FIELDS OF LAW

IT, AI & Data Law

Our IT, AI & Data Law practice group offers comprehensive all-round advice on all aspects of digital law. We support companies with all legal issues in connection with the digitalization of business models, processes and products and ensure that our clients receive legally sound and practical solutions.

IT systems and digital infrastructures form the backbone of modern companies. We support our clients in the legally compliant design and implementation of complex IT projects – from the introduction of new business software, cloud and outsourcing projects to IT security issues and contractual liability. Our aim is to provide reliable legal protection for technological innovations and to create economically viable solutions.

Artificial intelligence (AI) is fundamentally changing business models, decision-making processes and products. We support companies in identifying legal risks at an early stage and implementing regulatory requirements – in particular the EU AI Regulation – with foresight. We combine legal expertise with technical understanding and support organizations in the introduction, use and governance of AI systems.

Data is a key economic value factor. We advise companies on all aspects of data law – from the protection of personal information to the legally compliant and commercial use of data. A particular focus is on the implementation of the EU Data Act and the resulting obligations and opportunities. Our aim is to shape data law as an enabler for innovation and growth.

Our Range of Services

Data law & data protection

Comprehensive advice on data law – from classic data protection requirements to the commercial use of data.
Implementation of the EU Data Act – supporting manufacturers, providers and customers with new obligations and data access rights.
Data protection compliance in companies – practical support in implementing the GDPR and setting up effective data protection management.
Advice on special topics – in particular employee and customer data protection, international data transfers, data protection within the Group as well as in e-commerce and digital marketing.
Legal structuring for digital business models – legal protection of data-driven processes and digital value creation.
Representation in proceedings – support vis-à-vis supervisory authorities and in legal disputes.

AI law & AI compliance

Implementation of the EU AI Regulation (AI Act) – legal support for the introduction, adaptation and governance of AI systems in companies.
Liability, product safety and product liability – legal assessment of responsibilities and risks when using AI.
AI compliance – support in complying with all relevant regulations, in particular IT, data protection, copyright, confidentiality and employment law.
Legal support for AI projects – advice on IT security, data quality, infrastructure and rights to AI systems and their results.
Development and implementation of AI strategies – legal support in the design of trustworthy, compliant and ethically responsible AI applications.

IT Law

Support for complex IT projects – from planning and tendering to implementation and contractual safeguarding.
Contract drafting and negotiation – drafting and reviewing IT project, software, maintenance and license agreements.
Project management support – legal support during project implementation and during change or escalation processes.
Dispute resolution and legal enforcement – representation in warranty and compensation claims as well as in the termination or reversal of IT contracts.
Property rights and intellectual property – Advice on copyrights and industrial property rights in connection with software and IT projects.

Software, digital products & online platforms

Software contracts and license models – legal drafting and negotiation of contracts from the provider, developer and customer perspective.
Protection of software and digital products – advice on copyright protection, rights of use and industrial property rights.
Data processing services (IaaS, PaaS, SaaS) – legal support in the design, use and compliance in the context of the EU Data Act.
E-commerce and online platforms – advice on the implementation of the Digital Services Act and on liability, information and consumer protection obligations.
Contractual and regulatory protection – legal support for the operation, development and marketing of digital business models and platforms.

IT security & cybersecurity

Comprehensive advice on cyber security – legal support for companies and public bodies in securing IT systems and products, including advice on sector-specific requirements (e.g. in the energy, financial and telecommunications sectors).
Compliance and risk management – development and review of security policies, incident response processes and supply chain requirements.
Implementation of the NIS 2 Directive – support for the implementation of national and European security requirements and governance structures.
Cyber Resilience Act (CRA) – legal advice to manufacturers, retailers and other market players on the implementation of the new product-related cyber security requirements.

Implementation of the GDPR

Adaptation of systems and processes to changed legal or regulatory requirements
Implementation of an extended “record of processing activities” as an “accountability backbone”
Implementation of “privacy by default”, “privacy by design” and the “data protection impact assessment”
Advice on changing and designing business processes, business models and products
Adaptation of data protection organization/management and adaptation of data protection documentation to the requirements of the GDPR (data protection contracts, company agreements, internal data protection guidelines, declarations of consent and data subject information)

Data Protection Management

Structuring and development of a data protection organization in the company
Conceptual design of data protection management systems and support during implementation
Creation and review of internal data protection guidelines, in particular regarding the handling of personal data by employees, dealing with data protection breaches, data protection impact assessment, and data retention/deletion
Employee training and workshops
Design and support of monitoring measures and audits

Digital Business Models

Analysis, design and adaptation of business processes and business models
Advice on digital products, e.g., in the areas of Big Data and Internet of Things
Process- and product-specific review, creation and adaptation of data protection contracts, declarations of consent and data subject information

Data Transfer (Also International)

Review and data protection-compliant design of data transfers, especially when using external service providers in outsourcing and cloud computing
Data protection-compliant design of intragroup and international data transfers

Data Protection Within a Group

Structuring and development of a data protection organization within the group
Examination and data protection-compliant design of intragroup data transfers, in particular in matrix organizations
Data privacy-compliant design of group-wide centralization of IT infrastructures and IT services

Data Privacy in E-commerce and Digital Marketing

Review and data protection-compliant design of e-commerce and mobile commerce offers and advertising in the digital environment, especially in the subject area of targeted advertising
Conceptual design and support in the implementation of customer relationship management systems

Employee Data Protection

Review and data protection-compliant design of HR processes and advice on the digitalization of HR processes
Design of regulations for the (private) use of company IT infrastructure and private IT in the company context
Design of regulations for (video) monitoring of employees
Design of whistleblowing systems and support during implementation