Home / People / Ian Stevens
Portrait ofIan Stevens

Ian Stevens


CMS Cameron McKenna Nabarro Olswang LLP
Cannon Place
78 Cannon Street
United Kingdom
Languages English

Ian is a partner in our Technology and Sourcing team, leads our Fintech group and is one of the leaders of our firm’s technology, media and communications (TMC) sector group.

Ian specialises in advising on outsourcing, offshoring and shared services (both BPO and ITO), procurement, logistics and other strategic or complex commercial contracts, ventures and arrangements. He also advises extensively on the procurement, exploitation and supply of technology, including digital transformation, new operating models, platforms and the deployment of open banking, payments, cloud, machine learning, robotics, automation and blockchain solutions, cyber security and data protection.

Ian is independently recognised by Legal 500 and Chambers as a leading outsourcing expert and is ranked as a “Star Lawyer” in IT by Acritas.  He has extensive experience advising customers and suppliers across a wide range of sectors, with a focus on those operating in regulated sectors including financial services, energy and utilities and TMC.  His clients include some of the largest global suppliers of technology and services and major financial services, energy and utilities firms and a wide range of scale-up and start-up businesses, including members of the firm’s equIP incubator programme.

  Ian is CMS’s representative to the Global Sourcing Association and TechUK, where he is a member of a number of special interest groups and committees, sits on the Financial Markets Law Committee’s FinTech scoping forum and the Digital Leadership Forum’s AI for good steering committee, and is a member of the IAPP, SCL and the iTech Law Outsourcing Committee.  

more less

"The 'very impressive' is lauded for his work in financial services, although he also offers considerable expertise in the energy and TMC sectors."


"It was a difficult deal and Ian and his team managed it exceptionally well”.


"exceptionally good" and "easy to work with".

Legal 500

Relevant experience

  • A leading global insurer on its multi center, business critical, regulated EMEA life and pensions administration outsourcing arrangements.
  • A global technology company on the compliance (including local regulatory, cyber security and data protection) and international launch of new cloud-based products and services and its participation in G-Cloud and the UK Government’s Digital Marketplace.
  • A UK energy network operator on its business transformation programme.
  • A payments solution provider on the digital transformation of its customer engagement model and commercialisation of its platform on an ‘as a service’ basis.
  • A leading clearing bank on the white labelling of a FinTech platform to create a stand-alone digital SME lending platform. 
  • An InsurTech firm on the supply of a cloud-based machine learning platform to the Lloyd’s Market.
  • A scale-up FinTech on its target operating model, customer terms, data protection compliance and open banking solution.
  • A leading retail park operator on its rewards programme and GDPR compliance.
  • A number of the UK’s largest pension funds on GDPR compliance and the procurement of administration, actuarial and consultancy services.
  • Multiple clients on strategic software procurements and related services.
more less

Memberships & Roles

  • iTechLaw
  • Financial Markets Law Committee (FinTech)
  • Digital Leadership Forum
  • Global Sourcing Association
  • TechUK
  • The Society for Computers and Law
  • International Association of Privacy Professionals
more less


The data access rights of the Data Act
The data access rights under the Data Act and their restrictions are extensive – we provide an over­view.European legislators have recognised that data is an essential resource which is required for...
The DGA is expected to spur on data altruism
Voluntary data donations are intended to make data widely usable. The DGA wants to build trust in data altruism or­gan­isa­tions.The range of applications in which the use of data and information is playing...
DGA: European data strategy for data intermediation services takes shape
Data intermediation services play a key role in the implementation of the European strategy for data. The DGA subjects these to regulation.In addition to the Data Act, the Data Governance Act (DGA), which...
Looking ahead to the EU AI Act
Introduction The European Union is preparing for the imminent adoption of the world’s most significant legislation on Artificial Intelligence, solidifying its position as a pioneer among global legislators. This initiative aims to establish and reinforce the EU’s role as a premier hub for AI while ensuring that AI development remains focused on human-centered and trustworthy principles. To expedite the achievement of these goals, on 8 December 2023, after three days of debate, the European Parliament and the Council of the European Union finally reached a provisional agreement on the “Proposal for a Regulation laying down harmonised rules on artificial intelligence” (the so-called AI Act), which aims to ensure that AI systems placed on the European market are safe and respect the fundamental rights and values of the EU. Subsequent to this provisional agreement, technical refinement of the AI Act continued to finalise the regulation’s details and text. The final vote of the European Parliament on the AI Act will take place at 13 March 2024. Since the European Parliament's Committees on the Internal Market and Consumer Protection (IMCO) and on Civil Liberties, Justice and Home Affairs (LIBE) have endorsed overwhelmingly the proposed text, the approval of the European Parliament can be expected. After a long and complex journey that began in 2021 with the European Commission’s proposal of a draft AI Act, this new regulation is expected to be passed into law in spring 2024, once it has been approved by the European Parliament and the Council of the European Union . The AI Act aims to ensure that the marketing and use of AI systems and their outputs in the EU are consistent with fundamental rights under EU law, such as privacy, democracy, the rule of law and environmental sustainability. Adopting a dual approach, it outright prohibits AI systems deemed to pose unacceptable risks while imposing regulatory obligations on other AI systems and their outputs. The new regulation, which also aims to strike a fair balance between innovation and the protection of individuals, not only makes Europe a world leader in the regulation of this new technology, but also endeavours to create a legal framework that users of AI technologies will be able to comply with in order to make the most of this significant development opportunity. In this article we provide a first overview of the key points contained in the text of the AI Act1This article (including the relevant citations below) is based on the latest draft available on the Council’s website. The AI Act remains subject to possible further refinement, but not as regards content, and the text referred to for this article should be considered as the closest to the one that will be voted on by the EU Parliament. footnote that companies should be aware of in order to prepare for the implementing regulation.
Digital Assets
Does your business have or is it ready for digitalisation and digital assets? Digital assets are transforming the world of business. Not just technologies in the news, like AI and crypto currencies, but a whole world of technological advances, from digital twins and extended reality to smart contracts and token­isa­tion. For tech businesses and those already using such technology to develop and market new products, much of this is core activity and relatively well understood – although legal and regulatory uncertainties remain, and potential pitfalls still exist for the unwary. But other business leaders, often less familiar with the territory, have to manage an increasingly complex assortment of issues that never troubled their predecessors, ranging from protecting their brand in the metaverse to deciding whether they should tokenise their shares or accept payments in crypto currencies. This section of Bandwidth looks at issues around the development and regulation of a wide variety of digital assets, and discusses how businesses can embrace them to innovate and evolve.
Reusing data held by public sector bodies under the DGA
The Data Governance Act should allow data collected with public funds to be reused to benefit so­ci­ety. To­geth­er with the Data Act, the Data Governance Act (DGA) forms a key pillar of the European Commission's...
UK government publishes delayed update on AI policy
The UK government has published its delayed response to the consultation accompanying its March 2023 white paper on artificial intelligence (AI). It had been expected by the end of September 2023, but...
UK government publishes delayed update on AI policy
The UK government has published its delayed response to the consultation accompanying its March 2023 white paper on artificial intelligence (AI). It had been expected by the end of September 2023, but...
An overview of the Data Act
The Data Act is intended in particular to promote the flow and use of data. This article provides an overview.On 27 Novem­ber 2023, the Data Act was adopted by the Council of the European Union after...
Webinar - The EU Data Act: What You Need to Know
On 27 June 2023, the EU reached an agreement on the new EU Data Act, a comprehensive new data legislation that will introduce far-reaching rules on access to and use of data in the EU. The EU Data Act aims to boost the EU's data economy by unlocking industrial data, optimizing its accessibility and use, and fostering a competitive and reliable European cloud market.
TMT & Outsourcing
The Act also gives authorities more discretion to exclude suppliers, raising risks around debarment, and has a greater focus on contract management over the lifetime of the contracts procured, including the use of KPIs and monitoring and reporting requirements. This summer, the UK Government published an updated version of the Sourcing Playbook and a new Digital, Data and Technology (DDaT) Playbook. The intention is to reflect the sector-specific aspects of the new Act and in the accompanying secondary legislation and guidance in these playbooks; the playbooks acting as best practice for authorities when conducting technology and IT procurements, and outsourcing more generally. Our sector-specific insights will help you understand and navigate these new rules and their specific application in the sector.
EU reaches agreement on Data Act – Comprehensive EU data law is on the...
On 27 June 2023, the European Parliament and Council resolved the remaining open points and reached a political agreement on the EU Data Act, paving the way for a new law that will introduce comprehensive...