From chaos to control: Compliance with DORA, NIS2 and the EU AI Act

February 13th, 2025 | Posted by Claude-Etienne Armingaud in Conference | Europe | France | IT | Legislation | Privacy - (0 Comments)

Streamline Compliance, Optimize Cybersecurity Risk, and Protect Your Business with a Unified Approach

It’s time to move beyond reactive risk management. This event series is dedicated to the cybersecurity and business continuity regulations DORA and NIS2 as well as the EU AI Act and how integrated risk management can help you stay compliant. 

Join our expert-led sessions to discover how Integrated Risk Management (IRM) is no longer a luxury, but a necessity for navigating today’s complex business environment. You will find out how you can move from a siloed approach to a more holistic management of risks weighing on your business.

During the webinar, our team of experts will be focussing in more detail on:

  • What NIS2, DORA and the EU AI Act mean in terms of compliance for businesses across Europe
  • Why Integrated Risk Management is a must for organizations who want to confidently navigate these regulatory challenges.

During our deminar session, find out how to focus on what matters and manage what counts. See NAVEX One in action!

Our team of experts will showcase a practical use case demonstrating

  • How to transition from inefficient spreadsheets to a fully integrated IRM system
  • What it needs to become compliant with NIS2, DORA and the EU AI Act
  • How your programme will be able to achieve measurable ROI and cost savings for your business.

Speakers

Jan Strappers

Jan Stappers

Regulatory Solution Director

NAVEX

Image of Jason

Jason Gottschalk

Partner – Cyber Security Practice

BDO LLP (London)

Claude-Etienne Armingaud

Partner

K&L Gates (Paris)

Dr. Ulrike Elteste

Counsel

K&L Gates (Frankfurt)

More information & registration here

C3PO: Competition and Consumer Convergence toward Privacy Operations

November 20th, 2024 | Posted by Claude-Etienne Armingaud in Competition | Conference | Europe | France | Privacy - (0 Comments)

Speakers:

Governments around the globe have turned their attention to the power of accumulated data, and to the use of competition law powers to enact legislative initiatives. From the EU’s Digital Markets Act and proposed Data Act, to the UK’s Data Protection and Digital Information Bill, laws addressing competition, privacy and wider data access issues are becoming increasingly intertwined. Privacy and competition regulators, alongside consumer protection agencies and associations, are working more closely together than ever before. The EU Court of Justice has been asked for clarity on how such regulators should interact going forward. In some countries, we are also seeing a testing of the use of competition mechanisms for bringing group actions on privacy issues. In this session, we will discuss the interactions between privacy, consumer protection and competition, and how these are likely to shape compliance tactics, litigation strategies and regulatory interactions going forward.

What you will learn:

  • Privacy compliance efforts necessitate a multifaceted strategy.
  • Data sharing” between authorities can put companies at risk of multi-front enforcement actions.
  • Best line of defense remains documentation and communication.

Influenced by Influencers? Legislative Updates to Illegal Content in the Digital Age

June 10th, 2024 | Posted by Claude-Etienne Armingaud in France | Legislation | Non classé - (0 Comments)

Recent legislative updates have emerged in France, focusing on the intricate balance between national regulation and European Union directives —especially relevant to the evolving sector of commercial influence. The French law no. 2024-356, passed on 22 April 2024 (“DADDUE Law”), has granted the government a nine-month window to modify previous statutes to align with European standards.

The DADDUE Law will harmonize French national law (notably Law no. 2023-451 on the Regulation of commercial influence of 09 June 2023, see our previous post on this topic) with various European texts, including the e-commerce directive and directives like the DSA and SMA.

Among the articles set for revision are:

  • Article 1 regarding the definition of influence;
  • Article 2 on influencers’ agents;
  • Article 4 on prohibited sectors of promotion;
  • Article 5 on advertising disclosure requirements;
  • Article 8 on the framework of contracts between influencers and agents; and
  • Article 9 on insurance mandates for non-European influencers.

This underscores an initiative to refine the French national law on commercial influence in response to feedback from the European Commission.

The DADDUE Law will also repeal five articles within the prior law (articles 10, 11, 12, 15, and 18) that intersect with the Digital Services Act (DSA), on the obligations for hosting providers to implement alert systems for reporting illegal content and to comply promptly with legal and administrative injunctions to remove such content.

Furthermore, a government report will be presented within the next three months to address the necessary adjustments to Law no. 2023-566 on setting a digital majority age and battling online hatred, again drawing on remarks from the European Commission.

The path paved by the Law of 22 April 2024 requires a meticulous approach to legislative adaptation, ensuring that national regulations resonate with broader, collective European goals. This development is pivotal for professionals within the digital influence sphere and platforms hosting user-generated content, who must stay abreast of the changing legal landscape to sustain compliance and foster responsible online interactions.

First publicationK&L Gates Fashion Law Watch Blog – in collaboration with Kenza Berrada

Decree No. 2024-388 and Its Implications for Intermediation Platforms

June 10th, 2024 | Posted by Claude-Etienne Armingaud in France | Legislation | Privacy - (0 Comments)

Digital intermediation service platforms within the sectors of chauffeur-driven transportation and goods delivery have new responsibilities since the enactment of Decree no. 2024-388 on 25 Avril 2024. Operating under the framework established by Article L. 7345-1 of the French Labor Code, this Decree has initiated a systematic collection and transmission protocol for data concerning platform workers’ activities to the French Employment Platforms Social Relations Authority (“ARPE”).

This new system aims to bolster the production of statistical reports, as instrumental means to inform and transform the dialogue with the representative organizations.

Along these lines, platforms hold an equally important responsibility to revise their privacy notices. Transparency is paramount—the notices must clearly articulate these new data processing operations to the individuals concerned, ensuring that workers are fully aware of how their personal data is captured, utilized, and shared.

The implementation of Decree no. 2024-388 also signals a proactive step towards enhancing social dialogue tools within the affected sectors. Empowering ARPE to collect and leverage the data within its statutory power creates an opening for more informed policy-making and a more significant discourse between platforms, workers, and representative organizations.

The inception of the Decree manifests a shift towards a more transparent and regulated digital labor market. It requires those in authority—data controllers and intermediation platforms alike—to engage in a comprehensive update of operational protocols and privacy frameworks, thereby securing data subject rights while contributing to a broader socio-economic analysis. Such task will necessitate a keen understanding of both legal obligations and the ethical standards underscoring the digital economy.

The crucial evolution underlying the enactment of the Decree will require Platforms acting as data controllers to update in alignment their records of processing activities (RoPA) and meticulously document the nature, purpose, scope of data processed and the operational procedures for transferring requisite data to the ARPE.

First publicationK&L Gates Cyber Law Watch Blog– in collaboration with Kenza Berrada

France: Shrinkflation – New Transparency Requirements for Retailers

June 10th, 2024 | Posted by Claude-Etienne Armingaud in eCommerce | France | Legislation - (0 Comments)

A new regulatory landscape will reshape the food retail distribution in France starting from 01 July 2024, generalizing a mandatory obligation to inform consumers on product quantity changes and price trends. The decree, published on 04 May 2024, outlined crucial requirements for retailers, ensuring that consumers are not left in the dark when it comes to alterations in product sizes or volumes.

Indeed, the phenomenon, also known as “shrinkflation”—a reduction in weight or volume of prepackaged mass-market products and the upward trend in the price of the product per unit of measurement— must be clearly communicated to the consumer. This communication must detail the decreased quantity and any corresponding rise in unit price, allowing consumers to make informed decisions.

The mandate extends across both food and non-food commodities marketed in consistent amounts, such as weight or volume. Nevertheless, products sold in varying quantities or non-prepackaged formats do not fall under this umbrella.

Pursuant to Article L. 112-1 of the French Consumer Code (“FCC”), provides the legislative framework for these requirements, while Article L. 521-1 FCC empowers the French administrative authority Direction Générale de la Concurrence et de la Répression des Fraudes (“DGCCRF”) with policing power to enforce compliance.

Non-compliance carries substantial financial penalties—a maximum fine of €3,000 for individuals and €15,000 for corporations. Furthermore, the DGCCRF has the right to implement corrective measures and publish the infringement at the expense of the offending business, as per Article L. 521-2 FCC.

These provisions mark a significant step towards greater transparency in market sales, empowering consumers with information to navigate their purchases effectively amidst evolving market conditions. Retailers should prepare to integrate these changes into their operations, ensuring clarity and compliance as the decree takes effect on 01 July 2024.

First publication: pending – in collaboration with Kenza Berrada

Legal 500 Rankings 2024 – Data Privacy and Data Protection – Tier 2 & Leading Individual – France

March 27th, 2024 | Posted by Claude-Etienne Armingaud in France | Privacy | Rankings - (0 Comments)

The ‘young and innovative team’ at K&L Gates LLP has a strong reputation in the market for its ability to handle data protection liability issues in M&A transactions and global data protection compliance mandates. Areas of activity for the practice include machine learning, autonomous driving and blockchain-based services. Claude-Étienne Armingaud heads up the team and is described as a ‘fount of knowledge on the subject of privacy and data protection‘. He is frequently sought out by clients from the software industry for assistance with cross-border technology transactions.

Leading individuals: Claude-Etienne Armingaud – K&L Gates LLP

Practice head(s): Claude-Etienne Armingaud

Other Key Lawyer(s): Camille Scarparo

(more…)

, ,

Who’s Who Legal – Data Privacy & Protection | Information Technology

December 29th, 2023 | Posted by Claude-Etienne Armingaud in France | IT | Non classé | Privacy | Rankings - (0 Comments)

New ranking in Who’s Who Data 2024 as Recommended in the Data Privacy & Protection and Information Technology categories.

French Parliament Takes Steps to Regulate NFT Games

October 31st, 2023 | Posted by Claude-Etienne Armingaud in Blockchain | France | Intellectual Property | IT | Legislation | Non classé - (0 Comments)

On 18 October 2023, the French National Assembly voted in favour of a law aiming to secure and regulate the digital space (“Loi visant visant à sécuriser et réguler l’espace numérique” or “SREN”), otherwise called the “Sorare Act.” This new development marks a first step towards the establishment of a regulatory framework dedicated to games integrating non-fungible tokens (NFTs) and monetisation models based on digital assets.

These new provisions are aimed at the creation of a new category of games under French law called games with monetisable digital objects (“jeux à objets numériques monétisables” or “JONUM”). This new regime will enter into force ‘on an experimental basis and for a period of three years’ from the promulgation of the law and will authorise Web3 games with monetisable digital objects (including NFTs).

The Sorare Act defines JONUMs as “game elements, which only confer on players one or more rights associated with the game, and which may be transferred, directly or indirectly, for consideration to third parties,” while excluding digital assets covered by 2° of Article L. 54-10-1 of the French Monetary and Financial Code.

France is one the first jurisdictions in the world to create a specific regime for companies using NFTs as part of their games and the objective is to provide certainty to the industry.

Please reach out to our team if you need further information on this new development. 

First publication: K&L Gates Hub, in collaboration with Lucas Nicolet-Serra

France’s Digital Influencer Regulation: Whether you like it or not, you’ll need to subscribe to those changes!

October 3rd, 2023 | Posted by Claude-Etienne Armingaud in eCommerce | France | internet | Legislation | Marketing | Non classé | Social Networks - (0 Comments)

Amidst a sudden increase in paid-for posts that went viral for dubious products and services, France has taken a significant step toward the regulation of influencer communication. The Act no. 2023-451 (Influencers Act), which came into effect on 9 June 2023, aims not only to protect consumers but also to support the influencers, in order to foster the healthy growth of this ecosystem. France is now the first European Union (EU) country to implement a thorough framework regulating commercial influence.

Background information

Digital influencers have changed the way companies can promote their products and services, from beauty and fashion to technology, notably by blurring the lines between commercial advertising and genuine consumer reviews.

Between 8 to 31 January 2023, the French Ministry of the Economy conducted a public consultation on the influencer ecosystem, to evaluate of the contemplated regulation, which received an overwhelming support from the panels.

Key provisions beating on influencers

General ban on certain communications

The following communications are explicitly banned from any influencer communication:

  • Cosmetic surgery and procedures;
  • Alternative therapeutic technics;
  • Nicotine-based products;
  • Non-domestic animal trade.
  • Certain financial services, notably as they pertain to blockchain-based services (e.g. NFT); and
  • Online gambling and betting;

With regard to the latter, the communication remains possible provided that it occurs exclusively on platforms restricted to adults over the age of 18 and subject to the usual specific disclaimer pertaining to the advertising of such services.

Mandatory labeling

The Influencers Act requires influencers to label:

  • Their promoted posts with the mention “advertisement” or “commercial collaboration” in a clear, legible and identifiable manner to avoid falling under misleading commercial practices further to Art. L. 121-3 of the French Consumer Code (“FCC”).

Influencers failing to comply with this obligation face up to 300,000 euros in fines and up to two years of imprisonment (Art. 5 Influencers Act).

  • The pictures (still or moving) they post and which have been
    • edited to enlarge or refine the general appearance or modify the appearance of the model’s face to clearly include the “Retouched images” mention; or
    • generated through artificial intelligence (AI), notably generative AI (gen AI) to clearly include a “Virtual image” disclaimer

Influencers failing to comply with this obligation face up to 4,500 euros in fines and up to one year of imprisonment (Art. 5 Influencers Act).

Drop-shipping

In case of sales of goods through a third party (so-called “drop-shipping” practices), influencers will need to abide by obligations of transparency about the identity of the supplier, pursuant to Art. L. 221-5 of the FCC and will bear the liability relating to the legality and availability of the promoted products.

Content moderation and insurance

Influencers based outside of the European Economic Area or Switzerland but directing their activities to a French audience are required to appoint a legal representative in the EU, as well as to subscribe to a dedicated insurance covering the potential damage resulting from their activities.

Key provisions bearing on platforms used by influencers

Further to the entry into force of the European Regulation no. 2022/2065 on a Single Market for Digital Services (Digital Services Act or DSA) on 25 August 2023, the Influencers A amended the Act no. 2004-575 of 21 June 2004 for trust in the digital economy (Loi pour la Confiance dans l’Économie Numérique or LCEN) increasing the burden on digital platforms, notably for such platforms which allow influencers to conduct their activities.

These platform now have the obligation to promptly remove any illegal content which would be notified through the “trusted flaggers” introduced under Art. 22 DSA.

Key provisions bearing on brands

  • The Influencers Act now mandate a written contract between the influencer and the advertised brands, or their respective representatives. This contract, which must imperatively be subject to French law, must include:
  • The identity of the parties, including their domiciliation for tax purposes;
  • The detailed nature of the influence services;
  • The financial compensation or any equivalent advantage resulting from the influence services;
  • As the case may be, any provision pertaining to intellectual property.

With regard to liability on the influence services, a joint and several liability between the brand and influencer has been implemented, rendering the brand de jure liable for any damage caused to third party.

Enforcement of the Influencers Act

Just prior to the summer holidays, the French Ministry of the Economy appointed a team of 15 agents responsible for monitoring social networks and responding to complaints.

In parallel, the French Directorate General for Consumer Affairs, Competition and Fraud Prevention (“DGCCRF”) audited fifty influencers in the first quarter of 2023, resulted in 60% of the audited influencers to be found in breach of the then-current (and pre-Influencers Act) misleading commercial practice framework.

These findings led to eighteen injunctions to cease illicit practices and sixteen criminal reports. In the following context, in July, the DGCCRF published a code of conduct for influencers and content creators in July, explaining their duties and obligations in accessible language.

Whether you are a brand considering hiring the services of influencers or an influencer yourself, the K&L Gates Luxury Product & Fashion team remains at your disposal to assist you in your compliance with the new French framework.

First publication: K&L Gates Fashion Law Watch Blog in collaboration with Camille Scarparo.

, , , ,

Leaders League Ranking 2023 – Intellectual property – Trademark litigation – France

October 3rd, 2023 | Posted by Claude-Etienne Armingaud in France | Intellectual Property | Rankings | Trademarks - (0 Comments)

K&L Gates ranked “Recommended” with Claude-Etienne Armingaud.

Source: Leaders League

(more…)

, , , ,