Contemporary legal advice combines sound specialist knowledge, responsiveness, constant consultation with the client and traditionally good legal craftsmanship - all this characterises Piltz Legal. We are active in the increasingly complex areas of digitisation and data protection law as well as in traditional, in particular international, contract, commercial and business law. IT security is a topic for you? For us too, from a legal point of view.

What does this mean for you? Precise advice and support on individual topics and a portfolio of options for your complex everyday business. We correspond in German, English and Spanish.

Data Protection

GDPR, ePrivacy, BDSG or TTDSG - we support you in fulfilling data protection obligations and find solutions with you.

IT Security

We advise you on the implementation of legal requirements for the protection of company information and (personal) data.

Procurement and
sales of goods,
Supply chains

UN Sales Law/CISG, Incoterms and foreign trade contracts keep us constantly busy.

IT Law

What do you have to pay attention to when using cloud service providers or outsourcing your IT? We support you in IT legal issues.

Law of the

Both the "Internet of Things" and the sale of "digital goods" are familiar legal terrain for us and part of our advisory spectrum.

Commercial and
Distribution Law

Cross-border contracts pose challenges not familiar from national transactions.


We support you in administrative law proceedings and represent your interests towards authorities. Our focus here is on data protection proceedings.

International dispute resolution, arbitration

Promising international prosecution requires prudent preliminary considerations.

Commercial Agent-

Distributors and commercial agents are internationally particularly protected business partners.


German Federal IT security authority publishes guidelines for AI developers

The German Federal Office for Information Security (BSI) is already providing support with a whole series of statements on the subject of artificial intelligence (partly even in English).

It is therefore all the more gratifying that the BSI has in the meantime also addressed the question of how developers can practically protect machine learning systems from the most relevant threats and take adequate protective measures in a guideline.

The BSI distinguishes between three central threats in its guideline: Evasion attacks, attacks that aim to extract information, and backdoor attacks. These attacks will be briefly presented and illustrated in the following.

Whistleblower protection and the right of access on a collision course – challenges in the parallel application of whistleblower protection and Art. 15 GDPR

The enactment and applicability of the German implementation law (“German Whistleblower Protection Act”) for the Whistleblowing Directive (Directive (EU) 2019/1937) is in sight even though the law was not passed yet because the “Bundesrat” did not agree to the text adopted by the “Bundestag”. It might still take some time until the two parliaments agree on a final text. However, there is time pressure due to Germany already falling far behind the deadline for the implementation of the European Directive. This also means that the legal obligation to set up an internal reporting channel is getting closer for very many German companies (all with generally at least 250 employees).

NIS-2 Directive: New provisions to strengthen cyber resilience and security

The Directive on measures for a high common level of cybersecurity across the Union ("NIS-2 Directive") published in the Official Journal of the European Union on December 27, 2022, aims to harmonize cybersecurity requirements in the EU and imposes new cybersecurity obligations on companies. It will replace the previously applicable NIS Directive.