Cybersecurity & Compliance

Is my subsidiary in scope of NIS2?

Is a small MSP subsidiary in scope of NIS2? This article explains why the answer depends on group-size calculation, linked enterprises, Recital 16 and national transposition.

EU

13 min · Jun 2026

Software Licensing

Beyond the source code: the hidden licensing crisis in open AI

Open-weight AI models are served through cloud intermediaries that preserve legal obligations in theory but eliminate licensing visibility in practice.

EUUKUS

26 min · Mar 2026

Software Licensing

Beyond the source code: your infrastructure vendor changed its licence, and your legal team probably does not know

MongoDB, Redis, Elastic, and HashiCorp changed their licences. Most legal teams missed it. The commercial risks have not reversed with the reversals.

EUUKUS

17 min · Mar 2026

Software Licensing

Beyond the source code: one GPL violation, five compounding legal exposures

A single GPL violation creates five compounding legal exposures: injunctions, damages, moral rights, cross-border claims, and new plaintiffs.

EU

17 min · Mar 2026

Cybersecurity & Compliance

Supply chain email fraud: how NIS2, DORA and the GDPR reshape civil liability

Supply chain email fraud: how NIS2, DORA and the GDPR reshape civil liability Introduction Business email compromise, commonly referred to as BEC, is a form of cyber-enabled fraud in which an …

EU

25 min · Feb 2026

Cybersecurity & Compliance

Supply chain email fraud: which party pays when the supplier gets hacked?

Supply chain email fraud: civil liability in the EU, US and Canada

EUUK

29 min · Feb 2026

Commercial Technology Law

When the Cloud goes down: who really bears the risk?

When the cloud goes down, contracts rarely decide who bears the real economic risk. After the 18 November 2025 Cloudflare outage, it became clear that SLAs price only downtime, but contingency planning determines who actually pays for it.

EU

7 min · Jan 2026

AI · Software Licensing

When does software become “AI”? The EU definition that catches businesses off guard

Most companies think they’re not using AI. The EU AI Act may disagree. I’ve deconstructed the legal definition of “AI” into four clear criteria and applied it to systems businesses use every day. 🚫 Some tools marketed as AI are not regulated ⚠️ Others that no one thinks of as AI are already in scope If you want to understand the first compliance question of the AI era, start here.

EU

23 min · Dec 2025

Commentary

McLaren v Palou: the legal limits of a promise in Formula 1

As a lawyer following a sport, it’s difficult not to notice when contractual disputes move from the paddock to the courtroom. The ongoing McLaren v Palou case highlights a fundamental issue in commercial contracting: how should the law treat promises of future opportunity that never materialise? This article examines the English court’s likely reasoning — from the parol evidence rule to the distinction between misrepresentation and contractual terms — and what it reveals about formalism in high-value negotiations.

UKEU

6 min · Nov 2025

Commentary

Truth can change, history can’t: the legal story behind a 17-Year-old F1 scandal

How long can a legal claim remain alive when key facts were hidden for years? A 17-year-old Formula One dispute now puts that question before the court. I explored the legal implications of the High Court’s Massa v Formula One Management & FIA judgment, what it means for limitation law in the UK, and why the court drew a firm line on altering sporting outcomes.

UK

7 min · Nov 2025

Cybersecurity & Compliance

The EU AI Act’s operator model: what every company needs to know before deploying AI

When does a company stop being a “user” of AI, and becomes its legal provider? Under the EU AI Act, the answer depends entirely on what you do with a system, not who built it. In my latest analysis, I break down the EU AI Act’s operator model — and why organisations may acquire provider status far more easily than they expect. From rebranding and substantial modification to fine-tuning and internal deployment, the Act assigns responsibility based on factual conduct, not contractual labels or technical authorship. If your company integrates, adapts, or modifies AI systems — especially in high-risk environments — these mechanisms determine your compliance burden.

EU

15 min · Nov 2025

AI

Can copyright survive AI? The legal storm that’s changing everything

Explore how generative AI is challenging global copyright law. Discover key rulings in the US, China, UK, and EU shaping the future of creative industries.

EUUS

7 min · Mar 2025

Articles

Beyond the Source Code

Beyond the source code: the hidden licensing crisis in open AI

Is my subsidiary in scope of NIS2?

Beyond the source code: the hidden licensing crisis in open AI

Beyond the source code: your infrastructure vendor changed its licence, and your legal team probably does not know

Beyond the source code: one GPL violation, five compounding legal exposures

Supply chain email fraud: how NIS2, DORA and the GDPR reshape civil liability

Supply chain email fraud: which party pays when the supplier gets hacked?

When the Cloud goes down: who really bears the risk?

When does software become “AI”? The EU definition that catches businesses off guard

McLaren v Palou: the legal limits of a promise in Formula 1

Truth can change, history can’t: the legal story behind a 17-Year-old F1 scandal

The EU AI Act’s operator model: what every company needs to know before deploying AI

Can copyright survive AI? The legal storm that’s changing everything

Stay in the conversation.