What’s That? WhatsApp Creates Legally Binding Contract (UK)
As insolvency practitioners (IPs) it is not unusual to have to consider the terms of a particular contract, whether that is enforcing the terms of that for the insolvent entity or considering the rights of the third party as against the company, and in some cases, it is necessary for IPs to enter into a contract themsleves.
This blog from our colleagues in IP & Technology highlights how easy it can be to (inadvertently) create a legally binding contract – in this case by WhatsApp – standing as a reminder to IPs that exchanges of messages could be relevant when considering a third party contract, but also that care should be taken when exchanging messages so as not to create a binding contract when not intended.
Walking the Talk, Ofcom’s Online Safety Act Enforcement
Back in March 2025, we published an article highlighting that Ofcom will be turning up the heat to ramp up pressure on platforms in relation to their duties to the UK’s Online Safety Act (OSA). There has been a flurry of activity from Ofcom on OSA compliance and it appears that the heat has indeed been turned up.
The First Wave
On 9 May 2025, Ofcom published that it has opened investigation into two services regulated under Part 5 of the OSA, namely Itai Tech Ltd and Score Internet Group LLC. This investigation was initiated as part of Ofcom’s January 2025 Enforcement Programme into age assurance. It appears that some services failed to respond to Ofcom’s request in January 2025 and do not appear to have taken steps to implement measures in line with their duties under the OSA. The duty being Part 5 service providers under the OSA must have highly effective age assurance in place from January 2025.
Less than a week later, on 12 May 2025, Ofcom further published that it is launching additional investigations into Kick Online Entertainment S.A for failing to keep a suitable and sufficient illegal content risk assessment and for failing to respond to a statutory information request.
As outlined in our March 2025 article, platforms were expected to have completed their illegal harms risk assessment by 16 March 2025 and their children’s access assessment by 16 April 2025. The investigation into Kick Online Entertainment S.A is a clear indication that Ofcom will have a direct and serious approach in relation to its OSA enforcement.
It’s Not Over
Ofcom has additionally written to a number of services under Part 3 of the OSA (i.e. user-to-user services and search services) noting the deadline for mandatory age assurance on services that allows pornography or adult content and reminding platforms of their duties under the OSA.
This shows that the initial round of enforcement programmes and investigations are just the beginning for Ofcom and further requests are likely to come, especially as the protection of children requirements come into force, details of which are outlined in our previous article available here.
Ofcom has further opened an enforcement programme into child sexual abuse imagery on file-sharing services so it would be expected that a number of platforms are already in the process of communicating with Ofcom in relation to comply with their OSA duties.
What to do when Ofcom (or anyone else) is knocking at your door
It is clear that Ofcom will not be ignored, if Ofcom writes to you, it is important you respond within the given timeframe. A failure to respond to requests has triggered three published investigations, platforms should be careful and take Ofcom seriously when they write to you, otherwise you may risk being named publicly by Ofcom.
Engagement with Ofcom shows that a platform is taking Ofcom seriously and fosters a cooperative culture. Ofcom has suggested in recent communications that it is willing to work with platforms so as to achieve the wider goal of improving online safety.
Whilst Ofcom is likely to take a pragmatic approach with enforcement, the duties under the OSA and its deadlines are very clear. Ofcom’s approach towards enforcement of this demonstrates a direct and serious approach that platforms should not take lightly. Otherwise, platforms are at risk of paying fines of up to £18m or 10% of global turnover, whichever is higher.
This should also apply to other regulators, such as the Information Commissioner’s Office (ICO), the UK’s regulator for personal data. The ICO have written to a large number of sites seeking a response on cookie banner compliance. Platforms should not ignore these communications or risk similar penalties to the OSA.
Larry Wong also contributed to this article.
Private Equity in Australia: Upcoming Mandatory Merger Laws and Foreign Investment Changes

WHAT’S ON THE AUSTRALIAN REGULATORY HORIZON?
In this publication, we provide an overview of certain upcoming changes for private equity funds and their investors (both Australian and foreign) investing in Australia.
The key takeaways are set out below.
New Mandatory Merger Control Regime
A new mandatory merger control notification regime will be introduced effective from 1 January 2026, with transitional provisions starting from 1 July 2025.
Draft Guidelines by the Australian Competition and Consumer Commission (ACCC) and draft Determinations by the Australian Government have been released for consultation. However, there remains uncertainty about several matters, including how a “change of control” and calculation of monetary thresholds are intended to operate in a private equity context. Future government Determinations may clarify these issues. We are working with industry to make submissions to the government to clarify these issues in a manner that does not “chill” investment.
The government has also published draft notification forms under the draft Determination which require merger parties to specify whether their Sale and Purchase Agreement (SPA) contains any goodwill protection provisions (including noncompetes and restraints of trade). The ACCC will now have the power to declare that the existing “goodwill exemption” to the cartel conduct provisions under the Competition and Consumer Act 2010 (Cth) (CCA) does not apply if it considers that a particular noncompete, restraint of trade or other goodwill protection provision was not necessary for the protection of the purchaser in respect of the goodwill of the target business.
Foreign Investment Framework–Updates for Foreign Private Equity Funds and Foreign Investors
It is currently unclear how the new merger regime (and the ACCC) will interact with the foreign investment framework (and Foreign Investment Review Board (FIRB) processes), including the interaction between the FIRB and ACCC waiver regimes–detailed guidance is yet to be released.
The final stage of Treasury’s new Foreign Investment Portal (the Portal) is expected to launch by the end of May 2025, after which the entire FIRB application process (including communications with Treasury) will be facilitated electronically through the Portal.
Treasury recently released updated the Guidance Note 12–Tax Conditions, which interestingly removed the “standard tax conditions” but included more examples of tax conditions that may be imposed by the Australian Taxation Office (ATO) and Treasury on a case-by-case basis. In addition, it includes an updated tax checklist which the ATO now expects to be answered at the same time as lodging the FIRB application (rather than the current practice of seeking to defer this to after lodgement). Treasury has also updated Guidance Note 10–Fees to introduce a refund/credit scheme for filing fees in an unsuccessful competitive bid.
Next Steps
We will continue to update you on further developments in relation to the new merger control and foreign investment regime, including release of the subordinated merger legislation, which will, amongst other things, determine the final monetary thresholds by which merger notification will be required.
UPCOMING MANDATORY MERGER NOTIFICATION LAWS
In Australia, the merger control regime is underpinned by section 50 of the CCA, which prohibits mergers or acquisitions that would substantially lessen competition (SLC Rule) in any market in Australia.
While at present it is not compulsory for acquisitions to be notified to the ACCC, the Australian Government has passed the Treasury Laws Amendment (Mergers and Acquisitions Reform) Act 2024 (Cth) (the Act) such that as of 1 January 2026, a new mandatory and suspensory merger control regime will be introduced.
Under the new regime:
Any acquisitions of shares, assets, units and other defined interests involving a “change of control” that meet certain monetary thresholds (outlined further below) will be required to be notified to the ACCC and approved (i.e. determined that they do not breach the SLC Rule) prior to completing.
The SLC Rule has been broadened to encompass scenarios where a merger or acquisition results in the “creation, strengthening, or entrenchment of a substantial degree of market power”, not just a lessening.
Businesses can use the Clearance Procedure voluntarily from 1 July 2025, and it will be mandatory from 1 January 2026.
Thresholds–When Notification is Required
Set out on the next page is a flowchart which illustrates which transactions must be notified to the ACCC under the new regime:
Source: James Gray, K&L Gates LLP
As set out above, whether a transaction must be notified to the ACCC essentially depends on whether it results in a “change of control”, and if so, whether it meets certain monetary thresholds. Set out below is some additional detail on the change of control requirements and the monetary thresholds, noting that there remains uncertainty about how these are intended to operate in a private equity scenario.
Future government Determinations may clarify these issues. We are working with industry to make submissions to the government to clarify this issue in a manner that does not “chill” investment.
Control Threshold
A “change of control” is enlivened in respect of acquisitions of full or partial interests in shares, unit trusts and managed investment schemes. Acquisitions that do not result in a change in control are not required to be notified.
“Control” will be defined having regard to section 50AA of the Corporations Act 2001 (Cth) (Corporations Act)–i.e. as being the capacity to determine the outcome of decisions about an entity’s financial and operating policies.
We note that there is a degree of certainty regarding “control” issues. While the Act provides a “safe harbour” from the notification requirements for acquisitions of interests of less than 20%, the government has also foreshadowed that it intends to use its designation powers to require transaction parties to notify the ACCC of acquisitions of less than 20% of the voting rights in private/unlisted companies, where one of the parties to the transaction has an Australian turnover of more than AU$200 million.
This issue was not addressed in the Consultation Draft of the Determination published by the government on 28 March 2025, which otherwise provided considerable detail about the Mandatory Regime, including the information and documentary requirements that will be required to be provided to the ACCC. For more detail about the Determination, click here. Future government Determinations may clarify this issue.
Acquirer Turnover Thresholds
More generally, there is uncertainty as to how the acquirer “turnover thresholds” will be assessed for the economy-wide, large acquirer and serial acquirer thresholds for private equity investments, particularly in relation to:
Taking into account the turnover of “connected entities” (being associated entities for the purposes of section 50AAA of the Corporations Act and entities controlled by a principal party for the purposes of section 50AA of the Corporations Act) to calculate acquirer turnover in a private equity fund context given these Corporations Act concepts do not necessarily fit neatly with private equity fund structures, which may also include cross-shareholdings and cross-directorships.
The creation of a “new” fund for the purposes of industry or deal-specific investments.
Certain changes to the limited partners of a private equity fund (including secondaries) after a primary portfolio acquisition.
Where the fund is seeking to acquire interests/minority interests in entities.
Again, future government Determinations may clarify this issue (e.g. to have regard to the turnover of the specific portfolio company or specific fund only).
For exits which meet the notification thresholds, private equity funds and investors should anticipate longer approval timelines and increased regulatory oversight and cost, potentially influencing deal structuring and exit strategies.
Private equity funds and their portfolio companies must also consider the cumulative competitive impact of their acquisitions in the immediately preceding three-year period, as the ACCC can now assess these transactions together, even if they were not individually reported. This will be particularly relevant to private equity funds and their portfolio companies engaged in “bolt-on” and “roll-up” acquisitions to existing portfolio companies to enhance value. To stay compliant, portfolio entities should track target sales generated at the time of acquisition and in the following years to determine if future deals fall within the relevant monetary thresholds and therefore require notification.
Process Changes–Clearance Timelines and Notification Fees
The new merger regime imposes statutory timelines for the ACCC’s consideration of transactions. We will provide further detail on these timelines in a forthcoming Insight on the ACCC’s draft Merger Process Guidelines.
Treasury has also indicated that it expects notification fees to be around AU$50,000 to AU$100,000 for most notifiable transactions. However, an exemption from fees will be available for some small businesses so that the fees are not a disproportionate burden.
These ACCC fees are in addition to any FIRB notification fees that may apply to foreign private equity funds and investors.
Transitional Arrangements
To assist businesses during this transition, the ACCC has released guidance detailing how to navigate the period leading up to the mandatory implementation. Key points include:
Current informal review and merger authorisation processes: Businesses can continue to use the existing voluntary notification regime throughout 2025. Early engagement with the ACCC is advised to ensure sufficient time for assessment before the new regime takes effect.
Voluntary Notification (1 July 2025–31 December 2025): From 1 July 2025, businesses have the option to voluntarily notify the ACCC under the new regime. This provides greater certainty regarding timeframes and ensures that transactions are aligned with the forthcoming mandatory requirements.
Noncompetes, Restraints and Goodwill Protection
Under current laws, noncompetes and restraints of trade included in an SPA are generally exempt from the per se cartel prohibitions to the extent its purpose is solely to protect the goodwill acquired by the purchaser (Goodwill Exemption).
The government has published a draft Determination which provides detail about the forthcoming mandatory merger regime. The draft Determination includes draft notification forms which merger parties will be required to adopt when notifying the ACCC. Notably, merger parties will be required to specify whether their SPA contains any goodwill protection provisions and to specify why they are necessary for the protection of the purchaser in respect of the goodwill of the business.
The ACCC will have the power to declare that the Goodwill Exemption does not apply to any goodwill protection provisions which it considers are “not necessary” for the protection of the purchaser in respect of the goodwill of the target business. A goodwill protection provision (e.g. a noncompete clause) is likely to be deemed as such if the ACCC considers that the duration or geographic scope of the provision is unnecessarily broad. Merger parties should therefore carefully consider the scope of any goodwill protection provisions that they propose to include in any SPA–and ensure that they do not go beyond what is necessary for the sole purpose of protecting the goodwill of the business.
Unnecessarily broad goodwill protection provisions which fall outside the scope of the Goodwill Exemption will expose merger parties to potential liability for engaging in cartel conduct–which is both a criminal and civil offence under the CCA. Merger parties should be aware that even if the ACCC does not object to the goodwill protection provision upon being notified of the transaction, this does not preclude the ACCC from commencing action under the anti-competitive conduct provisions of the CCA in relation to this provision at a later stage.
Interaction with FIRB Regime
FIRB and the Treasury have traditionally consulted with the ACCC about transactions notified to FIRB because competition is a factor relevant to the national interest test in Australia’s foreign investment framework under the Foreign Acquisitions and Takeovers Act 1975 (Cth) and related Foreign Investment Policy and guidance notes.
It is currently unclear how the new merger regime and the ACCC will interact with the foreign investment framework and FIRB processes, including:
How the FIRB waiver regime will operate with the ACCC waiver regime.
How existing FIRB waivers granted by FIRB (after consulting with the ACCC) will operate under the new merger regime.
Whether Treasury may refer to a foreign acquisition to the ACCC for review even if that acquisition does not meet the merger thresholds.
The ACCC has noted in the ACCC’s draft Merger Process Guidelines that it is currently working with the Treasury on the interaction between the foreign investment framework and ACCC’s merger regime and that they will provide further guidance on how the two regimes operate together in due course.
It is expected that an applicant will be able to decide whether to submit a FIRB or an ACCC application first (i.e. there will not be a legal requirement to notify simultaneously, though it may still make sense to do so).
FOREIGN INVESTMENT CHANGES
Recap on Australia’s Foreign Investment Framework and FIRB
Background
Under Australia’s foreign investment framework, foreign persons may be required or encouraged to apply for foreign investment approval prior to taking certain actions. The approval is provided by the Australian Treasurer and confirms that the Commonwealth of Australia does not object to a particular action. It is commonly referred to as “FIRB Approval”, as the Treasurer receives advice from FIRB when deciding whether to approve an action.
Broadly, the framework is comprised of the Foreign Acquisitions and Takeovers Act 1975 (Cth) and the Foreign Acquisitions and Takeovers Regulations 2015 (Cth). Additionally, Australia’s Foreign Investment Policy and guidance notes provide further commentary and guidance.
Get Legal Advice Early
Australia’s foreign investment framework is complex, factually specific and continually changes. For foreign private equity investors (including sponsors, funds and their portfolio companies), Australia’s foreign investment framework and rules present a threshold issue that needs to be considered across all stages of the private equity investment life cycle against Australia’s foreign investment policy settings. Foreign private equity investors should seek legal advice for each and every investment into Australia to avoid breaching the foreign investment rules.
Other FIRB Updates for Foreign Private Equity Funds and Foreign Investors–Timelines, Lodgement, Tax Conditions and Fees
FIRB has made welcome headway in shortening its response times for straightforward decisions over the last year. Treasury’s new Portal is now live for compliance reporting. The final stage of the Portal is expected to launch by the end of May 2025, after which the entire FIRB application process (including communications with Treasury) will be facilitated electronically through the Portal.
On 14 March 2025, Treasury released updated Guidance Note 12–Tax Conditions. These changes reflect the tax risks and tax conditions that the ATO has been focused on and has imposed when reviewing recent foreign investment applications. Of note:
Interestingly, the guidance note no longer sets out “standard tax conditions” but does include more examples of tax conditions that may be imposed by the ATO and Treasury on a case-by-case basis.
Also included is an updated tax checklist which applicants are usually requested to answer post-lodgement of a FIRB application. However, the ATO now expects that information to be included in the FIRB application itself (rather than submitted during the FIRB review process or, sometimes, within three months of completion if relevant tax information is not available). If that tax information is not included in the initial application, the applicant must disclose why and when the information will be submitted. As noted above, these recent updates to FIRB’s tax guidance and the new Portal are likely to require front-loading of the provision of tax information by applicants.
Treasury has also updated Guidance Note 10–Feesto introduce a refund/credit scheme for filing fees in an unsuccessful competitive bid. This is a positive development; however, care needs to be taken to ensure that relevant eligibility criteria are met by unsuccessful bidders and credits or refunds can be applied in practice. Unsuccessful bidders can elect to take a refund equal to the lesser of 75% of the fee paid or the amount of the fee minus the minimum fee amount, currently AU$4,300 (which must be requested within six months of the unsuccessful bid) or a 100% credit for a subsequent FIRB application made within 24 months of the failed bid. Decisions regarding fee refunds or credits will still be made on a case-by-case basis following application and justification of the refund/credit request by applicants. It will be interesting to see if the new merger regime takes a similar approach to fees for unsuccessful competitive bids.
Overall, these changes are welcome and should assist to further support a shortening of average FIRB approval times but will require more upfront planning and disclosure by foreign applicants.
China’s National People’s Congress Passes Promoting the Private Economy With IP Provisions
China’s National People’s Congress recently passed the Law of the People’s Republic of China on Promoting the Private Economy (中华人民共和国民营经济促进法) with several intellectual property provisions. The Law goes into effect on May 20, 2025 and aims to “help create a stable, fair, transparent and predictable environment for the development of the private economy,” e.g., to restrict government overreach that hurts private companies such as the 2021 crackdown on the private tutoring industry.
A translation of the relevant IP provisions follow. The full text is available here (Chinese only).
Article 21 Banking financial institutions and others shall, in accordance with laws and regulations, accept guarantee methods that meet the requirements of loan business, and provide loans secured by accounts receivable, warehouse receipts, equity, intellectual property rights, and other rights pledges to private economic organizations.
People’s governments at all levels and their relevant departments shall provide support and convenience for the registration, valuation, trading circulation, and information sharing of movable property and rights pledges.
Article 30 The State shall ensure that private economic organizations participate in standard-setting work in accordance with the law, and strengthen information disclosure and social supervision in standard-setting.
The State shall provide private economic organizations with services and convenience in terms of scientific research infrastructure, technology verification, standards and norms, quality certification, inspection and testing, intellectual property rights, demonstration applications, and other aspects.
Article 33 The State shall strengthen the protection of original innovations by private economic organizations and their operators. The protection of intellectual property rights for innovation achievements shall be strengthened, a punitive damages system for intellectual property infringement shall be implemented, and illegal acts such as infringement of trademark rights, patent rights, copyrights, trade secrets, and counterfeit confusion shall be investigated and dealt with in accordance with the law.
Regional and departmental collaboration for intellectual property protection shall be strengthened to provide private economic organizations with rapid collaborative protection of intellectual property rights, diverse dispute resolution, rights protection assistance, guidance on responding to overseas intellectual property disputes, and risk early warning services.
Article 36 Private economic organizations shall, in their production and business activities, comply with laws and regulations concerning labor employment, work safety, occupational health, social security, ecological environment, quality standards, intellectual property rights, network and data security, fiscal and taxation, finance, and other aspects; they shall not seek illegitimate interests through bribery, fraud, or other means, nor shall they disrupt market and financial order, damage the ecological environment, harm the legitimate rights and interests of workers, or compromise social public interests.
State organs shall supervise and manage the production and business activities of private economic organizations in accordance with the law.
The BR International Trade Report: May 2025
Recent Developments
Various trade deals in the air.
U.S.-China trade deal: Washington and Beijing take steps to ease trade war. On May 12, the United States and China announced a deal to deescalate the trade tensions between the two countries. The centerpiece of the deal is a 90-day pause to the 100+ percent tariffs each country had imposed on the other. As of May 14, the United States lowered its general tariff on Chinese goods to 30 percent, while China lowered its tariffs on American goods to 10 percent. During the 90-day pause, the countries will endeavor to negotiate a more lasting resolution to ongoing trade tensions.
Trump administration announces UK trade deal. On May 8, President Trump announced his administration’s first major trade deal since his “Liberation Day” unveiling of broad reciprocal tariffs on April 2. Leaders in Washington and London agreed to terms that would (i) establish a “new trading union” for aluminum and steel products, (ii) lower the tariff on UK-origin automobiles to 10 percent for the first 100,000 vehicles imported into the United States each year, and (iii) streamline customs procedures for products exported from the United States. Notably, under the terms of the deal, the United States’ 10 percent base reciprocal tariff on UK-origin goods remains in effect. Shortly after the agreement was announced, International Consolidated Airlines, the owner of British Airways, purchased $13 billion of Boeing planes.
White House announces trade deals with Saudi Arabia and Qatar. Over May 13-14, during President Trump’s visit to the Middle East, the White House announced a $600 billion investment commitment from Saudi Arabia and a $142 billion U.S.-Saudi arms deal, as well as “an economic exchange worth at least $1.2 trillion” with Qatar.
United States and Ukraine sign long-awaited critical minerals deal. On April 30, the United States and Ukraine signed a natural resources deal which establishes the U.S.-Ukraine Reconstruction Investment Fund (the “Investment Fund”). The Investment Fund grants the United States certain priority access to Ukrainian critical minerals, oil, and natural gas in exchange for military assistance. Unlike previous iterations of the deal, the April 30 agreement did not require Ukraine to reimburse the United States for past military aid. Treasury Secretary Scott Bessent emphasized that the deal embodies America’s efforts to encourage peace between Russia and Ukraine, stating “[t]his agreement signals clearly to Russia that the Trump Administration is committed to a peace process centered on a free, sovereign, and prosperous Ukraine over the long term.”
United Kingdom and India agree to trade deal. On May 6, after more than three years of negotiations, the United Kingdom and India announced a free trade deal, described by the UK government as “the biggest and most economically significant bilateral trade deal the UK has done since leaving the EU.” Meanwhile, the United States is seeking to enter into a significant trade agreement with India. In late April, Vice President JD Vance and Indian Prime Minister Narendra Modi met in India to “finalize[ ] the terms of reference for . . . trade negotiation[s].”
Semiconductor export controls. On May 13, Commerce announced a range of long-awaited actions regarding export controls (see our alert) applicable to advanced integrated circuits and computing items, including:
rescission of the Biden Administration’s “AI Diffusion Rule,” which was scheduled to significantly broaden preexisting controls over such items effective May 15;
informing the public that export licensing requirements may apply (a) to the export, re-export, and transfer of such items (such as to cloud providers) for use in training large AI models for persons in China and certain other restricted countries, where there is knowledge that such models are for use in WMD or military-intelligence applications, or (b) U.S. person “support” for such activity;
issuance of guidance regarding red flags that may present a risk of diversion of controlled items to prohibited end-users or end-uses; and
imposition of export licensing requirements applicable to most transactions worldwide involving certain Huawei “Ascend” chips, on the ground that such chips were produced in violation of U.S. export controls.
Section 232 investigations update.
Critical Minerals: On April 15, President Trump ordered the initiation of a Section 232 investigation into imports of processed critical minerals, which the U.S. Department of Commerce (“Commerce”) launched on April 22. Subsequently, he issued an April 24 executive order to spur the exploration and extraction of critical mineral deposits located on the seabed.
Trucks: On April 22, Commerce launched a Section 232 investigation into imports of certain medium- and heavy- duty trucks, their parts, and their derivatives. The probe aims to assess whether such imports compromise the country’s ability to meet domestic demand and pose risks to national security.
Aircraft, jet engines, and related parts: On May 1, Commerce Secretary Howard Lutnick initiated a national security investigation into imports of aircraft, jet engines, and related parts, which could lead to additional tariffs, among other measures. Among other factors, Commerce will investigate the concentration of U.S. imports of such items from a small number of suppliers, along with what Commerce described as “foreign government subsidies and predatory trade practices.”
President Trump orders rescission of Syria sanctions. During a speech in Saudi Arabia, the president announced his intent to remove all U.S. sanctions on Syria—in place for decades—explaining that his decision followed discussions with Saudi Crown Prince Mohammed bin Salman and Turkish President Recep Tayyip Erdoğan and aims to give Syria “a chance at greatness.” The next day, the president met with Syrian President Ahmad al-Sharaa, formerly associated with al-Qaeda, who led the rebel group that toppled the Assad regime in December 2024. This marked the first meeting between an American president and a Syrian leader since 2000.
U.S. Department of the Treasury (“Treasury”) announces intent to launch a “fast track” process for CFIUS review of foreign investments. Treasury’s May 8 announcement, issued under the auspices of President Trump’s February “America First Investment Policy” memorandum (see our prior alert), sets the stage for eventual implementation of streamlined review for preferred investors by the Committee on Foreign Investment in the United States (“CFIUS”). Treasury noted that it will design a pilot program featuring a “Known Investor Portal” through which CFIUS can collect information from foreign investors in advance of a CFIUS filing.
U.S. Trade Representative issues final rule on Chinese ships. On April 17, the Office of the United States Trade Representative (“USTR”) issued a final rule concerning the imposition of port fees on Chinese vessel operators, owners, and Chinese-built vessels. The rule seeks to implement steep tonnage-based port fees for both Chinese-built ships and Chinese-owned ships, with the intent of resurrecting the U.S. commercial shipbuilding industry. Following a 180-day implementation period, annually increasing tonnage-based fees will be levied at U.S. ports on Chinese-owned and operated ships, while Chinese-built ships face increasing fees based on net tonnage or containers. In addition, fees of $150 per car will be levied on all foreign-built car carriers, not just those with ties to China. After three years, incrementally increasing restrictions will be placed on the transportation of liquified natural gas (“LNG”) via foreign-built vessels. Check out our coverage of the final rule here.
Amidst U.S. trade tensions, incumbent governments retain power in Canadian and Australian elections.
Down in the polls by double digits only a few months ago, Canada’s Liberals surged in response to trade tensions with the United States and the resignation of longtime Prime Minister Justin Trudeau, who was replaced as party leader by Mark Carney. Conservative leader Pierre Poilievre, once considered the strongest contender to become prime minister, lost his parliamentary seat in the elections. The new government will look to reshape relations with the United States, which Prime Minister Carney initiated with a White House visit on May 6.
A similar story played out in Australia, where incumbent Labour Party Prime Minister Anthony Albanese fended off a challenge by Peter Dutton’s Liberal-National coalition. Similar to Canada, U.S. trade tensions loomed large in the election.
European Union announces retaliatory tariff plan against the United States. The retaliatory measures would target a list of almost 5,000 goods which total approximately $107 billion in European imports. Reports suggest that U.S.-origin aircraft and automobiles would be hit hardest by the tariff package.
UK Government takes control of last remaining “virgin steel” plant in country from Chinese company. Following the announcement by British Steel’s Chinese parent company, Jingye, that it would stop purchasing materials to keep the blast furnace running at the Scunthorpe plant, the UK government took action to prevent the closure of the plant. Although neither the plant nor British Steel have been nationalized for the time being, emergency legislation passed by the UK Parliament allows Business Secretary Jonathan Reynolds the ability to direct the British Steel board and staff, allowing for the purchase of necessary materials.
April 2025 ESG Policy Update—Australia
Australian Update
ASIC Publishes Regulatory Guidance for New Sustainability Reporting Requirements
On 31 March 2025, the Australian Securities and Investments Commission (ASIC) published its Regulatory Guide 280 Sustainability Reporting (RG280) following the introduction of Australia’s first climate-related financial disclosure regime and comprehensive public consultation with various stakeholders.
The new disclosure regime requires the preparation of a sustainability report containing climate-related financial information under Chapter 2M of the Corporations Act 2001 (Cth) (Corporations Act). RG280 provides practical guidance for companies, registered schemes, registrable superannuation entities, and retail corporate collective investment vehicles who are required to prepare these new sustainability reports.
RG280 includes guidance in relation to:
Determining who must prepare a sustainability report under the Corporations Act;
The content required in a sustainability report;
Disclosing sustainability-related financial information outside the sustainability report (e.g. product disclosure statements); and
ASIC’s administration of the sustainability reporting requirements.
In addition, ASIC has also been given additional powers to grant sustainability reporting and audit relief, and to issue directions to reporting entities where it considers a statement in a sustainability report is incorrect, incomplete or misleading.
ASIC Commissioner Kate O’Rourke has said “the publication of RG280 is a critical piece that supports the implementation of these sustainability reporting requirements passed by the Australian Parliament. We will continue to expand our broader suite of publications related to sustainability reporting over time as market practices evolve”.
S&P Platts to Launch Daily Benchmark for Australian Safeguard Mechanism Credits
S&P Platts is set to launch a daily market assessment for Australian Safeguard Mechanism Credits (SMCs) on 5 May 2025.
The Safeguard Mechanism reforms commenced on 1 July 2023 under the Safeguard Mechanism (Crediting) Amendment Act 2023 (Cth), allowing the Clean Energy Regulator (CER) to issue SMCs from January 2025 to certain designated large facilities (Safeguard Facilities) whose net emissions are below their legislated baseline targets. The regime has been designed to incentivise Safeguard Facilities to reduce their emissions beyond these baseline targets.
Safeguard Facilities that earn SMCs can sell them to other Safeguard Facilities, surrender them to stay within their baseline or retain them for future use until 2030. One SMC represents one tonne of carbon dioxide-equivalent emissions below a facility’s baseline. For more information on SMCs and Australia’s carbon credit regulatory framework, see our previous alert here.
S&P Platts’ new benchmark will reflect SMCs in the spot market following issuances from the CER. Its introduction is intended to improve price transparency and boost the confidence of carbon market participants in trading, compliance and investment decision-making. The launch comes as a welcome step in the evolution of Australia’s emissions reduction framework, allowing participants in the carbon credit market to better navigate compliance and employ investment strategies towards the country’s net-zero targets.
ASFI Launches Sustainable Finance Action Plan for 2025-2027
The Australian Sustainable Finance Institute (ASFI) has launched its Sustainable Finance Action Plan for 2025-2027 (Action Plan), aiming to align Australia’s financial system with sustainable and inclusive growth. The plan builds on the Australian Sustainable Finance Roadmap, which was introduced in 2020 to provide recommendations for improving Australia’s financial system to support sustainable development.
ASFI’s members, comprising 41 leading financial institutions with over AU$37 trillion in assets, are committed to integrating sustainability into their practices. The Action Plan emphasises embedding sustainability into leadership, integrating sustainability into practice, enabling resilience and building sustainable finance markets including by financing emissions reductions, increasing capital flows for climate adaptation, expanding financial innovation and promoting international collaboration to support sustainable finance objectives.
Some examples of the priorities that ASFI recommend include:
The expansion of Australia’s mandatory climate disclosure regime;
A clearer articulation of the requirements for sustainable financial product labelling;
Changes to competition law to provide a more permissive scheme for sustainability collaborations and to streamline exemption processes for sustainability activities; and
The explicit inclusion of sustainability-related considerations within directors’ duties under the Corporations Act to act with reasonable care, skill and diligence, and in good faith in the best interests of the company.
State of Net Zero Investment 2025 Report Highlights Australian Commitment to Climate Progress
On 2 April 2025, the State of Net Zero Investment 2025 Report (Report) was published by the Investor Group on Climate Change (IGCC). The Report revealed a strong commitment from Australian institutional investors towards climate progress, despite some current global anti-ESG sentiment. This comprehensive Report, covering data from 65 major superannuation and retail funds, represents AU$4.2 trillion in assets managed for 15 million Australian beneficiaries.
The Report highlights advancements in five of six key climate indicators, though notes there has been a decline in the number of investors with climate action plans, likely due to new minimum regulatory standards for transition plans. Interest in climate solutions, particularly renewable energy and green infrastructure, is on the rise. However, challenges such as policy uncertainty and a lack of suitable investment opportunities have emerged, reversing previous positive trends.
The CEO of IGCC emphasised the fiduciary duty of investors to protect financial interests by setting emissions targets and exploring climate solutions. Despite a mixed short-term outlook, increased policy certainty could enhance investor confidence in Australian growth industries.
The Report underscores the critical role of investors in transitioning to a low-carbon economy. The survey data, collected in late 2024, reflects ongoing industry discussions and trends expected to continue into the new year.
VIEW FROM ABROAD
Net Zero Banking Alliance Eases Climate Commitment Target
On 15 April 2025, the Net Zero Banking Alliance (NZBA), a coalition of over 120 global banks, announced a shift in its climate commitment from the 1.5°C target to a broader “well-below 2°C” goal, in alignment with the Paris Agreement. This decision reflects the challenges banks face in coordinating efforts and the slow progress in decarbonising key sectors like housing and aviation.
The NZBA’s adjustment is influenced by the slower-than-expected advancements in technology and policymaking. The NZBA Chair highlighted that the expectations from 2021 have not aligned with current realities. Economic and political headwinds, particularly from markets like the United States and United Kingdom, have also contributed to this shift, with major banks delaying or scaling back net zero targets.
Critics argue that this pivot undermines the credibility of voluntary climate commitments, especially since only 30% of major emitters have 1.5°C-aligned transition plans. Despite the controversy, NZBA leadership emphasises a shift from “target-setting to implementation”, offering practical tools and exploring alternate methods like carbon markets and avoided emissions accounting.
This decision marks a significant moment in the credibility and durability of private sector climate leadership, with potential implications for green finance and the pace of decarbonisation efforts.
EU Commission Eases Corporate Obligations Under New Deforestation Law
On 16 April 2025, the European Commission introduced revisions to the EU Deforestation Regulation (EUDR) to simplify compliance while maintaining environmental goals. The EUDR prohibits products linked to deforestation from entering the EU market, requiring companies to conduct due diligence on commodities such as palm oil, beef, timber, coffee, cocoa, rubber and soy, including derived goods like leather and chocolate. Companies must trace products to their origin and ensure no deforestation occurred post-2020.
The regulation, effective since June 2023, initially required large companies to comply by the end of 2024 and small businesses by June 2025.
In response to readiness concerns, the European Union delayed the compliance deadline by one year in October 2024, aligning with the EU’s Competitiveness Compass strategy to enhance productivity and reduce red tape. Key revisions include allowing annual submission of due diligence statements, reusing existing documentation and group-level reporting. These changes aim to reduce administrative costs by 30% and ease the compliance burden on companies.
The Commissioner for Environment emphasised the commitment to reducing administrative burdens while achieving the regulation’s goals of reducing global deforestation. The revisions reflect a collaborative approach with stakeholders to ensure effective implementation.
Nathan Bodlovich, Cathy Ma, Daniel Nastasi, Bernard Sia, Natalia Tan, Aibelle Espino, and Isaac Gilmore contributed to this article
Privacy Tip #443 – Fake AI Tools Used to Install Noodlophile
Threat actors are leveraging the publicity around AI tools to trick users into downloading the malware known as Noodlophile through social media sites.
Researchers from Morphisec have observed threat actors, believed to originate from Vietnam, posting on Facebook groups and other social media sites touting free AI tools. Users are tricked into believing that the AI tools are free, and unwittingly download Noodlophile Stealer, “a new malware that steals browser credentials, crypto wallets, and may install remote access trojans like XWorm.” Morphisec observed “fake AI tool posts with over 62,000 views per post.”
According to Morphisec, Noodlophile is a previously undocumented malware that criminals sell as malware-as-a-service, often bundled with other tools designed to steal credentials.
Beware of deals that are too good to be true, and exercise caution when downloading any content from social media.
China’s National Intellectual Property Administration Releases Guidelines for the Construction and Operation of Patent Pools

On May 13, 2025, China’s National Intellectual Property Administration (CNIPA) in conjunction with the Ministry of Science and Technology, the Ministry of Industry and Information Technology, the State-owned Assets Supervision and Administration Commission of the State Council, the State Administration for Market Regulation, and the Chinese Academy of Science released the Guidelines for the Construction and Operation of Patent Pools (专利池建设运行工作指引).
A translation follows. The original text can be found here (Chinese only).
Chapter 1 General Provisions
Article 1 These Guidelines are formulated to guide and strengthen the high-quality construction of patent pools, guide and support the scientific establishment, rational layout, standardized management and efficient operation of patent pools, better operate the role of patent pools, promote the transformation and application of patents, promote fair and orderly competition in the industry, and accelerate the cultivation and development of new quality productivity.Article 2 Patent pool refers to a patent application model in which two or more patent holders entrust one of them or a third-party operation and management organization through an agreement to jointly operate the patents held in a certain technical field, and carry out cross-licensing, one-stop licensing and other businesses and related services.Article 3 Patent pools have the following main functions:(I) Integrate patent resources, reduce patent licensing transaction costs, and improve patent licensing and use efficiency.(II) Promote the industrialization and application of patent technology, expand the scale and benefits of patent industrialization, and accelerate the transformation of innovative achievements into real productivity.(III) Carry out diversified operation services, improve corporate patent compliance awareness and risk prevention level, and optimize the ecological environment for industrial innovation and development.Article 4 The construction and operation of patent pools shall follow the following principles:(I) Market-oriented principle. In accordance with the laws of the market economy, a business operation model that conforms to the characteristics of the industry and the needs of enterprises shall be established to ensure the market-oriented operation and sustainable development of the patent pool.(ii) The principle of interest balance. The legitimate rights and interests of patent licensors and licensees shall be protected, the balance between licensing rates and industrial profits shall be taken into account, and the due interest returns of various entities in the whole process from innovation investment to implementation of results shall be guaranteed.(iii) The principle of openness. All types of qualified domestic and foreign patent holders shall be supported to join the patent pool, participate in the operation of the patent pool and obtain due rights and interests, and encourage and support the market-oriented, standardized and international development of the patent pool.(iv) The principle of non-discrimination. The licensing business shall be carried out equally for the whole society to ensure that all patent users have equal opportunities and obtain licenses in accordance with fair, reasonable and non-discriminatory rules.Article 5 The CNNIPA shall, together with relevant departments, provide overall guidance and support for the construction and operation of patent pools. Local intellectual property management departments and relevant departments are encouraged to strengthen guidance, support and service guarantees for the construction of patent pools according to local conditions.
Chapter II Establishment of Patent Pool
Article 6 Patent pools are usually initiated and established by patent owners or patent operation management organizations with significant innovation advantages and greater industry influence in the industry, and patent owners in related fields are absorbed as members of the patent pool.Article 7 The main links of the establishment of patent pools include:(i) Clarify the basic positioning. The initiator shall determine the basic positioning of the patent pool, such as the expected functions, business forms, business models and development directions, based on the needs.(ii) Determine the patent pool operation management organization. The patent pool operation management organization shall have relevant professional capabilities such as patent resource integration, operation management, consultation and negotiation, and risk response, and shall be responsible for the operation and management of the patent pool under the entrustment of the patent owner.(iii) Formulate the charter. The initiator shall formulate the organizational charter based on the basic functional positioning of the patent pool, which mainly includes the purpose, criteria, rules of procedure, organizational structure, responsibilities and powers of the operation management organization, member joining and exit mechanism, member rights and obligations, business development model, risk prevention and dispute resolution mechanism, etc.(iv) Screening patents to be included in the pool.——Establish standards. The patent pool operation and management organization shall formulate fair and reasonable patent entry standards and clarify the evaluation and review mechanism for patents entering the pool.——Application for entry into the pool. The patent owner shall submit a patent entry application to the patent pool operation and management organization and provide relevant information. For utility model and design patents, a patent right evaluation report may be required.——Evaluation and review. The patent pool operation and management organization shall organize experts or entrust a third-party evaluation service organization to evaluate and review the patents applied for entry into the pool in accordance with the patent entry standards and determine the list of patents entering the pool.——Signing an agreement. The patent pool operation and management organization shall sign a patent entry agreement with the patent owner to agree on the list of patents entering the pool, the rights and obligations of both parties, the method of income distribution, the entry period, the exit mechanism, confidentiality requirements and dispute resolution.
Chapter III Operation and Management of Patent Pools
Article 8 Establish a reasonable licensing fee mechanism. Patent pool members mainly obtain income through the patent pool’s external one-stop licensing. The licensing fee rate is generally determined by the initiator or patent pool operation and management organization based on the number of patents, patent value, average profit margin of related industries, price of patent products, contribution of patents to product value, stage of technology development, industry acceptance, judicial judgment results and other factors. When the patent pool determines or adjusts the licensing fee rate, it can fully communicate and negotiate with potential licensees to balance the interests of the relevant parties.Article 9 Establish a fair income distribution mechanism. The patent pool operation and management organization may extract management fees from the operating income according to a certain proportion or charge service fees according to the agreed operating model, and determine the income distribution ratio of the patent pool members based on the patent pool entry agreement, combined with factors such as the number of licensed patents and patent contribution.Article 10 Establish a flexible and efficient service management model. The patent pool operation and management organization may actively expand its operating business based on the needs of industrial development and the functional positioning of the patent pool, and provide value-added or public welfare services such as evaluation consultation, litigation response, negotiation, overseas risk analysis, and compliance investigation to patent pool members or other entities. Strengthen the internal management of the patent pool and establish a sound member communication and consultation mechanism.Article 11 Establish a moderately transparent information disclosure mechanism. Encourage patent pool operation and management institutions to appropriately disclose relevant information based on the functional positioning of patent pools, or provide necessary information based on the reasonable requirements of relevant parties. For patent pools of standard essential patents, encourage patent pool operation and management institutions to timely and fully disclose information such as claim comparison tables of patents in the pool and the results of necessity examination.
Chapter IV Safeguard Measures
Article 12 Support the formulation of relevant norms and standards for the construction and operation of patent pools. Encourage patent pools that are in line with the national industrial development orientation, have standardized and efficient construction and operation, and have a significant role in promoting industrial innovation and development to report relevant information to the CNIPA on a voluntary basis. Support the exploration of the construction of patent pool information resource centers to track and publish relevant information about patent pools.Article 13 Strengthen business training and personnel training. Encourage local government departments to organize and carry out relevant training on the construction and operation of patent pools in combination with the needs of industrial development. Strengthen the construction of professional personnel teams and encourage patent pool operation and management institutions to cultivate and introduce professional personnel with international vision and advanced management concepts. Promote the establishment of a patent pool operation and management expert team to strengthen the talent guarantee and professional support for the construction and operation of patent pools.Article 14 Strengthen publicity and exchanges. All departments and localities should timely summarize and publicize the progress, achievements and experience of the construction and operation of patent pools, positively guide and widely popularize the concept of patent pool operation, and promote the formation of a good atmosphere conducive to the high-quality construction and operation of patent pools. Support the development of domestic and foreign exchange activities, share and absorb the successful experience of the construction and operation of patent pools, continuously strengthen international consensus, and explore and promote the formation of fair, reasonable, open, inclusive, mutually beneficial and win-win international rules for the construction and operation of patent pools.
Chapter V Supplementary Provisions
Article 15 The construction and operation of patent pools shall strictly abide by national laws and regulations, and shall not violate the Anti-Monopoly Law of the People’s Republic of China, the Anti-Monopoly Guidelines of the Anti-Monopoly Commission of the State Council on the Field of Intellectual Property Rights, the Anti-Monopoly Guidelines for Standard Essential Patents, the Provisions on Prohibition of Abuse of Intellectual Property Rights to Exclude and Restrict Competition, and the Provisions on the Administration of Patents Involving National Standards (Interim) and other relevant regulations, and shall not hinder fair competition in the market and the healthy development of the industry. Patent pool operation management agencies are encouraged to report to antitrust law enforcement agencies in advance, actively accept supervision and guidance, and ensure the compliance construction and operation of patent pools.Article 16 Encourage and support relevant departments, local governments, social groups, industry organizations, etc. to refer to and use these guidelines in the construction and operation of patent pools.
Regulation on Preventing the Loss of Plastic Pellets to Reduce Microplastic Pollution – Draft Agreement Reached Between the Council and the Parliament
On 16 October 2023, the European Commission (EC) proposed a Regulation [1] aimed at preventing plastic pellet losses in order to tackle one of the main sources of unintentional microplastic pollution.
A provisional Draft Agreement on the final text was reached between the European Parliament and the Council on 8 April 2025 [2]. The Council’s first reading position is expected to be adopted in the autumn, followed by a second EP vote recommending final approval. It will then be formally adopted by both institutions, following a legal and linguistic review, and published in the Official Journal of the EU.
The Regulation applies to economic operators in the EU handling quantities of plastic pellets equal to or exceeding five tonnes per year, based on the previous calendar year. It also covers economic operators of facilities within the EU that clean plastic pellet containers and tanks. Furthermore, the scope extends to both EU and non-EU carriers.
The overarching objective of the Regulation is to ensure the safe handling of plastic pellets at every point in the supply chain, regardless of their intended end use. The main obligations are as follows:
Article 3 sets out the duty to take immediate action to contain and clean up any pellet losses, as well as to notify the relevant national authorities about each installation involved in pellet handling.
Under Article 4, economic operators must develop a risk management plan for each of their installations. This plan must comply with the requirements of Annex I of the Regulation and be submitted to the competent authority in the Member State where the installation is located, accompanied by a declaration of conformity as specified in Annex II. Operators must also ensure that all relevant staff receive appropriate training. Additionally, both EU and non-EU carriers are required to keep annual records detailing the estimated volume of plastic pellets handled and any losses incurred.
Article 5 introduces a certification regime. Operators handling 1,500 tonnes or more of plastic pellets annually will be required to obtain certification from an independent third party two years after the Regulation enters into force, and every three years thereafter. Medium-sized operators handling more than 1,500 tonnes must obtain certification within 36 months, with renewal required every four years. Small enterprises handling over 1,500 tonnes must also obtain certification within 60 months of the Regulation’s entry into force, with certification valid for five years. However, Member States may grant permits under Article 5a, exempting certain operators from this certification requirement.
The Draft Agreement introduces new labelling obligations for any manufacturer, importer, downstream user, or distributor placing on the market plastic pellets that qualify as synthetic polymer microparticles, as defined in Annex XVII, entry 78, to Regulation (EC) 1907/2006) [3]. The required information, detailed in Annex IVb of the Regulation (see image below), must be included on the label, packaging, packaging leaflet, or safety data sheet.
The Draft Agreement also sets out rules governing compliance and access to information. While it is the responsibility of Member States to establish specific penalties for infringements of the Regulation, the Regulation itself sets minimum standards for enforcement. In cases of the most serious infringements committed by a legal entity, the maximum level of administrative financial penalty must be at least 3% of the operator’s annual EU turnover in the previous financial year. In addition to administrative penalties, Member States retain the discretion to impose criminal sanctions where appropriate.
The Regulation includes a delayed application date, taking effect two years after its official entry into force. To ease the transition for the maritime sector, the co-legislators have introduced a further one-year delay in the application of the relevant provisions for operators, agents, and masters of sea-going vessels. This additional time is intended to facilitate compliance with the new requirements specific to maritime transport.
[1] Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on preventing plastic pellet losses to reduce microplastic pollution, COM(2023) 645 final – 2023/0373 (COD). Available at: https://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/com/2023/0645/COM_COM(2023)0645_EN.pdf
[2] Provisional Draft Agreement, adopted 15 May 2025, at the ENVI Committee, available at: https://www.europarl.europa.eu/meetdocs/2024_2029/plmrep/COMMITTEES/ENVI/DV/2025/05-12/Item10_2023_0373COD_consolidatedandmarked_EN.pdf
[3] Please refer to COMMISSION REGULATION (EU) 2023/2055 of 25 September 2023 amending Annex XVII to Regulation (EC) No 1907/2006 of the European Parliament and of the Council concerning the Registration, Evaluation, Authorisation and Restriction of Chemicals (REACH) as regards synthetic polymer microparticles, available at: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32023R2055
UK Government Publishes New Software and Cyber Security Codes of Practice
As cyber security continues to make be headline news it is timely that on 7 May 2025 the UK government published a new voluntary Software Security Code of Practice: Software Security Code of Practice – GOV.UK
This Code is designed to be complementary to relevant international approaches and existing standards and where possible reflects internationally recognized best practice including as outlined in the US Secure Software Development Framework (Secure Software Development Framework | CSRC) and the EU Cyber Resilience Act (Cyber Resilience Act (CRA) | Updates, Compliance, Training).
This Code consists of 14 principles split across 4 themes (secure design and development; build environment security; secure deployment and maintenance; and communication with customers) that software vendors are expected (but to stress the voluntary nature of this code, are not legally obliged) to implement to establish a consistent baseline of software security and resilience across the market – these principles are stated to be relevant to any type of software supplied to business customers.
“Software Vendors” are defined under this Code as organisations that develop and sell software or software services; “Software” is code, programmes and applications that run on devices including on hardware devices and via cloud/SaaS.
A self-assessment form is also made available (Software-Security-Code-of-Practice-Self-Assessment-Template.docx) which software vendors can use to assess and evidence compliance with this Code.
This Code follows on from the Cyber Governance Code of Practice and supporting tool kit published on 8 April 2025 (Cyber Governance Code of Practice – GOV.UK) to support boards and directors of medium and large organizations to govern cyber security risks. The emphasis of this Code is to support boards and directors to effectively govern and monitor cyber security within their business, but it is not intended for use by those people in a business whose role is the day-to-day management of cyber security.
As cyber security continues to be a high-profile and business critical issue for many businesses it is likely that in the coming months we may start to see compliance with these voluntary codes becoming contractual obligations imposed on suppliers.
EDPB and EDPS Support GDPR Record-Keeping Simplification Proposal
On May 8, 2025, the European Data Protection Board (“EDPB”) and the European Data Protection Supervisor (“EDPS”) adopted a joint letter addressed to the European Commission regarding the upcoming proposal to simplify record-keeping obligations under the EU General Data Protection Regulation (“GDPR”). This proposal aims to amend Article 30(5) of the GDPR, simplifying the record-keeping requirements and reducing administrative burdens while maintaining robust data protection standards.
The European Commission proposed the following changes to Article 30(5) of the GDPR:
Exemptions for Small Mid-Cap Companies: Extending the derogation which currently applies to enterprises or organizations with fewer than 250 employees (including small and medium-sized enterprises or SMEs), to also cover “small mid-cap companies,” i.e., companies with fewer than 500 employees and with a defined annual turnover, as well as organizations such as non-profits with fewer than 500 employees.
Expansion of Application: Modifying the derogation so it would not apply if the processing is “likely to result in a high risk to the rights and freedoms of natural persons,” as opposed to the current provision, which only mentions processing likely to result in a “risk,” therefore broadening the ability to use the derogation.
Limiting Record-Keeping Exceptions: Removing certain exceptions to the record-keeping derogation, including references to occasional processing and possibly special categories of data.
Employment, Social Security or Social Protection Law Exception: Introducing a recital clarifying that the obligation to maintain records of processing activities would not apply to the processing of special categories of data to comply with legal obligations in the field of employment, social security or social protection law in accordance with Article 9(2)(b) of the GDPR.
In their joint letter, the EDPB and EDPS express “preliminary support to this targeted simplification initiative,” noting that they support the retention of a risk-based approach in respect of processing, and observing that “even very small companies can still engage in high-risk processing.” Both parties welcome the opportunity for a formal consultation to take place after the publication of the draft legislative change.
FCA’s Discretion Upheld in IRHP Redress Scheme Judicial Review
Timely insights into the design of mass consumer redress schemes
In R (All-Party Parliamentary Group on Fair Banking) v Financial Conduct Authority [2025] EWHC 525 (Admin), the High Court examined the FCA’s decision regarding the exclusion of certain customers from the scope of the voluntary Interest Rate Hedging Products (IRHP) redress scheme established in 2012, which was criticised in a subsequent independent review. The case contains important insights into the trade-offs involved in the design of such schemes, given the high likelihood that the FCA will soon be rolling out a redress scheme to deal with motor finance mis-selling.
Background
From 2010 onwards, large numbers of complaints began to be made about mis-selling of IRHPs alongside small and medium sized business loans. The IRHPs, which typically swapped floating for fixed interest rates, had become ruinously expensive for many bank customers after interest rates fell sharply during the 2008 financial crisis. Following supervisory intervention by the FSA (the predecessor of the FCA), a voluntary redress scheme was negotiated with various large banks in 2012. The scheme incorporated a “sophistication test”, which excluded customers that exceeded certain objective metrics or were otherwise sophisticated in the use of financial products from being eligible to receive compensation under the scheme for mis-sold financial products.
Subsequently the FCA committed to a review of its supervisory intervention on IRHPs by a leading King’s Counsel. That review concluded (among other things) that the FCA should not have excluded a subset of customers from the scheme via the sophistication test. The FCA disagreed with these findings and decided to take no further action to address that conclusion. The All-Party Parliamentary Group on Fair Banking challenged this exclusion by way of judicial review proceedings, arguing that the FCA’s decision was irrational and procedurally unfair due to a lack of proper consultation with stakeholders.
The FCA argued that it was on balance right (or at least not irrational) to agree the redress scheme incorporating the sophistication test for a number of reasons including that:
There was real urgency to provide prompt assistance to a large number of small businesses that were in distress and prone to going into insolvency as a result of payments required under their IRHPs.
In this context there were significant advantages to a voluntary scheme over use of the FSA’s mandatory s.404 redress powers, which would be slower and more complex to implement, and prone to protracted challenge from the banks involved.
There were reasons for concern that the evidential challenges to the FSA of bringing action to require redress could not be overcome, resulting in worse outcomes all round.
The scheme delivered fair outcomes for those within its scope and the FSA was entitled to prioritize those customers.
The incorporation of the sophistication test followed intensive and robust negotiation with the banks and necessarily involved the need to make trade-offs to achieve the best overall result possible. There was no reason to believe that a better outcome could have been negotiated voluntarily with the banks.
Ultimately the scheme led to c.£2.2 billion being paid in redress in respect of 20,206 IRHP sales, with costs to the banks of c.£920 million.
Court’s Findings
The High Court rejected the challenge to the manner in which the FCA had exercised its discretion not to seek to require further redress to be paid to sophisticated customers excluded from the voluntary scheme, holding that:
Rational Basis: The FCA had a rational basis for its decision. The bar for irrationality is a high one and it was not irrational for the FCA to disagree with the conclusions of the independent review on the basis of a reasoned consideration that it conducted. There was no presumption that a public body in the position of the FCA should follow the recommendations of the independent review absent a good, very good, or cogent reason.
No Duty to Consult: The FCA was not legally obliged to consult stakeholders before making its decision regarding the exclusion criteria.
Regulatory Discretion: The FCA’s actions were within the scope of its regulatory authority and aligned with its statutory purpose of consumer protection. The FCA is afforded a wide measure of discretion as to when and how it will intervene to address potential mis-selling, having regard to its statutory objectives, regulatory principles and regulatory priorities. It could not be said to have misunderstood or misapplied that discretion in acting as it did.
Implications
This judgment reinforces the principles that regulatory bodies like the FCA have broad discretion in designing and implementing redress schemes (whether voluntary or compulsory, especially when balancing regulatory priorities, and the need for timely action, against the complexities of individual cases. Its decisions in such circumstances will not be lightly overturned by the courts. The judgment also shines a light into the decision-making processes of the regulator and the trade-offs that are made when negotiating such schemes. Those insights are worth considering at a time when another mass consumer redress scheme in relation to motor finance mis-selling is highly likely in the coming months, the design of which will inevitably involve similar issues.