to the point: technology & digitalisation l April 2024

Implementation of AI and copyright compliance

Generative AI has arrived – and how! In countless industries that work with text, code, images/video or music, AI tools have become essential. They make work easier and increase efficiency. Companies will probably be unable or unwilling to do without them in the future. True to the motto, we may not be replaced by AI, but we may be replaced by those who use it. This applies to various industries and sectors, from software development to communications and marketing, music, gaming or legal services. The number of general services, such as MS Copilot, and industry-specific offerings is growing all the time and is difficult to keep track of.

Companies are therefore under pressure to test and implement AI solutions. At the same time, new legal regulations like the AI Act have come into force and legal proceedings are raging, for example on copyright issues. The extent to which the training of the models was and is permissible under copyright law is currently unclear. The same applies to the legal assessment of memorising, i.e. the ability of AI models to reproduce training data. These two points are more of a concern for the providers of AI solutions, and we might get some answers in the NYT case. For users, the main copyright questions relate to the output of AI tools. To what extent is a creative agency or software developer entitled to rights to the product offered if AI tools were used to create it? Does a company run the risk of infringing the (copyright) rights of third parties by using AI output? And how can the existing risks be dealt with?

Against this backdrop, it is important to not only know and observe the technical possibilities and weaknesses of AI, but also the legal framework conditions. It is about making informed decisions and avoiding unnecessary risks at both the management and employee level. AI is here to stay and its potential should be exploited. However, awareness, simple guidelines and training are required. Yet another compliance matter to deal with.

We're delighted to share the latest news from our FlexCo experiment. Since we started in January 2024, our FlexCo has been a testing ground for exploring the diverse opportunities presented by the new corporate form.

So far, we've been testing different ways to certify share transfers and we have used authorised capital to issue company value shares. You can read about all our experiments on our website.

Introducing the conditional capital increase

The latest milestone in our experiment comes in the form of a "conditional capital increase." Registered on 13 April 2024, this innovative feature allows our FlexCo to issue shares for settling convertible loan agreements without requiring shareholder involvement at the time of settlement.

This aspect distinguishes the FlexCo from traditional GmbH (LLC) regulations, where a separate shareholder resolution is typically necessary, posing potential risks for investors. With the conditional capital increase, we ensure faster settlements, reduce paperwork and enhance investor security during conversion.

Despite its advantages, challenges persist, such as determining the maximum volume of the increase before signing the convertible loan. Nevertheless, this feature represents another stride forward for the FlexCo, solidifying its position as a modern and adaptable corporate structure.

Join us on our journey

We invite you to delve deeper into our FlexCo experiment and stay updated on future developments. Follow the link below to explore our website and learn more about this innovative corporate form and our experiments with our very own OE Erste PG IPT FlexCo.

https://www.schoenherr.eu/capabilities/legal-areas/venture-capital/flexco/

In a recent decision, the Austrian Supreme Court provided clarity on the legal formalities surrounding the transfer of trust shares in a GmbH, i.e. shares in a GmbH that are held by a trustee for the trustor. The court affirmed that the transfer of such trust shares by the trustor requires a notarial deed, akin to the procedure for transferring direct shares in a GmbH. This ruling emphasises the importance of adhering to formalities in share transfer arrangements. That is particularly interesting for start-ups. Investors in start-ups are often grouped behind other shareholders to maintain a clean and organised cap table.

The decision stemmed from a case where the transfer of trust shares was contested. The court's ruling underscores the importance of notarial deeds in such transactions in Austria.

Summary for start-up investors: This decision from the Austrian Supreme Court highlights the necessity of notarial deeds for transferring trust shares in GmbHs, especially relevant for start-up investors who are not directly invested in a start-up but are pooled with their shares behind a trustee.

For more detailed information, you can read the text of the decision here.

In the second half of 2023, the Law on Combating Abuse in Electronic Communications (the "Act") partially came into force in Poland, with the aim of increasing the protection of users from harmful activities carried out by phone or e-mail. The establishment of this Act was triggered by the implementation into the Polish legal system of Article 97(2) of Directive (EU) 2018/1972 of the European Parliament and of the Council of 11 December 2018, establishing the European Electronic Communications Code. The Polish Act mainly defines the obligations of telecommunications companies on preventing and combating abuse in electronic communications.

The legislator has defined abuse in electronic communications as follows: "the provision or use of a telecommunications service or the use of telecommunications equipment contrary to its purpose or the provisions of the law, the purpose or effect of which is to cause damage to the telecommunications company or the end user, or to achieve unfair advantages for the entity committing the abuse in electronic communication, another natural person, a legal entity or an organisational unit without legal personality." However, this is not the only definition of abuses, as the next article specifies an open-ended catalogue of prohibited abuses, which specifically includes activities such as generating artificial traffic and smishing.

Meanwhile, from 25 March 2024, provisions oblige (on pain of a fine) telecommunications companies to block short message service (SMS) in which the sender impersonates another entity to persuade the recipients to behave in a certain way, especially to provide personal data, hand over property, open a website, initiate a voice call or install software (smishing).

Telecommunications companies will be assisted in this by a Computer Security Incident Response Team ("CSIRT"), specially established for the purposes of this Act, which will verify and monitor smishing based on SMS messages received from recipients of harmful messages and information provided by telecommunications companies. If smishing is present, it will create a pattern of such messages and transmit it, along with the relevant information, to the telecommunications company. Based on such a report obtained from the CSIRT, the telecommunications company will block harmful messages.

Consequently, Polish citizens should soon see a significant decrease in the number of disturbing and suspicious messages they receive.

On 13 April 2024, the EU regulation on the development of alternative fuel infrastructure ("AFIR") became effective. The AFIR replaces Directive 2014/94/EU of the European Parliament and of the Council of 22 October 2014 on the development of alternative fuel infrastructure. The AFIR is a response to the growing demand for green solutions in the transport sector.

Among other things, the AFIR requires EU Member States to increase the capacity of charging points for cars and trucks. Another key obligation is the requirement to build fast-charging stations along EU transport corridors ("TEN-T") every 60 km in each direction of travel, as well as hydrogen refuelling stations.

At this point it is worth recalling that TEN-T is the Trans-European Transport Network. EU policy in this area is a key instrument for the development of transport infrastructure throughout the EU to facilitate the free movement of people and goods within the EU. The TEN-T consists of, among other things, roads, rail, air, sea and river routes, which are the most important links for the development of the EU. In addition, TEN-T also refers to an intelligent transport system, the implementation of which contributes to improving network capacity, traffic safety and reducing environmental pollution from transport.

The AFIR is expected to provide a huge boost to the acceleration of infrastructure development for green vehicles, which will nevertheless be a major challenge. Implementing the obligations under the regulation will require robust cooperation between the public and private sectors. In Poland, experts point out that before proceeding with projects in this area, it is necessary to determine how to build charging stations. Should charging stations for passenger vehicles be combined with charging stations for trucks? Should charging stations located in the same place but on both sides of the road be leased by the same entity? Another important issue is the softening or even removal of legal barriers that unnecessarily lengthen investment processes.

On 17 April 2024, the General Court of the European Union (the "Court") ruled that the name "Pablo Escobar" could not be registered as an EU trademark (T-255/23).

In 2021, the US company Escobar Inc. applied to the EUIPO to register the word combination as a trademark, which would then be used to designate goods and services.

However, the case eventually went to court after the EUIPO refused to register the mark on the grounds that it would be contrary to public policy and accepted principles of morality.

In its decision, the EUIPO referred to the perception of the notorious Pablo Escobar by rational Spaniards with an average sensitivity level and tolerance, and who are guided by the universal values on which the European Union is based. The EUIPO thus concluded that this character was associated with drug trafficking, narco-terrorism and other crimes that resulted in the suffering of other people. Interestingly, the Court pointed out that in Colombia Pablo Escobar could be associated with good deeds for the poor.

Both authorities referred in the present case to the legal basis of Article 7(1)(f) of the European Union Trademark Regulation 2017/1001, which, among the absolute grounds for refusal of registration, indicates marks which are contrary to public policy or morality.

It is worth recalling that there have been other disputes in the past over the registration of controversial trademarks. Take, for example, the case concerning the "La Mafia" trademark, which has similar connotations to "Pablo Escobar". At the time, the General Court of the European Union also found that the mark was contrary to public policy and accepted principles of morality because the dominant verbal element of the mark was globally perceived as referring to a criminal organisation involved in drug trafficking, intimidation, violence and other criminal activities. Furthermore, the Court emphasised that in Italy, the word "mafia" has a deeply negative connotation because of the serious damage caused by this criminal organisation to the security of that Member State.

In early April 2024, the UN published a draft ("Zero Draft") of the Global Digital Compact ("GDC"). The aim of the GDC initiative, which started to be discussed already in 2021, is to define common principles and create an international framework for an open and secure digital future for everyone. A specially dedicated position has also been created for this purpose: UN Secretary-General's Envoy on Technology.

The scope of the GDC includes issues related to connecting people to the internet, the protection of personal data, the application of human rights on the internet, supporting AI regulation or implementing accountability criteria for discriminatory and misleading content.

The publication of the Zero Draft was followed by a multilateral consultation that started last year and continued until 2024. The discussions involved UN member states and stakeholder groups. The Zero Draft includes ten principles and outlines five key commitments/steps to be taken to achieve a secure digital future.

When cooperating within the GDC, countries should, among other things, be guided by and consider the principles of gender equality, environmentally sustainable development and human rights.

One of the crucial topics covered by the Zero Draft also concerned AI. The UN highlighted that there is an urgent need for international cooperation regarding AI. For this purpose, the UN wants to establish an International Scientific Panel on AI to conduct independent multidisciplinary scientific risk and evidence-based opportunity assessments. Additionally, the UN wants to support the development of education and training programmes as well as guidelines on AI management for the public sector.

The Zero Draft itself is the next step towards the Future Summit, which is expected to take place in September this year. However, the published Zero Draft is not the final version, and is certain to change significantly over the coming months as a result of further consultations.

On 10 April 2024, the Council of Ministers announced a bill to amend the national cybersecurity system law, aligning with Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (the "NIS 2 Directive").

The changes introduced by the NIS 2 Directive, along with emerging cyberthreats, necessitate adjustments to the National Cybersecurity System Law (the "NCS").

The proposed amendments to the NCS include:

• expanding the list of entities covered by the national cybersecurity system to include new sectors of the economy;
• imposing risk management obligations on key entities and entities of importance, in line with the NIS 2 Directive;
• introducing incident reporting requirements aligned with the NIS 2 Directive;
• establishing a system for key entities and entities of importance to report incidents;
• creating sectoral teams to support key entities and entities of importance in handling cybersecurity incidents;
• strengthening the supervisory authority's cybersecurity oversight;
• introducing new administrative fines for failure to comply with legal obligations by key entities and entities of importance;
• implementing a National Cyber Crisis Response Plan on a large scale;
• expanding the authority of the Minister for Digital Affairs to identify high-risk suppliers and issue protective orders.

The bill aligns with the goals of the Cybersecurity Strategy of the Republic of Poland for 2019-2024, focusing on enhancing resilience to cyberthreats and information protection across the public, military and private sectors. It also addresses specific objectives of the strategy related to the development of the national cybersecurity system and ensuring supply chain security.

The planned deadline for the adoption of the bill by the Council of Ministers is Q3 2024. After that, the bill should go through further stages of the legislative procedure, so there is a risk that it will not be adopted until Q4 2024.

Member states must implement the directive's provisions by 18 October 2024.