IT & Data - Poland

The implementation of digitization strategies brings an increased demand for technological contracts and transactions, as well as for a more agile IT operating model within the organization. At Osborne Clarke, we assist clients in implementing digitization strategies by supporting them at every stage of the procurement process for modern technologies.

How can we help? 

Osborne Clarke experts provide comprehensive legal support for IT projects, including project planning, billing models, intellectual property strategies, and IT regulatory compliance. We specialize in:

• Preparation and negotiation of IT agreements, including implementation, maintenance, software development, framework, body and team leasing, hosting, and colocation agreements.
• Contracts for cloud computing services in all variants (IaaS, PaaS, SaaS, hybrid cloud, private cloud).
• Contract templates for software providers and cloud service providers.
• Lean procurement – optimizing procurement processes for projects conducted in an agile manner.
• Licensing agreements and agreements concerning the transfer of copyright.

Our Expertise:

Our team has extensive experience in information technology agreements, IT outsourcing, global vendor licenses, cloud agreements, personal and non-personal data processing agreements, standard contractual terms, and service regulations.

We specialize in contracts for IT projects carried out in an agile manner.

We support clients based on international teams of experts in various fields.
 

Entering new areas, introducing new products, and creating new sources of revenue often involve complying with regulations different from those we deal with on a daily basis.

How can we help?

We have a deep understanding of legal issues and extensive experience working on transformative projects across various sectors. We share our knowledge with clients regarding market practices and insights into regulatory priorities. Our specific areas of expertise include:

• Legal advice on new products and services (compliance by design).
• Implementation of new laws and internal regulations within an organization.
• Addressing daily inquiries regarding existing products and services.
• Collaboration with regulatory bodies and development of regulatory strategies.
• Strategic advice - scanning the regulatory landscape and influencing future legislation.

Our expertise

We adeptly navigate all relevant IT regulations, including:

• E-commerce market regulations, including consumer protection.
• Personal data and privacy protection.
• Non-personal data regulations.
• Cloud, outsourcing, and IT in the financial sector.
• Cybersecurity.
• FinTech, blockchain, and crypto assets.
• Digital identity.
• Artificial intelligence.
• Regulations concerning products with a digital component.

Building company resources and competencies through acquisitions and investments can be crucial for the implementation of digitization strategies. Acquiring a company for its technology is often a ready path to digitally transforming the product and service offerings. It can also enhance the company's expertise in digital technologies by bringing in new knowledge and skills.

How can we help?

We provide strategic support from a legal team that understands how to execute successful technological acquisitions or investments. Our assistance aims to expedite the process, identify transactional risks and manage them, build and maintain relationships, and maximize business benefits.

Our expertise

We have extensive experience advising buyers, sellers, and investors in mergers and acquisitions transactions within the technology industry. We provide our clients with comprehensive support through a unified team, whether the transaction has a local or international scope. Specialists from our offices around the world collaborate effectively to execute our clients' transactions.

Our experience also covers broader legal issues related to technological investments, such as foreign investment control in strategic technologies, assessment of the target company's intellectual property and licensing strategy, identification of management responsibilities for board members in the context of digitization processes, and supporting the integration of technology industry professionals with the acquired company's workforce.

Compliance and the risks associated with the protection and security of personal data apply to every company and organization. However, compliance with the General Data Protection Regulation (GDPR) is not just an additional burden; it is also a way to build and strengthen trust with customers and employees, enhance the company's reputation, and increase the value of data assets while mitigating risks.

How can we help?

We assist in a wide range of compliance aspects, such as:

• GDPR compliance audits
• Training
• Privacy and cookie policies
• Information security policies
• Agreements with data processors
• Co-controller agreements
• Data mapping and processing activity records
• International data transfers (data transfer agreements, binding corporate rules (BCR), model clauses, etc.)
• Data Protection Impact Assessments (DPIA)
• GDPR-related disputes

Our expertise

Our team has extensive experience in organizing, managing, and coordinating international and national projects for clients in the field of data protection and information security. We assist many companies and organizations in ensuring GDPR compliance through comprehensive implementations.

We have vast experience in reporting breaches to the supervisory authority – the President of the Personal Data Protection Office.

Every organization can fall victim to a cyberattack. Cybersecurity is not solely a matter of IT efficiency. The digital resilience of a company determines its reputation, operational capability, and prospects. In many sectors, cybersecurity is also a matter of regulatory compliance

How can we help?

Osborne Clarke offers assistance in preventing cyberattacks and other security incidents by developing documents and procedures for managing cybersecurity in accordance with regulatory requirements.

Even with the best preparation, anyone can become a victim of a cyberattack. In many cases, mitigating the consequences of an incident will necessitate legal action. The legal expertise of our professionals, coupled with collaboration with cybersecurity experts, enables us to secure and thoroughly prepare all necessary evidence.

Our expertise

To fully safeguard our clients' interests, we provide services in two areas—'pre' and 'post' the occurrence of an ICT Incident.

• Implementation of all key regulatory acts (DORA, NIS, NIS2, UKSC, and others), including the preparation of documents such as crisis management plans and incident response policies.
• Conducting training on operational digital resilience.
• Assisting in handling ICT incidents.
• Offering comprehensive procedural support in civil or criminal proceedings against the perpetrator of harm.
• Assisting in the data recovery process.

Technological changes and the digitization of organizations often create tensions between IT buyers and suppliers. Efficient and effective prevention, as well as the resolution of disputes that arise, significantly accelerates the achievement of set goals.

How can we help?

Our team possesses in-depth knowledge of technology and IT project management, seamlessly combined with rich process expertise. 

This allows our clients to have confidence in receiving top-notch legal support aimed at resolving disputes, whether through negotiation or legal proceedings.

Our Expertise

Our experience and knowledge enable us to identify potential threats even before a dispute arises. In the event of a dispute, we can react swiftly, securing necessary evidence, evaluating it, and preparing effective legal arguments.

Many disputes can be resolved outside the courtroom. Therefore, our services extend to alternative dispute resolution (ADR) methods. We provide support during alternative processes such as negotiations, mediations, and arbitrations.

In case of a dispute, we are capable of guiding our clients safely through the entire journey — from the initial assessment and formulation of claims to the final resolution. This includes analyzing the cause of the dispute, engaging in communication with the other party, initiating and conducting processes for amicable dispute resolution, and, if necessary, defending our clients' legitimate interests in a court of law or arbitration.

Artificial intelligence radically transforms the reality around us, significantly increasing the potential of businesses. It constitutes the foundation of the upcoming technological revolution, posing numerous challenges to organizations utilizing it.

How can we help?

We support clients in an end-to-end fashion throughout the entire lifecycle of AI products and services, ensuring full legal security for both buyers and providers. Our services include, among others:

• Consultation on AI usage strategy within the organization, preparation of AI usage policies, and codes of ethics.
• Development of strategies for acquiring and managing data for the training and testing of AI models.
• Consultation on the application of generative AI in the organization.
• Preparation and negotiation of contracts for implementation, training, service, and development of AI solutions, as well as agreements for the acquisition of rights and licenses to AI models.
• Ensuring compliance with the AI Act regulations (in terms of AI model functions, organizational processes, and documentation)

Our Competencies

Our experience extends to the first artificial intelligence projects in the Central and Eastern European (CEE) region, dating back over 5 years. We have developed unique competencies in contracting and managing intellectual property related to AI. Collaborating with an international network of specialists, we consistently monitor upcoming regulations concerning AI. Actively participating in working groups, we contribute to the development of guidelines for the use of artificial intelligence in the market.

AI Act

Our proprietary AI Lifecycle Compliance package, developed by us, allows clients to ensure full legal security in the implementation of AI, starting from the procurement process through system deployment and training to its operation. The application of our tools enables clients to determine the necessary technical safeguards, processes, and documentation required to use AI in compliance with legal requirements while being convenient and transparent for clients.

At Osborne Clarke Poland, we have unique expertise in the collaborative teams of IT & Data and Banking & Finance, experienced in establishing industry standards for technology in the financial sector and advising on unprecedented technological projects.

Cloud in the Financial Sector

Our experts have advised the largest Polish banks and insurers on their strategic cloud migration projects. We provide comprehensive advice, preparing internal policies and procedures in compliance with applicable legal and supervisory regulations (banking law, other sector-specific laws, guidelines from the Polish Financial Supervision Authority, including the communication regarding processing information in cloud computing.

We provide opinions on complex issues at the intersection of technology and regulations, finding optimal regulatory paths for strategic projects. We negotiate critical agreements with cloud service providers in SaaS, PaaS, IaaS models.

Finance in E-commerce and Gaming

We understand that an efficient payment or financing process is a crucial factor for the competitiveness of an online platform. After all, user experience has a significant impact on conversion rates in e-commerce.

Our team always provides advice considering the impact of legal requirements on the user-friendly nature of online services. We advise on developing business models at the intersection of the financial sector and e-commerce, including gaming payments, recurring payments, mobile payments, and digital content platforms.

We support technology providers in establishing collaborations with financial institutions. We assist clients in obtaining licenses for providing payment services.

The new regulation on digital operational resilience for entities in the financial sector significantly changes the landscape of IT regulations in this sector, replacing many existing legal and regulatory requirements. The shift of supervisory guidelines to the level of regulations significantly increases the risk of non-compliance.

How can we help?

Osborne Clarke's team of experts has experience in auditing financial entities for compliance with IT regulations.

We comprehensively guide clients through the process of achieving compliance with the new requirements:

• Training teams and management;
• Mapping new requirements and their impact on existing regulations;
• Compliance analysis with the new requirements (audit, GAP analysis);
• Adjustment to the new regulation (DORA implementation);
• Advisory on a risk-based approach (selection of appropriate action standards and safeguards in relation to the organization's scale and risk level);
• Cross-disciplinary expert support for legal, compliance, IT, security, risk management, outsourcing, and procurement departments."

Not just the law – tailored compliance

We understand that our clients need support not only in the legal-formal dimension but also in the engineering realm.

In IT compliance projects, we collaborate with renowned partners. Security and IT consultants work hand in hand with our lawyers to ensure that formal regulations align appropriately with the technical and organizational capabilities of the client.

Blockchain is emerging as a candidate for one of the major breakthrough technologies of our time, with the potential to transform numerous sectors of the economy. While many people have heard about this technology, not everyone may fully realize the extent of the legal challenges it poses.

How can we help?

Osborne Clarke is a leader in international advisory services in the field of blockchain and cryptocurrencies. With an excellent understanding of the complex technical issues of blockchain technology, we offer unique expertise on the legal aspects related to blockchain, distributed ledger technology, and cryptocurrencies.

We provide advice to blockchain technology providers, startups building their business models in the Web 3.0 paradigm, service providers related to cryptocurrencies, financial institutions, and other organizations seeking innovation paths through tokenization and blockchain.

Our Expertise

Our experts provide guidance on projects in areas such as:

• Token issuance, including compliance verification, preparation of issuance documentation, and submissions.
• Advisory on regulatory compliance for payment services and acquiring the appropriate licenses.
• Providing services related to cryptocurrencies – verifying the status of a Crypto Asset Service Provider (CASP) and obtaining CASP licenses.
• Advisory on the Markets in Crypto Assets Regulation (MiCA) and the Pilot DLT Regulation.
• Preparation of Anti-Money Laundering (AML) procedures and submissions to relevant registers.