Leupold Legal supports manufacturers of products with digital elements, such as smart home appliances, smartphones, smartwatches, smart toys and computer games, in
Fulfilling their obligations to provide regular updates and disclose vulnerabilities in their products.
Leupold Legal advises the management bodies of essential and important entities on fulfilling their legal risk management and reporting obligations under the NIS2 directive. The number of obligated entities has increased from 1,900 to around 30,000, including but not limited to entities in the following sectors:
Companies can use the online check provided by the Federal Office for Information Security (BSI) to determine whether they are affected by the NIS2 directive. However, this is only an initial guide. The BIS recommends that affected companies seek external advice if necessary to identify any need for action.
The EU’s AI Act also imposes cybersecurity requirements. Leupold Legal tells you what needs to be done to comply.
Products that do not meet the relevant cybersecurity requirements can, under the new EU Product Liability Directive, trigger strict liability on the part of the manufacturer, importer and other economic operators for resulting damages.
This is of particular importance for software-as-a-service (SaaS) products, whose cybersecurity must be established for the entire duration of their use.
Leupold Legal will tell you what you need to do to achieve this and how you can avoid product liability in other cases by taking the right measures
Leupold Legal advises financial companies on compliance with their special IT security obligations under the European Digital Operational Resilience Act (DORA), which has been applicable since 17 January 2025. This includes, in particular, advice on the DORA requirements for