Summaries of Judgments

United States v. Carter (532 F. Supp. 3d 884 (N.D. Cal. 2021)) addressed the definition of cybercrimes. The court held that cybercrimes encompass offenses in which computers serve either as the direct object of criminal conduct or as the instrumental tool facilitating wrongdoing. By clarifying this scope, the judgment provided guidance on the reach of federal statutes in prosecuting computer-based offenses. It applied an interpretive approach to the Computer Fraud and Abuse Act and related federal criminal laws to ensure broad coverage of digital misconduct.

Donaldson v. State (262 So. 3d 1135 (Miss. Ct. App. 2018)) examined the admissibility of digital evidence in a child-pornography prosecution. When defense counsel failed to disclose laptop evidence and related expert testimony during discovery, the court excluded both as a sanction for the discovery violation. The judgment underscored the importance of strict compliance with discovery obligations in digital-evidence cases. It applied the commercial practices rule sanction under 16 CFR § 1025.37.

United States v. Nistor (No. 5:18-CR-81-JMH-MAS-14) addressed law enforcement’s search of social-media accounts. The district court treated digital profiles as private property, holding that a warrant based on probable cause was necessary before accessing personal messages. The decision emphasized the extension of Fourth Amendment protections to online contexts. It applied the Amendment’s warrant requirement to searches of electronic communications.

State v. Hunt (CR-18-0886 (Ala. Crim. App. Mar. 13, 2020)) considered the scope of digital-device search warrants. The appellate court upheld evidence despite a typographical error in the warrant’s description, citing the gravity of the child-pornography offense involved. The judgment illustrated a flexible approach to warrant interpretation when public safety concerns are compelling. It applied established case law on the interpretation of search warrants to prevent minor drafting errors from invalidating lawful searches.

Pacyno v. R. ([2024] NICA 3) examined sentencing for online child-pornography possession. The court imposed an aggravated sentence even though the victims remained anonymous, affirming that mere possession of illicit images warranted severe punishment. The ruling reinforced a zero-tolerance stance against digital sexual exploitation. It applied UK child-pornography legislation that criminalizes mere possession, regardless of the victim’s identity.

United States v. Reddick (900 F. 3d 636 (5th Cir. 2018)) addressed the admissibility of hash-value evidence in digital forensic investigations. The Fifth Circuit permitted matching hash values to serve as conclusive proof of file possession, streamlining the presentation of digital evidence. This judgment endorsed technological precision in criminal prosecutions. It applied the Federal Rules of Evidence governing the admissibility of scientific and technical evidence.

Van Buren v. United States (141 S. Ct. 1648 (2021)) clarified unauthorized access as theft under the Computer Fraud and Abuse Act. The Supreme Court ruled that accessing private databases without permission constitutes statutory theft. This interpretation broadened the Act’s scope to protect digital assets. It applied 18 U.S.C. § 1030, emphasizing that conduct exceeding authorized access carries criminal liability.

Economic Misdemeanor No. 887/2020 (Cairo, Jun. 30, 2021) applied traditional harassment offenses to digital conduct. The Egyptian court held that cyberharassment falls under Article 306 bis of the Penal Code. This ruling extended established harassment statutes to online platforms. It applied national penal provisions to regulate electronic communications.

Hartley v. State (2022 Ark. 197 (Ark. 2022)) invalidated a conviction fee imposed for digital sexual-offense investigations when no designated digital forensic personnel were assigned. The Arkansas Supreme Court vacated the fee for failing to meet statutory requirements. This judgment emphasized procedural compliance in cybercrime prosecutions. It applied Ark. Code § 5-4-706(b)(2) governing court costs for digital investigations.

United States v. O’Connor (No. 1:21-cr-00536-JSR (S.D.N.Y. 2023)) involved sentencing for cryptocurrency theft via social-media phishing. The Southern District of New York imposed a five-year term following extradition for defrauding investors. This decision underscored federal priorities in prosecuting emerging digital-asset crimes. It applied federal computer-intrusion and financial-fraud statutes to cryptocurrency offenses.

Prosecution v. Muriuki et al. (RP/ECON 00002/2020/TGI/GSBO (Rwanda 2021)) addressed employee-facilitated bank fraud through unauthorized system access. The Rwandan High Court convicted an accountant as a co-offender for abusing internal controls. This ruling highlighted individual criminal accountability for insider cyber fraud. It applied Rwandan criminal statutes on unauthorized access and financial misconduct.

Hewson v. Commissioner of Police of the Metropolis ([2018] EWHC 471 (Admin)) considered cyber harassment and the lawfulness of Pre-Trial Harassment Letters. The High Court upheld the issuance of a Prevention of Harassment Letter as a proportionate policing measure. This judgment confirmed the adequacy of legal safeguards in online harassment cases. It applied the Protection from Harassment guidance governing civil preventive measures.

United States v. Klyushin (No. CR 21-10104-PBS (D. Mass. 2023)) addressed venue in computer-crime prosecutions. The court confirmed that venue is proper in any district where an essential element of the offense occurred, even if actions were conducted remotely. This ruling broadened the interpretation of federal venue statutes for cyber offenses. It applied the federal venue statute to digital-evidence cases.

In Van Buren v. United States (593 U.S.  (2021), Nathan Van Buren, a Georgia police sergeant, used his authorized credentials to run a license plate search in a law enforcement database in exchange for $5,000 from an acquaintance. Although he had legitimate access to the database, the purpose of the search was personal and corrupt. The government charged him under the Computer Fraud and Abuse Act (CFAA), claiming that using the system for an improper purpose meant he “exceeded authorized access.” The issue was whether the CFAA applies when a person with legitimate credentials misuses information they are entitled to access. The Court held that Van Buren did not exceed authorized access, since he did not enter restricted areas of the system but only misused permitted information. The ruling clarified that the CFAA criminalizes hacking into unauthorized areas, not improper uses of authorized data. Van Buren’s CFAA conviction was overturned.

The judgment in Abdul Waqeel & others v. The State & others, PLD 2025 Peshawar 206, is a landmark ruling in Pakistan’s cyber law jurisprudence. The Peshawar High Court held that an Ex-Officio Justice of the Peace lacks authority to order local police to register a cross-version in cases already investigated by the FIA. The Court affirmed the FIA’s exclusive statutory jurisdiction over cyber and financial crimes, emphasizing the need for specialized expertise, centralized enforcement, and procedural integrity. By prohibiting parallel FIRs and fragmented investigations, the ruling safeguards due process, prevents forum shopping, and strengthens effective cybercrime governance.

Community Bank of Trenton v. Schnuck Mkts., Inc. (887 F. 3d 803 (7th Cir. 2018)) considered data-breach damages under tort law. The Seventh Circuit applied the economic-loss rule to bar recovery of purely economic harm without property damage or personal injury. The judgment limited financial restitution claims following cybersecurity incidents. It applied the economic-loss principle to delineate tort liability in data-breach litigation.

Hartigan v. Macy’s, Inc. (No. 20-10551-PBS (D. Mass. 2020)) addressed standing in privacy claims arising from data breaches. The district court found that a credible threat of identity theft constitutes an injury-in-fact under the Privacy Act. This judgment expanded the threshold for pleading standing in unauthorized-access cases. It applied statutory standing requirements of the Privacy Act to alleged data compromises.

I Tan Tsao v. Captiva MVP Restaurant Partners, LLC (No. 18-14959 (11th Cir. 2021)) similarly examined standing based on identity-theft risk. The Eleventh Circuit confirmed that an increased identity theft risk constitutes cognizable injury under the Privacy Act. The ruling aligned with decisions broadening constitutional and statutory standing doctrines in privacy contexts. It applied the Privacy Act’s injury-in-fact requirement to digital-breach claims.

McNeil v. Duncan (No. 19-694 (RDM) (D.D.C. 2022)) addressed corporate website security and tort liability. The District of Columbia held that a negligent-interference claim survives a motion to dismiss if the plaintiff alleges that the defendant failed to implement reasonable digital-security measures. The judgment clarified pleading standards for cybersecurity-related torts. It applied general business-tort pleading requirements to the digital-security context.

Lanahan v. Regions Bank (No. 3:23-cv-00510 (M.D. Tenn. 2024)) considered a bank’s duty of care in fraud-alert warnings. The Middle District of Tennessee found that generic fraud alerts were insufficient to satisfy the bank’s obligations when customers face identity-theft risks. The ruling strengthened banks’ responsibilities to provide timely, informative fraud warnings. It applied Tennessee negligence and duty-of-care principles in financial-services contexts.

Wallace v. Commonwealth (76 Va. App. 696, 883 S.E.2d 664 (Va. Ct. App. 2023)) examined liability for ATM-security breaches. The Virginia Court of Appeals affirmed that banks owe a duty to secure ATM systems and may be held liable for vulnerabilities that enable unauthorized access. The decision reinforced financial institutions’ duty to protect electronic banking infrastructure. It applied general duty-of-care principles in electronic-banking contexts.

Bolger v. Amazon.com, LLC (53 Cal.App. 5th 431 (Cal. Ct. App. 2020)) considered e-commerce product liability under the Restore Online Shoppers’ Confidence Act. The California Court of Appeal held that online retailers can be liable for defective products in the same manner as brick-and-mortar sellers. This judgment expanded consumer protections in digital marketplaces. It applied ROSCA’s provisions to establish retailer liability for third-party goods.

Rahman v. Hassan & Ors ([2024] EWHC 1290 (Ch)) addressed death-bed gifts of online-account credentials. The Chancery Division recognized login details as valid donatio mortis causa, enabling the posthumous transfer of digital-asset access rights. This ruling clarified property-law principles for intangible assets. It applied traditional donatio mortis causa doctrines to modern credential transfers.

The jurisprudential thesis 2030673 (1a./J. 112/2025) from the First Chamber of Mexico's Supreme Court of Justice of the Nation (SCJN) establishes new, stricter requirements for digital consent in electronic contracts and e-commerce, strengthening consumer protection under Civil Law. The ruling addresses the validity of online adhesion contracts and determines that mere navigation on a website or clicking a general "continue" button to complete a transaction is insufficient to signify informed and express acceptance of contractual terms. Instead, the SCJN mandates that valid digital consent requires the consumer to perform a specific, affirmative action. This could be explicitly marking an "I Accept" checkbox or clicking a button clearly labeled for the acceptance of terms and conditions. The criteria obligates e-commerce platforms and businesses to design purchasing processes that ensure the user's consent is conscious, clear, and verifiable, and to retain evidence of this acceptance to legally uphold the contract.

The case of United States v. Ramon Olorunwa Abbas, a.k.a. "Ray Hushpuppi," Case No.: 2:20-mj-02992 (C.D. California, 2020), involved the prosecution of the Nigerian social media influencer for his role in a global cyber-enabled financial crime conspiracy. Abbas, who gained notoriety for flaunting his lavish lifestyle, was arrested in Dubai in June 2020 and later extradited to the U.S. The charges stemmed from multiple sophisticated **Business Email Compromise (BEC) schemes** and money laundering operations. Abbas and his co-conspirators were found to have hacked corporate email systems, impersonated executives, and manipulated companies into wiring large sums of money to fraudulent accounts. Specific instances included defrauding a victim in the U.S. of approximately **$922,857** and attempting a $1.1 million fraud against a Qatari businessman, with overall fraudulent wire transfers totaling millions of Euros. Abbas faced charges including **Wire Fraud (18 U.S.C. §1343)** and **Money Laundering (18 U.S.C. §1956)**. He ultimately pleaded guilty to conspiracy to engage in money laundering in 2021 and was sentenced in November 2022 to **11 years** in federal prison. The case established a strong precedent for successful cross-border law enforcement cooperation and reinforced U.S. jurisdiction over cybercrimes committed internationally that affect American businesses and financial networks.

Rytikov v. Ukraine ([2024] ECHR 460) involved detention without prompt judicial authorization. The European Court of Human Rights held that the applicant’s detention violated the Convention’s requirement for judicial review of deprivation of liberty. This ruling reinforced the safeguard against arbitrary state interference in individual freedom. The court grounded its decision in Article 5 of the European Convention on Human Rights, mandating timely judicial oversight of any detention.

Sanchez v. France ([2023] ECHR 418) involved hate speech directed at protected groups. The European Court determined that implicit references to ethnicity or religion in abusive statements meet the threshold for hate speech. This ruling tightened the Convention’s hate-speech jurisprudence. It applied Article 10 to balance free expression against the need to shield vulnerable communities from targeted hostility.

Tugushev v. Orlov ([2021] EWHC 1514 (Comm)) dealt with cross-border disclosure of confidential bank documents. The Commercial Court refused an order that would contravene foreign investigatory laws. This decision underscored the doctrine of international comity in transnational litigation. It applied comity principles to protect confidential information from conflicting legal regimes.

London Borough of Hackney v. Information Commissioner ([2024] UKFTT 373 (GRC)) evaluated Freedom of Information Act exemptions for national security. The tribunal upheld section 58, affirming public authorities’ power to classify sensitive information. The judgment balanced transparency against security imperatives. It applied FOIA 2000 s. 58 to delineate grounds for withholding data.

Roman Zakharov v. Russia (Application no. 47143/06). The applicant challenged Russia’s system of covert interception of mobile communications, arguing it violated Article 8 of the European Convention (privacy and correspondence). Under Russian law, interception required judicial authorization, but the Operational Search Activities Act (1995) allowed broad grounds for surveillance, with weak oversight and vague safeguards. The Court held that Zakharov could claim victim status without proving actual interception, since the law’s structure exposed all mobile users to a reasonable risk. Assessing the framework, it found deficiencies: insufficient judicial control, lack of precision, absence of effective remedies, and weak safeguards on storage and use of data. Unanimously, the Court ruled that Russia had violated Article 8. The judgment set an important precedent: surveillance regimes must contain clear limits, effective oversight, and remedies, reinforcing that even the existence of inadequate laws can infringe privacy rights.

In Satakunnan Markkinapörssi Oy and Satamedia Oy v. Finland (App. no. 931/13), two companies published a newspaper and an online database, Verokäräjät, containing searchable tax information of thousands of Finnish citizens. Many individuals complained of privacy violations. The issue before the European Court of Human Rights (ECtHR) was whether Finland’s prohibition on publishing the database violated Article 10 ECHR (freedom of expression). The Court applied Article 10(2), which allows restrictions if prescribed by law, pursuing a legitimate aim, and necessary in a democratic society. Balancing with Article 8 (right to privacy), the Court emphasized that while tax transparency has some public interest, the database lacked journalistic purpose and constituted a systematic invasion of privacy. It was primarily a commercial enterprise rather than contributing to public debate. Granting Finland a margin of appreciation, the ECtHR found the restriction proportionate. concluding that no violation of Article 10—privacy outweighed expression.

Roche v. the United Kingdom, 19 October 2005 (Grand Chamber) (Application no. 32555/96). The applicant alleged that he is suffering from the effects of his exposure to toxic chemicals during tests carried out on him at Porton Down barracks in 1962 and 1963. He mainly complained, under Articles 8 and 10 of the ECHR, that he had had inadequate access to information about the tests. The Court held that there had been a violation of Article 8 of the Convention, finding that, in the overall circumstances, the United Kingdom had not fulfilled its positive obligation to provide an effective and accessible procedure enabling the applicant to have access to all relevant and appropriate information which would allow him to assess any risk to which he had been exposed during his participation in the tests.

Mustafa Sezgin Tanrıkulu v. Turkey, (Application no. 27473/06). The applicant complained about a domestic court decision of 2005 allowing the interception of communications of anyone in Turkey, including himself, for about a month and a half. He alleged in particular that the interception measures amounted to abuse of the national legislation in force at the time. The Court referred to its judgment in Roman Zakharov v. Russia, where it clarified the conditions for a claim by an applicant that he or she was the victim of a violation occasioned by the mere existence of secret surveillance measures, or legislation permitting such measures. The Court observed that that neither Law no. 4422 nor any other legislation regulated the MİT when it came to the preventive interception of telephone communications at the material time. Thus the Court held that there had been a violation of Article 8 of the Convention, finding that the interception order in this case was not in accordance with the law.

In O.G. and Others v. Greece (nos. 71555/12 and 48256/13), 23 January 2024, the European Court of Human Rights determined that Greece violated Article 8 of the European Convention on Human Rights (the right to respect for private life) by publicly disclosing medical information and images of HIV-positive individuals, predominantly sex workers, pursuant to a prosecutor directive. The Court considered that the publication of the four applicants’ data had amounted to a disproportionate interference with their right to respect for private life. The legal basis for this interference had been Article 2 and Article 3 of Law no. 2472/1997, and the aim had been “protection of the rights and freedoms of others”

The Landgericht Bonn judgment of June 3, 2025 (file ref. 13 O 156/24) marks a significant development in harmonizing data privacy standards for global digital platforms. The German court dismissed a user’s claim to prohibit transfers of personal data to the United States and to obtain compensation or information about potential access by U.S. intelligence services, holding that such transfers complied with the GDPR where based on the European Commission’s EU-US Data Privacy Framework adequacy decision or, pre-Framework, were necessary for contract performance. The court recognized that global data flows create real conflicts between EU fundamental rights-based privacy law and U.S. national security obligations, and applied proportionality and a “state of necessity” concept to resolve irreconcilable norm conflicts. It emphasized a pragmatic approach to cyberspace regulation, viewing data protection as a shared responsibility that focuses on comparable protection standards rather than on strict territorial data sovereignty.

In Lloyd v Google LLC [2021] UKSC 50, the UK Supreme Court addressed whether compensation under the Data Protection Act 1998 can be awarded for loss of control of personal data without proof of damage or distress. The Court unanimously held that section 13 requires material damage or distress and rejected the representative action under CPR 19.6, as individualised assessment of harm was necessary, significantly limiting collective data protection claims in the UK.

Capitol Records v. British Telecommunications Plc ([2021] EWHC 409 (Ch)) concerned ISP injunctions blocking copyright-infringing file-hosting websites. The High Court granted an order requiring the ISP to block access to unlicensed file‐sharing platforms. This decision reinforced rights holders’ ability to curb digital piracy at the network level. It applied CDPA 1988 provisions authorizing injunctions against intermediaries.

Matchroom Boxing Ltd v. BT Plc ([2020] EWHC 2868 (Ch)) similarly involved blocking orders against ISPs facilitating copyright infringement. The court granted an injunction compelling BT to block unauthorized sports-streaming sites. The judgment underscored consistent enforcement of intellectual property rights in digital distribution. It applied the CDPA 1988 injunction provisions for intermediaries enabling infringement.

Lifestyle Equities CV v. Amazon UK Services Ltd. ([2021] EWHC 118 (Ch)) dealt with trademark liability for online listings. The High Court held that Amazon’s passive role in listing branded goods by third-party sellers does not amount to trademark infringement absent evidence of endorsement. This ruling protected e-commerce platforms from strict liability for user-generated content. It applied the UK Trade Marks Act to clarify intermediaries’ safe harbor.

InterDigital Technology Corp. v. Lenovo Group Ltd ([2023] EWHC 1583 (Pat)) addressed patent jurisdiction over global sales. The Patents Court extended UK jurisdiction to acts inducing infringement within its territory, even where initial sales occurred abroad. This decision broadened enforcement options for cross-border patent holders. It applied the UK Patents Act’s jurisdictional rules and infringement definitions.

Kove IO, Inc. v. Amazon Web Services, Inc. (1:18-cv-08175) saw a jury award of $525 million for infringement of three cloud-storage patents, with AWS subsequently filing motions for judgment as a matter of law and a new trial, challenging the apportionment of damages. It arose from Kove’s December 2018 suit accusing AWS’s S3 and DynamoDB services of infringing three distributed-data-storage patents. On March 8, 2022, Judge Rebecca Pallmeyer granted AWS’s motion to stay the litigation pending ex parte reexamination of all three patents at the USPTO, finding that any prejudice to Kove was not undue and that a stay would simplify the issues and conserve judicial resources.

Netlist, Inc. v. Micron Technology, Inc. (2:25-cv-00552) resulted in a $445 million damages award after the jury found willful infringement of two memory-module patents; Micron’s post-verdict motions remain pending. The dispute arose when Netlist filed suit alleging that Micron Semiconductor Products Inc., Micron Technology Texas LLC, and Micron Technology, Inc. infringed four patents covering high-bandwidth and AI-optimized memory modules. Summons were executed on May 27, and on June 11, Netlist filed its Patent/Trademark Form (AO 120) and its corporate disclosure under Federal Rule of Civil Procedure 7.1. Between June 17 and June 24, attorneys for both sides entered appearances, and Micron filed a Motion to Dismiss and a Request for Judicial Notice with supporting exhibits. On June 26, Judge Rodney Gilstrap ordered this case consolidated for all pretrial proceedings with lead docket No. 2:25-cv-00557, directing all future filings to the lead case.

IPA Technologies Inc. v. Microsoft Corporation (1:18-cv-00001) involved a single patent covering AI assistant voice-command processing, leading to a $242 million jury verdict in favor of IPA Technologies. It arose from IPA’s suit accusing Microsoft of infringing three distributed-agent coordination patents. After extensive briefing and appearance motions, Judge Richard G. Andrews issued a Markman order on April 27, 2023, construing key “interagent communication language” terms in U.S. Patents 6,851,115; 7,069,560; and 7,036,128. Following post-construction proceedings, the parties stipulated to terminate the case on June 20, 2024.

The case of Gucci America, Inc. v. Lord & Taylor Ecomm LLC, 1:23-cv-10239, (S.D.N.Y.) centered on claims of trademark counterfeiting, infringement, and dilution. Gucci sued the online retailer after determining it was selling counterfeit Gucci-branded handbags, shoes, and belts. Lord & Taylor Ecomm LLC failed to secure counsel and defaulted, leading the U.S. District Court for the Southern District of New York to enter a default judgment in Gucci's favor. The court found the retailer liable, issued a permanent injunction, and subsequently awarded Gucci $1.3 million in statutory damages and held Lord & Taylor in civil contempt for failing to comply with the order to turn over or destroy the fake goods.

The Intellectual Property Enterprise Court (IPEC) case of Engineer.AI Global Ltd v Appy Pie Ltd & Anor [2024] EWHC 1430 (IPEC) focused on the validity and infringement of trade marks in the "no-code" software development industry. Engineer.ai, which offers AI-related app-building services, sued its competitor Appy Pie for infringing its registered "BUILDER" formative trade marks (e.g., BUILDER, BUILDER.AI). Engineer.ai claimed that Appy Pie's use of terms like "App BUILDER" and "Chatbot BUILDER" infringed its intellectual property. The Court, led by Judge Melissa Clarke, dismissed the infringement claim and found the registered marks to be partially invalid. The central finding was that the term "BUILDER," even when combined with ".ai" or other terms, was inherently descriptive and widely used in the software industry to denote a tool for creation. As such, the average consumer would perceive it as a descriptive term for the service, not as an indicator of a single trade source (Engineer.ai). Furthermore, the claimant failed to provide sufficient, reliable evidence to demonstrate that the marks had acquired distinctiveness through use. The judgment confirms the high bar for protecting marks deemed descriptive in the technology sector, particularly for generic terms that describe a service's function.

In LI v. LIU, (2023) Jing 0491 Min Chu No. 11279 (2023), the plaintiff (LI) generated an image, "Spring Breeze Brings Tenderness," using the Stable Diffusion AI model and published it on social media. The defendant (LIU) then used the image in a poem article without permission, and allegedly removed the plaintiff's watermark.This judgment from the Beijing Internet Court in China is a landmark ruling on the copyright of content generated by Artificial Intelligence (AI). The Court determined that the AI-generated picture constitutes a work of fine art under China's Copyright Law. It reasoned that the plaintiff’s intellectual input in selecting the model, designing prompt words, setting parameters, and making final selections reflected sufficient originality and personalized expression. Because the AI model lacks legal personhood, the person who made the intellectual investment in the creation process, the plaintiff, is deemed the author and copyright holder. The court found the defendant infringed on the plaintiff’s right of authorship and right of dissemination on the information network, ordering an apology and 500 yuan in economic compensation.

The English High Court case of Getty Images (US) Inc & Ors v Stability AI Ltd, [2023] EWHC 3090 (Ch), addressed the critical issue of intellectual property infringement by Generative AI. Getty Images sued Stability AI, the creator of the Stable Diffusion image generation model, alleging that the company unlawfully "scraped" millions of copyrighted images from its websites to train its AI model. The claim included copyright infringement, database right infringement, and trade mark infringement, particularly when the AI's output images reproduced Getty's copyrighted works or watermarks. Stability AI applied for summary judgment and strike-out, arguing that the training occurred outside the UK (thus lacking jurisdiction) and that key claims had no real prospect of success. Justice Joanna Smith dismissed the application, ruling that the claims—specifically those concerning the AI's training and the resulting infringing outputs (Secondary Infringement Claim)—had a realistic prospect of success and involved novel, unresolved legal issues. The judgment permits the case to proceed to a full trial, establishing it as a landmark test of how UK copyright law will apply to the unauthorized use of creative works for training large-scale AI systems.

The Intellectual Property Enterprise Court (IPEC) case of Engineer.AI Global Ltd v Appy Pie Ltd & Anor [2024] EWHC 1430 (IPEC) focused on the validity and infringement of trade marks in the "no-code" software development industry. Engineer.ai, which offers AI-related app-building services, sued its competitor Appy Pie for infringing its registered "BUILDER" formative trade marks (e.g., BUILDER, BUILDER.AI). Engineer.ai claimed that Appy Pie's use of terms like "App BUILDER" and "Chatbot BUILDER" infringed its intellectual property. The Court, led by Judge Melissa Clarke, dismissed the infringement claim and found the registered marks to be partially invalid. The central finding was that the term "BUILDER," even when combined with ".ai" or other terms, was inherently descriptive and widely used in the software industry to denote a tool for creation. As such, the average consumer would perceive it as a descriptive term for the service, not as an indicator of a single trade source (Engineer.ai). Furthermore, the claimant failed to provide sufficient, reliable evidence to demonstrate that the marks had acquired distinctiveness through use. The judgment confirms the high bar for protecting marks deemed descriptive in the technology sector, particularly for generic terms that describe a service's function.

The court order In Re: Use of Artificial Intelligence, 3:24-mc-00104,  dated June 18, 2024, is a Standing Order requiring attorneys and pro se parties to certify the role of AI in their court filings. The court expressed concern over the reliability of filings prepared using Generative AI (like ChatGPT), citing reports of fictitious case cites and unsupported arguments—known as "hallucinations." To mitigate this risk, the order mandates a two-part certification in all briefs and memoranda: 1. Limited AI Use: Certification that no artificial intelligence was used for research, except for the AI embedded within standard, professional legal research platforms like Westlaw, Lexis, FastCase, and Bloomberg. 2.  Human Verification: Certification that every statement and citation has been checked and verified by an attorney or paralegal (or the pro se party) for its accuracy and the proposition for which it is offered. In short, the court is enforcing human professional diligence as the final safeguard against AI errors in legal filings.