There’s a number of standard SaaS and cloud agreements circulating in the market which, from a buyer’s perspective, make no sense: remedies which date from 80s shrink-wrap licensing, weak handling of P1s and P2s, infosec provisions which put a controller straight into breach of the GDPR, and audit provisions which don’t comply either with GDPR or the FCA’s requirements. From the seller’s perspective, the aim should be frictionless selling.  Knowing what’s likely to be acceptable by the buyer, but still giving you the rights and protections you need, is key. The best lawyers are the ones that have worked both sides of the fence: they can get you where you need to be faster and at less cost.

Data might be the new oil, but it’s still important to get the legal structures right: intellectual property rights are still lagging behind the digital age.  Making sure you own it is a good start (assuming it’s ownable: if not, other approaches are available to a smart operator).  After that, it’s a question of how to most intelligently exploit every piece of the cow.  The Internet of Things is going to lead to another surge in data being produced: forget light switches, toasters and washing machines, electric cars will produce 25GB of data for every hour on the road.  Combine that with the GDPR and increasingly activist data protection authorities (see the CNIL in France), not to mention the growth of class actions, and the smart acquisition and use of data will pay dividends.  We know this stuff backwards.  See our sister business www.thisisdpo.co.uk.

Bitcoin, ICOs and other froth haven’t helped the cause of DLTs, but JP Morgan’s use of JPM Coin has given legitimacy to the use of DLTs in permissioned scenarios, even if for most use cases standard technology might a better way to go.  (Ok, it’s not immutable, but how often in business is immutability an advantage?).  Despite the hype around decentralisation and decentralised autonomous organisations, most business implementations of distributed ledgers are going to need some kind of member governance, which in turns means rules (ie. contracts) to make them work.  In relation to smart contracts, recent work on derivative contracts is highlighting that large parts of a derivative contract cannot easily be reduced to code (what’s the code equivalent of force majeure?).

A lot of recent Fintech activity has been in the payments space, with companies like Revolut and Klarna setting the bar on a frictionless consumer experience, and companies like Ripple rebuilding the cross-border infrastructure so as to eliminate the correspondent bank layer.  The number of new entrants to this market will result in the commoditisation of much of it (payment as a service, and remittance as a service, are already emerging) and ownership of the end customer becoming increasingly key (like the last mile of the landline age).  A lot of new contracts are being drawn up in this space with the most advantageous positions going to those whose lawyers really understand the sector and, most importantly, how the money moves.

Compared to payments, digital lending solutions have received less media attention, but Fintech is happening here too.  Tech enabled origination is drastically increasing the speed, and lowering the cost, of origination for consumers and SMEs, with banking APIs allowing lenders to radically simplify the underwriting process. Most of the change has been on the front end, with securitisation being mainly unaffected.  Signs of change are in the air though: alternatives to traditional securitisation are starting.

Robotics is becoming increasingly embedded, and AI is now kicking off. Google’s use of AI within its own business is already a few years past the hockey-stick curve.  Questions about legal personality are still miles away, and more practical questions are pressing.  Is the licensing structure right for my business?  How do I get access to big enough data sets for my machine to learn on? How can I show that the algorithm my AI has developed is not discriminatory?  There are important strategic questions here, both sale-side and buy-side, and you need lawyers on your side that can handle them.

The arrival of RPA is going to make the (already diminishing) price advantage of offshore location irrelevant, but outsourcing will still have its place.  It allows companies to focus on their core areas and reduces the operational bandwidth CXOs need to worry about.  But good contracts are critical, particularly on the buy-side: too many companies are hobbled by poorly thought out contracts which don’t give them what they need, but don’t let them walk away either.  For suppliers, having systems and processes in place to make sure that the margin is maintained is key: the alternative (and the reality for many suppliers) is leaving substantial amounts of money on the table.