Insights
Analysis of telecoms, data, payments and technology regulation and transactions
Clear, practical commentary on legal and regulatory developments affecting telecoms operators, digital infrastructure providers, technology companies, financial institutions, fintechs and investors.
Our blogging history
We have been publishing insights since 2010, when Rob first built the website on WordPress. From the outset, the aim was the same: careful research, precise language and analysis that explains not just the legal issue, but its practical and commercial effect.
That remains our approach today. Artificial intelligence now helps with parts of the research and drafting process, and it has supported the development of this website. But technology does not replace judgement, experience or specialist expertise. Our insights are shaped by real advisory work across regulation, compliance and transactions.
Through this Insights section, Bratby Law aims to provide clear analysis that helps organisations make informed decisions in complex and fast-moving areas of law and regulation. For advice on a specific issue, regulatory strategy or a transaction, please get in touch.
Recent articles
-
Data Protection | EU | UK
AI Act transparency obligations: the EU’s draft guidelines and the UK’s sector duties
In short: AI Act transparency obligations apply from 2 August 2026 under Article 50 of Regulation (EU) 2024/1689. The European Commission published draft guidelines on 8 May 2026 explaining who must disclose chatbots, mark synthetic content and label deep fakes. Penalties reach €15 million or 3% of worldwide turnover. UK businesses serving EU users are…
-
UK | Data Protection | EU
EDPB data breach notification template: one EU form and the UK position
In short: The EDPB data breach notification template, adopted in draft on 8 June 2026 and in public consultation until 5 August 2026, gives data controllers one structured form for notifying personal data breaches to EU supervisory authorities under Article 33 GDPR. UK reporting to the ICO is unchanged; the template matters where a breach…
-
FCA AI approach: what the AI Lab offers firms deploying AI
In short: the FCA AI approach pairs no new AI rules with supervised engagement. The Consumer Duty, the SM&CR and existing governance expectations govern AI in UK financial services, while the AI Lab offers five engagement routes. The AI Input Zone closes on 19 June 2026, feeding a good and poor practice publication later in…
-
Ofcom crisis response protocol: what the Online Safety Act codes ask of platforms
In short: The Ofcom crisis response protocol, published on 9 June 2026, adds two measures to the Online Safety Act 2023 codes of practice. In-scope user-to-user services should prepare and apply a written crisis protocol, and large services should open a dedicated channel for law enforcement. The measures are recommended, not yet in force, and…
-
Data (Use and Access) Act 2025: changes now in force
In short: The Data Use and Access Act 2025 commencement regulations (SI 2026/82) brought the principal data protection provisions into force on 5 February 2026. New Article 12A UK GDPR changes how the one-month DSAR period is calculated; Schedule 4 introduces five categories of recognised legitimate interest requiring no balancing test; Articles 22A to 22D replace the…
-
Consumer credit financial promotions: FCA CP26/15 proposes removing CONC 3 rules in favour of the Consumer Duty
In short: Consumer credit financial promotions are under FCA review. CP26/15, published on 29 April 2026, proposes removing prescriptive rules from CONC 3 and relying on the Consumer Duty consumer understanding outcome, and opens a discussion on representative APR disclosure, including the 51% threshold. Responses are due by 17 June 2026. By Rob Bratby, Managing…
-
Financial market infrastructure supervision: who regulates UK CCPs, exchanges and CSDs
In short: Financial market infrastructure supervision in the UK is split by statute. Section 285A of the Financial Services and Markets Act 2000 makes the FCA the appropriate regulator for recognised investment exchanges and the Bank of England the appropriate regulator for central counterparties and central securities depositories. A Schedule 17A memorandum of understanding, reviewed…
-
NCSC agentic AI guidance: the security controls expected of UK data controllers
In short: The NCSC agentic AI guidance, published on 15 May 2026, describes the security controls expected of organisations deploying AI agents: least privilege, limited scope, temporary credentials, monitoring, threat modelling and incident plans, with named individuals accountable. For UK data controllers it helps determine what UK GDPR Article 32 requires of them, and it…
-
Concurrent competition powers: who enforces competition law in regulated sectors
In short: Concurrent competition powers let the FCA, PSR, Ofcom and five other sector regulators apply the Competition Act 1998, not just the CMA. The CMA’s annual concurrency report, published on 2 June 2026, shows that in 2025-26 only two sector regulators ran Competition Act cases, while reform and the PSR-into-FCA merger are about to…
-
Ofcom AI strategy 2026/27: the duties on AI in telecoms
In short: The Ofcom AI strategy for 2026/27, published on 4 June 2026, sets out how Ofcom will regulate AI in the sectors it oversees. Telecoms operators are under a duty to keep their networks secure under the Telecommunications (Security) Act 2021, and that duty covers the AI they run on those networks. Ofcom doesn’t…
-
AI consumer protection UK: how four regulators are building it without an AI Act
In short: AI consumer protection UK is being built without a standalone AI Act. On 3 June 2026 the Digital Regulation Cooperation Forum (DRCF), the joint forum of the ICO, FCA, CMA and Ofcom, opened a call for input on consumer interest and AI. It gathers the consumer evidence the four regulators need to apply…
-
Openreach FTTP pricing: what Ofcom’s review of the new offers really means
In short: The Openreach FTTP pricing and Ethernet offers notified to Ofcom on 2 June 2026 are not subject to approval. Under the Telecoms Access Review 2026-31, Ofcom decides only whether to intervene on competition grounds, and on the Equinox record it rarely does. Its Call for Inputs closes on 19 June 2026. By Rob…
Telecoms, data protection and payments regulation lawyers
Bratby Law advises on telecoms regulation, data protection, payments regulation and transactions across the communications, financial services and technology sectors.
How we work
Bratby Law works with clients in three ways: as direct legal advisors on specific matters, as specialist co-counsel supporting other legal teams, and as fractional general counsel on a longer-term retained basis. Each model delivers partner-level input without delegation.
Why Choose Bratby Law?
Sector expertise
Bratby Law advises exclusively on telecoms regulation, data protection, and payments regulation. That concentration means deeper knowledge of the regulatory environment, faster analysis, and advice that reflects how regulators actually behave: not how the textbook says they should.
Senior delivery
Every instruction is handled by Rob Bratby personally. With 30 years’ experience spanning Oftel, senior in-house roles at network operators, and partnership at international law firms, you receive the analysis directly: not through a junior team. The firm uses AI tools to extend research capacity and accelerate document review, so senior judgment is applied to more of your matter, not less.
Unique perspective
Rob Bratby has sat on all three sides of the regulatory table: as a regulator at Oftel, as General Counsel at major operators, and as external counsel. That inside-out perspective informs every piece of advice. He currently holds fractional General Counsel appointments at TOTSCo, TelXL and Core, with further engagement in the payments sector.
Ready to discuss your matter?
Prefer an RSS reader? Subscribe via RSS.