you are being redirected

You will be redirected to the website of our parent company, Schönherr Rechtsanwälte GmbH :

24 November 2022
Schoenherr publication
austria serbia poland

to the point: technology & digitalisation l November 2022

Welcome to the November edition of Schoenherr's to the point: technology & digitalisation newsletter!

We are excited to present a selection of legal developments in the area of technology & digitalisation in the wider CEE region.

Insights waiting for you in this edition: 

It's been a tough few weeks for crypto. While investors should not be easily rattled, the recent events surrounding the FTX crypto exchange have caught many offguard.

Ongoing turbulences in crypto currency winter - Image produced using Dall·E 2 (

What is FTX?

Until recently, Bahamas-based FTX was one of the largest crypto trading platforms in the world. It was founded in May 2019 by Sam Bankman-Fried, who was not yet 30 at the time and was backed by the venture capital unit of the largest crypto trading platform Binance, among other notable VC investors. Prior to FTX, Bankman-Fried had founded crypto trading firm Alameda Research, which started with Bitcoin arbitrage but gradually moved into riskier transactions.

The close financial ties between FTX and Alameda were ultimately the catalyst for FTX's subsequent implosion.

Quick overview of main events concerning FTX until 11 November

  • On 2 November CoinDesk reported that Alameda's assets were largely made up of illiquid FTT tokens that were issued by FTX (the reason allegedly being that FTX had to cover Alameda's trading losses, including with customers' assets).
  • Binance's VC entity, still owning large amounts of the FTT token from the past sale of its shareholding in FTX, started to divest.
  • When this was confirmed on 6 November by Changpeng Zhao, the current head of Binance, the FTT token took a nosedive.
  • Despite all assurances by Bankman-Fried that customers' assets were secure, a bank run followed, forcing FTX to suspend all payments and transfers.
  • The hoped-for rescue, Binance's letter of intent to acquire FTX, was withdrawn a little over a day after initial due diligence findings.
  • On 11 November, FTX, including more than 130 affiliated companies, had to file for bankruptcy.

Immediate consequences of the FTX insolvency

Like similar events in the past, the FTX crash sent many crypto-assets tumbling. Bitcoin, Ethereum and particularly Solana all fell in the double digits. Solana fell deeper and harder than other cryptos due to its well-known relationship with Bankman-Fried and the fact that Alameda owned approx. 10 % of Solana's market cap.

Decentralised exchange trading volume has shot up 152 % during the last seven days, amounting to a collective trading volume of USD 31bln and signaling that more and more people are leaving centralised exchanges for decentralised ones.

Many centralised crypto exchanges felt compelled to reassure their customers in order to prevent any form of snowball effect. For this reason, you will find many public statements from various crypto exchanges confirming their regulatory status and assuring customers that unlike FTX, their assets are neither invested nor loaned.

Calls for strict regulation from regulators and industry leaders have also followed since then. It remains to be seen whether these will fall flat, as they so often do, or whether the time is ripe for new approaches to global crypto regulation and transparency.

The exchange's custody of customers' crypto-assets

From a legal point of view, there are various ways to structure the custody of customers' crypto-assets under Austrian law, the main two being: (a) via a custody agreement in the terms & conditions, or (b) as mere obligatory claims against the crypto exchange.

If the crypto exchange becomes insolvent, customers will in case of (a) have a right of segregation (Aussonderungsrecht) to claim their assets (if custody is structured under Austrian law and depending on the specifics), or in case of (b) likely lose their assets and only receive a quota. For this reason, we advise crypto investors to read the terms & conditions carefully before deciding to invest through a particular centralised exchange.

It remains to be seen what the full aftermath will be and what this means for the crypto industry. One thing is for sure: the crypto winter will be a long one.

The recent events around FTX are a reminder that any investment requires appropriate due diligence. Here are a few tips on where to start:

  1. Search the web and social media for the founder team, the company, its products and services and – if available – key employees. This may reveal things that people don't tell in business meetings.
  2. Request the company to prepare a proper data room and read everything in the data room. You should not cut a check based on a teaser document.
  3. Read the cap table and verify its correctness. Cap tables are often wrong. Classical errors include rounding errors and not properly reflecting the fully diluted view.
  4. Ask the company to explain what they do and how they make money. Ask the founders and key employees separately, in search for a consistent story and understanding of the business.
  5. Ask for references, e.g. with prior founders or employers. Verify these references.
  6. Meet the entire team together at least once. This shows the dynamic in the team and how they get along.
  7. If the company's business depends on a specific technology, get an experienced person to review the tech stack.
  8. Be cautious any time someone pushes you into skipping due diligence. Consider passing on this opportunity.
  9. Conduct an appropriate legal, tax and financial due diligence – either internally (if appropriate staff is available) or externally. The scope of such due diligence should be appropriate in respect of the size of your investment, the stage of the company and the business in which the company is active (e.g. whether the company is regulated or exposed to specific risk, such as product liability).
  10. For regulated companies: Speak with their legal team and ask them to explain their legal setup and strategy to ensure compliance, especially how they monitor compliance.

Obviously, this is not an exhaustive list and any due diligence should be appropriate in the given circumstances. Lastly, the Schoenherr teams are happy to support any legal due diligence process #staysafe #staydiligent

Football World Cups traditionally serve to introduce new rules and institutes. The last major changes were the introduction of the vanishing spray, goal-line technology and the video assistant referee (VAR). As FIFA represents a monopoly of associations worldwide (in contrast to boxing, for instance, where there are different associations with different regulations), these amendments are rules of the game for football that must be taken into account worldwide.
For certain technical rule changes, such as the VAR, an opt-out exists. This means that if these rule changes are implemented, it must be done in accordance with FIFA rules. The fact that a full implementation of all rule changes is not possible even in different professional leagues is due to cost reasons. For example, the Austrian Bundesliga does not use goal-line technology, but does use the VAR.
At the World Cup in Qatar, FIFA is introducing a semi-automated offside technology for the first time. Since there are no discretionary decisions in offside, unlike foul plays or red cards, for example, FIFA wants to use it to make the VAR's decisions quicker and more reliable.
The new semi-automatic offside technology was tested under competition conditions at the Arab Cup and the Club World Cup in February. A 500Hz signal in the ball and 12 cameras that use data points to record players' movements will be used to detect the position of players who may be offside even more accurately than before. The data is checked by the VAR and immediately forwarded to the referee on the pitch.
FIFA hopes that this will lead to much faster and more accurate decision-making in questions of offside.

On 10 November 2022 the European Parliament passed a resolution to call upon the European Commission and the Council to acknowledge the value of the videogame ecosystem. It further called for the development of a coherent, long-term European videogame strategy, which should benefit all actors involved fairly and adequately, while taking into account esports and the current dependence on imports and building on existing national strategies to support EU actors and EU start-ups in these sectors.

In doing so, the Parliament highlighted several important facts. The videogame ecosystem has become a leading cultural and creative industry all over the world, with an estimated European market size of EUR 23.3bln in 2021. Half of all Europeans consider themselves to be videogame players and the average age of a videogame player in Europe is 31.3 years. However, these ecosystems still lack the harmonised data, definitions and legal frameworks required to enable them to embrace their full potential. Furthermore, the sector is mostly privately owned, but benefits from measures and incentives at the national and EU level, namely the Creative Europe programme or as part of the overall support for research and innovation Horizon Europe. Although the EU is a major actor in the videogame ecosystem, the industry is largely dominated by non-EU actors. Moreover, videogames and esports use advanced technologies such as AI and virtual reality and have initiated the creation of alternative virtual spaces such as metaverses.

The European Parliament defined esports as encompassing a human element (the players), a digital element (the games themselves) and a competitive element. It differs from regular sports in that they are digital by definition. In addition, esports is a phenomenon essentially driven by private entities, with the IP rights belonging to the game publisher and competition rights either to the game publisher or arranged on a contract-by-contract basis. With regard to the educational potential of esports, the Parliament highlights that significant improvement in several key skills can be observed, such as problem-solving and analytical, social and intellectual skills, spatial coordination and teamwork, as well as better levels of concentration.

Now the European Parliament is calling for greater support and investment in research and development and training in order to maximise game creation opportunities throughout all Member States and encourage the development of and retain European talent. They propose to map and define the European videogame industry and to consider creating a "European Videogame" label. Furthermore, they highlight the need to develop a European strategy for videogame IP, utilising both the creation of new and original IP and the promotion of existing European creations and IP. In doing so, the Parliament stresses that cross-border enforcement of the IP rights of game developers and artists must be adequately protected, and that fair remuneration must be ensured.

In addition, the Parliament has explicitly commented on loot boxes and the need for transparency. Consequently, the Parliament called on the European Commission and the Member States to consider legislative measures, where appropriate, to address issues linked to the phenomena of in-game monetisation, such as luck-based game elements and "pay-to-win" systems, taking into account all possible means to protect players who are most vulnerable to aggressive designs, such as minors.

Moreover, the Parliament is looking for a long-term strategy to create coherent and comprehensive guidelines, especially on the status of professional esports players, for example when it comes to visas for esports personnel.

It will now be up to the EU legislator how to implement the Parliament's resolution. The full text of the resolution can be found here.

Advocate General Juliane Kokott probably caused a few headaches in the technology world when she recently opined in a case referred to the Court of Justice of the European Union that national competition authorities should apply market dominance abuse rules to transactions that do not require clearance under EU or Member State merger control regimes.

The case concerns French television broadcaster TDF Infrastructure Holding, which had acquired control of Itas SAS in 2016. In consequence, only two service providers were left on the market: TDF and Towercast. The acquisition did not require merger control filing at the EU or Member State level. Towercast complained about TDF's strong position post-transaction to the French authorities, which referred the case to the ECJ.

There was widespread belief that ever since the merger control regimes were introduced at the EU and EU Member State level, transactions below the jurisdictional thresholds of these regimes would not require further scrutiny under antitrust rules. AG Kokott thinks, however, that a supplementary application of the abuse of dominance regime would help protect competition by catching problematic acquisitions in areas like technology, which do not trigger merger control thresholds. This would make them subject to another layer of scrutiny or to a possible referral to the EU Commission under Article 22 of the EU Merger Control Regime (see here for the respective EU Commission Guidance).

The Digital Services Act ("DSA"), targeting numerous online/digital services from internet access providers to cloud and webhosting services, search engines, online platforms such as social media, online marketplaces, app stores and collaborative economy platforms, enters into force on 16 November 2022.

It aims to protect the fundamental rights of users and to tackle illegal content and misinformation by creating extensive obligations for providers of online/digital services regarding, e.g. targeted advertisements, content moderation, transparency, "complaint-handling systems", mandatory audits and the like.

Because the DSA applies to many different online/digital services and may require extensive internal changes, organisations should waste no time in setting the necessary requirements for DSA compliance.

See here for details.

  1.  Austrian Company Law Digitalisation Act 2022 (Gesellschaftsrechtliches Digitalisierungsgesetz 2022)

We reported on the draft of the Austrian Company Law Digitalisation Act 2022 (Gesellschaftsrechtliches Digitalisierungsgesetz 2022) in our TTP newsletter in September 2022. This law has now passed the first chamber of the Austrian parliament (Nationalrat) and is slated to come into effect at the beginning of December 2022.

Among other things, the law provides for faster registration of new legal entities in the Commercial Register, free online access to short-form Commercial Register information, the possibility to pay share capital to banks located in the European Economic Area and not only to Austrian banks, and reduction of fees payable to the Commercial Register courts.

  1. Proposal to extend Covid-19 corporate legislation for a further six months

Austrian COVID-19 legislation allows corporate bodies to meet virtually instead of in person. However, this is still temporary legislation only. The Austrian legislator is now in the process of extending the possibility to hold virtual meetings by six months from 31 December 2022 to 30 June 2023.
There is also a proposal to discontinue the ability of legal entities to hold ordinary general meetings within 12 months after the end of the business year instead of eight months. In line with this, the possibility to prepare annual financial statements with a delay of four months will be discontinued. The discontinuation of extended deadlines will be relevant for all entities having balance sheet dates after 30 June 2022.

You may recall that the European Commission issued new standard contractual clauses ("SCCs") pursuant to the GDPR for the transfer of personal data to third countries. Thus, all "old" contracts must be transitioned to the new SCCs by 27 December 2022. Concluding the "new" SCCs also requires a Transfer Impact Assessment (TIA). This means that detailed documentation needs to be in place that analyses if there are any legal provisions or practices of the third country which may impinge on the effectiveness of the transfer safeguards. If so, additional measures must be taken to achieve a data protection level equivalent to that of the EU.   

After many months of work on the project, on 15 November 2022 the Polish Council of Ministers finally adopted a draft law on electronic communications, which will implement Directive (EU) 2018/1972 establishing the European Electronic Communications Code (the "Draft"). The Draft will replace the currently binding Telecommunications Law and introduce a set of changes for both users as well as telecommunications undertakings operating in Poland. The Draft covers the operation of the electronic communications market in Poland. It will also introduce the possibility for prepaid subscribers to receive refunds of remaining recharge funds on their accounts, in case of account expiration.
The main topics and solutions introduced in the Draft include: (i) rules for carrying out activities that involve providing public telecommunications networks or electronic communication services (the new solutions will apply not only to traditional telecommunications businesses, but also to operators of over-the-top services (such as internet applications and instant messaging); (ii) protection of end users' rights (by introducing new information obligations and strengthening rights regarding contract conclusion and termination); (iii) issues related to the management of frequencies, numbering resources and the provision of access to telecommunications networks; (iv) the possibility for prepaid subscribers to receive a refund of the remaining recharge funds on their account in the event of account expiration; and (v) reduction of compensation claims that service providers could apply against the subscriber in case of early termination.

The Amendment to the Austrian Copyright Act fundamentally revised copyright contract law. So far, we have provided an overview of the new provisions and taken a look at the remuneration rules. Our latest addition to this legal insight series now concerns the transparency obligation of rights and licence holders towards authors and performers.

As a consequence of the ECJ judgment, now widely known online as "Schrems II", the EU Commission has enacted new Standard Contractual Clauses introducing the Transfer Impact Assessment as an obligation for all data importers and exporters. This assessment is intended to show whether the government and authorities of the importing country can access the personal data that are being transferred. All organisations must align with the new Standard Contractual Clauses and prepare a Transfer Impact Assessment by 27 December 2022, so the clock is ticking. One might wonder what this has to do with companies operating in Serbia, which is not a member of the EU. But Serbian companies are impacted either as data importers or in the event of extended application of the GDPR. If you are a multinational company receiving personal data from the EU or are running a business that could fall under extended application of the GDPR, you should definitely examine this topic as soon as possible. In the extended version of this article we go into more detail about the transfer impact assessment in Serbia