Home / People / Daniel Gallagher
Portrait ofDaniel Gallagher

Daniel Gallagher

Senior Associate

CMS Cameron McKenna Nabarro Olswang LLP
Cannon Place
78 Cannon Street
United Kingdom
Languages English

Daniel Gallagher is a technology, outsourcing and data lawyer. He has been named a “Rising Star” for Fintech by Legal 500 2024.

Daniel is experienced structuring and negotiating complex technology transactions, including technology and business process outsourcing arrangements; cloud services such as IaaS, PaaS, and SaaS; digital transformation projects; software licensing, development and collaboration agreements; and other technology and IP-rich transactions. He has represented clients on Fintech, Insurtech and Proptech transactions.

Daniel advises clients on the development, procurement and deployment of artificial intelligence (AI), as well as other emerging technologies such as robotic process automation (RPA) and distributed ledger technologies (including blockchain). As well as contracting for AI systems, he advises clients on managing risks associated with the use of AI, including through impact assessments, policies, and other governance frameworks. He is co-author of the chapter on Outsourcing in Crypto and Digital Assets Law and Regulation, and is due to be published as a contributing author in a forthcoming book on the EU AI Act.

Daniel is also experienced advising clients on the commercialisation of data, and how to comply with laws regulating the use of non-personal (industrial) data and personal data, including data licensing, processing data in complex technology arrangements, cross-border transfers, and the appropriate security and privacy measures to protect data, including in arrangements with third parties.

Daniel has been recommended by Legal 500 for Commercial Contracts in 2018 and 2019 and for Fintech in 2020, 2021, 2022, 2023, and 2024. He has spent a year on secondment to the strategic sourcing team of a global financial institution.

Daniel has a particular interest in the intellectual property and data issues arising from emerging technologies.

more less

"Daniel Gallagher is recommended for IP transactions.”

Legal 500, 2022

"A 'Rising Star' for Fintech."

Legal 500, 2022

Relevant experience

  • Drafting standard contractual clauses for the procurement of AI systems and updating template services and outsourcing agreements for the use of AI systems for multiple clients (including FTSE 100).
  • AI impact assessments, guardrails, and legal checklists for a FTSE 100 FMCG client.
  • Advising a FTSE 100 energy client on the risks of deploying enterprise-wide generative AI technology.
  • Cryptocurrency custody firm on its strategic technology licensing and software arrangements.
  • FTSE 100 client on the consolidation of its multi-vendor outsourced application maintenance and application development services.
  • Global financial institution on its collaboration and development agreement with a leading operations management and analytics company to develop a KYC software platform that uses robotic process automation and machine-learning technology to speed up compliance checks on clients.
  • Insurtech company on its agreement with a UK life insurance company to launch a pioneering insurance product that uses advanced robotic-underwriting and algorithmic pricing to reduce the risk of providing cover for type 1 and 2 diabetics in the UK.
  • Global, systemically important financial institutions on their multi-jurisdictional outsourcing to leading cloud service providers.
  • FTSE 100 clients on the negotiation and sale of IPv4 addresses to global technology providers.
  • Facilities management provider on its connected workspace (Internet-of-Things) services, including relating to the use of big data collected from sensors installed within buildings.
  • Multiple financial services institutions on outsourcing of business change management services, hardware supply and support services, IT and other facilities management services.
  • Advising organisations in compliance with data protection laws and cyber security; cross-border data transfer arrangements, including Binding Corporate Rules (BCRs); data and cyber security issues in complex technology transactions; processing big data and processing data using artificial intelligence; data governance and protection policies and fair processing notices; responding to requests for disclosure of data (including from data subjects or in connection with regulatory investigations or litigation). 
more less


  • Daniel Gallagher and Ian Stevens (2023) ‘Outsourcing’, in Charles Kerrigan (ed.) Crypto and Digital Assets Law and Regulation. Sweet and Maxwell.
more less


  • 2014 – Diploma in Intellectual Property Law and Practice, University of Oxford, Oxford
  • 2004 – M.Phil, St. Catherine’s College, University of Oxford, Oxford
more less


Looking ahead to the EU AI Act
Introduction On 21 May 2024, the Council of the European Union adopted the Regulation laying down harmonised rules on artificial intelligence” (the so-called AI Act). As the world's first comprehensive law to regulate artificial intelligence, the AI Act aims to establish uniform requirements for the development and use of artificial intelligence in the European Union. Following the European Parliament's adoption of the draft on 13 March 2024, the AI Act has now been formally adopted . Once signed by the Presidents of the European Parliament and the Council, the Regulation will be published in the Official Journal of the EU and will enter into force twenty days after its publication. With this adoption of the world’s most significant legislation on Artificial Intelligence, the EU is solidifying its position as a pioneer among global legislators. This initiative aims to establish and reinforce the EU’s role as a premier hub for AI while ensuring that AI development remains focused on human-centered and trustworthy principles. After a long and complex journey that began in 2021 with the European Commission’s proposal of a draft AI Act, this new regulation is expected to be passed into law in June 2024. The AI Act aims to ensure that the marketing and use of AI systems and their outputs in the EU are consistent with fundamental rights under EU law, such as privacy, democracy, the rule of law and environmental sustainability. Adopting a dual approach, it outright prohibits AI systems deemed to pose unacceptable risks while imposing regulatory obligations on other AI systems and their outputs. The new regulation, which also aims to strike a fair balance between innovation and the protection of individuals, not only makes Europe a world leader in the regulation of this new technology, but also endeavours to create a legal framework that users of AI technologies will be able to comply with in order to make the most of this significant development opportunity. In this article we provide a first overview of the key points contained in the text of the AI Act that companies should be aware of in order to prepare for the implementing regulation.
Connected products security rules to require compliance on sale regardless...
New UK security rules for internet- and net­work-con­nect­able consumer products will apply from April 2024. The rules include a requirement for products to be accompanied by a compliance statement, to have...
UK Open Banking: JROC sets out its vision for the next phase of open banking...
On 17 April 2023, the Joint Regulatory Oversight Committee (JROC) published a report setting out its vision for the future of open banking as well as its recommendations and proposed actions for delivering...
UK government resumes proposed reform of UK data protection laws
On 8 March 2023, the UK government resumed its proposed reform of UK data protection laws with the introduction to Parliament of the Data Protection and Digital Information (No. 2) Bill, a replacement...
FinTech Bytes
Welcome to the TMT podcast series, 'FinTech Bytes'. FinTech Bytes by CMS is a podcast which gives listeners a ‘bite-sized’ overview of topics affecting the FinTech market and provides insights into...
Exiting the Brexit transition period: The FCA provides update on impact...
Last week, the Financial Conduct Authority (“FCA”) published an update to its webpage outlining factors for UK firms to consider following the end of the Brexit transition period on 31 December 2020...
Explaining AI decisions: The UK ICO publishes new guidance
On 20 May 2020, the Information Commissioner’s Office (“ICO”) published new guidance, Explaining decisions made with AI. This follows the draft guidance published in December 2019 and the subsequent...
Cyber resilience: The Financial Stability Board consults on a new cyber...
The Financial Stability Board (“FSB”) has published a consultation report on Effective practices for cyber incident response and recovery, which is a toolkit of 46 effective practices that organisations...
COVID-19 – Commercial Contracts and Counterparty Financial Distress
These are unprecedented times of uncertainty. The outbreak and continuing rapid worldwide spread of the novel coronavirus (and the associated Covid-19 disease) (“Coronavir­us”) is having a considerable...
Coronavirus – key considerations for outsourcing agreements, goods and...
The outbreak and spread of Covid-19 (“Coronavir­us”) has already had a considerable global impact. According to the World Health Organisation’s latest situation report, over 90,000 cases have been...
UK Regulators continue to scrutinise AI: The FCA and the ICO announce new...
The FCA and the ICO announced new AI-related initiatives on 19 February 2020. The FCA announced a year-long collaboration with The Alan Turing Institute that will focus on AI transparency in the context...
Insurance Cloud Outsourcing: EIOPA publishes new guidelines
Key guidelines The Guidelines largely follow the EBA Guidelines on outsourcing arrangements (effective since 30 September 2019), but are more streamlined and primarily focus on outsourcing critical or...