A growing company

For many UK businesses, the move from start-up to steady-state operation is accompanied by a corresponding increase in legal complexity. The team is larger, the contracts are larger, and the data being processed is more sensitive than it was at the time of incorporation. For many such businesses, the next significant milestone is external investment, refinancing or a sale.

Increased scrutiny

At that point, the legal foundations of the business will be subjected to detailed scrutiny. Investors and acquirers routinely discount valuations when contracts, policies and compliance documents are not in place, and gaps identified in due diligence are rarely recovered in the negotiated price.

Legal foundations

Even before that stage is reached, well-maintained legal foundations enable a growing business to move at pace: signing new customers, onboarding new suppliers, and adopting new technologies, with the relevant risks identified, recorded, and managed in advance using an agreed process, helping you manage your unknowns.

Health check

Ten areas we routinely identify gaps are set out below. Each can be reviewed quickly, and most can be addressed most quickly and easily where issues are identified at an early stage.

Generative AI tools have moved from novelty to default in the space of two years. Your teams already use them to summarise documents, draft emails, write code and analyse client data — usually before anyone at board level has agreed how they may. The question for the board is not whether AI is being used in your business; it is whether that use is quietly building an unbudgeted liability on the balance sheet, in the form of regulatory fines, indemnity payouts, lost legal privilege and intellectual property that turns out not to be yours.

The questions we are most often asked are not theoretical. They tend to follow something that has already happened — a confidentiality slip, a query from a regulator, a contract dispute. By then the cost has crystallised. The points below are the ones every UK business — not only those that consider themselves “AI businesses” — ought to be addressing now.

The UK adopts the EU-US Data Privacy Framework

Retained E.U. Law after Brexit

As the first sunset date of 31 December 2023 approaches, will thousands of regulations be repealed or amended over the next year?

The Online Safety Bill is in danger of being a victim of the ongoing debate between the rights of free speech vs protection

Data transfers to the U.S. - Update October 2022

Tinkering is such fun!

New legislation announced.

What should you do to achieve U.K./E.E.A. compliance?

People should never be exploited for the goods that we buy.

What should you do to prepare?

GDPR. How Many Holes?