At the beginning of a new year, we are looking ahead to five key technology trends in the EMEA region that are likely to impact businesses in 2023.

1. Technology Regulations across EMEA

European Union

If 2022 was the year that the EU reached political agreement on a series of landmark legislation regulating the technology sector, 2023 will be the year that some of this legislation starts to bite:

  • The Digital Services Act (DSA): By 17 February 2023, online platforms and online search engines need to publish the number of monthly average users in the EU. Providers that are designated as “very large online platforms” and “very large search engines” will need to start complying with the DSA in 2023, and we may start to see Commission investigations kicking off later in the year too.
  • The Digital Markets Act (DMA): The DMA starts applying from 2 May 2023. By 3 July 2023, gatekeepers need to notify their “core platform services” to the Commission.
  • The Data Governance Act (DGA): The DGA becomes applicable from 24 September 2023.

Also this year, proposals published under the European Data Strategy—such as the Data Act and European Health Data Space—and EU legislation targeting artificial intelligence (AI) systems—including the AI ActAI Liability Directive and revised Product Liability Directive—will continue making their way through the EU’s legislative process. These legislative developments will have a significant impact on the way that businesses ingest, use and share data and develop and deploy AI systems. In addition, the new liability rules will create potentially significant new litigation exposure for software and AI innovators.

United Kingdom

What will the UK achieve on tech regulation in 2023? That is harder to predict. While the Online Safety Bill remains stuck in the political quagmire, the expectation is that the bill will pass through the legislature by the end of the current UK parliamentary term in April 2023. Additionally, as we reported here, in 2022 the UK published its proposed approach to regulating AI in the UK via the AI Governance and Regulation: Policy Statement. We anticipate the publication of the UK Government’s White Paper on AI governance in 2023. We also expect to see the UK publish the Digital Markets, Competition and Consumer Bill in the first quarter of this year, which will introduce new competition and consumer law rules for the tech sector, similar to those brought in by the DMA.

Middle East and Africa

Policymakers are steadily developing regulatory regimes to address the evolving technology landscape. In 2023, the following trends are worth tracking: 

  • Data protection: Data protection will continue to be a hot topic for technology and internet governance across the Middle East and Africa. The proliferation of data protection has largely been propelled by the EU’s GDPR and a greater understanding amongst governments that it is their responsibility to ensure the privacy of their citizens. In the Middle East, we expect several jurisdictions to issue important data privacy legislation in 2023. We also expect to see data privacy-related legislative developments in Africa as more and more global tech companies, manufacturers of consumer goods and retailers identify Africa as a growth market for tech innovation and digital services.
  • Tax: A growing number of African policymakers have strongly advocated for digital services taxes. We expect this trend to continue into 2023, and African governments exploring ways to tax multinational technology companies. In addition, African governments in countries such as Kenya and Nigeria have also introduced taxes on social media, e-commerce and mobile money as a means of growing government revenue.

At Covington, we are closely tracking developments affecting the technology and digital sector. You can find out more via our EMEA Tech Regulation Toolkit.

2. Cybersecurity Frameworks across EMEA

European Union

Cybersecurity threats and related regulation will continue to be important issues for organizations in 2023 and beyond. We expect several cyber-related legislative developments across the EU in 2023, including:

  • Member States beginning the process of transposing the recently-adopted Network and Information Security 2 (NIS2) Directive, which replaces the NIS Directive, into national law (deadline of Q3 2024).
  • Ongoing negotiations on the proposed Cyber Resilience Act, which seeks to impose cybersecurity-related obligations on a range of hardware and software products placed on the EU market, including smart speakers, games, and operating systems.
  • Development of IT security standards for financial services institutions that will be regulated by the recently-adopted Digital Operational Resilience Act (DORA).

United Kingdom

The UK recently has consulted on cybersecurity rules in various sectors, including data centers and cloud services. In 2023 we expect to see more of a sector-by-sector approach to regulating cybersecurity. This follows developments in 2022, such as the Product Security and Telecommunications Infrastructure Act and related regulations and code of practice that set out specific security requirements for electronic communications networks and service providers in the UK, including new rules on governance and supply chain monitoring. 

Middle East and Africa

We predict seeing an increase of cyber threats in 2023. Recent events of cybercrime, including an 85% increase in cyberattacks in the Middle East, the major hack of Uganda’s mobile money network in October 2020, a cyber-attack on South Africa’s second-largest hospital operator in June 2020, and the discovery of a security breach of the communication channels at the African Union headquarters in early 2018, have amplified calls for more relevant legislation and robust cybersecurity measures. Consequently, many Middle East and African governments are introducing regulatory regimes and creating awareness to address cyberattacks and vulnerabilities. From a regional perspective, the African Union has appointed a Cybersecurity Expert Group to provide leadership and momentum for the ratification and deployment of the African Union Convention on Cybersecurity and Personal Data by more African countries, and African governments.

3. Pressure on International Data Flows and Technology Deals

European Union and United Kingdom

There will be increasing pressure on international data flows and technology deals, meaning the world may become less interconnected in 2023.

In 2022, we saw the passing of the deadline to implement the new EU Standard Contractual Clauses (EU SCCs) and, in the UK, the publication of the International Data Transfer Agreement and UK addendum to the EU SCCs. Following the EU Court of Justice’s 2020 ruling in Schrems II, we have also seen the European Commission propose opening up data flows between the EU and U.S. via publication of a draft adequacy decision for the EU-U.S. Data Privacy Framework. Despite the conclusion of a number of bilateral trade deals focused on data flows, however, more jurisdictions are eyeing their own transfer rules and requirements. This all means greater complexity for many global technology and commercial projects in 2023 and beyond.

At the same time, we are seeing a number of jurisdictions adopt measures that are likely to result in a more inward looking tech sector, including a proliferation of national security and foreign direct investment controls, and other policy initiatives such as the U.S. Chips Act designed to encourage domestic investment in the U.S. semiconductor industry.

Middle East and Africa

In the Middle East and Africa, we can expect to see progress in 2023 on governments entering into free trade agreements to facilitate commercial ties between countries, which are likely to include data protection protocols and provisions. In Africa specifically, we will see governments engaging on ways to operationalize harmonization efforts using the African Continental Free Trade Agreement as a framework. We anticipate that current challenges related to cross-border data flows, among other matters, will be addressed via the much anticipated Digital Protocol.

4. Shift in Investment Focus in the Technology Sector Following Geopolitical Developments

Geopolitical considerations and a push for data sovereignty will likely redirect investment priorities in the technology sector in 2023. This may include strategic investments to secure key technologies, and also the development of local infrastructure, expertise and capabilities. Capacity-building may feature increasingly in strategic technology collaborations.

Increased foreign direct investment scrutiny of deals in the technology sector is expected to continue in 2023 throughout the UK and EU area. In particular, the chilling effect on outbound China M&A in those areas looks set to continue amid ongoing geopolitical tensions — and that situation may become even more complex if U.S. authorities follow through on suggestions that they are considering regulating outbound investment flows from the U.S. The regulatory hurdles to deal conclusion may well shift medium to long term investment strategies to a more regional focus than we have seen in recent years.

5. Middle East and Africa Demand to Drive Growth in Investment in Data Infrastructure

Although global economic conditions remain challenging, we see mandates coming in from the Middle East and Africa, where there remains tremendous opportunity to develop and roll out technology infrastructure and services. We expect to see this continue in 2023, especially in markets where strong domestic champions and/or government initiatives are focused on digitalization of key sectors as strategic imperatives. This means more investment in data centers, communications networks, and an increasing maturity of associated regulatory frameworks governing the same.

If you have any questions concerning the material discussed in this client alert, please contact the members of our firm.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Moritz Hüsch Moritz Hüsch

Moritz Hüsch is partner in Covington’s Frankfurt office and co-chair of Covington’s Technology Industry Group as well as the Artificial Intelligence (AI) and Internet of Things (IoT) Practice Groups. His practice focuses on complex technology- and data-driven licensing deals and cooperations, outsourcing, commercial contracts…

Moritz Hüsch is partner in Covington’s Frankfurt office and co-chair of Covington’s Technology Industry Group as well as the Artificial Intelligence (AI) and Internet of Things (IoT) Practice Groups. His practice focuses on complex technology- and data-driven licensing deals and cooperations, outsourcing, commercial contracts, e-commerce, m-commerce, as well as privacy and cybersecurity.

Moritz is regularly advising on issues and contracts with respect to IoT, AV, big data, digital health, and cloud-related subject matters. In addition, he regularly advises on all IP/IT-related questions in connection with M&A transactions. A particular focus of Moritz’s practice is on advising companies in the pharmaceutical, life sciences and healthcare sectors, where he regularly advises on complex licensing, data protection and IT law issues.

Moritz is regularly listed as one of the best lawyers in the areas of IT and data protection, among others by Best Lawyers in cooperation with Handelsblatt, Wirtschaftswoche and Legal 500.

Photo of Mosa Mkhize Mosa Mkhize

Mosa Mkhize is a policy advisor and leads the firm’s Africa Public Policy Practice. Drawing on her experience both in government and in various roles in the private sector, Mosa provides strategic policy and regulatory advice to clients doing business with and across…

Mosa Mkhize is a policy advisor and leads the firm’s Africa Public Policy Practice. Drawing on her experience both in government and in various roles in the private sector, Mosa provides strategic policy and regulatory advice to clients doing business with and across Africa. Mosa does so by leveraging close to two decades of experience in international trade, public policy and government affairs.

Mosa assists clients on a broad range of issues including advocacy, strategic policy, regulatory, and dispute resolution advice in various sectors, including technology, energy and life sciences. In addition to this, Mosa’s capabilities include building strategic relationships and coalitions in support of smart technologies. Furthermore, she is currently working with government officials, private corporations, academia, and the general public on the development of regulations and policies that will bring about an enabling environment for digital transformation and economic growth in Africa.

Photo of Fredericka Argent Fredericka Argent

Fredericka Argent is a special counsel in Covington’s technology regulatory group in London. She advises leading multinationals on some of their most complex regulatory, policy and compliance-related issues, including data protection, copyright and the moderation of online content.

Fredericka regularly provides strategic advice…

Fredericka Argent is a special counsel in Covington’s technology regulatory group in London. She advises leading multinationals on some of their most complex regulatory, policy and compliance-related issues, including data protection, copyright and the moderation of online content.

Fredericka regularly provides strategic advice to companies on complying with data protection laws in the UK and Europe, as well as defending organizations in cross-border, contentious investigations and regulatory enforcement in the UK and EU Member States. She advises global technology and software companies on EU copyright and database rights rules, including the implications of legislative developments on their business. She also counsels clients on a range of policy initiatives and legislation that affect the technology sector, such as the moderation of harmful or illegal content online, rules affecting the audiovisual media sector and EU accessibility laws.

Fredericka represents right owners in the publishing, software and life sciences industries on online IP enforcement matters, and helps coordinate an in-house internet investigations team who conduct global monitoring, reporting, notice and takedown programs to combat Internet piracy.

Photo of Joshua Gray Joshua Gray

Joshua Gray is a technology and data-focused lawyer with a distinctly international practice combining commercial and regulatory expertise. Joshua excels in assisting clients for deals with no precedent where technology and data are at the heart of the project.

Joshua’s practice includes structuring…

Joshua Gray is a technology and data-focused lawyer with a distinctly international practice combining commercial and regulatory expertise. Joshua excels in assisting clients for deals with no precedent where technology and data are at the heart of the project.

Joshua’s practice includes structuring and negotiating bespoke technology projects, privacy and GDPR, innovative collaborations involving the use of new (and often data-driven) technologies, and other business critical commercial transactions. Joshua provides “product counselling” to clients looking to launch new digital products and services and he routinely supports multi-jurisdictional projects covering areas such as e-commerce, consumer law, media licensing and telecoms.

Joshua otherwise advises on the full spectrum of technology transactions, including IT services agreements, outsourcing, software development and licensing, cloud computing and infrastructure, M&A and joint ventures.

Joshua has deep industry knowledge and experience in the technology, life sciences, digital health, media, telecoms and travel sectors. This experience has been bolstered through client secondments to Illumina Inc, Barclays Bank and du, a leading telecoms operator in the UAE.

Photo of Julie Teperow Julie Teperow

Julie Teperow advises multinational clients on complex local and international regulatory, public policy, and corporate matters. She advises across a broad range of sectors, including life sciences, technology and consumer products. She has particular experience with regional cross-border compliance issues, helping clients navigate…

Julie Teperow advises multinational clients on complex local and international regulatory, public policy, and corporate matters. She advises across a broad range of sectors, including life sciences, technology and consumer products. She has particular experience with regional cross-border compliance issues, helping clients navigate regulatory frameworks and the practical issues arising when doing business in the Middle East and North Africa region.

Julie also has experience with government affairs in the GCC ‒ advising companies on commercial, trade and market access. She has expertise in advising companies on entering and dealing with issues particular to emerging markets.

In addition to regulatory compliance and government affairs, Julie assists clients with regulatory aspects of corporate and commercial transactions, including employment issues. She also acts as the firm’s representative for the Women’s Forum for the Dubai office.

Photo of Paul Maynard Paul Maynard

Paul Maynard is special counsel in the technology regulatory group in the London office. He focuses on advising clients on all aspects of UK and European privacy and cybersecurity law relating to complex and innovative technologies such as adtech, cloud computing and online…

Paul Maynard is special counsel in the technology regulatory group in the London office. He focuses on advising clients on all aspects of UK and European privacy and cybersecurity law relating to complex and innovative technologies such as adtech, cloud computing and online platforms. He also advises clients on how to respond to law enforcement demands, particularly where such demands are made across borders.

Paul advises emerging and established companies in various sectors, including online retail, software and education technology. His practice covers advice on new legislative proposals, for example on e-privacy and cross-border law enforcement access to data; advice on existing but rapidly-changing rules, such the GDPR and cross-border data transfer rules; and on regulatory investigations in cases of alleged non-compliance, including in relation to online advertising and cybersecurity.

Photo of Anna Oberschelp de Meneses Anna Oberschelp de Meneses

Anna Sophia Oberschelp de Meneses is an associate in the Data Privacy and Cybersecurity Practice Group.

Anna is a qualified Portuguese lawyer, but is both a native Portuguese and German speaker.

Anna advises companies on European data protection law and helps clients coordinate…

Anna Sophia Oberschelp de Meneses is an associate in the Data Privacy and Cybersecurity Practice Group.

Anna is a qualified Portuguese lawyer, but is both a native Portuguese and German speaker.

Anna advises companies on European data protection law and helps clients coordinate international data protection law projects.

She has obtained a certificate for “corporate data protection officer” by the German Association for Data Protection and Data Security (“Gesellschaft für Datenschutz und Datensicherheit e.V.”). She is also Certified Information Privacy Professional Europe (CIPPE/EU) by the International Association of Privacy Professionals (IAPP).

Anna also advises companies in the field of EU consumer law and has been closely tracking the developments in this area.

Her extensive language skills allow her to monitor developments and help clients tackle EU Data Privacy, Cybersecurity and Consumer Law issues in various EU and ROW jurisdictions.