Legal Updates
Changes to the Commercial Agents (Council Directive) Regulations 1993
We previously reported on the proposed changes to the Commercial Agents (Council Directive) Regulations 1993 (the “Regulations”) which apply to agency arrangements, introducers, marketing agents, purchasing agents and sales agents, their purpose is to provide consistent protection for agents.
The Government had stated that deregulation would simplify the legislative framework in the UK and allow businesses to enter arrangements more easily. Industry opinions on its proposals were requested, with the consultation including a prescribed set of questions which it is asking participants to review and respond to.
Following the consultation, the Government have confirmed the Regulations are to remain in force unamended.
How could it impact your business?
Whilst the consultation responses from commercial agents and principles were polarised, the overall view was that the Regulations work well for commercial agents and are well understood. Some principles argued that the Regulations impaired their ability to freely negotiate. However, whilst the concerns were acknowledged, they were not found to be reason enough for deregulation.
What steps should you take?
If a business has delayed in entering agency agreements, or put in place interim arrangements such as a short-fixed term contract or building in suitable termination rights, it should review these termination rights and/or proceed to formalised its agency agreement as normal.
Digital Markets: what does the DMCC mean for customers and competitors of big tech platforms?
The Digital markets sections of the Digital Markets, Competition and Consumers Act (DMCC) came into force on the 1 January 2025. Two weeks later, the Competition and Markets Authority (CMA) launched its first investigation under its digital markets powers, focusing on Google’s search and search advertising activities. The second investigation came hot on the heels of the first (this time into both Google and Apple for mobile ecosystems), with a third (most likely into cloud services) expected late this year.
This new regime brings opportunity for challengers and customers of big tech companies to have their voices heard and shape the evolution of digital regulation by engaging in SMS investigations.
How could it impact your business?
The DMCC, unlike the DMA, is built upon flexibility. Rather than imposing a uniform set of requirements, the DMCC instead features a consultative process where the regulator liaises with entities that are subject to designation (known as firms having Strategic Market Status “SMS”) and engages in public consultation to formulate a bespoke set of conduct requirements, which aim to target market distorting pinch-points in relation to a specific digital activity.
Whilst conduct requirements must fall into one of the 13 permitted types outlined by the DMCC, the drafting on these permitted types is deliberately broad and leaves substantial room for interpretation. Key examples include:
-
Trading on fair and reasonable terms (without providing a definition for what may be considered fair or reasonable);
-
Preventing the designated entity from carrying on activities other than the relevant digital activity in a way that is likely to materially increase the undertaking’s market power; an
-
Preventing the unfair use of data.
As the conduct requirements in the CMA’s arsenal are extensive and broad ranging, challengers to these entities are presented with a real opportunity to shape the regulation of the dominant entity active in their marketplace. Similarly, customers of tech giants (read: most businesses), interest groups, and trade associations are able to feed into the consultative process to somewhat level the playing field.
Public Consultations and CMA Engagement
As set out above, when deciding whether to designate an entity, the CMA will engage in an information gathering exercise, utilising both mandatory and voluntary information gathering procedures. For entities that receive direct contact from the CMA, responding to information requests is mandatory and parties should seek advice on how best to frame any responses to the CMA, including in relation to confidentiality. Failure to respond may result in significant fines. Whilst organisations may be apprehensive about the contents of submissions to the CMA, with appropriate advice these submissions can be a strategic tool to ensure effective regulation of competitors. For example, Google recently took aim at Microsoft for its anti-competitive practices in the cloud market which has undoubtedly boosted the profile of the CMAs market-wide investigation of the cloud market and will be pivotal in the regulation of this rapidly evolving market. Moreover, for entities at risk of designation in the future, the request for information provides parties with the ability to feed into the regulation process, setting important precedent for future designations.
In addition to mandatory requests for information, the CMA also published an invitation to comment, allowing any third parties to make submissions to the CMA regarding a designation decision and any associated conduct requirements. Whilst these processes are voluntary, they are a useful opportunity for customers and other third parties to engage with the regulator on their experiences dealing with a designated entity. However, organisations must act fast as designation investigations are fast-moving and parties often only have a few weeks to draft and submit responses.
In addition to reactive measures in response to CMA investigations, the CMA has openly welcomed submissions from third parties seeking to invite the CMA to examine a potential SMS in the marketplace. For challengers, this represents a unique opportunity to invite the CMA to consider designating a key competitor.
Private Enforcement
As the regime matures, we will likely see both public and private enforcement actions in relation to the digital markets regime. In the private enforcement sphere, we can expect to see more typical follow-on actions for damages once the CMA has found an infringement. Such actions do not require the claimant to prove the fault of the SMS firm and instead focusses solely on the loss suffered by the claimant.
The UK has also experienced a boom in stand-alone actions in the private enforcement sphere over the last decade and this enthusiasm is only set to increase with the introduction of the digital regulation regime. Stand-alone actions allow those impacted by alleged infringements of conduct requirements to secure compensation without being restricted by the resource restrictions associated with public enforcement.
What steps should you take?
Customers and challengers alike should keep a close eye on the evolution of the digital regulation regime under the CMA. The introduction of the DMCC is a watershed moment for competition law, and entities engaging with the regime have an invaluable opportunity to shape the direction of travel. Failure to actively engage in the regime, leaving larger organisations to respond, risks the regime evolving in favour of those same organisations.
Companies House postponement of ACSP verification service
Companies House has postponed the launch of the service for individuals or organisations to register as an Authorised Corporate Service Provider (ACSP) with no new date for the service being confirmed. The service was meant to be rolled out to those who undertake anti-money laundering supervised activity, such as company formation agents, solicitors and accountants on 25 February 2025.
Under The Economic Crime and Corporate Transparency Act 2023 all new and existing company directors, individuals and relevant legal entities who hold significant control over a company (e.g. those who own more than 25% of shares or voting rights) (PSCs) will eventually need to verify their identity at Companies House. The verification process and requirements will be rolled out in stages and undertaken by either Companies House or an ACSP.
How could it impact your business?
The impact of this is that potential ACSP’s cannot start the application process, throwing into doubt whether they will be able to perform the verification checks for directors and PSCs come 25 March 2025, which is the date whereby voluntary verification will be possible. This also raises questions over if the voluntary verification process for directors and PSCs will be launched as planned.
What steps should you take?
Due to the lack of clarity over timings from Companies House it is not known what effect this postponement will have on the overall implementation of the verification process. However, there is no need for panic. The compulsory verification of new directors and PSCs is not planned until autumn 2025 and therefore there is still plenty of time for resolution and clarity to be sought.
At present Companies House has confirmed:
-
From 25 March 2025, individuals will be able to voluntarily verify their identity directly with Companies House or an ACSP;
-
In autumn 2025, the identity verification will become mandatory for all directors and PSCs on new incorporations; and
-
From autumn 2025, a 12-month transition period will begin for directors and PSCs of existing companies to complete the process.
Changes to the ICO’s data protection fee
Most UK businesses are required to pay an annual data protection fee to the Information Commissioner’s Office (ICO), the UK’s data protection regulator. The fee payable depends on the size of your organisation. With effect from 17 February 2025, the fees have increased to the following:
-
Tier 1: Micro organisations (with a maximum turnover of £632,000, or no more than 10 members of staff) = £52
-
Tier 2: Small and medium organisations (with a maximum turnover of £36 million, or no more than 250 members of staff) = £78
-
Tier 3: Large organisations (who do not meet the criteria for tier 1 or 2) = £3,763
This is an increase of around 30% and follows a consultation led by the Department for Science, Innovation and Technology last year.
How could it impact your business?
In light of the new fee structure, it would be prudent for all businesses to check that they are up to date with their data protection registration and that they are paying the correct fee for the size of their business.
The ICO offers a self-assessment tool to help you work out whether a data protection fee is payable (there are some limited exceptions) and what the relevant fee is. The easiest way to pay is by direct debit and this method attracts a £5 discount.
What steps should you take?
You can check whether your business is up-to-date with registration and payment of the data protection fee by downloading your registration certificate here. For businesses who have already registered and paid under the old fee structure prior to 17 February 2025, no further action is required and the new fee is applicable only from the next renewal.
It is illegal not to pay the data protection fee if you are required to do so, and the maximum penalty is a £4,350 fine.
Of course, payment of the data protection fee is only one small aspect of data protection compliance and there are lots of other requirements to consider. We recommend that businesses review their policies and practices at least annually to ensure that they remain up-to-date with the latest guidance and requirements, so this is perhaps also a timely reminder to think about doing a spring clean of your data protection compliance regime.
EU Omnibus Regulation
The EU is expected to streamline its package of EU sustainability laws, including the Corporate Sustainability Reporting Directive (CSRD), the Corporate Sustainability Due Diligence Directive (CS3D) and the EU Taxonomy, into a single omnibus regulation (Omnibus ESG Regulation). However, the package which was due for publication on 26 February 2025 has been delayed until at least March 2025.
How could it impact your business?
The Omnibus ESG Regulation is a key strand in the Competitiveness Compass initiative and aims to simplify the current EU sustainability laws which apply to businesses both within and outside the EU by consolidating reporting requirements, guiding businesses and investors towards green initiatives and providing a framework for sustainable supply chain practices – all whilst supporting businesses in their efforts to meet sustainability targets, increase competitiveness and drive growth. However, there is uncertainty as to exactly what the package will do or whether the EU Parliament / Council will look to supplement the CSRD, CS3D or EU Taxonomy by proposing wider amendments to the Omnibus ESG Regulation.
Businesses may therefore face an unexpected increase in the cost of compliance whilst trying to develop sustainable business practices, alongside the increasing litigation risk in respect of supply chain transparency, green claims and general ESG matters whether from consumers, external stakeholders or investors. However, should the EU instead seek to reduce the compliance burden imposed by the current regulations subject to consolidation under the Omnibus Regulation, businesses could see less stringent compliance requirements; potentially undermining businesses’ efforts at combatting climate change through sustainable practices.
What steps should you take?
The Omnibus Regulation could be good news for small and medium companies (SMEs). It is heavily inspired by the findings of the Draghi report on the “Future of European Competitiveness”, and the wider goal of reducing the reporting burden on all companies by at least 25%, and at least 35% for SMEs. Whilst the exact contents of the Omnibus Regulation remain unknown at this stage, these indications suggest reporting obligations may become less burdensome, and organisations such as SME United are pushing hard for a standardised approach to SMEs to avoid larger organisations trying to push the compliance burden down the supply chain.
In the meantime, businesses should review their current obligations under the CSRD, CS3D and EU Taxonomy to determine their current obligations, and consider their views on these obligations in advance of any consultation.
Minimum Energy Efficiency Standards
The Minimum Energy Efficiency Regulations (MEEs) remains very topical for businesses and Government. By way of recap, the UK Government wants to achieve net zero by 2050. As of 1 January 2025, that gives us 25 years to get there.
Energy Performance Certificates were first introduced in 2007. That enshrined ratings from “A” (Excellent) to “G” (Bad). In 2018, some 11 years after their introduction, minimum standard began to be introduced. Ther law made it clear that you could not sell or let a property (unless exempt) below the required standard of “E”.
Since April 2023, the legal requirement for commercial property is that it must achieve at least an EPC “E” rating in all circumstances to be sold or let. However, further changes to the MEES regulations are expected over the coming decade as follows:
-
In 2025, the minimum standard is expected to rise to an EPC band D
-
In 2027, the minimum standard is expected to rise to an EPC band C
-
In 2030, the minimum standard is expected to rise to an EPC band B
How could it impact your business?
In our view, given that it has taken the best part of 7 years to shift from an “E” rating to a “D” rating as the minimum standard, the jump of three further rungs in the next five years does seem ambitious. This view is shared by The Royal Institution of Chartered Surveyors (RICS) who have said that they are concerned by the pace of chance, commenting that “without action, there is a risk that up to 50% of commercial buildings could be stranded by 2035”.
However, businesses are advised to consider the worst case scenario as, if you do not take the appropriate steps, the local authority (quaintly via their Weight and Measures division) may impose a penalty on the property if it is sold or let without the correct EPC rating. This is based on the rateable value of the property and can result in a fine of between £10,000 and £150,000 per breach. Naturally this would need to be disclosed on any sale of the property and its very presence may deter prospective buyers, so any owner would be well advised to steer well clear of it.
Banks are also becoming increasingly alive to EPC requirements and often insist that property owners upgrade their portfolios to higher ratings than required by legislation in order to future proof the portfolio. This will ensure compliance with the green credentials that many banks aspire to, as well as protecting against any value deterioration on account of energy performance.
What steps should you take?
The starting point is to look at the Recommendation Report that is attached to your Energy Performance Certificate and take on the advice of a good energy consultant.
You then need to ask where the property is inefficient in its energy use? Doors and windows are a common culprit in energy leaching. Single to double glaze windows and better insulated doors can provide rapid results. Energy efficient cladding should make a distinct difference to an energy rating, however it will come at a cost.
The next task is to reduce your consumed “carbon generated” energy. Electronic controls on heating apparatus are often a savvy investment. Whilst air source heat pumps have been seen by many as a panacea in that they use lower carbon energy sources (electricity as opposed to gas), the sheer cost of upgrading all associated heating infrastructure and pipework has rendered them prohibitive on some retrofits. Another approach is simply to remove the heating or air conditioning apparatus. It is the case often in industrial sheds that heating apparatus is not required for the processes undertaken there and air conditioning is a luxury as opposed to an essential item in a good number of buildings. Reduction of energy hungry apparatus remains a legitimate way of improving an adverse rating.
Linked to the above, solar panels and wind turbines are attractive things to consider. The cost of solar panels has come down exponentially in the past decade and whilst feed in tariffs have not been available for many years, the payback is relatively short. Wind turbines saw a softening of Government approach in 2024, however they remain expensive and are unloved by much of the public due to the noise they generate and perceived visual impact.
Please be advised that these are selected updates which we think may be of relevance to Euroclear’s UK business (excluding those areas where you have specifically expressed that no updates are needed, including financial services and employment commentary). The list is not intended to be exhaustive and whilst naturally we take every care in putting together our monthly Horizon Scanning updates, our articles should not be considered a substitute for obtaining proper legal advice on key issues which your business may face.