✔️ The development and implementation of AI solutions are subject to a wide range of regulations.
✔️ We combine a thorough understanding of legal pitfalls with extensive experience in IT project management.
✔️ We offer practical solutions for every phase of the project.
Legal hurdles in AI projects? We’ll guide you safely through the regulatory landscape.
Artificial intelligence offers enormous opportunities, but it also carries significant legal risks. Whether you’re developing, operating, or using an AI system, regulatory requirements (the AI Regulation or AI Act, GDPR, copyright law, trade secret law, etc.) present complex challenges for every project. We ensure that your project does not fail due to these compliance hurdles. We clarify the project’s objectives and roles (provider, operator), minimize your risks, and provide the necessary legal certainty - from the initial idea to full-scale operation.
Phase 1: Design & Conceptualization
Our advisory practice includes, inter alia:
- Defining the intended use case, roles (provider vs. operator), and corresponding obligations (particularly under the AI Regulation).
- Intended use and categorization according to the risk classes of the AI Regulation.
- Compliance planning and implementation of the risk management system.
- Data governance requirements.
Phase 2: Development & Training
Our advisory practice includes, inter alia:
- Copyright: Permissibility of using third-party content for training and protection against unauthorized use by third parties.
- Data protection: Product design, data preparation, and data minimization.
- Provider obligations for high-risk AI: Technical documentation, logging requirements, and human oversight.
- Trade secrets: Protection against uncontrolled data leakage during training.
Phase 3: Introduction & Implementation
Our advisory practice includes, inter alia:
- Conducting conformity assessments and registration for high-risk systems.
- Clarifying liability and warranty obligations between providers and operators.
- Drafting contracts with cloud providers that comply with data protection regulations.
- Developing policies for the operator.
Phase 4: Operation & Monitoring
Our advisory practice includes, inter alia:
- The provider’s monitoring obligations.
- Incident reporting: Reporting serious incidents to regulatory authorities.
- Operator obligations: Use in accordance with the intended purpose and monitoring by qualified personnel.
- Handling AI-generated output (particularly copyright and privacy rights).
Feel free to contact us:
Dr. André Schmidt | Partner
Angelika Maria Szalek | Senior Associate