Trowers Tech News - February 2026
What's in store for 2026: the rising tide of technology-related litigation
Technology related disputes have grown steadily in recent years, driven by the rapid digitisation of business operations, and the increasing complexity of IT and software projects. Data from the High Court shows that over the past five years, there has been a consistent rise in these types of disputes. The types of claims that are classed as technology-related can be very broad, perhaps involving software performance issues, IT infrastructure failures, or supply-chain and outsourcing issues.
As our reliance on technology grows by the day, and systems and software are embedded so deeply into business operations, even minor performance failures can lead to high value claims and thorny disputes. Given the impact that poorly performing technology can have on a business, and perhaps because of the novel questions being asked of the courts, the statistics show us that technology disputes are also more likely to proceed to trial than in other sectors.
Many of these types of claims will be categorised as contractual disputes, but given the nature of the technologies in question and the intricacies of those contracts, they can be hugely complex, requiring specialist legal teams and experts to assist in resolution. Whilst the Technology and Construction Court is generally favoured in handling many of these disputes due to the specialisms of its judges and its capacity to manage more technically intricate matters, it's unclear whether and how the expertise of the courts can keep apace with rapid development of technology.
What is clear is that this upward trajectory is set to continue across 2026, in both the technology sector and beyond. The law will need to develop as rapidly as the technology to enable the courts to deal with these increasingly complex questions.
Amy-Rose Hayden, Senior Associate and Richard Judd, Trainee Solicitor
Ofcom's growing enforcement toolkit under the Online Safety Act 2023 (OSA)
With new Codes of Practice under the OSA coming into force in March 2025, Ofcom has been granted investigative and enforcement powers to ensure that platforms are meeting their OSA obligations. It has since reported that 21 investigations into the providers of 69 websites, including 4chan, Gofile, Im.ge and other filesharing platforms have been commenced.
Ofcom's powers include the right to serve an organisation with an information request, to which failure to respond is a criminal offence. For instance, Ofcom levied a £20,000 fine against '4chan' for failure to respond to an information request which directed the website to conduct an assessment into its risk of hosting harmful content. On 12 February 2026, 4chan was then issued with a provisional notice of contravention which entitles Ofcom to bring further fines for non-compliance. If enforcement seems unlikely, Ofcom can impose an 'access restriction order' against offending websites to require UK app stores and internet service providers to stop working with them.
With the current spotlight on regulation of online content and alignment to global safety regimes, it seems likely we will continue to see Ofcom take a firm stance against non-compliance with the OSA as part of its roadmap to ensuring online safety.
Joseph Hannify, Associate
Cyber & data litigation
Cyber attacks and data breaches continue to drive an increase in litigation, with recent cases illustrating the scale of exposure that organisations face when personal data is compromised. One of the more notable matters currently before the court is Spurgeon v Capita PLC, arising from Capita’s 2023 cyber attack. The incident affected numerous pension scheme members whose data was accessed by attackers. Claimants allege that Capita failed to implement adequate technical and organisational safeguards to prevent the breach, and that this failure caused significant distress and risk of misuse of their personal information. The court has allowed the claims to move forward in the face of an application for strike out, signalling once again that organisations may be held accountable not just for actual misuse of data, but for the anxiety, inconvenience and perceived loss of control that can follow a breach.
This is also highlighted in Farley v Paymaster (1836) Limited, which reflects the growing momentum behind group data breach claims. The Court of Appeal overturned the High Court's previous strike-out and confirmed that there is no "de minimis" or "threshold of seriousness" requirement for UK GDPR damages claims. This underscores the courts’ willingness to entertain claims for low level distress, reinforcing that even seemingly minor impacts can give rise to actionable harm. Internationally, litigation risk continues to escalate: T Mobile’s 2022 settlement of $350 million following a major US data breach remains one of the clearest examples of the financial consequences of large scale cyber incidents.
It is becoming increasingly clear that cyber incidents are no longer just operational crises – they are a major litigation risk, a risk that is set to continue rising.