EU Data Act & Cyber Resilience Act: Adapt general terms and conditions, CE mark software

Digitization law forum

The EU Data Act is a "small GDPR" for non-personal data. It contains specific requirements for the design of general terms and conditions and the technical design of products. The EU's upcoming Cyber Resilience Act (CRA) will soon require practically all software to be CE-marked and to undergo a corresponding conformity assessment procedure. This will lead to a significant change in software and product development.

EU Data Act (DA)

The EU Data Act (Regulation 2023/2854) is another regulation from the EU's digitalization strategy. It has already been adopted and will apply without further ado from 12.09.2025.

The EU Data Act can be succinctly summarized as a "small GDPR" for non-personal data. The EU Data Act therefore covers networked products and online services in particular. Examples include the following:

  • SaaS offerings

  • Connected medical products

  • IoT and IIoT products

Among other things, the EU Data Act contains specific requirements for the formulation of general terms and conditions in the form of prohibitions and requirements. This means that not only are regulations prohibited, but certain regulations are specified for inclusion in the T&Cs.

In addition, customers must be proactively provided with certain information before concluding a contract. There are also requirements for technical product design.

The regulations apply to both B2C and B2B.

We would be happy to give you an overview of the EU Data Act and present the key innovations.

EU Cyber Resilience Act (CRA)

The Cyber Resilience Act has already been adopted by the EU Parliament. It will lead to a fundamental change in software development. Under the Cyber Resilience Act, practically all software will require a CE mark and the associated implementation of a corresponding conformity assessment procedure. Legacy products may have to be withdrawn from the market if they are not adapted. In addition to the usual warranty obligation, a new "support period" is now being introduced. Manufacturers are now required to provide updates for the products they bring onto the market for a certain period of time.

The event will provide an overview of the upcoming regulations. Timely preparation is essential.

Speakers

Lawyer
Dr. Gerrit Hötzel
Specialist lawyer for copyright and media law
Specialist lawyer for information technology law

Lawyer and partner of the supra-regional law firm VOELKER & Partner mbB in the field of IP/IT, data protection in Stuttgart. He advises and supports companies comprehensively in the field of digitalization.

Attorney at Law
Marius Adler

Lawyer with many years of experience in consulting and project work in the field of IT and digitization

An excerpt from the topics

EU Data Act (DA)

  • Introduction

    • Overview of the provisions of the EU Data Act

    • Digitalization strategy of the EU

  • Effects on SaaS

    • Requirements for the GTC

    • Information obligations before conclusion of contract

  • Effects on networked products

    • Requirements for the GTC

    • Information obligations before conclusion of contract

  • Effects on networked medical devices

    • Requirements for general terms and conditions and information obligations

    • Interaction with other laws: MDR, AI Act etc.

    • Exemplary product design

EU Cyber Resilience Act (CRA)

  • Introduction

    • Current status of the CRA

    • Overview of the new obligations

  • Obligation to CE mark software

    • Which products exactly are covered

    • Which risk classes exist?

  • Open source software under the CRA

    • Obligations when integrating open source software

    • Duty of manufacturers to assess the conformity of third-party open source software

    • Practical implementation

  • Obligations in the supply chain

    • Contractual regulations

    • New obligation for the support period

    • Documentation obligations

  • Dealing with "old products"

    • Transitional provisions

    • Ambiguity of the regulation

Afterwards there will be an opportunity for questions and discussion.

Date & costs

The event will take place on Tuesday, 16.10.2024, 16:00 - 17:30.

Participation in the event is free of charge. Please register as soon as possible.

Online event

The event will take place as an online event via Microsoft Teams.

The participation link will be announced separately before the event.

Registration via web form

We look forward to your registration:

E-mail address:

Please calculate the sum of 3 and 7 (security query):

Salutation, first and last name (optional):

Company (optional):

Information by e-mail about upcoming forums on digitization law. You hereby consent to the processing for this purpose. (optional)

Data protection information: When the request is sent, the above information is encrypted and sent to us by e-mail via our web server. You can withdraw your consent at any time, e.g. by sending us a reply e-mail or a separate e-mail; the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Further data protection information can be found here.

Registration by e-mail

Alternatively, we look forward to receiving your registration by e-mail to: veranstaltungen@voelker-gruppe.com

Further information

Further information on our series "Forum Digitalization Law" can be found here.

The special data protection information can be found here

Status: 13.09.2024

The EU Data Act is a "small GDPR" for non-personal data. It contains specific requirements for the design of general terms and conditions and the technical design of products. The EU's upcoming Cyber Resilience Act (CRA) will soon require practically all software to be CE-marked and to undergo a corresponding conformity assessment procedure. This will lead to a significant change in software and product development.

EU Data Act (DA)

The EU Data Act (Regulation 2023/2854) is another regulation from the EU's digitalization strategy. It has already been adopted and will apply without further ado from 12.09.2025.

The EU Data Act can be succinctly summarized as a "small GDPR" for non-personal data. The EU Data Act therefore covers networked products and online services in particular. Examples include the following:

  • SaaS offerings

  • Connected medical products

  • IoT and IIoT products

Among other things, the EU Data Act contains specific requirements for the formulation of general terms and conditions in the form of prohibitions and requirements. This means that not only are regulations prohibited, but certain regulations are specified for inclusion in the T&Cs.

In addition, customers must be proactively provided with certain information before concluding a contract. There are also requirements for technical product design.

The regulations apply to both B2C and B2B.

We would be happy to give you an overview of the EU Data Act and present the key innovations.

EU Cyber Resilience Act (CRA)

The Cyber Resilience Act has already been adopted by the EU Parliament. It will lead to a fundamental change in software development. Under the Cyber Resilience Act, practically all software will require a CE mark and the associated implementation of a corresponding conformity assessment procedure. Legacy products may have to be withdrawn from the market if they are not adapted. In addition to the usual warranty obligation, a new "support period" is now being introduced. Manufacturers are now required to provide updates for the products they bring onto the market for a certain period of time.

The event will provide an overview of the upcoming regulations. Timely preparation is absolutely essential.