to the point: technology & digitalisation l June 2025

As summer approaches and the pace slows (at least a little), we are excited to bring you a new edition of Schoenherr's Technology & Digitalisation newsletter, packed with the latest legal and tech developments shaping Europe's digital future.

Leading this issue is a landmark moment: the first referral to the Court of Justice of the EU on generative AI and copyright. As large language models challenge existing frameworks, this case will shape the future of IP rights in the age of AI.

We also take a closer look at the European Commission's guidelines on measures to ensure online safety for children and unpack the European Commission's Omnibus IV Simplification Package, a key step toward reducing regulatory friction for digital-first businesses. On a national level, we delve into the Austrian Startup Monitor 2024, which paints a vibrant picture of Austria's deep-tech and impact-driven founders.

Across Europe, new guidance from Poland's bar association underscores the growing role of ethics in AI use for legal professionals, while recent UK court rulings remind us that no algorithm can replace sound legal judgment. Meanwhile, Europe's AI ambitions are accelerating, backed by NVIDIA's major investments in next-gen tech infrastructure.

Whether you are switching off this summer or staying plugged in, don't miss our new Digital Law Monitor – your guide to the evolving regulatory landscape.

Enjoy your summer break! We look forward to continuing the conversation in September.

On 3 April 2025, the Hungarian District Court referred questions to the Court of Justice of the European Union (CJEU) for a preliminary ruling on the application of EU copyright law in the context of generative artificial intelligence (AI). The case (C-250/25) concerns a dispute between the Hungarian Like Company, a publisher of legally protected press publications, and Google Ireland Ltd, responsible for the AI services Google Search and Google Gemini (formerly Bard). At the centre of the case is an allegation of copyright infringement by Gemini's generative chatbot, which uses press content in responses generated from user queries.

The Like Company is accusing Google of illegally using its press releases in the form of summaries and information provided by the Gemini chatbot. This chatbot, which runs on a large language model (LLM), processes data without storing it in a permanent database, but integrates with Google's search engine to generate responses that may include summaries and highlights of content available online, including protected press publications. The dispute centres on whether the responses generated by the chatbot infringe the publisher's rights, in particular by reproducing and making content publicly available without consent or compensation.

The claimant alleges that the chatbot "knew" the content of its publication, leading to the illegal reproduction and sharing of its material without consent. The claimant relies on Article 15 of Directive 2019/790, which introduces special protection for the rights of press publishers, imposing the obligation to obtain their consent to use material online. Under this directive, payment of remuneration is required to legally use extracts of protected content. In this case, as Google has not paid any compensation, the claimant considers that its economic rights have been infringed.

The respondent, Google, is defending itself by arguing that the responses generated by the chatbot do not constitute either public sharing or reproduction within the meaning of copyright law. Google claims that the chatbot does not store data or make it available in a way that could be considered an infringement of publishers' rights. The chatbot's responses are not aimed at a new audience but merely provide a summary of the available content. Google also points out that the chatbot's responses may contain incorrect or fabricated information, known as "hallucinations", which are not in the nature of multiplied, accurate content.

Another important aspect of the case is the training of the chatbot, which may include data from protected press publications. The claimant argues that the process of training the chatbot on this data infringes its rights because, although the chatbot does not store content, the use of protected material in this process can be considered as reproduction and public sharing. Google, however, insists that its service does not constitute an infringement, arguing that the chatbot merely processes data and the generated content is not a faithful reproduction of the original press publications.

Besides the interpretation of EU rules, the dispute also concerns the balancing of interests between the protection of publishers' rights and the right to freedom of expression and access to information, which are the cornerstone of Article 11 of the Charter of Fundamental Rights of the European Union. For this reason, the case is important not only for press publishers, but also for the future of artificial intelligence regulation and its impact on copyright law.

This case is unique because it will be the first time that the CJEU has addressed legal questions concerning the application of copyright law in the context of generative AI. A judgment in the case is expected by the end of 2026, which could represent a breakthrough in the interpretation of copyright law in an era of the growing role of AI in the creation and distribution of content on the internet.

Background

Based on the so-called Draghi Report and the Political Guidelines, the European Commission communicated its "Competitiveness Compass" to the European Parliament and the European Council on 29 January 2025, COM(2025) 30 final.

The Compass proposes a new approach for competitiveness, with innovation at the heart of European renewal. According to the Compass, digital technologies will presumably contribute 70 % of new value created in the global economy. As key digital technologies, the Commission identifies, for instance, artificial intelligence (AI), clean tech, quantum technologies, biotechnologies, space technologies, autonomous mobility and neurotechnology. A central role is envisaged for AI in sectors such as manufacturing, automotive, energy, robotics, pharmaceutical, aeronautics, financial and public services. Additionally, to close the innovation gap with the USA and China, emphasis is being placed on technologies such as modern fibre networks, wireless and satellite solutions, 6G and cloud computing capabilities.

From a legal perspective, the European renewal will be fostered by simplifying the regulatory environment and thereby reducing the regulatory burden. The Commission aims for a legal regime in which innovative companies will benefit from the EU's single market (the 28^th legal regime). Simplifications of rules are planned in corporate, insolvency, labour and tax law. In particular, reporting obligations will be reduced or facilitated by being moved to digital formats and standardised data. The European business wallet is intended to enable companies to interact with public administrations. Additionally, the Compass envisages simplifying record-keeping requirements under the GDPR.

A new Commissioner for Implementation and Simplification will coordinate efforts to screen the EU acquis and find ways to simplify, consolidate and codify EU legislation. To enhance simplification efforts, a new category of companies, small mid-caps enterprises (SMCs), was introduced. These are slightly bigger than SMEs but will benefit nonetheless from simplification measures that otherwise would be reserved for SMEs. The Commission defined SMCs in point 2 of the ANNEX to its Recommendation of 21 May 2025 on the definition of small mid-cap enterprises:

"The category of small mid-cap enterprises is made up of enterprises which are not small and medium-sized enterprises in accordance with Recommendation 2003/361/EC, employ fewer than 750 persons and have an annual turnover not exceeding EUR 150 million or an annual balance sheet total not exceeding EUR 129 million."

Omnibus IV Package

The Omnibus IV Package was published on 21 May 2025. In it, the Commission addresses some of the digitalisation aspects of its efforts to reduce administrative burdens. This Package includes, among other things, the (i) "Proposal for a Regulation of the European Parliament and of the council amending Regulations (EU) 2016/679, (EU) 2016/1036, (EU) 2016/1037, (EU) 2017/1129, (EU) 2023/1542 and (EU) 2024/573 as regards the extension of certain mitigating measures available for small and medium sized enterprises to small mid-cap enterprises and further simplification measures", COM(2025) 501 final; (ii) "Proposal for a Directive of the European Parliament and of the Council amending Directives 2014/65/EU and (EU) 2022/2557 as regards the extension of certain mitigating measures available for small and medium sized enterprises to small mid-cap enterprises and further simplifying measures", COM(2025) 502 final; (iii) "Proposal for a Directive of the European Parliament and of the Council amending Directives 2000/14/EC, 2011/65/EU, 2013/53/EU, 2014/29/EU, 2014/30/EU, 2014/31/EU, 2014/32/EU, 2014/33/EU, 2014/34/EU, 2014/35/EU, 2014/53/EU, 2014/68/EU and 2014/90/EU of the European Parliament and of the Council as regards digitalisation and common specifications", COM(2025) 503 final; and (iv) "Proposal for a Regulation of the European Parliament and of the Council amending Regulations (EU) No 765/2008, (EU) 2016/424, (EU) 2016/425, (EU) 2016/426, (EU) 2023/1230, (EU) 2023/1542 and (EU) 2024/1781 as regards digitalisation and common specifications", COM(2025) 504 final.

In the first two legislative proposals, COM(2025) 501 final and COM(2025) 502 final, the Commission proposes inserting the new term for SMCs into a series of EU Regulations and Directives, including the GDPR, MiFID and CER. Regarding the GDPR, amendments to Articles 30, 40 and 42 are proposed. Pursuant to Article 30 of the GDPR, controllers and processors must maintain records of processing activities. Under specific conditions, SMEs are exempted from this obligation (Article 30(5) of the GDPR). This provision will be amended by modifying the conditions under which this exemption applies. According to the legislative proposal, record-keeping will be mandatory only if processing activities are likely to result in a "high risk" to data subjects. The Commission notes that the processing of special categories of personal data in an employment context is not supposed to trigger the obligation to maintain records of processing. Additionally, the scope of the exemption is proposed to be extended to SMCs and organisations with fewer than 750 employees. The scopes of Articles 40 and 42 of the GDPR are proposed to be broadened to include SMCs, so that their specific needs are taken into account when drawing up codes of conduct (Article 40 of the GDPR) or when data protection mechanisms, data protection seals or marks are established (Article 42 of the GDPR).

The other two legislative proposals, COM(2025) 503 final and COM(2025) 504 final, address obligations of economic operators when placing a product on the market or putting it into service. The aim is the modernisation of several Directives and Regulations by introducing the "digital by default" principle. The Commission proposes that EU declarations of conformity accompanying products should be drawn up only in an electronic format by manufacturers. The digital contact of the manufacturer should be on the product and, if necessary, in the EU declaration of conformity.

Moreover, the Commission proposes that, if manufacturers choose to do so, instructions may be provided in digital format only, with a paper copy available upon request. The Commission argues that 94 % of EU households had access to the internet in 2024. Therefore, the obligation to provide instructions on product use in paper format is outdated. This line of argument could have far-reaching implications, as it suggests that other legal requirements for providing information in paper format may also be outdated.

Prospects

The Omnibus IV Package consists of Commission proposals that will need to pass the EU's legislative process before becoming legal acts.

Moreover, the Competitiveness Compass proposes further legislative acts, such as the European Innovation Act, EU Cloud and AI Development Act, Quantum Act, Biotech Act and Digital Networks Act. The legislative processes have already been initiated for the European Innovation Act, EU Cloud and AI Development Act, Biotech Act and Digital Networks Act.

While it remains uncertain if, when and in what form these proposals will become law, it is clear that keeping up with developments in digitalisation law both at the EU and Member State level has become a major challenge. To help you manage this challenge, we've created the Digital Law Monitor. You can subscribe by signing up for Schoenherr's Legal Insights or the Schoenherr Datenschutzmonitor.

The Digital Services Act (DSA) aims to create a safer digital space where the fundamental rights of users are protected. It targets numerous digital services, websites, digital platforms and providers of e-commerce services. To provide a comprehensive and clear overview of the DSA requirements, we've published a practical handbook for users that is also available online.

Service providers must adhere to various transparency and information obligations and are also obliged to ensure the protection of their users. The DSA sets out requirements for the design and functionality of websites and services, including their programming interfaces, platform content, the design of commercial information, and the implementation of effective and transparent complaint procedures for illegal content. To specify certain requirements, the EU Commission, as the competent authority, may publish guidelines that providers must follow.

On 13 May 2025, the Commission published guidelines on measures to ensure a high level of privacy, safety and security for minors online for public consultation. Stakeholders, including children, parents and guardians, national authorities, online platform providers and experts, may submit feedback until 10 June 2025. The publication of the final guidelines is expected in summer 2025.

Pursuant to Article 28 of the DSA ("Online Protection of Minors"), online platforms that are accessible to minors are required to take appropriate and proportionate measures to ensure a high level of privacy, safety and protection for minors within their service. While the DSA does not prescribe specific measures to be taken, Article 28(4) DSA enables the Commission to publish guidelines that assist online platform providers in implementing such measures.

The newly published guidelines adopt the risk-based approach that underlies the DSA. They also take into account that different platforms may pose different levels of risk to minors. The aim is to establish adequate safeguards that are determined by the specific risks posed by each service, without disproportionately limiting children's rights to participation, access to information and freedom of expression.

The following protective measures are recommended:

• Implement age verification measures to reduce the risk of children being exposed to pornographic or otherwise age-inappropriate content.
• Set child and adolescent accounts to "private" by default to reduce the risk of un-wanted contact from strangers.
• Adjust recommendation systems to prioritise clear user signals – such as whether users like or dislike content – to help prevent minors from falling into "rabbit holes" of harmful content.
• Provide minors with options to block or mute other users and ensure they cannot be added to groups without their explicit consent.

In addition, the Commission is developing an age-verification app, intended to provide a solution until the EU Digital Identity Wallet becomes available by the end of 2026.

Providers of online services should keep a close eye on developments and take precautions to ensure they can fulfil the guidelines when they are finalised. The final guidelines are expected to take effect immediately or allow only a very short implementation period.

The Austrian Startup Monitor (ASM) is the leading annual report on the status and trends of Austria's start-up ecosystem. Published by the AIT Austrian Institute of Technology GmbH, Center for Innovation Systems & Policy, the 2024 edition was released in May 2025 and is based on a survey of 665 founders and managing directors from across the country.

Key figures and insights

• Employment and growth: The Austrian start-up sector employs nearly 30,000 people, with an average of 9.5 employees per company (excluding founders). Half of all start-ups have three or fewer employees.
• Founder diversity: The share of female founders rose to 22 % in 2024 (up from 17 % in 2023) and 37 % of start-ups have at least one woman on the founding team.
• Internationalisation: 41 % of start-up revenues are generated abroad (up from 38 % last year) and 80 % of start-ups plan to expand internationally in the coming year. Deep-Tech start-ups are even more international, with 59 % of their revenues coming from outside Austria.
• Deep-Tech focus: 17 % of start-ups are classified as Deep-Tech, focusing on research-driven innovation and often pursuing green or social impact goals. 70 % of Deep-Tech start-ups are active in green or social sectors.
• Funding trends: 53 % of start-ups have raised external equity, with Deep-Tech start-ups more likely to secure larger funding rounds (36 % have raised over EUR 500,000).
• Sustainability and impact: 56 % of all start-ups are Green or Social Impact start-ups, reflecting a growing commitment to addressing environmental and societal challenges.
• Business climate: Only 39 % of start-ups rate current conditions as good or very good (down from 41 %), while 15 % rate them as poor or very poor – the highest share ever recorded.
• Internationality: 81 % of founders are Austrian citizens, but the share of founders from other EU countries (6 %) and non-EU countries (3 %) is rising, reflecting Austria's growing attractiveness for international talent.
• Recruitment challenges: 79 % of start-ups plan to hire new employees in the next 12 months, with Deep-Tech start-ups leading at 86 %

Academic spin-offs: a growing force

The share of academic spin-offs among all start-ups has increased in recent years and now makes up 23 % of start-ups founded between 2022 and 2024. The strongest growth comes from education-based spin-offs (15 % of recent start-ups), where the business idea originates during academic training, while research-based spin-offs (arising from work at universities or research institutions) remain stable at around 8 %. Many of these spin-offs, especially in Deep-Tech, are closely connected to universities and research institutions, benefiting from access to infrastructure, incubation programmes and support for commercialisation.

For more details, read the full Austrian Startup Monitor 2024 (in German).

The rapid advancement of AI-based technologies is not passing the legal industry by. At the "Proficiency in AI - the future of the legal advice profession" conference, organised by the Polish National Chamber of Attorneys-at-Law in May 2025, the first comprehensive recommendations for the responsible, safe and ethical use of AI in the practice of legal advice were presented. This marks an important step toward aligning professional regulations with the evolving technological reality.

The use of AI tools in a lawyer's work can range from ad hoc support for document analysis to the full integration of these solutions into a law firm's daily operations. Regardless of the scale of implementation, a conscious and responsible approach is required. The prepared recommendations highlight the importance of complying with professional ethics, protecting confidential information and being responsible for the processed data.

Although the recommendations have already been published, their creators emphasise that they are open-ended and will evolve alongside technological advances and case law developments. However, they already provide specific guidance that attorneys planning to implement AI should consider. Among other things, it is crucial to determine the purpose for which the tool is to be used and to identify areas where AI can truly improve work, such as by increasing the speed or quality of tasks performed. 

Attorneys should carefully examine how the chosen solution works, including what data is processed, how it is filtered, whether the system works in the cloud, and whether it provides an adequate level of protection for confidential information. Failure to provide sufficient security measures may result in a breach of data protection or confidentiality rules.

Analysing the licence agreement and the technical documentation provided by the developer of the relevant tool is no less important. In particular, it should be checked whether the user retains the rights to both input and output data, or if these rights are transferred to the supplier – which could make it impossible to comply with a lawyer's professional duties.

Once an appropriate tool has been selected, attorneys should look at the provisions in their contracts with clients. The recommendations indicate the need to verify that these agreements do not prohibit or restrict the use of AI. In certain cases, it may be necessary to obtain the client's consent, particularly where the client's data will be used to train AI models, where AI takes over essential functions previously performed by the lawyer, or where the use of the technology itself may involve risks to the client's interests.

In routine situations where AI is used for its intended purpose, there is no obligation to inform the client. However, in special requests of particular importance or high sensitivity, lawyers should inform the client of the use of AI and, in some cases, also obtain the client's express consent.

To conclude, the recommendations clearly indicate that AI tools cannot and are not currently capable of replacing the lawyer. AI is meant to perform a supportive function, not a decision-making one. Therefore, its implementation in law firms must be based on knowledge, caution and respect for the highest ethical and professional standards.

A recent English High Court decision has reinforced that artificial intelligence (AI) cannot replace thorough legal analysis and verification of case law. The court considered two cases where AI was either suspected or confirmed to have been used to generate legal arguments or citations that were not subsequently verified. In Ayinde, a barrister submitted legal grounds with fictitious case citations. In Al-Haroun, a solicitor relied on AI-generated case law that was inaccurate or irrelevant.

The court emphasised that lawyers must ensure oversight and maintain professional and ethical standards when using AI, warning that tools like ChatGPT can produce plausible but false legal references. The responsibility for accuracy extends beyond junior staff to supervising lawyers and firm leaders.

While the court chose not to initiate contempt proceedings in these cases, it signalled that harsher consequences, such as referrals to regulators or contempt charges, could follow in future incidents as awareness grows.

The ruling is available here.

The US chip-design company NVIDIA is partnering with governments, telecoms, cloud providers and industry leaders across Europe to roll out its Blackwell-based AI infrastructure. This initiative aims to deliver over 3,000 exaflops of sovereign, secure compute power for AI model development, reasoning and deployment. NVIDIA is also establishing multiple AI Technology Centres to support research, training and scientific collaboration across the region. NVIDIA is launching and expanding AI Technology Centres across Germany, Sweden, Italy, Spain, the UK and Finland to strengthen AI research, upskill talent, and support the growth of AI infrastructure for start-ups and enterprises across Europe.

In Germany, the planned Bavarian AI Centre (developed with the Bayern KI consortium) will focus on advancing research in areas such as digital medicine, stable diffusion AI and open-source robotics, encouraging international collaboration. The Swedish AI Centre will promote cutting-edge AI research, supported by NVIDIA experts and practical training from the NVIDIA Deep Learning Institute to boost workforce skills. In Italy, the existing AI Centre will expand with new AI factory deployments in partnership with the CINECA consortium. The Spanish AI Centre will grow to include a new AI factory in collaboration with the Barcelona Supercomputing Centre. In the UK, the centre will focus on accelerating pioneering research in embodied AI, materials science and Earth systems modelling. The Finnish AI Centre supports researchers in advancing applications in computer vision, machine learning and AI for scientific discovery. These initiatives form part of NVIDIA's broader global strategy to build robust AI ecosystems, complementing similar investments in regions such as Taiwan and the Middle East.

More information can be found here.