Start-up euphoria, innovative ideas, technical know-how – these are the ingredients of many start-up success stories. However, what is regularly underestimated are the legal challenges that await founders right from the start. Anyone who is negligent here risks warnings, cost-intensive corrections, disputes between the parties involved and, in the worst case, the failure of the business idea.
With a view to the current legal requirements and the latest case law, here is an overview of the most common legal pitfalls that arise, especially for young companies – including practical tips on how to avoid them.

What are the most common mistakes?

1. missing or incorrect mandatory information on the website (imprint & Co.)

When the Digital Services Act (DDG) came into force in July 2024, the requirements for provider identification were revised. The classic imprint obligation (Section 5 TMG) has been incorporated into Section 5 DDG. The complete details of the responsible persons or the correct entry of register and VAT data are often missing. This applies not only to traditional websites, but also to social media sites, apps and online stores.

Solution:

• Provide mandatory information in accordance with § 5 DDG in full and in a way that is easy to find.
• Always keep the legal notice and privacy policy up to date, even if the legal form or address changes.
• Don’t forget mandatory information for LinkedIn, Instagram and other profiles.

Practical tip:
Many start-ups use modular systems or agencies. Here, it should be checked whether the provided imprint generators really meet the current legal requirements.

2. trademark law and company names are ignored

Company names, product designations, logos – these are often used without any trademark research or strategic protection. If it is later discovered that identical or similar signs are already protected, there is a risk of warnings, injunctions and even claims for damages. This risk is often neglected, especially in the seed phase.

Solution:

• Before choosing a company name and logo, carry out a search in the registers of the DPMA and the EUIPO.
• Register trademarks at an early stage to avoid conflicts later on.
• Also consider international classes and property rights for later expansion.

Practical tip:
The registration of the domain alone is not an indication of the availability of the name from a trademark law perspective. The domain and trademark must be considered separately.

3. articles of association and founder agreements: Insufficient form and content

Many start-ups begin with verbal or only superficially written agreements. Disputes about shares, vesting or responsibilities are then often inevitable during the growth phase. These failures become painfully apparent when investors join or when the company exits.

Solution:

• Set out articles of association and shareholders’ agreements clearly and in writing.
• Vesting regulations, exit scenarios, non-competition clauses and confidentiality clauses.
• Make arrangements for the transfer of shares at an early stage.

Practical tip:
It is not only the whether, but above all the how of a founder agreement that determines subsequent legal certainty.

4. incorrect or outdated business address details, registration and reporting obligations

Address changes, changes of registered office or changes of name must not only be updated in the commercial register, but also at the tax office, trade office and on all online presences. This is where omissions regularly occur.

Solution:

• Immediate notification of any changes to all relevant authorities.
• Check whether the general terms and conditions, legal notice and contracts also need to be adapted.

Practical tip:
Many funding programs, banks or partners check the correctness of the register data before concluding contracts.

5. data protection is neglected – especially when using AI and cloud services

The GDPR and recent rulings (e.g. on the integration of tracking tools, AI services or international cloud providers) have further increased the requirements. The legally compliant design of processes is essential, especially for innovative, data-driven business models.

Solution:

• Maintain a processing directory and carry out a data protection impact assessment.
• Tailor the privacy policy to the individual business model.
• conclude data processing agreements (DPAs) with all service providers.
• Take data protection into account when developing new products (privacy by design).

Practical tip:
Data protection risks should also be identified at an early stage when using open source software, chatbots or AI services.

6. late or incorrect entries in the commercial register

Corporations (GmbH, UG) in particular may only engage in legal transactions once they have been entered in the commercial register. If this is disregarded, founders can be personally liable and contracts are often invalid in the start-up phase.

Solution:

• Await entry in the commercial register and proper publication.
• No transactions may be conducted on behalf of the company prior to registration.

Practical tip:
Changes to the management, registered office or object of the company must also be entered immediately.

7 Intellectual property: Rights to software, designs and content not secured

It is particularly problematic when freelancers, agencies or working students are involved in the development. If there is no clear transfer of usage rights, these remain with the author.

Solution:

• In all contracts with external developers and agencies, regulate the transfer of all rights of use in writing (§ 31 UrhG).
• Subsequent clarification is usually time-consuming and expensive.

Practical tip:
Even with open source licenses, it must be checked whether and to what extent commercial use and modification is permitted.

8. general terms and conditions (GTC) and consumer information incomplete or incorrect

Online retailers in particular are subject to extensive information and instruction obligations. Incorrect or outdated general terms and conditions, unclear liability regulations or missing revocation instructions lead to warning risks and legal uncertainties.

Solution:

• Have customized general terms and conditions created.
• Adapt sample texts to the respective business model and target group (B2B/B2C).
• Comply with consumer rights and distance selling regulations.

Practical tip:
Free samples from the Internet are rarely up-to-date and almost never tailored to your own business model.

9. social security law and labor law obligations are not complied with

Employees must be correctly registered and accounted for. It is particularly common for bogus self-employment among freelancers to go unrecognized or for the Minimum Wage Act to be ignored. The consequences are back payments, fines and, in extreme cases, even criminal prosecution.

Solution:

• Checking the status (employee vs. self-employed) of all employees.
• Compliance with social security, tax office and employers’ liability insurance association reporting obligations.
• Formulate employment contracts clearly and unambiguously.

Practical tip:
Interns and working students must also be registered (depending on the type of activity).

10. no or insufficient limitation of liability and insurance

Liability risks are often underestimated in the initial phase. Errors during development, defective products or breaches of contract can quickly threaten a company’s existence.

Solution:

• Check and take out business and financial loss liability insurance.
• Clearly regulate limitations of liability in contracts and general terms and conditions.
• Regularly reassess risks, particularly in the event of product adjustments or expansion.

Practical tip:
In the case of a GmbH, the limitation of liability to the company’s assets only provides protection if the formal and actual separation of private and company assets is consistently observed.

Bonus: Other typical sources of error in everyday startup life

• Failure to comply with tax obligations: Deadlines for advance VAT returns, profit determination and annual financial statements are often missed.
• Incorrect funding applications: Incorrect or late information can lead to the reclaiming of funding.
• Insufficient documentation for investor rounds: Cap tables, shareholder lists and convertible loans must be kept transparent.

Detailed checklist for legally compliant startup foundation and development

Before foundation

• Articles of association/founder’s agreement drawn up and notarized (for GmbH/UG)
• Company name, brand and domain checked and secured
• Business address registered and consistently entered everywhere
• Data protection processes and privacy policy prepared

During operation

• Imprint and mandatory information according to DDG implemented
• Up-to-date and industry-specific general terms and conditions and revocation instructions
• Rights transfers (IP, software, content) contractually clarified
• Contracts with employees, freelancers and service providers clearly regulated
• Social security and tax office: all employees registered
• Insurance policies taken out and liability regulations reviewed
• Keeping an eye on bookkeeping, tax deadlines and subsidies

Regular review

• Updates to data protection and legal notice in the event of changes to the law
• Check whether new products or markets trigger additional requirements
• Monitoring of trademark rights and domains
• Adaptation of general terms and conditions, data protection, contracts in the event of expansion or business model adjustment

Conclusion

If you know the typical sources of legal errors, you can establish structures and processes from the outset that avoid expensive legal disputes. Legal risks cannot be completely eliminated, but they can be minimized through professional support, continuous training and consistent implementation of legal requirements. Setting up a start-up is demanding – legal diligence always pays off in the end.

Author: Marian Härtel

Marian Härtel ist Rechtsanwalt und Fachanwalt für IT-Recht mit einer über 25-jährigen Erfahrung als Unternehmer und Berater in den Bereichen Games, E-Sport, Blockchain, SaaS und Künstliche Intelligenz. Seine Beratungsschwerpunkte umfassen neben dem IT-Recht insbesondere das Urheberrecht, Medienrecht sowie Wettbewerbsrecht. Er betreut schwerpunktmäßig Start-ups, Agenturen und Influencer, die er in strategischen Fragen, komplexen Vertragsangelegenheiten sowie bei Investitionsprojekten begleitet. Dabei zeichnet sich seine Beratung durch einen interdisziplinären Ansatz aus, der juristische Expertise und langjährige unternehmerische Erfahrung miteinander verbindet. Ziel seiner Tätigkeit ist stets, Mandanten praxisorientierte Lösungen anzubieten und rechtlich fundierte Unterstützung bei der Umsetzung innovativer Geschäftsmodelle zu gewährleisten.