AI’s power play: the high-stakes race for energy capacity | Computer Weekly

AI’s power play: the high-stakes race for energy capacity | Computer Weekly

Trending


The use of artificial intelligence (AI), particularly generative AI, relies on a lot of energy. As its adoption grows and people become more adept at harnessing its power, increasingly strong ties are being created between the tech and energy industries. Whilst this may be a good thing, it also brings about new challenges and legal considerations.

After all, the long-term success of digital infrastructure depends on two core issues. Technical and operational constraints naturally need to be considered but, at the same time, a significant emphasis should be placed on stakeholders establishing clear legal contracts and investment safeguards from the start of a project. 

It’s understandable why individuals might get caught in the hype and excitement of a new idea, when a proactive approach to identifying and clearly allocating project risks and rewards upfront is crucial for successfully navigating the complex legal environments over the years and decades in which these projects come online.

Training a single large language model can consume as much electricity as a small town. Data centres currently make up around 1.5% of global electricity demand.  The International Energy Agency (IEA) forecasts that electricity demand from data centres will more than double by 2030, a hunger primarily driven by AI. This surge could require new global energy capacity equivalent to roughly four times the United Kingdom’s current total electricity consumption.

This increasing energy demand is concentrated primarily in the areas where data centres are or will be located, straining local power grids and requiring either substantial and rapid grid infrastructure upgrades or, more commonly, a race between data centre owners and operators to secure reliable and sustainable energy sources dedicated to their operations.

AI can improve management of energy  

While AI demands significant power, it also holds promise for improving energy management. AI can potentially optimise power grids, integrate renewable energy sources more effectively, predict equipment failures and enhance energy efficiency across various industries and buildings. This could help offset some of the overall impact on global energy demand. However, the energy sector has been slower in adopting AI compared to the tech and financial services industries. Further integration is expected here too. 

The legal and contractual framework for AI-energy projects is intricate and, in many areas, novel. It involves navigating diverse regulatory systems, supply chain complexities and geopolitical uncertainties. This leads to complex negotiations concerning risk allocation, pricing mechanisms and responsibilities avoiding downtime. Furthermore, the regulatory landscape for both AI and energy is constantly evolving, making compliance and contractual certainty a moving target.

In this dynamic and complex environment, it is crucial to anticipate, during the contract drafting phase, how disputes could arise and what mechanisms are needed to avoid them, or resolve them early and quickly if they cannot be avoided. Contracts should be meticulously written to foresee potential issues while maintaining enough flexibility to allow for an inevitable degree of unpredictability during a project which will last for decades. That means parties need to clearly define their responsibilities, establish performance metrics (and how those will be tracked) and allocate risks effectively.

Why contracts should be enforced

Importantly, once a contract is signed parties need to immediately and consistently apply and enforce it. It should go without saying – you could argue that the fact it needs saying tells its own story – but incorporating robust governance and dispute resolution methods is essential, with international arbitration recommended for these multi-party, multi-contract projects given advantages such as neutrality, privacy and enforceability in cross-border contexts.
 It is also prudent to proactively consider investment protections (including through investment agreements with host country governments and under public international law treaties) as well as potential restructuring scenarios, including upon events like force majeure, changes in law or financial distress. 

This foresight can help protect investments and ensure the continuity and long-term success of these critical projects in the face of unwelcome challenges.  This is important not only for the participants in the particular projects but also for the wider energy and tech sectors which will be impacted significantly by the availability of this important technology and the speed at which its adoption can grow.  

Charlie Morgan is a partner in Herbert Smith Freehills’s disputes practice with a focus on tech, energy and venture capitalism.



Source link

Tariff turmoil is making supply chain security riskier | Computer Weekly

Tariff turmoil is making supply chain security riskier | Computer Weekly

Trending


Cyber security remained the most pressing challenge facing those in supply chain management roles during the first three months of 2025, but since the inauguration of Donald Trump in January, uncertainty over the president’s approach to tariffs has caused chaos for supply chains not just in the US, but around the world, and these two areas of risk are closely entwined.

This is according to a report from cyber and risk management consultancy West Monroe, which found that while security remains top of mind for 23% of respondents to a recent polling exercise, the impact of tariffs has surged to become the top issue for 20%, in a matter of weeks edging out factors such as geopolitical tension, material costs, the climate crisis and labour costs.

Although its fieldwork was conducted in March, prior to Trump’s so-called Liberation Day tariff announcement, West Monroe’s data shows that during Q1, a significant number of organisations in the US started making changes to their supply chains in advance.

A total of 58% said they altered their product, materials or sourcing mix, 56% altered their transportation mix, 45% altered their production schedule, 31% updated their pricing to pass increased costs to customers, and 28% altered their geographic presence. “I don’t think these are necessarily quick changes to make, but there is cyber risk if and when those changes are made,” said Christina Powers, cyber security partner at West Monroe.

Broadly, she said the need to move quickly to replace lost revenues, shifts in the supplier ecosystem and other impacts arising from the tariffs may create gaps in best practice when it comes to supply chain management.

“For example, if you’re starting to work with a different supplier – maybe they were already on your list but they weren’t a tier one supplier, you’re tapping into tier two suppliers – so maybe they went through less due diligence and less scrutiny when you were initially onboarding them,” said Powers.

“Or if you’re looking to change suppliers now, there could be a little more of a rushed diligence process being done to try to make that change more quickly,” she said. “There could be less visibility into what potential access these companies may have. From another angle, if you’re not working with a familiar contact, or not working with familiar processes, there’s a higher risk of things like impersonation attacks, whether or not that’s for financial gain or to get access to sensitive data.”

Finally, with goods potentially priced higher thanks to the tariffs, some organisations may also look to offset costs in rather more creative ways than simply passing them onto their customers. In some instances, however ill-advised this may be, this could see IT and cyber security budgets taking a hit.

“There is a risk around cyber security which is often viewed as a cost centre,” said Powers. “It is focused on value preservation and risk reduction, but it’s not necessarily value creation per se. So, there could be pushes to offset some of what organisations are having to deal with.”

But the story doesn’t end here, she said, for there are other ways in which cyber security and tariffs are coupled together.

“With a lot of the uncertainty that’s happening right now, there’s a very volatile market,” she said. “From a cyber security perspective, that could lead to incentives for individuals or groups or nation-states to look to exploit vulnerabilities or go after certain companies.

“You may see that nations that were historically friendly [to the US] have different feelings now, so there could be an increase in exploitation.

“On the data side, there could be an increase in potential espionage looking for trade secrets, intellectual property and things of that nature,” said Powers. “There are some Chinese manufacturers exploiting luxury brands and where their goods are being made, and what it takes to produce them.”

Takeaways for cyber leaders

If there’s a core message for security leaders to hold onto during this time of intense economic uncertainty and volatility, it would be not to allow the organisation to lose focus on the integrity of its supply chain arrangements.

“Now is the time to be more vigilant, not only to hold the line, but actually to increase supply chain scrutiny from a cyber perspective, because there is so much uncertainty, change, volatility and, I think, anger associated with this,” said Powers.



Source link

Collaboration is the best defence against nation-state threats | Computer Weekly

Collaboration is the best defence against nation-state threats | Computer Weekly

Trending


Businesses are under attack from all corners of the globe and while many organisations may think that nation-state threat actors would never target or be interested in them, the reality is that no-one is exempt from security threats.

Security leaders need to ensure they are staying up to speed on the latest threat intelligence, this can either be through an in-house capability or via third-party threat intel providers. Once they understand the tactics, techniques and procedures (TTPs) deployed by these threat actors, organisations can then ensure they have robust mechanisms in place to digest and act on this information to implement appropriate controls.

Organisational culture plays a key role in ensuring everyone is aware of the threats and risks posed to the business. It is vital that leaders educate users on what the most prevalent threats may look like and how to respond, this is a primary defence to protecting their business.

Social engineering remains one of the most widely used methods of attack and so implementing processes that are resistant to individual compromise is key. Using phishing resistant authentication methods, ensuring strict identity governance and control, and having a well-tested incident response capability are all crucial steps to preventing and mitigating these types of attacks.

Unfortunately, securing your own organisation is not enough and historically nation-state threat actors have taken advantage of weak third-party suppliers and supply chain governance. Having strong supply chain governance and assurance is now one of the top trends across industries and it’s critical businesses understand the dependencies and access that suppliers have.

If prevention fails, lateral movement post-compromise is one of the first actions threat actors will attempt and so endpoint detection and response, and zero-trust solutions that can prevent and detect unauthorised access are also vital.

In 2023, 1.9 billion session cookies were stolen from Fortune 1000 employees. With the session token, attackers are bypassing MFA and so it is much harder to detect and respond. Having solutions  in place as part of a zero-trust architecture to detect session token replay attempts can stop these attacks and alert to possible credential or endpoint compromise.

Ultimately, collaboration and partnership across organisations and industry will help organisations understand these threats, the risks posed by nation-state actors and more importantly allow them to work together to prevent them.

Stephen McDermid is EMEA CSO at Okta  



Source link

UK class action sets stage for Google showdown | Computer Weekly

UK class action sets stage for Google showdown | Computer Weekly

Trending


UK based legal professor Or Brook has filed a class action against Google worth approximately £5bn in the UK Competition Appeal Tribunal (CAT). The class action, brought on behalf of hundreds of thousands of UK-based organisations that used Google’s search advertising services, accuses Google of abusing its near-total dominance in the general search market to drive up prices.

This latest class action follows on from one filed by Nikki Stopford, co-founder of Consumer Voice, and legal firm Hausfeld & Co LLP, and appears to focus on the Google’s anti-competitiveness.

Stopford’s case looks at the cost to consumers due to increased advertising costs businesses that use Google Search pay as a result of anti-competitive practices. In November last year, Google’s attempt to throw out Stopford’s case was dismissed, paving the way for the case to be heard at the CAT.

Along with Stopford’s case, in January,  the Competition and Markets Authority (CMA) began an investigation seeking to determine if Google has strategic market status in search and search advertising activities, and whether these services are delivering good outcomes for people and businesses in the UK.

The Brook case appears to be looking specifically at the cost to business arising from Google business practices that stipulate its Chrome browser and search engine are configured as the default options on Android devices and Google’s payments to Apple to ensure Google search is default on the Safari browser.

The class action also covers Google’s Search Engine Management Platform (SA360). Brook alleges that this offers better functionality and more features regarding Google’s own advertising offering than that of its competitors.

Damien Geradin, founding partner of Geradin Partners, the legal firm representing Brook, said: “This is the first claim of its kind in the UK that seeks redress for the harm caused specifically to businesses who have been forced to pay inflated prices for advertising space on Google pages.”

In the claim, Brook argues that Google has been shutting out competition in the general search and search advertising markets.

The claim argues that Google’s conduct has prevented competitors in the general search market from distributing their own search engines, which has enabled Google to maintain its dominance, leading to restricted competition in general search. Brook contests that Google has ensured that its own search platform is the only viable means of advertising to the vast majority of consumers, and ensured its dominance in search advertising.

She said: “Today, UK businesses and organisations, big or small, have almost no choice but to use Google ads to advertise their products and services. Regulators around the world have described Google as a monopoly and securing a spot on Google’s top pages is essential for visibility.

“Google has been leveraging its dominance in the general search and search advertising market to overcharge advertisers. This class action is about holding Google accountable for its unlawful practices and seeking compensation on behalf of UK advertisers who have been overcharged.”

On top of the class actions, Google is also being investigated by the CMA, which is looking at whether its Play Store requires app developers to sign up to unfair terms and conditions as a condition of distributing their apps.



Source link

Footballers object to processing of performance data | Computer Weekly

Footballers object to processing of performance data | Computer Weekly

Trending


Football players are issuing “stop processing” requests to gaming, betting and data-processing firms over the use of their performance, health and injury data, citing ethical concerns with how the information being distributed about them can affect their career prospects.

Under Article 21 of the UK’s General Data Protection Regulation (GDPR), individuals have the right to object to the processing of their personal data.

Submitted on behalf of players by the Global Sports Data and Technology Group (GSDT) – an enterprise co-founded by former Cardiff City and Leyton Orient manager Russell Slade, and technologist Jason Dunlop – the “stop processing” requests are asking the companies involved to cease their processing of all tracking and performance data, as well as other personal information such as health or injury information.

The “stop processing” requests sent by GSDT – as part of its Project Red Card initiative to give footballers and other sportspeople more control over the collection and use of their performance data – follow its extensive engagement with companies in the gaming, betting and sports data industries over the past five years.

While GSDT are unable to disclose which companies the requests have been sent to, they are some of the largest betting, gaming and sports data consultancy companies in the world.  

Speaking with Computer Weekly, Dunlop and Slade said that they must now take action via Article 21 of the UK GDPR because the ethical concerns GSDT has raised about the use of football players’ data have been ignored by firms throughout the sports data ecosystem.

“We’re still in correspondence with them, but I just don’t think we’re moving forward,” said Dunlop. “It is disappointing that, despite ongoing engagement with these companies for the past five years, we have reached a point where we must take action to protect our players’ and the processing of their data.

“This issue could easily be resolved if players were recognised as stakeholders in the sports data ecosystem. While we have seen some attempts by others to address this, three critical questions remain: Do players have the right to object to industries outside sport using their data? Who should decide who uses a player’s data? And what is the true value of this data to the athlete?”

Slade added the concerns about player data extend to every level of the game: “Many people still don’t understand how this industry works and don’t realise how important accurate data is to a player’s value and career. It is crucial that we get this right for all players.”

Ethical concerns over player data

According to Dunlop, the processing of player information by companies in the gaming, betting and sports data industries takes place without informed consent or financial compensation.

“There is an exemption for commercial processing, but let’s think about the ethics of this,” he said, highlighting that footballers are also people in a workplace trying to do a job. “If you were in work, and every time you went to the toilet, your manager measured the time that you went, left, came back and what you did, you’d probably have some major concerns about that.

“Here we’ve got people in work who are being tracked 25 times a second for everything that they do, and that data is going to all sorts of people who they have no idea about.”

Dunlop added that while most of the data collection is facilitated by clubs themselves for the purposes of player improvement, the information gathered by companies allowed into stadiums is then widely distributed to a range of third parties, which in turn use the data for their own profit without the input or involvement of players themselves.

Slade emphasised that while GSDT has no problem with football clubs using the player data for performance improvement purposes internally, the issue is that it then “goes everywhere”.

Dunlop also highlighted a range of ethical concerns around, for example, the accuracy of player data, which can negatively affect their career prospects if inaccurate information is distributed, and the use of people’s data in the context of gambling if they are personally opposed to it.

Ultimately, Dunlop said GSDT’s goal is to strike a fair balance between players’ rights and the commercial interests of firms that benefit from the data processing.

“The difficulty is, how do you move from where we are to a position where all the stakeholders are comfortable with it?” he said, adding that players also have a right to not make it work and say no to the data processing completely if that’s what they decide.

They told Computer Weekly that, because of the relatively short career spans of footballers, giving them more control over how their data is used can help to support them financially when they hang their boots up.

“There’s a lot of life left after football, and that’s if players are lucky enough to see out a career to the age of 33 or 34,” said Slade, adding this also affects “bread-and-butter” players in lower leagues. “All these bets and this money is being exchanged on the basis of your data, and you aren’t seeing a penny of that.”

Depending on the response of firms to the Article 21 requests, Dunlop and Slade said that next steps would involve approaching the data regulator, before considering legal action. Their hope is that, because football plays such a central role in so many people’s lives, it can set a precedent for people becoming more aware of their data rights and how to exercise them.

“I think this is a really good example where sport can lead the way for general data subjects,” said Dunlop.



Source link