IT Law
Telecommunication and Media Law
Data Protection and IT-Security

IT Law

IT law encompasses, on the one hand, classic IT contract law (for example, in outsourcing, ASP/cloud computing/SaaS, data center, and hosting contracts – including the necessary SLAs) and, on the other hand, software contracts for the creation or procurement of hardware and software. Increasingly, however, new European regulations such as the Data Act, the Cyber Resilience Act (CRA), and the Artificial Intelligence Act (AI Act) are shaping the legal framework. In parallel, data protection issues and IT security (for instance, through the NIS-2 Directive) are moving massively into focus.

Contract drafting is the high art of legal craftsmanship, which is especially true in this dynamic environment. This is because many problems here have not been resolved by case law, and the literature has often not yet found an answer to completely new questions of the digital decade. This makes our experience and ability to communicate with our clients, as well as the technical understanding so urgently needed in the IT sector, all the more helpful. We accompany projects and contracts from the very beginning, but we also help with problems (for example, regarding warranty, damages, or cyber incidents) or represent you in the enforcement of your rights. We have many years of experience in contract drafting and litigation (including arbitration proceedings).

In practice, IT law regularly means: projects. In such projects, we advise and support you from the very beginning, based on our many years of experience and our deep technical and economic understanding. Ideally, legal support should begin with your business idea or the conceptualization of a new product (e.g., with networked IoT devices or the use of artificial intelligence) – entirely in the spirit of "Compliance by Design". But at the latest when a draft contract, a risk assessment according to new regulatory requirements, or an intensive contract review becomes necessary, we stand strategically by your side. 

Advice and Support

Contract Design

Contracts are of enormous importance, especially in the IT sector: on the one hand, the increasing relevance of IT requires a reliable legal basis; on the other hand, cutting-edge topics – such as data access rights under the Data Act or the use of generative AI – lack established case law, which makes concrete contractual agreements essential.

For us, drafting IT contracts means analyzing, discussing, preparing, and writing down what our clients want, supported by our technical understanding, and constructively balancing this with the interests of the contracting party. We draft and negotiate individual contracts for software projects, outsourcing, cloud services, as well as general terms and conditions (e.g., for software providers or purchasing GTCs). In doing so, we seamlessly integrate new regulatory obligations, such as securing IT supply chains in accordance with the CRA or transparency obligations when using AI. 

Nobody likes to litigate, and for us too, lawsuits are only a means of last resort. But if they (must) be conducted, then we conduct them competently and consistently. This means that we present the facts comprehensibly to the courts, which are often not well-versed in highly complex IT matters or new regulatory frameworks, and we thoroughly penetrate the legal issues. We determine the approach and tactics together: For successful litigation, trusting cooperation with the client as a team and mutual communication are essential – only in this way can proceedings before courts, in arbitration, or in disputes with supervisory authorities be successful.

Litigation

Project experience

  • IT Contract Law & Ongoing Consulting: Continuous ongoing consulting of clients in IT law, namely in the drafting and negotiation of contracts (especially hosting/housing, outsourcing, ASP/SaaS, data center, and software project contracts). We perform this work for customers as well as for software houses/service providers, so we know both sides of the business respectively the market very well.
  • General Terms and Conditions (GTCs): Regular support in the creation, review, and new development of IT GTCs (GTCs of software houses and IT service providers, purchasing GTCs for IT services from customers, etc.); most recently, for instance, for a telematics SaaS solution.
  • Cloud Computing & Storage: Extensive support of clients as customers of various cloud/storage solutions (such as Amazon Web Services, Google Apps, and MS Azure), most recently in the awarding of storage-on-demand for a large billing service provider.
  • Data Act: Consulting and contract adjustments in the course of the European Data Act, in particular regarding the contractual design of data access and data usage rights as well as the requirements for changing providers (cloud switching).
  • AI Act: Assisting companies with the legally compliant implementation and use of Artificial Intelligence, including the risk classification of AI systems according to the AI Act as well as the drafting and introduction of internal company AI guidelines (AI Governance).
  • Litigation: Various large court proceedings in the field of IT contract law, most recently, for example, a lawsuit for damages (eight-figure range) arising from a failed ERP implementation project of a medium-sized enterprise as well as (in a similar amount) of a DAX-listed corporate group arising from a failed outsourcing project.
  • IT Public Procurement Law: Advising the public sector on the awarding and negotiation of IT contracts.
  • Data Protection Law & IT Compliance: Regular consulting of numerous clients on data protection issues according to the GDPR, the current Federal Data Protection Act (BDSG), and the TDDDG (Telecommunications-Digital Services Data Protection Act, formerly regulated in the TMG and TKG); preparation of expert opinions, execution of data protection audits, and support in the area of IT compliance and security, including acting as an external data protection officer at software houses and medium-sized enterprises (see also Data Protection Law).
  • NIS-2 Directive: Advising on the implementation of the stricter cybersecurity and reporting obligations under the NIS-2 Directive, including the review and adaptation of contracts along the IT supply chain as well as legal safeguarding when using external Managed Security Service Providers (MSSP).
  • Cyber Resilience Act (CRA): Supporting hardware and software manufacturers in preparing for the Cyber Resilience Act (CRA), specifically in implementing the "Security by Design" requirements and contractually securing the software supply chain.
  • Strategic Consulting & Used Software: Consulting on the handling and trading of used software as well as strategic consulting for IT startups.

*(Selection)*

  • Pre- and post-contractual obligations in the IT contract – Part II: post-contractual obligations, CR 2015, 277 (Schuster/Hunzinger)
  • Pre- and post-contractual obligations in the IT contract – Part I: pre-contractual obligations, CR 2015, 209 (Schuster/Hunzinger)
  • Law re. electronic media, 3. Edition 2015 (Spindler/Schuster)
  • Demarcation of services in IT contracts, CR 2013, 690 (Schuster)
  • Liability, reimbursement and rescission in IT contracts, CR 2011,4 (Schuster)
  • Cloud computing & Saas: What are the really new questions?, CR 2010, 1 (Schuster)
  • Legal nature of Service Levels in IT contracts, Cr 2009, 205 (Schuster)
  • Compendium on Telemedia Contracts, Munich 2001 (Schuster)
  • Disturber Liability of search engine operators for snippets, CR 2007, 443 (Schuster)
  • Developments of Internet-, Multimedia and Telecommunication Laws, Years 1999 to 2006, MMR enclosures 5/2007, 5/ 2006, 5/ 2005, 4/ 2004, 5/ 2003, 3/ 2002, 7/ 2001, 10/ 2000 (Schuster/ Kubach (formerly: Dierking) et al)

(Selection)

Publications