• Mehr als 3 Millionen Wörter Inhalt
  • |
  • info@itmedialaw.com
  • |
  • Tel: 03322 5078053
Rechtsanwalt Marian Härtel - ITMediaLaw

No products in the cart.

  • en English
  • de Deutsch
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
    • Laws
    • Legal terms
    • Contract types
    • Clause types
    • Forms of financing
    • Legal means
    • Authorities
    • Company forms
    • Tax
    • Concepts
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
Kurzberatung
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
    • Laws
    • Legal terms
    • Contract types
    • Clause types
    • Forms of financing
    • Legal means
    • Authorities
    • Company forms
    • Tax
    • Concepts
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
Rechtsanwalt Marian Härtel - ITMediaLaw

Cybersecurity tightening in 2025

10. October 2024
in Other
Reading Time: 5 mins read
0 0
A A
0
Cybersecurity tightening in 2025
Key Facts
  • New cybersecurity requirements: From August 2025, extended requirements will apply to hardware manufacturers, software developers, cloud services and mobile applications.
  • Network protection: Manufacturers must implement functions that prevent damage to communication networks and avoid faults.
  • Data protection: Proactive measures against unauthorized access require advanced encryption techniques and secure data transfer protocols.
  • Fraud protection: Integration of improved authentication mechanisms such as multi-factor authentication and biometric procedures is necessary.
  • API security: SaaS applications must implement secure authentication and regular security audits.
  • Extended liability: Providers can be held liable for security incidents if the new standards are not met.
  • Compliance monitoring: Establishing a system for continuous monitoring of the new security requirements is crucial.

As an IT lawyer with many years of experience in advising technology start-ups and SaaS companies, I would like to draw your attention to an important regulatory change that will come into force from August 2025. The EU is introducing new cybersecurity requirements that will have a significant impact on many of my clients. This tightening not only affects hardware manufacturers, but also has far-reaching consequences for software developers, cloud services and mobile applications.

Content Hide
1. Key points of the new requirements
2. Impact on SaaS developers and app providers
3. Legal implications for companies
4. Recommendations from a legal perspective
5. Conclusion and outlook
5.1. Author: Marian Härtel

Key points of the new requirements

  1. Network protection: Manufacturers must implement functions that prevent damage to communication networks and do not impair the functionality of websites or services. This means that devices and software must be designed in such a way that they do not cause unintentional disruptions or overloads in networks. For SaaS providers, this could mean that they need to check and optimize their applications for potential negative effects on network infrastructures.
  2. Data protection: Measures must be introduced to prevent unauthorized access to or transfer of user data. This goes beyond the existing GDPR requirements and requires proactive technical solutions to protect personal data. For app developers, this may mean implementing advanced encryption techniques and secure data transfer protocols.
  3. Fraud protection: Integration of improved authentication mechanisms to minimize the risk of fraud in electronic payments and money transfers. This could require the introduction of multi-factor authentication, biometrics or other advanced identity verification methods.

Impact on SaaS developers and app providers

The new regulations have far-reaching implications for the entire tech industry:

  1. API security: SaaS applications and apps that communicate with other services via APIs must pay particular attention to the security of these interfaces. This includes:
    • Implementation of secure authentication mechanisms, such as OAuth 2.0 or JWT
    • Encryption of data transmission with current standards (e.g. TLS 1.3)
    • Regular security audits of the API endpoints
    • Implementation of rate limiting and anomaly detection
    • Use of API gateways for central management and monitoring
  2. Data protection during transmission: Apps must ensure that no unauthorized transmission of personal data takes place when communicating with devices or services. This requires:
    • End-to-end encryption for sensitive data
    • Implementation of data masking and tokenization
    • Strict control of data access rights within the application
    • Regular review and cleansing of databases
  3. Integrity protection: Developers must implement measures to protect the integrity of their applications and prevent them from being misused to disrupt networks or services. These include:
    • Implementation of code signing and integrity checks
    • Regular security updates and patch management
    • Use of web application firewalls (WAF) and intrusion detection systems (IDS)
    • Carrying out penetration tests and vulnerability analyses
  4. Extended authentication: Robust authentication mechanisms must be integrated, especially for applications that enable payments or money transfers. This includes:
    • Implementation of multi-factor authentication
    • Use of biometric procedures (e.g. fingerprint, facial recognition)
    • Behavior-based authentication and anomaly detection
    • Compliance with the PSD2 directive for strong customer authentication
  5. Cloud security: SaaS providers must review and secure their cloud infrastructures:
    • Implementation of zero-trust architectures
    • Encryption of data at rest and during transmission
    • Regular safety audits and compliance checks
    • Use of Cloud Access Security Brokers (CASB)
  6. IoT security: There are additional challenges for developers of IoT applications:
    • Secure firmware updates and patch management
    • Implementation of device authentication and authorization
    • Network segmentation and isolation of IoT devices
    • Monitoring and anomaly detection in IoT networks

Legal implications for companies

From a legal perspective, this has the following consequences:

  • Extended liability: SaaS providers and app developers could be held liable for security incidents caused by a lack of implementation of the new security standards. This could lead to increased claims for damages and reputational damage.
  • Documentation requirements: It will be necessary to comprehensively document compliance with security requirements, particularly in relation to API security and data protection measures. This requires the introduction of detailed logging and reporting systems.
  • Contract amendments: T&Cs and terms of use need to be revised to cover the new security features and obligations. This may also involve adapting service level agreements (SLAs) and data protection agreements.
  • Certification requirements: It is likely that new certification standards will be introduced to demonstrate compliance with cybersecurity requirements. Companies must prepare for complex certification processes.
  • Cross-border data transfers: The new requirements could have an impact on the permissibility of data transfers to third countries, requiring a review and possible adaptation of existing data transfer agreements.

Recommendations from a legal perspective

  1. Security audit: Conduct a comprehensive analysis of your applications and APIs to identify potential vulnerabilities. Hire external security experts for independent assessments.
  2. API security strategy: Develop a robust strategy to secure your APIs, including regular penetration tests and security updates. Implement an API management system for centralized control and monitoring.
  3. Data protection impact assessment: Review and update your DPIAs taking into account the new security requirements, especially with regard to data transfer between apps and devices. Also consider scenarios for data breaches and their legal consequences.
  4. Training courses: Sensitize and train your developer teams regarding the new legal requirements and technical implementations. Establish a continuous training program on cybersecurity topics.
  5. Contractual protection: Check contracts with third-party providers and service providers to ensure that they also comply with the new security standards. Implement liability distribution and indemnification clauses.
  6. Incident Response Plan: Develop a detailed plan for dealing with security incidents that takes legal, technical and communication aspects into account.
  7. Compliance monitoring: Establish a system to continuously monitor compliance with the new security requirements, including regular internal audits.
  8. Insurance cover: Check your existing cyber insurance policies and adjust them if necessary to cover the new risks.

Conclusion and outlook

The upcoming changes pose a significant challenge, but also offer opportunities to improve product safety and customer confidence. As a specialist IT lawyer, I strongly advise a proactive approach. Dealing with the new requirements at an early stage enables companies to minimize potential legal risks and gain a competitive advantage, and while implementing the new security standards will involve costs and effort, it can lead to an improved market position in the long term. Companies that adapt at an early stage can use this as a differentiating factor and strengthen the trust of their customers.I would be happy to support you in the legally compliant implementation of the new cybersecurity requirements. From analyzing your current situation to drafting adapted contracts and supporting the implementation process – my law firm is at your side with in-depth expertise. We offer tailor-made solutions that take into account both the legal and technical aspects of the new regulations, and let us work together to ensure that your company is optimally equipped for the regulatory challenges of the future. In an increasingly networked world, cybersecurity is becoming a decisive factor for business success. Take the opportunity to position yourself as a pioneer in security and compliance.

Marian Härtel
Author: Marian Härtel

Marian Härtel ist Rechtsanwalt und Fachanwalt für IT-Recht mit einer über 25-jährigen Erfahrung als Unternehmer und Berater in den Bereichen Games, E-Sport, Blockchain, SaaS und Künstliche Intelligenz. Seine Beratungsschwerpunkte umfassen neben dem IT-Recht insbesondere das Urheberrecht, Medienrecht sowie Wettbewerbsrecht. Er betreut schwerpunktmäßig Start-ups, Agenturen und Influencer, die er in strategischen Fragen, komplexen Vertragsangelegenheiten sowie bei Investitionsprojekten begleitet. Dabei zeichnet sich seine Beratung durch einen interdisziplinären Ansatz aus, der juristische Expertise und langjährige unternehmerische Erfahrung miteinander verbindet. Ziel seiner Tätigkeit ist stets, Mandanten praxisorientierte Lösungen anzubieten und rechtlich fundierte Unterstützung bei der Umsetzung innovativer Geschäftsmodelle zu gewährleisten.

Tags: AnalyseAuthenticationBeratungCompetitive advantageComplianceCustomizationDeveloperEuGDPRHaftungLawyerManagementPrivacySaasserviceSicherheitSoftwareStartupsTechnologyVerträgeWebsites

Weitere spannende Blogposts

Artificial intelligence (AI) for process automation

341a2ee477801be4d12fc33c1120d10e
4. July 2024

The introduction of artificial intelligence (AI) into business processes offers enormous opportunities to increase efficiency and competitiveness, but also presents...

Read moreDetails

LG Karlsruhe: Tagging photos without advertising label

Legal form as an influencer? A few hints!
21. March 2019

Influencer's decision-making around tagging brands on Instagram continues. And as has often been said here on the blog, the warning...

Read moreDetails

Liability for unsecured WLAN/gate exit node

ECJ: Advocate General assesses sampling as copyright infringement
7. November 2022

The German Federal Court of Justice has ruled that the operator of an Internet access via WLAN and a Tor...

Read moreDetails

What is the European Accessibility Act?

What is the European Accessibility Act?
7. November 2023

The European Accessibility Act (EAA) represents a transformative legislative initiative of the European Union that was launched with the ambitious...

Read moreDetails

Corono crisis: How can the tax office help?

7. November 2022

Currently, there are numerous programs designed to help the self-employed and businesses. You just have to care or be willing...

Read moreDetails

The Legal Questions Bot on ITMediaLaw.com: Now even smarter and more helpful!

Key Considerations When Offering an AI-Based Chatbot
15. September 2023

What's new? Content Awareness The bot already has a content awareness feature that allows it to understand the context of...

Read moreDetails

OnlyFans management contracts: What content?

OnlyFans management contracts: What content?
24. September 2024

OnlyFans has developed into one of the leading platforms for content creators in recent years. More and more artists are...

Read moreDetails

English version of the website

English version of the website
16. September 2019

In the last week I have invested a lot of work to make my website multilingual, so that all texts...

Read moreDetails

English version (of the homepage) complete

English version (of the homepage) complete
28. December 2022

I still have to tinker around for a while to fix some small bugs with the english version of the...

Read moreDetails
Eigentum an Software – Wem gehört eigentlich der Code?
Copyright

Eigentum an Software – Wem gehört eigentlich der Code?

14. July 2025

Während ich an meinem eigenen WordPress-Plugin code, taucht immer wieder eine Frage auf: Gehört mir diese Software wirklich? Im Alltagsverständnis...

Read moreDetails
Startup ohne Entwickler?

Startup ohne Entwickler?

8. July 2025
Keine stillschweigende AGB-Änderung – Schweigen gilt nicht als Zustimnung

Keine stillschweigende AGB-Änderung – Schweigen gilt nicht als Zustimnung

7. July 2025
So langsam nimmt der Shop Form an

So langsam nimmt der Shop Form an

3. July 2025
Dark Patterns: UX-Tricks im Visier von Gesetzgeber und Gerichten

Dark Patterns: UX-Tricks im Visier von Gesetzgeber und Gerichten

2. July 2025

Podcastfolge

“Digitales Recht Entschlüsselt” mit Rechtsanwalt Marian Härtel

“Digitales Recht Entschlüsselt” mit Rechtsanwalt Marian Härtel

25. September 2024

In diesem spannenden 30-minütigen Podcast entschlüsselt Rechtsanwalt Marian Härtel die komplexe Welt des digitalen Rechts für Selbstständige, Startups und Solopreneure....

Read moreDetails
Rechtliche Herausforderungen innovativer Geschäftsmodelle

Rechtliche Herausforderungen innovativer Geschäftsmodelle

26. September 2024
Der IT Media Law Podcast. Folge Nr. 1: Worum geht es hier eigentlich?

Der IT Media Law Podcast. Folge Nr. 1: Worum geht es hier eigentlich?

26. August 2024
Die Romantisierung des Prinzips ‘Fail Fast’ in Startups – Wann wird Scheitern zur Täuschung gegenüber Beteiligten?

Die Romantisierung des Prinzips ‘Fail Fast’ in Startups – Wann wird Scheitern zur Täuschung gegenüber Beteiligten?

20. April 2025
Rechtliche Risiken bei langen Entwicklungszeiten und der Stornierung von Crowdfundingspielen

Rechtliche Risiken bei langen Entwicklungszeiten und der Stornierung von Crowdfundingspielen

20. April 2025

Video

Mein transparente Abrechnung

Mein transparente Abrechnung

10. February 2025

In diesem Video rede ich ein wenig über transparente Abrechnung und wie ich kommuniziere, was es kostet, wenn man mit...

Read moreDetails
Faszination zwischen und Recht und Technologie

Faszination zwischen und Recht und Technologie

10. February 2025
Meine zwei größten Herausforderungen sind?

Meine zwei größten Herausforderungen sind?

10. February 2025
Was mich wirklich freut

Was mich wirklich freut

10. February 2025
Was ich an meinem Job liebe!

Was ich an meinem Job liebe!

10. February 2025
  • Privacy policy
  • Imprint
  • Contact
  • About lawyer Marian Härtel
Marian Härtel, Rathenaustr. 58a, 14612 Falkensee, info@itmedialaw.com

Marian Härtel - Rechtsanwalt für IT-Recht, Medienrecht und Startups, mit einem Fokus auf innovative Geschäftsmodelle, Games, KI und Finanzierungsberatung.

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
    • Laws
    • Legal terms
    • Contract types
    • Clause types
    • Forms of financing
    • Legal means
    • Authorities
    • Company forms
    • Tax
    • Concepts
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
  • en English
  • de Deutsch
Kostenlose Kurzberatung