• Areas of expertise
  • |
  • About me
  • |
  • Principles as a lawyer
  • Tel: 03322 5078053
  • |
  • info@itmedialaw.com
ITMediaLaw - Rechtsanwalt Marian Härtel
  • en English
  • de Deutsch
  • About lawyer Marian Härtel
    • About lawyer Marian Härtel
      • Ideal partner
      • About lawyer Marian Härtel
      • Video series – about me
      • Why a lawyer and business consultant?
      • Principles as a lawyer
      • Focus on start-ups
      • Nerd und Rechtsanwalt
      • Ideal partner
      • How can I help clients?
    • Über die Kanzlei
      • How clients benefit from my network of colleagues, partners and service providers
      • Quick and flexible access
      • Agile and lean law firm
      • Team: Saskia Härtel – WHO AM I?
      • Price overview
    • How can I help clients?
    • Sonstige Informationen
      • Einwilligungen widerrufen
      • Privatsphäre-Einstellungen ändern
      • Historie der Privatsphäre-Einstellungen
      • Privacy policy
    • Testimonials
    • Imprint
  • Leistungen
    • Focus areas of attorney Marian Härtel
      • Support with the foundation
      • Games law consulting
      • Advice in e-commerce
      • Support and advice of agencies
      • Legal advice in corporate law: from incorporation to structuring
      • Legal compliance and expert opinions
      • Streamers and influencers
      • Cryptocurrencies, Blockchain and Games
      • Outsourcing – for companies or law firms
    • Arbeitsschwerpunkte
      • Games and esports law
        • Esports. What is it?
      • Corporate law
      • IT/IP Law
      • Consulting for influencers and streamers
        • Influencer & Streamer
      • Contract review and preparation
      • DLT and Blockchain consulting
        • Blockchain Overview
      • Investment advice
      • AI and SaaS
  • Artikel/News
    • Langartikel / Guides
    • Law and computer games
    • Law and Esport
    • Law on the Internet
    • Blockchain and web law
    • Online retail
    • Data protection Law
    • Copyright
    • Competition law
    • Copyright
    • EU law
    • Law on the protection of minors
    • Labour law
    • Tax
    • Kanzlei News
    • Other
  • Videos/Podcasts
    • Videos
    • Podcast
      • ITMediaLaw Podcast
      • ITMediaLaw Kurz-Podcast
  • Knowledge base
  • Contact
Kurzberatung
  • About lawyer Marian Härtel
    • About lawyer Marian Härtel
      • Ideal partner
      • About lawyer Marian Härtel
      • Video series – about me
      • Why a lawyer and business consultant?
      • Principles as a lawyer
      • Focus on start-ups
      • Nerd und Rechtsanwalt
      • Ideal partner
      • How can I help clients?
    • Über die Kanzlei
      • How clients benefit from my network of colleagues, partners and service providers
      • Quick and flexible access
      • Agile and lean law firm
      • Team: Saskia Härtel – WHO AM I?
      • Price overview
    • How can I help clients?
    • Sonstige Informationen
      • Einwilligungen widerrufen
      • Privatsphäre-Einstellungen ändern
      • Historie der Privatsphäre-Einstellungen
      • Privacy policy
    • Testimonials
    • Imprint
  • Leistungen
    • Focus areas of attorney Marian Härtel
      • Support with the foundation
      • Games law consulting
      • Advice in e-commerce
      • Support and advice of agencies
      • Legal advice in corporate law: from incorporation to structuring
      • Legal compliance and expert opinions
      • Streamers and influencers
      • Cryptocurrencies, Blockchain and Games
      • Outsourcing – for companies or law firms
    • Arbeitsschwerpunkte
      • Games and esports law
        • Esports. What is it?
      • Corporate law
      • IT/IP Law
      • Consulting for influencers and streamers
        • Influencer & Streamer
      • Contract review and preparation
      • DLT and Blockchain consulting
        • Blockchain Overview
      • Investment advice
      • AI and SaaS
  • Artikel/News
    • Langartikel / Guides
    • Law and computer games
    • Law and Esport
    • Law on the Internet
    • Blockchain and web law
    • Online retail
    • Data protection Law
    • Copyright
    • Competition law
    • Copyright
    • EU law
    • Law on the protection of minors
    • Labour law
    • Tax
    • Kanzlei News
    • Other
  • Videos/Podcasts
    • Videos
    • Podcast
      • ITMediaLaw Podcast
      • ITMediaLaw Kurz-Podcast
  • Knowledge base
  • Contact
ITMediaLaw - Rechtsanwalt Marian Härtel
Home Other

Cybersecurity tightening in 2025

10. October 2024
in Other
Reading Time: 5 mins read
0 0
A A
0
Cybersecurity tightening in 2025
Key Facts
  • New cybersecurity requirements: From August 2025, extended requirements will apply to hardware manufacturers, software developers, cloud services and mobile applications.
  • Network protection: Manufacturers must implement functions that prevent damage to communication networks and avoid faults.
  • Data protection: Proactive measures against unauthorized access require advanced encryption techniques and secure data transfer protocols.
  • Fraud protection: Integration of improved authentication mechanisms such as multi-factor authentication and biometric procedures is necessary.
  • API security: SaaS applications must implement secure authentication and regular security audits.
  • Extended liability: Providers can be held liable for security incidents if the new standards are not met.
  • Compliance monitoring: Establishing a system for continuous monitoring of the new security requirements is crucial.

As an IT lawyer with many years of experience in advising technology start-ups and SaaS companies, I would like to draw your attention to an important regulatory change that will come into force from August 2025. The EU is introducing new cybersecurity requirements that will have a significant impact on many of my clients. This tightening not only affects hardware manufacturers, but also has far-reaching consequences for software developers, cloud services and mobile applications.

Content Hide
1. Key points of the new requirements
2. Impact on SaaS developers and app providers
3. Legal implications for companies
4. Recommendations from a legal perspective
5. Conclusion and outlook

Key points of the new requirements

  1. Network protection: Manufacturers must implement functions that prevent damage to communication networks and do not impair the functionality of websites or services. This means that devices and software must be designed in such a way that they do not cause unintentional disruptions or overloads in networks. For SaaS providers, this could mean that they need to check and optimize their applications for potential negative effects on network infrastructures.
  2. Data protection: Measures must be introduced to prevent unauthorized access to or transfer of user data. This goes beyond the existing GDPR requirements and requires proactive technical solutions to protect personal data. For app developers, this may mean implementing advanced encryption techniques and secure data transfer protocols.
  3. Fraud protection: Integration of improved authentication mechanisms to minimize the risk of fraud in electronic payments and money transfers. This could require the introduction of multi-factor authentication, biometrics or other advanced identity verification methods.

Impact on SaaS developers and app providers

The new regulations have far-reaching implications for the entire tech industry:

  1. API security: SaaS applications and apps that communicate with other services via APIs must pay particular attention to the security of these interfaces. This includes:
    • Implementation of secure authentication mechanisms, such as OAuth 2.0 or JWT
    • Encryption of data transmission with current standards (e.g. TLS 1.3)
    • Regular security audits of the API endpoints
    • Implementation of rate limiting and anomaly detection
    • Use of API gateways for central management and monitoring
  2. Data protection during transmission: Apps must ensure that no unauthorized transmission of personal data takes place when communicating with devices or services. This requires:
    • End-to-end encryption for sensitive data
    • Implementation of data masking and tokenization
    • Strict control of data access rights within the application
    • Regular review and cleansing of databases
  3. Integrity protection: Developers must implement measures to protect the integrity of their applications and prevent them from being misused to disrupt networks or services. These include:
    • Implementation of code signing and integrity checks
    • Regular security updates and patch management
    • Use of web application firewalls (WAF) and intrusion detection systems (IDS)
    • Carrying out penetration tests and vulnerability analyses
  4. Extended authentication: Robust authentication mechanisms must be integrated, especially for applications that enable payments or money transfers. This includes:
    • Implementation of multi-factor authentication
    • Use of biometric procedures (e.g. fingerprint, facial recognition)
    • Behavior-based authentication and anomaly detection
    • Compliance with the PSD2 directive for strong customer authentication
  5. Cloud security: SaaS providers must review and secure their cloud infrastructures:
    • Implementation of zero-trust architectures
    • Encryption of data at rest and during transmission
    • Regular safety audits and compliance checks
    • Use of Cloud Access Security Brokers (CASB)
  6. IoT security: There are additional challenges for developers of IoT applications:
    • Secure firmware updates and patch management
    • Implementation of device authentication and authorization
    • Network segmentation and isolation of IoT devices
    • Monitoring and anomaly detection in IoT networks

Legal implications for companies

From a legal perspective, this has the following consequences:

  • Extended liability: SaaS providers and app developers could be held liable for security incidents caused by a lack of implementation of the new security standards. This could lead to increased claims for damages and reputational damage.
  • Documentation requirements: It will be necessary to comprehensively document compliance with security requirements, particularly in relation to API security and data protection measures. This requires the introduction of detailed logging and reporting systems.
  • Contract amendments: T&Cs and terms of use need to be revised to cover the new security features and obligations. This may also involve adapting service level agreements (SLAs) and data protection agreements.
  • Certification requirements: It is likely that new certification standards will be introduced to demonstrate compliance with cybersecurity requirements. Companies must prepare for complex certification processes.
  • Cross-border data transfers: The new requirements could have an impact on the permissibility of data transfers to third countries, requiring a review and possible adaptation of existing data transfer agreements.

Recommendations from a legal perspective

  1. Security audit: Conduct a comprehensive analysis of your applications and APIs to identify potential vulnerabilities. Hire external security experts for independent assessments.
  2. API security strategy: Develop a robust strategy to secure your APIs, including regular penetration tests and security updates. Implement an API management system for centralized control and monitoring.
  3. Data protection impact assessment: Review and update your DPIAs taking into account the new security requirements, especially with regard to data transfer between apps and devices. Also consider scenarios for data breaches and their legal consequences.
  4. Training courses: Sensitize and train your developer teams regarding the new legal requirements and technical implementations. Establish a continuous training program on cybersecurity topics.
  5. Contractual protection: Check contracts with third-party providers and service providers to ensure that they also comply with the new security standards. Implement liability distribution and indemnification clauses.
  6. Incident Response Plan: Develop a detailed plan for dealing with security incidents that takes legal, technical and communication aspects into account.
  7. Compliance monitoring: Establish a system to continuously monitor compliance with the new security requirements, including regular internal audits.
  8. Insurance cover: Check your existing cyber insurance policies and adjust them if necessary to cover the new risks.

Conclusion and outlook

The upcoming changes pose a significant challenge, but also offer opportunities to improve product safety and customer confidence. As a specialist IT lawyer, I strongly advise a proactive approach. Dealing with the new requirements at an early stage enables companies to minimize potential legal risks and gain a competitive advantage, and while implementing the new security standards will involve costs and effort, it can lead to an improved market position in the long term. Companies that adapt at an early stage can use this as a differentiating factor and strengthen the trust of their customers.I would be happy to support you in the legally compliant implementation of the new cybersecurity requirements. From analyzing your current situation to drafting adapted contracts and supporting the implementation process – my law firm is at your side with in-depth expertise. We offer tailor-made solutions that take into account both the legal and technical aspects of the new regulations, and let us work together to ensure that your company is optimally equipped for the regulatory challenges of the future. In an increasingly networked world, cybersecurity is becoming a decisive factor for business success. Take the opportunity to position yourself as a pioneer in security and compliance.

Tags: AnalyseAuthenticationBeratungCompetitive advantageComplianceCustomizationDeveloperEuGDPRHaftungLawyerManagementPrivacySaasserviceSicherheitSoftwareStartupsTechnologyVerträgeWebsites

Beliebte Beträge

The legal protection of a business plan

5b698c02ae6e02ed43d05d01c467b658
24. September 2024

A business plan is an indispensable strategic document for start-ups and company founders. It serves as a roadmap for business...

Read moreDetails

As a teenager, make e-sports men/streamers self-employed?

As a teenager, make e-sports men/streamers self-employed?
2. January 2020

The industry of streamers and e-sports enthusiasts is very young compared to other industries and therefore also for lawyers and...

Read moreDetails

European Accessibility Act and BFSG: Accessibility will be mandatory for websites, online stores & software from 2025

european economic interest grouping eeig
25. April 2025

Accessibility in the digital world is no longer just a voluntary option, but is becoming a legal obligation. The European...

Read moreDetails

Coalition agreement 2025: changes to commercial law for companies, the self-employed and investors

Coalition agreement 2025: changes to commercial law for companies, the self-employed and investors
9. April 2025

The 2025 coalition agreement of the (presumably) new federal government under the leadership of the CDU/CSU and SPD contains extensive...

Read moreDetails

Modern contract design 2025 in the influencer and agency business

Modern contract design 2025 in the influencer and agency business
7. April 2025

Influencer marketing and agency collaborations have gained enormously in importance in recent years. With new technologies, global networking and changing...

Read moreDetails

Influencers abroad: no free pass from German laws

Influencers abroad: no free pass from German laws
14. April 2025

Many influencers dream of escaping the German winter and their local obligations - be it to Dubai, Madeira or the...

Read moreDetails

Influencer agency contracts and Section 627 BGB: Effectively exclude termination in a relationship of trust

Influencer agency contracts and Section 627 BGB: Effectively exclude termination in a relationship of trust
12. April 2025

Contracts between influencers and their agencies or between managers and artists are often based on a close relationship of trust....

Read moreDetails

Liability when using VibeCoding and no-code platforms – implications for legal due diligence

Liability when using VibeCoding and no-code platforms – implications for legal due diligence
31. March 2025

VibeCoding describes a current trend in which software is no longer programmed manually, but is developed almost exclusively using AI...

Read moreDetails

The romanticization of the “fail fast” principle in startups – When does failure become deception towards stakeholders?

The romanticization of the “fail fast” principle in startups – When does failure become deception towards stakeholders?
3. April 2025

"Fail fast, fail often" - hardly any other motto characterizes the start-up culture as much as the idea of trying...

Read moreDetails

5.0 60 reviews

  • Avatar Lennart Korte ★★★★★ vor 2 Monaten
    Ich kann Herrn Härtel als Anwalt absolut weiterempfehlen! Sein Service ist erstklassig – schnelle Antwortzeiten, effiziente … Mehr Arbeit und dabei sehr kostengünstig, was für Startups besonders wichtig ist. Er hat für mein Startup einen Vertrag erstellt, und ich bin von seiner professionellen und zuverlässigen Arbeit überzeugt. Klare Empfehlung!
  • Avatar R.H. ★★★★★ vor 3 Monaten
    Ich kann Hr. Härtel nur empfehlen! Er hat mich bei einem Betrugsversuch einer Krypto Börse rechtlich vertreten. Ich bin sehr … Mehr zufrieden mit seiner engagierten Arbeit gewesen. Ich wurde von Anfang an kompetent, fair und absolut transparent beraten. Trotz eines zähen Verfahrens und einer großen Börse als Gegner, habe ich mich immer sicher und zuversichtlich gefühlt. Auch die Schnelligkeit und die sehr gute Erreichbarkeit möchte ich an der Stelle hoch loben und nochmal meinen herzlichsten Dank aussprechen! Daumen hoch mit 10 Sternen!
  • Avatar P! Galerie ★★★★★ vor 4 Monaten
    Herr Härtel hat uns äusserst kompetent in einen lästigen Fall mit META betreut. Er war effizient, beharrlich, aber auch mit … Mehr uns geduldig. Menschlich top, bis wir am Ende Dank ihm erfolgreich zum Ziel gekommen sind. Können wir wärmstens empfehlen. Und nochmals danke. P.H.
  • Avatar Philip Lucas ★★★★★ vor 8 Monaten
    Wir haben Herrn Härtel für unser Unternehmen konsultiert und sind äußerst zufrieden mit seiner Arbeit. Von Anfang an hat … Mehr er einen überaus kompetenten Eindruck gemacht und sich als ein sehr angenehmer Gesprächspartner erwiesen. Seine fachliche Expertise und seine verständliche und zugängliche Art im Umgang mit komplexen Themen haben uns überzeugt. Wir freuen uns auf eine langfristige und erfolgreiche Zusammenarbeit!
  • Avatar Mosaic Mask Studio ★★★★★ vor 5 Monaten
    Die Kanzlei ist immer ein verlässlicher Partner bei der Sichtung und Bearbeitung von Verträgen in der IT Branche. Es ist … Mehr stets ein professioneller Austausch auf Augenhöhe.
    Die Ergebnisse sind auf hohem Niveau und haben die interessen unsers Unternehmens immer bestmöglich wiedergespiegelt.
    Vielen Dank für die sehr gute Zusammenarbeit.
  • Avatar Mikael Hällgren ★★★★★ vor einem Monat
    I got fantastic support from Marian Härtel. He managed to get my wrongfully suspended Instagram account restored. He was … Mehr incredibly helpful the whole way until the positive outcome. Highly recommended!
  • Avatar Doris H. ★★★★★ vor 10 Monaten
    Herr Härtel hat uns bezüglich eines Telefonvertrags beraten und vertreten. Wir waren mit seinem Service sehr zufrieden. Er … Mehr hat stets schnell auf unsere E-mails und Anrufe reagiert und den Sachverhalt einfach und verständlich erklärt. Wir würden Herrn Härtel jederzeit wieder beauftragen.Vielen Dank für die hervorragende Unterstützung
  • Avatar Philipp Skaar ★★★★★ vor 8 Monaten
    Als kleines inhabergeführtes Hotel sehen wir uns ab und dann (bei sonst weit über dem Durchschnitt liegenden Bewertungen) … Mehr der Herausforderung von aus der Anonymität heraus agierenden "Netz-Querulanten" gegenüber gestellt. Herr Härtel versteht es außerordentlich spür- und feinsinnig, derartige - oftmals auf Rufschädigung ausgerichtete - Bewertungen bereits im Keim, also außergerichtlich, zu ersticken und somit unseren Betrieb vor weiteren Folgeschäden zu bewahren. Seine Umsetzungsgeschwindigkeit ist beeindruckend, seine bisherige Erfolgsquote = 100%.Ergo: Unsere erste Adresse zur Abwehr von geschäftsschädigenden Angriffen aus dem Web.
  • ●
  • ●
  • ●
  • ●

Video-Galerie

Middleware and game engines - legal pitfalls for game developers
Middleware and game engines – legal pitfalls for game developers
Am I the right person for you?
Am I the right person for you?
Copyright and computer games: Which rules really apply?
Copyright and computer games: Which rules really apply?
Dissent

Dissent

16. October 2024

Definition and legal basis: In German contract law, dissent refers to the lack of agreement between the contracting parties. It...

Read moreDetails
Cloud service contract

Cloud service contract

16. October 2024
Slicing the Pie

Slicing the Pie

27. June 2023
Why rules of procedure for managing directors in a GmbH can be useful

Business Angel

25. June 2023
Research tax allowance

Research tax allowance

16. October 2024

Podcast Folgen

c9c5d7fd380061a8018074c2ca5a81bf

Startups and innovation in Germany – challenges and opportunities

26. September 2024

This insightful podcast episode takes an in-depth look at the startup and innovation landscape in Germany and Europe. The discussion...

d00527fd01b1f807a4f80c0f202069e7

Legal basics for startup founders – how to start on the safe side!

9. November 2024

In this episode of the Itmedialaw podcast, lawyer and entrepreneur Marian Härtel takes you on a journey through the legal...

052c2ca5ca0421f0316b42073ce61791

Innovative business models – risk and opportunity at the same time

10. September 2024

In this exciting episode of our podcast, we take a deep dive into the world of innovative business models. Our...

d5e1e6cad87cb839a9e23af79034bd94

AI in the legal system: Towards a digital future of justice

16. October 2024

In this fascinating podcast episode, we take a deep dive into the world of artificial intelligence (AI) and its impact...

  • Home
  • Imprint
  • Privacy policy
  • Terms
  • Agile and lean law firm
  • Ideal partner
  • Contact
  • Videos
Marian Härtel, Rathenaustr. 58a, 14612 Falkensee, info@itmedialaw.com

Marian Härtel - Rechtsanwalt für IT-Recht, Medienrecht und Startups, mit einem Fokus auf innovative Geschäftsmodelle, Games, KI und Finanzierungsberatung.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
  • Contact
  • Leistungen
    • Support with the foundation
    • Focus areas of attorney Marian Härtel
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Games law consulting
    • Support and advice of agencies
    • Legal advice in corporate law: from incorporation to structuring
    • Cryptocurrencies, Blockchain and Games
    • Investment advice
    • Booking as speaker
    • Legal compliance and expert opinions
    • Legal advice in corporate law: from incorporation to structuring
    • Contract review and preparation
  • About lawyer Marian Härtel
    • About lawyer Marian Härtel
    • Agile and lean law firm
    • Focus on start-ups
    • Principles as a lawyer
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Why a lawyer and business consultant?
    • Focus on start-ups
    • How can I help clients?
    • Team: Saskia Härtel – WHO AM I?
    • Testimonials
    • Imprint
  • Videos
    • Video series – about me
    • Information videos – about Marian Härtel
    • Videos on services
    • Blogpost – individual videos
    • Shorts
    • Third-party videos
    • Podcast format
    • Other videos
  • Knowledge base
  • Podcast
  • Blogposts
    • Lange Artikel / Ausführungen
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Labour law
    • EU law
    • Corporate
    • Competition law
    • Copyright
    • Tax
    • Internally
    • Other
  • en English
  • de Deutsch
Kostenlose Kurzberatung