EU AI Act

As is frequently the case with any topic vaguely related to AI, the EU AI Act (“the Act”) has received a significant amount of attention from lawyers and the general public alike.

The Act entered into force on the 1 August 2024, with most of its provisions coming into force on the 2 August 2026 and is the first piece of legislation in the EU specifically tackling AI across all sectors. The Act represents a turning point in AI regulation, with other jurisdictions expected to follow hot on the heels of the EU.

How could it impact your business?

The Act introduces a risk matrix for AI systems including AI carrying an unacceptable risk, high-risk AI and minimal risk AI. Each of these risk levels will be subject to differing rules and regulations, as outlined below.

Prohibited AI
Certain AI systems are considered to have a risk level that is considered unacceptable within the EU, including (but not limited to): AI systems which engage in cognitive behavioural manipulation of people or specific vulnerable groups; AI systems which seek to assign a social score to natural persons, or profile individuals on their propensity to engage in criminal behaviour based on behaviour, socio-economic status or other personal attributes; AI systems which engage in biometric identification and categorisation of individuals based on inferences in relation to sensitive attributes (e.g. political opinions, sexual orientation etc), and AI systems that allow for real–time remote biometric identification, including facial recognition in public spaces. As a result, such AI systems will be prohibited within the EU, save for very limited exemptions where such systems are used for law enforcement purposes.

High-Risk AI
Most of the provisions in the Act are concerned with the regulation of high-risk AI. An AI system will be considered high-risk AI where:

1. The AI system is intended to be used as a safety component of a product, or the AI system is itself a product, that falls under the EU’s product safety legislation, including toys, aviation, cars, medical devices and lifts; or

2. The AI system falls into the following categories or operates in any of the following sectors:

   1. Biometrics (including remote biometric identification, biometric categorisation, or emotional recognition)

   2. Critical infrastructure

   3. Education and vocational training (in relation to admission, assessment, access, and monitoring of student behaviour)

   4. Employment, workers’ management and access to self-employment (in relation to recruitment activities, task allocation, or employee evaluation, including in relation to promotions)

   5. Access to and enjoyment of essential private services and essential public services and benefits (in relation to eligibility assessments, creditworthiness, risk assessments in relation to life and health insurance, and AI systems used to categorise emergency services calls)

   6. Law enforcement

   7. Migration, asylum and border control management

   8. Administration of justice and democratic processes

However, a system will not be categorised as high risk where it is purely intended to perform a narrow procedural task, improve the result of a previously completed human activity, or detect decision making patterns.

Where a system is considered to be a high-risk system, the Act introduces a number of compliance requirements, including requirements concerning the design of the system itself (including in relation to human oversight, security, record-keeping, and quality management) and the operation of the system (including a robust risk management system, data governance, instructions for use and compliance documentation demonstrating compliance with the Act). These obligations can fall on various parties throughout the lifecycle of the system, and it is important for organisations to be familiar with their individual responsibilities under the Act.

Minimal Risk or General Purpose AI
Generative AI and Large Language Models (LLMs), although not high risk, will have to comply with certain transparency requirements outlined by the Act, including disclosing that content is generated by AI, designing the AI system to prevent it generating illegal content, and publishing summaries of the copyrighted data used for training the AI system, alongside establishing a policy to ensure compliance with the Copyright Directive.

The Act applies to any AI system that has a link to the EU market, defined in the broadest sense. There are therefore suggestions that the Act will become “the GDPR for AI”, having a wide extraterritorial reach, and establishing a new global standard for AI systems. The Act introduces fines of up to 7% of group worldwide turnover (or EUR35 million, if higher) for a breach of the provisions on prohibited AI, and up to 3% of group worldwide turnover (or EUR15 million, if higher) for any other breach.

What steps should you take?

For most provisions of the Act there is a two-year implementation period, allowing organisations time to get their house in order before the Act comes fully in to force. However, given the pervasive nature of AI in organisations, it is recommended that organisations start to assess their AI compliance sooner rather than later, seeking legal assistance where required.

In addition to reviewing whether an organisation uses AI, and its processes for assessing the compliance of new AI systems (both in relation to compliance with the Act and compliance with data protection), organisations should review their contractual relationships with suppliers of technology products that may use AI to establish where liability for potential breach of the EU AI Act would sit, and ensure that their own liability is limited to the extent possible.

DMCC Deep Dive: Competition

The Digital Markets, Competition and Consumers Act (DMCC) introduces new rules for mergers and acquisitions with a connection to the UK. Whilst much of the provisions are not yet in force (other than those concerning Newspaper Enterprises), it is expected that the updated merger regime will come into force during the latter half of 2024.

How could it impact your business?

On the one hand, the DMCC reduces the number of transactions for which the CMA has jurisdiction to investigate. The DMCC introduces a welcome safe harbour for mergers and acquisitions where both parties have an annual UK turnover not exceeding £10 million. In addition, the longstanding turnover threshold, granting the CMA jurisdiction to review transactions where the target company has a turnover exceeding £70 million is increased to £100 million, reducing the potential risk of CMA investigation for small and/or mid-market mergers. That being said, the 25% market share remains in force for transactions not benefitting from the safe harbour.

However, the more lenient rules for small to mid-market transactions come at the cost of additional rules for larger organisations involved in mergers, acquisitions and joint ventures. The DMCC introduces an entirely new condition where the CMA will have jurisdiction to review a transaction; the Killer Aquisition Condition. Under the new condition, the CMA will have jurisdiction to review transactions where one party (or any company within the corporate group) has both a 33% market share and a UK turnover exceeding £350 million (most likely the acquirer). It is notable that the Killer Aquisition Condition makes numerous references to enterprises under common control or ownership – taking a deliberate strike at investors and amalgamators alike.

Moreover, the DMCC introduces certain sector-specific rules: namely for acquisitions involving energy network enterprises and newspaper enterprises, introducing jurisdiction for the CMA to investigate transactions where a foreign power acquires a newspaper enterprise (covering both print and online media) and lowering the threshold at which the CMA can investigate mergers involving energy network operators.

In addition, the DMCC introduces an entirely new regulatory regime purely for the regulation of digital markets. Whilst the DMCC sets out specific rules for mergers exceeding a value of £25 million and involving a firm of Strategic Market Status, it is expected that the CMA will also use its additional powers under Part 1 of the DMCC to introduce additional notification requirements on SMS firms in relation to smaller transactions, and potentially even in relation to non-traditional acquisition strategy including strategic hires in nascent market hires. For more information on the Part 1 of the DMCC on the Digital Markets Regime, see our June Horizon Scanning update.

What steps should you take?

For enterprises anticipating merger activity in the near future, it is important to ensure that in any transaction a competition and national security assessment (to ensure compliance with the National Security and Investment Act) is completed and documented by legal experts. Companies on a sustained growth journey by acquisition may wish to adopt a strategy of engagement with the CMA, to prevent any nasty surprises post-acquisition.

Financial Reporting Council (FRC) second report

The Wates Principles offer a framework for large private companies (being those with more than 2,000 employees and/or a turnover of more than £200 million, and a balance sheet of more than £2 billion) to enhance their corporate governance reporting in order to meet legal requirements and showcase good practice.

On 12 August 2024, the Financial Reporting Council (FRC) published a second report evaluating the quality of corporate governance reporting by relevant private companies that follow the Wates Corporate Governance Principles. The report indicates around 30% of eligible large private companies adopted these principles in the 2021/22 reporting period.

It also highlights ongoing challenges in providing meaningful disclosures, particularly in areas like company purpose, board composition, risk management, pay philosophy, and stakeholder engagement.

How could it impact your business?

The FRC report suggests many companies are not fully meeting expectations in their corporate governance reporting, particularly through over-reliance on generic, boilerplate disclosures. This could impact your business by potentially lowering investor confidence, damaging reputation, or leading to increased scrutiny from regulators. Failing to provide detailed, company-specific disclosures could also impact the ability to effectively communicate your business’s values, strategies, and risk management practices to stakeholders.

What steps should you take?

To align with the FRC’s recommendations, your business should focus on improving the quality and specificity of its corporate governance disclosures. This includes:

• clearly linking your company’s purpose to its strategy, culture, and values with concrete examples;

• providing detailed information about board composition, the independence of non-executive directors, and how diversity is managed; and

• enhancing transparency around risk management processes and how your company identifies and seizes opportunities.

Data processor responsibilities for information security under the UK GDPR

The ICO has announced that it has provisionally decided to fine Advanced Computer Software Group Ltd (Advanced) £6.09m. Advanced is an NHS IT provider and data processor. The statement follows an initial finding that Advanced failed to protect the personal information of 82,946 people, including sensitive data. This relates to a ransomware attack involving hackers accessing Advanced’s systems via a customer account that was not protected by multi-factor authentication.

This decision is provisional at this stage, meaning that it is not possible to say whether there has been any actual breach of data protection law, or that the financial penalty will be imposed.

To read more about the ICO provisional decision, click here.

How could it impact your business?

Information Commissioner, John Edwards, has stated that he took the decision to publish the provisional decision on 7 August “as it is my duty to ensure other organisations have information that can help them to secure their systems and avoid similar incidents in the future”. He went on to say: “I urge all organisations, especially those handling sensitive health data, to urgently secure external connections with multi-factor authentication.”

The announcement is therefore a stark reminder to IT providers acting as processors that they carry their own responsibilities for information security under the UK GDPR, separately to that of their controller clients. This may come as a shock to some, who may have misunderstood their clients to shoulder a greater level of responsibility. Complacency or ignorance will be no defence to any infringement in this regard and IT providers must pay heed to the regulator’s warnings.

What steps should you take?

At a practical level, as the Commissioner has said, the ICO expect all organisations to take fundamental steps to secure their systems. This will include regularly checking for vulnerabilities, implementing multi-factor authentication and keeping systems up to date with the latest security patches. With the benefit of this warning sounding loudly, now is opportune for IT providers to review, refresh and strengthen their security measures accordingly.

Failure to maintain appropriate security measures exposes organisations to a greater risk of breaches (and in turn, risk of complaints and claims from affected data subjects, and enforcement action such as penalties from the ICO). What security measures are appropriate will depend on the organisation’s size, resources, and nature and scale of personal data handling, so there is an element of proportionality here. However, for all data processors, it is likely that the ICO, the controller and indeed data subjects themselves will expect sophisticated and robust measures to be in place.

Commission fines IFF for deleting WhatsApp messages during dawn raid

The European Commission (EC) fined International Flavors & Fragrances Inc and International Flavors & Fragrances IFF France SAS (together, IFF) €15.9 million in July 2024. The fine was a result of a senior employee of IFF intentionally deleting WhatsApp messages exchanged with a competitor containing commercially sensitive information during an unannounced inspection, after IFF was informed of the EC’s inspection (the IFF Investigation).

During unannounced inspections (also referred to as “Dawn Raids”), businesses must cooperate with regulators and preserve evidence – the UK’s Digital Markets, Competition and Consumers Act (DMCC) introduces a fixed penalty of up to 1% of a business’ annual global turnover, as well as daily penalties of up to 5% of daily global turnover for non-compliance with an investigation, bringing the UK’s Competition and Markets Authority (CMA) fining powers in line with European jurisdictions.

How could it impact your business?

Businesses are increasingly using social media apps, including WhatsApp, to communicate both internally and externally. Much of a business’ information can therefore be found on digital devices (whether owned by the business or on personal devices owned by staff). The risk of deletion and manipulation of electronic information is increasing, especially in the context of a Dawn Raid or request for information made by a competition authority.

As commented on in our Competition Horizon Scanning update in May, the CMA can obtain a warrant to search a domestic property where it has reasonable grounds for suspecting that documents relevant to its investigations are located at a domestic property and could be concealed, removed, tampered or destroyed by the individual at that property. Businesses which have working from home / hybrid working arrangements could be impacted, including where staff are storing documents off premises.

Competition authorities are aware of this risk, with the EC demonstrating that it is armed with cutting edge IT tools and forensic experts to detect deletion or manipulation of electronic information (including the recovery of deleted data) in the exercise of its powers to investigate potential antitrust infringements. This power can be exercised across a business’ operations, including sales, supply, marketing, joint ventures or collaborations, and enables Competition Authorities to seize both business and personal assets for investigation, including those located at domestic properties.

What steps should you take?

Awareness of competition law for businesses and employees is crucial, particularly during an era when competition authorities have been granted stronger enforcement and investigatory powers, such as the CMA’s enhanced powers for the direct enforcement and investigation of consumer rights infringements under the DMCC. Businesses should therefore implement a competition compliance programme, including a dawn raid procedure and competition compliance dawn raid training to prepare staff of all levels on how to respond to a Dawn Raid.

The Arbitration Bill Reintroduced

We initially reported on the Arbitration Bill when it was first introduced in November 2023, however this fell when Parliament was dissolved. Following the General Election, the Bill has now been re-introduced into the UK Parliament, with the Government stating that it wants to get the Bill passed without further delay.

The Bill intends on modernising the law on arbitration, strengthening the courts' powers and facilitating quicker dispute resolution as follows:

• Governing law of an arbitration agreement: the introduction of a new default rule which governs arbitration agreements. In the absence of express agreement between the parties regarding the governing law of the arbitration agreement, the default rule would be in favour of the law of the seat of arbitration.

• Arbitrators’ duty of independence and disclosure: the codification of the arbitrators’ common law duty (under Halliburton v Chubb) to disclose any circumstances where their impartiality may reasonably be deemed to be compromised.

• Arbitrators’ immunity: extending arbitrators’ protection against any applications for removal and resignations.

• Summary disposal: the introduction of a new default power for arbitrators to issue an award to dispose any issue, claim or defence which lacks merit on a summary basis.

• Challenging an award for lack of substantive jurisdiction: the limitation of the parties’ ability to rely on new grounds, or evidence when appealing.

• Courts’ supportive powers: the extension of the courts’ power to cover third parties and peremptory orders made by emergency arbitrators.

How could it impact your business?

An improvement and modernisation of the law on arbitration should give businesses confidence to use arbitration as a preferred method of dispute resolution.

Arbitration has long been recognised as a more confidential, efficient and cost-effective method of dispute resolution. However, lack of confidence in the integrity of the process and the ability to enforce arbitration agreements and rulings has undermined the process. The Bill intends to strengthen the courts powers and facilitating quicker dispute resolution.

What steps should you take?

Consideration should be given as to whether arbitration should be your preferred method of dispute resolution and whether the UK should be the preferred forum and governing law. If so, it may be time to review dispute resolution clauses within your standard and non-standard contractual agreements to include a suitable arbitration clause which is compatible with the proposed amendments.

Employment Tribunal: Discrimination on the basis of gender critical beliefs

In the recent case of Orwin v East Riding of Yorkshire Council an Employment Tribunal considered whether an employee had been discriminated against in respect of his gender critical beliefs, after he was dismissed for refusing to remove a deliberately provocative email signature.

East Riding of Yorkshire Council (“the Council”) introduced an email policy which permitted employees to state their preferred pronouns in their email signatures, if they wanted to. The policy did not confirm what pronouns would be acceptable, but did provide a short list of some common examples.

The Claimant, who holds the belief that sex is biologically immutable and binary (either male or female), added the words “XYchromosomeGuy/AdultHumanMale” to his email signature, in response to the policy. The Council repeatedly asked the Claimant to remove the words from his email signature and, after refusing to do so on multiple occasions, he was dismissed. A claim for direct religion or belief discrimination, amongst other claims, was brought by the Claimant based on his gender critical beliefs.

The Tribunal considered the proportionality of the Council’s actions and noted, in particular, that the Claimant had a public facing role and was trying to be deliberately provocative in the choice of words in his signature, as an act of protest against the policy. The Claimant’s use of words created a real risk of reputational damage to the Council and also directly contradicted their attempts at being inclusive.

The Tribunal concluded that the Council’s decision to dismiss the Claimant was in response to the inappropriate manifestation of his beliefs, rather than the fact that he held such beliefs, and the Claimant’s claims were dismissed. This distinction is key in religion or belief discrimination cases.

How could it impact your business?

Policies of this nature, which concern sensitive topics, need to be thoroughly considered and carefully implemented. In this case, whilst the Tribunal dismissed the claims against the Council, it stated that their email policy was “poorly thought through and badly executed”, which highlights the importance of clear communication between employers and employees and implementation of meaningful guidance, where appropriate, when introducing new workplace policies.

What steps should you take?

Employers need to exercise caution when navigating the various beliefs held by employees in the workplace and should be prepared to handle any conflict sensitively, constructively and proportionately, looking where possible to resolve issues through dialogue and understanding, rather than immediately jumping to disciplinary action.

This case involves an employee being deliberately provocative in their actions and assists in establishing the boundaries of what may or may not be considered as an acceptable manifestation of gender critical beliefs by a Tribunal. However, this is an extremely fact sensitive area of law, and we would recommend you seek legal advice where such issues arise.

Repeal of Strikes (Minimum Service Levels) Act 2023

On 6 August 2024, the Department for Business and Trade confirmed in a press release that the Strikes (Minimum Service Levels) Act 2023 (“the Act”) is to be repealed. The Employment Rights Bill will be the legislative vehicle for repeal.

The new Labour government will therefore shortly take away the additional restraints that the last government sought to impose around services in the public sector.

It is unclear exactly when the Act will be repealed, but the government remains committed to introducing the Employment Rights Bill within the first 100 days of being in power.

The Deputy Prime Minister Angela Rayner said: “Repealing this legislation is the first part of our plan to reset industrial relations so they are fit for a modern economy”.

How could it impact your business?

Until the Act is repealed, the press release encourages employers to avoid imposing/scrutinising the additional minimum service levels applicable to ‘key’ sectors. Employers should continue to look for alternative mechanisms to solve disputes, including entering into voluntary agreements, with industrial relations being based on good faith negotiation and bargaining. A further observation is that when the Act is repealed, it will be easier for unions to strike in the public sector.

What steps should you take?

We await further details of the Employment Rights Bill. For now, employers are being strongly encouraged to enter into general discussions with trade unions, instead of using requirements for minimum service levels as a negotiating tool. The Government intends, by repealing the Act, to create a new partnership between trade unions, business and working people; they state that “strong but fair negotiations are key to tackling issues between workings and employers, from low pay to inequality and discrimination”.

EHRC report on racial discrimination in Great Britain

On 7 August 2024, the EHRC submitted a report dated July 2024 to the United Nations Committee on the Elimination of all forms of Racial Discrimination (CERD Committee).

The report found that Pakistani, Bangladeshi and Black groups in Britain had the highest unemployment rates, with Pakistani and Bangladeshi groups also having the largest pay gaps when compared to White British workers, being paid 17.7% and 7.8% less respectively in 2021/22.

How could it impact your business?

The report recommends that, where appropriate, the UK and Welsh Governments introduce a mandatory duty on employers with more than 250 staff to monitor and report on ethnicity recruitment, retention, and progression, with a requirement for mandatory action plans that outline how gaps and inequalities are going to be addressed.

What steps should you take?

Employers should take steps to ensure that, when it comes to recruitment and progression in particular, there are no factors influencing the outcomes other than a candidate’s/employee’s performance during the recruitment process or in the workplace. It is recommended that employers work to increase awareness of the relative disadvantage of groups and take steps to increase ethnic minority representation - the latter within the law. It is also important that employers ensure that the relevant policies (e.g. Equal Opportunities, Dignity at Work, Recruitment) are in place and are up to date.

Riots across the UK: dealing with disorderly behaviour

The nation has faced widespread riots, protests and racially aggravated violence over the last month. Many employers will have had to deal with queries from concerned employees, who are worried about travelling into work during this period. During periods of civil unrest, employers may wish to remind their workforce of how they can access emotional and practical support, and how to report any incidents of discrimination or harassment they experience in the course of their employment. It will also be prudent to consider whether any temporary adjustments need to be implemented during periods of unrest, particularly where certain groups of individuals are specifically targeted/affected, such as working from home or adjusted working times.

There will no doubt be businesses who have discovered that their employees were involved in the riots/violence or were otherwise trying to incite violence (whether in person or online), some of whom may have been arrested and charged. There may be temptation to immediately dismiss such employees, as a matter of cours, however, employers should exercise caution in these circumstances. Generally speaking, jumping straight to dismissal purely based on a criminal charge can leave a business exposed to liability. Navigating the various issues, such as whether disciplinary action can be commenced, whether pay can be withheld, or if dismissal is appropriate, is a nuanced and fact specific exercise and we would always recommend that legal advice is sought prior to any action being taken or decisions being made.

Study of Regulatory Restrictions on Single Use Plastics

The Competition and Markets Authority (CMA), through the Office for the Internal Market (OIM) has launched a study into the regulatory restrictions on single use plastics (SUPs) in the UK market. The study opened on 29th July 2024 with a business survey open until 16 September 2024 for stakeholders to complete. The analysis of the evidence gathering is expected to conclude by January 2025.

One of the priorities outlined in the CMA annual plan (2024/25) is to ensure that the UK economy can grow productively and sustainably. The decision to launch the study on SUPs realises that priority by addressing the regulatory landscape governing SUPs and the value that consumers attach to sustainability.

The OIM, an independent body sitting within the CMA, is seeking feedback from a range of stakeholders in the SUP supply chain about their experiences of dealing with regulatory changes in this sector, in particular how diverging regulations across the UK nations affect the use of SUPs.

How could it impact your business?

Since 2011, the four nations have brought in rules and restrictions to tackle SUP waste, largely emanating from the EU’s regulatory framework which acted as a benchmark for setting standards.

Further to this devolution and since leaving the EU, the UK and devolved governments have seen the return of powers that previously were exercised by the EU, increasing the level of regulatory divergence. For example, the Single Use Carrier Bags Charges (England) Order 2015 (SI 2015/776) applies to business sellers in England only, and presently there are differing Packaging Waste strategies for England, Wales, Scotland and Northern Ireland, meaning that businesses will have to consider each standard when planning future operations in the four nations. The UK internal Market Act 2020 (UKIM) has the purpose of preventing internal trade barriers within the UK and to restrict the legislative powers of devolved administrations in economic matters. For example, UKIM recently put a halt to Scotland’s bottle deposit return scheme (DRS), concluding it could create an unlawful trade barrier with the rest of the UK.

Despite UKIM, the nations are setting diverging rules with the aim of protecting the environment from SUP waste and tailoring rules to their specific needs. Therefore, businesses end up arranging their entire UK supply according to the most restrictive regulatory regime and market requirements, addressing supply chain logistics, manufacturing costs, quality and consumer expectations to address diverging rules. The cost of compliance across a business’ operational use of SUPs could, at present, be duplicated. However, given the need for a joined-up approach, and the recent halt to Scotland’s DRS, we can expect to see the use of UKIM to prevent any further divergence and help businesses navigate the regulatory landscape they operate in.

What steps should you take?

The tone of the study and explanatory text indicates that a joined-up approach to SUPs can be expected in the medium to long-term. This would be consistent with the increased public demand for regulators to tackle green issues and reduce barriers to trade.

Recent legislative changes in the EU in relation to sustainability and green initiatives (as commented in our June ESG horizon scanning update) demonstrate its aim to create a harmonised regulatory framework across the bloc, with a comprehensive set of standards that businesses can be confident apply across all EU member states, including those matters that apply to Northern Ireland by virtue of the Windsor Framework. Businesses and stakeholders involved in the SUPs industry have an opportunity to comment on and provide their responses to the study, helping shape the next phase of regulatory action, particularly by sharing their views on the divergent standards across the four nations, which could lead to a single set of laws governing SUPs.

A single regulatory framework could also assist with reducing the cost of compliance, stock segregation and general training for businesses. By participating in the study, businesses can voice their support for a single regulatory framework.

To respond to the survey, or to read more about the CMA study, click here.

Can a landlord carry out works to alter a demise?

With the move towards net zero, many landlords are looking to improve the condition and efficiency of their existing stock of properties, whilst minimising the impact on their own costs.

A recent judgement in Triplark Ltd v Whale and Ors [2024] EWHC 1440 (Ch) considered the extent of a tenant’s demise and the ramifications for repair if a landlord carries out improvement works. In this case the landlord wanted to carry out works to enhance the energy efficiency of a building and comply with the MEES (Minimum Energy Efficiency Standard) regulations. The building had been constructed in 1935 and the landlord wanted to change the communal heating and hot water system serving the building. However, the tenants of the building objected as they were concerned that the additional apparatus would form part of their demises and therefore become part of their repairing obligations (the extent of the property demised to the tenants in their leases included the central heating and hot water apparatus). The landlord sought a declaration to carry out the improvement works but the court refused the application.

How could it impact your business?

Whilst this is a residential case, the application of the principals would not be limited to residential leases and could apply equally in commercial situations, with commercial landlords also looking to make improvements to their property portfolio.

What steps should you take?

If you find yourself in this situation, the first step is to check what the lease says, particularly in respect of the landlord’s ability to carry out any additions to plant, equipment or fixtures.

Has the landlord reserved the right to enter the tenant’s premises to carry out works to improve their environmental performance? Without an express right of entry for works, the landlord would have no right to do so.

If your landlord requests access to your demise to carry out any improvements to the property, consider who will be responsible thereafter for maintaining the additional apparatus or equipment.