Commercially Connected Shorts


Team Kompetenzen Services Bank- und Finanzrecht Bank- und Finanzrecht Asset Finance Kapitalmarktrecht Unternehmensfinanzierung Leveraged Finance Projekt-, Energie- und Infrastrukturfinanzierung Immobilienfinanzierung Restrukturierung und Insolvenz Competition, Trade and Foreign Investment Competition, Trade and Foreign Investment Antitrust and Competition Investigations Wirtschaftsrechtliche Streitigkeiten Dawn Raids Foreign Investment and National Security Law Sanktionen und Exportkontrolle International Trade Law Merger Control Procurement and State Aid Baurecht und Architekten-/Ingenieurrecht Baurecht und Architekten-/Ingenieurrecht Baurecht und Architekten-/Ingenieurrecht Vertragsrecht und Vergaberecht Schlüsselfertigverträge (EPC) Juristische Projektbegleitung in der Ausführungsphase Gesellschaftsrecht und M&A Gesellschaftsrecht und M&A Kapitalmarktrecht Corporate Governance Internationale Corporate Reorganisationen Joint Ventures Mergers & Acquisitions Private Equity Venture Capital Wirtschaftsstrafrecht und interne Ermittlungen Wirtschaftsstrafrecht und interne Ermittlungen Anti-Korruption Geldwäsche Sanktionen und Exportkontrolle Behördliche Untersuchungen Data Privacy, Security und Technology Data Privacy, Security und Technology Cybersecurity Data Privacy Disruptive Technologien E- und M-Commerce Information Law Product Counseling Vertretung gegenüber Aufsichtsbehörden und Prozessführung Technologie-Transaktionen und Outsourcing Telekommunikationsrecht Arbeitsrecht und betriebliche Altersversorgung Arbeitsrecht und betriebliche Altersversorgung Transaktionsarbeitsrecht Grenzüberschreitendes Arbeitsrecht und betriebliche Altersversorgung Diversity, Gleichbehandlung und Diskriminierung Vergütungs- und Anreizsysteme Arbeitsrecht Arbeitsrechtliche Streitigkeiten Global Mobility and Immigration Kollektives Arbeitsrecht Betriebliche Altersversorgung Risikomanagement der betrieblichen Altersversorgung Financial Services Regulation Financial Services Regulation Asset Management Crypto Assets Derivatives Streitigkeiten und Ermittlungen im Finanzdienstleistungssektor Funds Versicherungsrecht Versicherungsrecht Versicherungs- und rückversicherungsrechtliche Streitigkeiten Versicherungs- und Pensionsprodukte, Versicherungsvertrieb Versicherungsfinanzierung und Kapitalmärkte Insurance M&A, Rückversicherung & Restrukturierung Versicherungsaufsichtsrecht und Compliance Versicherungsaufsichtsrechtliche und regulatorische Untersuchungen und Verfahren Versicherungsbesteuerung InsurTech Risikomanagement der betrieblichen Altersversorgung Intellectual Property Intellectual Property IP-Audits IP-Streitigkeiten IP-Transaktionen Patente Marken-, Musterschutz-, Design- und Urheberrecht Geschäftsgeheimnisse Streitbeilegung Streitbeilegung Massenverfahren und Sammelklagen Wirtschaftsrechtliche Streitigkeiten Baurecht und Architekten-/Ingenieurrecht Energy Disputes Environmental, Health and Safety Streitigkeiten und Ermittlungen im Finanzdienstleistungssektor Betrug Versicherungs- und rückversicherungsrechtliche Streitigkeiten International Arbitration Vergaberechtsstreitigkeiten Real Estate Disputes Behördliche Untersuchungen Steuerstreitverfahren & Betriebsprüfung Real Estate and Planning Real Estate and Planning Commercial Development and Leasing Corporate Real Estate Planning and Environmental Real Estate Disputes Immobilienfinanzierung Living Strategische Verträge Strategische Verträge Vertragsmodernisierung Outsourcing Strategische Partnerschaften Steuerrecht Steuerrecht Unternehmenskauf und Restrukturierung Unternehmenssteuer Vergütungs- und Anreizsysteme Immobiliensteuerrecht Finanztransaktionen und -institutionen Steuerstreitverfahren & Betriebsprüfung $name Umsatzsteuer und indirekte Steuern Industries Konsumgüter Konsumgüter Lebensmittel und Getränke Luxury Handel und Freizeit Energiewirtschaft Energiewirtschaft Erneuerbare Energien und Nachhaltigkeit Energieregulierung Hydrogen Financial Services Financial Services Firmenkundengeschäft und Investmentbankingrecht Private Equity Governments und Infrastruktur Industrials Industrials Luft- und Raumfahrt, Sicherheit und Verteidigung Automobilindustrie Chemie Maschinenbau und produzierende Industrie Life Sciences und Healthcare Life Sciences und Healthcare Landwirtschaft, Medizinisches Cannabis und CBD Healthcare Industrielle Biotechnologie Medizinprodukte Pharma und Biotechnologie Forschung und Entwicklung Vaccines Immobilienwirtschaft Immobilienwirtschaft Alternative Assets Ein- und Mehrfamilienhäuser Büro- und Industrieimmobilien Real Estate Investment Retail und Mixed-Use-Immobilien Transport Related Real Estate Technologie, Medien und Telekommunikation Technologie, Medien und Telekommunikation Medien Rechenzentren Technologie Ressourcen Publikationen Client tools Events und Trainings Business topics Über uns Über uns Firm leadership Ziele und Werte Verantwortungsvolles Handeln Gemeinwohl Diversity & Inclusion Ökologische Nachhaltigkeit Pro Bono Pro Bono Alumni News Karriere Karriere Stellenangebote Was uns auszeichnet Anwältinnen und Partnerinnen Business Professionals Studentinnen und Absolventinnen Legal Talents Studium Wissenschaftliche Mitarbeit & Referendariat FAQ Standorte Deutschland Globale Website besuchen Wählen Sie eine lokale Version der Website Angola Asien Belgien Bulgaria Deutschland Estland Finnland Frankreich Irak Irland Italien Jordanien Katar Lettland Litauen Luxemburg Mauritius Mozambique Niederlande Österreich Polen Portugal Rumänien Saudi-Arabien Schweden Schweiz Slowakei Spanien Südafrika Tschechische Republik Tunesien Ungarn Vereinigte Arabische Emirate Vereinigte Staaten von Amerika Vereinigtes Königreich Weltweit Weitere Länder de Menü English Commercially Connected Shorts - 15 April 2026 Startseite Ressourcen Publikationen Startseite Ressourcen Publikationen Commercially Connected Shorts - 15 April 2026 Commercially Connected Shorts - 15 April 2026 15. April 2026 ÖsterreichBelgienBulgariaTschechische RepublikEstlandFinnlandFrankreichDeutschlandUngarnIrlandItalienLettlandLitauenLuxemburgNiederlandePolenPortugalRumänienSlowakeiSpanienSchwedenVereinigtes Königreich ÖsterreichBelgienBulgariaTschechische RepublikEstlandFinnlandFrankreichDeutschlandUngarnIrlandItalienLettlandLitauenLuxemburgNiederlandePolenPortugalRumänienSlowakeiSpanienSchwedenVereinigtes Königreich Österreich Welcome to Commercially Connected shorts, our weekly bitesize newsletter summarising the latest updates in UK and EU commercial law. This week we look at: Cyber - improving the security of internet connected devices within businesses Tech - have your say on EU digital wallet certification scheme AI - how will the UK approach agentic AI? EU – round up of regulatory developments in the EU Improving the security of internet connected devices within businesses On 8 April 2026, the Government published the outcome of its call for evidence on improving enterprise connected device security. Enterprise connected devices are internet connected devices that are used by businesses and other organisations, such as printers, video conferencing systems and VoIP phones. The concern is that if these devices have security vulnerabilities they can be used to facilitate a hostile attack on the organisation’s IT systems. The original call focused on proposals for a voluntary code of practice to aid the design and creation of secure enterprise connected devices. Proposed additional interventions included a voluntary pledge to comply with the Code of Practice, creating a new international standard, and/or legislation (possibly expanding the scope of the Product Security and Telecoms Infrastructure Act 2022 to cover enterprise devices). Following review of the feedback, the Government’s next steps include: manufacturers are encouraged to follow the device security principles outlined on the National Cyber Security Centre (NCSC) website, ensuring their products are designed with security in mind a plan to evaluate whether efforts should extend beyond enterprise-connected devices as part of the continuous review of technology security an aim to finalise the security principles and integrate them into a broader set of secure-by-design practice codes for technology, while considering the possibility of a certification scheme for manufacturers exploring options for regulatory measures, including assurance or enforcement mechanisms (in response to feedback that voluntary adoption may not be strong enough) The government sees the technology companies that manufacture and supply these products as crucial for the UK's growth and innovation. Building security into designs will lessen supply chain risks and shift responsibility away from end users, helping create a safer and stronger digital technology environment. Have your say on EU digital wallet certification scheme On 3 April 2026, the EU agency for cybersecurity (ENISA) launched a consultation on its EU digital wallet certification scheme. Digital wallets play an essential role in providing smooth and secure identification, whether online or in person. They help protect users' privacy and personal information. A certification scheme will make sure every wallet meets strict security standards (something which has been lacking). ENISA have been tasked with supporting the certification process for European Digital Identity (EUDI) Wallets. This includes developing a proposed European cybersecurity certification scheme in line with the requirements of the Cybersecurity Act. By the end of 2026, each Member State must offer at least one certified EU Digital Identity Wallet. The consultation is open until the end of April and seeks input on the draft scheme, its design and the security requirements before finalisation. Thoughts on the content of accompanying guidance are also welcomed to aid implementation. If your organisation plans to serve as or work with wallet providers, responding to this call can help shape risk allocation, certification costs, and contractual assurances around security, liability and compliance. It is hoped the new certification system will provide a unified cybersecurity framework, helping manufacturers comply, increasing transparency, and supporting secure digital products and services. How will the UK approach agentic AI? On 31 March 2026, the Digital Regulation Cooperation Forum (DRCF) published a foresight paper on the Future of Agentic AI. The DRCF is comprised of the UK regulators: the Competition and Markets Authority (CMA), Financial Conduct Authority (FCA), Information Commissioner’s Office (ICO), and Ofcom. In their review of Agentic AI they outline possible future trends and initial cross-regulatory insights in governance, data protection and cybersecurity, consumer rights, and market competition. There is a clear message from the regulators that existing frameworks and regulatory principles will adapt to technological developments and they will continue to monitor progress and work together to ensure a joined up approach for the UK. Expect the following from the regulators in the coming year: CMA - intends to build on its agentic AI work and continue to provide practical support and guidance for businesses interested in these technologies, including through domestic and international collaboration FCA – from encouraging testing environments with the Supercharged Sandbox and a showcase event in January, the FCA will release an AI Live Testing evaluation report by Q1 2027. Work continues alongside the Bank of England to examine AI use, risks, and opportunities in UK financial services for safe adoption. The upcoming Mills Review will examine how advanced AI could transform retail financial services by 2030 and its implications for consumers, firms, and FCA regulation ICO - on 31 March 2026 the ICO launched a consultation on its draft guidance on automated decision-making (ADM), including profiling, which it has updated to reflect changes to the UK GDPR made by the Data (Use and Access) Act 2025. The ICO is also drafting a statutory code on AI and ADM that affects Agentic AI, alongside ongoing projects outlined in its AI and biometrics strategy Ofcom – the 2026/2027 edition of Ofcom’s approach to AI is expected this year. Work will continue on reviewing agentic AI through the Online Safety Act lens and looking at agentic AI adoption in the telecoms markets and the impact on businesses and consumers EU legislation round up – our monthly update Our monthly EU Legislation Roundup highlights regulatory developments with board-level impact, from tighter green claims rules and AI governance to trade, sustainability reporting and industrial policy. With new deadlines and shifting frameworks across consumer, technology, energy and supply chains, businesses should reassess compliance priorities, timing and business impact across their EU operations. Der Inhalt der Website dient ausschließlich allgemeinen Informationszwecken und kann die rechtliche Beratung im Einzelfall nicht ersetzen. Obwohl die Website mit angemessener Sorgfalt ausgearbeitet wurde, spiegeln die Inhalte möglicherweise nicht die aktuellen rechtlichen Entwicklungen wider. Daher übernimmt Eversheds Sutherland keine Haftung für die Richtigkeit und Aktualität der Informationen. Den vollständigen Haftungsausschuss finden Sie in unseren „Geschäftsbedingungen“ oder in „Rechtliche Hinweise“ in der Fußzeile. Insights series Commercially Connected Services Cybersecurity Strategische Verträge Sektor Technologie Thema Artificial Intelligence Navigating EU Law Ansprechpartner Sara C. Ellis Professional Support Lawyer Birmingham, Vereinigtes Königreich Angela Kindness Principal Associate Nottingham, Vereinigtes Königreich Publikationen legal updates Consumer Lens - Session 1 \| The Rise of European Class Actions podcasts and webcasts Tax NOLs in Cross-Border Structures Webinar legal updates EU Pay Transparency Directive legal updates Betriebliche Altersversorgung: Wo steht das Sozialpartnermodell aktuell? News client news Next stop, public ownership: Eversheds Sutherland advises DfT on GTR transition kanzlei-news Eversheds Sutherland strengthens restructuring offering with senior partner appointment kanzlei-news Eversheds Sutherland strengthens Commercial Advisory practice with technology partner hire client news Eversheds Sutherland advises Schroders Greencoat on acquisition of Dutch biomethane platform Events und Trainings virtual \| June 02, 2026 Spanish employment law training virtual \| June 09, 2026 UK employment law training virtual \| June 16, 2026 Nordic (Denmark, Finland, Norway and Sweden) employment law training virtual \| June 23, 2026 Introduction to Swiss employment law Tabs Label legal updates 29. Mai 2026 Consumer Lens - Session 1 \| The Rise of European Class Actions podcasts and webcasts 29. Mai 2026 Tax NOLs in Cross-Border Structures Webinar legal updates 28. Mai 2026 EU Pay Transparency Directive legal updates 28. Mai 2026 Betriebliche Altersversorgung: Wo steht das Sozialpartnermodell aktuell? Rechtliche Hinweise Nutzungsbedingungen Datenschutz Cookie-Richtlinie Whistleblowing Impressum Liste der Partner ES(I) LLP Members LinkedIn YouTube Connect Kontakt Client Login Team Login Newsletter abonnieren Über uns Über uns Unternehmenswerte- und Ziele Responsible Business (CSR) Alumni Insights oder Publikationen Client-Tools Events und Trainings Business Topics Karriere Sitemap Standorte © Eversheds Sutherland 2026. All rights reserved. Eversheds Sutherland is a provider of legal and other services operating through various separate and distinct legal entities. For further information about these entities and Eversheds Sutherlands' structure please see the Legal Notice page of this website. Eversheds Sutherland (Germany) Rechtsanwälte Steuerberater Solicitors Partnerschaft mbB ist eine Partnerschaftsgesellschaft mit beschränkter Berufshaftung nach deutschem Recht mit Sitz in München, eingetragen im Partnerschaftsregister des Amtsgerichts München unter PR 1947, geschäftsansässig Brienner Straße 12, 80333 München, Deutschland. Eversheds Sutherland (Germany) Rechtsanwälte Steuerberater Solicitors Partnerschaft mbB ist Teil einer globalen Rechtsberatungspraxis, deren Mitglieder gesonderte und rechtlich eigenständige Einheiten sind, die unter dem Namen Eversheds Sutherland tätig sind und Rechtsberatungs- und andere Dienstleistungen an Mandanten in der ganzen Welt erbringen. Jede Eversheds Sutherland-Kanzlei ist eine rechtlich getrennte Einheit, die nicht für die Handlungen oder Unterlassungen anderer Eversheds Sutherland-Kanzleien haftet und diese nicht rechtlich binden oder verpflichten kann. Die Eversheds Sutherland-Kanzleien sind gemäß den jeweiligen örtlichen regulatorischen und rechtlichen Vorschriften organisierte und regulierte Kanzleien, die unter ihren jeweils vor Ort eingetragenen Namen geschäftstätig sind. Der Name Eversheds Sutherland dient nur als Bezeichnung und impliziert nicht, dass die Eversheds Sutherland-Kanzleien eine Partnerschaft bilden oder Teil einer globalen LLP sind. Die Verantwortung für die Erbringung der Dienstleistungen an Mandanten ist in der zwischen der jeweils beauftragten Kanzlei und dem Mandanten abgeschlossenen Mandatsvereinbarung geregelt.

Welcome to Commercially Connected shorts, our weekly bitesize newsletter summarising the latest updates in UK and EU commercial law.

This week we look at:

Cyber - improving the security of internet connected devices within businesses
Tech - have your say on EU digital wallet certification scheme
AI - how will the UK approach agentic AI?
EU – round up of regulatory developments in the EU

Improving the security of internet connected devices within businesses

On 8 April 2026, the Government published the outcome of its call for evidence on improving enterprise connected device security.

Enterprise connected devices are internet connected devices that are used by businesses and other organisations, such as printers, video conferencing systems and VoIP phones. The concern is that if these devices have security vulnerabilities they can be used to facilitate a hostile attack on the organisation’s IT systems.

The original call focused on proposals for a voluntary code of practice to aid the design and creation of secure enterprise connected devices. Proposed additional interventions included a voluntary pledge to comply with the Code of Practice, creating a new international standard, and/or legislation (possibly expanding the scope of the Product Security and Telecoms Infrastructure Act 2022 to cover enterprise devices).

Following review of the feedback, the Government’s next steps include:

manufacturers are encouraged to follow the device security principles outlined on the National Cyber Security Centre (NCSC) website, ensuring their products are designed with security in mind
a plan to evaluate whether efforts should extend beyond enterprise-connected devices as part of the continuous review of technology security
an aim to finalise the security principles and integrate them into a broader set of secure-by-design practice codes for technology, while considering the possibility of a certification scheme for manufacturers
exploring options for regulatory measures, including assurance or enforcement mechanisms (in response to feedback that voluntary adoption may not be strong enough)

The government sees the technology companies that manufacture and supply these products as crucial for the UK's growth and innovation. Building security into designs will lessen supply chain risks and shift responsibility away from end users, helping create a safer and stronger digital technology environment.

Have your say on EU digital wallet certification scheme

On 3 April 2026, the EU agency for cybersecurity (ENISA) launched a consultation on its EU digital wallet certification scheme.

Digital wallets play an essential role in providing smooth and secure identification, whether online or in person. They help protect users' privacy and personal information. A certification scheme will make sure every wallet meets strict security standards (something which has been lacking).

ENISA have been tasked with supporting the certification process for European Digital Identity (EUDI) Wallets. This includes developing a proposed European cybersecurity certification scheme in line with the requirements of the Cybersecurity Act. By the end of 2026, each Member State must offer at least one certified EU Digital Identity Wallet.

The consultation is open until the end of April and seeks input on the draft scheme, its design and the security requirements before finalisation. Thoughts on the content of accompanying guidance are also welcomed to aid implementation. If your organisation plans to serve as or work with wallet providers, responding to this call can help shape risk allocation, certification costs, and contractual assurances around security, liability and compliance.

It is hoped the new certification system will provide a unified cybersecurity framework, helping manufacturers comply, increasing transparency, and supporting secure digital products and services.

How will the UK approach agentic AI?

On 31 March 2026, the Digital Regulation Cooperation Forum (DRCF) published a foresight paper on the Future of Agentic AI.

The DRCF is comprised of the UK regulators: the Competition and Markets Authority (CMA), Financial Conduct Authority (FCA), Information Commissioner’s Office (ICO), and Ofcom. In their review of Agentic AI they outline possible future trends and initial cross-regulatory insights in governance, data protection and cybersecurity, consumer rights, and market competition. There is a clear message from the regulators that existing frameworks and regulatory principles will adapt to technological developments and they will continue to monitor progress and work together to ensure a joined up approach for the UK. Expect the following from the regulators in the coming year:

CMA - intends to build on its agentic AI work and continue to provide practical support and guidance for businesses interested in these technologies, including through domestic and international collaboration

FCA – from encouraging testing environments with the Supercharged Sandbox and a showcase event in January, the FCA will release an AI Live Testing evaluation report by Q1 2027. Work continues alongside the Bank of England to examine AI use, risks, and opportunities in UK financial services for safe adoption. The upcoming Mills Review will examine how advanced AI could transform retail financial services by 2030 and its implications for consumers, firms, and FCA regulation

ICO - on 31 March 2026 the ICO launched a consultation on its draft guidance on automated decision-making (ADM), including profiling, which it has updated to reflect changes to the UK GDPR made by the Data (Use and Access) Act 2025. The ICO is also drafting a statutory code on AI and ADM that affects Agentic AI, alongside ongoing projects outlined in its AI and biometrics strategy

Ofcom – the 2026/2027 edition of Ofcom’s approach to AI is expected this year. Work will continue on reviewing agentic AI through the Online Safety Act lens and looking at agentic AI adoption in the telecoms markets and the impact on businesses and consumers

EU legislation round up – our monthly update

Our monthly EU Legislation Roundup highlights regulatory developments with board-level impact, from tighter green claims rules and AI governance to trade, sustainability reporting and industrial policy.

With new deadlines and shifting frameworks across consumer, technology, energy and supply chains, businesses should reassess compliance priorities, timing and business impact across their EU operations.

Der Inhalt der Website dient ausschließlich allgemeinen Informationszwecken und kann die rechtliche Beratung im Einzelfall nicht ersetzen. Obwohl die Website mit angemessener Sorgfalt ausgearbeitet wurde, spiegeln die Inhalte möglicherweise nicht die aktuellen rechtlichen Entwicklungen wider. Daher übernimmt Eversheds Sutherland keine Haftung für die Richtigkeit und Aktualität der Informationen. Den vollständigen Haftungsausschuss finden Sie in unseren „Geschäftsbedingungen“ oder in „Rechtliche Hinweise“ in der Fußzeile.