• Mehr als 3 Millionen Wörter Inhalt
  • |
  • info@itmedialaw.com
  • |
  • Tel: 03322 5078053
Rechtsanwalt Marian Härtel - ITMediaLaw

No products in the cart.

  • en English
  • de Deutsch
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
    • Laws
    • Legal terms
    • Contract types
    • Clause types
    • Forms of financing
    • Legal means
    • Authorities
    • Company forms
    • Tax
    • Concepts
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
Kurzberatung
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
    • Laws
    • Legal terms
    • Contract types
    • Clause types
    • Forms of financing
    • Legal means
    • Authorities
    • Company forms
    • Tax
    • Concepts
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
Rechtsanwalt Marian Härtel - ITMediaLaw

Cybersecurity tightening in 2025

10. October 2024
in Other
Reading Time: 5 mins read
0 0
A A
0
Cybersecurity tightening in 2025
Key Facts
  • New cybersecurity requirements: From August 2025, extended requirements will apply to hardware manufacturers, software developers, cloud services and mobile applications.
  • Network protection: Manufacturers must implement functions that prevent damage to communication networks and avoid faults.
  • Data protection: Proactive measures against unauthorized access require advanced encryption techniques and secure data transfer protocols.
  • Fraud protection: Integration of improved authentication mechanisms such as multi-factor authentication and biometric procedures is necessary.
  • API security: SaaS applications must implement secure authentication and regular security audits.
  • Extended liability: Providers can be held liable for security incidents if the new standards are not met.
  • Compliance monitoring: Establishing a system for continuous monitoring of the new security requirements is crucial.

As an IT lawyer with many years of experience in advising technology start-ups and SaaS companies, I would like to draw your attention to an important regulatory change that will come into force from August 2025. The EU is introducing new cybersecurity requirements that will have a significant impact on many of my clients. This tightening not only affects hardware manufacturers, but also has far-reaching consequences for software developers, cloud services and mobile applications.

Content Hide
1. Key points of the new requirements
2. Impact on SaaS developers and app providers
3. Legal implications for companies
4. Recommendations from a legal perspective
5. Conclusion and outlook
5.1. Author: Marian Härtel

Key points of the new requirements

  1. Network protection: Manufacturers must implement functions that prevent damage to communication networks and do not impair the functionality of websites or services. This means that devices and software must be designed in such a way that they do not cause unintentional disruptions or overloads in networks. For SaaS providers, this could mean that they need to check and optimize their applications for potential negative effects on network infrastructures.
  2. Data protection: Measures must be introduced to prevent unauthorized access to or transfer of user data. This goes beyond the existing GDPR requirements and requires proactive technical solutions to protect personal data. For app developers, this may mean implementing advanced encryption techniques and secure data transfer protocols.
  3. Fraud protection: Integration of improved authentication mechanisms to minimize the risk of fraud in electronic payments and money transfers. This could require the introduction of multi-factor authentication, biometrics or other advanced identity verification methods.

Impact on SaaS developers and app providers

The new regulations have far-reaching implications for the entire tech industry:

  1. API security: SaaS applications and apps that communicate with other services via APIs must pay particular attention to the security of these interfaces. This includes:
    • Implementation of secure authentication mechanisms, such as OAuth 2.0 or JWT
    • Encryption of data transmission with current standards (e.g. TLS 1.3)
    • Regular security audits of the API endpoints
    • Implementation of rate limiting and anomaly detection
    • Use of API gateways for central management and monitoring
  2. Data protection during transmission: Apps must ensure that no unauthorized transmission of personal data takes place when communicating with devices or services. This requires:
    • End-to-end encryption for sensitive data
    • Implementation of data masking and tokenization
    • Strict control of data access rights within the application
    • Regular review and cleansing of databases
  3. Integrity protection: Developers must implement measures to protect the integrity of their applications and prevent them from being misused to disrupt networks or services. These include:
    • Implementation of code signing and integrity checks
    • Regular security updates and patch management
    • Use of web application firewalls (WAF) and intrusion detection systems (IDS)
    • Carrying out penetration tests and vulnerability analyses
  4. Extended authentication: Robust authentication mechanisms must be integrated, especially for applications that enable payments or money transfers. This includes:
    • Implementation of multi-factor authentication
    • Use of biometric procedures (e.g. fingerprint, facial recognition)
    • Behavior-based authentication and anomaly detection
    • Compliance with the PSD2 directive for strong customer authentication
  5. Cloud security: SaaS providers must review and secure their cloud infrastructures:
    • Implementation of zero-trust architectures
    • Encryption of data at rest and during transmission
    • Regular safety audits and compliance checks
    • Use of Cloud Access Security Brokers (CASB)
  6. IoT security: There are additional challenges for developers of IoT applications:
    • Secure firmware updates and patch management
    • Implementation of device authentication and authorization
    • Network segmentation and isolation of IoT devices
    • Monitoring and anomaly detection in IoT networks

Legal implications for companies

From a legal perspective, this has the following consequences:

  • Extended liability: SaaS providers and app developers could be held liable for security incidents caused by a lack of implementation of the new security standards. This could lead to increased claims for damages and reputational damage.
  • Documentation requirements: It will be necessary to comprehensively document compliance with security requirements, particularly in relation to API security and data protection measures. This requires the introduction of detailed logging and reporting systems.
  • Contract amendments: T&Cs and terms of use need to be revised to cover the new security features and obligations. This may also involve adapting service level agreements (SLAs) and data protection agreements.
  • Certification requirements: It is likely that new certification standards will be introduced to demonstrate compliance with cybersecurity requirements. Companies must prepare for complex certification processes.
  • Cross-border data transfers: The new requirements could have an impact on the permissibility of data transfers to third countries, requiring a review and possible adaptation of existing data transfer agreements.

Recommendations from a legal perspective

  1. Security audit: Conduct a comprehensive analysis of your applications and APIs to identify potential vulnerabilities. Hire external security experts for independent assessments.
  2. API security strategy: Develop a robust strategy to secure your APIs, including regular penetration tests and security updates. Implement an API management system for centralized control and monitoring.
  3. Data protection impact assessment: Review and update your DPIAs taking into account the new security requirements, especially with regard to data transfer between apps and devices. Also consider scenarios for data breaches and their legal consequences.
  4. Training courses: Sensitize and train your developer teams regarding the new legal requirements and technical implementations. Establish a continuous training program on cybersecurity topics.
  5. Contractual protection: Check contracts with third-party providers and service providers to ensure that they also comply with the new security standards. Implement liability distribution and indemnification clauses.
  6. Incident Response Plan: Develop a detailed plan for dealing with security incidents that takes legal, technical and communication aspects into account.
  7. Compliance monitoring: Establish a system to continuously monitor compliance with the new security requirements, including regular internal audits.
  8. Insurance cover: Check your existing cyber insurance policies and adjust them if necessary to cover the new risks.

Conclusion and outlook

The upcoming changes pose a significant challenge, but also offer opportunities to improve product safety and customer confidence. As a specialist IT lawyer, I strongly advise a proactive approach. Dealing with the new requirements at an early stage enables companies to minimize potential legal risks and gain a competitive advantage, and while implementing the new security standards will involve costs and effort, it can lead to an improved market position in the long term. Companies that adapt at an early stage can use this as a differentiating factor and strengthen the trust of their customers.I would be happy to support you in the legally compliant implementation of the new cybersecurity requirements. From analyzing your current situation to drafting adapted contracts and supporting the implementation process – my law firm is at your side with in-depth expertise. We offer tailor-made solutions that take into account both the legal and technical aspects of the new regulations, and let us work together to ensure that your company is optimally equipped for the regulatory challenges of the future. In an increasingly networked world, cybersecurity is becoming a decisive factor for business success. Take the opportunity to position yourself as a pioneer in security and compliance.

Marian Härtel
Author: Marian Härtel

Marian Härtel ist Rechtsanwalt und Fachanwalt für IT-Recht mit einer über 25-jährigen Erfahrung als Unternehmer und Berater in den Bereichen Games, E-Sport, Blockchain, SaaS und Künstliche Intelligenz. Seine Beratungsschwerpunkte umfassen neben dem IT-Recht insbesondere das Urheberrecht, Medienrecht sowie Wettbewerbsrecht. Er betreut schwerpunktmäßig Start-ups, Agenturen und Influencer, die er in strategischen Fragen, komplexen Vertragsangelegenheiten sowie bei Investitionsprojekten begleitet. Dabei zeichnet sich seine Beratung durch einen interdisziplinären Ansatz aus, der juristische Expertise und langjährige unternehmerische Erfahrung miteinander verbindet. Ziel seiner Tätigkeit ist stets, Mandanten praxisorientierte Lösungen anzubieten und rechtlich fundierte Unterstützung bei der Umsetzung innovativer Geschäftsmodelle zu gewährleisten.

Tags: AnalyseAuthenticationBeratungCompetitive advantageComplianceCustomizationDeveloperEuGDPRHaftungLawyerManagementPrivacySaasserviceSicherheitSoftwareStartupsTechnologyVerträgeWebsites

Weitere spannende Blogposts

Fake invoices and false IBAN transfers

004328889deb45fa8c51e99e8a347ade
10. July 2024

As an experienced lawyer for IT and media law, I regularly handle cases of invoice fraud and misdirected bank transfers....

Read moreDetails

Smart contract implementation in traditional contracts

Smart contract implementation in traditional contracts
10. October 2024

The integration of smart contracts into traditional contract structures opens up fascinating opportunities for blockchain start-ups, but also poses complex...

Read moreDetails

Valve + 5 game publishers and violation of geoblocking/antitrust law

Valve + 5 game publishers and violation of geoblocking/antitrust law
12. April 2019

I hinted at it in this post on the geo-blocking regulation. Now the European Commission has informed Valve, as owner...

Read moreDetails

Searches in cases of “Google Fonts” cease-and-desist letters

Searches in cases of “Google Fonts” cease-and-desist letters
3. January 2023

In proceedings against two defendants - a 53-year-old lawyer based in Berlin and his 41-year-old client, the alleged representative of...

Read moreDetails

Data protection madness: when theory and practice collide

f317f7f3f7914aba4fccb4f129a8060c
26. June 2024

Data protection madness: when theory and practice collide I normally write very neutral, factual articles in my blog on various...

Read moreDetails

Esport Contracts: Professional Players

Esport Contracts: Professional Players
29. January 2020

Player contracts in esport. What should i consider? In the past, it was unusual for players to have their own...

Read moreDetails

Digistore24 is liable for infringements of competition law by its clients

1af488a272d1cfb788f65cc7e6bd1023
13. August 2024

Digistore24 is liable for infringements of competition law by its clients In a recent ruling, the Higher Regional Court of...

Read moreDetails

Data protection: “Targeted advertising” through “legitimate interest” at the end? EDPB vs. meta

Data protection: “Targeted advertising” through “legitimate interest” at the end? EDPB vs. meta
4. January 2023

Just this morning I reported on the LG München decision on Focus.de, and another decision seems to have dealt the...

Read moreDetails

Federal Constitutional Court rules in favor of both manufacturers

Federal Constitutional Court rules in favor of both manufacturers
7. November 2022

The Federal Constitutional Court reversed a very controversial decision of the Dresden Higher Regional Court in favor of my client...

Read moreDetails
Eigentum an Software – Wem gehört eigentlich der Code?
Copyright

Eigentum an Software – Wem gehört eigentlich der Code?

14. July 2025

Während ich an meinem eigenen WordPress-Plugin code, taucht immer wieder eine Frage auf: Gehört mir diese Software wirklich? Im Alltagsverständnis...

Read moreDetails
Startup ohne Entwickler?

Startup ohne Entwickler?

8. July 2025
Keine stillschweigende AGB-Änderung – Schweigen gilt nicht als Zustimnung

Keine stillschweigende AGB-Änderung – Schweigen gilt nicht als Zustimnung

7. July 2025
So langsam nimmt der Shop Form an

So langsam nimmt der Shop Form an

3. July 2025
Dark Patterns: UX-Tricks im Visier von Gesetzgeber und Gerichten

Dark Patterns: UX-Tricks im Visier von Gesetzgeber und Gerichten

2. July 2025

Podcastfolge

KI im Recht: Chancen, Risiken und Regulierung – der IT Media Law Podcast Episode 3

KI im Recht: Chancen, Risiken und Regulierung – der IT Media Law Podcast Episode 3

28. August 2024

Willkommen zur dritten Episode unseres Podcasts "IT Media Law"! In dieser Folge tauchen wir ein in die faszinierende Welt der...

Read moreDetails
Innovative Geschäftsmodelle – Risiko und Chance zugleich

Innovative Geschäftsmodelle – Risiko und Chance zugleich

10. September 2024
Der IT Media Law Podcast. Folge Nr. 1: Worum geht es hier eigentlich?

Der IT Media Law Podcast. Folge Nr. 1: Worum geht es hier eigentlich?

26. August 2024
Rechtskette beim Spieleentwickler

Rechtskette beim Spieleentwickler

19. April 2025
Juristische Trends für Startups 2025: Chancen und Herausforderungen

Juristische Trends für Startups 2025: Chancen und Herausforderungen

19. April 2025

Video

Mein transparente Abrechnung

Mein transparente Abrechnung

10. February 2025

In diesem Video rede ich ein wenig über transparente Abrechnung und wie ich kommuniziere, was es kostet, wenn man mit...

Read moreDetails
Faszination zwischen und Recht und Technologie

Faszination zwischen und Recht und Technologie

10. February 2025
Meine zwei größten Herausforderungen sind?

Meine zwei größten Herausforderungen sind?

10. February 2025
Was mich wirklich freut

Was mich wirklich freut

10. February 2025
Was ich an meinem Job liebe!

Was ich an meinem Job liebe!

10. February 2025
  • Privacy policy
  • Imprint
  • Contact
  • About lawyer Marian Härtel
Marian Härtel, Rathenaustr. 58a, 14612 Falkensee, info@itmedialaw.com

Marian Härtel - Rechtsanwalt für IT-Recht, Medienrecht und Startups, mit einem Fokus auf innovative Geschäftsmodelle, Games, KI und Finanzierungsberatung.

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
    • Laws
    • Legal terms
    • Contract types
    • Clause types
    • Forms of financing
    • Legal means
    • Authorities
    • Company forms
    • Tax
    • Concepts
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
  • en English
  • de Deutsch
Kostenlose Kurzberatung