For operators of critical infrastructures, such as energy suppliers, but also cloud providers, it is imminently clear that IT security also has a legal component. But also for other providers, such as SaaS (Software as a Service), online shops and web portals, it is important that the focus is not only on the technical aspects of IT security and the threat of cybercrime, but also on possible legal consequences and the corresponding risk minimisation.

As a law firm specialising in data protection, IT law and IT security law, Piltz Legal advises and accompanies you both in the analysis, drafting of appropriate security measures and contractual texts and in legal disputes. Moreover, with the corresponding technical and content-related understanding.

Our view is directed in three directions.

Firstly, the regulations vis-à-vis your customers, from the offer to the contracts, data protection declarations to service level agreements and software contracts.

On the other hand, your internal regulations, for example corresponding company guidelines, confidentiality agreements and contracts with subcontractors and IT partners.

And last but not least, legal risk minimisation against attacks by unauthorised third parties and precautions in the event of possible damage.

Our goal: to identify risk factors from a legal perspective and with an understanding of technology and to contribute in the best possible way to safeguarding your business.

  • Review of existing contracts, legal texts and regulations
  • Advice and support for projects
  • Contract offers and customer contracts
  • Support in the creation of IT security guidelines
  • Legal assessment of the legal security requirements applicable to you
  • Internal processing of security breaches
  • Examination of possible reporting obligations to authorities

Your Piltz Legal contacts

Business Lawyer, Counsel
Philipp Quiel, LL.M.
Business Lawyer, Counsel
Philipp Quiel, LL.M.
Lawyer, Senior Associate
Johannes Zwerschke, LL.M.
Lawyer, Senior Associate
Johannes Zwerschke, LL.M.


Whistleblower protection and the right of access on a collision course – challenges in the parallel application of whistleblower protection and Art. 15 GDPR

The enactment and applicability of the German implementation law (“German Whistleblower Protection Act”) for the Whistleblowing Directive (Directive (EU) 2019/1937) is in sight even though the law was not passed yet because the “Bundesrat” did not agree to the text adopted by the “Bundestag”. It might still take some time until the two parliaments agree on a final text. However, there is time pressure due to Germany already falling far behind the deadline for the implementation of the European Directive. This also means that the legal obligation to set up an internal reporting channel is getting closer for very many German companies (all with generally at least 250 employees).

NIS-2 Directive: New provisions to strengthen cyber resilience and security

The Directive on measures for a high common level of cybersecurity across the Union ("NIS-2 Directive") published in the Official Journal of the European Union on December 27, 2022, aims to harmonize cybersecurity requirements in the EU and imposes new cybersecurity obligations on companies. It will replace the previously applicable NIS Directive.


Cyber Resilience Act - Overview of new cybersecurity requirements for products with digital elements

In September 2022, the European Commission published its proposal for the Cyber Resilience Act ("CRA", Regulation of the European Parliament and of the Council on horizontal cybersecurity requirements for products with digital elements and amending Regulation (EU) 2019/1020).