Digital and Technology
Regulation

The Digital Services Act and the Digital Markets Act impose differentiated obligations on platforms, marketplaces, search engines, and intermediaries. The legal status of each player determines its scope of compliance. We assess and qualify activities, design compliance programs (content moderation, algorithmic transparency, interoperability, reporting), and oversee implementation. Sector-specific requirements are built in from the start. In fundraising or acquisition transactions, our regulatory audits preserve valuation and support the negotiation of warranties.

The Data Act introduces new rules on data sharing and portability between public and private entities. We analyze data flows to identify obligations and potential conflicts over ownership or use. We negotiate access terms, draft contractual clauses, and advise on data valorization strategies. International transfers (standard contractual clauses, BCRs, Data Privacy Framework) and the tensions between the GDPR and extraterritorial laws inform our recommendations. Each decision balances compliance, sovereignty, and performance, preventing operational bottlenecks through foresight.

The AI Act, which will gradually apply between 2025 and 2027, classifies AI systems according to their risk level. The classification determines the technical, documentary, and certification requirements for compliance. Generative AI raises specific challenges, including intellectual property, transparency of synthetic content, and liability. In regulated sectors such as healthcare, finance, and defense, AI compliance intersects with additional legal frameworks. In transactions, we assess AI-related risks and negotiate warranties that protect investments. Innovation remains possible within a secure and controlled framework.

NIS2, DORA, and the Cyber Resilience Act (phased implementation through 2027) strengthen obligations for infrastructure operators, software providers, and manufacturers of connected products. Entity classification (essential or important) dictates the level of compliance required. We conduct risk assessments, design compliance roadmaps, and formalize incident response procedures. We prepare authority notifications and coordinate actions during crises. Contractual clauses are adapted to secure supply chains. This reduces exposure to sanctions and strengthens operational resilience.

The legal status of each actor—hosting provider, publisher, or platform—determines its liability regime for hosted content. We design moderation policies, formalize notice-and-takedown procedures, and defend companies facing complaints, abusive removals, or disclosure requests. Our approach balances vigilance obligations with freedom of expression. In regulatory investigations (CNIL, Arcom, ARCEP, Competition Authority), we manage communications, respond to enforcement notices, and prepare appeals, safeguarding both reputation and business continuity.

Multinational groups, international funds, and non-EU companies operating in Europe often face conflicts between legal frameworks such as the GDPR, CLOUD Act, and data laws in China or Brazil. We structure multijurisdictional compliance strategies, negotiate international transfer mechanisms (SCCs, BCRs), and anticipate incompatibility risks. For non-European expansions, we analyze local requirements and align EU compliance with extraterritorial regulations. This ensures secure, predictable international growth.

Constructive dialogue with regulators (CNIL, Arcom, ARCEP, European Commission, Competition Authority) validates strategies early and prevents obstacles. In M&A and fundraising operations, we conduct compliance audits, assess risks, and negotiate representations, warranties, and exit clauses in case of regulatory changes. We also monitor public consultations, analyze draft legislation, and prepare advocacy positions to influence EU policy developments.