Product Security and Telecommunications Infrastructure Act 2022 and Security Requirements for Relevant Connectable Products Regulations 2023

The Product Security and Telecommunications Infrastructure Act sets out duties for manufacturers, importers and distributors to comply with in relation to connectable products such as smart TVs, internet connectable camera and speakers. The aim of the Act is to make those relevant products more secure against cyber-attacks by setting minimum-security requirements. The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023 provide the detail of the security requirements set out in the Act. The full regime commenced on 29 April 2024.

The Act defines the relevant connectable products covered, and the duties imposed at different levels of the supply chain, The Regulations sets out the minimum security requirements required for compliance with the Act.

How could it impact your business?

This Act and the accompanying Regulations will affect any business dealing with connectable products as defined in the Act, regardless of the level of the supply chain that the business sits i.e. whether you are a manufacturer, importer or distributor.

Broadly speaking the Act will provide additional duties for businesses to investigate any potential compliance failures and maintain records of such investigations and to take action in relation to any compliance failures and/or not supply any products where there has been a compliance failure.

The Regulations set out minimum-security requirements including minimum password requirements, reporting security issues to a manufacturer designated point of contact and minimum-security update periods.

The Office for Product Safety and Standards will be responsible for enforcing the Act and the Regulations from 29 April 2024. Where a business is subject to the Regulations and fails to comply, they could be subject to enforcement action including compliance notices, stop notices, recall notices, informing the public of any failures to comply and a monetary penalty of up to the greater of £10 million and 4% of an organisation’s qualifying worldwide revenue in respect to each single breach.  

What steps should you take?

Given the potential financial and/or reputational risks, any businesses operating in this space should actively consider whether the legislation applies to them and/or their products and should ensure that they have suitable policies and procedures in place as soon as practicable.

Online Consumer Terms

The recent case of Parker-Grennan v Camelot raised the issue of what is sufficient to incorporate standard consumer terms and conditions into a contract for goods or services which is made online.

It was determined in this case that the general rules of incorporation remain fit for purposes, despite these rules having been developed prior to the digital era, particularly that:

• whilst a business does not need to go to excessive or exhaustive lengths to ensure a consumer has read the terms before signing or agreeing them, the business does need to take reasonable steps to bring the terms to the customers’ attention and give them sufficient opportunity to read them; and

• the terms need to be clearly drafted and ensure that each individual clause does not have a significant imbalance in the parties’ rights and obligations arising under the contract to the detriment of the consumer and that they are not onerous or unusual.

How could it impact your business?

Whilst this case doesn’t change current law or practice, it is beneficial to reinforce the importance of ensuring that terms are properly incorporated when operating online.

Following on from this case it is good practice to review the business’ terms and consider the following:

• Are consumers made aware that standard terms and conditions apply?

• Can consumers easily access the terms i.e. via drop down menus or hyperlinks?

• Is the consumer required to click acceptance to the terms and on any updates to the terms?

• Are the terms written in ordinary plain English that the consumer can understand?

What steps should you take?

The Court concluded in its Judgment that this was likely to be an area which should be reviewed in the future by the Law Commission. Therefore, businesses which are selling goods or services online to consumers using standard terms should ensure that they are meeting the current requirements of incorporation and should watch this space for future developments if the Law Commission determines further measures will be necessary in the digital/online space.

AI in Competition Law

Regulatory Updates

AI, and the regulation of AI, is firmly under the spotlight given the nascency of AI and machine learning technologies and their potential for revolutionising business and the economy. However, it is a misnomer to suggest that AI is not regulated. Presently, we have the EU’s AI Act creating new compliance obligations for AI providers whilst the UK’s AI Regulation White Paper sets out the intention for UK specific regulatory intervention with legislation expected following the UK general election.

The Competition and Markets Authority (CMA) recently released its report on AI Foundation Models, building on its understanding of the AI market. The CMA, the Information Commissioner's Office, the Office of Communications and the Financial Conduct Authority have built on their working relations to establish the Digital Regulation Cooperation Forum (DRCF). The DRCF has too expressed concerns with AI and control over its critical inputs – data, compute and expertise.

In addition, the Digital Markets, Competition and Consumer’s Act (DMCC) supplements the UK’s regulatory framework and adds to the CMA’s powers, further enhancing the regulation of AI and digital markets in the UK.

CMA – Investigation

The CMA recently launched investigations into the Microsoft / Inflection AI arrangements and Amazon / Anthropic partnership, recently announcing that the Microsoft partnership with Mistral AI does not qualify for investigation under the merger provisions of the Enterprise Act 2002. The CMA alleged that these partnerships are used as shields to pre-empt competitive threats by absorbing expertise and technology, reminiscent of the tactics employed by Microsoft in the early 2000s. Several cloud service providers (CSPs), already in the CMA’s spotlight, are offering their infrastructure to AI developers leveraging native access to cloud compute. The CMA is therefore concerned that this could be used as a potential source of material influence over an AI provider’s management of its business, raising concerns that a small number of incumbents are shaping the AI market in their favour.

Operational Issues

Operationally, AI models could facilitate “algorithmic collusion” or coordination amongst competing firms, evidenced in the Online Poster Selling Case of 2016. Where there is a high degree of market transparency, an innate feature of digital markets, or where AI is deployed where there are frequent interactions with competitors, collusion is more likely to occur; even without human intervention, risking infringements of competition law.

How could it impact your business?

Regulatory Updates

The CMA is armed with a new power under the DMCC to review so called “nascent” and “killer” acquisitions where incumbents attempt to subvert competition through acquisitions, partnerships or JVs. The CMA is flexing its new investigatory powers to protect competition and is a trend that can be expected to continue as the AI market develops.

The CMA’s new investigatory powers means that it has an enhanced remit to make requests for information which could result in businesses being subject to CMA investigations.

The CMA’s recent decision not to investigate the Microsoft and Mistral AI partnership highlights how partnerships between AI providers and CSPs can be subject to a merger review. Where CSPs offer access to compute and distribution channels, or invest in the AI provider, these factors could indicate that the CSP has material influence over the control of the AI provider and could attract regulatory scrutiny.

Operational Issues

AI is transforming business operations at an unprecedented pace. Particularly so where firms are deploying AI pricing algorithms to monitor and respond to competitor adjustments. The risk of infringing competition law through algorithmic collusion, even unintentionally, is very high.

A firm deploying AI models without any internal policies or guidance on how to use AI, exposes the firm to risk. Specifically, firms that input commercially sensitive data into the AI model without rules on what can, and cannot, be shared with their AI provider. By doing so, the firm risks participating in a hub and spoke arrangement, and potentially infringing competition law.

Whether a firm deploys AI operationally, or acquires / sells its AI technology, the CMA can impose a fine of up to 10% of group annual worldwide turnover, criminal sanctions and director disqualification where the CMA has found a breach of competition law.

What steps should you take?

Businesses considering deploying AI models should implement a Responsible Use of AI policy, ensuring that it operates in conjunction with a competition compliance policy. Critically, this policy should address how commercially sensitive information is shared with its AI provider and in compliance with competition rules. Businesses should ensure that in-house legal counsel is involved at the outset of any AI project and engage in regular horizon scanning. External support and training can supplement compliance efforts to remain up to date with the latest regulatory developments.

Where an AI provider has been engaged, review its terms and conditions and perform due diligence on the AI provider’s offering before signing up to their terms by documenting this in an ‘AI Impact Assessment’.

For a business considering collaborating with an AI company, whether through a contractual partnership or a corporate joint venture, it should engage with its advisors at the outset of the collaboration to address regulatory and competition issues.

For firms already deploying AI models, regularly monitor and document the model’s performance against benchmarks and any competition compliance policies, specifically where that AI model is deployed to monitor and adjust pricing in response to competitors’ pricing.

Regulators are grappling with AI and its unprecedent rate of adoption but have significant enforcement powers bestowed upon them to deal with suspected anti-competitive effects in the AI market. Despite this, there are calls to allow the AI market to develop organically with the best tech, with the DRCF offering a one-stop shop for businesses to submit their AI use cases for regulatory oversight.

Considering the significant potential sanctions for non-compliance with the competition regime, business should act quickly to identify and remedy risks with their AI deployment.

CMA’s Toolkit of Powers

The Competition and Markets Authority (CMA)’s information gathering and investigatory powers have been bolstered through several recent precedent setting cases.

In the case of CMA v Volkswagen AG & BMW AG (VW and BMW case), the Court of Appeal upheld that section 26 of the Competition Act 1998 (which grants the CMA the power to require any person to produce documentation which the CMA considers relevant to an investigation) has extraterritorial effect and a request for information can be given to “any person” which includes an undertaking outside of the UK.

Separately, the CMA was successful in the High Court against the Competition Appeal Tribunal (CAT) in the case of the CMA v CAT and Interested Parties (the Warrants Case). The Court held that the CAT wrongfully refused the CMA’s application for a domestic property search warrant in a cartel investigation. The CAT refused the warrant on the basis that a “higher order of scrutiny” was required for domestic warrants rather than for business premises warrants.

The High Court determined that the CAT was wrong in its conclusion on the basis that the application for both domestic and business premises warrants should be assessed according to the same statutory standard contained in sections 28 and 28A Competition Act 1998, as the wording for the tests in both sections is the same: the CMA must have “reasonable grounds” for suspecting that the documents required for an investigation would be “concealed, removed, tampered with or destroyed”.

How could it impact your business?

From the decision in the VW and BMW case, the Court of Appeal confirmed that the CMA has the power to require overseas companies to produce documents and information when it is investigating suspected anti-competitive behaviour which could harm the UK market.

This decision will affect the information / document retention practices and policies of businesses which trade with the UK, even if their data is not held in the UK but their activities affect the UK market. A request for information (RFI) can now be issued to entities outside the UK meaning that businesses cannot hide behind subsidiaries in foreign jurisdictions to avoid an RFI from the CMA.

The Warrants Case affirmed that the CMA could obtain a warrant to search domestic property where it has reasonable grounds for suspecting that documents relevant to the CMA’s cartel investigation located at domestic property would be concealed, removed, tampered or destroyed by the individual who is at that property.

Post pandemic, working from home has become an increasingly permanent feature in the way businesses work, and therefore businesses who have embraced work from home could be impacted, including any hybrid working arrangements and storing documents off premises.

The CMA can fine any person who fails, without a reasonable excuse, to comply with an RFI. Such a fine could be a fixed fine of £30,000 or daily penalty of £15,000, or a combination of the two depending on what the CMA considers appropriate in the circumstances. Under the DMCC, businesses can face a fixed civil penalty of up to 1% global turnover.

Providing false or misleading information, or destroying, falsifying or concealing documents, is a criminal offence, punishable by a fine or imprisonment.

What steps should you take?

As a starter for 10, businesses should review their data management and retention practices and policies to ensure that information is readily accessible, regardless of where it is held (whether digital or in hard copy). Adopting and implementing a competition compliance policy and training on competition infringements can help businesses comply with the law whilst remaining competitive in the UK market.

The CMA’s extraterritorial information gathering powers means that firms suspected of committing anti-competitive behaviour cannot use an overseas entity to avoid the CMA’s requests for information. Should a business receive an information request from the CMA for suspected anti-competitive conduct, we recommend engaging advisors early to prepare a strategy for responding to the CMA.

Acknowledging that work from home is here to stay, we recommend that businesses review their work from home policy, including document management policies on and off-site. Organisations should seek training and guidance on how to approach dawn raids and how best to work with the regulator should a warrant to search business and domestic premises be obtained by the CMA, coming at a time when the Digital Markets, Competition and Consumers Act expands the scope of the CMA’s domestic premises searches further.

Border Controls

The Border Target Operating Model (BTOM) is slowly coming into force. The BTOM (the new border control rules to be implemented in the UK as a result of the end of the Transition Period) has been subject to repeated delays (5, to be exact) since the initial roll-out date. However, on 30th April the second phase of the BTOM (concerning controls on animal and plant exports) came into force, amidst speculation that it too would be delayed. It is expected that the third phase (concerning safety and security declarations) will come into force on 31st October, however with the recent announcement of the General Election, the timeline of the roll out is once again in the balance.

How could it impact your business?

For businesses importing products from the European Union, it is important to be familiar with the new rules for imports. Currently, the key changes impact medium and high-risk animal products, plants, plant products and high-risk food and feed of non-animal origin from the EU. These products will be subject to higher controls at the border, including both documentary and physical examinations and additional common user charges. DEFRA confirmed in a recent blog post that initially the border checks will prioritise high risk imports, which will gradually scale up to full check levels over time in an effort to minimise delays. Given the perishable nature of many of the goods subject to checks it is important to get it right first time to prevent products exceeding their shelf life before being able to cross the border.

Businesses that do not engage in imports themselves, but are aware of imports in their supply chain, should remain aware that increased border checks may result in additional delays, shortages of products, and potential price rises from suppliers.

What steps should you take?

For businesses that engage in imports, familiarisation with the new rules, whether independently or through customs agents, will be of utmost importance to ensure a smooth transition at every stage of the roll out. Whilst it is uncertain at this time whether the third phase of the BTOM (safety and security declarations) will be implemented in October, it is best to plan ahead, just in case.

For those that do not import, but engage with suppliers who do, now is a good time to review the contractual arrangements you have in place with suppliers, and whether the arrangements provide you with sufficient protection should goods be delayed at the border. Key elements to consider include:

• Does the contract set out clear, defined periods for delivery of goods?

• Which party is responsible for risk in the products during delivery?

• Do the parties have any effective remedies in the event of late delivery?

• Which party carries the burden of customs compliance?

• Does the force majeure clause cover imports and exports legislation and delays?

If you require assistance with contract review, please do not hesitate to contact our commercial team.

The DMCC receives Royal Assent

On the 24th May, in the wake of the election announcement, The Digital Markets, Competition and Consumers Act 2024 (DMCC) received royal assent as part of the wash up period. The DMCC is the most significant change to the competition and consumer regimes for over twenty years and will impact every business.

Key changes introduced by the DMCC include the regulation of digital markets, new merger control thresholds and direct enforcement for consumer protection law.

How could it impact your business?

Digital Markets

Under the DMCC the CMA has powers to designate certain, powerful, undertakings as having ”strategic market status” in relation to some or all of their digital activities. Once a firm is designated as having strategic market status, it will have increased compliance and reporting requirements, including bespoke commitments imposed on the undertaking by the CMA, based on the principles of fair trading, open choices, trust and transparency. The CMA expects to designate between three and four undertakings per year, and designation will be reserved exclusively for those organisations with “substantial and entrenched market power”. The CMA receives enhanced enforcement powers under the Act, including the ability to impose fines of up to 10% global annual turnover for breaches of codes of conduct.

Whilst most firms will not be designated as SMS firms, almost all businesses will, in some capacity, benefit from the digital regulation regime, as the regime is likely to result in fairer contracts, greater interoperability and switching powers, and increased enforcement options in the event that a firm has breached its commitments.

Merger Control

In a much-needed update to the existing turnover thresholds set out in the Enterprise Act, the DMCC increases the current £70 million turnover threshold to £100 million. Alongside increasing the existing threshold, the DMCC introduces an additional, broader threshold where one party to the transaction has an existing share of supply of 33% in the UK and a turnover of at least £350m, provided the target has a UK nexus. However, the DMCC also introduces a welcome safe harbour for mergers where each party has a turnover of less than £10m, which are exempt from review.

Consumer Law

In a seismic change to consumer law enforcement, the DMCC grants the CMA direct enforcement powers for consumer law, mirroring its existing powers under the Competition Act 1998 for breaches of competition law. The direct enforcement powers mean that the CMA will investigate breaches of consumer law itself and can fine organisations in breach up to 10% annual group worldwide turnover and disqualify company officers found to be in breach of the law.

From a legislation perspective, the DMCC repeals the Consumer Protection from Unfair Trading Regulations 2008, replacing the Regulations with new provisions set out in the DMCC. Whilst at first glance the new provisions appear broadly similar to the existing law the DMCC includes additional protections for consumers, most notably in relation to websites containing drip pricing, urgency sales tactics, and fake reviews. In addition, the DMCC introduces provisions for subscription contracts, setting out that auto-renewal contracts will need to provide pre-contractual information to the customer, with clear notices before a free trial or offer comes to an end, and an easy exit plan.

As a result of the changes to consumer law, organisations engaging in contracts with consumers will see increased enforcement of consumer law, with much more severe penalties.

What steps should you take?

All organisations will be impacted in some way by the DMCC. Whilst the timeline for implementation of the majority of the provisions in the DMCC is still to be confirmed, organisations should familiarise themselves with the content of the DMCC, reviewing their existing policies, practices and agreements to ensure ongoing compliance, and seeking external help where required.

For further information please contact our Competition Team.

Election 24 and shelved legislation: what didn’t make the wash up

The recent, unexpected, announcement of the general election brought with it a wave of uncertainty, throwing legislation working its way through the legislative process into flux. Whilst some legislation, including the Digital Markets Competition and Consumer Bill, the Post Office (Horizon Systems) Offences Bill, and the Victims and Prisoners Bill hurriedly received royal assent as part of the “wash-up period”, other notable draft pieces of legislation have been shelved, perhaps indefinitely.

How could this impact your business?

As part of regular horizon scanning activities, many businesses start preparing for legislation whilst it is still working its way through parliament. The sudden dissolution of parliament means that much of the legislation that was previously on the horizon has now been halted, uncertain that its journey through the legislative process will recommence at any point in the future. The following pieces of legislation have currently been ‘shelved’ and will not, at least in the short term, receive royal assent:

• The Tobacco and Vapes Bill: a controversial Bill introduced by the Sunak administration amending the laws around the sales of tobacco products and introducing an offence for the sale of tobacco products to those born on or after 1 January 2009. In addition to the provisions concerning tobacco, the Bill introduced increased regulation on vape products, including by limiting colour and flavour choices. Whilst the future of the Bill is uncertain, both major parties expressed support for increased regulation of vape products, and so some form of increased regulation is to be expected irrespective of the election result.

• The Renters (Reform) Bill: a Bill introduced to prevent no-fault evictions in residential leases. Reports suggest that labour wished to push this Bill through as part of the wash-up process, but the move did not receive support from the conservative government.

• The Football Governance Bill: a Bill to introduce an independent regulator for football, with the power to sanction firms in breach of the Bill. The Bill has cross-party support and is expected to be reintroduced following the election.

• The Criminal Justice Bill: a wide-ranging piece of legislation introducing additional legislation in relation to rough sleeping and dangerous cycling. The contents of the Bill, particularly around homelessness and the interaction of the Bill with human rights legislation, are particularly controversial and are likely to be heavily amended in the event of a regime change.

• Offshore Petroleum Licensing Bill: a Bill designed to increase energy security, and to ensure licences for oil and gas projects in the North Sea would be awarded annually. The Bill has been criticised for detracting from net-zero priorities.

• Data Protection and Digital Information Bill: a Bill that has received a fair amount of press, and on which our competition partner, Neil Warwick, gave evidence to the House of Lords Committee. The Bill has drawn attention due to concerns it may impact the UKs adequacy status with the EU, and limit data flows between the two. Indications suggest that the Bill, in its current form, will not be reintroduced.

• Economic Activity of Public Bodies (Overseas Matters) Bill: A Bill that sought to ban public bodies from boycotting Israel.

• Arbitration Bill: a Bill complimenting the provisions of the Digital Markets, Competition and Consumers Bill, providing new rules for business/consumer arbitration, based on a recent consultation into the current rules concerning arbitration.

• Litigation Funding Agreements (Enforceability) Bill: a Bill to reverse the judgement in UK Supreme Court judgment in PACCAR, which rendered many third-party litigation funding agreements unenforceable.

• Sentencing Bill: a Bill to amend sentencing to introduce whole life sentences for the worst crimes.

What steps should you take?

In relation to the legislation that has been shelved during the wash-up, businesses should pause any compliance reviews at this stage whilst continuing their horizon scanning activities throughout the election - particularly on the release of manifestos to determine which Bills may be resurrected. Knights will be producing various pieces as part of our regular horizon scanning to keep you up to date on what the election may mean for different areas of law, and how businesses can best prepare for a world after the election.

Non-Financial Reporting Requirements - Government Consultation

The Department for Business and Trade (“DBT”) is working alongside the UK regulator for corporate governance, reporting and auditing (the Financial Reporting Council (“FRC”)), to review the non-financial reporting requirements for UK companies. The aim of the review and consultation is for UK companies to only produce information that is focussed, comparable and concise.

The first phase of the review has concluded, and the following planned changes have been outlined:

1. The company size thresholds set out in the Companies Act 2006 (“CA 2006”) are to be increased by 50%.

2. Various reporting requirements for the Directors’ Report are to be removed. With a focus on removing duplicated or outdated information. The information to be removed is currently proposed to be information on research and development, likely future developments, financial instruments, important events, employment of disabled people, branch information, and engagement with employees, suppliers, customers, and others.

3. Streamlined reporting requirements relating to the Directors’ Remuneration Report and Directors’ Remuneration Policy (in practice, this change is likely to only affect quoted companies or unquoted traded companies).

These changes are intended to take the form of secondary legislation to be proposed by the government in the coming months. The intention is for the proposed legislation to be laid before Parliament in summer with an intended commencement date of October 2024.

How could it impact your business?

The proposed changes will hopefully alleviate some of the financial and logistical challenges faced by businesses when complying with their non-financial reporting requirements under the CA 2006. However, as the secondary legislation has yet to be drafted, this position could change and is not yet certain.

The increase of size thresholds under the CA 2006 by 50% is said to allow over 100,000 smaller UK companies to benefit from simpler, more proportionate non-financial and financial reporting regimes suitable to their scale. In addition, the change in reporting thresholds under the CA 2006 may inadvertently affect other reporting obligations which are not determined by the CA 2006 (e.g. modern slavery reporting obligations).

What steps should you take?

UK companies should keep an eye on the progress of the secondary legislation to see how the changes will affect their business in practice. UK companies should also consider whether they will be caught by the change of size thresholds set out in the CA 2006. It is important to note that these threshold changes do not apply to all reporting obligations and, as such, companies should seek advice on their reporting obligations if they are unsure.

This review forms part of the reviews taking place under the wider “Smarter regulation to grow the economy policy paper” which sets out how the government aims to improve regulation across the board. UK companies should also keep an eye on the other regulation reviews taking place under this policy paper.

Information Commissioner’s Office issues new ‘fining’ guidance

The Information Commissioner’s Office (ICO), the UK’s data protection regulator, has issued guidance on its approach to issuing penalties and calculating fines. The guidance took effect in March 2024, following a consultation on a draft version of the guidance last year. It is hoped that the new guidance will provide clarity and transparency for organisations on what their potential exposure might be for non-compliance with UK GDPR requirements. 

How could it impact your business?

The new guidance will be particularly relevant for legal and compliance teams but should be on the radar of every organisation handling personal data. It includes a list of factors that the ICO will take into account when considering whether to issue a penalty and in determining the amount. The list includes measures within the organisation’s control, such as: ‘the degree of cooperation with the Commissioner, in order to remedy the infringement and mitigate the possible adverse effects of the infringement’.

The guidance also explains the impact upon organisations forming part of an ‘undertaking’ (e.g. where the data controller is a group company or subsidiary). In this case, the maximum financial penalty would be based on the turnover of the undertaking as a whole. This could increase an organisation’s exposure significantly, as the ICO can issue fines of up to the higher of £17.5m or 4% of global annual turnover for the most serious infringements.

What steps should you take?

Organisations should familiarise themselves with the guidance to understand its impact on their potential exposure for GDPR non-compliance. Taking and demonstrating as many mitigating steps, and limiting aggravating factors wherever possible, is key. The ICO’s recommended practices should be implemented before an infringement takes place, to ensure that any incidents are dealt with in the best possible way. Examples include:

• Recording mitigating actions;

• Considering how the infringement is best notified to the ICO (e.g. self-reporting or risking a complaint); and

• Considering notification to other bodies, such as the NCSC.

Of course, having appropriate measures in place to ensure compliance in the first instance is the best way to avoid exposure to ICO fines. However, incidents happen, often as result of human error or targeted hacking incidents. Where things do go wrong, the guidance emphasises that mitigating damage and cooperating with the ICO is the most responsible course of action and thus the best way to limit financial penalty.

The Fixed Recoverable Costs regime and Contracting Out

From 1 October 2023, Fixed Recoverable Costs (FRC) apply to most civil claims with a value of up to £100,000 in damages. The new FRC rules also introduced a new intermediate track for claims with a value of between £25,000 to £100,000.

The new FRC rules set the amount of legal costs, a winning party can recover from the losing party in litigation. The amount of FRC that can be recovered is determined by the stage that the case has reached, plus an additional sum awarded that is calculated as a percentage of the claim value. For intermediate track claims, the amount also depends on the complexity band that the case has been allocated.

The new costs regime contains a list of excluded claims that will fall outside the new costs regime. These include claims for mesothelioma, clinical negligence claims worth up to £25,000, employer liability and relief under the Human Rights Act 1998. A full list can be found at CPR rule 26.9(10).

Prior to October 2023, the FRC applied only to fast-track cases with a value between £10,000 to £25,000. Contracting out of fixed costs was only permitted either before a dispute arose or during ongoing litigation as highlighted in 2022 in the case of Doyle v M&D Foundations & Building Services Ltd. In this case, the Court of Appeal allowed the claimant to contract out of fixed costs in circumstances where the defendant had agreed to pay the claimant's costs on a more advantageous basis in a settlement agreement.

While this regime came into force last October, the 6 April update to the Civil Procedure Rules (CPR) which will affect how parties can contract out of fixed costs, will be discussed in more detail later in the article.

How could it impact your business?

The original drafting of the CPR implementing the new FRC regime appeared to ignore the Doyle decision and provided:

CPR 45.1 (3) “the court may only award costs in an amount that is neither more nor less than the fixed costs”.

This change, appeared to prevent consenting legally represented parties once in litigation, to contract out of FRCs. Subsequently, the CPR Committee agreed to amend CPR 45.1(3)(b) to incorporate the wording “unless the paying party and receiving party have each expressly agreed that this Part should not apply”, in order to reflect the Doyle case judgment and protect freedom of contract. This updated CPR came into effect on 6 April 2024, and includes this clarification that parties can agree to contract out of FRCs in proceedings.

The specific reference to “express” regarding contracting out, may be requiring something much more than what happened in Doyle and there is an ongoing debate as to what “expressly agreed” actually requires. This ambiguity triggers the a debate as to whether parties will need to go as far in their agreements as explicitly stating “Part 45 does not apply” or would “costs to be assessed” and if this will be sufficient to contract out of FRC. It is likely that this ambiguity will not be resolved until a reported decision on the issue.

What steps should you take?

The key takeaway is that parties may be able contract out of the FRC regime either prior to a dispute arising or during ongoing litigation. Ultimately, parties ought to proceed with caution and be mindful of what the contract says in respect of costs in the event of litigation caselaw.

Employment Rights (Amendment, Revocation and Transitional Provision) Regulations 2024

For TUPE transfers on or after 1 July 2024, employers will no longer be required to elect representatives in transfers where they have fewer than 50 employees or they are an employer (of any size) involved in a transfer of fewer than 10 employees. As of now, and until 30 June 2024, an employer can only directly consult employees without electing representatives, if they have 10 or fewer employees.

How could this impact your business?

This will have a significant impact on many TUPE transfers within sales, mergers, and acquisitions as well as outsourcing, insourcing, or re-tendering of various contracts.

It’s expected that this change will be welcomed by corporate solicitors and employment practitioners acting on behalf of employers, as often, the appointment of representatives can seem an unnecessary burdensome requirement. For example, in a TUPE transfer involving 11 employees where a buyer or incoming provider plans to make no ‘measures’ (changes) impacting staff when they take over, the seller or outgoing provider is required to hold an election process to appoint representatives, in order to then inform those elected representatives no changes will be made (beyond a change of employer).
Under the new legislation, the employer could avoid the need to hold an election process and appoint representatives, and simply write to all employees directly to confirm no changes are envisaged.

What steps should you take?

No action is needed by employers, however, for those involved in TUPE transfers the legislative changes may mean for more practical and sensible options available within TUPE processes from 1 July 2024 onwards.

Euro 2024 – Is your workplace ready?

The European Football Championships take place from 14 June 2024 and ends with the final on Sunday 14 July 2024.

How could this impact your business?

As a popular global sporting event many employee eyes will be on the competition.

Employers may want to consider how they will handle increased time off requests during this period. This may involve considerations around whether to show games live or allow wider flexible working parameters than normal.

There is a risk of increased sickness absence and lateness and therefore employers may want to increase monitoring in these areas.

If employers do show games on-site, arrange work related events or allow for office decorations, then employers would be wise to remind employees of appropriate behaviour and monitoring alcohol intake (if alcohol will be available).

What steps should you take?

Employers should consider any preparatory steps ahead of the competition starting on 14 June 2024.

This could be a great opportunity for employers to boost morale, productivity and team camaraderie if done correctly. Employees should, however, be reminded of expectations, policies, and procedures to prevent and mitigate any potential conduct and performance issues that could arise.   

National Living Wage and National Minimum Wage reminder and consultation proposals

On 1 April 2024 new National Minimum Wage and National Living Wage rates came into force.

From 1 April 2024, the 21–22-year-old rate is no longer applicable, as workers aged 21 and 22 are eligible for the National Living Wage (instead of those aged 23+). The Low Pay Commission has launched a consultation to assess the impact of this.

Additionally, the Low Pay Commission recommends reducing the National Living Wage to age 18 to bridge the disparity between the youth rates of the National Minimum Wage and the National Living Wage. The consultation is due to close on 7 June 2024.

How could it impact your business?

The current rates from 1 April 2024 to 31 May 2025 are:

National Minimum Wage and National Living Wage (hourly rate)

1 April 23               1 April 24

Apprentices                              £5.28                      £6.40

Age 16–17                                £5.28                      £6.40

Age 18–20                                £7.49                      £8.60

National Living Wage (Age 21+)                                £10.42                     £11.40

What steps should you take?

Employers should review all wages to ensure they comply with the National Minimum Wage and National Living Wage legal requirements.

The outcome of the Low Pay Commission’s consultation will be important and should be closely watched because if their proposal to further lower the National Living Wage from 21 to 18 proceeds, then employers will need to plan ahead.  

Update regarding student visas

Given the significant increase in the civil penalty for employing an illegal worker that took place earlier this year (up to £45,000 per illegal worker for a first breach and £60,000 per illegal worker for repeat breaches), now feels like a very sensible time for a recap on the work restrictions that commonly catch out well-intentioned employers.

One area that employers commonly make mistakes is in relation to the right to work and work conditions of those with student visas, referred to as “students” in this update.

How could it impact your business?

Students may not always have the right to work and those that do are usually limited to a specific number of hours per week. For those studying a full-time, degree level course, this is normally 20-hours in term-time, with full-time employment permitted outside of term-time. Outside term-time includes before their course starts, after they have completed it and during vacations (provided their student visa is still valid).

In addition, students cannot work in a position that would fill a permanent full-time vacancy unless they have made a valid application to switch to the Skilled Worker or Graduate route and certain very specific conditions are met. If the conditions are met, this means they can start working in a full-time permanent vacancy up to 3 months before course completion (for a Skilled Worker) or once they have successfully completed their course of study (Graduate).

What steps should you take?

Employers should take great care when conducting right to work checks, including those on students, as this is commonly an area where employers make mistakes. Employers should carefully consider the Home Office’s “Employer’s Guide to Right to Work Checks” which sets out key steps that should be taken in the right to work checking process for students.

For students who have limited permission to work during term-time, this includes the employer obtaining, copying and retaining details of the student’s academic term and vacation times. This should cover the duration of their period of study in the UK for which they will be employed and should be provided directly or indirectly by the sponsoring education provider. In addition, companies should have the HR systems in place to ensure they do not breach their right to work obligations before and during employment.

Russian Sanctions – Wide net to Capture Exporters

The Government has recently released a new notice to exporters, casting a much wider net as to what is covered by the UK Russian Sanctions. The UK has significantly expanded and deepened its sanctions capability, reinforced cross-government co-ordination and increased investment in sanctions implementation and enforcement.

The notice states that the government has committed £50 million to support a new Economic Deterrence Initiative to further boost its diplomatic and economic tools and improve sanctions implementation and enforcement. This is also intended to tackle sanctions evasion across the UK’s trade, transport, and financial sectors. Their “Deter, disrupt and demonstrate” strategy of February 2024 sets out the Government’s approach to using sanctions in addressing global threat, promoting international norms and to protect the UK. This can be viewed here.

How could it impact your business?

It is important for businesses who export to Russian countries/entities to be aware of the Government’s wide-net approach to application of the UK Sanctions regime and to assess whether these sanctions apply to their business relationships.

The range of penalties available for committing a breach of UK Sanctions remain the same. Whilst this does include the imposition of monetary penalties or the seizure of goods, there is also the ability to take enforcement action through criminal proceedings.

This notice demonstrates the UK Governments commitment to implementing and enforcing UK sanctions.  It suggests that the UK Government are focusing efforts on breaches committed by exporters and seek to reduce the number of exports further still, perhaps more in line with the 94% decrease in imports. It indicates that this remains a key issue in application of the UK Sanctions, one that is a key focus of the UK Government and at the forefront of implementation of policy.

Overall, we expect to see a rise in proceedings against those who do not take their responsibilities to enforce the sanctions regime seriously.

What steps should you take?

It is important that any business engaged in the exporting of goods which fall under the categories covered, ensure they are keeping up to date with UK Sanctions and their application. Through this link, you can sign up to receive published notices that affect those businesses exporting goods which fall under the categories listed here.

At Knights, we have a range of teams who can assist in assessing your company’s position and business relationships and provide advice on how the UK Sanctions could affect your day-to-day trading.