Month: October 2025

New EU and UK Data Security Laws

Below is a summary of the following data security laws, the EU Network and Information Systems Directive 2, the EU Digital Operational Resilience Act, the EU Cyber Resilience Act, the EU Critical Entities Resilience Directive and the UK Product Security and Telecommunications Infrastructure Act that will impact SaaS suppliers and SaaS customers in 2025. Some of these laws apply extra-territorially, meaning the laws apply even when a SaaS supplier is not located in the UK or the EU (respectively).

It is important to be aware of these new laws in order to assess whether or not they apply to your particular SaaS business, products and services.

Continue reading

SaaS Agreements – New EU and UK Data Laws

Below is a summary of the EU Artificial Intelligence Act, the EU Data Act and the UK Data Use and Access Act that will impact SaaS suppliers and SaaS customers in 2025. These laws will apply extra-territorially, meaning the laws apply even when a SaaS supplier is not located in the UK or the EU (respectively). It is important to be aware of these new laws in order to assess whether or not they apply to your particular SaaS business, products and services. The EU AI Act applies to AI systems and AI models and categorises AI systems into different risk categories.

Continue reading