Recent Insights & New Year Wishes

Introduction

The enforcement of arbitration awards rendered under the ICSID Convention in England and Wales is governed by a distinct legal framework, primarily under the Arbitration (International Investment Disputes) Act 1966 (1966 Act) (the “1996 Act”). This framework differs from the enforcement of non-ICSID awards under mechanisms like the New York Convention. This article examines the procedures, legal principles and challenges involved in enforcing ICSID awards in England and Wales, with a focus on state immunity and execution against state assets.

ICSID Arbitration

Investment treaty arbitration, or investor-state dispute settlement (“ISDS”), involves disputes between investors and foreign states under investment treaties. ICSID arbitration, administered by the International Centre for Settlement of Investment Disputes, is a leading forum for such disputes. A key feature of ICSID arbitration is its independence from national courts, as awards are insulated from substantive judicial review at the recognition and enforcement stages.

Under Article 54(1) of the ICSID Convention, contracting states must recognise awards as binding and enforce the pecuniary obligations imposed by them as if they were final judgments of the courts in those states. The execution of awards against specific assets is governed by the domestic laws of the enforcing state.

Framework for Enforcement in England and Wales

a. Competent Courts and Procedure

Applications for the recognition and enforcement of ICSID awards in England and Wales are made to the High Court under the 1966 Act and CPR Part 62.21. The award creditor must submit evidence including the certified award, translations (if necessary) and details of any stays or pending ICSID proceedings. Once registered, the award has the same legal force as a judgment of the High Court.

b. Key Principles

English courts are limited to verifying the authenticity of an ICSID award during recognition and enforcement proceedings. They cannot examine the award’s merits, fairness or propriety of the ICSID tribunal’s process. Grounds for resisting recognition are exceptionally limited, as confirmed in recent cases such as Infrastructure Services Luxembourg v Kingdom of Spain [2023] EWHC 1226 (Comm).

State Immunity and Execution: Recognition and Enforcement

The UK's State Immunity Act 1978 (“SIA 1978”) applies to recognition and enforcement of ICSID awards. While state immunity is engaged, exceptions under Section 2 of SIA 1978 allow the registration of ICSID awards, as contracting states are deemed to have consented to the jurisdiction of enforcing courts under the ICSID Convention (Infrastructure Services Luxembourg v Kingdom of Spain [2024] EWCA Civ 1257).

Execution Against State Assets

The execution of ICSID awards against state assets is subject to domestic laws. Under SIA 1978, immunity from execution applies unless:

• the state has expressly waived immunity; or

• the assets targeted are used for commercial purposes.

Practical examples of attachable assets include state-owned commercial premises or commodities. Freezing injunctions in aid of enforcement may require express waivers of immunity.

Grounds for Refusal or Stay of Enforcement: Refusal of Recognition

There are no explicit grounds for refusing recognition of ICSID awards under the 1966 Act. However, in Micula v Romania [2020] UKSC 5, the UK Supreme Court suggested that “exceptional or extraordinary circumstances” might justify refusal, though no such case has yet been decided.

Under CPR 62.21(5), enforcement may be stayed if the ICSID Convention proceedings allow for it, such as when an application for interpretation, revision or annulment of the award is pending.

Practical Insights and Challenges

• The ICSID Convention protects awards from review at the enforcement stage, reducing potential delays and objections.

• While recognition is largely automatic, execution can be challenging, particularly when state assets are shielded by immunity.

• Applications to register ICSID awards are relatively straightforward, with no requirement to serve a claim form or hold an inter partes hearing.

Conclusion

The enforcement of ICSID Convention awards in England and Wales strikes a balance between international obligations under the ICSID Convention and domestic principles of state immunity. While recognition is generally straightforward, execution remains a complex process, especially against sovereign assets. Practitioners must navigate these nuances carefully to maximise the enforceability of ICSID awards.

Introduction

In Eronat v CNPC International and another [2024] EWHC 2880 (Comm), the English Commercial Court reinforced the importance of adhering to contractual time limits in arbitration. The case involved a bespoke clause allowing appeals against arbitral awards under specific circumstances, with a strict 30-day time limit after the award was "rendered". The court’s interpreted "rendered" as the date the award was made, rather than when it was notified. This underscores the need for precision in drafting in order to reflect the parties’ intentions and compliance with procedural requirements in arbitration agreements.

Practical Implications

The judgment serves as a reminder for parties to act promptly when challenging arbitral awards. Under arbitral rules like the LCIA Rules, appeals are generally excluded. Bespoke provisions in contracts can create exceptions, however these require clear drafting and a thorough understanding of how contractual terms interact with arbitral rules and the Arbitration Act 1996 (“AA 1996”).

Parties contemplating agreements which detract from the finality of arbitration should carefully evaluate how terms like "rendered" may be interpreted against the practical steps of the arbitration process. Timely action is crucial to avoid losing the right to appeal due to strict procedural context underpinning the interpretation exercise.

Background of the Dispute

The case arose from a Deed of Indemnity between Friedhelm Eronat (the “Claimant”), CNPC International (Chad) Ltd and Cliveden Petroleum Co. Ltd (the “Defendants”), and a third party, CITIC Energy Inc. The Indemnity, governed by Hong Kong law, formed part of a transaction where the First Defendant acquired a stake in the Second Defendant from the Claimant. Subsequently, Carlton Energy Group LLC, a third party, entered into an agreement with the Second Defendant for oil and gas exploration in Chad. After disputes over unpaid sums, Carlton initiated arbitration, resulting in a settlement under which the Second Defendant was ordered to pay $324.65 million. The Defendants then sought to recover this amount from the Claimant under the Indemnity.

The Arbitration

The arbitration was London-seated under LCIA Rules. On 11 April 2024, the tribunal issued an award finding the Second Defendant entitled to indemnification. The parties were notified of the award on 16 April 2024.

The Appeal

The Indemnity included a bespoke clause allowing appeals on material errors in fact or law, provided the appeal was "brought within thirty (30) days after the decision is rendered". The Claimant filed an appeal on 16 May 2024, 30 days after notification but 35 days after the award was made.

The Court’s Decision: Time Limit Strictly Construed

The court held that the time limit began on 11 April 2024, when the award was made. The court found that "rendered" is intrinsically linked to the making of the award, consistent with both the LCIA Rules and the AA 1996, and therefore the Claimant’s argument was “hopeless”:

• The LCIA Rules distinguish between the making of an award (Article 26.1) and its notification to the parties (Article 26.7).

• Section 70(3) of the AA 1996 similarly ties the appeal period to the date the award is made, while Section 55 addresses notification requirements.

No Extension of Time

The court refused to grant a retrospective extension for filing the appeal, citing a lack of jurisdiction due to the parties’ waiver of rights under the AA 1996. Even if jurisdiction existed, the court emphasised the importance of finality in arbitration and the need for "utmost expedition" in the arbitral processes. The court subsequently granted the Defendants' application to enforce the award.

In a landmark decision on 13 December 2024, Limbu v Dyson Technology Ltd [2024] EWCA Civ 1564, the English Court of Appeal ruled that allegations of forced labour in Malaysian factories supplying Dyson should be heard in the English courts. This decision overturns an earlier ruling by the High Court that the claims should proceed in Malaysia.

The claimants, migrant workers from Nepal and Bangladesh, allege they were trafficked and subjected to abusive and exploitative working conditions while employed by ATA IMS, a third-party Malaysian supplier producing components for Dyson products. Dyson terminated its contract with ATA in 2021 amidst rising scrutiny over labour conditions.

The Court’s Rationale

The Court of Appeal, with Lord Justice Popplewell giving the main judgment, held that England was "clearly and distinctly the appropriate forum" for the claims. Popplewell LJ stated that the alleged breach by Dyson UK involved a management failure to ensure adequate policies were implemented in Malaysia and to act on known or foreseeable abuses. The core allegations concern decisions and omissions which occurred within Dyson's UK operations.

Claims Against Dyson

The 24 claimants, led by whistleblower Dhan Kumar Limbu, seek compensation for alleged negligence, false imprisonment and unjust enrichment. They allege being subjected to inhumane conditions, including:

• being confined to overcrowded and unsanitary accommodations

• working more than 12 hours a day for less than minimum wage

• enduring physical abuse and torture

The claimants contend that Dyson was aware of these conditions as early as November 2019 but failed to intervene.

Broader Context

The allegations gained public attention following a 2022 Channel Four programme exposing the reported abuses. Dyson subsequently initiated defamation proceedings against Channel 4 but dropped the case in August 2024 after the broadcaster filed a defence asserting the programme's accuracy. Dyson’s spokesperson emphasised that the Court of Appeal's decision relates only to procedural jurisdiction, not the merits of the workers' claims, stating: “We refute the underlying allegations against Dyson” and reiterating the company’s belief that Malaysia remains the appropriate jurisdiction for the case.

Significance of the Decision

The ruling sets an important precedent for transnational accountability in forced labour cases. By affirming that claims involving corporate oversight and management failures can be heard in a company’s home jurisdiction, the decision underscores the growing expectation for multinational corporations to address labour issues within their supply chains.

The claimants’ representative, Oliver Holland from Leigh Day, welcomed the ruling, noting it establishes a benchmark for justice for vulnerable workers: “The claimants want their case resolved quickly in the hope of getting some justice for what they endured”.

The London Court of International Arbitration (“LCIA”) has released its third batch of challenge decisions, continuing its commitment to transparency and thought leadership in international arbitration. This latest publication includes 24 LCIA and UNCITRAL arbitration challenge decisions made by the LCIA Court between 22 July 2017 and 31 December 2022. The decisions, which are available on the LCIA’s website, bring the total number of published challenges to 84. These documents offer invaluable insights into the LCIA Court’s reasoning on arbitrator challenges and the implications for standards of conduct in arbitration.

Details of the Release

The newly published decisions are presented in full, with only minimal redactions to preserve confidentiality. They are available as individual decisions or in a consolidated format accompanied by commentary. This collection excludes decisions made after 2022 to avoid including those related to ongoing arbitrations.

The LCIA’s challenge procedure ensures a reasoned decision by the LCIA Court in cases of objections to arbitrators, providing clarity and deterring frivolous challenges. This process enhances the legitimacy of the arbitration proceedings by safeguarding due process and supporting confidence in outcomes.

Significance of Challenge Decisions

Arbitrator challenges are uncommon in LCIA arbitrations and successful challenges are rarer still. The LCIA’s rigorous arbitrator appointment process, which involves a careful review of arbitrator disclosures by the LCIA Court prior to appointment, contributes to the low incidence of formal challenges. Objections raised during the disclosure process which are resolved before an arbitrator’s appointment are not considered formal challenges and are not included in the published decisions.

The LCIA’s challenge procedure plays a dual role: it reinforces the integrity of the arbitration process while preventing misuse of the challenge mechanism. Publishing these decisions benefits users, counsel and arbitrators by providing clear guidance on the grounds and standards for challenges.

Advancing Practice and Legitimacy

By making these decisions publicly available, the LCIA fosters a greater understanding of the reasoning applied in arbitrations conducted under LCIA and UNCITRAL Rules. This transparency supports the development of arbitration law and practice, offering a resource for arbitration professionals seeking to navigate issues related to arbitrator conduct.

At the same time, the limited number of challenges highlights the effectiveness of the LCIA’s appointment process which minimises potential conflicts and ensures parties are satisfied with the impartiality of arbitrators. The LCIA’s proactive approach to transparency and accountability strengthens its position as a leader in international arbitration.

Conclusion

The publication of this latest batch of challenge decisions marks another step in the LCIA’s efforts to enhance transparency and improve understanding of the arbitrator challenge process. By offering users unprecedented access to the reasoning behind these decisions, the LCIA not only bolsters trust in its arbitration framework but also contributes to the evolution of international arbitration standards.

These challenge decisions, though rare, demonstrate the robustness of the LCIA’s procedures and provide a valuable tool for practitioners navigating the complexities of arbitrator challenges in international arbitration.

The International Chamber of Commerce (“ICC”) has expanded its infrastructure for dispute resolution and prevention with the launch of a state-of-the-art hearing centre in Paris. Announced on 16 December 2024, this new facility aims to support arbitration, mediation and other dispute resolution processes, enhancing the ICC’s global services.

Features of the Paris Hearing Centre

The Paris hearing centre has been equipped with advanced technology, enabling in-person, virtual and hybrid proceedings. This approach allows participants from diverse geographic locations to engage effectively in dispute resolution processes, minimising logistical barriers. The centre also offers a variety of spaces which can accommodate hearings of different scales, from small mediations to large arbitration sessions, providing flexibility to meet the unique requirements of each case.

Sustainability has been integrated into the design of the facility, aligning with broader global efforts to reduce the environmental impact of legal proceedings. This consideration reflects the ICC’s commitment to ensuring dispute resolution remains both accessible and environmentally conscious.

Conclusion

The ICC’s new hearing centre in Paris represents a strategic addition to its global dispute resolution infrastructure. By offering advanced facilities tailored to the evolving needs of arbitration and mediation participants, the ICC reinforces its commitment to facilitating efficient and accessible dispute resolution processes.

For businesses and legal practitioners, the Paris hearing centre provides an opportunity to engage with international dispute resolution in a modern and supportive environment, contributing to the ICC’s overarching goal of fostering trust and predictability in global trade relationships.

On 16 December 2024, The European Commission referred the United Kingdom to the Court of Justice of the European Union (“CJEU”) due to its failure to terminate Bilateral Investment Treaties (“BITs”) still in effect with Bulgaria, Czechia, Croatia, Lithuania, Poland and Slovenia. These BITs, established to promote and safeguard foreign investment, offer guarantees such as equitable treatment and protection against expropriation.

The CJEU's Achmea judgment in March 2018 established that Investor-State arbitration pursuant to intra-EU BITs is incompatible with EU law. The court found such mechanisms undermine the principle of mutual trust between Member States and the primacy of EU law.

In light of this judgment, in January 2019 EU Member States, which then included United Kingdom, committed to terminate their intra-EU BITs. A coordinated termination was to be achieved through a plurilateral treaty, signed by most Member States in May 2020, or through bilateral agreements. Although the treaty was open for the UK’s signature, it did not sign the agreement nor proceed with bilateral terminations for its BITs with Bulgaria, Czechia, Croatia, Lithuania, Poland and Slovenia.

The European Commission initiated infringement proceedings against the United Kingdom by sending a letter of formal notice in May 2020, followed by a reasoned opinion in October 2020. These steps aimed to ensure compliance with EU law under the terms of the Withdrawal Agreement, which grants the Commission jurisdiction over certain matters until the end of 2024. Despite these efforts, the UK has not terminated the treaties.

The Commission contends that by maintaining these agreements, the United Kingdom breaches the principles outlined in the Achmea judgment and violates its obligations under EU law. The BITs in question were established during the UK’s membership in the EU, making them intra-EU BITs.

The case reflects the ongoing legal interplay between EU and UK obligations following Brexit. The Commission’s referral to the CJEU emphasises its role in ensuring adherence to EU law and maintaining consistency within the internal market.

For businesses and legal professionals, this development illustrates the challenges associated with managing obligations under both EU and UK legal systems. It also highlights the relevance of commitments made during the UK's membership in the EU and the mechanisms for enforcing those commitments during the post-Brexit transition period.

The decision of the CJEU in this matter may influence the interpretation of the Withdrawal Agreement and provide clarity on unresolved legal issues stemming from the UK’s exit from the EU.

Artificial Intelligence (“AI”) is transforming industries by enabling automation, predictive analytics and decision-making at unprecedented scales. However, as AI systems rely heavily on vast datasets, they introduce unique risks to data privacy and security. In the UK, questions of liability arise when AI-driven systems cause data breaches: is the fault with the developer, the organisation deploying the AI or third parties handling the data?

This article explores the UK’s legal framework for addressing AI-related data breaches, examines real-world cases and provides guidance for mitigating risks in AI systems.

AI and Data Breaches Under UK Law

AI systems process personal data at scale, often operating autonomously. While the UK does not yet have a specific legal definition of AI, frameworks such as the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018 (“DPA 2018”) govern how AI systems must handle personal data.

A data breach occurs when there is unauthorised access, disclosure or loss of personal data. Under UK GDPR, organisations must report breaches to the Information Commissioner’s Office (“ICO”) within 72 hours or face fines of up to £17.5 million or 4% of global turnover.

Key Regulatory Frameworks

The UK’s regulatory landscape for AI and data breaches includes:

• Information Commissioner’s Office (ICO): enforces UK GDPR and provides guidance through its AI Auditing Framework.

• Centre for Data Ethics and Innovation (CDEI): offers policy recommendations on ethical AI but lacks enforcement powers.

• Competition and Markets Authority (CMA): monitors the competitive impacts of AI technologies.

While proposals for AI-specific legislation are under consideration, the UK currently relies on existing data protection laws to address AI-related risks.

Real-World Examples of AI-Related Data Breaches

• DeepMind and the NHS (2017): data from 1.6 million patients was processed without proper consent in an AI healthcare project, leading to regulatory scrutiny.

• Clearview AI (2020): facial recognition technology raised privacy concerns after scraping billions of images without user consent, prompting investigations under GDPR.

These cases illustrate the challenges of transparency, consent and accountability in AI-driven data processing.

Determining Liability in AI Data Breaches

Liability in AI-related data breaches can involve multiple parties, each playing a distinct role in the development, deployment and management of AI systems. AI developers bear responsibility for security flaws in the system's design. If an AI system lacks robust security measures or contains vulnerabilities that expose data to risks, the developer may be held accountable.

Data controllers, who determine the purposes and means of data processing, hold primary responsibility under the UK GDPR. They are accountable for ensuring personal data is lawfully processed and adequately protected when using AI systems. If a breach occurs due to their oversight, they are likely to face liability.

Data processors, tasked with handling data on behalf of controllers, can also be held liable for improper data handling or breaches caused by insecure processing methods. Their responsibilities include ensuring compliance with data protection principles during all stages of processing.

Third-party vendors often play a critical role in the AI ecosystem by providing or hosting AI systems. If vulnerabilities in these services lead to a data breach, the vendor may share responsibility depending on the contractual arrangements in place. Strong indemnity clauses and clearly defined security obligations are essential to allocate liability effectively.

Mitigating Risks and Avoiding Breaches

Organisations can significantly reduce the risk of AI-related data breaches by implementing key best practices. Conducting Data Protection Impact Assessments (“DPIAs”) is essential for identifying and addressing potential risks to personal data before deploying AI systems. DPIAs help organisations anticipate and mitigate privacy concerns, ensuring compliance with data protection laws.

Adopting Privacy by Design is another critical measure. This approach integrates robust security measures and data minimisation strategies from the outset of AI system development, rather than as an afterthought. By prioritising privacy during the design phase, organisations can create systems which inherently protect sensitive data.

Ensuring transparency and accountability is equally important. AI systems should be explainable, allowing stakeholders to understand how decisions are made and enabling clear accountability in case of errors or breaches. Maintaining detailed records of decision-making processes further strengthens an organisation’s ability to demonstrate compliance and responsibility.

Finally, organisations should perform regular audits and security testing of AI systems. Continuous monitoring helps identify and address vulnerabilities before they can be exploited. By routinely testing AI systems, organisations can ensure updates or changes do not introduce new risks. These practices collectively enhance the security and resilience of AI-driven systems, protecting data and organisational integrity.

Global Comparisons

The regulatory landscape for AI varies significantly across the globe, with different regions adopting distinct approaches to data protection and AI governance. The UK has made strides in AI regulation, especially with the implementation of the UK GDPR and the establishment of bodies like the ICO and the CDEI. However, the UK's approach remains relatively broad and lacks the specificity seen in the European Union's regulations.

The EU’s General Data Protection Regulation (“GDPR”), alongside the Artificial Intelligence Act, provides a comprehensive legal framework addressing AI with greater precision. The AI Act is aimed at regulating high-risk AI systems with stricter guidelines for transparency, accountability and security, focusing on both data protection and AI-specific risks. The EU’s regulatory framework stands out for its detailed categorisation of AI systems based on their risk levels and their corresponding regulatory obligations.

In contrast, the United States operates under a more fragmented regulatory model. Unlike the EU and the UK, there is no single, overarching federal law equivalent to the GDPR. Instead, the US relies on a patchwork of sector-specific regulations, such as the Health Insurance Portability and Accountability Act for healthcare, the Gramm-Leach-Bliley Act for financial services, and the California Consumer Privacy Act (“CCPA”), which provides privacy protections for residents of California.

The CCPA, though robust, focuses primarily on consumer rights and data transparency rather than providing broad protections for personal data across industries. This fragmentation means AI companies and users must navigate multiple regulations depending on the industry and jurisdiction, leading to a lack of consistency and challenges in enforcing privacy rights. Additionally, the US has not yet implemented specific AI legislation, leaving gaps in the regulatory framework for AI technologies.

Meanwhile, Middle Eastern countries like the United Arab Emirates (“UAE”) have started aligning their regulatory approaches with global standards, particularly the GDPR. The Dubai International Financial Centre has introduced its Data Protection Law, which closely mirrors the GDPR, focusing on data privacy rights, cross-border data flows and accountability. However, AI regulation in the UAE and other parts of the Middle East remains in the early stages, with many countries yet to develop comprehensive frameworks to govern the deployment and use of AI. Despite this, there is growing recognition of the need to align with international norms, and countries like the UAE are gradually adopting frameworks that integrate both data protection and AI governance.

Conclusion

AI presents both opportunities and challenges in data processing. Organisations must comply with existing laws, proactively address risks and stay informed on regulatory developments to protect individuals’ privacy. By adopting robust safeguards and fostering transparency, businesses can balance AI innovation with the responsibility to maintain data security and trust.

Google's recent announcement of its PaliGemma 2 AI model family has sparked concerns over the growing capabilities of artificial intelligence to "read" emotions. The model, which can analyse images and generate contextually relevant captions, has been fine-tuned to recognise emotions in images, raising questions on its ethical implications. Although emotion detection is not immediate, experts warn that AI’s ability to identify emotions in this manner may result in dangerous biases and unintended consequences.

AI models designed to detect emotions have been built by companies and startups for various purposes, including sales training and accident prevention. However, the scientific basis for such systems is tentative, with experts noting emotions are complex and culturally specific, making reliable detection challenging. Critics argue emotion-detection systems often exhibit biases, as seen in previous studies where facial recognition systems showed preferences for certain expressions and misinterpreted emotions based on race.

While Google claims to have conducted extensive testing to reduce bias in PaliGemma 2, some researchers are skeptical. The model’s reliance on the FairFace benchmark, which primarily represents certain race groups, has been criticised for not fully addressing demographic diversity. Furthermore, the assumption that facial expressions can reliably indicate emotions ignores the deeper personal and cultural factors which influence emotional expression.

The potential misuse of emotion-detecting AI is a significant concern. In settings like law enforcement, hiring practices or border control, relying on such technology could exacerbate discrimination, particularly against marginalised groups. This aligns with concerns voiced by experts who warn that AI-based emotion detection can lead to further discrimination and real-world harm.

Although the European Union's AI Act has already prohibited the use of emotion detection systems in high-risk areas like schools and workplaces, models like PaliGemma 2, which are publicly available on platforms such as Hugging Face, could be more easily exploited, making it crucial for ongoing discussions about regulation and the ethical deployment of such technologies.

Experts emphasise responsible innovation requires considering the long-term societal impacts from the outset. The ability of AI to influence decisions on hiring, loans and even university admissions based on perceived emotions could create dystopian outcomes if left unchecked.