Digital products, products with digital elements and digital services

In doing so, we never lose sight of the fact that the legal requirements designed to meet the challenges of digitalisation can also affect companies as such, regardless of their products and services.

Contract law

We provide comprehensive advice on the drafting of contracts for all types of hardware and software, IT consulting services, project development and implementation, maintenance and servicing agreements, as well as system contracts. We draft and review general terms and conditions and negotiate individual contracts.

We support you in implementing the special requirements for drafting contracts with consumers for digital products and with users of networked products and related services, as well as in complying with information obligations prior to conclusion of the contract and during the life cycle of a digital product, networked product or products with digital elements.

Of course, we also represent you in court and out-of-court disputes. If necessary, we work together with IT experts.

Software copyright

Software is often protected by copyright in Germany. This entails special requirements for the acquisition, exploitation and use of software. We ensure that the copyright usage rights are regulated for the creation, acquisition and other use of software.

Whether standard software, customised applications or digital services – we draft and negotiate tailor-made licence agreements and grants of rights of use. In doing so, we ensure that the scope of the licence, the rights of use, the licence fees and the liability and warranty issues are clearly regulated in a manner that takes your interests into account. Our expertise covers classic licence models as well as modern cloud and SaaS solutions.

The requirements and regulations of copyright law also apply to the use of open source software. We provide comprehensive advice on open source compliance – from identifying and evaluating open source components used, to checking licence compatibility, to developing company-wide compliance guidelines.

IT security law

IT security requirements for companies and their products and services are increasing.

We advise you on IT security law requirements for operators of digital platforms and services, as well as for companies that fall within the scope of the NIS 2 Directive as important or essential entities. This directive obliges companies from over 15 sectors – including energy, transport, digital infrastructure, finance and healthcare – to take extensive measures in the area of cybersecurity. These include, in particular, effective risk management, the reporting of security incidents, and the control and protection of the supply chain. National implementation in Germany is still pending and is to be carried out by the NIS2 Implementation and Cybersecurity Strengthening Act (NIS2UmsuCG).

In addition to the NIS 2 Directive, the CER Directive (Critical Entities Resilience Directive) requires operators of critical facilities to comply with minimum physical security standards. The aim is to increase the reliability and resilience of facilities against a wide range of threats and to ensure their functionality in crisis situations. Physical resilience measures often go hand in hand with the cyber security requirements of the facility. We support you in identifying and implementing the necessary measures based on the legal requirements.

The Cyber Resilience Act (CRA) introduces binding cyber security requirements for digital products across Europe for the first time. Manufacturers, importers and distributors of products with digital elements (hardware and software) must ensure that their products have an appropriate level of security throughout their entire life cycle. This includes, among other things, the elimination of known vulnerabilities before market launch, secure default configurations and the possibility of installing security updates. The CRA requires a conformity assessment procedure and appropriate product labelling (including the CE mark) for every digital product. The CRA also contains reporting requirements for IT security incidents and actively exploited vulnerabilities. This makes IT security an integral part of product safety. You benefit from our combined expertise in IT security law and product safety law as you prepare for the CRA to come into full effect in November 2027.

In addition to horizontal legal acts, various sector-specific legal texts regulate IT security requirements. The existing regulations, which will be expanded in the future, cover a wide range of sectors and products, from the energy sector and medical devices to the Digital Operational Resilience Act (DORA) for the financial sector. The latter is currently the focus of consultation due to its recent entry into force.

Data protection, data law and data rooms

Digital products, products with digital elements and digital services are based on data. We identify the data protection requirements under the GDPR and relevant special laws and support you in implementing your business models in compliance with data protection regulations.

We prepare you for the requirements of the Data Act on the provision of product data and related service data, support you in fulfilling your information obligations and ensure the future use of the data by drafting appropriate user agreements.

We provide you with detailed and strategic advice on the legal requirements as well as the opportunities and risks that you as a company will face with regard to future European sector-specific data spaces.

We also advise you on data provision, such as in the (upcoming) Digital Product Passport, Digital Battery Passport and special legal requirements, such as the Market Master Data Register Regulation.

Artificial intelligence (AI) in digital offerings

We advise on regulatory requirements for the development and use of AI in your company as well as on the distribution of AI products by your company in accordance with the AI Act. In addition, we support you in the legally compliant use of AI technologies in your company, including the development of guidelines and governance structures for AI use.