The use of evidence obtained during criminal proceedings by the tax authorities repeatedly raises delicate constitutional issues. In its decision of 23 April 2025 (I B 51/22), the Federal Fiscal Court (BFH) clarified: If digital evidence — here, a hard drive — is handed over to the tax office without the mandatory prior screening by the public prosecutor’s office, this violates the fundamental right to informational self-determination and results in an exclusion of evidence.
Category: Liability of the management
Raw materials are no longer just the foundation of industrial value creation – they have become a core element of geopolitical power strategies. In a world experiencing technological decoupling, the interplay between supply security, economic sovereignty, and corporate responsibility is entering a new and volatile phase. European industry, in particular, faces a systemic challenge: it is heavily dependent on imports from politically unstable or strategically assertive states, without possessing adequate security mechanisms.
This situation is not solely a political dilemma – it carries direct legal implications for corporate governance. Those who rely on business-as-usual in a foreseeably unstable supply environment are not only risking operational disruptions but also personal liability. This article analyzes the raw materials crisis through the lens of geopolitical developments and links it to the legal obligations for forward-looking, liability-aware corporate action.
Legal Standards and Case Law on CEO-Fraud: Phishing and CEO fraud have become prominent tools in the arsenal of organized cybercrime. Increasingly, companies are not just targets but gateways through which substantial sums are misappropriated—often under the guise of legitimate internal instructions. The legal fallout is predictable yet complex: Who bears the financial loss when a manipulated employee executes a fraudulent payment? Can the company hold its bank liable, or does the responsibility fall on internal governance?
This article explores the legal framework governing the liability of phishing and CEO fraud victims, particularly from a civil law perspective. The analysis is grounded in recent German case law, interpreted within the context of the European PSD2 regime and modern organizational security obligations.
The Resurgence of Espionage as a Business Risk: Economic espionage has returned—not as a relic of Cold War intrigue, but as a dominant, digitally enabled force in the contemporary global economy. What once occurred through shadows and surreptitious briefcases now unfolds across networks, supply chains, cloud infrastructures, and human behavior. With over 80% of companies in Germany alone reporting incidents of data theft, sabotage, or espionage in the past year, what we are witnessing is not a security crisis but a structural shift in the nature of competition.
Companies that want to optimize their processes, make more informed decisions or develop innovative business models are increasingly relying on AI systems. However, the technological opportunities are also accompanied by considerable legal challenges, particularly with regard to warranty law. Anyone wishing to acquire an AI system for their company or train their own neural network on platforms such as Azure or AWS should carefully examine the legal framework.
In 2025, robotics will have established itself as one of the driving forces in our society: intelligent machines are not only finding their place in industry, but also increasingly in everyday life. This development creates both opportunities and profound challenges that affect the labor market, the structure of society and the legal system. A recent article in the Handelsblatt serves as a starting point for me to write a few fresh lines on an underrated topic with considerable legal and socio-political explosiveness. Note: The article first appeared in German on my blog on robotics law!
Cyber incidents, whether caused by external attackers or internal employees, present immense challenges to companies. In addition to ensuring business continuity, the forensic analysis of such incidents is essential to minimize damage, identify perpetrators, and collect legally admissible evidence. However, IT forensics operates in a highly complex legal environment. Companies must closely align legal requirements and technical capabilities not only to close security gaps but also to prevail in potential legal disputes.
The pressing questions are: How can incidents be clarified, perpetrators identified, and all legal requirements met at the same time? IT forensics provides essential tools but is not solely a technical discipline. It requires a precise interplay of technology, law, and organizational measures. Management, in particular, is responsible for creating an environment in which IT forensic measures can be implemented effectively and in compliance with the law—ideally before an incident occurs. This article highlights the legal aspects of IT forensics, from threat analysis to securing evidence that is admissible in court.
Insolvency delay is often underestimated in corporate management but can have significant legal and economic consequences. This article provides a comprehensive overview of the relevant legal aspects of insolvency delay, explains its background, and outlines how management can avoid liability risks.
In its ruling from July 23, 2024 (Case No. 84 O 124/23), the District Court of Cologne addressed the legal obligation of retailers to accept old electronic devices under specific conditions free of charge. The court focused on the take-back obligation under the German Electrical and Electronic Equipment Act (ElektroG) and whether a retailer’s refusal to accept old electronic devices constituted a violation of these statutory requirements.
The European Court of Justice (ECJ) recently issued a ruling (judgment of October 4, 2024) stating that the General Data Protection Regulation (GDPR) does not provide an exhaustive list of who may pursue data protection violations. This decision has significant implications for competitors who seek to address GDPR breaches.