To The Point: Technology & Digitalisation | December 2022

• Published date: 28 December 2022
• Subject Matter: Intellectual Property, Privacy, Technology, Copyright, Privacy Protection, Security, New Technology
• Law Firm: Schoenherr Attorneys at Law
• Author: Mr Christoph Haid and Anna Sofia Reumann

Welcome to the December edition of Schoenherr's to the point: technology & digitalisation newsletter!

We are excited to present a selection of legal developments in the area of technology & digitalisation in the wider CEE region.


Insights waiting for you in this edition:

• Preface: Holly Jolly DMA | Christoph Haid, Anna Sofia Reumann
• Update on the latest US/EU Privacy Shield developments | Günther Leissler, Veronika Wolfbauer
• Energy utopia: dream or reality? | Felix Schneider
• Cyber-Update No. 1: NIS 2 | Veronika Wolfbauer
• Cyber-Update No. 2: Digital operational resilience in the financial sector | Veronika Wolfbauer
• Update on AI | Veronika Wolfbauer
• Interview with ChatGPT (calls itself Assistant) | Tullia Veronesi
• New crowdfunding regulations in Romania | Madalina Neagu

Preface: Holly Jolly DMA | Christoph Haid, Anna Sofia Reumann

2022 made history as one of the most exciting years for digital law enthusiasts.

The downfall of crypto exchange FTX, epic battles on platform liability and data privacy, not to mention all these new NFT projects... In the antitrust world, our attention was above all focused on the Digital Markets Act (DMA), which came into force on 1 November and aims to ensure that competitors can take part in digital markets and that relationships between so-called gatekeepers and their users are fair.

A few days ago, the European Commission (EC) sent us an early Christmas gift with the newly published draft implementing regulation, which includes procedural rules related to the designation of gatekeepers and the enforcement of the DMA (see here). In general, the draft regulation gives the impression that the EC wants to keep the gatekeeper designation procedure as quick and low-key as possible. Article 29(2) states that the EC "shall endeavour to adopt its non-compliance decision within 12 months from the opening of proceedings." Given the usual duration of antitrust and merger control proceedings before the EC, this seems extremely short and will be challenging for all parties involved.

In a first for the EC, notifying companies will be subject to a strict page limit for the notification form for designation (maximum 50 pages for each core platform service (CPS)) and the rebuttal (maximum 25 pages for each CPS). To all those who just got a bit of a throwback to the good old student days and would simply "cheat" by using a smaller font: such clever strategies will not be possible as "the text shall be in a commonly-used font (...) in at least 12 point in the body of the text and at least 10 point in the footnotes, with single line spacing, and upper, lower, left and right margins of at least 2.5 cm." Whether further explanations can be placed in appendices remains to be seen.

In any case, the draft clearly shows that the EC does not want to dwell on the gatekeeper designation process for long, despite the profound consequences a designation may have for the notifying company. Interested parties have until 6 January 2023 to comment on the draft. The EC then plans to adopt the new rules by the first quarter of 2023. And even though there may still be changes to the designation process for gatekeepers, one thing is already clear: you will definitely hear more about the DMA in 2023, including in this newsletter.

Thank you for following us in 2022 and please continue to do so next year. We wish you a great holiday season, a Merry Christmas and a Happy New Year! Looking forward to 2023!

Update on the latest US/EU Privacy Shield developments | Günther Leissler, Veronika Wolfbauer

On 13 December, the European Commission launched the process to adopt an adequacy decision for EU-US data transfers. The draft decision will address the concerns raised by the Court of Justice of the European Union in its Schrems II decision. It follows the signature of an Executive Order by President Biden on 7 October 2022 and has now been transmitted to the European Data Protection Board (EDPB) for its opinion. Afterwards, it must run through a committee of representatives of the EU Member States and the European Parliament before the European Commission can adopt the final adequacy decision. That decision would then allow data to flow freely and safely between the EU and US companies certified by the Department of Commerce under the new framework. Details here.

Energy utopia: dream or...