UK GDPR & Data Protection Act 2018
The default backdrop to almost any tech deal that touches personal data. Lawful basis, data subject rights, DPIAs, Article 28 DPAs, international transfer mechanisms.
Software companies, platform operators, devtools, AI and infrastructure businesses. Peter works directly with founders, commercial leads and in-house teams on the contracts, advisory matters and IP questions that actually move the business forward.
Technology businesses don't have the luxury of moving at legal speed. The law has to keep up with the product.
Plus Legal works with UK technology businesses at every stage — from pre-revenue founders closing their first enterprise contract to established software companies negotiating eight-figure deals. Technology is one of Peter's two core specialisms, and it shows in the speed, fluency and commercial instinct he brings to every instruction.
This page is for tech leaders who want to know what working with Plus Legal looks like in their sector. Book a consultation and Peter will tell you what good looks like for the deal, the contract or the situation you're navigating.
Technology contracts sit at the intersection of product, commercial and regulatory. The issues that matter are rarely the ones a generalist lawyer would flag first.
For most tech businesses, the code, the model weights, the architecture and the data are the balance sheet. Ownership, licensing and protection aren't paperwork — they're the product.
Customers renegotiate at renewal. Features change mid-contract. Product teams promise things sales haven't caught up with. Contracts need to flex without breaking.
UK GDPR, international transfers, Online Safety Act, AI Act exposure, sector-specific obligations. The regulatory stack keeps growing, and the contracts need to carry it.
Procurement redlines, security questionnaires, audit rights, DPA addenda, termination for convenience. Closing the enterprise deal is half the legal work in the sector.
Investors and acquirers look hard at the contract stack. Clean paper, proper IP chain, sensible precedents — or a painful clean-up later. The earlier, the cheaper.
Tech businesses rarely sell in one country. US customers, EU data subjects, offshore developers. The contracts have to work across jurisdictions without creating new problems.
Our three services map to the work that shows up across technology businesses. Each one draws on sector-specific precedent, positions and instincts.
Customer MSAs, enterprise subscriptions, reseller and partner deals, supplier agreements, DPAs. The paper that carries revenue through every cycle.
Commercial strategy, regulatory posture, risk frameworks, contract governance. The counsel founders and commercial teams rely on before the deal is on paper.
IP ownership, licensing, assignment, confidentiality, open source posture. The clauses that protect the asset and the commercial arrangements built on top of it.
Technology is a broad church — and Peter has worked across most of it.
First enterprise MSA, customer template, pricing tiers, investor-ready paper. The commercial legal spine for businesses moving from product-market fit to repeatable sales.
In-house teams running procurement on vendor contracts — cloud, infrastructure, platforms, AI tools. Overflow support and senior escalation on the deals that matter.
Developer-first businesses selling into engineering orgs. Usage-based pricing, API licences, open-core and community edition terms, security addenda.
Model providers, AI application businesses, data platforms. Training data, model licensing, output rights, liability carve-outs, regulator-ready posture.
Technology sits on a live, layered regulatory backdrop. These are the frameworks that touch most deals in the sector.
The default backdrop to almost any tech deal that touches personal data. Lawful basis, data subject rights, DPIAs, Article 28 DPAs, international transfer mechanisms.
Cookies, marketing consent, electronic direct marketing. Sits alongside UK GDPR and catches out consumer-facing tech more often than it should.
Duties on user-to-user and search services. Risk assessments, content governance, illegal-content duties. Live and evolving under Ofcom — increasingly contractual.
Cybersecurity obligations on essential and digital service providers, and on connectable consumer products. A growing contractual expectation from enterprise buyers.
Risk-tiered obligations on providers and deployers of AI systems. UK-based companies selling into the EU need to know where they sit — and the contracts need to reflect it.
Where technology is sold to consumers — digital content, digital services, online sales — quality, conformity and remedies frame the consumer-facing half of the business.
Recurring pressure points across software, platform, devtools and AI deals. The ones that cost real money when they break.
Integrations, custom features, enterprise connectors. The default rarely matches the expectation on either side. If it isn't written down before the work starts, it's a negotiation you'll lose later.
Code written by contractors — especially offshore — has to be properly assigned. Investors and acquirers check. A single missing assignment can stall a transaction.
A cap tied to last-year fees is trivial on a five-year enterprise deal. Cap against realistic exposure — data loss, service failure, regulatory — not invoice history.
"99.9% availability" without a baseline, measurement window, exclusions and credit formula is a promise that evaporates the first time it matters.
GPL, AGPL, MIT, Apache — each carries obligations that flow into customer contracts. A relaxed open-source posture can undo the commercial model the business is built on.
Output ownership, training data rights, hallucination carve-outs, regulator-ready representations. AI clauses are getting better — but most are still drafted for the press release, not the deal.
The habits that separate technology businesses with clean paper from the ones with legal clean-up on the roadmap.
One well-drafted MSA, signed off internally, held to in negotiation. Every deviation costs hours — consistency compounds faster than any single win.
Contractor assignments, employee IP clauses, open-source register. A tidy IP chain is the cheapest due diligence deliverable you'll ever produce.
Numerical remedies — not vague goodwill. If the SLA fails, the customer has a formula, not a complaint.
Exit assistance, data export, source code escrow. Customers negotiate harder when the exit isn't credible. Build the parachute while the relationship is friendly.
Product changes, regulation changes, buyer expectations change. A contract review once a year keeps the paper in step with the business — and surfaces the cheap fixes before they become expensive ones.
Every engagement is scoped clearly up front and priced on a basis that suits the matter. No open-ended hourly bills. No surprises at the end. Most technology work falls into one of four pricing models.
Peter is based in Spain and delivers work remotely for technology clients across the UK. In-person meetings are arranged when the matter calls for them. The firm is registered and regulated in England and Wales (SRA) at 20 Wenlock Road, London N1 7GU.
Technology touches almost every other sector we advise in. These are the neighbours where the same contracts and commercial questions tend to show up.
Customer MSA, enterprise subscription, reseller agreement, IP question, regulatory posture. Send the draft or the situation. Peter will tell you what the real issue is and what a clean scope of work looks like.