Dear colleagues,
in this issue, we take a look at current developments in data protection, financial market regulation and cyber security. In particular, we focus on the BayLDA’s new activity report, new ESMA guidelines on the classification of crypto-assets as financial instruments and EU-wide requirements for calculating losses caused by IT failures. These changes have far-reaching implications for companies and regulatory authorities.
Table of Contents
- 1. BayLDA Report 14: Data protection between bureaucracy and the digital future
- 2. ESMA guidelines on the classification of crypto-assets as financial instruments
- 3. Joint guidelines on the calculation of losses due to IT failures
- 4. ECJ statistics 2024: record figures, digital legal issues and declining German proceedings
- Now receive the most important compliance reports every week free of charge
1. BayLDA Report 14: Data protection between bureaucracy and the digital future
Summary: The 14th activity report of the Bavarian State Office for Data Protection Supervision (BayLDA) sheds light on the growing tension between data protection requirements and the bureaucratic burden on companies. The report shows that data protection is increasingly perceived as a hindrance rather than an essential element of a secure digital society. Attempts to relax data protection regulations in order to reduce bureaucratic hurdles are particularly criticized.
Opinion: This development is worrying. Data protection is not a mere administrative act, but a basic prerequisite for digital security and trust. Anyone who sees it as mere bureaucracy risks massive security gaps and encourages abuse. Companies should see data protection not as an obstacle, but as an opportunity for innovation. The report is a wake-up call to resolutely defend data protection – against short-term economic interests and for a sustainable digital future. Source
2. ESMA guidelines on the classification of crypto-assets as financial instruments
Summary: The European Securities and Markets Authority (ESMA) has published new guidelines setting out criteria for classifying crypto-assets as financial instruments. These guidelines are intended to provide more clarity for market participants, especially for companies offering crypto services. ESMA defines in detail the conditions under which crypto-assets fall under MiFID II regulations and are therefore subject to stricter regulatory requirements.
Opinion: These guidelines are a decisive step towards greater regulatory certainty in the crypto sector. Companies must now position themselves clearly: Anyone offering crypto-assets as financial instruments must adhere to the stricter rules. This ensures greater transparency. Companies should carefully examine their business models in relation to MiFID II regulation. Source
3. Joint guidelines on the calculation of losses due to IT failures
Summary: ESMA and the European Banking Authority (EBA) have published joint guidelines setting out methods for calculating the aggregate annual costs and losses caused by serious IT incidents. These guidelines are intended to oblige banks and financial service providers to systematically record the economic losses caused by cyber attacks or technical faults.
Opinion: The increasing digitalization of the financial sector makes such requirements essential. Financial institutions must realize that IT failures have not only technical but also massive economic consequences. These new guidelines help to make risks more transparent and to better plan preventative measures. Companies should adapt their IT risk management systems accordingly in order to meet the new reporting requirements. Source
4. ECJ statistics 2024: record figures, digital legal issues and declining German proceedings
Summary: The ECJ statistics 2024 show an increasing number of cases and high efficiency. With 1,706 new and 1,785 completed cases, a record number was achieved, while the number of pending cases fell to 2,508.
The ECJ recorded 920 new cases ( 12 %), closed 863 ( 10 %) and reached an all-time high with 1,206 pending cases. The EGC improved its performance with 922 cases closed and the lowest level of pending cases since 2015 (1,302).
Disputes concerning digital markets are particularly relevant: Six cases concern the classification as a “very large online platform” or the supervisory fee under the Digital Services Act (DSA), two cases concern the “gatekeeper” classification under the Digital Markets Act (DMA). Future actions for implementation by the EU Commission are likely. The transfer of certain preliminary rulings to the General Court since October 2024 is intended to relieve the burden on the CJEU.
Other key areas were environmental law, competition and sanctions against Russia. The sharp decline in German preliminary ruling proceedings to 66 is striking – the lowest figure in 15 years (2023: 94, 2020: 140).
Opinion: This raises questions: Has national case law become more secure, or is the ECJ being used less? Overall, there is a growing workload, particularly due to new legal issues relating to digital regulation Source
Now receive the most important compliance reports every week free of charge
Many compliance officers already use our free service and receive the most important news from the areas of compliance, money laundering prevention, data protection and IT security. We provide a weekly overview of the most important reports and categorize them.
Subscribe now free of charge.
Would you like to be up to date every day?
Our legal risk monitoring software gives you access to all reports and allows you to filter them by relevance, type and area. You can create and download summaries. Get in touch with us.
We wish you a successful week.
Your Riscreen team