Insights

As stated in our first two articles on the DORA, a number of implementation measures will also be required for ICT third-party providers when the DORA becomes applicable from January 17, 2025. For many companies, the question therefore arises as to whether they are considered a "ICT third-party provider" and what the consequences of this classification are.

The Digital Operational Resilience Act (DORA) will apply from January 17, 2025. While a first Insight (Part 1) provided an overview of the addressees and requirements of DORA, this article sheds light on the contractual adaptation obligations when using ICT third-party service providers.

The Digital Operational Resilience Act (DORA) will apply from January 17, 2025. For regulated players in the financial sector, the question arises as to the extent to which implementation measures will be necessary. The focus here is on contracts with ICT service providers.

With the entry into force of the AI Act, companies are faced with the question of which requirements must be observed when dealing with AI products in a legally compliant manner. This largely depends on whether a company is to be classified as a provider or deployer of an AI system. This article aims to answer what this depends on.

On August 1, 2024, the "Artificial Intelligence Act" ("AI Act") came into force after a long legislative struggle. This article will take a closer look at the requirements that deployers and providers of AI systems must now comply with.

Companies must establish an effective data protection organization to comply with GDPR requirements and avoid personal liability for executives. This requires a data protection management system, clear responsibilities, and regular review of measures.

Remote maintenance of IT systems allows IT service providers to access systems remotely and perform maintenance work without needing to be physically on-site. Regularly, the IT service company gains—at least potentially—access to the client's personal data. This article provides an overview of the data protection classification of remote maintenance.

The “Act to Accelerate the Digitization of the Healthcare System” (Digitisation Act - “DigiG”) came into force on March 26, 2024, and the new Section 393 of the SGB V will be applicable from July 1, 2024, requiring many SaaS providers to obtain a C5 attestation.

A summary of the legal requirements for deployers and providers of AI

At the forefront of Europe's data strategy, the Data Act and the Data Governance Act form a cohesive framework aimed at bolstering data sovereignty and competitiveness. Given it's recent entry into force in January 2024, this article dives into the key aspects of the Data Act to make its content and applicability easier to understand.

The Digital Services Act (DSA) overhauls EU digital regulation, imposing stricter rules on large platforms to combat misinformation and illegal content. In this insights article, we break down the law’s key requirements and explore how it reshapes Germany’s online environment.

As expected, the NIS2 Directive could not be transposed into national law in Germany by the deadline of October 17, 2024. While the legislative process will be delayed until spring 2025, this article provides an update on the status of the NIS2 Implementation Act (NIS2-UmsuCG), based on the latest draft published by the Federal Ministry of the Interior and for Home Affairs (BMI) on July 24, 2024. The draft is currently in the approval phase and outlines the proposed framework for adapting German law to the NIS2 Directive.

In this article, we shed light on an essential aspect of AI technology: compliance with data protection laws when using the OpenAI API. This platform provides access to the most advanced AI model currently available, the GPT API.

The new Whistleblower Act (HinSchG) has already been in force since 02 July 2023. From 17 December 2023, smaller companies are now also obliged to comply with the legal requirements. This article will explain how you can optimally prepare for this.

On 01.09.2023 the new data protection law of Switzerland (Federal Act on Data Protection - FADP) comes into force without an implementation period. Not only Swiss companies must thus comply with some changes in the data protection law requirements with immediate effect.

How should companies handle data transfers to the US under the EU Commission's new adequacy decision 2023?

Training AI-Models in compliance with GDPR-requirements.

The AI Act as a European Approach to the Regulation of Artificial Intelligence.

More clarity on the scope of the claim for damages under the GDPR

European Parliament reaches provisional deal on world's first "AI-Law"

Case studies and GDPR conformity assessment of the use of ChatGPT

Current developments and possible solutions for handling the ChatGPT-API

New developments in the assessment of data protection law based on the resolution of 31.01.2023 of the Independent Data Protection Authorities of Germany "DSK" (Datenschutzkonferenz).

Complying with GDPR requirements when using ChatGPT

Part 1 of the Series: Removing Data Protection as a Blocker from your B2B-SaaS Sales Process