The new Labour Government announced the agenda for the next five years or so in the King’s Speech on 17th July 2024.
What is this likely to mean for compliance?
Introduction
Labour has a majority not seen since the days of Sir Tony Blair. The Labour manifesto on which it stood for election was 135 pages. The King’s Speech is considerably shorter but neither will tell the whole story for what’s ahead. The speech introduced some key new pieces of legislation but (as can be expected 12 days into a new administration) we’re still short on detail. Clearly there will be work to be done in setting out the agenda for the next 5 years but, with the usual qualifications on these being predictions and not fact here’s some thoughts:
Bribery & corruption
The last Labour Government saw the passing of the Bribery Act 2010 as one of the key components of its time in office when it was last in power. But it didn’t have time to enforce the Act as the Act was effectively passed in the last days of Gordon Brown’s administration. It has the opportunity now to enforce an anti-corruption agenda.
Sir Keir was formerly head of the Crown Prosecution Service (CPS) and knows the criminal justice system well. At the same time Labour has promised to look at corrupt contracts from the last administration, notably in PPE procurement during the pandemic. They inherit a new Director of the SFO who’s only been in office since September 2023 and he seems keen on change too with new investigations including dawn raids.
In addition Labour proposed a new COVID Corruption Commissioner specifically tasked with looking into £7.2bn of contracts which have caused concern. The new administration has a chance to increase anti-corruption enforcement and show change from what was perceived to be a more lax enforcement regime during Boris Johnson’s time in office.
AI
The new Government will also look again at AI enforcement. The King’s Speech mentioned this as an area of activity saying that the Government “will seek to establish the appropriate legislation to place requirements on those working to develop the most powerful artificial intelligence models.” Whilst the EU AI Act seeks to regulate AI through a new legal regime, the last UK Government favoured self-regulation. That will now change.
Labour plans to set up a new Regulatory Innovation Office which will look at the challenges of AI and support existing regulators including the Information Commissioner’s Office and the Competition and Markets Authority in using their existing powers to regulate AI. We don’t yet know the shape of the new AI law (and no draft Bill was referred to in the speech) but this could be a simplified version of the EU AI Act.
The fact that there was no draft Bill suggests that the Government want to put a bit more thought into the legislation it will bring forward. There are however likely to be new AI requirements in other new legislation. For example, AI is mentioned in the Product Safety and Metrology Bill published at the same time as the King’s Speech. The summary of the bill available so far says it will “support growth, provide regulatory stability and deliver more protection for consumers by responding to new product risks and opportunities to enable the UK to keep pace with technological advances, such as AI.” Handling AI in terms of product safety aligns with aspects the approach of the EU AI Act.
With a decent majority and a favourable legislative timetable it may even be possible for specific new UK legislation to come into force by at the same time as the main parts of the new EU legislation in 2026.
Labour also plans to set up a National Data Library which can be used to support AI applications given the issues which exist with training data currently. The model could be the new Rail Data Marketplace set up under the last administration.
Data protection
The proposed Data Protection & Digital Information Bill did not survive the wash-up process at the end of the outgoing Parliament. Labour’s first King’s Speech presented the Digital Information and Smart Data Bill, which does revive some of the less controversial provisions from the rejected Bill. Based on the briefing notes so far, this Digital information and Smart Data Bill seeks to promote innovation in data and ID technologies and improve economic growth by ”giving a statutory footing to three innovative uses of data”, which includes Digital Verification Services, a National Underground Asset Register, and Smart Data schemes. Further, this Bill intends to strengthen the ICO by giving it more powers and changing its regulatory structure.
This data regime is also meant to help scientific researchers make better use of data. As the full text of the Bill is not yet available and many details are not yet specified, it may be worth noting that the new administration is also likely to be more cautious about jeopardizing the UK’s EU adequacy status in making changes to UK data protection law.
Data security
Another technology focused Bill proposed is the Cyber Security and Resilience Bill. The King’s Speech highlighted the increasing attacks by cyber criminals on public services and democratic institutions. Overall, this Bill aims expand the remit of regulations to protect digital services, providing more resources and investigatory powers to regulators and mandating increased incident reporting.
The new Prime Minister Keir Starmer will also be chairing the fourth European Political Community (EPC) Summit on 18 July, at Blenheim Palace. One of main topics for roundtable discussion this year will be security and democracy. Last year, the Sunak Conservative government published a joint statement with France stating that the EPC should play a key role in promoting a collective approach in vital fields such as cybersecurity.
Corporate Governance
The new Government has said that it plans to make changes to corporate governance rules in the UK. The speech says “Bills will be brought forward to strengthen audit and corporate governance, alongside pension investment.” There will also be a new Draft Audit Reform and Corporate Governance Bill and a new Pension Schemes Bill. The draft Audit Reform and Corporate Governance Bill intends replace the Financial Reporting Council with a new financial reporting regulator called the Audit, Reporting & Governance Authority and overall seeks to bring upon more rigorous scrutiny of large companies. This new body will have powers to investigate and sanction company directors for serious financial reporting and audit failures.
Justice
Labour has made commitments to tackle crime, policing and the court backlog. They have also made commitments to fix the prison system. If they can pull this off this may free up resources for more white collar investigations including in bribery as we’ve mentioned above and enforcing recently enacted anti-fraud legislation.
Public sector
Those dealing with the public sector can expect changes here too. The King’s Speech confirmed Labour’s plans to introduce a new so-called ‘Hillsborough Law’ with a new duty of candour for public servants. In addition, whilst not a manifesto commitment, there may be an extension of the Freedom of Information (FOI) regime to those in the private sector undertaking work for the public sector.
Trade & customs
The Labour party has a manifesto commitment to review trade barriers. This could lead to closer alignment with the EU. Whilst there is again no detail as yet the King’s speech did highlight how this Government will seek to improve the UK’s trade and investment relationship with the EU.
Members of Sir Keir’s cabinet have also previously favoured using exiting legislation to look more closely at the origin of goods, notably goods made in alleged slavery conditions in the Xinjiang Uygur Autonomous Region (XUAR). Tougher action on XUAR may also be politically expedient for a Labour Government wishing to learn lessons from a perceived lack of support for Muslim interests in some constituencies.
Working practices
Labour is likely to want to review the existing employment law regime in its first 100 days. This could include a right to disconnect but this is unlikely to be as hard and fast as the laws enacted and proposed in some parts of Europe. Sir Keir is known to be keen on work-life balance so expect some sort of proposals encouraging employers and employees to agree on working hours, prohibitions on emails at weekends for those not scheduled to work etc. The King’s Speech confirmed this direction as he confirmed the new Government’s commitment to introduce a new deal for working people to ban exploitative practices and enhance employment rights via the Employment Rights Bill.
Boat manufacture etc.
This is a bit of a niche change but the Government wants to put in work to tackle the so-called “Small Boats” issue. The last Government’s doomed Rwanda plan has finally been put to bed but we are likely to see new measures on assisting people smuggling etc. which may introduce new liabilities on those selling goods or services which can assist those engaged in criminal activity. Anyone engaged in manufacturing or selling small boats, marine engines etc may want to look at their distribution chains and be aware of possible changes in this area.
Other resources
We’ve a number of podcasts and films on the likely agenda for the new Government on our website including:
- A film with ISMG on the technology aspects.
- A podcast with Tom Fox on the wider compliance issues including bribery & corruption here
- A podcast with Fordham Law School on some of the likely AI changes & other AI-related topics
Speak with a compliance lawyer
If you wish to discuss compliance matters for your business following the GE, Contact Us.
You can learn more about our services at Governance & Compliance.
Jonathan Armstrong
Partner
Jonathan is an experienced lawyer based in London with a concentration on compliance & technology. He is also a Professor at Fordham Law School teaching a new post-graduate course on international compliance.
Jonathan’s professional practice includes advising multinational companies on risk and compliance across Europe. Jonathan gives legal and compliance advice to household name corporations on:
- Prevention (e.g. putting in place policies and procedures);
- Training (including state of the art video learning); and
- Cure (such as internal investigations and dealing with regulatory authorities).
Jonathan has handled legal matters in more than 60 countries covering a wide range of compliance issues. He made one of the first GDPR data breach reports on behalf of a lawyer who had compromised sensitive personal data and he has been particularly active in advising clients on their response to GDPR. He has conducted a wide range of investigations of various shapes and sizes (some as a result of whistleblowers), worked on data breaches (including major ransomware attacks), a request to appear before a UK Parliamentary enquiry, UK Bribery Act 2010, slavery, ESG & supply chain issues, helped businesses move sales online or enter new markets and managed ethics & compliance code implementation. Clients include Fortune 250 organisations & household names in manufacturing, technology, healthcare, luxury goods, automotive, construction & financial services. Jonathan is also regarded as an acknowledged expert in AI and he currently serves on the New York State Bar Association’s AI Task Force looking at the impact of AI on law and regulation. Jonathan also sits on the Law Society AI Group.
Jonathan is a co-author of LexisNexis’ definitive work on technology law, “Managing Risk: Technology & Communications”. He is a frequent broadcaster for the BBC and appeared on BBC News 24 as the studio guest on the Walport Review. He is also a regular contributor to the Everything Compliance & Life with GDPR podcasts. In addition to being a lawyer, Jonathan is a Fellow of The Chartered Institute of Marketing. He has spoken at conferences in the US, Japan, Canada, China, Brazil, Singapore, Vietnam, Mexico, the Middle East & across Europe.
Jonathan qualified as a lawyer in the UK in 1991 and has focused on technology and risk and governance matters for more than 25 years. He is regarded as a leading expert in compliance matters. Jonathan has been selected as one of the Thomson Reuters stand-out lawyers for 2024 – an honour bestowed on him every year since the survey began. In April 2017 Thomson Reuters listed Jonathan as the 6th most influential figure in risk, compliance and fintech in the UK. In 2016 Jonathan was ranked as the 14th most influential figure in data security worldwide by Onalytica. In 2019 Jonathan was the recipient of a Security Serious Unsung Heroes Award for his work in Information Security. Jonathan is listed as a Super Lawyer and has been listed in Legal Experts from 2002 to date.
Jonathan is the former trustee of a children’s music charity and the longstanding Co-Chair of the New York State Bar Association’s Rapid Response Taskforce which has led the response to world events in a number of countries including Afghanistan, France, Pakistan, Poland & Ukraine.
Some of Jonathan’s recent projects (including projects he worked on prior to joining Punter Southall) are:
- Helping a global healthcare organisation with its data strategy. The work included data breach similuations and assessments for its global response team.
- Helping a leading tech hardware, software and services business on its data protection strategy.
- Leading an AI risk awareness session with one of the world’s largest tech businesses.
- Looking at AI and connected vehicle related risk with a major vehicle manufacturer.
- Helping a leading global fashion brand with compliance issues for their European operations.
- Helping a global energy company on their compliance issues in Europe including dealing with a number of data security issues.
- Working with one of the world’s largest chemical companies on their data protection program. The work involved managing a global program of audit, risk reduction and training to improve global-privacy, data-protection and data-security compliance.
- Advising a French multinational on the launch of a new technology offering in 37 countries and coordinating the local advice in each.
- Advising a well-known retailer on product safety and reputation issues.
- Advising an international energy company in implementing whistleblower helplines across Europe.
- Advising a number of Fortune 100 corporations on strategies and programs to comply with the UK Bribery Act 2010.
- Advising of Financial Services Business on their cyber security strategy. This included preparing a data breach plan and assistance in connection with a data breach response simulation.
- Advising a U.S.-based engineering company on its entry into the United Kingdom, including compliance issues across the enterprise. Areas covered in our representation include structure, health and safety, employment, immigration and contract templates.
- Assisting an industry body on submissions to the European Commission (the executive function of the EU) and UK government on next-generation technology laws. Jonathan’s submissions included detailed analysis of existing law and proposals on data privacy, cookies, behavioural advertising, information security, cloud computing, e-commerce, distance selling and social media.
- Helping a leading pharmaceutical company formulate its social media strategy.
- Served as counsel to a UK listed retailer and fashion group, in its acquisition of one of the world’s leading lingerie retailers.
- Advising a leading U.S. retailer on its proposed entry into Europe, including advice on likely issues in eight countries.
- Working with a leading UK retailer on its proposed expansion into the United States, including advice on online selling, advertising strategy and marketing.
- Dealing with data export issues with respect to ediscovery in ongoing court and arbitration proceedings.
- Advising a dual-listed entity on an FCPA investigation in Europe.
- Acting for a U.S.-listed pharmaceutical company in connection with a fraud investigation of its Europe subsidiaries.
- Acting for a well-known sporting-goods manufacturer on setting up its mobile commerce offerings in Europe.
- Comprehensive data protection/privacy projects for a number of significant U.S. corporations, including advice on Safe Harbor Privacy Shield and DPF.
- Risk analysis for an innovative software application.
- Assisting a major U.S. corporation on its response to one of the first reported data breaches.
- Work on the launch of an innovative new online game for an established board game manufacturer in more than 15 countries.
- Advice on the setting up of Peoplesoft and other online HR programs in Europe, including data protection and Works Council issues.
- Advising a leading fashion retailer in its blogging strategy.
- Advising one of the world’s largest media companies on its data-retention strategy.
- Advising a multinational software company on the marketing, development and positioning of its products in Europe.