Lawyers urged to remain vigilant of legal risks from digital twinning projects
The concept of ‘digital twinning’ – whereby developers use data to virtually replicate almost every part of a process, service or product to check for faults, efficiencies and improvements – is growing in popularity. In-House Perspective finds that the technology brings legal risks as well as opportunities, however.
There are a few key reasons why digital twinning is a technology that’s being readily adopted. Firstly, its ease of connectivity with other cutting-edge technologies, such as the Internet of Things (IoT), artificial intelligence, extended reality and cloud computing, means that digital twinning is very flexible and highly adaptable.
Secondly, the potential benefits can be realised quickly. For example, the technology is already used in 3D modelling to create digital companions for physical objects and is also increasingly utilised in the manufacturing sector to provide virtual replicas of factory processes, which then produce real-time information to optimise future performance.
In the healthcare sector, digital twins can provide better data-driven analyses to improve patient care. Meanwhile, in the automotive industry they help in the design of safer and more fuel-efficient cars.
While there are tremendous upsides to the technology, Laura Ziferman, Vice-Chair of the IBA Data Law Subcommittee and a partner at Walless in Vilnius, explains that ‘digital twins collect a vast amount of real-time data, much of which is personal or confidential data. Current data processing rules prevent non-essential data sharing, although digital twins benefit from large-scale data sharing. Users of digital twins must ensure that effective data governance mechanisms are in place to manage and control the exchange of data’.
In December 2023, the UK’s Competition and Markets Authority (the CMA) published a ‘horizon scanning’ report, Trends in Digital Markets. The increased application of digital twins was one of ten trends assessed in the report. The CMA described how digital twins are already being utilised in projects such as simulations of whole cities – for example, to monitor the spread of pandemics – as well as to replicate jet engines and bodily organs. The CMA remarks on how the proliferation of digital twins using IoT sensors ‘could generate an unprecedented volume of data’ – which may well need to be handled and stored via ‘robust, high-capacity infrastructure’.
Ziferman says that since digital twins contain massive amounts of important data, they’re prime targets for hacking or cyber security breaches. ‘If organisations want to build trust and encourage the use of digital twin technology, they must have adequate protections and security systems that are continually updated to keep up with technological advancements’, she adds.
“If organisations want to build trust and encourage the use of digital twin technology, they must have adequate protections
Laura Ziferman
Vice-Chair, IBA Data Law Subcommittee
It’s crucial to ensure the accuracy and reliability of the data used to create and update digital twins, says Docia Agyemang Boakye, Chair of the IBA Data Law Subcommittee, who warns that organisations should have processes in place to mitigate the risk of errors or biases. Similarly, ensuring data security, data privacy and compliance with related laws worldwide is also vital, she says. Organisations can implement robust measures such as encryption, access controls and regular audits to protect the sensitive data used.
Since a digital twin is essentially a digital creation, it’s important to address intellectual property (IP) issues. For Ziferman, the critical question is: ‘who owns the digital twin itself as a final result?’ A first step to addressing this issue is to consider the role of third-party developers and whether IP rights are transferred. ‘In standard terms and conditions, transfer of IP rights to the client may not be discussed or may be discussed inappropriately, and if this is not remedied before the signing, the consequences may be severe’, says Ziferman. Specifically, the customer must assess what the digital twin will be used for, and then check whether the contract doesn’t contain limitations that’ll interfere with this intention.
Even if the digital twin is created in-house, it’s still not protected from threats related to its ownership. And since digital twins are modelled after a physical object, which may also be associated with IP such as design and patents, the digital twin could be subject to mirroring restrictions on the use of such IP. ‘Organisations should not naively believe that risks not discussed in contracts will be controlled by legislation’, says Ziferman. ‘When it comes to new technologies, legislation does not keep up with all innovations and it is not realistic to expect legislation to do so.’
When considering an investment in digital twin technology, businesses don’t always carefully negotiate the contractual structure to protect the value of their investments, says Ziferman. ‘The documentation does not anticipate and address potential scenarios for what could go wrong and establish safeguards and responsibilities in the event that they arise. Little attention is also given to the dispute resolution provisions of the contracts, including what will be the forum of any dispute, and what law will govern it,’ she adds.
Boakye highlights the liability risks involved where a digital twin is used to simulate or predict the behaviour of a physical object or system. It’s possible there may be liability issues if the predictions are inaccurate or lead to damages, she says, adding that ‘organisations should consider including liability clauses in contracts and insurance coverage to mitigate such risks’.
Boakye believes the level of awareness organisations have regarding the risks associated with digital twinning technologies can vary widely. ‘Some may have a thorough understanding of these risks, especially those that are heavily involved in research and development or are operating in highly regulated industries’, she says. ‘These organisations are likely to have dedicated teams or experts who are responsible for assessing and mitigating risks associated with new technologies’, such as digital twinning.
However, other organisations may not fully grasp the complexities and risks, due to having only limited resources to dedicate to assessing such issues or because they’re overly focused on the potential benefits the technology brings and forget the risks, for example. Boakye says that to utilise digital twinning, organisations must comprehensively understand the risks and take appropriate measures to mitigate them. They need ‘to invest in researching and learning more about it from end to end’, she says.
Neil Hodge is a freelance journalist and can be contacted at neil@neilhodge.co.uk