Buy-side M&A

The Court of Appeal has recently handed down an important decision in respect of data protection law considerations in Farley & Others v Paymaster (trading as Equiniti) [2025] EWCA Civ 1117, providing clarity on the scope of infringement and compensation data protection claims under the UK GDPR and Data Protection Act 2018 (“DPA”). The judgment will be of particular interest to any service provider dealing with and processing large volumes of customer personal data.  

At some point in their history, businesses commonly have need for external funding to help their growth trajectory.

In tech, the law often arrives after something has gone wrong. Here are three cautionary tales* and the lessons every founder, CTO and in-house counsel should take away.

The Data (Use and Access) Act 2025 (the “DUAA”), which received Royal Assent on 19 June 2025, introduces targeted reforms to the UK data protection legal framework — particularly the UK GDPR, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (“PECR”).

Many of you will know that the Government published, on 23 June, its Modern Industrial Strategy paper and, with it, committed to creating a “predictable, proportionate, and transparent investment screening framework” and launching a 12-week consultation on updating the definitions of the 17 sensitive sectors of the economy as set out in the National Security and Investment Act 2021 (NSIA).

The recent cyberattacks on major UK retailers have put cybersecurity back in the spotlight. But a more significant development for data protection practitioners has been flying under the radar: the Information Commissioner’s Office (ICO) has issued a notable fine directly against a data processor for breaching UK GDPR security obligations - an important shift in enforcement focus.

The 2023/24 tax year marks a major shift in the way unincorporated businesses are taxed. It is a transition year, with HMRC moving from the traditional “current year basis” to a “tax year basis” from 6 April 2024. While this change is intended to simplify the system in the long run, it introduces some short-term complexities (and often tax expense) during the transition year which partners and other sole traders ought to be alive to.

We have a wealth of experience acting for high net worth individuals at the outset of their angel investing journey and for seasoned angel investors who need the occasional bit of legal input. 

On 6 April 2025, the first wave of consumer protection provisions under the Digital Markets, Competition and Consumers Act 2024 (“DMCC Act”) came into force, marking the most significant overhaul of UK consumer protection law in over a decade. 

In the wake of recent high-profile cyber-attacks on major retailers like Marks & Spencer and Co-op, the UK government has launched a new voluntary Code of Practice for software vendors at its flagship cyber security event, CyberUK 2025. This initiative sets a dynamic baseline for software security and resilience, aiming to help prevent such breaches in the future.

The Office of Communications, commonly known as ‘Ofcom’ (the regulator for communication services) is calling on tech firms to make ‘the online world safer for women and girls’. 

Criminal risk isn’t the first thing that comes to mind when considering the commercial drivers behind a merger or acquisition. But our recent roundtable discussion at our offices made clear that criminal liability—however peripheral it might seem—can have very real consequences for deal viability and post-completion exposure. Here are five key takeaways from a discussion that brought together legal and business perspectives on how economic crime intersects with transactional work.

In this blog, we dive into the essentials of share buybacks, explore common issues that arise when shareholders object, and uncover creative workarounds to navigate conflicts while staying compliant and maintaining trust.

Last week, I had the pleasure of hosting an insightful roundtable dinner at The Ivy in Covent Garden, London, bringing together thought leaders, industry experts, and business owners to discuss one of the most pressing topics of our time - AI regulation. Co-hosted by the brilliant Fred Becker, CAO of Unlikely AI, the conversation was rich with diverse perspectives, practical concerns and strategic insights.

In business sales and acquisitions, managing risk is not just important – it is essential for a smooth and successful transaction. One of the most powerful tools to mitigate these risks is warranty and indemnity (“W&I”) insurance. W&I insurance provides vital protection for both buyers and sellers against unforeseen liabilities that may arise after the deal is completed.

The EU Data Act is set to reshape the data landscape, and while its full impact will unfold over time, some key provisions are coming into effect this September that SaaS providers need to be aware of now. Specifically, we're talking about the rules around data switching, and how they'll likely require you to update your standard terms and existing customer agreements.

The Cabinet Office has published a report following the government's first statutory review of the performance of the Notifiable Acquisition regulations (NARs), the statutory instrument which sets out the detail of the 17 specified sectors of the economy subject to mandatory notification requirements under the National Security and Investment Act 2021 (NSIA).

Our new Partner Christopher Perrin has been interviewed by TechRound.

Kingsley Napley is pleased to announce that Christopher Perrin has joined the firm as a Partner in its fast-growing Corporate, Commercial and Finance practice.

At midnight on 30 October 2023, while many of us slept in eager anticipation of the new labour government’s first budget, the rate of Capital Gains Tax (CGT) increased. 12 hours later the Chancellor announced the higher rate of CGT had increased by 4%. The hike is less drastic than feared and seems unlikely to cause sellers too many sleepless nights.