IT law

AI has long been used in many areas within organisations: in HR, marketing, software development, customer service, legal, procurement and management. Whilst this often promises significant efficiency gains or better results, it is not uncommon for it to be accompanied by shadow AI, unclear tool approvals, data protection risks, copyright issues and uncertainty amongst staff. At the same time, legal regulation is becoming more concrete. The AI Regulation not only requires an assessment of legal risks but also mandates, depending on the risk class, documented decisions, robust processes, clear roles and AI expertise within the organisation.

Access controls via facial scanning, age verification in e-commerce, voice recognition in customer service, or emotion analysis in video calls – there are many practical applications for biometric systems in business. Artificial intelligence (AI) makes many of these systems better, faster and more effective. But the use of AI in conjunction with biometric data is not only drawing the attention of data protection authorities – against the backdrop of the AI Regulation (AI-VO), many companies are faced with the question: Which biometric applications are prohibited under the AI-VO, which are considered high-risk, and when do ‘mere’ transparency obligations apply?

First (00:38), Dr Stefan Brink and Prof Niko Härting discuss the coalition agreement of Baden-Württemberg’s new state government, which provides for staff cuts of up to 40 per cent at the State Data Protection Commissioner’s office. One of the reasons given for this is a planned centralisation within the Federal Data Protection Commissioner’s office. Robbing Peter to pay Paul? Subsequently (11:02), Härting and Brink discuss a ruling by the Berlin Administrative Court dated 6 May 2026, ref. VG 42 K 73/25, which confirmed the legality of ID checks and video surveillance at Berlin’s summer swimming pools. Finally (21:21), the topic is freedom of the press and freedom of expression. The Federal Court of Justice (BGH) dismissed a lawsuit brought by the betting provider Tipico against Der Spiegel. Tipico sought to challenge the statement: “Four men from Karlsruhe founded and built up the company; they pushed the boundaries of what is legally permissible and went beyond them.” Brink finds the decision unsettling, whereas Härting considers it well-founded.

This year’s Copyright Conference organised by the Swiss Forum for Communications Law, which will take place on 16 June 2026 in Bern, is themed ‘From Copyright to Media Regulation?’ and will examine the increasing regulatory density in the digital environment. Whilst traditional copyright law has historically focused on exclusive rights and individual enforcement, current developments show a clear shift towards specific obligations of conduct and action for digital intermediaries.

Article 50 of the AI Regulation stipulates that, from August 2026, certain AI-related content must be labelled (find out more here). There is considerable uncertainty as to what constitutes a ‘deepfake’ that is subject to this labelling requirement.

In episode 43 of the Data Navigator podcast, Dr Martin Schirmbacher, partner and specialist solicitor in IT law at HÄRTING Rechtsanwälte, and Dr Hubertus von Roenne, partner at the strategy consultancy Upgrade, speak with Dr Matthias Nachtmann about the use of data in agriculture. Matthias Nachtmann is the founder and chairman of Friends of Digital Farming, an association promoting the digitalisation of agriculture and food. In the discussion, he explains how data usage currently works in agriculture and what conditions are needed for a functioning data economy in the agri-food sector. Among other things, the discussion addresses why farmers today are often faced with differing data requests from various customers, the role of common rules for data exchange, and why data only scales when it delivers concrete productivity benefits to farms. Other topics covered in the episode include process data and location data in the field, the example of nitrogen with varying requirements across different federal states, and the question of who should define the ‘traffic rules’ for a functioning data economy. Federalism and its impact on innovation in the agricultural sector are also discussed. Further information on digital farming Consultancy and strategy on digital farming by Dr Matthias Nachtmann Friends of Digital Farming Fraunhofer IESE: Digital Farming / Smart Farming Chair of Digital Farming at RPTU GeoBox Rhineland-Palatinate Further podcast episodes on data in the agricultural sector Episode 38: The Data Act from a machinery manufacturer’s perspective with Georg Larscheid from Claas Episode 34: The Data Act from a farmer’s perspective with farmer Dag Frerichs Episode 24: What does the Data Act mean for the agricultural sector? with Prof. Dr Reinhard Grandke All previous episodes of the Data Navigator podcast on the Data Act Data Navigator Newsletter Using data: New every two weeks. Subscribe to the Data Navigator Newsletter now. General information on the Data Act The Data Act as adopted by the Council of the European Union on 27 November 2023 FAQ on the Data Act: “You ask, we answer: How the Data Act affects your business!”

The “Green Deal” – personally announced by Ms von der Leyen in 2019 – promised great things: climate neutrality by 2050, emissions trading and billions in financial support. Now, the “Empowering Consumers” Directive (EmpCo, 2024/825) marks another milestone in the fight against climate change. At least, that is how the Commission sees it. In addition to banning misleading green claims, the directive sets out comprehensive new information requirements for traders. These are to be transposed into national law by March 2026 and will apply from the end of September 2026. Specifically, for the purpose of informing consumers, this concerns information on statutory warranty rights and voluntary manufacturer guarantees.

The latest podcast with Stefan Brink and Niko Härting focuses on appropriate and inappropriate conduct by public authorities. We begin (00:35) by discussing the misconduct of the Federal Government Commissioner for Culture and the Media. In the run-up to the awarding of the German Booksellers’ Prize for 2025, the BKM had three bookshops removed from the jury’s shortlist in January 2026. In an interview with Die Zeit, he commented, among other things: “If the state awards prizes and uses taxpayers’ money, it cannot do so for political extremists.” The urgent application filed against this decision with the Berlin Administrative Court was successful; it was found that there was no reliable factual basis for the label “extremists”, and that it exceeded the bounds of the requirement for objectivity applicable to official statements. Niko and Stefan then (10:00) discuss a guide to data protection impact assessments (Art. 35 GDPR, templates and explanations), on which the European Data Protection Board (EDPB) has launched a public consultation. Finally (22:20), the discussion turns to a decision by the Ansbach Administrative Court dated 2 February 2026. The claimant sought supervisory action by the defendant, the Bavarian State Office for Data Protection Supervision (LDA), regarding allegedly illegal video surveillance. In its final notice, the LDA informed the claimant that it would not take any supervisory measures against the controller. The video surveillance, as reported to the LDA, was not unlawful under data protection law. The claim was unfounded; the Administrative Court also found no breach of the GDPR by the impeccable Ministry.

In this episode, Brink and Härting discuss the Federal Ministry of Justice’s draft bill on strengthening civil and criminal law protection against digital violence. First, from minute 00:39, Dr Brink and Prof Härting explain what the legislature means by ‘digital violence’ and, from minute 02:52, begin by critically examining the criminal law section of the draft. To what extent is the draft compatible with the principle of the ‘ultima ratio’ in criminal law? Subsequently, from minute 16:11, Brink and Härting examine the question of whether the draft’s civil law proposals are compatible with the DSA (Digital Services Act). From minute 20:47, the focus is particularly on the judicial blocking of user accounts provided for in the draft. Finally, from minute 26:30, they discuss the draft’s provisions on claims for information against service providers and the associated orders to preserve evidence. Whilst these are compatible with the DSA, they should be rejected in the context of the introduced data retention measures. Is the draft to be endorsed from a civil rights perspective?