DENMARK Trends and Developments Contributed by: Simon Milthers, Thomas Bøgedal Kristiansen, Mikkel Friis Rossa and Emil Steenberg, Bech-Bruun
face fines of up to EUR10 million or 2% of their total annual global turnover for non-compliance with NIS2. Important companies are subject to fines of EUR7 mil- lion or 1.4% of their annual global turnover. Compe- tent supervisory authorities are authorised to conduct on-site inspections, ad hoc audits, security scans and other checks on companies within NIS2’s scope. Authorities may also suspend services or activities carried out by the company in question in cases of non-compliance. Additionally, the Digital Operational Resilience Act (DORA) regulates the EU’s financial sector and ICT service providers, requiring robust governance frame- works to manage ICT risks (including incident man- agement and technology testing). DORA also man- dates that third-party ICT suppliers meet information security standards through contractual assurances. Failure to comply with DORA can, much like NIS2, result in significant penalties. This highlights the importance of meeting new cybersecurity standards that are critical for businesses in affected sectors. As the regulatory framework evolves, companies should prepare for the impact of these regulations to ensure they are ready to meet the new compliance requirements when they come into effect. Leveraging data Data is a crucial resource in today’s digital economy. The Data Governance Act ( Forordning om datasty- ring ), effective as of September 2023, facilitates data sharing across sectors and EU countries. The Data Governance Act clarifies the conditions under which data can be used and shared, promoting innovation and collaboration. In addition, the Data Act – applicable from September 2025 – complements the Data Governance Act, cre- ating a robust legal framework for data management within the EU. The Data Governance Act established processes and structures to promote voluntary data sharing. In contrast, the Data Act specifies who can derive value from data and under what conditions, setting clear and fair rules to support a trusted and secure data economy. Together, these regulations aim to foster an internal EU data market, benefiting sec-
tors across the economy and areas of public interest by facilitating fair access to and use of data – ulti- mately advancing Europe’s digital transformation. The foregoing will be supplemented by the EU’s Cyber Resilience Act, which seeks to establish the founda- tional requirements for the creation of secure digital products. These include obligating manufacturers of both hardware and software products to prioritise security throughout the entire life cycle of their prod- ucts in order to minimise vulnerabilities. For tech companies, the ability to leverage data effec- tively is becoming increasingly important. M&A trans- actions will focus on companies with valuable data assets, particularly in sectors such as healthcare and life sciences where data utilisation can drive signifi- cant advancements. Embracing SaaS and PaaS models A key trend in the M&A market is the increasing rel- evance of software as a service (SaaS) and platform as a service (PaaS) models. SaaS and PaaS models are characterised by their recurring revenue streams and the provider’s ability to introduce updates and changes to the services. These more flexible tools are a contributing factor to the transition from traditional licence-based models to SaaS/PaaS models. This shift is also driven by the growing importance of AI-based services, which rely heavily on data. Com- panies that can effectively harness and utilise data are well positioned to thrive in this new area. As a result, M&A activities are likely to focus on acquiring companies with strong data capabilities. Emerging technologies When conducting due diligence for special or emerg- ing technologies such as AI, the internet of things (IoT), autonomous driving and big data, the process generally mirrors that of other technologies from an IP perspective. However, the use of AI introduces unique legal challenges, particularly concerning the owner- ship of IP rights and liability for decisions and dam- ages resulting from AI applications. It is a fundamental principle of Danish copyright law that copyrights are attributed to natural persons as
98 CHAMBERS.COM
Powered by FlippingBook