Contact | Search |

Tag: Lizzie-Williams

Government IT contracts: how to challenge the procurement process

Posted on by Deborah King

If your business enters into contracts with public sector entities for the provision of IT or related services, you will be familiar with the public sector tender and procurement processes. But are you familiar with what can be done to challenge the outcome of those processes?

Whether it is an issue with the application of the scoring criteria, or how the process has been conducted, your business may have the ability to challenge contract awards.

However, in order to do so effectively, your business will need to move quickly and ensure that it deploys the various legal tools available to it strategically.

What is the relevant legislation?

In 2025, the Procurement Act 2023 (the Act) came into force. This represented the most significant development to UK public procurement laws for over 30 years, replacing the well-established EU-founded regime under the Public Contracts Regulations 2015 (the PCR).

How long do you have to bring a claim?

The period during which a legal claim can be brought under the Act is very short and remains largely unchanged from the PCR. In summary:

  • If you are a supplier seeking to challenge an award, the period to bring a claim is just 30 days from when they knew, or ought reasonably to have known, of the circumstances giving rise to the claim. However, this may be extended for up to three months where the court considers there is a good reason to do so.
  • If you are supplier seeking to set aside a contract that has been entered into, the period to bring a claim is 30 days from the date it knew or ought to have known of the circumstances giving rise to a claim with a long stop date of 6 months from the date the contract was entered into.

However, the parties can enter into a standstill agreement which, in effect, extends the limitation period, allowing the parties an opportunity to resolve the dispute.

Can you prevent the authority from entering into a contract with another supplier whilst you challenge the decision?

Under the previous regime, contracting authorities were required to observe a 10-day waiting period following the issue of a ‘standstill letter’ to all tendering suppliers before entering into a contract with the preferred supplier. Claims issued prior to contract execution would trigger an automatic suspension of the procurement process.

The Act reduces the standstill period from 10 to eight working days, with the period now triggered by the contract award notice instead of the issue of a standstill letter. Claimants are no longer entitled to the benefit of automatic suspension up until the date of contract execution. This is a significant shift from the previous position and impacts upon strategic considerations.

What information do you have about the decision-making process?

There are various ways you can find out more about the decision-making process. One of them is that contracting authorities must publish a Contract Award Notice on a central digital platform, and an assessment summary to each supplier that submitted an assessed tender.

The assessment summary must include: (a) the scores awarded for each criterion; (b) an explanation of those scores; and (c) in respect of unsuccessful suppliers, the reasons why the contract was not awarded to them, together with the corresponding information at (a) and (b) for the successful tender.

The enhanced disclosure requirements are a positive development for suppliers looking for substantive grounds on which to base a potential challenge.

What remedies can you obtain when challenging an award?

In many cases, compromise solutions are reached with the relevant authority without a claim needing to be issued. However, if you do pursue a claim, the remedies available remain mostly unchanged from the previous regime. There are two main categories:

Pre-contractual remedies:

Where a contract has been awarded but not yet executed, a successful challenge may result in the court granting one of the following orders:

  • an order setting aside the relevant decision or action (including the decision to award the contract);
  • an order requiring the contracting authority to take specified action (such as reconsidering a decision previously made);
  • an order for damages (which may be granted in addition to any other order, and has historically encompassed lost profits arising from the breach and/or wasted bid costs); or
  • such other order as the court considers appropriate.

Post-contractual remedies:

Where the awarded contract has been executed, the available remedies are limited to damages and/or an order setting aside the contract (subject to certain conditions in the Act).

What does this mean for suppliers?

If you are concerned about a procurement decision, then given the short timeframes for challenge, it is critical to seek legal advice at the earliest possible opportunity to allow your advisors time to evaluate the claim and devise and deploy the optimum strategy.

The Act’s emphasis on transparency, creating a level playing field and the introduction of new obligations on contracting authorities, expands the scope for potential challenges.

You will however need to navigate the reduced standstill period, which now runs for 8 working days from the contract award notice, and the fact that automatic suspension is no longer available until the date of contract execution.

If you would like to find out more about how to make procurement challenges, contact Lizzie Williams and Jacky Lai.

Model Behaviour: Stability AI’s model is not an “infringing copy”, but legality of AI training remains unresolved

Posted on by Dea Dragashi

In the recent judgment in Getty Images v Stability AI [2025] EWHC 2863 (Ch), the High Court considered whether the generative AI model Stable Diffusion infringed copyright in works owned by/licensed to Getty Images, and further whether the model outputs infringed Getty Images’ trade marks. Getty argued that millions of its images had been used without permission to train the Stable Diffusion model, and that the model itself was therefore an infringing copy of the works.

Crucially, the court was not considering whether copyright was infringed during the training process of Stable Diffusion, as those claims were not pursued to trial by Getty due to a lack of evidence of training having been taken place in the UK. Instead, the High Court decided on the much narrower issue of whether the trained Stable Diffusion model is itself an “infringing copy” of the copyright works trained on. If the model was an infringing copy, under secondary copyright infringement law, its import into the UK would have infringed Getty’s copyright, even though the model had not been trained in the UK.

The High Court’s decision came down to the way in which Stable Diffusion was trained, and the relationship between the model and its training data. Stable Diffusion is a diffusion model, meaning its model weights are numerical parameters learned from training, not stored or compressed copies of its training data. The model does not contain any of Getty’s copyright images in any form whatsoever – and never has done – even though it may have been exposed to them during training. Getty’s secondary copyright claim failed as a result.

Although Getty lost its secondary copyright infringement claim, this was a highly fact-specific decision which related to this model of Stable Diffusion only. The High Court stressed this in its decision. Although it may be true that an “AI model which does not store or reproduce any copyright works (and has never done so) is not an “infringing copy””, this leaves the door open for an AI model that does store or reproduce copyright works (or has done so at some point) being found to be an infringing copy of its training data. Other model architectures that retain or reproduce their training data verbatim – which is more common for text models than image models like Stable Diffusion – may still be deemed infringing copies. In addition, there is scope for argument on whether a more liberal interpretation of what is an infringing copy should be adopted: in circumstances where the model has extracted the value and intellectual creation of copyright works, and in a manner that was not envisaged when the legislation was passed, why is this not reproduction of the underlying intellectual creation?

Further, as Getty dropped its training claims at trial, the UK courts are yet to decide on whether the training of AI models using copyright works in the UK infringes copyright. That question will need to be decided in a future claim involving an AI model that was trained (or at least partially trained) in the UK. 

On the trade mark infringement claim, the court made a limited finding of trade mark infringement where early model versions of Stable Diffusion produced outputs with Getty-style watermarks.

If you’d like to speak to a member of the team about any of the issues raised by the judgment, please reach out to one of our AI experts.

Safeguarding your business in the wake of the ChatGPT share breach

Posted on by Julia Krol

In today’s fast-paced digital landscape, businesses are increasingly leveraging Artificial Intelligence (AI) tools such as OpenAI’s ChatGPT to streamline operations.

However, recent developments surrounding the now-discontinued “share” feature of ChatGPT should serve as a critical reminder of the importance of robust data governance and proactive measures to safeguard sensitive information, such as personal data and confidential business information.

What happened?

OpenAI recently faced scrutiny after its “share” feature in ChatGPT appeared to inadvertently expose private conversations to public search engines such as Google. While the feature allowed users to share chat links, discrepancies in the user interface and terms across platforms (e.g., Web, iOS, Android) led to confusion over whether shared chats were private or publicly discoverable. Although OpenAI has since removed the feature and requested the removal of indexed links from search engines stating it was a “short-lived experiment”, researchers have alleged that over 100,000 conversations, many containing personal data, were archived and remain accessible in some instances.

At the time of writing, it is also reported that chats from X.com’s “Grok” platform have been exposed online, highlighting a common risk within the industry.

Why it matters to your business

This issue underscores the risks associated with using AI tools and highlights potential vulnerabilities that could expose sensitive company or client data. For businesses, the key takeaways are:

  • Personal data: Conversations shared through AI platforms may include personal data about your employees, customers or clients. There are several data protection compliance issues that must be considered prior to sharing personal data with AI platforms from meeting transparency requirements via privacy policies to carrying out supplier due diligence on your data processing agreements with AI platforms.
  • Confidential information: As with personal data, conversations can be shared through AI platforms about your internal strategy, or intellectual property. Once shared outside of your business, such information can be challenging to remove entirely.
  • Reputational damage: Data leaks can severely impact your brand’s reputation, erode client trust, and lead to loss of business.
  • Regulatory implications: Mishandling of sensitive data could result in non-compliance with data protection laws such as the UK GDPR, leading to fines and legal challenges. Such fines can be up to £17.5m or 4% of your annual turnover (whichever the greater).
  • Legal claims: Clients or other individuals whose data is exposed may bring legal claims for breach of contract, breach of confidence, privacy or their data protection rights, and complain to the data protection regulator. Some larger data breaches have also attracted attempts to start ‘class-action’ claims.

What should you do?

If your organisation uses AI tools such as OpenAI’s ChatGPT, now is the time to review and strengthen your policies and practices. Below are some actionable steps to consider:

1. Implement an AI usage policy

If you haven’t already, establish a clear AI usage policy within your organisation. This should cover:

  • Approved AI tools and platforms
  • Guidelines on the type of information that can be inputted into AI systems
  • Specific processes for sharing data generated by AI tools

2. Train employees

Educate employees on the risks of using AI tools and ensure they understand how to use these platforms responsibly. Emphasise the importance of avoiding inputting personal data or confidential data into AI systems.

3. Conduct data audits

Review your organisation’s use of AI tools to identify any potential exposure of data. If you suspect that data may have been shared via ChatGPT’s “Share” feature, investigate whether these links have been indexed and take immediate steps to request their removal.

4. Monitor evolving AI risks

AI technology evolves rapidly, and so do its associated risks. Stay updated on developments in the AI space, including how tools such as ChatGPT handle data and privacy.

5. Seek legal support

If your business is impacted by the ChatGPT share breach or similar issues, legal advice can help you assess your exposure, address potential liabilities, and implement stronger safeguards.

How we can help

We understand the complex intersection of technology, data, and the law. Our team of experts can assist you with:

  • Drafting and implementing AI usage policies tailored to your business
  • Conducting data audits to assess your organisation’s risk exposure
  • Advising on regulatory compliance and potential liabilities
  • Supporting you with incident response and remediation in the event of a data breach, regulatory involvement, and legal claims

If you have any questions about how the OpenAI ChatGPT share breach might affect your business or need assistance in implementing preventative measures, please don’t hesitate to contact one of our specialists.

Court of Appeal decision in digital transformation case

Posted on by Julia Krol

The Court of Appeal recently held that a customer who instructed a supplier to provide digital transformation services was not entitled to delay payments (liquidated damages) of c. £1.6m.

This is because the prompt issuing of a “non-conformance report” by the customer was said to be a condition precedent to the customer receiving delay payments, and no such report was promptly issued. The Court reached this result notwithstanding the term “condition precedent” not being used in the contract.

The relevant provision provided that:

“6.1. If a Deliverable does not satisfy the Acceptance Test Success Criteria and/or a Milestone is not Achieved due to the CONTRACTOR’s Default, the AUTHORITY shall promptly issue a Non-conformance Report to the CONTRACTOR … The AUTHORITY will then have the options set out in clause 6.2.”

“6.2 the AUTHORITY may at its discretion … choose to … require the payment of Delay Payments…”

The Court of Appeal reached this decision because:

  1. It is not necessary for the term “condition precedent” to be used if the contract clearly provides that the relief is conditional on a requirement.
  2. The “if .., then ..” structure in the clauses was clearly conditional and without the non-conformance report, the clauses would not operate properly.
  3. It is not necessary for the deadline for the condition precedent to be expressed as a precise time period – “promptly” is sufficient.

The case shows that both contract drafters and litigators must pay close attention to remedies provisions to ensure that conditions precedent are not inadvertently included and are fully complied with.

The case can be found here: Disclosure and Barring Service v Tata Consultancy Services Ltd [2025] EWCA Civ 380.

Introduction of the Arbitration Act 2025

Posted on by Julia Krol

The Arbitration Act 2025 (the AA 2025), which amends the previous arbitration regime under the Arbitration Act 1996 (the AA 1996), received Royal Assent on 24 February 2025.

The AA 2025 introduces a number of refinements to the arbitration regime in England and Wales but the key aspects to note are as follows:

  • The changes which the AA 2025 introduces will apply to all arbitral proceedings seated in England and Wales commenced after the Act comes into force (subject to certain transitional provisions). This is irrespective of when the relevant arbitration agreement was entered into and will therefore apply to agreements pre-dating the AA 2025.
  • The AA 2025 clarifies the position regarding choice of law. The previous position at common law engaged various issues of contractual interpretation, whereas the AA 2025 provides that the governing law for the arbitration will be determined by its seat (absent express agreement to the contrary). The introduction of this amendment is to be welcomed as it clarifies the position and should reduce potentially costly satellite litigation, such as last year’s judgment in UniCredit Bank GmbH v RusChemAlliance LLC.
  • The AA 2025 codifies the common law duty of impartiality for arbitrators, both prior to and after the commencement of arbitral proceedings. As part of this duty, arbitrators are required to disclose circumstances which “might reasonably give rise to justifiable doubts as to the [arbitrator’s] impartiality”. It is notable that this duty of disclosure is slightly wider than under the common law regime and requires arbitrators to disclose circumstances of which they “ought reasonably” to be aware (rather than just circumstances within their actual knowledge).
  • Subject to the parties’ agreement to the contrary, arbitrators are given the express power to determine issues with no real prospect of success on a summary basis. This will enable the efficient disposal of unmeritorious claims or defences and has the potential to save substantial time and costs for parties.
  • The position of emergency arbitrators is strengthened by providing them with the same means as regular arbitrators to make peremptory orders and give parties permission to apply for a Court order. This should increase confidence in emergency arbitrators and encourage compliance with their decisions.

The AA 2025’s refinements to the arbitral process are designed to streamline arbitral proceedings and ensure that London remains one of the leading forums for arbitrations. Its introduction is to be welcomed.

Authors:

Lizzie Williams, partner

Dennis Brunner, senior associate

COURT OF APPEAL VERDICT IN EXCLUSION CLAUSE DISPUTE

Posted on by Deborah King

In February 2025 the Court of Appeal (by a 2:1 majority) dismissed an appeal brought by EE against Virgin Mobile in relation to a significant claim arising out of a telecommunications supply agreement.

The Court of Appeal agreed with the first instance decision that the exclusion clause excluded EE’s entire £24.6m loss of profit claim against Virgin Mobile.

EE claimed that it had suffered loss and damage in the amount of £24.6m as a result of Virgin Mobile breaching an exclusivity obligation in the telecommunications supply agreement, because EE had lost the revenue that it would have received from Virgin Mobile under the terms of the agreement had the exclusivity obligation not been breached.

Virgin Mobile denied breaching the agreement as alleged but argued that, in any event, EE’s claim was precluded because it was, in substance, a claim for anticipated profits. It therefore fell within the scope of the exclusion clause in the agreement which provided that “Neither Party shall be liable to the other in respect of … anticipated profits”.

EE argued that this interpretation could not be correct because (amongst other things), on the facts which occurred, EE did not have a wasted expenditure claim or a good argument for an injunction, so excluding the loss of profits claim would leave EE without an effective remedy, creating commercial absurdity and defeating the main purpose of the agreement.

The majority of the Court of Appeal rejected this argument because the specific facts which occurred, where no alternative remedy was viable, were not known to the parties when they entered into the agreement and therefore should not affect its interpretation. It was held that, applying the proper legal principles, the exclusion clause did preclude EE’s entire claim.

However, the Court of Appeal did not reach this conclusion easily, and indeed Phillips LJ dissented, noting that “it would be surprising if the parties intended that [Virgin Media] could breach the key exclusivity provision, unlawfully diverting its customers to a third party supplier, without incurring liability to pay EE damages reflecting the loss of revenue resulting from that breach”.

This case provides a further example of the unpredictability of the interpretation of exclusion clauses and the importance of clear, future-proof, contract drafting.