Insights

On November 12, 2025, Judge King in the U.S. District Court for the Western District of Washington granted in part Haldiram India Ltd.’s (“Plaintiff” or “Haldiram”) motion for a preliminary injunction against Punjab Trading, Inc. (“Defendant” or “Punjab Trading”), a seller alleged to be importing and distributing gray market snack food products not authorized for sale in the United States. The court found that Haldiram was likely to succeed on the merits of its trademark infringement claim because the products at issue, which were intended for sale in India, were materially different from the versions intended for sale in the U.S., and for this reason were not genuine products when sold in the U.S. Although the court narrowed certain overbroad provisions in the requested order, it ultimately enjoined Punjab Trading from importing, selling, or assisting others in selling the non-genuine Haldiram products in the U.S. market.

Major changes have been proposed to EU AI, data and wider digital laws. On 19th November 2025, the European Union Commission issued its much anticipated Digital Omnibus Regulation Proposal, (the “Digital Omnibus”) and also its Digital Omnibus on AI Regulation Proposal, (the “AI Omnibus”). The mooted changes potentially impact the “Brussels effect” seen post GDPR and add potential complexities to the compliance efforts of businesses.

President Trump is preparing to sign an Executive Order that would seek to forestall state regulation of artificial intelligence (AI) by threatening federal lawsuits and the withholding of some federal funds. The draft, unsigned six-page Executive Order, “Eliminating State Law Obstruction of National AI Policy” (EO), the text of which has been circulating publicly since November 19, would declare it the policy of the Administration “to sustain and enhance America’s global AI dominance through a minimally burdensome, uniform national policy framework for AI.”

On 12 November, the highly anticipated Cyber Security and Resilience (Network and Information Systems) Bill (“Bill”) was introduced to Parliament, representing a significant expansion and modernisation of the UK’s cyber security rules. Building on the foundation set by the Network & Information Systems Regulations 2018 (“NIS”), the Bill aims to enhance national security and safeguard essential services. The Department for Science, Innovation and Technology (“DSIT”) has published a policy paper detailing the Bill’s objectives.

The UK’s cyber threat landscape continues to evolve, with the rapid emergence of new technologies introducing novel risks across all sectors and attacks escalating in frequency and sophistication. Regulatory bodies and the UK Government have intensified their focus on cyber security and resilience, as evidenced by the latest National Cyber Security Centre (NCSC) 2025 annual review (Review) and the proposed UK Cyber Security and Resilience Bill (Bill), alongside recent developments in ransomware regulation.

The United States, European Union, and United Kingdom have significantly escalated Russia-related sanctions the past month, including the Trump Administration’s first sanctions directly imposed on Russia. These coordinated actions—which particularly target the Russian energy sector—indicate that Russia sanctions remain on the geopolitical agenda and require multinational companies to remain vigilant in their compliance with those sanctions.

Researchers have identified a new wave of cybersecurity attacks against European drone makers by the Lazarus Group, a well-known and sophisticated threat actor group, allegedly sponsored by the North Korean government.

The Economic Crime and Corporate Transparency Act 2023 (ECCTA) brings major changes to UK company law and the operation of Companies House. Whether you are a UK business, an LLP, or an international organisation with UK operations, these reforms will affect your compliance obligations and the way you manage company records. The ECCTA aims to strengthen the UK’s response to corporate and economic crime by improving transparency and accountability across all entities registered or operating in the UK.

The UK’s increased defence spending and zero-tariff trade on aircraft parts with the US is generating broad interest in the UK defence sector.

Last year, the California General Assembly passed the California AI Transparency Act (CAITA), which Governor Gavin Newsom signed into law on September 19, 2024, and goes into effect on January 1, 2026. This may change because this year, the same General Assembly passed AB 853, an amendment to CAITA with potentially far-reaching implications.

On 18 September, during the anticipated state visit, the leaders of the UK and the US signed the Technology Prosperity Deal, which promises to boost investment and cooperation to foster innovation, security, and economic prosperity. This is being lauded in the UK as a hugely significant milestone in transatlantic cooperation. The governments of both countries have released a Memorandum of Understanding (“Memo”) which covers a number of ambitious plans in strategic science and technology fields, including artificial intelligence (“AI”), nuclear energy, fusion, and quantum technologies.

On August 28, 2025, France, Germany, and the UK (the E3) initiated the process to reinstate (or snapback) UN sanctions on Iran. The snapback mechanism (which was set to expire on October 18, 2025) is outlined in UN Security Council Resolution 2231 (UNSCR 2231).

A charity will be in scope of the new failure to prevent fraud offence if they meet two of the three following criteria:

On 8 August, the UK Department for Science, Innovation & Technology (“DSIT”) published a report titled “Emerging technologies and their effect on cyber security” (the “Report”). It examines how the convergence of AI, IoT, Quantum, Edge Computing, Blockchain and other emerging technologies is transforming the cyber threat landscape. We’ve summarised below some of their key findings and takeaways. In the pursuit of growth and efficiencies many companies are considering how to adopt emerging technology into their operational processes, and the Report provides a useful guide as to emerging cyber risks and where the UK Government’s attention is focused as it launches the Cyber Resilience Bill later this year.

On 1 August 2025, the UK’s Arbitration Act 2025 (the “Act”) came into force. It applies to arbitrations and arbitration-related court proceedings commenced on or after that date and reinforces London’s status as a leading hub for international arbitration.

On 11 July 2025, the European Data Protection Supervisor, (“EDPS”), the independent supervisory authority, which oversees the processing of personal data by EU institutions, bodies, offices and agencies, (“EUIs”) confirmed that the European Commission, (“Commission”) has succeeded in bringing its use of Microsoft 365 within the requirements of applicable European data protection rules thanks to additional measures adopted by both the Commission and Microsoft.

The case of Jardine Strategic Limited v Oasis Investments II Master Fund Ltd and 80 others (No 2) (Bermuda) [2025] UKPC 34 addresses significant issues regarding shareholder rights and legal professional privilege in corporate transactions. In particular, the case concerned the Shareholder Rule. This was a principle shareholders relied on to prevent companies from asserting privilege over documents, thus requiring companies to hand privileged documents over to them. On 24 July 2025, the Privy Council unanimously held that the Shareholder Rule no longer applies. Although the case concerned the law of Bermuda, the Privy Council issued a declaration (known as a Willers v Joyce direction) that its decision is binding on English courts as well. In so doing, it overturned an aspect of English law in force for almost 140 years.

Ofcom, the UK’s communications and appointed online safety regulator, is following through on its commitment to protect children online. From 25 July 2025, Ofcom will enforce its Protection of Children Codes of Practice (the “Code”) under the Online Safety Act 2023 - a significant milestone for digital safety in the UK.

On 2 June 2025, the UK Government unveiled its 2025 Strategic Defence Review titled the “Plan for Change for Defence” (the “2025 SDR”), heralding it as the dawn of a new era in British defence and security. Hailed as a landmark by the Prime Minister, the 2025 SDR underscores the urgent need to address daily cyber threats and embrace the rapid evolution of technology that is reshaping the battlefield. It also emphasises both the necessity of and the opportunities that this approach affords to create a new partnership with industry and radically reform procurement, leading to the creation of a “defence dividend” of jobs, wealth and opportunity throughout the UK.

Ransomware attacks have escalated in frequency and sophistication, posing a significant threat to national security and critical national infrastructure (“CNI”). Cybersecurity has emerged as a core pillar of the UK’s national defence strategy, as set out in the recent Strategic Defence Review. The Government has recognised cyber as a crucial area for modern conflict. Ransomware attacks are a significant method of attack, as a form of cybercrime which involves malicious software encrypting data and a ransom demand for its restoration or to prevent its publication. The UK has experienced a notable rise in such incidents, including attacks on Synnovis (an NHS diagnostics service provider) and Southern Water (a water company providing water to a region of the UK), both in 2024.