Insights

The ICCU is poised to become one of the most significant international compensation mechanisms of this generation. Crowell & Moring has the experience to help with your claim.

In March 2026, the UK Information Commissioner (ICO) published guidance on the new lawful basis for processing personal data introduced by the Data (Use and Access) Act 2025 (DUAA): the recognised legitimate interest (RLI) lawful basis. Controllers may now rely upon one of five pre-approved conditions, each focused on specific public-interest justifications, for personal data processing.

The EU has adopted its 20th package of sanctions in connection with Russia's ongoing war against Ukraine, resolving a prolonged internal political deadlock that had been caused by vetoes from Hungary and Slovakia. The package amends Regulations 833/2014, 269/2014, and 765/2006 and the respective Council Decisions and Implementing Regulations. The texts entered into force on 24 April 2026. They are available through this link.

The UK’s Office of Financial Sanctions Implementation (OFSI) has published details of a £390,000 penalty it imposed on ADI, an Irish subsidiary of Apple Inc., on 19 March 2026. The penalty relates to two payments totalling approximately £635,000 made in 2022 to Okko LLC, a sanctioned Russian app developer, for App Store revenue. Although the underlying facts are relatively simple, there are several interesting takeaways from OFSI’s penalty notice.

At the European Patent Office (EPO), a recent referral of case T 873/24 from the Technical Board to the Enlarged Board of Appeal may clarify whether last summer’s decision in case G 1/24 on claim interpretation may be extended to the analysis of Added Subject-Matter. Already G 1/24 is impacting the assessment of patentability at the EPO, but should this referral be allowed, G 1/24’s effect on the assessment of added matter could result in a real shake up of the EPO’s notoriously strict assessment of support. Nonetheless, a review of how we got here highlights the value of late arguments during the EPO appeal process.

In a significant ruling on the application of data protection law in the United Kingdom, on 19 February 2026, the UK’s Court of Appeal (CA) ruled in favour of the UK Information Commissioner (ICO) in its appeal against the decision of the Upper Tribunal (UT) in the case of DSG Retail Ltd v The Information Commissioner [2026] EWCA Civ 140. This ruling clarifies the scope of data controllers’ security obligations with pseudonymised personal data and confirms that a controller’s duty to safeguard personal data is not diminished merely because a cyber attacker who exfiltrates that data would be unable to re-identify the individuals concerned.

On 12 March 2026, the USTR self-initiated Section 301(b) investigations against 60 of the United States' largest trading partners, including the United Kingdom. The investigations will examine whether each economy's acts, policies, and practices relating to the failure to impose and effectively enforce a ban on goods produced with forced labour are unreasonable or discriminatory and burden or restrict U.S. commerce.

[1] In a recent development, the UK Supreme Court ruled that Artificial Neural Networks (ANNs) are not excluded from patentability due to being a computer program “as such.” In doing so, the Court set out the framework of a new test for the UK Intellectual Property Office (IPO) to use when evaluating the patentability of computer. The ruling breaks down barriers to the patenting of AI algorithms in the UK and paves the way for a wider change in the UK IPO’s approach to assessing excluded subject matter.

In March 2026, the UK Government published its Fraud Strategy 2026–2029, part of a broader economic-crime policy package building on the Economic Crime Plan 2 (March 2023) and the Anti-Corruption Strategy, published in December 2025. The strategy's headline message for fraud victims is striking: do not wait for the state to act, but rather, seek redress from the court yourself.

On 26 February 2026, the EU published Directive (EU) 2026/470 (the Omnibus I Directive). Adopted as part of the European Commission's (Commission) simplification agenda and after a year of debates and negotiations between the Commission, the Council, and the European Parliament, this text effectuates far-reaching changes to both the Corporate Sustainability Reporting Directive (CSRD) and the Corporate Sustainability Due Diligence Directive (CS3D).

Clinical trial sponsors and all other stakeholders involved in conducting commercial clinical trials of investigational medicinal products (IMP) in the UK.

From 1 April 2026, a major new transparency requirement under the Procurement Act 2023 will take effect pursuant to the Procurement Act 2023 (Commencement No. 4) Regulations 2025.

The UK’s Office of Financial Sanctions Implementation (OFSI) has launched a call for evidence concerning the "ownership and control" test within UK financial sanctions. The call for evidence, running until 11:59 p.m. on 13 April 2026, seeks stakeholder views on the challenges and implementation of the "control" limb, with particular focus on its hypothetical element.

The UK Financial Conduct Authority (FCA) recently issued consultation paper CP26/5, proposing to replace the existing Task Force on Climate-related Financial Disclosures (TCFD) requirements with new rules mandating listed companies to report against the UK Sustainability Reporting Standards (UK SRS). These are based on the IFRS Sustainability Disclosure Standards developed by the International Sustainability Standards Board (ISSB).

The Pilot codifies the position at common law, set out by Lady Hale in Cape Intermediate Holdings Ltd v Dring [2019] UKSC 38, which permits the public the right of access to documents placed before a court and referenced in a public hearing[4]. This Pilot will apply to cases heard in the Commercial Court, the London Circuit Commercial Court (King’s Bench Division), and the Financial List (Commercial Court and Chancery Division)[5].

On November 4, 2025, the USPTO in Ex parte Desjardins designated as precedential an earlier Appeals Review Panel (ARP) decision overruling the Patent Trial and Appeal Board (Board), instead holding that claims directed to training a machine learning model are patent-eligible under 35 U.S.C. § 101 when they integrate a mathematical concept into a practical application that improves how the model operates. That precedential designation represents a material shift in legal precedent in the § 101 arena post-Alice, and it has already driven updates to the MPEP and examiner practice. As a result, Desjardins signals an adjustment in practice in favor of AI and software eligibility at the USPTO.

On November 12, 2025, Judge King in the U.S. District Court for the Western District of Washington granted in part Haldiram India Ltd.’s (“Plaintiff” or “Haldiram”) motion for a preliminary injunction against Punjab Trading, Inc. (“Defendant” or “Punjab Trading”), a seller alleged to be importing and distributing gray market snack food products not authorized for sale in the United States. The court found that Haldiram was likely to succeed on the merits of its trademark infringement claim because the products at issue, which were intended for sale in India, were materially different from the versions intended for sale in the U.S., and for this reason were not genuine products when sold in the U.S. Although the court narrowed certain overbroad provisions in the requested order, it ultimately enjoined Punjab Trading from importing, selling, or assisting others in selling the non-genuine Haldiram products in the U.S. market.

Major changes have been proposed to EU AI, data and wider digital laws. On 19th November 2025, the European Union Commission issued its much anticipated Digital Omnibus Regulation Proposal, (the “Digital Omnibus”) and also its Digital Omnibus on AI Regulation Proposal, (the “AI Omnibus”). The mooted changes potentially impact the “Brussels effect” seen post GDPR and add potential complexities to the compliance efforts of businesses.

President Trump is preparing to sign an Executive Order that would seek to forestall state regulation of artificial intelligence (AI) by threatening federal lawsuits and the withholding of some federal funds. The draft, unsigned six-page Executive Order, “Eliminating State Law Obstruction of National AI Policy” (EO), the text of which has been circulating publicly since November 19, would declare it the policy of the Administration “to sustain and enhance America’s global AI dominance through a minimally burdensome, uniform national policy framework for AI.”

On 12 November, the highly anticipated Cyber Security and Resilience (Network and Information Systems) Bill (“Bill”) was introduced to Parliament, representing a significant expansion and modernisation of the UK’s cyber security rules. Building on the foundation set by the Network & Information Systems Regulations 2018 (“NIS”), the Bill aims to enhance national security and safeguard essential services. The Department for Science, Innovation and Technology (“DSIT”) has published a policy paper detailing the Bill’s objectives.