The financing of terrorist activities is a crucial component of global security threats. Funds for such activities can originate from both legal and illegal sources, often disguised as seemingly legitimate transactions. Governments and international organizations have created an increasingly complex regulatory framework to effectively combat terrorist financing. However, as with any criminal law regulation, this endeavor presents significant legal challenges.
Tag: cryptocurrencies
Cyber incidents, whether caused by external attackers or internal employees, present immense challenges to companies. In addition to ensuring business continuity, the forensic analysis of such incidents is essential to minimize damage, identify perpetrators, and collect legally admissible evidence. However, IT forensics operates in a highly complex legal environment. Companies must closely align legal requirements and technical capabilities not only to close security gaps but also to prevail in potential legal disputes.
The pressing questions are: How can incidents be clarified, perpetrators identified, and all legal requirements met at the same time? IT forensics provides essential tools but is not solely a technical discipline. It requires a precise interplay of technology, law, and organizational measures. Management, in particular, is responsible for creating an environment in which IT forensic measures can be implemented effectively and in compliance with the law—ideally before an incident occurs. This article highlights the legal aspects of IT forensics, from threat analysis to securing evidence that is admissible in court.
In recent years, law enforcement agencies across Europe have made headlines with high-profile operations targeting encrypted messaging services like EncroChat, ANOM, SkyECC, and more recently, Ghost. These services, which were primarily used by organized criminal networks, have posed significant challenges for both investigators and defense attorneys.
The takedown of these platforms has led to the capture of massive amounts of data, often including millions of messages that were previously thought to be inaccessible due to advanced encryption. While these operations, like “Project Overclock,” have been celebrated as major successes in the fight against organized crime, they also raise significant concerns, particularly when it comes to the rights of defendants and the difficulties their legal teams face.
Money laundering is a serious crime in Germany, designed to combat the process of concealing the origins of illegally obtained money. Understanding the legal framework, risks, and potential consequences is crucial for foreign individuals and businesses operating in Germany, especially given recent changes in the law.
Implementation of the NIS2 Directive in Germany: There are now draft laws on the implementation of the NIS2 Directive in Germany, and a clear line can be seen. In Germany, the NIS2 Directive is implemented by the “Act on the Implementation of the NIS-2 Directive and on the Regulation of Essential Principles of Information Security Management in the Federal Administration”. It is also known as the “NIS-2 Implementation and Cybersecurity Strengthening Act” or “NIS2UmsuCG” for short.
At the heart of it all is the German “BSI Act”: this law was originally created to regulate the competencies and measures of the Federal Office for Information Security (BSI). However, this law is increasingly being transformed into a set of cyber security regulations. This was already foreseeable with the German IT Security Act and has been enhanced with the IT Security Act 2.0. IT security in Germany – and Europe – is thus being raised to a completely new level and the economy in particular will have to dress warmly.
Note on the current status of the legislative process: The NIS2 Directive must actually be implemented by mid-October. However, draft bills have only been available since May 2024, which already raises doubts as to whether this will happen in time. With this in mind, a paragraph has been added on what delayed implementation means. The article has been updated to the status of the second draft bill (processing status: 24.06.2024).
In an internationally coordinated operation, the server infrastructure of the illegal darknet marketplace “Kingdom Market”, which is spread across several countries, has been seized since December 16, 2023 and thus shut down.
Categories
Lawyer for European IT law
European IT law
Lawyer for European IT law
Your lawyer for European IT law: European IT law is a complex and dynamic area of law that deals with the regulation of information technology in the European Union (EU). It covers a wide range of topics, including data protection, cyber security, e-commerce, intellectual property and telecommunications.
European IT law has a significant impact on the national IT law of the member states, as it creates a common legal framework for the digital single market in the EU. This makes it possible to draw up a fundamental legal assessment for all EU member states in selected areas of IT law at European level.
Specialist lawyer for IT law Jens Ferner (Germany) advises companies on European IT law: The Europeanization of IT law offers companies outside Europe the opportunity to clarify elementary legal issues for the extensive, economically strong EU area in advance. Especially the blatantly important areas such as data law, data protection law and IT security law are subject to Europe-wide regulations!
European IT law: basics and areas of application
European IT law is an integral part of EU law and aims to create a single digital market. It regulates the use and protection of data, the security of networks and information systems, electronic commerce and the rights and obligations of users and providers of IT services.
Some of the most important legal acts in this area are the General Data Protection Regulation (GDPR), the Directive on the security of network and information systems (NIS Directive and NIS2 Directive) and the Directive on electronic commerce. However, there are also legal acts that are not directly attributable to IT law, such as consumer law, which determine which general terms and conditions and other contractual terms and conditions are permissible.
Effects on national IT law
European IT law affects national IT law in a variety of ways. On the one hand, it obliges the member states to adapt their national law to the EU requirements. This leads to a harmonization of IT law throughout the EU, which facilitates cross-border trade and data exchange.
Secondly, it creates a common legal framework for the regulation of IT services, providing legal certainty for providers and users. Thirdly, it can act as a catalyst for reform of national IT legislation by encouraging Member States to modernize their legislation and adapt it to technological developments.
An IT law lawyer with a European focus helps to recognize the overall picture and to interpret national regulations from the outset in such a way that successful lawsuits can be avoided.
EU-wide IT law – something is coming your way …
IT law, including legal issues relating to digitalization, is high on the EU agenda in European IT law. You should be prepared, cleaning up afterwards is just more time-consuming (and therefore more expensive) than taking care of it beforehand. Today, European IT law must be at the top of every digital company’s agenda – waiting is no longer an option!
The EU’s digitalization policy has become extremely complex – and you may only be indirectly affected by IT law. We want to and will at least briefly write something about all the important topics and specialist IT lawyer Jens Ferner will of course provide advice:
- AI Act: Artificial Intelligence Act (AI Regulation and AI Directive) [Here with us]
- CRA: Cyber Resilience Act [Here with us]
- CSAM: Regulation on Child Sexual Abuse Material
- DGA: Data Governance Act und Data Act [Hier bei uns]
- DMA: Digital Markets Act
- DORA: Digital Operational Resilience Act
- DSA: Digital Services Act
- ECA: European Chips Act [Hier bei uns]
- EPVo: ePrivacy Regulation
- MaRisk: Minimum requirements for risk management
- MiCA: Markets in Crypto-Assets
- NIS2: Directive on Security of Network and Information Systems [Hier bei uns]
- Supply Chain: Supply Chain Due Diligence Act
- TTPF: EU-US Transparency Privacy Framework
- Geoblocking Regulation (EU) 2018/302: Elimination of unjustified discrimination in online purchases [Here with us]
- P2B regulation for more fairness [Here with us]
- eEvidence-Verordnung [Hier bei uns]
Important EU legal acts in European IT law
There are several EU directives and regulations that shape national IT law. Here are some of the most important ones, although our website provides a more in-depth overview:
- General Data Protection Regulation (GDPR): This regulation is a central component of European data protection law. It lays down strict rules for the processing of personal data and gives citizens extensive rights in relation to their data. The GDPR has a significant impact on national IT law, as it must be implemented by all EU member states.
- Directive on the security of network and information systems (NIS Directive): This directive is the first EU-wide legal instrument for cyber security. It obliges Member States to develop national strategies for the security of network and information systems and to comply with a set of minimum security requirements. It is supplemented by the Cyber Resilience Act, which will have a noticeable impact on product compliance.
- Directive on electronic commerce (E-Commerce Directive): This directive regulates various aspects of electronic commerce in the EU, including the liability of online service providers, commercial communications and electronic contracts.
- Copyright Directive in the Digital Single Market: This directive aims to modernize copyright law in the EU and adapt it to the digital age. It contains provisions on the liability of online platforms for copyright-protected content and on access to works for educational purposes.
- Computer programs: The EU Directive on the legal protection of computer programs (Directive 2009/24/EC) is an important legal instrument that regulates the copyright protection of computer programs in the European Union. It was originally adopted in 1991 and later replaced by Directive 2009/24/EC. The Directive clarifies that computer programs are protected by copyright in their expression. This means that the source code and object code of a program are protected, but not the ideas and principles on which the program is based. The Directive also contains provisions on the rights of rightholders, including the right of reproduction, distribution and communication to the public. However, it also provides for exceptions to these rights, e.g. for copying or modifying a program for personal use or for reverse engineering for the purpose of interoperability. The EU Directive on the legal protection of computer programs has a significant impact on the national IT law of the member states, as it creates a common legal framework for the copyright protection of computer programs in the EU. It obliges the member states to adapt their national laws to the requirements of the directive in order to ensure uniform protection of computer programs throughout the EU.
- Directives on contracts: The Consumer Rights Directive, the Digital Content Directive and the Sale of Goods Directive shape contract law in IT law.
- Regulation on Consumer Protection Cooperation (CPC Regulation): This regulation lays down rules for cooperation between national consumer protection authorities in the EU, including the enforcement of consumer protection laws in the digital area.
These legal acts have a significant impact on national IT law, as they create a common legal framework for the regulation of IT services in the EU and oblige the member states to adapt their national laws to the EU regulations.
Conclusion on European IT law
European IT law plays a decisive role in shaping the digital single market in the EU. It has a significant impact on national IT law, as it creates a common legal framework for the regulation of IT services and obliges member states to adapt their national laws to EU regulations. In view of the rapid technological development and the increasing digitalization of the economy and society, it can be assumed that European IT law will continue to play a key role in shaping national IT law in the future.
The violation of sanctions (“embargo violation”) is punishable by considerable sanctions – and especially in the past months it is by no means such an exotic violation that one should not have it on one’s radar. In recent months, our law firm has been confronted mainly with requests for advice in the area of software and technology goods, where the question of import or export arises via quite tricky detours.
The fact that criminal proceedings arise in Germany because of cryptocurrencies has long since ceased to be a peculiarity. Many tax advisors take on the topic and solicit clients – but those who only think with the view of tax law can cost their clients a lot of money. In recent years, as a German criminal defense lawyer, I have regularly acted as a defender in criminal proceedings concerning cryptocurrencies – and can only urge caution.
Cybercrime is changing more and more, not only in terms of the increasingly monetized and professionalized approach, but also in the investigators’ approach: Whereas in the past the focus was on perpetrators and also delimitable perpetrator structures, today, in my view, it is increasingly infrastructures that are the focus.