Iveta Yuskeselieva

Iveta YuskeselievaIveta Yuskeselieva — Technology Legal Counsel. Analysis of software licensing, AI regulation, cybersecurity, and commercial technology law across the EU, UK, and US.https://ivetayuskeselieva.com/en-gbIs my subsidiary in scope of NIS2?https://ivetayuskeselieva.com/articles/is-my-msp-subsidiary-in-scope-of-nis2/https://ivetayuskeselieva.com/articles/is-my-msp-subsidiary-in-scope-of-nis2/Is a small MSP subsidiary in scope of NIS2? This article explains why the answer depends on group-size calculation, linked enterprises, Recital 16 and national transposition.Wed, 17 Jun 2026 00:00:00 GMTCybersecurity & ComplianceBeyond the source code: the hidden licensing crisis in open AIhttps://ivetayuskeselieva.com/articles/beyond-the-source-code-the-hidden-licensing-crisis-in-open-ai/https://ivetayuskeselieva.com/articles/beyond-the-source-code-the-hidden-licensing-crisis-in-open-ai/Open-weight AI models are served through cloud intermediaries that preserve legal obligations in theory but eliminate licensing visibility in practice.Thu, 26 Mar 2026 00:00:00 GMTSoftware LicensingBeyond the source code: your infrastructure vendor changed its licence, and your legal team probably does not knowhttps://ivetayuskeselieva.com/articles/beyond-the-source-code-your-infrastructure-vendor-changed-its-licence-and-your-legal-team-probably-does-not-know/https://ivetayuskeselieva.com/articles/beyond-the-source-code-your-infrastructure-vendor-changed-its-licence-and-your-legal-team-probably-does-not-know/MongoDB, Redis, Elastic, and HashiCorp changed their licences. Most legal teams missed it. The commercial risks have not reversed with the reversals.Wed, 18 Mar 2026 00:00:00 GMTSoftware LicensingBeyond the source code: one GPL violation, five compounding legal exposureshttps://ivetayuskeselieva.com/articles/beyond-the-source-code-one-gpl-violation-five-compounding-legal-exposures/https://ivetayuskeselieva.com/articles/beyond-the-source-code-one-gpl-violation-five-compounding-legal-exposures/A single GPL violation creates five compounding legal exposures: injunctions, damages, moral rights, cross-border claims, and new plaintiffs.Tue, 10 Mar 2026 00:00:00 GMTSoftware LicensingSupply chain email fraud: how NIS2, DORA and the GDPR reshape civil liabilityhttps://ivetayuskeselieva.com/articles/supply-chain-email-fraud-how-nis2-dora-and-the-gdpr-reshape-civil-liability/https://ivetayuskeselieva.com/articles/supply-chain-email-fraud-how-nis2-dora-and-the-gdpr-reshape-civil-liability/Supply chain email fraud: how NIS2, DORA and the GDPR reshape civil liability Introduction Business email compromise, commonly referred to as BEC, is a form of cyber-enabled fraud in which an …Mon, 16 Feb 2026 00:00:00 GMTCybersecurity & ComplianceSupply chain email fraud: which party pays when the supplier gets hacked?https://ivetayuskeselieva.com/articles/supply-chain-email-fraud-which-party-pays-when-the-supplier-gets-hacked/https://ivetayuskeselieva.com/articles/supply-chain-email-fraud-which-party-pays-when-the-supplier-gets-hacked/Supply chain email fraud: civil liability in the EU, US and CanadaMon, 09 Feb 2026 00:00:00 GMTCybersecurity & ComplianceWhen the Cloud goes down: who really bears the risk?https://ivetayuskeselieva.com/articles/when-the-cloud-goes-down-who-really-bears-the-risk/https://ivetayuskeselieva.com/articles/when-the-cloud-goes-down-who-really-bears-the-risk/When the cloud goes down, contracts rarely decide who bears the real economic risk. After the 18 November 2025 Cloudflare outage, it became clear that SLAs price only downtime, but contingency planning determines who actually pays for it.Mon, 19 Jan 2026 00:00:00 GMTCommercial Technology LawWhen does software become “AI”? The EU definition that catches businesses off guardhttps://ivetayuskeselieva.com/articles/when-does-software-become-ai-the-eu-definition-that-catches-businesses-off-guard/https://ivetayuskeselieva.com/articles/when-does-software-become-ai-the-eu-definition-that-catches-businesses-off-guard/Most companies think they’re not using AI. The EU AI Act may disagree. I’ve deconstructed the legal definition of “AI” into four clear criteria and applied it to systems businesses use every day. 🚫 Some tools marketed as AI are not regulated ⚠️ Others that no one thinks of as AI are already in scope If you want to understand the first compliance question of the AI era, start here.Tue, 09 Dec 2025 00:00:00 GMTAISoftware LicensingMcLaren v Palou: the legal limits of a promise in Formula 1https://ivetayuskeselieva.com/articles/mclaren-v-palou-the-legal-limits-of-a-promise-in-formula-1/https://ivetayuskeselieva.com/articles/mclaren-v-palou-the-legal-limits-of-a-promise-in-formula-1/As a lawyer following a sport, it’s difficult not to notice when contractual disputes move from the paddock to the courtroom. The ongoing McLaren v Palou case highlights a fundamental issue in commercial contracting: how should the law treat promises of future opportunity that never materialise? This article examines the English court’s likely reasoning — from the parol evidence rule to the distinction between misrepresentation and contractual terms — and what it reveals about formalism in high-value negotiations.Tue, 25 Nov 2025 00:00:00 GMTCommentaryTruth can change, history can’t: the legal story behind a 17-Year-old F1 scandalhttps://ivetayuskeselieva.com/articles/truth-can-change-history-cant-the-legal-story-behind-a-17-year-old-f1-scandal/https://ivetayuskeselieva.com/articles/truth-can-change-history-cant-the-legal-story-behind-a-17-year-old-f1-scandal/How long can a legal claim remain alive when key facts were hidden for years? A 17-year-old Formula One dispute now puts that question before the court. I explored the legal implications of the High Court’s Massa v Formula One Management & FIA judgment, what it means for limitation law in the UK, and why the court drew a firm line on altering sporting outcomes.Tue, 25 Nov 2025 00:00:00 GMTCommentaryThe EU AI Act’s operator model: what every company needs to know before deploying AIhttps://ivetayuskeselieva.com/articles/the-eu-ai-acts-operator-model-what-every-company-needs-to-know-before-deploying-ai/https://ivetayuskeselieva.com/articles/the-eu-ai-acts-operator-model-what-every-company-needs-to-know-before-deploying-ai/When does a company stop being a “user” of AI, and becomes its legal provider? Under the EU AI Act, the answer depends entirely on what you do with a system, not who built it. In my latest analysis, I break down the EU AI Act’s operator model — and why organisations may acquire provider status far more easily than they expect. From rebranding and substantial modification to fine-tuning and internal deployment, the Act assigns responsibility based on factual conduct, not contractual labels or technical authorship. If your company integrates, adapts, or modifies AI systems — especially in high-risk environments — these mechanisms determine your compliance burden.Fri, 21 Nov 2025 00:00:00 GMTCybersecurity & ComplianceCan copyright survive AI? The legal storm that’s changing everythinghttps://ivetayuskeselieva.com/articles/can-copyright-survive-ai-the-legal-storm-thats-changing-everything/https://ivetayuskeselieva.com/articles/can-copyright-survive-ai-the-legal-storm-thats-changing-everything/Explore how generative AI is challenging global copyright law. Discover key rulings in the US, China, UK, and EU shaping the future of creative industries.Wed, 19 Mar 2025 00:00:00 GMTAI