Eleonor Duhs spent years negotiating GDPR on behalf of the UK Government, while Fiona Phillips advised bank executives across three continents on AI risks. On Thursday, Eleonor walked into her new role at Marks & Clerk, following Fiona’s arrival in December.
The International intellectual property firm confirmed the double partner appointment on 26 March, revealing plans for a dedicated AI, Cyber Security and Data Practice. The hires signal an aggressive push into legal territory where technical expertise collides with regulatory uncertainty.
Phillips arrives as Lead Partner after 15 years as senior in-house General Counsel at major international financial institutions. Her patch covered the UK, Middle East and Asia—regions where AI governance frameworks remain fragmented. The Financial Times recognised her as an award-winning innovator, in these categories:
- FT Innovative Lawyer Awards – recognised for School of Life programme and experiential cyber war game project (2024)
- FT Innovative Lawyer Awards, Winner Legal Design Award (2021)
- FT Innovative Lawyer Awards, 2nd most innovative in-house legal team in Asia Pacific (2021)
- FT Innovative Lawyer Awards, Standout award in Managing and Developing Talent (2019)
Duhs brings government pedigree. As the UK’s lead lawyer during GDPR negotiations, she sat across the table from Brussels as Britain hammered out data protection rules that would later complicate post-Brexit business. She subsequently led data privacy teams in private practice, most recently as head of data privacy at another leading law firm.
The timing matters.
Organisations are deploying AI tools faster than regulators can write rules to govern them. The EU’s AI Act entered force last year, but implementation deadlines stretch into 2027. Britain is pursuing a sector-specific approach that leaves gaps. For corporate legal teams, the landscape resembles a half-built motorway—some lanes open, others still under construction, no clear map.
Marks & Clerk is betting that clients need more than pure IP advice. Patent attorneys understand the technology. But understanding how algorithms work doesn’t answer whether a board should approve a customer-facing chatbot, or how to respond when a data breach exposes training datasets.
“We are thrilled to welcome Fiona and Eleonor to Marks & Clerk at such a pivotal time for both the firm and the wider technology landscape,” said Simon Mounteney, the firm’s Managing Partner for Europe. “As artificial intelligence and cyber security issues become increasingly central to our clients’ businesses, their expertise and leadership will be instrumental in building a practice that helps organisations navigate these complex and fast-evolving challenges. Crucially, they bring a commitment to responsible AI and the ethical considerations that must underpin governance frameworks, ensuring our clients are supported not just on compliance, but on doing business responsibly. Their arrival further strengthens our capabilities in advising clients at the intersection of AI, intellectual property, data and cyber security.”
The new practice combines three specialist areas under one roof. Phillips will oversee AI governance and cyber security advisory work—preventing incidents, meeting emerging cyber-resilience legal requirements, and managing responses when breaches occur. Duhs takes charge of the data privacy offering, handling compliance and international data transfers in a post-Brexit environment where adequacy decisions still provoke political debate.
What distinguishes the proposition, according to the firm, is grounding legal advice in genuine technical understanding. IP lawyers spend careers dissecting patent claims for semiconductor designs and pharmaceutical compounds. That technical fluency, the argument goes, translates when advising on machine learning models or data architecture.
Phillips framed the opportunity in practical terms. “This is an exciting time to join Marks & Clerk and build a leading practice in an area that is rapidly becoming essential for organisations navigating the opportunities and risks of AI, cyber security and data,” she said. “Artificial intelligence is transforming the way organisations operate, but it also brings complex legal, ethical and cyber security challenges. Our aim is to help clients deploy AI responsibly and confidently, with robust governance, clear accountability and strong cyber resilience built in from the outset.”
The emphasis on responsible AI and ethical frameworks runs throughout the firm’s messaging. That language reflects pressure from regulators, investors and civil society groups who’ve spent the past two years questioning algorithmic bias, transparency and accountability. Boards now expect legal teams to answer not just whether they can deploy AI, but whether they should.
For Duhs, the move represents a return to the cutting edge of data law. GDPR negotiations concluded years ago, but the questions haven’t stopped. AI systems hoover up training data across jurisdictions. Models trained in California get deployed in Frankfurt. Who’s liable when a recommendation engine discriminates? Which regulator has jurisdiction? The rule book remains incomplete.
Meanwhile, cyber security has evolved from an IT concern to a boardroom risk. Phillips built her career advising senior executives on these threats at institutions where a breach could trigger regulatory sanctions, customer exodus and reputational collapse. Financial services firms have confronted AI and cyber risks longer than most sectors—her experience there now applies across industries rushing to catch up.
The IP firm landscape has fragmented in recent years. Traditional practices focused on patents, trademarks and copyright. But as software ate the world, the boundary between IP and technology law blurred. Some firms doubled down on patent prosecution. Others expanded into licensing, open source, and tech transactions. Marks & Clerk is now staking a claim in the regulatory and governance space.
Competitors have made similar moves. Major law firms have assembled AI advisory teams, often pulling lawyers from regulatory, corporate, and technology practices. What remains unclear is whether clients will pay IP firms for governance advice, or whether they’ll continue separating patent work from regulatory counsel.
The practice launches with two named partners but no disclosed team size. Building out capability will require recruiting specialists in areas—cyber incident response, algorithmic auditing, AI ethics—that didn’t exist as legal specialisms a decade ago. The talent pool is shallow. Demand is rising.
For now, the bet is that organisations implementing AI need advisors who grasp both the technology and the fast-moving legal environment. Whether that proves true will become clear as regulatory deadlines approach and enforcement actions begin. By then, the conference rooms at Marks & Clerk’s London office will have hosted hundreds of client conversations about risks that couldn’t have been predicted five years ago.
