As we arrive at another year end, the commercial services team here at Brodies has taken the opportunity to take a look back at the legal developments in 2024. What were the ones that we thought were noteworthy, which predictions at the start of the year did we get right, and which (if any) were wide of the mark?
As in previous years, we plan to issue a second companion piece in early January with some thoughts on what we expect to happen in 2025. Meantime, however, back to 2024.
1. CrowdStrike IT outage – On 19 July, the cybersecurity firm CrowdStrike released a faulty update to its Falcon Sensor software, causing approximately 8.5 million Microsoft Windows systems to crash and enter reboot loops. This was an unprecedented IT outage, and caused global disruption across various sectors including airlines, healthcare and banking. At the busiest time of the year, airports ground to a halt leaving many passengers stranded. In the aftermath of the outage, multiple legal actions have been initiated against the cybersecurity firm. The incident highlights the potential business losses that can be caused when IT and cybersecurity systems are compromised, not only for the IT service provider but for their customers. It is a cautionary tale for those seeking any form of IT system product or a service to ensure that (i) liability caps in terms and conditions are appropriate to ensure that a customer can reclaim its losses against a supplier in the event of a full outage of services, especially if that service is business critical; and (ii) all parties should ensure that their insurance policies adequately cover losses caused by outage of business critical IT services.
2. Digital Markets, Competition and Consumers Act ("DMCCA") – At the beginning of the year, we flagged that the DMCCA would be one of the key developments in consumer law in 2024 by both strengthening the enforcement of consumer protection law and introducing new consumer rights. The DMCCA received Royal Assent in May and marked a significant overhaul in the regulation of consumer protection. The Act introduced a new UK competition and merger rules, which we covered in a webinar in November which can be accessed here. From a consumer law perspective, the DMCCA enhances consumer protection by addressing unfair practices such as subscription traps, fake reviews and drip pricing. More recently, the government has opened a consultation on implementing the new subscription contracts regime. The consultation is open until 10 February 2025, and we will be looking at this in further detail in our 2025 companion blog in a few weeks' time.
3. Artificial Intelligence: the European Union's Artificial Intelligence Act ("AI Act") – In March, the European Parliament approved the AI Act, the world's first comprehensive law regulating AI. In contrast to the UK approach, the EU has taken a risk-based approach in relation to the application and scope of the AI Act by allocating specific risk strategies to each kind of AI system. The Act defines four levels of risk for AI systems: unacceptable, high, limited, and minimal / no risk. Our team have taken an in depth look at this new EU approach in comparison to the UK approach, as well as highlighting the key features of the AI Act. The AI Act will become applicable to Member States under a gradual phased approach - becoming fully applicable 24 months after enactment – and in the meantime we expect significant guidance in 2025 from the European Commission and the EU AI Office to put flesh on some of the bones of the Act.
4. Skykick v Sky – from an IP perspective, the landmark case of the year was the Supreme Court ruling in the ongoing saga between Sky and SkyKick over potential bad faith registration of Sky's trade marks. In the judgment published in November, the Supreme Court found that Sky had acted in bad faith by registering trade marks for a broad range of goods and services without any genuine intention to use the marks for many of those registered. The Court emphasised that overly broad specifications, especially those including general terms such as "computer software" or "telecommunications" are susceptible to challenges of bad faith. The utilisation of such broad claims, without evidence of an intent to use them, may be seen as an attempt to monopolise the market unfairly. The ruling has significant implications for brand owners and their trade mark filing strategies. Great care should be taken to ensure that trade mark specifications reflect all goods and services currently used or those which are realistically intended to be used in connection with the trade mark they are registered against. For a further discussion of this case, as well as other important IP cases of the year, please see our more detailed reflections on the IP year in review here.
5. Automated Vehicles Act 2024 ("AVA") – The AVA was passed by Parliament this summer, and it provides a new comprehensive strategy and plan for Automated Vehicles to be introduced to the UK's roads as early as 2026. The AVA is a piece of framework legislation focussed on establishing the key principles, powers and standards for regulating Automated Vehicles, whilst leaving most of the finer details of the regulation to secondary legislation, which will likely be the subject of government consultation of key industry stakeholders. For a more detailed review of the legislation and what manufacturers, suppliers, insurers and the general public should be aware of, please see our post: Self-driving cars on UK roads by 2026? Automated Vehicles Act 2024.
6. Force majeure clauses – this year, the Supreme Court provided critical clarity on the use of "reasonable endeavours" in force majeure clauses, emphasising that it will not compel parties to accept non-contractual performance. The case centred around a force majeure clause which was triggered by US government sanctions affecting the charterer of a ship, impeding its ability to satisfy the contractual requirement to pay the shipowner in US dollars for the monthly shipments it was making from Conakry in Guinea to Dneprobugksy in Ukraine. Under the contract the charterer was required to exercise reasonable endeavours to overcome the force majeure event. The charterer proposed a practical (and non-contractual) solution to pay in euros, which was rejected by the shipowner. The Supreme Court sided with the shipowner and highlighted (among other points) the parties' freedom to contract, including their autonomy to set terms and reject non-contractual performance. The judgment provides vital clarification for businesses navigating force majeure clauses and underscores the importance of clear, predictable contract terms.
7. Government change – finally, some of our predictions from the beginning of the year have been impacted by the change of Government in July, notably the Data Protection and Digital Information Bill (the "DPDI Bill"). We reported at the start of this year that the DPDI bill aimed to make Data Protection regulation less onerous whilst also seeking to maintain data protection standards at the level set by the EU GDPR (so as not to jeopardise the EU's adequacy finding for the UK). The DPDI bill failed to make it through parliament before the General Election and fell away. The new Labour government has proposed a new Bill – the Data (Use and Access) Bill - which received its first reading in the House of Lords on 23 October 2024. It remains to be seen how the legislation will progress, and whether it will be substantially amended as it goes through Parliament. We will pick this Bill up in our 2025 companion blog and (no doubt) on various occasions through the year as the legislative process progresses.
If you would like to discuss anything raised in this blog in more detail, please get in touch with a member of the corporate and commercial team or your usual Brodies contact.
In the meantime though, a Merry Christmas to you all and best wishes for 2025 when it comes. We'll see you on the other side!
Contributors
Partner
Partner
Partner
Partner
Partner
Solicitor
