Non-Bank Lending in the Spotlight – Does the System of Calculating Regulatory Capital Require Revisiting?
In October’s GT Alert on non-bank lending, we focussed on whether there was a justification in banks being subject to regulatory capital requirements when non-bank financial institutions (NBFIs) were not. Professor Simon Gleeson’s evidence – that banks are permitted to take deposits from the public, whereas NBFIs are not – was an important justification for a differentiated regulatory approach.
In this GT Alert, we provide an overview of how the amount of regulatory capital that a UK bank is required to hold is quantified and whether there is a case for reconsidering the current approach. This is based largely on the evidence Lord King of Lothbury, the former governor of the Bank of England, provided to the Financial Services Regulation Committee (the Committee) of the House of Lords. We also consider certain other observations Lord King made in relation to the regulation of banks and NBFIs.
The Calculation of Regulatory Capital
The system of calculating regulatory capital requirements imposed on banks is largely based on the works of the Basel Committee on Banking Supervision (the BCBS), which is headquartered at the Bank for International Settlements – the so-called central bank for central banks – in Basel, Switzerland. The BCBS provides guidance on regulatory capital, liquidity, and financial stability in relation to banks and, while its pronouncements do not have the force of law, countries who participate in its work are expected to implement its recommendations into their local law. Its most prominent work is the Basel Capital Accords, which require banks to hold sufficient capital and manage risk.
While a detailed examination of the principles on which regulatory capital is quantified is beyond the scope of this GT Alert, in essence, it is largely based on a concept known as “risk weighted assets.” Conventionally, the primary assets of a bank are the loans that it makes and holds. The loans generate interest, providing the bank with income. However, these assets are also a source of risk because if the borrowers fail to pay interest or repay principal as they are required to do, the bank may suffer a loss. Regulatory capital is intended to absorb losses so that creditors of the bank, critically depositors, are not adversely affected by these losses and that their claims against a bank will be honoured, but it is not meant to protect banks against risk. It follows that a bank that engages in higher-risk lending should be required to hold more regulatory capital than one whose lending involves less risk, as it would be more vulnerable to losses and has a greater need for loss absorbing capital.
The formula for determining the amount of regulatory capital that a bank is required to maintain for a loan is as follows: the amount of the loan (for example, £100) multiplied by a minimum capital ratio that applies to all loans – 8% of the loan amount (£8 in this example) multiplied by the risk weight assigned to that loan.
If the loan was, under the BCBS framework, perceived to be without risk of default, the risk weight would be 0%. This means that the regulatory capital related to that loan would also be zero (£100 x 8% x 0%). A loan made to a multilateral development organisation may have a risk weight of 0%.
If the loan was, under the BCBS framework, perceived to have a low risk of default, the regulatory capital a bank would require may be determined based on a risk weight of, for example 35%. This would result in a requirement of £2.80 (£100 x 8% x 35%).
If a loan was, under the BCBS framework, perceived to be riskier still, the risk weight ascribed might be 100%, resulting in a regulatory capital requirement of £8 (£100 x 8% x 100%). Loans made to unrated or sub investment grade corporates would typically have a risk weight of 100% to reflect their higher probability of default and their uncertain value. Some loans may have an even higher risk weight. While it may feel counterintuitive to require a bank to give a parcel of loans a risk weighting of more than 100%, this is because a 100% risk weighting would normally result in substantially less than 100% capital being required to be held against it. Capital requirements absorb unexpected losses rather than cover the possibility of default on the entire loan.
As indicated above, this approach makes intuitive sense – the riskier a loan, the greater the risk of loss and the greater the need for loss absorbing capital to prevent creditors of the bank being adversely impacted by the loss.1
Banks are, in turn, required to hold capital (normally in the form of Common Equity Tier 1 (CET1) capital, predominantly the bank’s share capital and retained earnings) against their risk weighted assets. Currently, UK systemically important banks hold such CET1 capital in the region of 14% to 15% of their risk weighted assets. The Difficulty with Risk – Weights
In Lord King’s view, determining regulatory capital requirements based on differentiated risk weights pre-supposes that it is possible to formulate an accurate, forward-looking assessment of the risk of different kinds of lending:
…[the system of risk weights] presumes knowledge that we can accurately assess the riskiness of different kinds of lending. The risk weights that are put into the Basel III and other frameworks tend to reflect people’s quantitative estimates of risk based on normal times, but the purpose of having the capital to absorb losses is for when there is a crisis. At that point, risk weights are a very bad indicator of the riskiness of different elements on the balance sheet. The best example is that, before 2008, it was assumed—and the risk weights reflected this—that mortgage lending was the safest kind of lending. That turned out to be completely false when it came to 2008…. It is just too difficult to assess the riskiness of different kinds of lending… (emphasis added)
This assessment may be worth considering. The riskiness of any financial instrument may not be correctly assessed at the time that it is made (as was the case with residential mortgage lending in the years immediately before the Global Financial Crisis (GFC), given the deterioration of origination standards). Even if it was, the riskiness of that financial instrument may change over time for any number of reasons, both of a systemic or an idiosyncratic nature. Any attempt at achieving mathematical precision in measuring riskiness gives rise to complexity, evidenced by the tens of thousands of pages of regulations that have been implemented by regulators but which individuals responsible for making lending decisions cannot have a detailed understanding of, as well as the adoption of a bureaucratic, rather than judgement based, approach. Reverting to his time at the Bank of England, Lord King commented:
…When we started work at the Bank [of England] on the financial stability report or producing concepts of risk, every month I would get a list of 75 risks. This was not helpful. I would have preferred to have a much smaller group of people, most of whom had years of experience and remembered the previous crisis, at least, who could go out and come back, and say, “This doesn’t feel right.” They could use their judgment to say, “This is the one risk that we should worry about,” rather than trying to pretend that there are 75 risks…. (emphasis added)
In other words, Lord King recognised the merits of a qualitative approach to risk assessment rather than a purely quantitative one.
What Is the Alternative?
Lord King’s preference, based on his evidence to the Committee, is to base regulatory capital requirements not on a system of differentiated risk weights but rather the amount of leverage that an individual bank uses to fund its operations. In his evidence, he stated:
“…I would much rather have a robust and much simpler system that focuses on leverage and by which banks in trouble can have access to the central bank liquidity facility….”
He referred to his experience during the GFC in substantiating this view:
“…In 2008, what really went badly wrong was that the banking sector rapidly expanded its balance sheet, not by issuing loss-absorbing equity or other similar instruments, but by borrowing itself. Its own leverage rose to very high levels, and it had almost negligible liquid financial assets. That was the big risk. It did not matter what the exposure was….” (emphasis added)
To be fair to the BCBS, leverage is already an element in its framework. The leverage ratio, which supplements the differentiated risk weight-based approach, requires that a bank maintains a certain amount of “Tier 1 Capital” (in broad terms, equity, being the best form of capital) relative to its “Total Exposures” (in broad terms, its liabilities both, on and off balance sheet). It is not based on a bank’s assets and their perceived riskiness. The minimum leverage ratio prescribed by the BCBS is 3%, meaning that a bank is required to have an amount of Tier 1 Capital that is at least 3% of its total exposures, though for certain banks that have systemic importance, the requirement may be up to 6%. A bank may manage its leverage ratio by either increasing its Tier I Capital or, alternatively, reducing the amount of its liabilities. This is a less complex concept than differentiated risk weights.
In addition, Lord King focused on the importance of relationship-based knowledge, as opposed to credit scoring, in banks forming a view on the risk of making a loan, again emphasising the importance of qualitative factors.
What of NBFIs?
While Lord King’s view on the merits of a leverage-based approach to determining regulatory capital requirements for banks is clear, his view on the regulation of NBFIs are equally noteworthy. The starting point of his analysis was to question what the purpose of financial regulation is. In broad terms, it is to promote financial stability, ensuring that the financial system supports normal economic activity, so that individuals and firms can save, spend, pay money to each other, and have access to credit without disruption.
In his evidence to the Committee, Lord King stated:
…The non-bank sector comprises a multitude of different kinds [of institution]. The word “ecosystem” has been used to describe it, but it is much more. It is like different life forms across the entire planet – insurance companies, pension funds, bond funds, private equity, hedge funds, venture capital. All of these are completely different animals.
If an individual insurance company were to fail, that is not, in itself, a systemic risk, and there is protection to protect individuals who may be suffering from it. If an insurance company were to fail, and that led the entire insurance industry to find itself in a position where it could not offer insurance to people, that would be systemic.
If a pension fund failed, we have mechanisms for insuring the individuals in that fund. If the entire industry ran into trouble, would we be concerned? ….. I do not see why, if a hedge fund, or several hedge funds, were to fail that constitutes a systemic issue…. (emphasis added)
Based on this and other statements made to the Committee, it seems to us that Lord King’s view is that:
Banks have a systemic importance that NBFIs do not necessarily have, at least at the current time. This is based upon taking deposits and providing access to payment systems.
Banks can access central bank liquidity in a way that NBFIs cannot, and this is also an advantage that justifies more stringent regulation.
NBFIs are not homogeneous, and some may be more systematically important than others.
Some NBFIs, such as insurance and pension providers, already operate within a framework of prudential regulation and those that do not, such as hedge funds, do not have sufficient systemic significance to warrant it.
Regulating NBFIs less stringently than banks may promote financial stability by directing more risky activities to NBFIs, thus preventing banks from getting into trouble.
However, there is at least one example of a hedge fund whose losses required regulatory intervention in order to maintain financial stability – Long Term Capital Management (LTCM).2 It seems that much depends on the size of the hedge fund and its interconnectedness with the regulated financial sector.
Conclusion
Lord King’s experience as both an eminent academic and a governor of the Bank of England, particularly during the GFC, gives him a unique perspective on financial stability. Whether the system of differentiated risk weights is to be replaced by a leverage ratio-based approach as he suggests is a wider question and would require a departure from a well-entrenched approach, but there may be merit in the view that banks and NBFIs play different roles in a financial system and so a differentiated approach to regulation between them has a logic to it. Indeed, the differentiated regulatory approach may promote financial stability by limiting the lending activity of banks. However, the example of LTCM suggests that not all NBFIs should be treated in the same way from a prudential regulation perspective.
The Committee’s work continues. Greenberg Traurig will continue to monitor the developments.
1 As indicated, this description is simplification. It does not recognise the distinction between the “standardised approach” to differentiated risk weights, which is the approach that the BCBS prescribes as a default position and the “internal risk-based approach,” which sophisticated banks may adopt and which may result in different results from the standardised approach. This is based on sophisticated banks being in a better position to assess risks than banking regulators.
2 Long Term Capital Management (LTCM) was a hedge fund established in 1994 and that at one point managed $3.5 billion of investor capital. As a result of the Russian debt default, it sustained several losses and the U.S. government had to intervene, facilitating a bail out by 14 banks and financial institutions in order to prevent a wider financial crisis.
Key Takeaways from COP30- UN Climate Change Conference
Last week marked the close of the 30th Conference of the Parties (COP30) to the United Nations Framework Convention on Climate Change (UNFCCC) in Belém, Brazil. COP30, billed by some as the COP of “truth” or “implementation,” sought to advance key issues tied to the climate goals established under the Paris Agreement, now ten years in effect. Below is an overview of the most notable developments from Belém and the emerging expectations for future climate action.
A much reported takeaway from COP30 is the fact that it concluded without agreement on a unified roadmap to phase down fossil fuel use. More than 80 countries reportedly pushed for a detailed global plan. But consensus proved elusive, underscoring persistent geopolitical and economic divisions, and the term “fossil fuels” does not appear in the final COP30 decision text—the Global Mutirão (a Brazilian term derived from the indigenous Tupi-Guarani language meaning “collective effort”). Instead, the outcome defers the issue to voluntary national and regional processes and a Brazil‑led initiative outside the formal UNFCCC track focused on developing transition strategies.
Attention also focused on the absence of US federal officials, marking the first COP in 30 years without formal US government representation. This absence reflects the Trump Administration’s climate and energy policy positions and its narrower approach to multilateral climate engagement. In contrast, California Governor Gavin Newsom attended COP30, sharply criticizing federal climate policy and positioning California—the world’s fourth‑largest economy—as a “stable and reliable partner” for global climate mitigation efforts.
At the same time, many observers viewed COP30 as an important step in sustaining international climate cooperation amid significant geopolitical and market headwinds. COP30 involved consultations on several key topics, led by pairs of developed and developing countries, including adaptation, finance, mitigation, just transition, technology, and gender. The Global Mutirão decision document emphasizes progress made over the past decade, including rapid technological advancements, falling clean‑energy costs, and record investment in renewable power and low‑carbon infrastructure. It also expressly reaffirms the commitment made in the Paris Agreement to pursue efforts to limit the global average temperature increase to 1.5°C above pre-industrial levels and “acknowledges that the global transition towards low greenhouse gas emissions and climate‑resilient development is irreversible and the trend of the future,” signaling the continued long‑term direction of global climate policy.
Below are additional high level takeaways from COP30:
Nationally Determined Contributions- In the lead-up to COP30, many stakeholders called for greater climate ambition—including updated Nationally Determined Contributions (NDCs), which outline each nation’s emissions-reduction targets and broader climate-action commitments. NDC revisions can translate into new permitting requirements, technology standards, procurement rules, and climate‑related disclosure obligations. A significant number of countries have yet to submit their updated NDCs, and there was broad consensus in Belém that the current set of NDCs is insufficient to keep global temperature rise below 1.5°C. Under the Paris Agreement, the next NDC cycle will cover 2025–2035, with progress assessed during the next Global Stocktake.
The final COP30 decision underscored the need to align existing NDCs with nations’ long-term strategies for low-emissions development and encouraged nations to chart pathways toward global net-zero emissions by mid-century, keeping the 1.5°C goal “within reach.” Post-COP30, attention will shift to both raising ambition (e.g., stronger mitigation targets in forthcoming NDCs) and moving from ambition to implementation, including country-specific and sector-specific plans—particularly in energy, industry, transport, and land use. These forthcoming strategies will shape regulatory frameworks, investment signals, and compliance obligations for private-sector actors across multiple jurisdictions.
Forest Preservation- Although the Global Mutirão omitted any formal plan to address deforestation, despite fairly widespread support among countries, one of the most consequential outcomes of COP30 was the announcement of the Tropical Forests Forever Facility (TFFF)—a proposed $125 billion, performance-based fund aimed at compensating tropical nations for preserving standing forests. Potential performance metrics expected under TFFF include verified reductions in annual deforestation, forest carbon stock maintenance, and satellite validated land use change avoidance. Although questions remain about how TFFF will be capitalized and governed, its launch marks a major pivot toward scalable, results-based finance for nature, with an emphasis on high-value forest regions in the Amazon, Congo Basin, and Southeast Asia.
TFFF’s design signals a shift away from short-term, project-level conservation toward predictable, multi-decade, sovereign-level forest-protection finance supported by robust, science-driven monitoring. Importantly for private-sector stakeholders, payments will be tied to verified reductions in deforestation, opening clearer commercial pathways for carbon-market integration, jurisdictional nature-based credits, and blended-finance structures. TFFF is also expected to operate alongside emerging regulatory regimes—such as the EU Deforestation Regulation (EUDR)—and may help create a more coherent policy environment for corporate supply-chain compliance and sustainability reporting. Together, these developments position TFFF as a potentially transformative tool for companies navigating evolving legal, financial, and ESG expectations around forest risk.
Carbon Capture Utilization and Storage- Although the Global Mutirão does not explicitly reference “carbon capture, utilization, and storage” (CCUS), several provisions in the COP30 Global Climate Action Agenda Outcomes Report (Action Agenda) directly implicate CCUS deployment and national abatement strategies. The Action Agenda acknowledges the role of industrial abatement technologies where they are technologically and economically feasible—an important signal for private-sector stakeholders. In practice, CCUS remains the only scalable abatement pathway capable of enabling continued operation of certain carbon-intensive assets, particularly in hard-to-decarbonize sectors. The Action Agenda urges nations to accelerate emissions reductions in heavy industry, emphasizing net-zero-aligned technology pathways for iron and steel, cement, chemicals, refining, and other major sources of CO₂. For project developers, investors, and industrial operators, this language provides a clearer policy basis for CCUS integration—supporting investment certainty, informing permitting strategies, and shaping long-term decarbonization planning.
Notably, the London Register of Subsurface CO2 Storage, a consortium of scientists and industrial partners led by the Imperial College London, published its first annual report on global CO₂ storage during COP30. The report finds that over 383 million tons of CO₂ have been sequestered since 1996—the equivalent of 81 million vehicles driven for a year. The report’s authors claim that the report illustrates that CCUS is an essential tool—a proven, scalable technology needed to tackle climate change. As countries revise their NDCs and develop associated implementation plans, CCUS is poised to become a more prominent component of national strategies.
Transparency- Measurement, reporting, and verification (MRV) emerged as a central theme at COP30, reflecting the growing emphasis on implementation, transparency, and accountability across all pillars of the Paris Agreement. The final agreement reaffirmed obligations under the Enhanced Transparency Framework (ETF) and underscored that high-quality MRV systems are essential for tracking progress toward NDCs – emissions and removals – and supporting the next Global Stocktake. Regarding carbon markets, COP30 focused on operationalizing MRV rules under Article 6, with renewed attention to ensuring environmental integrity, preventing double counting, and standardizing reporting formats for internationally transferred mitigation outcomes (ITMOs) under Article 6.2. Practically, this call for further progress on MRV must be balanced with nation-specific developments to pull back from existing MRV frameworks.
Adaptation- A major headline from COP30 was the political commitment to “at least triple” global adaptation finance with a target of $120 billion by 2035, signaling an intent to substantially scale resources for climate-resilient infrastructure, water systems, and agriculture. Like with TFFF noted above, this pledge is not yet accompanied by financial commitments, reflecting remaining uncertainty associated with climate finance. This commitment nonetheless reflects growing international recognition that adaptation funding must increase. For private-sector stakeholders, increased funding is expected to drive demand for resilient energy systems, grid and transmission upgrades, long-duration storage, cooling technologies, flood- and heat-resistant infrastructure, and sophisticated monitoring, data, and risk-management services. It would also support the growth of public-private partnerships, blended-finance structures, and resilience-focused investment platforms.
Article 6 Carbon Markets- The final COP30 agreement reiterates countries’ obligations under Article 6 of the Paris Agreement, which governs international carbon markets. Article 6.2 enables countries to trade internationally transferred mitigation outcomes (ITMOs) towards their NDCs, while Article 6.4 establishes a centralized crediting mechanism allowing both public and private entities to generate and trade carbon credits—often referred to as the Paris Agreement Crediting Mechanism. Although the Article 6 “rulebook” was largely completed at COP29 in Baku, COP30 shifted attention from negotiation to implementation. Discussions emphasized the practical steps needed to operationalize these markets, including safeguards for environmental integrity, measures to prevent low-quality credits, and alignment of Article 6 transactions with countries’ NDCs.
A consistent message from negotiators and observers was the need for accelerated deployment of Article 6 frameworks to unlock investment and support carbon markets. Looking ahead, the post-COP30 work will need to address several outstanding issues. These include rules on permanence and reversal risk, procedures for transitioning legacy Clean Development Mechanism (CDM) credits into the Article 6.4 system, and the development of nature-based methodologies, particularly for forestry and other land-sector activities. These decisions will shape market confidence, credit eligibility, and investment strategies in the emerging Article 6 landscape.
Trade- The Global Mutirão acknowledged the importance of international trade policies to climate action. Although the COP30 agenda did not formally include trade measures discussion, as some parties reportedly advocated for, the final agreement nonetheless reaffirmed that climate action measures “should not constitute a means of arbitrary or unjustifiable discrimination or a disguised restriction on international trade.” It also established a series of dialogs to occur over the next three years years among the Parties and other key stakeholders, including the World Trade Organization, to “consider opportunities, challenges and barriers in relation to enhancing international cooperation related to the role of trade.”
COP moves to Antalya, Turkey in 2026, with plenty remaining on the agenda, in particular updating NDCs and the creation of country-specific implementation plans, further engagement on the role of fossil fuels, and operationalizing the Article 6 framework to maximize the potential of carbon markets. These conversations will occur against the backdrop of challenging issues like a historic increase in base load power demand and emerging global trade barriers, among other geopolitical and economic developments. 2026 promises to be an eventful year in the advancement of the issues central to global climate change and the energy transition.
Securing the Future- Tackling Automotive Material Challenges in a Changing World
Introduction
In today’s rapidly evolving automotive industry, the reliance on battery and other key materials and components, such as microchips and rare earth metals, has become more pronounced than ever. As suppliers navigate a world fraught with supply chain disruptions and geopolitical uncertainties, securing these vital materials is crucial not just for production continuity but also for maintaining a competitive edge. This article explores the risks, strategies, and innovations shaping the future of material resource procurement in the automotive industry.
Understanding the Risks
The first step in addressing any challenge is to understand the nature of the issue. The automotive industry is increasingly vulnerable to external shocks, which can range from trade disputes and political instability to natural disasters and pandemics. These shocks have the potential to disrupt supply chains significantly, making the procurement of critical materials a strategic challenge. Microchips, essential for modern vehicle electronics and autonomous driving technology, have seen shortages that lay bare the fragility of current sourcing strategies. Similarly, battery metals like lithium, cobalt, and nickel are subject to fluctuating prices and limited availability, influenced by mining constraints and environmental regulations.
One notable recent example of the complexities in securing automotive materials is the case of Nexperia, a semiconductor manufacturer with roots in the Netherlands, now owned by Chinese technology company Wingtech. Nexperia’s strategic position in Europe highlights the intricate geopolitical dynamics at play in the semiconductor market, an area critical to the automotive industry. The Dutch government, cognizant of its country’s pivotal role in the global semiconductor supply chain, has been actively working with the European Union to create policies that balance economic interests with national security concerns. Meanwhile, the Chinese government’s ambition to strengthen its foothold in the global tech market adds another layer of complexity. The tensions between these competing interests recently boiled over as the Dutch government moved to take control of Nexperia, prompting the Chinese government to retaliate by restricting Nexperia’s affiliates in China from exporting components made in China. This multifaceted situation underscores the interconnected nature of global supply chains, how countries can use these resources as weapons, and the necessity for automakers to remain vigilant and proactive in navigating such geopolitical landscapes to secure essential materials for future production needs.
Dependency on these materials, many of which are available from only a limited number of sources, creates the risk that a disruption on the other side of the world, several tiers down the supply chain, can cripple production lines, delay vehicle launches, and ultimately affect profitability. The problem is compounded in the context of electric vehicles (EVs), which require critical materials and components that have more limited sources than those for internal combustion vehicles. These issues are creating significant upward pressure on supply systems already stretched thin.
Strategic Approaches to Securing Materials
To mitigate these risks, suppliers and OEMs are adopting various strategic approaches. One key strategy is diversifying suppliers and spreading geographic risk. By nurturing relationships with suppliers in multiple countries, companies can reduce the impact of a localized disruption. Additionally, partnerships and alliances with suppliers can provide more predictable access to necessary materials. However, for such a strategy to be successful, it is critical that buyers have visibility and understanding of the full scope of their supply chains. A tier 1 supplier may think that it is diversifying its supply chain by sourcing multiple tier 2 suppliers for a component. However, if all of those tier 2 suppliers are sourcing critical materials from the same tier 3, the tier 1 still faces the risk of an interruption if there is a disruption at the tier 3.
Other companies are taking a different approach by focusing on efforts to localize, or at least shorten, their supply chains. Rather than expanding their supply chain footprint, these companies seek to mitigate risk by locating their production closer to their supply base (or requiring the supply base to locate production closer to them). Whether simply locating production within the same country, or even having plants within miles of each other, this approach seeks to mitigate risk by shrinking the distance, borders, and overall exposure to risk between buyers and suppliers.
Finally, some automakers and suppliers are exploring joint ventures or other strategic partnerships to ensure priority access to materials and components. While the exact structure of such relationships varies, they most often involve the buyer making some form of investment into, or with, the supplier – typically through an ownership stake or loans – that allows the supplier to expand capacity. These arrangements are usually packaged with a supply or offtake agreement under which the buyer has priority to the materials being produced with the increased capacity.
Innovative Solutions and New Technologies
Another significant strategy involves investing in technological advancements and innovation to promote the development of new materials and increased resource efficiency. Innovation plays a pivotal role in securing the future of automotive materials. The continued evolution of synthetic materials and composites presents new opportunities for reducing reliance on traditional metals and microchips. Enhanced, durable synthetics and lightweight composites help decrease vehicle weight and improve fuel efficiency, offering indirect mitigation of resource scarcity.
Automakers and suppliers also are focusing on developing technologies that reduce reliance on scarce materials or substitute them with more abundant alternatives. For instance, advancements in battery technology are paving the way for increased use of solid-state batteries, which require fewer critical metals than current lithium-ion models. Automakers and suppliers also are investing in recycling initiatives, turning waste into value. By creating closed-loop systems for materials like lithium and cobalt, companies can mitigate the dependency on new raw material sources. These systems not only reduce environmental impact but also contribute to supply chain resilience.
Digital transformation, including AI and blockchain, is becoming integral to managing automotive supply chains. AI algorithms can quickly identify, or even predict, potential shortages and disruptions through advanced data analytics, enabling preemptive action. Meanwhile, blockchain technology provides transparency and traceability, crucial for ensuring ethical sourcing and compliance with environmental regulations.
The development of alternative energy sources, such as hydrogen fuel cells and biofuels, also represents significant potential for reducing reliance on battery metals. Automakers are actively researching and investing in these alternatives, recognizing the need to diversify energy reliance.
Conclusion
The future of the automotive industry is inextricably tied to the continuous and secure access to vital materials. As the automotive industry grapples with unprecedented challenges and greater volatility than it has seen for decades, strategic planning, innovative solutions, and leveraging technological advancements remain key to resilience. By understanding risks and implementing diverse strategies, automakers can navigate the complex landscape and ensure the sustainability of their resource pipelines. By embracing innovation and collaborative efforts to turn challenges into new opportunities, the automotive industry can thrive amidst uncertainty and change.
Improving UK Transaction Reporting- FCA Consults on Streamlined Framework
On 21 November 2025, the Financial Conduct Authority (FCA) published a consultation paper (CP25/32) setting out proposed reforms to the UK transaction reporting regime (the Regime). The consultation aims to reduce regulatory burdens, improve data quality, and enhance efficiency for UK financial market participants, including investment firms, trading venues, systematic internalisers, trade repositories, and other regulated entities.
Background
The Regime, originally derived from the EU Markets in Financial Instruments Regulation (MiFIR), has been in force since 2018 and was onshored into UK legislation following Brexit. HM Treasury (HMT) has indicated its intention to repeal these rules, enabling the FCA to deliver a streamlined framework tailored to UK market needs. The FCA’s proposals follow engagement with market participants, including a 2024 discussion paper (DP24/2), and are informed by feedback highlighting the need to reduce duplicative and disproportionate reporting requirements.
Key Proposals
The FCA’s proposed changes include three main areas: the shape of the Regime, the scope of reporting obligations, and the content of transaction reports.
Shape of the Regime
The default period for back reporting (resubmission of corrected reports) would be reduced from five to three years, with the option for the FCA to require up to five years where necessary.
Most corporate actions would be exempted from transaction reporting, except for IPOs, secondary offerings, placings, and debt issuance. Firms may continue to report corporate actions voluntarily if preferable for operational reasons.
The FCA proposes to consolidate existing EU guidelines and provide a new transaction reporting user pack, including additional examples and best practice guidance.
The FCA would maintain ISO 20022 XML as the required messaging standard for transaction reporting whilst also seeking alignment with global data standards, including internationally agreed data definitions from the International Organisation of Securities Commissions (IOSCO), to facilitate efficient data sharing and reduce compliance costs for cross-border firms.
Scope of the Regime
The FCA wants to enable more use of the conditional single-sided reporting mechanism, allowing a receiving firm (typically the sell-side firm, e.g. a broker) to report on behalf of another firm that has transmitted specific details, with the aim of reducing the reporting burden for buy-side firms. The volume of information required to be transmitted would be reduced from ten to four data points.
Reporting obligations would be limited to financial instruments tradeable on UK trading venues only, removing requirements for over six million instruments tradeable solely on EU venues.
FX derivatives would be removed from the scope of transaction reporting, with reliance placed on UK European Market Infrastructure Regulation (EMIR) data instead.
The FCA would not introduce an opt-in register for receiving firms but would instead update the transmission mechanism to support smaller firms in reducing reporting burdens.
Trading venues would be required to report fewer fields under Article 26(5) of UK MiFIR, particularly removing the requirement to report natural person investment and execution decision maker details, which has been identified as a barrier to market participation and a source of frequent errors.
Content of Transaction Reports
Several reporting fields would be removed or clarified, including the derivative notional increase/decrease field, option type, exercise style, delivery type, and others. The overall number would reduce from 65 to 52 reporting fields.
The FCA also proposes to reduce the number of instrument reference data fields from 48 to 37.
Implementation and Next Steps
The consultation period for CP25/32 runs until 20 February 2026. The FCA intends to publish a Policy Statement finalising the new transaction reporting rules in the second half of 2026, with an expected implementation period of around 18 months. Further consultations will be held on transitional provisions and consequential amendments to the FCA Handbook. The FCA will also establish a cross-authority and industry working group to inform the design of its long-term approach to harmonising transaction and post-trade reporting regimes.
CP25/32 and DP24/2 are available here and here, respectively.
James Wells contributed to this article
Towards a Second EUDR Implementation Delay and a Confirmed New Coalition at EU Parliament
The last attempt of the European Commission to simplify the EU Deforestation Regulation (EUDR) comes closer to becoming a reality today, although not quite as was initially planned. The European Parliament adopted today its position on the proposal, endorsing a broad 12 month delay of the EUDR (i.e. 30 December 2026) – as opposed to a targeted delay of the original proposal – and 18 months for the micro and small operators (i.e. 30 June 2027) as well as further simplification measures for micro and small operators.
The Parliament’s position follows closely the Council’s proposal, adopted on 19 November. Both co-legislators are removing the grace period for sanctions and enforcement originally proposed by the European Commission. Other amendments include:
due diligence statement would remain the obligation on the operators first placing the product on the market,
downstream operators and traders would no longer be required to submit separate due diligence statements, and
a one-off and simplified declaration will be needed for micro and small operators.
Member States were keen to ensure that further simplification measures of the EUDR would be envisioned. As such, they are calling on the European Commission to carry out a simplification review by 30 April 2026, assessing the law’s impact and administrative burden on operators, particularly small and micro operators, with the possibility of introducing an accompanying legislative proposal. The Parliament seconds the review clause.
What does this mean?
This development has a far lasting impact than being a simplification instrument. This is an unprecedented situation where a EU law is postponed twice in a year’s time. The EUDR, was delayed already once in a dramatic fashion at the end of 2024, provided that many technical and administrative requirements were not ready in time for the original implementation deadline.
What’s more, today’s vote demonstrated the largest political party’s willingness to break the cordon sanitaire, in order to gather enough supporting votes for amendments. This marks the second example – most likely one of many to come – following the vote in Parliament of the Omnibus I proposal, a few weeks ago. This opens the way for even more similar compromises, notably, but not limited to, sustainability policies.
More importantly, this revision opens the way for another legislative revision, which could be envisaged in less than 6 months from now, marking a never-ending exercise that co-legislators, governments and companies must prepare for. The question arises then: would this be an exceptional situation, or a trend setter for other EU policies? Although it’s too soon to tell, it appears more likely to be the latter, setting a new precedence for the way EU policies will be carried out in the short to medium term. This is something the Commission will now need to cautiously consider prior to releasing new amendment or simplification proposals.
Companies must now be prepared for every likely scenario in their compliance strategies with EU laws, provided that it could become more ‘normal’ for costly compliance exercises to end up becoming futile after such drastic legislative changes. Ultimately, it cannot be predicted with certainty, but companies should start showing flexibility in their compliance efforts. The case with the EUDR shows that large companies who invested in their compliance strategies being ready for the end of 2025 implementation, will now end up being penalized, in such a short period of time.
Equally, there is no certainty about what comes next, due to a foreseen simplification review. A new EUDR amendment could risk creating yet another debate whereby policy makers, governments and companies would change their focus to negotiating, and interpreting the effect of any future changes, instead of actually starting to implement the law. This will inevitably lead to a lack of engagement in what is necessary to be done, in creating the expertise, and in developing knowledge to implement the law.
What will happen now?
Trilogue negotiations will now need to take place in the coming two weeks. Given the proximity of both the Parliament’s and Council’s positions, it is very likely that an agreement will be easy to reach, in order to align the final text of the revision.
The Europe Parliament will need to endorse the final revision at the latest by the week of 15 December, followed by – exceptionally – a written approval by the Council, provided the limitation in time.
Only once the proposed revision is published in the Official Journal of the EU can the law become official and consequently the EUDR’s implementation is officially delayed.
Forthcoming EU Measures on Greening Corporate Fleets and the 2035 CO₂ Standards Revision
As part of the automotive competitiveness package expected to be published on 10 December 2025, the European Commission is finalising two major initiatives with direct implications for vehicle manufacturers, suppliers, fleet operators and mobility providers: the Greening Corporate Fleets proposal and the revision of the 2035 CO₂-emission standards for cars and vans.
The Greening Corporate Fleets initiative, initially foreseen in the 2023 revision of the Clean Vehicles Directive, aims to accelerate the decarbonisation of corporate and publicly owned fleets, which represent a significant share of vehicle turnover in several Member States. Internal discussions within the Commission over recent months have highlighted substantial political sensitivities surrounding the design of the measure. Divergences persist among Member States regarding the feasibility of national-level targets, the proportionality of possible local content criteria, and the administrative burden of new reporting requirements. As a result, the scope and structure of the final proposal remain subject to refinement.
Early indications suggest that the Commission may adopt a Member State–focused approach, setting national objectives for the gradual uptake of low- and zero-emission vehicles in corporate fleets. These objectives may be complemented by data-reporting and traceability obligations requiring operators to submit standardised information on vehicle characteristics and emissions performance to national authorities. Discussions are also ongoing regarding the potential inclusion of local content provisions for specific components or manufacturing stages, an issue on which Member State views remain divided.
In parallel, the Commission is finalising a revision of the 2035 CO₂ standards for new passenger cars and light commercial vehicles. While the target architecture established under Regulation (EU) 2019/631 is expected to remain intact, the Commission is examining options to introduce greater technological neutrality within the post-2035 framework. Among the elements under consideration are potential compliance pathways for plug-in hybrid electric vehicles (PHEVs), the regulatory treatment of range-extender architectures, and the possible recognition of synthetic and renewable fuels under defined certification conditions. The accompanying impact assessment is also exploring adjustments to lifecycle-based emissions methodologies and potential refinements to type-approval procedures. Questions have emerged regarding the scope of transitional provisions, the viability of existing hybrid portfolios under revised conformity requirements, and the interaction between future emissions methodologies and current type-approval certifications..
With several Commission services now engaged in the final drafting phase, and publication expected within weeks, both the Greening Corporate Fleets initiative and the revision of the 2035 CO₂ standards are expected to be released as full legislative proposals. Once issued, each proposal will be transmitted to the European Parliament and the Council under the ordinary legislative procedure. The Parliament will designate a committee and appoint a rapporteur and shadow rapporteurs, while Council working parties begin their technical examination. These early stages will frame the initial interpretation of the texts, influence the amendments proposed by co-legislators, and help operators understand where compliance burdens or operational impacts may arise.
How Does This Affect Your Company?
For companies, this initial scrutiny phase is critical for identifying provisions requiring clarification, preparing internal governance adjustments, and anticipating where delegated or implementing acts may introduce further obligations.
How We Can Assist
Given that both initiatives will shortly be tabled as legislative proposals and will proceed through the ordinary legislative procedure, companies across the automotive sector are preparing for the initial scrutiny phase. In this context, we can support clients with targeted, concrete services, including:
Early-stage analysis of the legislative proposals, identifying obligations, transitional provisions, delegated-act mandates, and points likely to attract amendments from Parliament or Council.
Monitoring of the parliamentary and Council process, including committee allocation, rapporteur and shadow appointments, Council working party discussions, and emerging amendment trends.
Preparation of technical-legal briefings to facilitate company participation in stakeholder hearings, committee discussions, or targeted exchanges with Member States.
Contractual risk and readiness analyses, assessing whether procurement, supply-chain or fleet-management contracts require adjustment in light of expected obligations.
Technology-specific regulatory opinions regarding the treatment of PHEVs, range extenders and synthetic-fuel pathways under the proposals and future delegated acts.
Arbitration Acumen: Update on the Saudi Center for Commercial Arbitration with Chris Alberti [Podcast]
On this episode of The Arbitration Acumen Podcast, J.P. Duffy and Chris Alberti discuss the Saudi Center for Commercial Arbitration’s role in transforming dispute resolution in the region. They explain how the SCCA—aligned with Saudi Arabia’s Vision 2030—is driving innovation through its 2023 Arbitration Rules, expedited proceedings and advanced technology integration.
India Passes the Digital Personal Data Protection Rules, Ushering in a New Digital Age in India
On November 13, 2025, the Government of India formally brought into effect the much-awaited Digital Personal Data Protection Rules, 2025 (Rules). The Rules enforce the Digital Personal Data Protection Act, 2023 (DPDP Act) and provide practical guidance on how to comply with certain provisions of the DPDP Act. Together, they implement binding legislation that regulates the management of digital personal data[1] in and from India.
The DPDP Act provides for a stringent consent-based regime. It is applicable not only within India but also to foreign companies who process digital personal data outside of India where such processing is in connection with offering goods or services to individuals in India. This framework mirrors GDPR, which applies to organizations outside the EU if they offer goods/services to EU residents or monitor their behavior.
Implementation
Under Section 1(3) of the Act, the implementation of India’s new data protection framework will be staggered in phases to ensure that the companies have adequate time and plan for global compliance. Below is an overview of the timeline brought into effect by the Rules:
Stage 1: November 13, 2025, the Data Protection Board of India[2] will be instituted alongside its responsibilities and processes.
Stage 2: 12 Months (November 13, 2026): The process for the registration of Consent Managers will be implemented. These individuals serve as intermediaries for Data Principal to provide, administer, review, and revoke their consent.
Stage 3: 18 months (May 13, 2027): At this stage, the main compliance duties apply, which include notice requirements, security protocols, breach notifications, obligations for Significant Data Fiduciaries (SDFs), and protecting the rights of Data Principals.
Obligations
The Rules provide certain prerequisites that Data Fiduciaries[3] must adhere to, to uphold the rights of Data Principals[4]. We summarize several of the important ones below.
Consent
The Rules require Data Fiduciaries to comply with the DPDP Act. As flagged above, consent[5] is paramount. For example, a Data Fiduciary must give a Data Principal clear information about how their personal data will be used as necessary to enable that Data Principal to give their specific and informed consent. At a minimum, this must include:
An itemized description of all the personal data that is being processed.
The specified purpose(s) for processing such personal data and description of the goods and services which will be provided or be enabled by such processing.
A link to a website or app process that enables Data Principals to easily withdraw their consent, exercise their rights under the Act, or file complaints with the Board.
ACTION: Companies must evaluate the design of current consent mechanisms and user interfaces to accommodate the above requirements. Consent must now be explicitly linked to the purpose of processing and properly articulated to provide uncomplicated opt-out procedures. This last requirement to provide a website link or app is unique, as most countries simply require a contact point to do so.
The Rules also suggest that consent must be extremely granular, with each “item” of personal data tied to the “specified” purpose of processing and description of goods or services to be provided. Businesses which process large amounts of personal data for varied purposes will have to consider how to fairly frame such information to obtain valid consent and whether some bundling of consent may be permissible for related purposes.
Unlike the GDPR (which offers other grounds for processing, such as legitimate interests), consent is the primary means for processing under the DPDP Act, so these requirements are likely to have a very broad effect.
Data security
Moreover, the Rules require enhanced security protocols and strict regulations for breach reporting. These include the following:
Data Fiduciaries are required to enforce security protocols in respect of personal data, such as encryption and masking, for all personal data in their possession or under their control, including where processing is undertaken on their behalf (such as by a Data Processor).
Other required security measures include access control, access logging and monitoring, data back-ups (and other means to preserve continued processing in the event of a data breach), and other methods for detecting unauthorized access and investigating and remediating to prevent its recurrence.
Agreements with Data Processors[6] must incorporate clauses mandating all reasonable security safeguards.
Just like Article 32 of the GDPR, the measures set out in Rule 6 are the minimum standards required: a Data Fiduciary, if required, must take any other reasonable security safeguards necessary to prevent personal data breach. However, the Rules are more prescriptive than Article 32. For example, Rule 6 expressly requires Data Fiduciaries to retain logs of unauthorized access (and related other information) for at least one year.
In the event of any data breach, a Data Fiduciary must promptly inform the data privacy authorities and submit a comprehensive report within 72 hours[7], which will be difficult for many organizations, who may only just have come to grips with the nature of the breach. It is vital to notify affected Data Principals without delay of the breach and its potential consequences as well.
Unlike breach reporting laws in the EU, UK, and Australia, the Rules provide no threshold to determine whether a breach needs to be reported. In other places, it is common that there is a likelihood of serious harm to individuals, for example, before notification if required. On a strict reading of the law, any personal data breach will need to be reported. It is possible that the Board will provide further clarity on how to comply with this and other practical issues with the DPDP obligations in time.
ACTION: Companies must ensure proper data security across all systems managing the personal information of the Data Principal. This may require that companies establish a continuous incident response team specifically for India. Any failure to disclose violations in a timely manner may result in substantial penalties of up to INR 200 crores (about USD 22 million).
Companies may also need to review and revise their contracts with Data Processors to ensure that they include mandatory obligation under Rule 6, as well as measures to ensure that the Data Processor adequately supports the Data Fiduciary’s obligation to notify data breaches. This obligation is in line with GDPR Article 28 requiring Data Controllers to oblige Data Processors. However, unlike the EU, which provides a required set of Standard Contractual Clauses, the Rules provide none. Expect negotiation – and for prominent Data Processors to put forward their own standards as to what complies with Rule 6 and the DPDP Act.
Mandatory data erasure for specific entities
Additional data retention and new obligations are imposed on ‘Large-scale Data Fiduciaries’, which include the following:
E-commerce platforms with more than 20 million Indian users
Online gaming platforms boasting a minimum of 5 million Indian users
Social media platforms with more than 20 million Indian users
These platforms are required to erase personal data after three years, except where necessary for account access or necessary for compliance with law. These platforms are also required to maintain records for a minimum of one year and to inform consumers of impending data deletion at least 48 hours prior, so that they could log into their user account or otherwise stop deletion.
ACTION: This is an extremely significant uplift for the companies captured. They will require substantial operational changes, such as re-engineering their lifecycle data management systems and setting automatic deletion and data principal communication workflows. Mandatory deletion is also highly likely to affect other functions within an organization. For example, trust and safety teams rely on user activity data to detect and prevent unlawful conduct or minors accessing the platform.
To the extent that personal data is shared with Data Processors, Data Fiduciaries must also ensure that their contracts with such Data Processors mandate deletion of personal data as well as notification to the Data Fiduciary of its deletion, so that Data Principal notification may be done.
Consent Managers
The new law creates a Consent Manager framework to establish entities that can serve as an intermediary between users and companies. To be eligible as a Consent Manager, companies must satisfy certain criteria, including having offices in India and possessing a minimum net worth of INR 2 crore (@USD 200,000). They are prohibited from subcontracting their obligations or engaging in conflicts of interest with Data Fiduciaries. Furthermore, they must maintain comprehensive records of consent for a minimum of seven years while ensuring privacy by refraining from accessing any personal data provided through these records.
To comply, Data Fiduciaries must develop systems that interface with registered Consent Managers while adhering to the seven-year data retention regulations. Though this process introduces complexity per se, it aims to enhance compliance under the DPDP Act.
ACTION: The concept of a Consent Manager is unique to the DPDP Act and reflects the importance of consent as the primary means for processing personal data. While a Consent Manager is not mandatory to use, any Data Principal who uses one will impose another layer of obligations on Data Fiduciaries when managing individuals’ personal information. It is likely that Data Fiduciaries will have to build additional functionality into their systems to interact with different Consent Managers. Given the amount of data that Consent Managers hold on Data Principals’ behalf, it also imposes another vulnerability in relation to data security.
Significant Data Fiduciaries
The new law creates a new category entitled Significant Data Fiduciaries[8] (SDFs). These are entities appointed by the Central Government based on the volume of data processed, sensitivity of the personal data handled, and/or its impact on sovereign or national interests. Any such entities may also fall within the class of organizations with specific data erasure obligations listed above. If appointed, an SDF must comply with several obligations, including the following:
Conduct annual evaluations, including a Data Protection Impact Assessment (DPIA) and audits.
Observe due diligence to ensure that technical measures used (including any algorithmic software used to manage personal data) are not likely to pose a risk to the rights of Data Principles.
Ensure that specific categories of personal data (as notified by the government) are not transferred outside India without governmental approval.
ACTION: None for now – but we note that this is significantly more onerous than the GDPR, which does not single out any group of Data Controllers in this way (although it does require having a data protection officer for certain processing activities). No SDFs have yet been designated by the Government, so we recommend keeping a close eye on further actions.
Data transfers
The DPDP Rules adopt a more lenient approach to cross-border data transfer[9] as compared to prior regulations or GDPR. Personal data processed under this Act may generally be transferred outside India, albeit with restrictions based on government directives concerning specific blacklisted countries or entities only. In contrast, under Article 44 of the GDPR, data transfers outside of the European Economic Area are generally restricted unless the conditions set out in Chapter V are met.
However, it is worth noting that the Indian approach gives the Government great political discretion in the countries whom it may designate as “blacklisted.” It will be important to monitor any further clarity provided as to implementation of this Rule.
Under Section 2(6) of the Act, all data transfers must comply with the consent-based regime and other obligations of the Act.
ACTION: None for now, but please monitor as this area may change as clarifications are made.
Children’s personal data
When handling data pertaining to children under the age of 18 or individuals with disabilities, obtaining verifiable parental consent is essential. Thus, companies must have rigorous mechanisms for age and identity verification prior to processing such data. However, certain sectors such as healthcare and child protection sectors may receive exemptions when processing is essential for delivering health services or otherwise safeguarding children.
ACTION: Companies are required not only to implement parental consent workflows into their systems, but also to take steps to assess if an individual truly is the parent or guardian of a child. This mirrors Article 8(2) of the GDPR, which requires a controller to make “reasonable efforts” to verify that consent is provided by the holder of parental responsibility over the child.
In terms of technology, the Rules specifically name virtual identity tokens as way to comply with Rule 10. Other options may be available. For example, many social media platforms use family pairing or similar ways to obtain parental consent. A common issue under all laws (including the GDPR) is the difficulty of establishing a parental connection, while continuing to adhere to data minimization principles – the Rules do not solve this issue.
Conclusion
The administration of personal data in India has undergone substantial transformation due to the implementation of the new Rules. Due to the obligatory nature of compliance deadlines, companies must prepare ahead of time. Given the phased implementation approach, companies have time to assess their policies and carefully prepare to comply with this new era of privacy in India.
Although the Rules provide helpful clarity on several matters, other provisions – like the requirements in respect of personal data breaches and mandatory data erasure obligations – remain very onerous and will challenge how Indian businesses, as well as those handling personal data from India, run their operations.
Footnotes
[1] Section 2(11): “Personal data means any data about an individual who is identifiable by or in relation to such data.
[2] Section 18
[3] Section 2(12): “Data Fiduciary means any person who alone or in conjunction with other persons determines the purpose and means of processing of personal data.
[4] Clause 2(16) – Data Principal: “Data Principal means the individual to whom the personal data relates and where such individual is— (i) a child, includes the parents or lawful guardian of such a child; (ii) a person with disability, includes her lawful guardian, acting on her behalf.”
[5] Section 2(6) defines consent as the free, specific, informed, unconditional and unambiguous indication of the Data Principal’s wishes by which the Data Principal, by a clear affirmative action, signifies agreement to the processing of her personal data for the specified purpose.
[6] Section 2(13) – Data Processor means any person who processes personal data on behalf of a Data Fiduciary.
[7] Section 8(6) – Refers to breach reporting
[8] Section 10 refers that the Central Government may notify any Data Fiduciary or class of Data Fiduciaries as a Significant Data Fiduciary, having regard to the volume and sensitivity of personal data processed, risk to rights of Data Principals, potential impact on sovereignty and integrity of India, risk to electoral democracy, security of the State, and public order.
[9] Section 16 – Data Fiduciary may transfer personal data to such country or territory outside India as may be notified by the Central Government, subject to such terms and conditions as may be specified.
Getty Images (US) Inc (and others) v Stability AI Limited. Input- Getty Images v Stability AI. Output: Continued Uncertainty.
On 4 November 2025 the UK High Court handed down its judgment in the case of Getty Images (US) Inc (and others) v Stability AI Limited [2025] EWHC 2863 (Ch) [High Court Judgment Template].
The case concerned the training, development and deployment of Stability AI’s “Stable Diffusion” generative AI model and, as one of the first and to date most high-profile intellectual property (IP) infringement claims against an AI developer to make it all the way to trial in the UK courts, was originally envisaged as having potential to provide much-needed wide-ranging judicial guidance on the application of existing UK IP law in the field of AI. However, as the case progressed and the scope of Getty’s claims gradually reduced to a shadow of the original, it became apparent that this judgment, whilst still of note in respect of a number of key issues, would not be the silver bullet which many had originally anticipated.
At over 200 pages the judgment is long and complex, including detailed discussion of the witness and expert evidence which the Court considered before reaching its findings.
Key takeaways at a high-level are:
Primary Copyright Infringement: by close of evidence at the trial Getty had abandoned its key claims alleging that the training of Stability AI’s “Stable Diffusion” AI model and certain of its outputs had infringed Getty UK copyright works and/or database rights. Key reasons for this decision on the part of Getty would appear to be relatively limited evidence of actual potentially infringing output coupled with an acknowledgement that the development and training of Stable Diffusion had not taken place in the UK despite Getty’s claim being in respect of its UK rights. As a result, the Court declined to rule on these claims – meaning that the current legal uncertainty in this area continues, to the frustration of many.
Secondary Copyright Infringement: for the purposes of establishing a secondary copyright infringement claim, the Court has confirmed that the model weights used in the training of an AI model can be considered “articles” for the purposes of the relevant legislation. However, in this case the Court went on to find that those model weights did not themselves contain any Getty copyright works and so could not be considered an infringing copy. Whilst this is helpful guidance, it has long been accepted that references to an “article” in the relevant legislation covers both tangible and intangible items, hence this was an unsurprising decision for the Court to reach.
Trade Mark Infringement: the Court held that there was some limited evidence that certain earlier versions of Stable Diffusion had produced outputs which included a “Getty Images” UK registered trade mark as a watermark thereby infringing Getty’s registered trade mark. However, the Court emphasised that this finding is both “historic and extremely limited in scope” and that as a result of changes which had been made to later versions of Stable Diffusion, it could not hold that there was likely to be any continuing proliferation of such infringing output from Stable Diffusion.
Exclusive Licensee Claims: the Court has confirmed that when bringing a copyright infringement claim in the capacity of an exclusive licensee (as opposed to copyright owner) the Court will consider in detail whether the licences in question meet the relevant legislative definition of an “exclusive licence”. As such, it must be a completely exclusive licence, excluding even the rights of the copyright owner themselves, granted to only one licensee and it must be signed. That said, the Court will be willing to apply a very broad definition when deciding whether those have been “signed” (e.g. not just wet ink but includes online acceptance). Again, whilst useful guidance, this essentially just confirms the already accepted interpretation of this legislation.
Additional Damages Claim: as a result of the very limited findings of trade mark infringement on the part of Stability AI alongside the abandonment of the primary copyright infringement claims and failure of the secondary copyright infringement claim, the Court rejected Getty’s claims for additional/aggravated damages. The Judge noted that she could not hold that there had been any blatant and widespread infringement of UK IP rights by Stability AI, as Getty had claimed which would have justified an award of such damages.
For a more detailed summary and analysis of the case and each of these issues please see our full client briefing.
Japan’s Tax Authority Recognizes VAT Exemption for Satellite Launch Services
In recent years, Japan’s space industry has been expanding, with new initiatives emerging across a wide range of sectors, including satellite communications, remote sensing, debris removal, space resource exploration, and space travel. A common and indispensable foundation for all of these activities is “access to space,” for which satellite launch services play a critical role. Consequently, the development of satellite launch service businesses might be regarded as a fundamental driver of growth for Japan’s space industry.
While satellite launch services involve important technological and regulatory considerations, they also raise tax-related issues. In particular, the consumption tax (VAT) treatment of launch services has been a key point of attention.
Against this backdrop, the Tokyo Regional Taxation Bureau (TRTB) published a written response to an inquiry regarding whether satellite launch service is subject to the VAT. The TRTB confirmed that such services are exempt from the VAT as a qualifying export exemption under Japan’s Consumption Tax Act (the VAT Act).
In this GT Alert, we provide an overview of the TRTB’s response and discuss its practical implications.
Continue reading the full GT Alert.
It’s That Time Again- 2026 Works Council Elections in Germany
Works Council elections 101: Understanding the basics for employers
Between 1 March and 31 May 2026, works council elections, which are held every four years in Germany, will take place in all companies that already have a works council. Moreover, if a company has several operations, each with its own works council, an election campaign and works council election will be held in each individual operation.
The upcoming works council elections are therefore a hot topic in Germany.
The role of Works Councils in Germany
Works councils play an important role in the German working world. Works council members are elected by the employees of the respective operation. Works councils exercise extensive rights within the company. Ignoring the works council is therefore ill-advised and can lead to significant employer sanctions. The number of works council members depends on the size of the operation. The rights of the works council are fundamentally enshrined in the German Works Constitution Act (Betriebsverfassungsgesetz). In addition, the First Regulation on the Implementation of the German Works Constitution Act (Wahlordnung) also applies for the election process.
The works council has extensive rights to information, consultation and co-determination. Particularly in areas that have a fundamental impact on the working environment, it has so-called mandatory co-determination rights. This goes a step beyond rights to be consulted and means that, in principle, the employer cannot act unilaterally without the prior consent of the works council. Mandatory co-determination rights with significant practical relevance exist, for example, when it comes to:
restructuring exercises;
introducing and using IT tools and AI; and
awarding variable remuneration.
Don’t forget about special protection against dismissal
Works council members have special protection against dismissal, and substitute works council members can have similar protection under certain conditions. This means that they can only be dismissed for good cause and, in some cases, only with the consent of the works council.
But that’s not all. In the run-up to and after the works council election, the election committee members (who prepare and conduct the election) and under certain conditions the election candidates and the initiators of a first-time election (even if they are not elected to the works council), also have special protection against dismissal. Any other pre-existing protection against dismissal continues to apply in accordance with the statutory provisions.
If an employer is planning restructuring measures for 2026, it is therefore imperative to examine whether and under what conditions this restructuring can be successfully implemented in Germany, given the special protection against dismissal associated with works council elections.
Considerations for navigating the election procedure
Since the works council often holds significant influence when it comes to the employees, it can be assumed that during the election campaign, the works council members will want to demonstrate tangible achievements for the employees so that they are re-elected.
Particularly in companies where a trusting working relationship with the works council is not possible for whatever reason, employers may often be tempted to try and prevent works council elections or influence the outcome of the upcoming elections.
However, caution is advised because employers are strictly prohibited from preventing works council elections. In addition, employers’ options for influencing the elections are very limited. For example, employers are prohibited from influencing works council elections by causing or threatening disadvantages or by granting or promising advantages. If the employer violates this rule, they can expect heavy fines or even criminal consequences.
Before and during the election, the employer’s main responsibility is to support the election committee in preparing for the election.
Amongst other things, the employer is also responsible for:
covering the costs of preparing and conducting the election;
paying compensation for lost working time due to preparation for and participation in the election; and
providing all necessary information and documents required by the election committee.
Legislative changes
Before the last elections in 2022, the German Works Council Modernisation Act (Betriebsrätemodernisierungsgesetz) introduced significant changes to the election process. In the spring of 2025, the new German federal government published its plans to introduce an optional digital voting procedure for the 2026 works council elections. However, there are still no specific legal regulations in place for this. The continuing uncertainty regarding the timely introduction of the digital election procedure is leading to a lack of planning security for both employers and election committees.
China’s National Intellectual Property Administration, Ministry of Public Security, and State Administration for Market Regulation Jointly Launch Rectification Campaign on IP Firms & Practitioners
On November 25, 2025, China’s National Intellectual Property Administration announced a joint rectification campaign in conjunction with the Ministry of Public Security and State Administration for Market Regulation. The campaign will last three months and “seriously illegal agencies and practitioners will be investigated and punished strictly according to law, ordered to rectify irregular practices, and typical cases of illegal agency practices will be publicly exposed to quickly create a deterrent effect.”
The campaign will include:
a strong crackdown… against prominent illegal activities such as falsifying patent applicant information, fabricating patent applications, acting as an agent for a large number of abnormal patent applications, falsification, acting as an agent for malicious trademark applications, unqualified patent agents, and soliciting agency business through improper means. Enforcement efforts will be significantly strengthened, and those constituting crimes will be transferred to public security organs for legal prosecution. Second, a concentrated rectification of irregular professional practices will be carried out. Agencies and practitioners will be organized to conduct comprehensive self-inspection and rectification, focusing on rectifying the renting or lending of agency qualifications and illegal business solicitation on internet platforms, and accelerating the cleanup of agencies that obtained agency qualifications through fraudulent means or no longer meet the conditions for practicing law…
The goal of the campaign is
to promote integrity, compliance, and responsible practice among agencies and practitioners, establish a long-term mechanism, significantly improve the order of the intellectual property agency industry, and enhance the professional responsibility and sense of honor of practitioners, thereby accelerating the high-quality development of the agency industry.
The full text is available here (Chinese only).