data rectification or erasure. While the ICO does not have the authority to shut down websites, it can issue enforcement notices to ensure compliance if data protection violations are identified.
On 19 February, the ICO won its appeal in a landmark case against DSG Retail Limited. The dispute originated from a 2020 ICO fine of £500,000 imposed on DSG after a cyber-attack compromised the personal data of at least 14 million individuals. Despite appeals by DSG to the First-tier Tribunal and Upper Tribunal, the ICO sought further clarification on a critical point of data protection law by appealing to the CoA in 2024. The court clarified that this duty applies even if the stolen data cannot directly identify individuals, recognising the broader harm caused by cyber-attacks.
On 3 February, the ICO reprimanded Staines Health Group for sending excessive medical details about a terminally ill patient to their insurance company, Vitality. A patient at the NHS GP surgery was diagnosed with a terminal illness and made a claim to their insurer. The insurer, on behalf of the patient, subsequently requested that five years of medical history be sent to the patient to review, before being sent to the insurer in order to progress the claim. But, instead of five years of medical history being sent to the patient, Staines Health Group sent 23 years of medical records direct to the insurer. The patient believed the excessive disclosure of unnecessary medical records led to a reduction in the payout of their claim.
On 3 February, the ICO issued a monetary penalty of £100,000 to TMAC Ltd for making calls promoting alarm systems and monitoring services to individuals registered with the Telephone Preference Service.
On 4 February, the ICO issued a Penalty Notice to MediaLab.AI, Inc. fining it £247,590 for UK GDPR breaches relating to children’s data and the absence of a DPIA. The ICO found unlawful processing of under-13s’ data without valid parental consent and a failure to complete a DPIA for high-risk processing affecting under-18s during 27 September 2021 to 30 September 2025.
On 23 February 2026, the ICO issued a Penalty Notice to Reddit, Inc of £14,472,500 for UK GDPR breaches involving children’s personal data and failure to complete a DPIA.

The AI-enabled threat landscape: real world lessons from lawyers, PR and cybersecurity experts

Posted on April 30, 2026April 30, 2026 by Deborah King

In collaboration with Sodali & Co and LevelBlue, we have produced a new report offering vital insights into AI-driven cybercrime. Designed for non-technical executives and board members, it highlights key threats, practical talking points, and actionable steps to support discussions with risk, legal, and cyber security teams.

AI is transforming the cyber threat landscape, enabling faster, cheaper and more personalised attacks while lowering the entry barrier for malicious actors. These risks pose significant financial, operational and reputational challenges for businesses.

Download the full report here

EU AI Act Transparency Obligations: latest developments and key obligations

Posted on April 24, 2026May 13, 2026 by Deborah King

A core requirement imposed by the EU AI Act (the Act) is in respect of transparency obligations for the AI systems used.

The majority of the Act is expected to come into force on 2 August 2026. The European Parliament, however, has agreed a proposal that would delay the obligations imposed in respect of high risk AI systems. The remaining provisions of the Act remain largely unaffected, and businesses should operate on that basis, noting that breaching these obligations can result in a fine of up to EUR 15 million or 3% of their total worldwide annual turnover for the preceding financial year (whichever is higher).

The Act raised a number of questions around how companies would comply with their transparency obligations. This led to the creation of a draft code of practice (the “Code of Practice on Marking and Labelling of AI-generated content” (the Code)), integrating feedback from hundreds of participants and observers including industry, academia and other stakeholders.

The Code of Practice on marking and labelling of AI-generated content

The second draft of the Code was published on 3 March 2026 and a final version is expected by June 2026. The Code is subject to further amendments, but sets out four key requirements to demonstrate compliance:

multi-layered marking through metadata embedding, imperceptible watermarking, or fingerprinting/logging;
providers having to offer a free interface or publicly available tool enabling users and third parties to verify whether content is AI-generated;
technical solutions for marking and detection must be effective and reliable; and
continuous testing and improvement to keep pace with real-world developments.

The transparency obligations

The Code is underpinned by the underlying transparency obligations in the Act.

The extent of these obligations is influenced by different factors such as whether the AI system is classified as limited or high risk; and whether you are a deployer or provider.

For limited risk AI systems:

If you are a provider

A ‘provider’ is a company, individual, public authority, agency or body that: (a) develops, or procures the development of an AI system or general-purpose AI model; and (b) places it on the market or puts it into service under its own name or trademark. In other words, this applies to those who set out to create, or procure the creation of an AI system.

Providers of limited risk AI systems must comply with three core transparency requirements.

AI systems must be designed to inform individuals that they are engaging with an AI system;
Providers must ensure that outputs are marked in a machine-readable format and are detectable as artificially generated or manipulated; and
Technical solutions employed must be effective, interoperable, robust and reliable.

The question of how providers can satisfy these requirements has been a recurring area of discussion, such that the European Commission has stepped in to provide guidance via the voluntary code of practice on the transparency of AI-generated content. We discuss this in further detail below.

If you are a deployer

In contrast, a ‘deployer’ is a company, individual, public authority, agency or body using an AI system under its authority, except where the AI system is used in a personal non-professional activity.

Given that deployers are effectively users with little to no control over the AI system, they are subject to much fewer disclosure requirements. The Act only imposes obligations on deployers of three specific types of AI systems:

emotion recognition or biometric categorisation systems;
deepfakes, where the system generates or manipulates image, audio or video content; or
systems generating or manipulating text published to inform the public on matters of public interest.

For high risk AI systems:

If you are a provider

Unsurprisingly, the Act imposes the most obligations for this category. In general, it will include requirements for providers to supply instructions for safe use and information about accuracy, robustness, and cybersecurity. Individuals overseeing such systems must be suitably qualified to understand the system’s capacities and limitations, with various recordkeeping and risk management protocols.

If you are a deployer

Similar to above, deployers face fewer but a broader set of obligations reflective of the higher risk AI system. These include the implementation of specific governance, monitoring, transparency and impact assessment requirements. The key obligations can be grouped under two headings:

Operational obligations

The deployer must implement appropriate measures to ensure the high-risk AI system is used in accordance with the relevant instructions for use, that input data is relevant and sufficiently representative for the intended purpose of the system, and monitor its operation in order to be able to inform the provider in the event it identifies any risks or serious incidents.

Control and risk management obligations

A deployer must conduct a fundamental rights impact assessment (FRIA) before deploying the system, assign human oversight to individuals with the necessary competence, train and regularly monitor the AI system for risks, and keep the logs of the AI system in an automatic and documented manner for at least six months.

Future outlook

The trajectory is unmistakable: the Act positions transparency as a core principle, which is going to impact design choices, user interfaces and governance processes. Organisations will be expected to comply with the Code and the underlying transparency obligations that underpin it.

Companies leveraging AI along their supply chain should therefore prioritise embedding and documenting transparency measures that can withstand both regulatory and legal scrutiny, while ensuring alignment with wider IP governance and strategic commercial decisions.

For more information the EU AI Act and the Code and how they might impact your business, contact Sacha Wilson and Jacky Lai.

Unfair contract terms in consumer contracts: new draft guidance from the CMA

Posted on April 24, 2026April 24, 2026 by Deborah King

If you deal with consumers, then you need to know how consumer law applies to your contract terms and notices.

Ten years on from the introduction of the Consumer Rights Act 2015 (the CRA), the Competition and Markets Authority (the CMA) is revising its current guidance on unfair contract terms.

The draft guidance is aimed at making the guidance more accessible, helping businesses better understand and comply with the CRA. The consultation closed on 19 March 2026. Once finalised, it will replace the existing guidance on unfair contract terms.

Which terms are unfair?

Contract terms are unfair if they tilt the rights and responsibilities excessively in favour of the supplier. The law currently uses a ‘fairness test’ by looking at the words in the contract, taking into consideration what is being sold, how a term relates to other terms in the contract, and all the circumstances at the time the term was agreed.

Certain terms and notices giving rise to particular concerns are ‘blacklisted’ and deemed as unsuitable for use with consumers. These include terms that exclude or restrict liability for death or personal injury resulting from negligence, a consumer’s statutory rights and any associated remedies. Blacklisted terms are never enforceable against a consumer.

What are the key changes in the draft guidance?

Enhanced CMA enforcement powers under the DMCC:

The updated guidance integrates the Digital Markets, Competition and Consumer Act 2024 (the DMCC), enabling the CMA to impose penalties without going to court for businesses that use prohibited, non-transparent or unfair terms or notices. Fines may be up to 10% of a company’s global turnover or £300,000 (whichever is higher).

Transparency – more than words:

Transparency now covers not just the content itself, but also its presentation by requiring clear fonts and headings that follow a logical structure, supported by explanation of terms which may be complex or challenging to understand.

Fairness and consumer behaviour:

The requirement of ‘good faith’ should include a behavioural dimension. Suppliers must consider consumer psychology and avoid exploiting consumer biases — for instance, consumers’ tendency not to read standard terms thoroughly, or to underestimate future costs such as renewal or termination fees. Campaigns emphasising quick benefits, such as a free trial, while using tactics to minimise attention as to future costs will face greater scrutiny. Automatic renewal of subscriptions are also specifically noted as an area of concern, with the DMCC’s new subscription provisions (to enter into force no later than August 2026) adding further obligations.

The role of advertising:

Advertising is explicitly incorporated into the fairness assessment, requiring consistency between terms and marketing claims. Small print which removes or curtails more prominent claims, failing to highlight key terms during the marketing process, or inconsistency between marketing claims and the contract terms could give rise to an unfair commercial practices. Statements made by a supplier that a consumer is likely to see may also be treated as terms of the contract.

Exclusions and variations to the contract:

Vague language such as “liability is excluded so far as the law permits” will not remedy an unfair clause; and terms allowing a supplier to vary terms such as changing the description or price of the services or goods may now be deemed unfair should they be overly wide in scope or result in changes that may be unexpected to the customer.

What are the key takeaways for consumer businesses?

The draft guidance makes clear that unfair, onerous or significantly unbalanced terms will be closely scrutinised. Suppliers should ensure that lines of communication with customers are clear, transparent and user-friendly to understand.

Contract terms should similarly be reviewed to make sure that they strike a reasonable balance without prejudicing consumers by including reasonable protections around cancellation or refund rights.

For more information on how the new guidance will impact your consumer contracts, contact Sacha Wilson and Jacky Lai.

Government IT contracts: how to challenge the procurement process

Posted on April 24, 2026April 28, 2026 by Deborah King

If your business enters into contracts with public sector entities for the provision of IT or related services, you will be familiar with the public sector tender and procurement processes. But are you familiar with what can be done to challenge the outcome of those processes?

Whether it is an issue with the application of the scoring criteria, or how the process has been conducted, your business may have the ability to challenge contract awards.

However, in order to do so effectively, your business will need to move quickly and ensure that it deploys the various legal tools available to it strategically.

What is the relevant legislation?

In 2025, the Procurement Act 2023 (the Act) came into force. This represented the most significant development to UK public procurement laws for over 30 years, replacing the well-established EU-founded regime under the Public Contracts Regulations 2015 (the PCR).

How long do you have to bring a claim?

The period during which a legal claim can be brought under the Act is very short and remains largely unchanged from the PCR. In summary:

If you are a supplier seeking to challenge an award, the period to bring a claim is just 30 days from when they knew, or ought reasonably to have known, of the circumstances giving rise to the claim. However, this may be extended for up to three months where the court considers there is a good reason to do so.

If you are supplier seeking to set aside a contract that has been entered into, the period to bring a claim is 30 days from the date it knew or ought to have known of the circumstances giving rise to a claim with a long stop date of 6 months from the date the contract was entered into.

However, the parties can enter into a standstill agreement which, in effect, extends the limitation period, allowing the parties an opportunity to resolve the dispute.

Can you prevent the authority from entering into a contract with another supplier whilst you challenge the decision?

Under the previous regime, contracting authorities were required to observe a 10-day waiting period following the issue of a ‘standstill letter’ to all tendering suppliers before entering into a contract with the preferred supplier. Claims issued prior to contract execution would trigger an automatic suspension of the procurement process.

The Act reduces the standstill period from 10 to eight working days, with the period now triggered by the contract award notice instead of the issue of a standstill letter. Claimants are no longer entitled to the benefit of automatic suspension up until the date of contract execution. This is a significant shift from the previous position and impacts upon strategic considerations.

What information do you have about the decision-making process?

There are various ways you can find out more about the decision-making process. One of them is that contracting authorities must publish a Contract Award Notice on a central digital platform, and an assessment summary to each supplier that submitted an assessed tender.

The assessment summary must include: (a) the scores awarded for each criterion; (b) an explanation of those scores; and (c) in respect of unsuccessful suppliers, the reasons why the contract was not awarded to them, together with the corresponding information at (a) and (b) for the successful tender.

The enhanced disclosure requirements are a positive development for suppliers looking for substantive grounds on which to base a potential challenge.

What remedies can you obtain when challenging an award?

In many cases, compromise solutions are reached with the relevant authority without a claim needing to be issued. However, if you do pursue a claim, the remedies available remain mostly unchanged from the previous regime. There are two main categories:

Pre-contractual remedies:

Where a contract has been awarded but not yet executed, a successful challenge may result in the court granting one of the following orders:

an order setting aside the relevant decision or action (including the decision to award the contract);
an order requiring the contracting authority to take specified action (such as reconsidering a decision previously made);
an order for damages (which may be granted in addition to any other order, and has historically encompassed lost profits arising from the breach and/or wasted bid costs); or
such other order as the court considers appropriate.

Post-contractual remedies:

Where the awarded contract has been executed, the available remedies are limited to damages and/or an order setting aside the contract (subject to certain conditions in the Act).

What does this mean for suppliers?

If you are concerned about a procurement decision, then given the short timeframes for challenge, it is critical to seek legal advice at the earliest possible opportunity to allow your advisors time to evaluate the claim and devise and deploy the optimum strategy.

The Act’s emphasis on transparency, creating a level playing field and the introduction of new obligations on contracting authorities, expands the scope for potential challenges.

You will however need to navigate the reduced standstill period, which now runs for 8 working days from the contract award notice, and the fact that automatic suspension is no longer available until the date of contract execution.

If you would like to find out more about how to make procurement challenges, contact Lizzie Williams and Jacky Lai.

Workplace stress claims: Howard Hymanson’s expert perspective on stress in the workplace and employee wellbeing

Posted on April 23, 2026May 13, 2026 by Anna Weeden

“The obligation on employers to ensure a safe system of work applies equally to protecting someone’s mental health as it does their physical health.”

Partner and co-head of our employment practice Howard Hymanson has been featured today in the latest episode of The Charlène Gisèle Show.

Charlene’s podcast is aimed at successful professionals wanting to achieve their career goals without the stress. As a former lawyer turned executive coach, Charlène aims to guide individuals to a balanced career without sacrificing success.

In this episode, Howard shares his insights on workplace stress from navigating stress claims and discrimination to addressing burnout and fostering healthier workplace cultures. Howard, who is a leading expert on stress at work compensation claims and mental health in the workplace, provides his perspective which lies at the intersection of employment law and wellbeing.

The full episode can be watched here.

Branded Content: Navigating the New World

Posted on April 1, 2026March 30, 2026 by Anna Weeden

With traditional commissions remaining hard to come by, producers are increasingly seeking branded content as an alternative ‘holy grail’ to getting their shows funded. But what exactly is it? And how does having a brand onboard interplay with broadcasters’ duties to the public?

ISN’T IT JUST THE SAME AS SPONSORSHIP?

Advertiser Funded Programming (AFP), means programmes created with the input of a brand – often financial but it can also be creative too. Branded content on the other hand, usually means programmes created by producers for a brand where the brand effectively acts as commissioner. Increasingly, the term “branded content” is used colloquially in the TV industry to mean either.

Crucially, AFP for traditional TV is where the brand buys into the existing editorial integrity of the programme and is looking to reach consumers by aligning with the programme’s existing values. As Jon Willers of The Development Network puts it, “branded content for Channel 4 must feel like something they would commission anyway”. In other words, the branding is complementary, or supplementary, to the story being told. Of course, there is branded content which starts with the brand and works backwards, but again, the final product isn’t intended to look and feel like an advert.

The key difference between AFP and sponsorship is that usually with AFP, there is a deeper relationship with the programme makers (the producer and broadcaster) and the programme itself. The Branded Content Marketing Association describes it as “any means by which an advertiser can have a deeper relationship with programming product beyond traditional media activity”. This definition requires a funding relationship with the programme or series that goes beyond sponsorship because the funding goes directly into production. Effectively, it is programming that wouldn’t exist without the brand partner. Sponsors, on the other hand, rely on the right programme being available, and only then are they able to secure sponsorship on it.

WHO OWNS THE IP?

Typically, in AFP, brands do not take a share of the intellectual property rights in the programme as they perceive the value of the partnership to lie in the exposure and reach it provides for their brand. This is good news for producers as it leaves them free to exploit the format and the like, subject to any terms agreed with the broadcaster. However, this position may be changing, at least in the digital space, as brands get savvier to the potential upside in owning a share of the IP-pie. Some might even be interested in a share of net revenues from producers’ exploitation of the programme on the secondary market after the initial broadcast. With negotiations wide open, it’s all to play for. For public service broadcaster (PSB) deals, though, under the Terms of Trade, the producer must remain the owner of the IP in the shows (which means that certain brands who are entering the AFP space for the first time may need to have their expectations managed).

HOW DOES BRANDED CONTENT WORK FOR THE PSBS WITHIN THE OFCOM RULES?

The BBC has historically shied away from any type of brand involvement in its shows, primarily due to restrictions on its funding and operational framework. The BBC is funded by the licence fee, which is public money provided by Parliament. It is prohibited from using these funds for services that are wholly or partly financed through advertisements, sponsorship, or other alternative funding methods, unless prior written approval is granted by the Secretary of State. This restriction ensures that the BBC remains independent and free from commercial influence, maintaining its public service remit. That being said, commercial arms of the BBC do engage in brand-funded content, like BBC StoryWorks which commissions branded content for the non-UK market.

The other PSBs however, have previously engaged in a fair level of AFPs, but the last few years has seen a huge rise as the climate for fully funding their shows remains challenging. A good example is Cooking With the Stars in partnership with Marks & Spencer; DNA Journey with Ancestry; and John and Lisa Down-Under with Trailfinders.

However, the PSBs fall under the jurisdiction of Ofcom, meaning any branded-funded content they show needs to comply with the Ofcom Broadcasting Code (the Ofcom Code).

PRODUCT PLACEMENT UNDER THE OFCOM CODE

Product placement involves the inclusion of a product, service or trade mark within a programme in return for payment or other consideration.

Product placement is permitted in certain types of programmes, such as films, TV series’, entertainment shows, and sports programmes, provided it complies with the rules set out in Section 9 of the Ofcom Code. These rules require that product placement does not compromise editorial independence, is not unduly promotional and is clearly signalled to viewers through a universal product placement logo displayed at the start, end and after advertising breaks in the programme. This means that whilst certain brands may want to have control over how their products are featured in content, the extent to which they can do so is limited under the Ofcom Code meaning their expectations need to be managed accordingly.

SPONSORSHIP UNDER THE OFCOM CODE

Under the Ofcom Code, the sponsor may not influence the editorial content of the programme. The sponsorship must be clearly identified and there must be a clear distinction between editorial content and advertising to maintain transparency and consumer protection. Whilst we said above that AFP and sponsorship are not the same, the sponsorship rules in the Ofcom Code may well still apply to brand-funded content.

SO, WHAT DOES THIS MEAN?

In short, setting aside the BBC (which is subject to additional restrictions) branded content for the PSBs is permitted provided producers successfully navigate and adhere to the standards and transparency requirements of the Ofcom Code.

WHAT ABOUT STREAMING PLATFORMS?

For the PSBs’ digital offerings, like Channel 4, BBC iPlayer and ITVX, the regulatory landscape is currently different than for their PSB main channel counterparts, as the Ofcom Code itself does not apply. The same is true for streamers like Netflix and Amazon Prime. Instead, VOD services are currently regulated by the ODPS (On-Demand Programme Services) Rules which impose alternative broadcast standards. Whilst the ODPS Rules on sponsorship and product placement are broadly similar to the Ofcom Code, they are slightly lighter with regards to how VOD services are allowed to implement them. For example, under the Ofcom Code, product placement must be editorially justified and signalled with a ‘PP’ logo. That being said, the ODPS Rules for signalling requirements must only ensure that viewers are adequately informed about product placement – there is no strict format requirement. This means an ODPS would be able to use its end credits to disclose a promotional consideration.

The Media Act 2024, now in force, gave Ofcom the power to create a new Ofcom code which will apply to Tier 1 Video On-Demand (VOD) services (the VOD Code), This would cover the PSBs’ VOD offerings as well as independent streaming services like Netflix, Amazon Prime and Disney+ etc. Will this tighten up the rules on branded content in the online space? Based on current thinking, the new Ofcom code will not focus on these areas meaning ODPS will continue to be governed by the existing ODPS Rules.

HOW ABOUT YOUTUBE, INSTAGRAM AND TIKTOK?

YouTube is the home of long-form branded content; Instagram and TikTok are the home of short-form branded content and clips. Brands and producers make use of all of them as part of a cohesive, multi-platform branded strategy.

Crucially, none of the above Ofcom or ODPS Rules currently apply to YouTube, TikTok or Instagram. A recent Government announcement has confirmed that video-sharing platforms like YouTube, will not in and of themselves be designated as Tier 1 VOD (though some individual channels on YouTube with a high number of subscribers, like the PSB’s own YouTube channels, may be caught).

Instead, branded content on these types of platforms is subject to the CAP Code. This is a separate set of rules governed by the Advertising Standards Authority which states that, where a brand has editorial control, there must be clear labelling to allow viewers to easily recognise the content as an advert, and messages should not be conveyed surreptitiously. On social media sites, influencers must use clear labels like “#ad” to ensure transparency where they are posting a brand-funded video.

WHAT NEXT FOR BRANDED CONTENT?

Branded Content shows no sign of waning. Whilst the regulatory landscape continues to evolve, producers, broadcasters and brands remain set on navigating the rules and reaping the benefits that collaboration between traditional TV indies and brands can bring.

We are experts in advising on both sides of the fence as well as advising on deals with broadcasters where there is brand involvement. Our advice ranges from deal-making and structuring, contract drafting, negotiation and advice on the regulatory regime. If you are a TV production company, agency or a brand working on a branded content or AFP project, please get in touch.

UK Government holds off on immediate AI Copyright reform

Posted on March 24, 2026March 24, 2026 by Dea Dragashi

The Government has published its much-anticipated Report on Copyright and Artificial Intelligence, which follows a consultation that ran from 17 December 2024 to 25 February 2025.

The consultation received 11,520 responses from a broad range of stakeholders, including creators, rights holders, and AI developers, with widely different sentiments on how the future of copyright law should be shaped to accommodate AI.

The report is not a statement on the Government’s plans to reform the law but instead signals that it will continue to consider the questions raised by AI for stakeholders in the UK, including those in the creative industries. The conclusion of the report is that there is little the Government can do without further investigation: it identifies limited consensus amongst stakeholders and notes that the international and technological pictures are sufficiently fast moving that legislating at this stage would be premature. This is similar to the conclusion that the Government reached after its prior consultation on AI (launched in 2022).

Although the report is inconclusive on what the future will look like, the fact that the Government has no plans to pursue a broad-brush text and data mining exception (TDM) in the near future is a win for IP rights holders and the creative industries more broadly. The detailed analysis provided by the Government also gives some insight on the direction of travel and will assist in any action that those impacted by AI may want to take to shape the future of copyright law in the UK:

The Government believes that rights holders should be “fairly remunerated” for the value added to the AI supply chain but, for now, there will be no new copyright exception for AI training:

The Government has ditched its previous preferred approach of a broad TDM exception with an opt-out mechanism. This is following strong opposition from the creative sector. The Government plans to gather further evidence and monitor developments before deciding whether and how to act. Rather than legislative intervention, the Government’s immediate focus is on developing best practice around transparency of training inputs, which it sees as a prerequisite for both rights enforcement and a functioning licensing market. The Government aims to test commercial models for licensing as part of the “Creative Content Exchange” announced last year, and plans to launch its operational pilot platform by Summer 2026.

The report also offers a summary of the alternatives to a broad TDM exception, which were put forward by industry respondents to the consultation. These include a “focused exception” to copyright that would support commercial science and research (an extension of the existing non-commercial research exception), or a public interest exception that would permit AI tools to ingest copyright content for the purposes of detecting harm. The Government is clear that any exception would only apply to material that had been lawfully accessed (i.e., not pirated) and suggested that – if such an exception were to be brought into law – it might include a statutory remuneration model for rightsholders.

Computer-generated works protection likely to be scrapped:

The Government states that its preferred approach would be to remove copyright protection for wholly computer-generated works with no human author, while retaining protection for AI-assisted works where a human has contributed creatively. It says that this is consistent with the principle that copyright “should incentivise and protect human creativity”. This reflects the fact that the majority of respondents were in favour of scrapping the provisions.

The Government is to consider merits of introducing a “personality right” to combat digital replicas:

The report identifies digital replicas (i.e., AI-generated imitations of a person’s voice or likeness) as an area where existing copyright and performers’ rights provisions are inadequate. The Government intends to “explore options” to combat the risks of impersonation for both artists and the general public, including whether creating a new “personality right” may be the most appropriate step. In the meantime, the report acknowledges that more well-known artists may be able to protect their voice or likeness via the tort of passing off or via registered trade marks, but for lesser-known artists and the general public, this will be insufficient.

If you’d like to read the full report, it is available here: Report on Copyright and Artificial Intelligence.

If there’s anything raised by the Government report that you’d like to talk about, don’t hesitate to get in touch.