Insights

Documentation plays a crucial role in Information security management systems (ISMS) according to ISO 27001 and Data protection management systems (DSMS) according to the GDPR. It serves as proof of the system's effectiveness and ensures that all security- and data protection-relevant processes are traceable.

The use of artificial intelligence (AI) in human resources in Germany is particularly affected by data protection requirements and new compliance obligations under the AI Act.

Organizations face the challenge of using AI without losing control over their data and data sovereignty. In this article, you will learn how you as a company or even as an individual can set up and operate your own AI cloud.

The Cyber Resilience Act sets uniform and binding cybersecurity standards for connected products in Europe. Manufacturers must expect considerable implementation effort, particularly with regard to the extensive documentation and update obligations.

The EU AI-Act applies only to AI systems as defined in Art. 3 AI Act. This article examines the defining characteristics of AI systems and explains the “three-factor approach” for systematic classification under the AI Regulation.

Will the C5 Equivalence Regulation facilitate the implementation of the new IT security requirements under § 393 SGB V? In this article, we examine the new draft bill in detail and describe the resulting requirements.

Access requests under data protection law are becoming increasingly important, particularly in the context of legal proceedings against unfair dismissal.

Here you will find structured instructions on how you, as a SaaS provider, can design your terms and conditions in a meaningful and legally compliant way.

A number of implementation measures will be required for ICT third-party providers when the DORA becomes applicable from January 17, 2025. For many companies, the question therefore arises as to whether they are considered a "ICT third-party provider" and what the consequences of this classification are.

The Digital Operational Resilience Act (DORA) will apply from January 17, 2025. This article sheds light on the contractual adaptation obligations when using ICT third-party service providers.

The Digital Operational Resilience Act (DORA) will apply from January 17, 2025. For regulated players in the financial sector, the question arises as to the extent to which implementation measures will be necessary. The focus here is on contracts with ICT service providers.

With the entry into force of the AI Act, companies are faced with the question of which requirements must be observed when dealing with AI products in a legally compliant manner. This largely depends on whether a company is to be classified as a provider or deployer of an AI system. This article aims to answer what this depends on.

On August 1, 2024, the "Artificial Intelligence Act" ("AI Act") came into force after a long legislative struggle. This article will take a closer look at the requirements that deployers and providers of AI systems must now comply with.

Companies must establish an effective data protection organization to comply with GDPR requirements and avoid personal liability for executives. This requires a data protection management system, clear responsibilities, and regular review of measures.

Remote maintenance of IT systems allows IT service providers to access systems remotely and perform maintenance work without needing to be physically on-site. Regularly, the IT service company gains—at least potentially—access to the client's personal data. This article provides an overview of the data protection classification of remote maintenance.

The “Act to Accelerate the Digitization of the Healthcare System” (Digitisation Act - “DigiG”) came into force on March 26, 2024, and the new Section 393 of the SGB V will be applicable from July 1, 2024, requiring many SaaS providers to obtain a C5 attestation.

A summary of the legal requirements for deployers and providers of AI

At the forefront of Europe's data strategy, the Data Act and the Data Governance Act form a cohesive framework aimed at bolstering data sovereignty and competitiveness. Given it's recent entry into force in January 2024, this article dives into the key aspects of the Data Act to make its content and applicability easier to understand.

The Digital Services Act (DSA) overhauls EU digital regulation, imposing stricter rules on large platforms to combat misinformation and illegal content. In this insights article, we break down the law’s key requirements and explore how it reshapes Germany’s online environment.

Even though the implementation of the NIS2 law in Germany has been delayed, there isn't much time left to prepare for to implement the new cybersecurity-requirements of NIS2.

In this article, we shed light on an essential aspect of AI technology: compliance with data protection laws when using the OpenAI API. This platform provides access to the most advanced AI model currently available, the GPT API.

The new Whistleblower Act (HinSchG) has already been in force since 02 July 2023. From 17 December 2023, smaller companies are now also obliged to comply with the legal requirements. This article will explain how you can optimally prepare for this.

On 01.09.2023 the new data protection law of Switzerland (Federal Act on Data Protection - FADP) comes into force without an implementation period. Not only Swiss companies must thus comply with some changes in the data protection law requirements with immediate effect.

How should companies handle data transfers to the US under the EU Commission's new adequacy decision 2023?

Training AI-Models in compliance with GDPR-requirements.