Author: admin

Text and data mining (TDM) has emerged as a powerful technique for extracting valuable insights from large datasets, particularly in fields such as research, healthcare, and marketing. However, as the capabilities of TDM continue to expand, it is essential to consider the legal frameworks that govern its application. In Poland, this involves a complex interplay of national legislation and European Union directives, particularly regarding intellectual property rights, data protection, and exceptions for research.

Intellectual property rights in Poland are primarily governed by the Act of 4 February 1994 on Copyright and Related Rights (Copyright Act). This legislation establishes the rights of authors and creators over their works, which can include text, databases, and other forms of content. Under Polish law, the use of copyrighted material without permission is generally prohibited, which can pose challenges for TDM practitioners. However, on September 20, 2024, an amendment to the Copyright Act implementing the Directive on Copyright and Related Rights in the Digital Single Market went into effect with a three-year delay. One area of change is permitted use in TDM.

Generally, permitted use, as defined in the Copyright Act, is a certain restriction on the monopoly of rights held by the creator of a work. This restriction allows for the use of the work without the permission of the right holder, justified either by public interest (permitted public use) or by the individual interests of users (permitted private use). Permitted private use allows an already distributed work to be used for free within the scope of one’s own personal use without the author’s permission. Permitted public use, on the other hand, encompasses various categories of restrictions, such as the right to quote, the citation of works in news programs, the use of works for teaching or scientific purposes, and the permitted use granted to libraries, archives, and schools. TDM, as introduced into Polish law, is a new form of permitted use.

TDM is the analysis of texts and data exclusively using an automated technique to analyze texts and data in digital form to generate specific information, including patterns, trends, and correlations. In Poland, permitted use in terms of TDM may be understood in two ways. The first applies to cultural heritage institutions and entities such as universities. The second enables all already distributed works (e.g., texts on news portals) to be reproduced for TDM purposes, regardless of the type of work or the authorized entity. There are, however, two restrictions in this regard. First, any entity that holds economic copyright to a work may express a reservation against TDM (opt-out). Second, reproduced works may not be kept forever but only for as long as necessary to achieve the TDM purpose (certainly until their analysis is complete).

Currently, there are no specific recommendations or industry standards for opt-outs. Polish law only requires that such disclaimers be explicit, appropriate (referring to how the work itself is made available), and in machine-readable format with metadata. The law does not provide further details regarding works made available to the public to allow anyone to access them at a time and place of their choice. All of these conditions must be met jointly.

Strictly speaking, if a manufacturer of commercial artificial intelligence systems wishes to extract data from the internet to build its knowledge base, it must follow specific rules. Otherwise, the desired data (for which an opt-out has been reserved) cannot be used. Similarly, the AI Act stipulates that any use of copyright-protected content requires authorization from the right holder unless relevant copyright exceptions and limitations apply. In summary, producers of generative AI must comply with the opt-out restrictions as imposed by the respective Member State.

TDM presents significant opportunities for innovation and research across various fields. However, navigating the legal landscape in Poland requires a careful understanding of intellectual property rights, database protections, and data protection regulations. While there are exceptions that can facilitate TDM for research and educational purposes, practitioners must remain vigilant in ensuring compliance with relevant laws.

As the landscape of TDM continues to evolve, ongoing dialogue among policymakers, legal experts, and practitioners is essential. This will ensure that the legal framework remains conducive to innovation while protecting the rights and interests of authors, database creators, and individuals whose data may be involved in mining activities. Ultimately, a balanced approach can promote the responsible use of TDM, fostering advancements that benefit society as a whole.

By Daria Rutecka, Partner, Schoenherr

This article was originally published in Issue 11.11 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

Austria’s data strategy is derived from the European data strategy. It aims to improve the framework conditions for the data economy and to promote the secure exchange and broad use of data.

Three strategic goals were established: (1) developing sustainable data infrastructures, (2) activating the potential for responsible data use, and (3) establishing an innovative data culture and strengthening data skills. At present, the strategy is driven by the implementation of the Data Governance Act and the Data Act.

The Data Governance Act – Regulation (EU) 2022/868 – is intended to create a framework for improved data-sharing in the public sector applicable from September 2023. The public sector is called upon to enable the use of protected data (in a controlled, secure processing environment). To this end, structures are to be created that, on the one hand, ensure that protected data can be found more easily and, on the other hand, support public authorities in making protected datasets available. From an economic and social point of view, the registration of data brokering services (intermediaries) and recognized data altruism organizations should contribute to a further strengthening of the European data economy.

The Data Act – Regulation (EU) 2023/2854 – particularly addresses manufacturers of connected products and services (Internet of Things). The purpose of the Data Act is to regulate access to data and its use within the EU for B2B and B2C for personal and non-personal data becoming directly applicable from September 12, 2025. The aim of the Data Act is to enable the sharing of and access to data for users of such products. The regulation also stipulates that users can share this data with third parties. This is particularly relevant for, for example, repairs or maintenance of networked products (e.g., cars).

The Data Act also protects SMEs from unfavorable contractual terms that could be imposed by larger companies (e.g., contractual clauses that are unilaterally determined and unfairly prohibited and shall be considered not binding). Therefore, agreements and general terms and conditions of entities involved must also be reviewed for void clauses under the Data Act in addition to void clauses under Austrian civil law. However, many clauses considered unfavorable under the Data Act might already be considered void by local Austrian law.

Of relevance is also the Open Data Directive (EU) 2019/1024 which sets out minimum requirements for the improved reuse of public sector data based on the principles of transparency and non-discrimination. A core element is the establishment of the commercial usability of published public sector data. The directive defines basic conditions for fees, formats, licenses, and the interoperability of data that apply in all EU member states.

Intensive preparations are currently underway to implement the Data Governance Act and the Data Act in Austria. Especially, the competent authorities and the sanction systems for non-compliance must be determined. Drafts are not yet available.

In connection with the Data Governance Act, a draft of an Austrian Data Access Act is available, which provides the basis for enabling national governance for the secure and further anonymized and reuse of protected public sector data.

On January 31, 2024, the new Freedom of Information Act (Informationsfreiheitsgesetz) was passed, ending official secrecy (secrecy that is restricted to specific public officials), which is an absolute milestone in public data governance. Specifically, the Freedom of Information Act – from its entry into force in September 2025 – grants every natural and legal person the right of access to state and certain corporate information. In addition, the Freedom of Information Act obliges public bodies to proactively publish information of general interest – that is, information that concerns or is relevant to a general group of people (e.g., activity reports, official statistics, studies, expert opinions, and contracts). With regard to the existence of reasons for secrecy, a balance of interests must be weighed between the right of the individual to freedom of information and the interest of the institution in secrecy. In the weighing process, the activities of so-called “social watchdogs” (non-governmental organizations and journalists who need the information to conduct a public debate) must be taken into account, according to the explanations.

By Sabine Fehringer, Partner, DLA Piper Austria

This article was originally published in Issue 11.11 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

Recent court decisions in the technology, media, and telecommunications sector are expected to influence the way in which businesses manage, protect, and enforce their intellectual property rights and trade secrets in Bulgaria.

Clearer Framework for Damages for Licensing Infringements

Nowadays, it is almost impossible to find a business that does not use or rely on various software solutions and tools for its operations. This, of course, increases not only the demand for useful, user-friendly, and problem-solving software solutions but also the risk of unauthorized use of such solutions and intellectual property infringements. In cross-border contractual relationships and allegations of infringements, the situation is even more complicated.

One of the major questions in cross-border copyright infringement cases is how to calculate the damages. A recent interpretive decision established a structured approach to calculating the damages in the form of lost royalties in cross-border cases of unauthorized use of a copyrighted work where no relevant licensing agreement has been entered into. The Supreme Court determined that the amount of damages should be calculated based on the licensing fees that would have been paid by the infringer had they obtained a legitimate license for the use in the country where the infringement occurred. Consequently, in the event of an infringement within the territory of Bulgaria, the rightsholders will calculate the unreceived fees in accordance with the standard licensing fee for their product in Bulgaria.

It is also notable that the decision encompasses not only the recovery of legal fees incurred during litigation but also the reimbursement of reasonable and proportionate lawyer’s fees associated with reaching an out-of-court settlement, such as the work on a cease-and-desist letter to the alleged infringer.

Consequently, rightsholders would likely feel more secure in taking legal action against infringers, knowing they can generally recover both the lost licensing fees and the legal costs associated with the infringement. For potential infringers, on the other hand, the risk of facing higher financial penalties, including legal costs, may encourage more cautious behavior and motivate quicker settlements to avoid lengthy and costly litigation.

As an interpretative decision, it is binding on courts in future disputes, thereby ensuring consistent application of its principles.

The Relationship Between Trade Secrets and Public Disclosure

Another recent decision sheds light on the importance of maintaining confidentiality in trade secrets, particularly in the context of public disclosures. Nowadays, more and more companies in the Bulgarian market are increasingly relying on trade secrets to protect valuable information that cannot be protected in any other way (e.g., that cannot be copyrighted or patented). For example, some companies rely mainly on their trade secret protection arrangements to mitigate the risks of ex-employees extracting, disclosing, and/or using such highly valuable information. However, this is not an easy task and one of the reasons for this is that it is not crystal clear what type of information falls within the scope of trade secrets. For example, in many cases, trade secrets and confidential information are generally considered by companies to be interchangeable. However, the truth is that while any trade secret can be considered confidential information, not all confidential information can be considered a trade secret.

The court decision provides two important clarifications in this regard. On the one hand, the court confirms that, in principle, a client list can be protected as a trade secret. On the other hand, however, the court clarifies that this would not be the case if the list had been publicly disclosed to an unrestricted audience – for example, it has been made available on the company’s website. It seems that this understanding could be applied more broadly also to information other than the client list.

In view of this ruling, companies must exercise greater caution in disseminating proprietary information through marketing materials or online/public platforms. As illustrated above, such actions may result in the loss of exclusivity and, consequently, the inability to protect the information as a trade secret under Bulgarian laws.

The above rulings provide significant clarification mainly for the Bulgarian technology, media, and telecommunications sector but not only, as trade secrets may be relevant to other sectors as well. Collectively, these decisions contribute to the creation of a more secure and predictable legal environment, encouraging rightsholders to protect their intellectual property and optimize their strategies in order to keep their competitive advantage.

By Georgi Kanev, Head of IP&T, and Maya Demirova, Trainee Lawyer, Kinstellar

This article was originally published in Issue 11.11 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

Lithuania has updated its national legislation, with the revised Cybersecurity Law aligning with Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS2 Directive). The new Cybersecurity Law took effect on October 18, 2024. The implementing legislation was adopted on November 6, 2024.

By April 17, 2025, national cybersecurity authorities are required to compile the initial list of entities considered essential and important under this law.

These designated entities will then have an up to 24-month grace period to fully implement the rigorous requirements set forth by the law. A 12-month grace period is established for the implementation of organizational risk management measures and a 24-month grace period for technical risk management measures. It is important to stress that said transition period will start only from the date of inclusion of the relevant entity in the Cybersecurity Information System, processed by the National Cyber Security Centre (NSSC). This transition period is designed to allow organizations sufficient time to upgrade their infrastructure and operational strategies to comply with the new standards.

Main Obligations of Cybersecurity Entities

The obligations stipulated by the new Cybersecurity Law are aimed at maintaining a robust level of security for networks and information systems based on the performed risk assessment. These obligations include the adoption of effective risk management practices and the establishment of incident response mechanisms. Entities are also required to report cybersecurity incidents to the NSSC. Large-scale cybersecurity incidents must be reported within 24 hours of detection, with a detailed follow-up report due within 72 hours. Meanwhile, according to the implementing legislation, other cybersecurity incidents shall be reported within 72 hours of detection. According to the implementing legislation, cybersecurity entities are required to adapt their incident management systems to automatically register cyber incidents on the NSSC platform within 12 months of their registration in the Cybersecurity Information System.

Severe Sanctions for Non-compliance

As it is stipulated in NIS2, to enforce these stringent requirements, Lithuania has set severe sanctions for entities that fail to comply with the new cybersecurity regulations. The most drastic of these sanctions can result in fines of up to EUR 10 million or 2% of the entity’s total global annual turnover for the previous financial year, depending on which is greater. These penalties emphasize the critical nature of adhering to cybersecurity measures and ensure that entities take their responsibilities seriously.

In addition to the fine, the NSSC will have the power to impose various enforcement measures on cybersecurity entities. For example, it may instruct cybersecurity entities to inform the entities to which they provide services of possible actions that may be taken by those entities in response to a serious threat. Certain severe enforcement measures, such as suspension of activities or temporary suspension of a manager, can only be applied to essential entities and only by court decision.

Challenges in Implementation

The implementation of the NIS2 Directive may face significant hurdles, particularly due to the expected shortage of skilled cybersecurity professionals such as auditors and security officers. This shortage is part of a broader global talent gap in cybersecurity, which may be more pronounced in smaller markets like Lithuania. The deficit of qualified professionals could delay necessary compliance audits and overall implementation of compliance within the entities and may affect the company’s finances, as the high demand for such services is expected to lead to higher prices.

Conclusion

The implementation of Lithuania’s updated Cybersecurity Law, in response to the NIS2 Directive, significantly elevates the cybersecurity standards across the nation. By introducing precise incident reporting, risk management requirements, and substantial penalties for non-compliance, the new legislation aims to ensure a relatively high, risk-based cybersecurity level within key entities. However, the effective implementation of these requirements may be challenged by a shortage of skilled cybersecurity professionals, potentially hindering timely compliance and leading to increased costs for businesses as they strive to meet these new requirements.

By Asta Macijauskiene, Partner, Widen

This article was originally published in Issue 11.11 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

The NIS2 Directive is the EU-wide legislation on cybersecurity. It provides legal measures to increase the overall level of cybersecurity in the EU by modernizing the existing legal framework, broadening the scope of covered entities, and specifying high fines (2% or EUR 10 million for essential entities, or 1.4% of global annual turnover or EUR 7 million for important entities), directly involving the board members of covered organizations and holding them accountable for any breach of the legal framework established by the new Directive.

Companies covered by the NIS2 Directive are those operating in one of the sectors listed in Annex I or II of the NIS2 Directive and either: (a) have at least 50 employees or an annual turnover or balance sheet total of more than EUR 10 million (the organization is an important entity), or  have more than 250 employees or (b) a net turnover of more than EUR 50 million and a balance sheet total of more than EUR 43 million (the organisation is an essential entity).

Annex I of NIS II lists the essential entities, which are energy, transport, banking, financial market infrastructure, healthcare, drinking water, digital infrastructure, ICT services (B2B), wastewater, public administration, and space activities, while Annex II of the Directive lists the important entities, which are digital providers, postal and courier services, waste management companies, manufacturing, production and distribution of chemicals, production, processing, and distribution of food and research. Finally, there is an additional category of micro and small enterprises that are automatically covered by the NIS2 Directive: trust service providers, top-level domain name registries, domain name registration service providers, providers of public electronic communications networks, and providers of publicly available electronic communications services.

The main obligations imposed by the new directive are the obligation to carry out a risk assessment and determine the implementation of appropriate cybersecurity measures (duty of care), the obligation to report within 24 and 72 hours any cybersecurity incident that (may) significantly disrupt the provision of essential services (duty to report) and the obligation to comply with the supervisory authority designated by the directive (supervisory duty).

In Greece, the executive law adopting the NIS2 Directive ( Law 5160/2024) has been published on November 27, 2024. The national legislation distinguishes between the management responsibility of public and private companies (essential and important entities) by mentioning specific compliance obligations for private companies and vaguely referring to the existing rules detailing the responsibilities and penalties for public employees and elected representatives in the public sector, which will continue to apply. Management in both sectors (public and private) have a three-month period to decide and present the appropriate cybersecurity measures that the affected entities must take to ensure compliance with the directive and the national law.

Moreover,  the new law specifies that if a reportable incident within the scope of NIS2 constitutes a data breach under the General Data Protection Legislation, the incident must be reported to the National Data Protection Authority. If a fine is imposed by the Data Protection Authority for a data breach that constitutes a reportable incident under NIS2, the National Cybersecurity Authority shall not impose additional administrative fines for the same incident. Affected entities must follow a detailed step-by-step plan to prepare for the implementation of the new European legislation. To this effect, they will need to engage top management and key stakeholders to allocate budget and resources, identify critical security processes, services, and assets through a company-wide Business Impact Assessment (BIA), implement a risk and information security management system (indicatively ISO 27001 or NIST) aimed at identifying, managing and monitoring the company’s information security risks, and ensure that responsibilities are defined and key processes are operational (indicatively incident handling, business continuity and disaster recovery plans are in place).

The new European cybersecurity legislation has already come into force on October 18, 2024, however, the vast majority of affected organizations have not even begun to prepare for it. The awareness of stakeholders and staff on cybersecurity practices through the design and implementation of security management systems is critical for the successful enforcement of this important piece of legislation in the EU. Only through this awareness can the key success factor of embracing cybersecurity as a key survival element for an organization in the new digital era finally come to life.

By John Giannakakis, Head of Data & Digital, Drakopoulos

This article was originally published in Issue 11.11 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

We are living in very interesting times with spectacular innovations in technology. The law is hardly keeping up with all these changes. Companies and authors of intellectual property works are also challenged and need to adjust to the new evolving environment.

Romanian copyright law has been significantly amended recently to implement important EU directives. However, it does not yet have specific provisions adjusted to artificial intelligence (AI) systems to ensure copyright protection of works generated by AI.

The impact of AI is major and brings unique innovation opportunities but also challenges for companies (who face the risk of intellectual property rights infringement) and for creators (on the way their creative content is created, distributed, and used). In the current legislative context, it is difficult to find solutions for companies’ and creators’ rights to be protected in a balanced way.

The Concepts of Copyright Works and Subjects under Romanian Law

The national copyright regime is still dominated by a traditionalist approach by the legislator with respect to the object and subject of copyright. This has implications for the possibility of protecting work generated by AI as intellectual property.

It is important to distinguish between autonomous AI creations and AI-assisted human creations. In the former, a command given by the user is an idea that AI recognizes and generates work autonomously. In the latter, AI is used only as a tool, with significant human contribution to the creative process and the author facilitates the process of creation. Although the materialization of expression is aided by AI, the creation expresses the author’s personality through the author’s deliberate decisions.

In terms of the object of protection under Romanian law, copyright covers original works of intellectual creation in the literary, artistic, or scientific domain, whatever the mode of creation, form of expression, and value or intended purpose.

In terms of subjects of protection under Romanian law, the author is the natural person or persons who created the work. In cases expressly provided, legal entities and natural persons other than the author may benefit from the protection granted to the author as well. Moreover, it is specifically mentioned that copyright is linked to the person of the author and involves moral and patrimonial attributes. Importantly, ideas, theories, concepts, scientific discoveries, processes, methods of operation or mathematical concepts, and inventions contained in a work are not eligible for legal copyright protection in Romania.

Can AI-Generated Content Enjoy Legal Protection as Copyright in Romania?

Given the way the Romanian legislator defines the concepts of author and copyright works, it is hard to argue that Romanian law offers the protection enjoyed by works in the context of copyright to creations generated autonomously by AI. Human input is deemed imperative in the creative process, and the personality and the conscience of a human being play an important role. Thus, autonomous AI creations, as complex computer algorithms, could not legally be attributed personhood and could not be qualified as copyright works. On the other hand, AI-assisted works could be considered, in our opinion, as ones through which the author expresses their personality, the subject of protection being the one who uses generative technology.

What Measures Should Companies Take?

In the context of revolutionary AI systems, companies should take appropriate measures to protect their interests in both the short and long run.

In the legislative void regarding AI creations in Romania, AI-generated content is used freely. A significant number of artistic creations are reproduced, transformed, or modified using AI, with generated works used in advertising campaigns, marketing, etc. without legal constraints. However, this may prove to be dangerous since the intellectual property rights of authors may be infringed.

But how should companies behave to minimize the risk of infringing the copyright of lawful holders? And how can initial authors be compensated?

One way is for the users of AI systems to obtain from the suppliers thereof representations and guarantees that the AI models do not infringe the copyright of third parties and to find out if they are protected as intellectual property rights. In the latter case, when copyright-protected content is being used, companies should check if the copyright holder has given their authorization and if compensation was paid in this respect. Moreover, contractual clauses and company terms and conditions should be revised accordingly.

Companies should pay attention to the source of data that they use and evaluate the risks relating to intellectual property protection.

By Ciprian Dragomir, Partner and Head of IP, and Dana (Blaer) Barbu, Managing Associate, Tuca Zbarcea & Asociatii

This article was originally published in Issue 11.11 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

In the summer of 2024, the Croatian Intellectual Property Office published a report detailing intellectual property (IP) infringement data for 2023. This statistical overview sheds light on the enforcement of IP rights across three main segments in Croatia: liability for misdemeanors (falling under the jurisdiction of the Croatian Customs Administration), criminal liability (managed by the State Attorney’s Office), and civil liability (which is enforced through private actions, often involving Collective Management Organizations (CMOs)). This article analyzes the trends observed in the 2023 report, aiming to provide insight into the future landscape of IP enforcement in Croatia and explore implications for rightsholders and other stakeholders in the IP space.

When talking about IP infringements sanctioned by misdemeanors, the Customs Administration primarily enforces IP rights through border controls, while fewer resources are devoted to inspections within the market. In 2023, border control procedures constituted around 75% of all enforcement actions by customs, with a substantial 99% of cases initiated at the request of the rightsholder. This approach to enforcement, where rightsholders actively lodge requests, has been a consistent trend, indicating an ongoing dependency on rightsholder involvement in detecting infringements. Interestingly, while the number of border control procedures was typical for a calendar year (totaling 635 procedures), the value of goods destroyed in 2023 was considerably lower, at approximately USD 4 million. This is a stark contrast to the values seen in previous years, such as USD 56 million in 2022 and USD 33 million in 2021. Among destroyed goods in 2023, toys (USD 1.5 million), bags, watches, and jewelry (USD 1.1 million), and machines and tools (USD 0.9 million) represented the highest categories in terms of value.

In terms of customs inspections in the market, the resources are again focused on trademark infringements, accounting for about 90% of cases, whereas copyright infringements made up only 7%. Notably, the Customs Administration conducted only 16 inspections related to illegal software in 2023, reflecting a decline from around 250 inspections per year conducted in the 2016-2018 period.

IP-related criminal proceedings are relatively rare in Croatia, likely due to the country’s small jurisdiction and the preference for handling IP infringements through civil or administrative routes. This low volume makes it challenging to establish strong trends. However, one consistent observation is that monetary fines remain the primary sanction for criminal IP infringements, with incarceration, although possible, being an uncommon penalty.

Although the landscape of IP infringement in Croatia primarily involves industrial property, with a strong emphasis on trademarks, in civil court proceedings, copyright protection takes the lead over other forms of IP. The speed of civil litigation in IP cases is notably efficient compared to other areas of law and most first-instance civil court cases related to copyright infringements are resolved within a year. This efficiency can be partly attributed to the role of CMOs, which initiated around 80% of new IP-related litigation cases in 2023. With a wealth of experience in copyright litigation, Croatian CMOs have become adept at navigating these cases efficiently, often resulting in straightforward proceedings that allow for prompt rulings.

In conclusion, the trends observed in IP infringement enforcement in Croatia reveal a system where responsibility is shared among customs, criminal authorities, and private players. The Customs Administration’s reliance on rightsholders to initiate border controls reflects a trend toward collaborative enforcement, though the decline in the value of destroyed goods suggests potential shifts in focus or enforcement efficacy.

Meanwhile, the role of criminal sanctions remains minimal, with monetary fines prevailing over more stringent penalties. On the other hand, civil litigation, bolstered by the active participation of CMOs, stands out as a particularly effective avenue for IP enforcement in Croatia. Civil courts have demonstrated an efficient framework for addressing IP disputes. Looking ahead, the trends suggest that Croatia will likely continue to rely on rightsholder-driven enforcement to address IP infringement. Strengthening cross-border collaboration, reallocating resources to address evolving infringement types, and enhancing the enforcement capacities of customs and criminal authorities could further bolster Croatia’s IP protection landscape, supporting both local and international rightsholders in safeguarding their intellectual assets.

By Iva Basaric, Partner, and Matija Skender, Senior Associate, Babic & Partners

This article was originally published in Issue 11.11 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

The Slovene language has long been a core part of Slovenia’s national identity, instrumental in unifying the nation during its journey to independence in 1991. However, globalization and digitalization have increasingly challenged the prominence of Slovene in public and commercial domains. This pressure has placed responsibility on the Slovenian government to safeguard the language’s role in the face of a rapidly globalizing world. Recent amendments to the Act on the Public Use of Slovene (Act) reflect this commitment to preserving and expanding Slovene’s presence in public, commercial, and digital spheres.

The Act before the Amendments

First implemented in 2004, the Act aimed to secure Slovene as the primary language in public and professional settings, thereby protecting cultural heritage and ensuring that information remains accessible to Slovenian speakers. It set specific requirements for various sectors, including government communications, education, commerce, and the media. One key provision was and remains that businesses and individuals engaged in commerce within Slovenian territory have to communicate with clients in Slovene. Additionally, product information, including features, usage conditions, and intended purpose, had to be provided in Slovene or a language easily understood by Slovenian consumers.

The digital landscape and cross-border nature of many services, particularly in the technology sector, have made enforcing Slovene language requirements challenging. For example, many international technology and infotainment providers, such as Apple, lacked Slovene-language support in their products and services. Apple, specifically, faced scrutiny for not including Slovene in its iOS operating system, highlighting a broader issue where popular devices and services often prioritized global languages like English. Recognizing these challenges, lawmakers introduced amendments to address the gaps and reinforce Slovene’s position across different sectors.

Key Changes to the Act

The updated Act introduces several significant provisions aimed at ensuring the visibility and accessibility of Slovene in the digital age. Among the most impactful changes is the requirement for technology companies to offer operating systems and graphical and voice user interfaces in Slovene. Devices sold in Slovenia must now support Slovene orthography and functionality equivalent to other languages available on the device. This change aims to create a more inclusive environment for Slovene speakers by allowing them to navigate their devices in their native language.

The Act foresees that the Slovenian government will adopt a list of categories of devices for which the above obligation shall apply. In anticipation of these changes, some companies have already adapted their products. For example, Apple added Slovene support to iOS in September 2024, a move that was widely celebrated in Slovenia and seen as a victory for linguistic inclusivity. As more companies comply, Slovene-speaking consumers will gain greater ease of access to digital platforms in their native language.

The Act also emphasizes supporting Slovene-language content creators across media, literature, and digital spaces. By promoting and prioritizing Slovene-language content, the government hopes to enrich Slovenia’s cultural offerings and increase Slovene’s visibility both locally and internationally.

Looking Forward: Slovene in a Globalized World

The amendments to the Act represent a significant step toward preserving Slovene as a language of public use in an increasingly globalized and digital environment. By enacting higher standards for public and digital accessibility, the government underscores Slovenia’s commitment to linguistic diversity and cultural heritage. The amendments have garnered support from various stakeholders, including many businesses supporting the updated Act, recognizing the importance of connecting with Slovenian consumers in their native language. While these changes mark a victory for Slovene’s public presence, challenges remain. The legislation’s scope does not extend to all digital providers equally. For instance, audiovisual content providers, including Netflix and Disney+, are governed by the country-of-origin principle in the EU, meaning they are not legally required to offer Slovene language options. This discrepancy has spurred debate within Slovenia about the need for more comprehensive policies to ensure broader language inclusivity across digital platforms. Advocates argue that as digital content becomes increasingly influential in daily life, language accessibility in these services is essential to preserving Slovene’s prominence.

Despite the Act’s progress, the journey to universal Slovene accessibility in the digital realm continues. We have yet to achieve a balance between the complexities of maintaining linguistic heritage in a globalized world, which further underscores the importance of adaptable policies that respond to evolving technological landscapes.

By Barbara Hocevar, Partner, and Lenart Kmetic, Senior Associate, Selih & Partnerji

This article was originally published in Issue 11.11 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

With the rollout of 5G technology, North Macedonia will have to clear a number of legal and regulatory hurdles before benefitting from its potential to transform industries, improve connectivity, and drive economic growth. The country’s telecommunications framework faces the dual challenge of accommodating this groundbreaking technology while ensuring alignment with EU standards.

North Macedonia’s telecommunications market is currently dominated by two major operators: Macedonian Telecom and A1 Macedonia. These companies have been pivotal in shaping the country’s telecommunications infrastructure and are taking another significant step forward with 5G. Both have received the necessary approval to deliver 5G services from the Agency for Electronic Communications (AEC).

North Macedonia’s telecommunications sector is governed primarily by the Law on Electronic Communications, which is largely aligned with the European Union’s regulatory framework. The AEC plays a central role in managing spectrum allocation, licensing, and promoting competition in the sector. With the recent approvals for 5G, the AEC has paved the way for facilitating the country’s digital transformation.

The release of spectrum for 5G has been an important step, but difficulties remain, particularly around the need for efficient spectrum management and ensuring that the infrastructure can support the fifth generation of services. The telecommunications operators have had to work closely with regulators to meet the technical and legal requirements for delivering 5G internet.

While the introduction of 5G services poses a range of legal and regulatory challenges, we believe that the main issues will be maintaining an up-to-date regulatory framework that addresses cybersecurity concerns, data protection, and infrastructure development.

5G introduces new vulnerabilities in network security, making it crucial for North Macedonia to strengthen its cybersecurity rules. The open architecture of 5G networks exposes telecom operators to risks such as data breaches and surveillance, which are not regulated by separate laws. We expect that North Macedonia will adopt and enforce the appropriate security protocols, reflecting EU standards like the NIS and NIS2 directives and the EU Cybersecurity Act. As the key telecommunications operators roll out 5G services, cybersecurity will be a top priority, particularly in sensitive sectors like healthcare and smart cities.

The enhanced data processing capabilities of 5G technology pose additional risks to safeguarding consumer privacy. With the rise of the Internet of Things, Macedonian telecom operators must guarantee compliance with local and international data protection laws while managing vast amounts of personal data. Protecting consumer data and privacy will be essential as the ecosystem of connected devices expands.

Lastly, one of the most pressing tasks for telecommunications operators in North Macedonia is the major infrastructure overhaul required to support 5G. Unlike 4G, 5G requires a dense infrastructure of small cell towers and fiber-optic networks. Local regulations on zoning, construction permits, and environmental impact assessments may become bottlenecks, imposing further obligations on telecom operators, while approval processes often remain lengthy and complex in practice.

A new potential player in the Macedonian telecommunications market is 4iG, a Hungarian telecom and IT services provider. Its market entry would introduce fresh competition, conceivably accelerating the 5G rollout and resulting in additional services for consumers.

While North Macedonia’s focus is currently on the ongoing deployment of 5G, telecommunications will inevitably move toward 6G technology in the future. Research into 6G is already underway globally, with this next generation of mobile networks expected to offer unprecedented speeds, ultra-low latency, and the ability to support fully autonomous systems.

For telecommunications operators, the foundations being laid with 5G will be essential for a smooth transition to 6G in the next decade. The regulatory framework will need to evolve to address anticipated challenges such as increased spectrum demand, advanced cybersecurity threats, and the legal implications of highly intelligent, interconnected systems.

Looking ahead, North Macedonia must start preparing for 6G by fostering innovation and ensuring that its legal frameworks can support the massive technological leap that 6G will represent. Early investment in research, coupled with regulatory foresight, will be critical to keep the country competitive in the global telecommunications landscape.

By Marija Filipovska Jelcic, Partner, and Martin Ivanov, Attorney-at-Law, CMS

This article was originally published in Issue 11.11 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

Bad faith trademark registrations in Moldova can pose certain challenges for foreign companies in the country. Understanding the implications of bad faith trademark registrations in Moldova is crucial for businesses looking to protect their intellectual property.

What Is a Bad Faith Registration?

In Moldova, bad faith registration refers to the dishonest practice of registering a trademark that is identical or similar to an existing trademark that is either unregistered in Moldova or registered elsewhere. Moldovan law allows a trademark registered in bad faith to be annulled in court under specific conditions.

Why Bad Faith Registrations Are a Threat

This issue is particularly relevant for foreign manufacturers who distribute products in Moldova. Often, these companies do not have a physical presence in the country, so they rely on local distributors to promote and protect their brands. In some cases, manufacturers allow distributors to register trademarks in their own name, believing the local company will be better placed to prevent trademark infringements.

While this arrangement may work initially, problems can arise later. In our experience as legal advisors, we have seen cases where distributors who had registered the trademark refused to transfer ownership back to the manufacturer, forcing the manufacturer to abandon the brand or use a new one. In some cases, competitors or third parties might also register a manufacturer’s trademark in bad faith, particularly if the brand is not yet established in Moldova. This registration can be used to block market entry or to demand the manufacturer pay an extra price to transfer the trademark. The affected party then has the option to take the matter to court to protect its trademark against the bad faith registrant.

Criteria for a Bad Faith Registration Claim

Under Moldovan trademark law, bad faith registration is an absolute ground for the annulment of a trademark. To successfully challenge a bad faith registration in court, the following criteria must be met:

1. Knowledge or Reasonable Knowledge of Prior Use: The applicant must have known, or should have known, that the trademark was already being used in good faith in Moldova, or that the brand owner was promoting it there. The law uses both “knew” and “should have known” tests, meaning the plaintiff may only prove that the bad faith registrant was reasonably expected to know about the trademark’s use under normal business circumstances (e.g., media coverage or industry events).

2. Similarity of Goods or Services: The goods or services for which the bad faith trademark is registered must be identical or similar to those used or intended for use by the aggrieved brand owner in Moldova.

3. Prior Registration in a Paris Convention or WTO Member State: The trademark must be registered in another country that is part of the Paris Convention or a WTO treaty member, and it must be well-known in that jurisdiction. The law does not define what constitutes “well-known,” making it challenging for plaintiffs to prove this criterion without further legal clarity.

4. Risk of Confusion or Unfair Advantage: The bad faith registration must create a risk of confusion with the original trademark or suggest that the bad faith registrant intends to profit from the reputation of the original brand.

Two Categories of Trademarks Affected

Bad faith registrations in Moldova can thus affect two types of trademarks:

1. Unregistered Trademarks in Moldova: These are trademarks that are actively used in Moldova in good faith, even if not registered there. In these cases, only the first two criteria (knowledge of prior use and similarity of goods/services) need to be met.

2. Trademarks Registered in Other Countries: These are trademarks that are either promoted or negotiated for promotion in Moldova but not yet registered there. In these cases, all four criteria (knowledge of prior use, similarity, prior registration in a Paris Convention or WTO member state, and risk of confusion) must be met.

Legal Consequences of Annulment

If a trademark is annulled due to bad faith registration, the trademark will be deemed inexistent from the date of its registration.

Conclusion

For foreign businesses looking to enter or operate in Moldova, understanding the risks of bad faith trademark registrations is essential. It is important to stay vigilant and ensure that intellectual property rights are properly protected. Businesses should also be aware of the legal procedures to annul bad faith registrations and take proactive steps to safeguard their brands in the Moldovan market.

By Andrei Caciurenco, Partner, ACI Partners

This article was originally published in Issue 11.11 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.