On 5 December 2025, the Act Transposing the NIS 2 Directive and Regulating Key Aspects of Information Security Management in the Federal Administration (Gesetz zur Umsetzung der NIS-2-Richtlinie und zur Regelung wesentlicher Grundzüge des Informationssicherheitsmanagements in der Bundesverwaltung (“NIS2UmsG”) (see here, in German only) became binding in Germany. According to the Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik (“BSI”) (see here, in German only), roughly 29,500 companies will have to comply with the increased cybersecurity requirements adopted by the NIS2UmsG.Continue Reading Germany Transposes NIS 2 Directive – Increased Cybersecurity Requirements for Businesses
EU Member States Begin Rolling Out New Product Liability Rules
By December 9, 2026, all EU Member States must update their product liability laws to align with the (new) Product Liability Directive (EU) 2024/2853 (“PLD”). The PLD imposes liability on manufacturers of products (and other relevant parties) for harm caused by defective products, regardless of fault. The PLD modernizes the current EU product liability framework and renders the framework more claimant-friendly (see our previous blog post). It is expected to lead to an increase in claims, primarily as a result of the following changes:Continue Reading EU Member States Begin Rolling Out New Product Liability Rules
Digital Fairness Act Series — Topic 4: Digital Subscriptions
Digital contracts and subscriptions have significantly increased, with the subscription economy tripling since 2017, according to the European Commission’s Digital Fairness Act Fitness Check. However, the Fitness Check points out that the number of issues with digital subscriptions, such as difficult cancellations, automatic renewals without reminders, and unclear subscription terms, have also increased. The Commission proposes to tackle these issues in its proposed Digital Fairness Act (“DFA”), which recently entered its consultation phase (see our blog post here).
This post briefly highlights certain issues with digital subscriptions identified in the Fitness Check, outlines how these issues are currently regulated in the EU, and considers the Fitness Check’s proposals to address these issues. It is the fourth post in our series on the upcoming DFA – previous posts covered influencer marketing, AI chatbots in consumer interactions, and personalised advertising and pricing.Continue Reading Digital Fairness Act Series — Topic 4: Digital Subscriptions
German Court Upholds Board Member’s Dismissal For GDPR Breach
On 31 July 2024, the German Higher Regional Court of Munich (OLG München) delivered a judgment providing key insights into the repercussions board members may encounter for violating the General Data Protection Regulation (GDPR). Although the primary legal question centered around the legality of an executive’s dismissal under German corporate and employment law, the court’s decision was heavily influenced by its determination that the executive had prompted the company to engage in unlawful data processing, thereby breaching the GDPR. This blog post highlights the essential facts of the case and the court’s findings regarding the data protection issues involved.Continue Reading German Court Upholds Board Member’s Dismissal For GDPR Breach
German SA Checks Whether Online Retailers Allow Consumers to Make Purchases Without Creating an Account
In January 2025, the German Supervisory Authority of Hamburg (“HSA”) examined the practices of online retailers based in Hamburg as to whether they allowed consumers to make purchases without creating a user account. This was mentioned in a press release issued by the HSA regarding a ruling by the Hamburg Higher Regional Court confirming a HSA’s decision that online retailers may, in certain circumstances, require consumers to create a user account. This, in turn, follows the guidance published by the German supervisory authorities (“German SAs”) in 2022 (in German), which stated that online retailers generally may not require consumers to create a user account in order to make a purchase.Continue Reading German SA Checks Whether Online Retailers Allow Consumers to Make Purchases Without Creating an Account
Covington’s Fifth Annual Technology Forum – Looking Ahead: New Legal Frontiers for the Tech Industry
Technology companies are grappling with unprecedented changes that promise to accelerate exponentially in the challenging period ahead. We invite you to join Covington experts and invited presenters from around the world to explore the key issues faced by businesses developing or deploying cutting-edge technologies. These highly concentrated sessions are packed
Continue Reading Covington’s Fifth Annual Technology Forum – Looking Ahead: New Legal Frontiers for the Tech IndustryTop Five EMEA Technology Trends to Watch in 2023
At the beginning of a new year, we are looking ahead to five key technology trends in the EMEA region that are likely to impact businesses in 2023.Continue Reading Top Five EMEA Technology Trends to Watch in 2023
Inside Privacy Audiocast: Episode 18 – Recent Developments in GDPR Enforcement
On Episode 18 of Covington’s Inside Privacy Audiocast, Dan Cooper, Moritz Hüsch, Kristof van Quathem, and Petros Vinis discuss GDPR enforcement, and the evolution of regulatory fines since the GDPR was enacted in 2018.
Covington’s Inside Privacy Audiocast offers insights into topical global privacy issues and
Continue Reading Inside Privacy Audiocast: Episode 18 – Recent Developments in GDPR Enforcement
EU Consumer Law Webinars
Consumer Law Developments
Over the past 5 years, the EU has launched several legislative initiatives aimed at revamping EU consumers protection laws. One such initiative was the “New Deal for Consumers” adopted by the European Commission on April 11, 2018. The New Deal for Consumers amends existing EU consumer legislation
Continue Reading EU Consumer Law Webinars
German Court Overturns GDPR Fine, Raises Legal Questions About Fines Against Companies
On February 18, 2021, the District Court of Berlin overturned a €14.5 million fine that had been imposed on German real estate company Deutsche Wohnen SE. The Court held that the fine – which was issued by the Berlin Supervisory Authority (“SA”) and had been the second highest fine in Germany so far under the EU General Data Protection Regulation (“GDPR”) – failed to satisfy certain rules under German law, and therefore was invalid.
This case raises important questions on the interplay between the GDPR and German law regarding the attribution of regulatory offenses to a company. In this blog post, we consider this topic in greater depth and how it may eventually be resolved in court.Continue Reading German Court Overturns GDPR Fine, Raises Legal Questions About Fines Against Companies