UK Financial Insights from Katten is a monthly newsletter highlighting key noteworthy developments potentially affecting financial markets and funds in the UK and Europe.
To read more issues of UK Financial Insights from Katten, please click here.
DORA Delegated Regulation on Threat-Led Penetration Testing Published in Official Journal
By Nathaniel Lalone, Ciara McBrien
The Delegated Regulation, which contains regulatory technical standards (RTS) on threat-led penetration testing (TLPT) requirements under the EU Digital Operational Resilience Act (DORA), was recently published in the Official Journal of the European Union. TLPT is mandatory for the "financial entities" subject to DORA, which now must meet specific impact, risk and systemic relevance criteria in relation to these testing requirements. Read about RTS supplements Article 26.
Risk.net Discusses CFTC Changes for CTA Regulations With Nathaniel Lalone
Risk.net spoke with Financial Markets and Funds Partner Nathaniel Lalone regarding the Commodity Futures Trading Commission's (CFTC) recent withdrawal of its 2021 advisory (21-19), which was seen by certain market participants as seeking to broaden the definition of swap execution facilities (SEFs) to include certain technology vendors and commodity trading advisers (CTAs). The withdrawal of the advisory is intended to reduce uncertainty for potentially affected firms and may offer greater flexibility for technology vendors and crypto service providers. Read about Nate’s comments.
Carolyn Jackson Shares Thoughts on UK/EU Derivatives Regs
Futures & Options World (FOW) spoke with Financial Markets and Funds Partner Carolyn Jackson regarding the UK Financial Conduct Authority’s (FCA) plans for future commodity derivatives regulation. Following Brexit, Carolyn expects the UK and EU to continue to diverge in the interest of adapting to their respective markets. Read about Carolyn’s comments.
EU AI Act Compliance Deadline of 2 August looming for General Purpose AI Models
By Trisha Sircar
The European Union's Artificial Intelligence Act (the EU AI Act) is the first comprehensive artificial intelligence (AI) regulation to address AI technologies across the globe. The EU AI Act was proposed in April 2021 and published in the Official Journal of the European Union on 12 July 2024. The EU AI Act officially entered into force on 1 August 2024. Read about the phased timeline for implementation and compliance.
UK Data Use and Access Act Now in Force
By Trisha Sircar
On 19 June, the UK Data Use and Access Bill (DUA Bill) finally received Royal Assent and passed into law as the Data Use and Access Act 2025 (DUA Act). The DUA Act amends the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communication (EC Directive) Regulations 2003 (PECR). Read about key changes under the DUA Act.
What to Expect From Mandatory Ethnicity and Disability Pay Gap Reporting
By Christopher Hitchins
Published by Grip., the article examines what to expect from the UK government's initiative to build upon existing gender pay gap reporting regulations. The UK government recently closed a consultation on the introduction of mandatory ethnicity and disability pay gap reporting for certain employers, including those in the financial services sector. The article highlights what we can likely expect from the consultation as the government drafts the proposed Equality (Race and Disability) Bill, which seeks to provide employers with a clear reporting framework. Read Katten’s article.
