European Long-Term Investment Funds redesign and retailisation

On 19 October 2022, the EU Council declared that a political agreement had been reached with the EU Parliament on the revision of the ELTIF Regulation[1]. As a result of subsequent inter-institutional discussions aimed at refining the text of the Political Agreement[2], the EU co-legislators have now published the draft text of the agreement reached[3].

The Provisional Agreement outlines changes to the ELTIF Regulation to make its framework more attractive and easier to participate in and seeks to channel more funding to small and medium-sized enterprises and long-term projects. To this end, the revised ELTIF framework dramatically expands the investment universe, removes barriers to investment for professional investors and makes it easier for ordinary investors to invest in ELTIFs, while providing robust investor protection.


The original ELTIF Regulation entered into force on 19 May 2015 with the aim of generating and channelling resources into long-term European investments in the real economy, in line with the EU’s broader objective of smart, sustainable and equitable growth.

The ELTIF framework initially attracted much attention, in particular because the ELTIF Regulation allowed funds qualifying as ELTIFs to be marketed to retail investors using an EEA-wide passport, similar to the passport available to professional investors under the Alternative Investment Fund Managers Directive (AIFMD).

However, over time it has become clear that the original ELTIF Regulation has not delivered the expected result. As of October 2022, there were only 81 ELTIFs registered across the EEA[4]. The number of funds is still exceptionally low compared to, for example, the Luxembourg Reserved Alternative Investment Fund (RAIF) system, which was created just one year later and saw a much broader involvement.[5]

To encourage the adoption of the ELTIF as a main fund structure for long-term investments, the EU co-legislators decided to further enhance the design flexibility of the ELTIF and to increase its attractiveness by simplifying its distribution.

ELTIF is a European Union label for alternative investment funds that target long-term investment in EU companies and infrastructure by combining private and institutional investors’ money. ELTIFs are registered in the ELTIF register, a central public register listing all ELTIFs authorised under the ELTIF Regulation (50 of which are domiciled in the Grand Duchy of Luxembourg). In 2021, the net assets under control of ELTIFs will only reach approximately EUR 2.40 billion.[6]

Today, more than ever, it is important to promote and enable long-term financing in the Union. In response to the lack of interest in ELTIF I, a comprehensive review of the ELTIF legal framework is underway. As Luxembourg is already at the forefront of this sector (although the market is now modest), the Luxembourg fund industry is following developments in this area with great interest.

Major changes

Given the range of fund vehicles currently available in Luxembourg, some of which are subject to far fewer restrictions than the ELTIF, the benefit of the ELTIF to institutions seems unclear. However, unlike a typical alternative investment fund, ELTIF has an EU label and an EU cross-border passporting framework for retail investors. In principle, the ELTIF review aims to make the fund more attractive to retail investors by removing the minimum initial investment of EUR 10,000 and the 10 per cent total investment limit, thereby positioning the ELTIF as the leading retail alternative investment fund product.

ELTIF II will significantly broaden the scope of eligible assets. It will allow investments in EU AIFs managed by EU AIFM and invested in ELTIF eligible assets, in addition to what is already available under the existing framework. It will allow investments in simple, transparent and standardised securitisations, as well as investments in green bonds issued in line with the planned Green Bond Regulation currently being drafted by EU policymakers. It also provides a streamlined definition of ‘real assets’ and removes the minimum requirement for real estate strategies, which could increase the number of ELTIFs investing in infrastructure.

As noted above, the existing ELTIF framework includes fairly stringent standards that apply to both retail and professional investors but are not necessarily suitable for professional investors who want less protection. As a solution, the ELTIF reform will create more flexible rules that are tailored to the appropriate type of investor. ELTIFs issued to professional investors will be exempt from the risk diversification rules and will be allowed to use leverage up to 100% of the ELTIF’s capital (instead of the current 30% limit). The requirement for ELTIF managers to conduct a suitability test and provide written notification in the event of excessive risk taking provides additional protection for ordinary investors.

Global Portfolio ELTIF-eligible assets must reflect long-term investment in the real economy and contribute to financing the sustainable growth of the Union’s economy. Although the eligibility of ELTIF assets does not depend on whether they are green or not, the ELTIF mindset is most closely associated with the current ESG trend in the fund industry, driven primarily by the SFDR and the Taxonomy Regulation. In terms of eligible assets, the ELTIF II plan aims to increase the geographic and asset type diversification of the ELTIF portfolio.

In order for the ELTIF to be authorised to invest directly in “real assets”, the current ELTIF structure requires that individual real assets be valued at a minimum of EUR 10,000,000. The updated framework will reduce this limit to EUR 1,000,000.

A “Qualifying Portfolio Undertaking” is a second eligible asset for ELTIF. The ELTIF Regulation stipulates that investments in equity or quasi-equity instruments of the qualifying portfolio undertaking can only be made if these companies are majority-owned subsidiaries of the ELTIF, thereby limiting the potential breadth of the eligible asset base. Under the reform, ELTIFs will be able to make minority co-investments in investment opportunities, giving them greater flexibility in implementing their investment strategies, attracting more promoters of investment projects and broadening the range of eligible target assets, all of which are essential for the implementation of indirect investment strategies. Finally, ELTIF II expands the geographical scope of infrastructure projects in which ELTIF can make long-term investments. Previously, the “actual assets” eligible for ELTIF were tied to projects that contributed to the EU’s goal of smart, sustainable and inclusive growth. The proposal aims to extend the definition of real assets to include any asset that has intrinsic value by virtue of its substance and qualities, irrespective of whether it is located inside or outside the Union. The current ELTIF II proposal goes even further by allowing the majority of an ELTIF’s assets, or its main source of income or profit, to be located in a third country.

In conclusion, the revision of the ELTIF Regulation will undoubtedly increase the attractiveness of ELTIFs. As the obvious market leader for ELTIFs, Luxembourg will benefit from the new rules. Nevertheless, the EU passport for retail investors and the “ELTIF label”, which can be advantageous from a distribution perspective, remain the main reasons for choosing an ELTIF over a traditional Luxembourg fund. Of course, the additional general freedom of the operating standards is also highly appreciated.

Next steps and conclusion

It is expected that the EU Parliament will adopt the proposed amendment at its plenary session on 13 February 2023 and that the adopted text will be published in the Official Journal of the EU in March 2023. Two years after the introduction of the amended ELTIF Regulation, a decision will be taken as to whether a “Green ELTIF” designation should be reserved for ELTIFs that meet certain sustainability standards under the Sustainable Finance Disclosure Regulation (SFDR).

ELTIF II is already attracting a great deal of attention from industry players, as it aligns well with the government’s goal of unlocking private funding for much-needed European infrastructure and other long-term projects. ELTIF II also allows retail investors to invest in assets other than equity markets or UCITS funds, thereby increasing diversification and risk spreading, while maintaining specific safeguards and protections.

The realisation of private funds has attracted considerable interest, particularly in Luxembourg, where the Part II fund (which can also be combined with the ELTIF regime) provides an additional route for asset managers to offer retail investors access to private market assets. There has been significant growth in this sector over the past year, with many of the world’s largest asset managers exploring these structures. It is expected that ELTIF II will continue to attract significant interest and growth for this type of fund, particularly in Luxembourg, which is ideally positioned to benefit from this new regime due to its global reputation as a safe and well-established location for investment funds, its favourable local legal framework and the experience and expertise of local service providers in this field.


EU Commission flags
Intelectual Property Law,

Intellectual Property Rules: The European Commission has presented more effective changes

The Commission is presenting amended rules that will make the protection of industrial designs throughout the EU cheaper, quicker, and more predictable.

The suggestions are in response to the Intellectual Property Action Plan,[1] which was established in November 2020 and aims to reform EU design protection legislation. It reflects calls from stakeholders, the Council, and the European Parliament for the modernization of the legislation and aims to build on the results of a thorough examination of the reform of the EU trademark legislation. It is also in response to requests from stakeholders, the Council, and the European Parliament for the Commission to modernize and further unify EU industrial design law.

A product’s industrial design is its outside look, as defined by its lines, curves, or shape. The recommendations for a revised Regulation[2] and Directive[3] on industrial designs modernize the 20-year-old Community design framework[4] and counterpart national design regimes.[5] The updated regulations will further enhance the circumstances for corporate innovation. In addition, the guidelines implement a more balanced approach to design protection. This ensures that designs may be replicated for spare components, giving consumers more options when repairing complex products like automobiles.

Objective of the proposal

Each proposition will simplify and expedite the process for EU-wide design registration.

In particular, the new rules will make registered Community design protection more accessible, efficient, and affordable, particularly for individual designers and SMEs, by making it easier to present designs in an application for registration (such as by submitting video files) or by combining multiple designs in a single application, as well as by lowering the fees to be paid for the first ten years of protection.

Processes and guarantee compatibility with national design systems will be harmonized: the new framework intends to guarantee more complementarity between EU-level and national design protection legislation, for example regarding registration requirements and the simplification of invalidation criteria for registered designs. This will assist to level the playing field for European enterprises.

Permit reproduction of original designs for complex product repairs: By incorporating an EU-wide “repair clause” into the Design Directive, the new rules will help to boost spare parts market access and competition. This is especially significant in the auto repair industry, where it should become permitted in all EU member states to replicate identical “must match” car body pieces for repairs in order to restore the vehicle’s original appearance. The proposed ‘repair clause’ should have immediate legal effect only for future designs, while existing designs should be protected during a ten-year transitional period.

The two suggestions will be forwarded to the European Parliament and the Council for consideration in accordance with the normal legislative procedure.

Next Steps

The two proposals will now be forwarded to the European Parliament and the Council for consideration in accordance with the normal legislative procedure.

The revised rules of the Directive will be incorporated into national law within two years of the adoption of the new proposals.

A portion of the modifications to the Community Design Regulation will become applicable within three months of the regulation’s entry into force, while the remainder will become applicable when the delegated and implementing acts are implemented (18 months after entry into force).


Liability for Artificial Intelligence

A new proposal to address liabilities caused by the AI

The European Commission proposed new guidelines[1] on 28 September that would require developers of artificial intelligence-powered software and goods to compensate victims of their creations.

In 2020, the chamber had urged[2] the Commission to implement regulations to ensure victims of harmful AI can get compensation, notably requesting that creators, providers, and users of high-risk autonomous AI could be held legally liable for accidental injury. However, the EU executive opted for a “pragmatic” approach that is weaker than this severe liability regime, arguing that the facts did not “justify” such a regime.

AI Liability Directive

The new AI Liability Directive would make it simpler to claim for compensation when a person or organization is injured or suffers damages as a result of drones, robots, or software such as automated hiring algorithms powered by artificial intelligence.

The proposed legislation is the most recent attempt by European officials to govern AI and establish a global standard for controlling the burgeoning technology. It comes at a time when the EU is in the midst of negotiating the AI Act,[3] the world’s first bill to restrict high-risk uses of AI, such as facial recognition, “social score” systems, and AI-enhanced software for immigration and social benefits.

Under the proposed new AI Liability Directive, the presumption of causality will only apply if claimants satisfy three core conditions: first, that the fault of an AI system provider or user has been demonstrated or at least presumed to be so by a court; second, that it can be considered reasonably likely, based on the circumstances of the case, that the fault has influenced the output produced by the AI system or the failure of the AI system to produce an output; and third, that the presumption of causality Some of the strategies that DeepMind’s AlphaGo used to defeat a human were ones that expert Go players had never considered. This exemplifies both the benefits and challenges presented by artificial intelligence. We may not be able to comprehend the reasoning behind an AI’s decision or how one thing led to another as humans. This is one of the reasons why AI liability laws may be required to make a policy judgment based on an assumption. Therefore, subject to certain conditions and in limited circumstances, national courts would be required to presume, for the purposes of applying liability rules to a claim for damages, that the output produced by the AI system (or the failure of the AI system to produce an output) was caused by, for instance, the AI provider’s fault.

For instance, claimants would need to demonstrate that providers or users of high-risk AI systems had not complied with the obligations imposed by the AI Act. For providers, these responsibilities include training and testing of data sets, system oversight, as well as system precision and resiliency. For users, who, under the AI Act, may be an organization or a consumer, the obligations include monitoring or utilizing the AI system in accordance with the accompanying instructions.

To aid claimants in establishing blame, the proposed AI liability regulation permits courts to force providers or users of high-risk AI systems to preserve and disclose material pertaining to those systems. The proposed legislation further encourages disclosure by allowing the presumption of causality to be rebutted when a provider or user can demonstrate that adequate evidence and expertise are reasonably accessible for the claimant to establish the causal link. In the event of a malfunction with a conventional product, it may be clearly apparent what went wrong. Nonetheless, this may not be the case with AI. A court can force a provider of a high-risk AI system (as defined by the EU AI Act) to disclose relevant and necessary evidence concerning their product under certain conditions. In restricted instances, third parties may also submit requests.

Product Liability Directive

The Commission proposed the AI Liability Directive alongside a separate, but related, proposal for a new Product Liability Directive.[4]

Under the proposed Product Liability Directive, AI systems and AI-enabled items would be classified as “products” and consequently subject to the liability framework of the directive. As with any other product, compensation is available when defective AI causes harm, and the affected party is not required to prove manufacturer negligence. In addition, producers may be held accountable for modifications they make to items they have previously introduced to the market (i.e. when these changes are triggered by software updates or machine learning). In some instances, a person who modifies a product that has been placed on the market or put into service may be regarded the product’s manufacturer and consequently accountable for any resulting damages. Other parties, such as importers, authorised representatives, fulfilling service providers, and distributors, may be held accountable for faulty products created outside the EU or when the producer cannot be identified.

In addition, the plan makes it clear that not only hardware makers but also software providers and providers of digital services, such as a navigation service in an autonomous vehicle, might be held accountable.

In addition, the burden of proof will be decreased when the court determines that a claimant will have trouble showing a fault or the causal relationship between the defect and the loss due to technical or scientific complexity (though the person sued can contest this). This proposal links the planned Product Liability Directive with the AI Liability Directive by shifting the burden of evidence.

Finally, claim thresholds and compensation level ceilings are eliminated. Under existing regulations, in order for a claim to be considered, the harm caused by a defective product must be at least 500 euros, and Member States may place a cap on the producer’s total culpability for damages resulting in death or personal injury (this amount cannot be lower than EUR 70 million).

The need for further implementation

Despite the transmission of essential information, it can be exceedingly difficult to show fault in complex systems, which is one of the major critiques leveled against the planned AILD. Especially given that certain AI systems behave autonomously and have functions that are so complicated that their outputs cannot be simply explained. This challenge relates to the ‘black box’ algorithm problem that develops when the complexities of an AI system make it difficult to comprehend the input that leads to a certain output.

While the proposed AILD cites autonomy as a barrier to understanding the system in its Recitals 3, 27, and 28, it offers little to aid injured parties in establishing a presumption of cause. An injured party still has a heavy burden of proof under the AILD, from providing evidence in support of the plausibility of the claim (Article 3(1)) to identifying non-compliance with AIA requirements (Article 4(1)(a)) and demonstrating a connection between the action of the AI system and the damage sustained (Article 4(1)(c)). It may also be difficult to demonstrate noncompliance with the proposed AIA’s rules. For example, it may be difficult to demonstrate that the datasets utilized in the creation of an AI system, or the accuracy levels of a given system are insufficient. Therefore, the proposed AILD provides very minimal procedural convenience for aggrieved parties at best. More must be done to improve the effectiveness of the recourse accessible to victims of AI-caused harm.

Using the updated PLD’s defect-based remedy, which requires no proof of wrongdoing, is one strategy for addressing this issue. Article 4(6) of the PLD stipulates that compensation may only be sought in the event of material damage. It means that AI systems used in, for example, credit-scoring by any financial institution that could hurt persons in a non-physical manner cannot be challenged on the basis of being flawed. To collect compensation, the injured party would need to demonstrate fault through the AILD. The Deputy Director of the European Consumer Organization (BEUC), Ursula Pachl, has already expressed this worry when discussing the draft directives.[5] BEUC is an umbrella consumer group that unites 46 independent consumer organizations from 32 countries and has advocated for years for an update to EU liability laws to account for the rising applications of artificial intelligence and to guarantee that consumer protections laws are not outrun. In its view, the EU’s proposed policy package falls short of the more comprehensive reform package it advocated for. It consists of modifications to the existing Product Liability Directive (PLD) so that it covers software and AI systems (among other changes); and a new AI Liability Directive (AILD) that aims to address a broader range of potential harms stemming from automation. In contrast to traditional product liability regulations, if a consumer is hurt by an AI service provider, they will be required to prove that the service provider was at fault. Given the opaqueness and complexity of AI systems, these characteristics will make it impossible for consumers to exercise their claim to compensation.

In this context, the Commission’s approach is more advantageous for developers, some of whom opposed stringent liability for non-material damages during the proposal development process.[6] In addition to this barrier, the PLD requires claimants to demonstrate the likelihood that injury was caused by the system’s failure in order to utilize the presumption of defectiveness (Article 9). This raises questions concerning the likelihood criterion that a claimant must achieve, particularly when a given system is difficult to comprehend.

A month ago, the U.K.’s data protection watchdog issued a blanket[7] warning against pseudoscientific AI systems that claim to perform ’emotional analysis,’ urging that such technology is not used for anything other than pure entertainment. This is illustrative of the types of AI-driven harms and risks that may be driving demands for robust liability protections. In the public sector, a Dutch court ruled[8] in 2020 that an algorithmic evaluation of social security claimants’ welfare risk violated human rights law. In recent years, the United Nations has also issued a warning[9] regarding the hazards of automating public service delivery to human rights. In addition, the employment of ‘blackbox’ AI systems by US courts to make sentence decisions, which opaquely bake in bias and discrimination, has been a crime against humanity for decades.

In conclusion, the proposed AI liability directions of the Commission largely facilitate the gathering of information regarding AI systems in order to prove culpability. In a sense, this codifies the transparency requirement for AI systems, which is also included in the proposed AIA. However, while doing so, the proposed liability directives saddle claimants with difficult obstacles to surmount, such as having to demonstrate blame or presumptions of defectiveness and causality, as well as the connection between the harm and the defect or fault, as outlined in the AILD and PLD. The Commission’s proposals are in the beginning stages of the legislative process and will likely undergo a number of adjustments prior to their final adoption. Moreover, possible changes to the proposed AIA could also affect the execution of the proposed liability guidelines, as the directives depend on the AIA’s definitions and standards. The legislative measures to establish AI liability are a significant step in the right direction towards successfully regulating AI. However, it is still essential to exercise caution in regard to the intricacies of AI systems, especially when the objective is to safeguard wounded parties.



E-Evidence proposal and its public involvement of private actors

Background Analysis

Since its incorporation into the Tampere Conclusions, the issue of the admission of evidence obtained in cross-border criminal proceedings in the EU has been on the table. Article 82(2) of the Treaty on the Functioning of the European Union (TFEU)[1] grants the European Parliament and the Council the ability to establish fundamental rules for the reciprocal admission of evidence. Common minimum standards on how evidence is to be gathered and transferred – and also on a limited set of exclusionary rules – are required to protect fundamental rights and facilitate judicial cooperation at the EU level, especially given that e-evidence introduces a cross-border element into virtually every criminal investigation and procedure. Due to the rapid digitalization of private and public spheres, as well as professional and non-professional activities, the importance of a common set of evidence standards, and in particular e-evidence standards, has increased. Furthermore, the repercussions of COVID-19 have a multiplier effect on the impact of e-evidence at the EU level, as the epidemic has caused a significant movement towards digitalization and a notable change towards the collection of e-data for security purposes (mainly geolocation, and to potentially track contacts of infected persons).

Recent legislative initiatives (Directive 2014/41/EU on the European Investigation Order (EIO)[2] in criminal proceedings and Council Regulation (EU) 2017/1939[3] implementing greater cooperation on the establishment of the European Public Prosecutor’s Office, EPPO) have addressed this issue in part. However, the EIO provides no regulations governing the admissibility or rejection of evidence. The admissibility of evidence gathered in a foreign country will rely on how it was obtained and compliance with any applicable restrictions. Moreover, Article 37 of the EPPO Regulation[4] essentially creates an inclusionary rule, leaving all possible grounds for evidence exclusion unaddressed.

As a result, there is no uniform policy among EU member states. The diversity of solutions in each Member State impedes the creation of what has been termed a “zone of free movement of criminal evidence” and may have a severe impact on the rights of defendants. In the past, Member States may have concluded that supranational standards on admissibility of evidence were not strictly required, and that, as a result, the principles of subsidiarity and proportionality for EU legislation would not be followed. However, the situation has changed dramatically over the past few decades as a result of obvious shifts in the modern “digital society.”

The Evidence Package

The European Commission proposed the “E-Evidence” legislative package (E-Evidence)[5] on 17 April 2018 to overcome the widely discussed issues associated with the traditional instruments for cross-border gathering of electronic evidence. The main innovation of this proposal consists of allowing law enforcement in one member state to directly compel service providers in another member state to produce or preserve data.[6] Internet service providers (ISPs) already play a significant role as gatekeepers for the data they possess, particularly in the context of voluntary cooperation. Due to restricted enforcement options, the frequently global context of data collection, and the economic clout of big ISPs, it is their decision whether or not to submit data to authorities. While the final text of the EPO Regulation is still being negotiated, I argue in this post that the proposal for the E-Evidence regulation (in all of its available versions) does not solve the problem of such “privatisation” of enforcement in the context of e-evidence collection, and I explain why this is problematic.[7]

E-Evidence legislation has been in the legislative process for some time. While the EU Council agreed its broad strategy very swiftly,[8] on 7 December 2018, The European Parliament’s (EP) extensive deliberations lasted over two years. On 11 November 2020, the EP delivered its Report on the draft Regulation, which differed significantly in some respects from the Council’s general approach, which was generally comparable to the Commission’s proposal.[9]

The notification system, which establishes the criteria under which the authority originating the access request must notify the authorities in the executing member states, is one of the most contentious aspects.

For governments represented in the EU Council, making this process overly burdensome would negate the aim of the rule, but MEPs and civil society want protections for protected groups such as journalists, lawyers, and political activists. The member nations were successful in meeting the so-called “residence criterion.” In other words, if the individuals in question are residents of the member state executing the order, there is no need to notify the authorities of the executing country about the location of their data storage. If the requested information can only be used to identify a person, no notification is necessary.

In exchange, MEPs gained the notification’s suspensive effect. In the event that a law enforcement agency requests content and traffic data, the other member states will have ten days, or eight hours in the event of an emergency, to object. The suspension effect stipulates that the service provider must safeguard the requested communication but will be unable to disclose it until the deadline has passed and no rejection has been raised.

The executing member states may appeal the order if it violates the legal framework’s fundamental rights or immunities, such as press freedom. The legislature adopted the notion of dual criminality, which states that the persecuted crime must also be recognized in the country of execution.

Special safeguards against alleged infringement of basic rights have been added to orders refused by member states whose rule of law has been officially brought into question by the activation of EU procedures, such as Hungary and Poland at present.

Political problem that is yet to be resolved

Unresolved from a political standpoint is whether the executing member states ‘may’ or ‘shall’ oppose the order if one or more reasons for rejection are discovered. The Parliament favors the latter formulation because legislators want to guarantee that these precautions are applied effectively.

In accordance with the GDPR, the EU’s data protection regulation, the order must be sent to the data controller, the entity that determines why and how the data is processed. The authorities will only refer directly to the data processor, the organization that processes the data on behalf of the controller, in exceptional circumstances. The co-legislators of the EU only agreed in principle to the establishment of a common European exchange, an EU-wide platform for issuing orders that would guarantee the secrecy and legitimacy of the orders to service providers.

While the interinstitutional meeting, or trilogue in jargon, resulted in significant progress on a number of key issues, according to two knowledgeable sources, the gaps between the co-legislators may still be too substantial to be resolved at the technical level. The French negotiators were under significant political pressure to find an agreement before the end of their Presidency on Friday, and on Thursday they even requested a new political trilogue. However, the European Parliament could not meet such a short deadline.

Private actors and potential conflicts of interest

In light of the preceding, the E-Evidence package will establish a new connection between law enforcement agencies and ISPs, regardless of the establishment of the mandatory notification system. These are expected to become extended arms of law enforcement, replacing national authorities in the tasks of receiving, complying with, and reviewing orders.[10] ISPs will unavoidably become more of a public authority than a private actor, although lacking the characteristics of public authorities, such as accountability, impartiality, and independence.

This shift of public responsibilities to ISPs, as envisaged by the E-Evidence package, is not novel in European law, but rather conforms to a pattern that has intensified over the past few years.[11] Indeed, private players’ participation in crime prevention has increased. This tendency is exemplified by the AML regulatory[12] framework: private actors, particularly banks and financial institutions, are required to create risk prevention measures and report to competent authorities in order to avoid money laundering or terrorism funding. In this sense, the E-Evidence proposal codifies a quantum leap in the role of private actors: not only are they involved in crime prevention, but they are also required to play an active (proactive) role in enforcement by directly responding to requests from a law enforcement authority and evaluating the validity and legitimacy of these requests.[13]

This role poses various questions. ISPs, as private actors, are entities that are profit-driven and answerable to their owners or stakeholders. These traits have (at least) a double bearing on their ability to fulfill this public function. First, ISPs will make decisions based on their commercial interests. In fact, unlike public actors, when ISPs must choose between competing ideals, they do so at the risk of punishment for noncompliance or reputational damage, which may have a direct impact on their financial interests. Moreover, even if private actors present themselves as acting for the greater good, they will only engage in this manner if it serves their financial interests. The commercial reasoning also influences the accountability and duty of ISPs. A democratic system of accountability controls value judgments in the public realm; private firms (i.e. ISPs) are answerable to their owners first and foremost.[14]

Lastly, additional practical issues relating to the implementation of such power may arise due to the potential for ISPs to abuse their authority. For instance, what about ISP personnel who are offered bribes to influence the judgments they execute? This sort of corruption, however, no longer affects the private sphere, as it is not a violation of the entity’s duty. This circumstance more closely resembles public corruption but is not covered by the applicable regulations.[15]


There appears to be a need for cooperation between law enforcement agencies and ISPs, given the latter possess information that may be crucial to criminal investigations. This new interaction between public bodies and commercial players cannot be governed by the current regulatory system. Consequently, legislative intervention is required, and the E-Evidence package has the ability to eliminate one of the most significant barriers facing contemporary criminal investigations. However, a more complete framework is required to ensure that the rights of impacted individuals are adequately protected and that their fate is not contingent on the commercial interests of private enterprises.

The issue of the public duty of ISPs is not confined to the collection of electronic evidence. Similar issues and arguments can be raised in relation to online content control and the Digital Services Act discussion (DSA).[16] The challenges in negotiating both legislative proposals (E-Evidence and DSA) highlight how difficult it is to manage a domain in which private players wield so much effective enforcement capacity and de facto adjudicative authority. To guarantee the fairness of the procedures and the correct protection of the fundamental rights of the affected parties, however, a precise set of boundaries is required. If shared adjudication is to be recognized, a significantly more robust structure must be established to protect the rights of those affected.

Financial Law, Law,

Digital Service Act approved by the European Parliament: new features on online intermediaries

The European Parliament has recently passed the Digital Services Act[1], a regulation that replaces and novates the previous liability regime for information society service providers, consisting of the E-commerce Directive EC Directive 2000/31[2]. This contribution will analyze the main novelties and the continuities between the old and the new regimes.

European DSA (Digital Service Act)

European DSA (Digital Service Act)


5 July represents a very important milestone in the roadmap of European digital regulation. In fact, this is the date on which the European Parliament approved the Digital Services Act (DSA), presented by the Commission in December 2020 and on which political agreement had already been reached on April 23, 2022.

This regulation’s stated objective is to contribute to the proper functioning of the internal market for intermediary services by establishing harmonized rules for a safe, predictable, and reliable online environment that facilitates innovation and in which the fundamental rights enshrined in the European Charter of Fundamental Rights, including the principle of consumer protection, are effectively protected.

In other words, it aims to redefine the rules applicable to online platforms by amending the Directive 31/2000, the so-called ‘E-commerce Directive’ and the main regulatory reference with regard to “provider liability’ or “secondary liability’. Indeed, the digital transformation and the increased use of digital services have given rise to new risks and challenges for individual service recipients, for businesses, and for society as a whole, hence the need to revisit the previous regulatory framework, now more than 20 years old.

Main novelties

The new regulatory framework applies to ‘information society services’, i.e. entities offering services at a distance, by electronic means, at the request of a recipient, ‘normally for remuneration’.

The overall architecture of the E-commerce Directive is preserved, but new rules on transparency, disclosure requirements, and accountability are adopted, primarily reflecting existing case law. The choice of regulation rather than directive as the form for the new legislation is a significant continuity solution. The direct applicability of the DSA is anticipated to help eliminate disparities between national E-commerce Directive transpositions.

However, the responsibility exemption for providers engaged in mere conduit, caching, and hosting activities remains preserved. This exemption, which focuses on hosting providers, is based on the condition that the provider of such an information society service is not liable for data maintained at the recipient’s request. All of the above, if the provider lacks actual knowledge of illegal activity or illegal content and, with respect to claims for damages, is unaware of facts or circumstances from which the illegal activity or illegal content is apparent; and, upon acquiring such knowledge or awareness, acts expeditiously to remove or disable access to the illegal content.

Similarly, the absence of a general obligation to monitor the platform for user activity is maintained, but certain exceptions are added. In addition, the DSA introduces a sort of “Good Samaritan” language to highlight that intermediaries are permitted to conduct bona fide voluntary investigations or other efforts aimed at finding and deleting illegal content without the risk of losing exemptions for that reason alone.

In addition to replicating the above exemption framework, the Digital Services Act imposes:

1. due diligence obligations for some specific categories of intermediary service providers.

2. new rules for implementation, enforcement, cooperation and coordination between Member States on digital services.

Perhaps the most significant novelty is the introduction of a ‘scaled’ discipline with four categories of providers and a progressive increase in the obligations, proportionate to the influence played, and responsibilities placed on the platform due to belonging to one or the other of the specified categories. These obligations are summarized here in the Table below.[3]

The categories would be intermediary services, hosting (e.g. cloud), online platform (e.g. social media) and very large platforms.

Intermediary services


Very large

Transparency measure for the online platform Transparency Reports





Requirements on terms of service that take into account fundamental rights





Notification, intervention and obligation to provide information to users




Transparency of user-facing online advertising



Transparency of recommendation systems


Supervision structure to deal with the complexity of the online space Cooperation with national authorities following orders





Contact points and, if necessary, legal representative





Complaint, redress and out-of-court dispute resolution mechanism



External and independent audit, internal compliance function and public accountability


Cooperation in response to crises


Measures against illegal goods, services, or content online Trusted flaggers



Measures against abusive service and counter-notification



Special obligations for marketplaces, e.g. verification of credentials of third-party providers (‘KYBC’), compliance by design, random checks.



Reporting offences



Risk Management Obligations



Codes of Conduct


Access by researchers and authorities to key data Sharing data with authorities and researchers


The establishment of new national authorities to oversee the DSA’s implementation is an additional innovation of note. In Chapter IV of the proposal, the procedural structure of this body is outlined. This individual is known as the Digital Services Coordinator, and he or she will be responsible, in each Member State, for overseeing the precise application of the DSA with respect to the platforms that have their main establishment in that Member State. The Digital Services Coordinator[4] will have three powers: investigative; enforcement, such as the power to order the cessation of violations, to impose corrective measures or interim measures aimed at avoiding the risk of serious harm; and the power to impound platforms that violate the DSA.

Finally, where the previous measures prove ineffective, coordinators also have the power to:

  1. to require the adoption of an action plan setting out the measures necessary to bring the infringement to an end and to ensure that the provider takes such measures, and to report on the measures taken
  2. to request the competent judicial authorities of that Member State to order the temporary restriction of access of the recipients of the service affected by the infringement.

Finally, platforms may also be sanctioned for submitting incorrect, incomplete or misleading information, as well as for failing to reply or rectify the same information, and for failing to submit to inspections. In these cases, however, penalties may not exceed 1 per cent of annual income or turnover (Article 42(3)).

Next steps

After the European Parliament adopted the DSA at first reading in July 2022, the text must be approved by the Council of the European Union. The DSA will be signed by the Presidents of both institutions and published in the Official Journal following acceptance by the Council. Then, twenty days following its publication in the Official Journal, it will enter into force.

With the exception of the responsibilities for big online platforms and large online search engines, which will apply four months after their designation, the DSA will be directly applicable throughout the EU after 15 months or on 1 January 2024, whichever is later.[5]

  3. The Digital Services Act: An Analysis of Its Ethical, Legal, and Social Implications <>
ntf, token, law, legal, droit, légal, cryptos, cryptocurrencies, news,
Intelectual Property Law, Law,

The problems with NTF and intelectual property

NTF Intelectual property

You may have heard the word “blockchain” in the previous several years. Blockchain technology has established itself as an innovative record-keeping system, most notably serving as the foundation for the Bitcoin cryptocurrency. The most unique aspect of blockchain is its decentralized nature: it is not controlled by any single individual or organization. It is transparent in the sense that the ledgers are seen by everyone (if you know where to look). Blockchain technology is applicable to a wide variety of applications and is not restricted to cryptocurrencies. Non-fungible tokens (NFTs) are the most recent high-profile example of this nascent technology’s extensive applicability. NFTs are claimed to be immutable once “minted” (the Non-fungible token field’s term for “made”), because the information once placed on the blockchain is permanent and irrevocable.

NFTs are now sweeping the globe, as sports memorabilia firms and art auction houses use them to maximize the value of digital assets. In the first quarter of 2021, NFT sales hit $2 billion, with roughly twice as many buyers as vendors. For example, musicians, artists, and publishers have benefited from NFTs in order to commercialize their works and protect their intellectual property rights. We examine the intellectual property law implications of NFTs and related advancements in this paper.

NFTs are a global sensation.

Three weeks ago, fashion designer Karl Lagerfeld launched the first “non-fungible tokens” (NFTs). To begin, a black and white NFT figurine, which the internet site The Dematerialized sold in an edition of 777 for 77 euros each. A second, gleaming metallic NFT figurine by Lagerfeld, limited to 77 pieces, sold for 177 euros each.

The more costly version sold out in 33.77 seconds; the less expensive version took 49.09 minutes to sell out, Marjorie Hernandez, co-founder of The Dematerialized, disclosed during her presentation. The website where the NFTs were sold received traffic from all around the world. Sixteen percent are from the United States, 39 percent are from Europe, and 45 percent are from other countries. “Interest in the Karl Lagerfeld NFTs is international,” Hernandez continued. It extends the brand’s traditional marketing channels and targets new demographics, particularly younger generations.

How may NFTs be used to the world of art? Digital art is connected to a non-fungible token (NFT), which is produced online and then traded on a variety of exchanges. NFTs have had two significant consequences. To begin, they have lent an air of ‘authenticity’ to digital art. Second, they’ve established a potentially valuable online platform for digital artists to share works in a new genre of performative art. Because NFTs are one-of-a-kind tokens, they lend an air of authenticity to digital art in an age of copy-and-paste. This sense of ‘authenticity’ is encoded by NFTs.

According to a Deloitte survey on digital media trends, 87% of Gen Z consumers report playing video games on their cellphones, gaming consoles, or PCs on a weekly basis. Additionally, this generation is expected to prefer playing video games to watching video entertainment by a factor of more than two. The resulting blurring of the lines between younger consumers’ physical selves and virtual gamified avatars is ideal for ‘tokenisation’ – a unit of data stored on a digital ledger, or blockchain, that enables the trading and ownership of supply-constrained luxury collectibles, whether in conjunction with a physical purchase or exclusively online. The collaboration between digital sneaker brand RTFKT Studios and artist FEWOCiOUS led in a USD 3.1 million sale on non-fungible token (NFT) marketplace Nifty Gateway in under seven minutes. Each digital sneaker is paired with a physical counterpart – the ability for marketers to optimize their supply chains by selling a digital version of a coveted product while the consumer waits for the physical version is revolutionary.

The multiplicity of NFT structures

Why all the hipe? What are NFTs and what purpose do they serve in the metaverse? Finally, what contribution does new technology provide to the realm of fashion? Because one thing is certain: the Lagerfeld NFTs are only the latest example of a new technological adaption that is currently en favor, particularly among high-fashion brands: Burberry, Balenciaga, Gucci, and Louis Vuitton are all experimenting in this new arena. Digital fashion creates an entirely new sphere of action for fashion firms. They can sell their fashion not just in the physical world, but also via NFTs – particularly in the gaming world. Clothing also plays a growing role in this area. Players can build personal avatars, shop, attend fashion shows, interact with one another, and even own land and real estate in Metaverses. The possibilities are virtually limitless. In contrast to the majority of social media platforms today, a metaverse is a collective virtual space that is typically decentralized and frequently built on blockchains, for example, to safeguard one’s own money.

NFTs can be simply JPEG files. These non-fungible tokens are akin to digital certificates of validity that are often secured using blockchain technology and hence impenetrable to tampering. NFTs originate in the arts and gaming industries. Only in March of this year, Christie’s sold a photograph by artist Beeple for 69 million euros, making it the world’s most expensive JPEG file to date.

NFTs are a technique of tokenizing an asset, with a token representing a digital unit of value on a blockchain. These tokens can be used to represent a range of items and are subject to a variety of rules. The nature of a token is determined by the standard (a collection of rules agreed upon by developers) to which it is subjected. The ERC-20 standard is frequently used for fungible (not unique and thus divisible) tokens on the Ethereum blockchain, while the ERC-721 standard is frequently used for non-fungible (unique) tokens.

What does this mean legally?

Due to the non-fungibility of NFTs, a new distribution mechanism for intellectual property monetization has emerged. Given some of the unique characteristics of NFTs, intellectual property owners’ intellectual property protection and licensing strategies must be rethought. As NFTs gain popularity, businesses and creators should incorporate NFT-specific intellectual property protections into their intellectual property protection plans. Due to the unique characteristics of NFTs, numerous new issues apply when licensing, assigning, or transferring intellectual property rights. Additionally, NFT creators should be aware of potential infringement risks when utilizing third-party intellectual property and should consider protecting their original inventions with intellectual property protection.

However, the utility of NFTs in terms of intellectual property (IP) rights appears to be far less persuasive. The issue is that holding an NFT does not imply ownership of an original work. An NFT is simply a digital ticket confirming that you possess a version of a work from a copyright perspective. Buyers’ impressions of their property do not always correspond to legal reality, and the firms involved in these transactions are opaque.

The buyer’s perception of what they are buying may not match the legal reality. NFTs being sold should contain exactly what they want to sell, as an NFT cannot be edited easily once recorded on a blockchain. An NFT does not grant ownership of a piece of work. It is in reality a digital note which verifies that you own a version of the work.

It’s unsurprising that third-party intellectual property is frequently entangled in NFTs without the rights holder’s express agreement or consent. NFTs may include unlicensed copyright-protected content. As expected, intellectual property owners are stepping up enforcement against illicit uses of copyrighted information in NFTs. While NFTs have enormous financial power in the entertainment and collectibles industries, it is unclear how they affect the underlying intellectual property. What is evident is that the rights involved with acquiring NFTs (apart from the right to own) are restricted.

NFTs appear to have immediate uses. To be more specific, this tokenized technology might be used to sectors such as watermarking, in which producers could utilize NFTs to validate the validity of digital artwork or trading cards. Whatever application of NFT technology occurs in the future, one thing is certain—NFTs should not be mistaken with inherent authentication of items. This is particularly critical since complaints of fake NFTs continue to rise.

It is critical to distinguish between ownership of the NFT and ownership of the underlying intellectual property when evaluating the intellectual property implications of NFTs. The rights granted by an NFT seller are contingent upon the rights transferred through a license or assignment, which differ each NFT. You may own a specific video clip or photograph of a LeBron James slam in NFT form, but the NBA owns the underlying rights. In the framework of copyright, ownership of the underlying rights will transfer only if the creator of the original work expressly consents to the transfer. In general, possession of an NFT does not automatically confer ownership of the underlying content or any associated intellectual property rights. As a result, an owner of an NFT may be prohibited from reproducing, distributing copies, performing, displaying, or creating derivative works of the original work. Rather than that, the copyright holder retains exclusive rights.

There are concerns about how will NFTs fit into current copyright law. For example, with regards to music, no artist would be selling the rights to the master version of the music. Those rights are retained by the artist, even as they sell a kind of licensed content to consumers.

However, people can mint NFTs of work they didn’t create. This is where we believe the largest legal issue lies. For instance what happens if someone mints NFT’s of heavily protected music such as the Beatles or Elvis or NFT’s of long established Disney characters? One assumes copyright infringement lawsuits will be plentiful and it appears that the market may not yet be prepared for the eventuality that a work’s original creator may claim copyright infringement.

‍For instance, The Hermitage, the most significant and big museum in Russia, in Russia has taken legal action against Rammstein‘s Till Lindemann over the “unauthorised” sale of an NFT bearing its imagery.

Last week, the German band’s frontman entered the world of non-fungible tokens (NFTs) by selling VIP style access to him along with special digital artwork. Fans were offered the chance to dine with the singer in Moscow, Russia as part of a €100,000 (£84,705) package. While he had been granted permission to film there for the clip, the museum says the musician breached the terms of their agreement by selling NFTs that include materials shot on its premises.

A statement from the State Hermitage Museum, posted to Facebook last Friday (August 13), claims that it has issued Lindemann with a “license violation warning” over what are claimed to be “illegal tokens”.

Financial regulations still applying

Whilst it is easy to point out the legal issues with NFTs and copyright law, the reality is that these tokens are hugely popular and potentially are here to stay. IP law and indeed lawyers will have to deal with these and perhaps rapidly.

While the majority of jurisdictions lack particular legislation or regulations governing NFTs, a slew of current regulations may nevertheless apply. This will rely on the following factors: the qualities and attributes of the token; the actions conducted in connection with the token; and the territorial reach of the applicable regulatory framework.

A few relevant examples :

For instance, in the United Kingdom, the Money Laundering Regulations 2017 define cryptoassets as “a cryptographically secured digital representation of value or contractual rights that utilizes a form of DLT and can be transferred, stored, or traded electronically,” and outline the activities that trigger a registration requirement when performed in relation to cryptoassets. Exchanging NFTs for cash or other cryptoassets, or arranging for others to do so, would trigger a registration requirement. If an NFT does not meet the definition of a cryptoasset, for example, because it does not reflect value or contractual rights, the regime does not apply.

Switzerland provides a favorable and attractive legal structure for cryptoassets, notwithstanding the absence of a dedicated legal framework. The regulatory framework enabling for the issuance and trading of cryptocurrencies has been in place for a few years.  Switzerland has now strengthened its regulatory framework for tokens representing rights, such as asset tokens and utility tokens representing claims against the issuer or a third party, following the adoption of the Federal Act on the Adaptation of Federal Law to Developments in Distributed Ledger Technology (the DLT Act), which made numerous amendments to Swiss law to account for the potential offered by distributed ledger technology (DLT). Certain provisions of the legislation took effect in February, while the balance of the new provisions will take effect in August 2021. The DLT Act, in particular, established DLT rights as a new class of assets as a digital alternative to certificated securities. DLT rights should be transferrable exclusively via the blockchain. Additionally, Swiss legislation has developed a new sort of license category for trading venues that allow for the trading of DLT rights. Additionally, extra segregation rights have been introduced for cryptoassets kept in custody by a third party (e.g., a wallet provider) in the event of the third party’s insolvency.

Yet the the Swiss Financial Market Supervisory Authority (FINMA) has frequently declared that it will make no distinction between different technologies used for the same activity; in other words, it will apply the’same business, same rules’ concept to any new technology. This of course does not really fit with the specific problematics of NTF.

This lack of certainty about buyers’ intellectual property rights has not deterred users from investing millions on virtual land NFTs, with some speculating that it could be at the vanguard of a near-term virtual real estate bubble. Dapper Labs Inc., the Canadian business that pioneered the usage of NFTs in CryptoKitties, has done the most to address these IP concerns by developing an NFT License. Apart from the obvious draft difficulties, this helps customers understand they are not purchasing the copyright but rather a form of licensed content.

Are NTF new forms of intellectual property?

Without any doubt no.  NFT will not change , and have not changed anything as to IP law.

While we can have been quick to point out the legal flaws in NFTs, we cannot overlook their cultural and technological novelty.  There may be significant benefits for artists seeking to maximize the revenue generated by the usage of their work. As previously stated, artists have the option of minting their NFT according to a variety of various criteria. Therefore, if you desired to be compensated anytime your work’s rights were used, you would choose a token that established such restrictions (as it happens the ERC-1190 standard does this). And, as Valéry prophesied, innovation has the potential to alter our conception of what constitutes art and, consequently, what merits copyright protection and what does not.

It remains to be seen whether NFTs live up to the buzz around them. Whether the future is a world with a thriving NFT art market or a world where disgruntled crypto art collectors sue for consumer protection violations (or both! ), there are certain to be some intriguing legal challenges on the horizon.

ntf, token, law, legal, droit, légal, cryptos, cryptocurrencies, news,
Financial Law, Law,

Some Legal considerations on NTF


Non-fungible tokens (NFTs) have existed for many years but have recently garnered enormous traction in the form of digital kittens (CryptoKitties), sports highlights (NBA Top Shot), music album downloads (Kings of Leon), and Christies-auctioned digital paintings. Sir Tim Berners-Lee recently sold an NFT with the original source code for the world wide web.

NFTs let companies to communicate directly with consumers in the digital age; they enable brands to instill a sense of scarcity and thus value in their digital collectibles, which include images, videos, and audio files. They might be the digital equivalents of the Panini trading cards traded by children in school yards during the 1980s and 1990s. Additionally, because NFTs enable the tokenization, storage, and ownership of rights in digital or physical assets, they are anticipated to find widespread application in industries such as financial services.

However, what are they, what do they represent, and what legal and commercial implications should be considered?

NFTs – what are they and what do they represent?

A non-fungible token (NFT) is a one-of-a-kind digital token that is created (or “minted”) and stored on a decentralized ledger known as a blockchain. NFTs can be purchased and traded just like other types of property, but they lack a physical form. NFTs are “non-fungible” (i.e. distinct and non-transferable) because each token contains unique data (e.g. code and other information) that differentiates it from other NFTs associated with the relevant blockchain.

NFTs can be created using blockchain systems such as the public Ethereum network, Polkadot, Cosmos, and Flow. The NFTs can then be purchased and sold via a website dedicated to the underlying blockchain solution (e.g. OpenSea). The blockchain solution is the back-end technology that keeps track of who owns the NFT. The NFT marketplace is the user interface via which token buyers trade NFTs.

In general, NFTs are classified into two types:

• First Category: the token is tied to a physical asset (e.g. luxury goods or diamonds). A buyer purchases a physical asset from a seller, and the parties agree (in the sale contract) that the seller will issue the buyer an NFT linked to the physical asset, which will contain a digital certificate of authenticity/proof of ownership (digital record) confirming the physical asset’s authenticity and the buyer’s details. This gives the buyer with an irreversible, digital record of ownership of a genuine asset, which the buyer can subsequently use to sell the physical asset. This is a far superior record to a paper-based one that is easily lost or doctored. When a physical asset is sold, the data contained in the digital record is changed, for example, to reflect the new owner’s information.

• Second Category : the token represents the right to act on a (licensed copy of a) digital asset. This is how it might work:

o The NFT contains unique data, such as a unique URL link that directs the token purchaser to a web server housing the relevant digital asset.

o The digital item is not included in the NFT since doing so would be excessively computationally intensive.

o If the digital asset is a media file (e.g., a music file), the NFT normally signifies the right to download and listen to the music, which is accessible via the URL link, for personal use.Legal and commercial issues


It is critical that there are underlying terms and conditions governing the sale of the NFT (both the initial sale after the NFT is minted and subsequent sales via the NFT marketplace) to ensure that there is clarity regarding what the token represents, the rights of the token creator, and the rights acquired by the token buyer.

IP will be critical in regard to Category 2 NFTs, where the token creator grants the right to use a digital asset associated with the NFT. For instance, is the token purchaser acquiring a right to the linked digital asset’s intellectual property or merely a restricted license to use the linked digital asset? In the case of Category 2 NFTs, when the connected digital asset is a unique URL to a freely downloadable music file, the token buyer often acquires the right to download and listen to the music file for personal use, not the right to own the music file (copyright in the music file is not being transferred to you). As a result, the token creator is allowed to duplicate and market the song.

Rules governing financial regulation

There is no regulatory structure specifically for digital tokens, including NFTs. Thus, a critical concern for blockchain platforms and brands is whether the NFT will likely represent a regulated financial instrument or would be subject to anti-money laundering regulations.

Whether an NFT is classified as a financial instrument, such as a security, is determined by the NFT’s attributes and the rights granted to the token buyer. The non-fungible nature of the token has no bearing on the NFT’s regulatory status.

If the NFT just reflects ownership in an asset or copy, it is unlikely to be regarded a security and is more likely to be classified as a utility or exchange token if all it does is give the right to own and trade the asset.

However, if the NFT resembles a security, such as a share or a unit in a collective investment scheme, it may be deemed a “security token.” This may also contain fractionalised NFTs. The majority of NFTs are unlikely to be classified as e-money tokens, considering the fundamental property of e-money is its intrinsic fungibility.

While the majority of NFTs have not yet crossed these regulatory boundaries since they are focused on rights to an asset or copy in sports, art, or music, use cases are anticipated to increase rapidly.

There is a need to consider these issues because anyone or company conducting business in this area would be subject to the same regulation as traditional financial service providers. For instance, the issuer may be required to obtain a license or to comply with anti-money laundering rules, and the same analysis would apply to exchanges that facilitate the buying and selling of these NFTs, as well as token custodians or wallet providers.

Additionally, many jurisdictions may have marketing limits or even prohibitions on NFTs that are classified as utility tokens or exchange tokens, which will need to be addressed if NFTs are sold or distributed more extensively.

ntf, token, law, legal, droit, légal, cryptos, cryptocurrencies, news,

Non-legal issues

Along with legal considerations, technical practicalities must be considered. For instance, what if the web server that hosts the digital asset fails? A growing number of developers are creating tokens using hashes of IPFS URLs. IPFS is a peer-to-peer file storage system that enables material to be distributed over several computers, replicating the file in numerous locations. This guarantees that the digital asset will always be available as long as there are willing nodes to host it. The digital asset’s worth can be increased by storing it on a peer-to-peer file storage system.

Numerous brands are pursuing additional commercialization of their intellectual property through the establishment of NFTs. Due to the fact that these brands frequently lack the technical competence necessary to develop the NFT and/or to develop and administer the NFT marketplace, they employ blockchain vendors to undertake these functions on their behalf. The brand grants the blockchain provider permission to host a copy of the relevant digital asset. The blockchain provider then produces a unique URL for the hosted digital asset and combines it into a newly minted NFT. Additionally, the brand may grant a license to the blockchain supplier to use its trademark (which is then incorporated into the NFT marketplace), ensuring that token buyers interested in purchasing the NFTs are aware they are authentic. In exchange for the license to the digital asset and trademark, the brand often receives a cut of any fees produced by the blockchain supplier’s sale of any NFTs. To avoid brand reputational difficulties, such companies must ensure that the blockchain supplier delivers the offering in line with local regulations and provides an acceptable level of service to token buyers. For instance, if the NFT marketplace is perpetually inaccessible, this will have an effect on the brand linked with the NFTs’ reputation. Additionally, great attention should be made to what happens if the brand’s contract with its blockchain supplier is terminated. For instance, is the blockchain supplier no longer permitted to generate new NFTs but is permitted to sell/resell existing NFTs (Existing NFTs)? To what degree can the brand then license its relevant IP (to the extent that such IP is unrelated to any Existing NFTs) to a new blockchain supplier, who can then produce new NFTs for a new NFT marketplace that may compete with the prior blockchain provider and its Existing NFTs?


NFTs provide marketers an exciting new channel for connecting with their customers and supporters. Tiktok is only one of the latest brand to get into the NFT Business. Brands, token purchasers, and token creators should consider the issues surrounding the tokens – including liability, consumer protection, data protection, intellectual property protection, financial regulation, technical feasibility, and brand reputation – all the more so as the number, complexity, and variety of NFTs continue to grow (and this will no doubt lead to more complicated issues to consider and resolve).

RGPD, client data, client experience, information, RGPD, réglement générale protection donnée, GDPR, General data protection regulation, companies, business secret, data quality, data collection, collection de data, ramasser de la data, information, information technology,

Data Governance after GDPR and the protection of personal data

RGPD, client data, client experience, information, RGPD, réglement générale protection donnée, GDPR, General data protection regulation, companies, business secret, data quality, data collection, collection de data, ramasser de la data, information, information technology,

The Structure of Data Governance in Enterprises

Data governance refers to all the organisations and procedures put in place within a company to control the collection and use of data. According to a study conducted by Reach Five and Opinion Way, 78% of French companies harvest data to personalise the customer experience. However, simply collecting data is not enough to improve competitiveness: companies need to learn how to use this data in an optimal way. This collection is subject to restrictions such as the respect of users’ privacy. Therefore, in their data governance process, it is necessary for companies to take into account the limitations posed by both national and European legislation.

Personal data refers to all information that makes it possible to identify a natural person. France was a forerunner in the supervision of its citizens’ data. As early as 1978, it introduced legislation to protect users, even though at that time the Internet was foreign to the general public. The French law of 6 January 1978 has established the principle of freedom to create nominative files and to process data by computer, but this freedom has its limits: the collection of data must respect the principle of fairness and transparency. This means that companies are obliged to inform the persons concerned of the compulsory or optional nature of their replies, of the list of legal persons to whom their replies are addressed and of the consequences of these replies. However, if the absence of a response leads to an inability to access the proposed service, can we still consider that the user has a choice in the disclosure of his data?

One of the fundamental notions of this law is the right of opposition and rectification of the information collected. This issue has been the subject of litigation and the courts are trying to enforce this rule. Through a judgment of 14 March 2006, the criminal chamber of the french court of cassation considered that : « It is a collection of personal data to identify electronic addresses and to use them, even without registering them in a file, to send electronic messages to their holders. It is unfair to collect, without their knowledge, the personal e-mail addresses of natural persons on the public space of the Internet, as this process impedes their right of opposition. ». It can be seen that data is not treated as a commodity that can be exchanged, but rather as the property of an individual who must give his or her consent to its use and to its knowledge.

The 1995 Directive and the RGPD Regulation

In reaching this solution, the judges relied on the Directive of 7 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, which led to the amendment of the law of 6 January 1978. However, the aim of this European legislation remains the same as the former French legislation: to regulate data flows and protect users’ information.

To comply with these rules, companies must implement a clear and precise data collection policy. First, it is important to consider the methodology to be adopted in the data collection process. This is essential to ensure compliance with the regulations and effective use of the data. To this end, a data management plan should be drawn up to define the data collection methods and organisational systems, as well as the legal and ethical framework surrounding this information: how will the data be shared? How will you protect the identity of your users?

In addition, it is necessary to define precisely how the data will be stored in order to put in place a security system to prevent data leakage. As a company you need to have systems in place to protect against breaches that could lead to the disclosure of user information and how you will react if this happens. Anticipating the risks and your attitude to them is paramount: knowing that you are prepared in case of an incident gives users confidence.

Finally, it is imperative that you, as a company, ensure the quality of the data. How can you ensure that your data is reliable? This control is achieved by implementing monitoring and processing methods. Poor quality or badly structured data is a security risk because it will be more difficult to determine what data is at risk and what the level of risk actually is. How to monitor and determine what data is at risk? The implementation of data governance tools is a necessity to manage data and to determine the areas at risk.

Some states did not regulate data right away and waited for European intervention before putting in place rules on this matter, such as Luxembourg, which only put in place legislation in 2005, in order to transpose the European directive 2002/58/EC (since repealed) on privacy and electronic communications. Subsequently, 2 laws were enacted on 1th august 2018 : the Act on the organisation of the National Commission for Data Protection and the general data protection regime and the law on the protection of individuals with regard to the processing of personal data in criminal matters and in matters of national security. In the end, however, it can be seen that this regulation is essentially derived from European rules: it is mainly these that provide the framework for data protection.

RGPD, client data, client experience, information, RGPD, réglement générale protection donnée, GDPR, General data protection regulation, companies, business secret, data quality, data collection, collection de data, ramasser de la data, information, information technology,

Facebook problematics

Today, good management and protection of user data is fundamental to a company’s image. The giant Facebook is proof of this: in April 2021 data of 533 million Facebook users leaked . Facebook stated that the data came from an illegal collection that exploited a security flaw discovered and fixed in 2019. This case does not improve the giant’s image in terms of data protection. This is not the first time Facebook has faced a disclosure of its users’ information. In 2018, Cambridge Analytica The UK and US press revealed a massive misuse of users’ personal data for political purposes. This case illustrates the extent to which individuals’ personal information can play a role in shaping behaviour.

Unfortunately, the provision of personal information is nowadays indispensable when you want to surf the Internet, but how can you protect yourself as a user? You have to be vigilant. In the case of Facebook, users were aware of the data leak, but in many situations individuals do not know that their data has been disclosed, so when you receive an SMS, an email, you should check who the sender is. If the message asks you to log in to your personal space, never click on the link directly but type the address of the site into your bank.

RGPD, client data, client experience, information, RGPD, réglement générale protection donnée, GDPR, General data protection regulation, companies, business secret, data quality, data collection, collection de data, ramasser de la data, information, information technology,

Introduction of GDPR in Data Governance

The European Union has taken action to ensure that users of internet platforms have their data protected via the regulation (UE) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data which repealed the 1995 Data Protection Directive. First of all, the GDPR has placed an emphasis on consent and transparency, these two principles are at the heart of the data protection rules: ‘The principle of fair and transparent processing requires that the data subject be informed of the existence of the processing operation and its purposes’. It is on this basis that companies must inform users about how their data will be processed: no operation can be carried out without the consent of the owner of the data. The question arises as to who should prove consent. However, it must be clear and unambiguous.

The RGPD grants new rights: the right to data portability implies that it is possible to recover one’s data and transfer them to a third party. The aim here is to give people back control over their data, and to partially compensate for the asymmetry between the data controller and the data subject.

For the first time, the European Union has taken specific measures for minors under the age of 16: the child must be able to understand the information on data processing and the consent of those with parental authority must be obtained.

This regulation offers ever greater guarantees to users, with in particular a simplification of procedures in the event of prejudice, with in particular the introduction of class actions. In addition, the RGPD institutes a code of conduct to ensure the proper application of the regulation. In particular, this code requires cloud computing providers in Europe to put in place physical means of safeguarding and processing data on European territory. Microsoft has taken a public position : data of Europeans will remain within the European territory.

The broad scope of the data protection regulation was seen during the covid-19 crisis. The French CNIL had to intervene to remind employers of their obligations regarding data collection. The sensitive nature of data relating to a person’s state of health justifies the special protection afforded to it: but how to reconcile respect for privacy and personal security? In principle, the CNIL states that: “the employer does not have to organise the collection of health data from all employees“. The employer is only allowed to take individual action against an employee if the employee himself reports that he had been exposed or had exposed some of his colleagues to the virus.

The GDPR has sought to address this issue more comprehensively by introducing 2 exceptions to allow disclosure of an individual’s medical data:

  • Employees self-report their situation
  • The need for a health professional to process this data for the purposes of preventive or occupational medicine, (health) assessment of the worker’s working capacity, medical diagnoses etc.

The Luxembourgian position

Like the French authorities, the Luxembourg National Commission for Data Protection has intervened, notably by issuing opinions on draft laws concerning measures to combat the Covid-19 pandemic. In its opinion on the proposed law n°7808 on the Covid-19 screening strategy in structures for vulnerable persons and in support and care networks.

The CNPD states that the processing of data carried out in the context of proposed law no. 7808, which provides for the obligation to carry out Covid-19 screening tests for external service providers and visitors to certain structures, must “rely on one of the lawfulness bases listed atArticle 6 of the GDPR as well as meeting one of the conditions referred to in article 9, paragraphe (2), of the GDPR insofar as data relating to the health of data subjects may be processed. ».

Moreover, the CNPD’s reflection is interesting because it raises issues that are not related to data protection but that will have to be framed: “The CNPD wonders, in terms of labour law, about the consequences of a refusal by an employee or an external service provider to submit to such obligations. Will the employee have to work at another job? What will be the consequences for an external service provider when the organisation is not its employer?

The CNPD concludes by stating that it cannot comment further on the data protection issues as “the text under opinion would not meet the requirements of clarity, precision and predictability that a legal text must meet“. This response demonstrates the importance of this institution, and of supervisory institutions in general, because it is thanks to it that the legislator was able to realise that it did not meet the criteria of clarity and intelligibility of the law required by European texts.

We can see that the protection of our data and its legislation is a very broad area. Regulation will have to continue to adapt as new technologies evolve. Companies need to check the compliance of their data processing policies with current legislation and users need to be vigilant about how they disclose their personal information.