undefined

Add a bookmark to get started

Global Site
Africa
MoroccoEnglish
South AfricaEnglish
Asia Pacific
AustraliaEnglish
Hong Kong SAR ChinaEnglish简体中文
KoreaEnglish
New ZealandEnglish
SingaporeEnglish
ThailandEnglish
Europe
BelgiumEnglish
Czech RepublicEnglish
HungaryEnglish
IrelandEnglish
LuxembourgEnglish
NetherlandsEnglish
PolandEnglish
PortugalEnglish
RomaniaEnglish
Slovak RepublicEnglish
United KingdomEnglish
Middle East
BahrainEnglish
QatarEnglish
North America
Puerto RicoEnglish
United StatesEnglish
OtherForMigration
Abstract_Lights_P_0152
27 January 202513 minute read

Innovation Law Insights

27 January 2025
Publication

DLA Piper GDPR Fines and Data Breach Survey: January 2025

The seventh annual edition of DLA Piper's GDPR Fines and Data Breach Survey has revealed another significant year in data privacy enforcement, with an aggregate total of EUR1.2 billion in fines issued across Europe in 2024. Read the full report here.

 

Podcast

DORA is applicable: Act now to avoid non-compliance risks

The Digital Operational Resilience Act (DORA) is fully applicable as of 17 January 2025, bringing sweeping changes to cybersecurity in the financial sector. In this episode of the Diritto al Digitale podcast, Giulio Coraggio, DLA Piper technology and data lawyer, unpacks the urgent steps businesses have to take to comply with DORA’s stringent requirements. From banks to crypto providers and ICT suppliers, no one is exempt. Learn how to close compliance gaps, secure your operations, and avoid the risks of falling behind. Listen to the episode on Apple PodcastsGoogle PodcastsSpotify, and Audible.

 

Data Protection and Cybersecurity

Bank of Italy's Communication on the DORA Regulation: Key Points and impacts for financial entities

The Digital Operational Resilience Act (the DORA Regulation) came into force on 17 January.

From now on, economic operators subject to the Regulation have to show they've promptly activated all processes necessary to align their internal structures and relationships with third parties with the various requirements established by the Regulation.

But the regulatory framework outlined by DORA isn't yet fully complete. Several technical standards, although already adopted by the European Commission, haven't yet come into force (and possible modifications or adjustments cannot be entirely ruled out). The application of the Regulation will partly depend on the interpretation provided by the various sectoral authorities in each member state.

The Bank of Italy’s communication to the market of 30 December is particularly useful. It highlights certain aspects of the DORA Regulation that require clarification to ensure uniform application.

Specifically, the Bank of Italy examines the following areas:

  • ICT risk control function

Under Article 16 of the Regulation, financial entities have to assign responsibility for managing ICT risks to a dedicated control function, which have to have an appropriate level of independence.
The Bank of Italy specifies that, in the absence of alternative guidance in DORA’s regulatory framework, the ICT control function may coincide with the risk management or compliance functions. But it emphasizes that this function cannot, under any circumstances, be assigned to the structure that also manages the internal audit function.

  • Notifying the competent authority of agreements with ICT third parties service providers supporting critical or important functions

Starting 17 January, financial entities have to notify the competent authority of contractual agreements for ICT services supporting essential or important functions. The Bank of Italy clarifies that existing sectoral regulations on ICT outsourcing will no longer apply (and provides a list of such regulations).

Nevertheless, the Bank of Italy retains the power to intervene if the reported agreements present specific critical issues or inconsistencies with the legislation.

  • Reporting major ICT incidents and significant cyber threats

The Bank of Italy reminds entities that the current regulations on incident reporting will be repealed (without prejudice to all provisions regarding personal data breaches) and replaced by DORA’s provisions and related technical standards.

Additionally, financial entities have to use the template included in the relevant Delegated Regulation, and reports must be submitted through the Infostat platform.

  • Threat-Led Penetration Testing (TLPT)

Lastly, regarding TLPT, the Bank of Italy informs that the process of identifying entities required to perform the tests is still underway. The Authority will notify the affected entities when it's completed the analysis and will work with them to define an implementation plan for the tests.

Author Edoardo Bardelli

 

Intellectual Property

UPC: An overview of proceedings from the beginning of activities

On the first day of the year, UPC published a new report providing an overview of proceedings initiated since its inauguration in June 2023.

With regard to the Court of First Instance, the number of cases has been growing steadily, and to date a total of 635 proceedings have been brought. Of these, 239 are infringement actions, in most of which counterclaims for invalidity have been brought. Once again, at least with regard to infringement proceedings, the German Local Divisions are the main characters and, similarly to what has already been highlighted in previous UPC reports, the courts most involved are those of Munich, Düsseldorf, Mannheim and Hamburg. As far as Italy is concerned, the Local Division in Milan has seen 13 infringement actions brought to date.

Of the other first instance proceedings, 62 concern the issuing of precautionary measures. No news from the point of view of actions for damages: there's still only one proceeding, as already reported in the last case loads detailed in this column.

As for actions for nullity brought as main proceedings, to date 55 proceedings have been brought, most of which have been instituted before the Paris Central Division, which once again ranks first in terms of the number of proceedings, with a slight increase in the number of applications compared to the last report we analysed last October (from 39 to 40). Although the Central Divisions of Milan and Munich rank second and third respectively for nullity actions, the gap between the Parisian and the offices of Milan and Munich is still significant: only eight and seven applications having been filed before the latter courts. It's worth noting how the Milan Central Division, although it has only been operational for a few months, has more proceedings than the German Central Division, which started work in June 2023.

The UPC Court of Appeal has seen more than 180 proceedings so far, most of them concerning the appealability of decisions, pursuant to Rule 220 RoP.

As regards the languages, English and German still dominate in proceedings before the Court of First Instance. There's been a slight decline in the use of German, with a decrease from 41% of proceedings initiated in this language in October to 39% at present. In contrast, there's been a slight increase in cases brought in English (52% in October, 53% today).

The use of French and Italian, although modest, is increasing slightly.

With regard to the industrial sectors most affected, patents relating to class H (Electricity) of the IPC (International Patent Classification) stand out, with the largest number of proceedings being promoted. The second most affected class of inventions is once again class A of the same classification, relating to "human necessities."

It's hoped that this year the UPC system, already a point of reference in the European patent context, will continue to gain prominence and become a valid and accessible alternative not only for large, but also for small and SMEs which are still rather overshadowed in this judicial landscape. We're confident that the Central Division in Milan will attract an increasingly significant number of proceedings, contributing to strengthening the centrality of our country in the UPC organization.

Author: Massimiliano Tiberio

 

Legal Design

Trick #4: How to Generate an 'idea'

Transforming complex problems into simple solutions: The power of ideation in legal design

In Legal Design, the ideation phase is crucial for transforming complex legal problems, identified in the previous step (if you missed it, check out Trick #4 on "How to Define the Problem"), into innovative, user-centred, and accessible solutions.

How to do it?

Once a problem is identified, the ideation phase paves the way for fresh perspectives. By using creative techniques, you can design more effective legal tools and services.

Ready to explore the most effective techniques?

  1. Brainstorming: Let ideas take flight

A group session to gather as many ideas as possible for solving a legal problem.

How to do it?

  • Bring your team together, in person or online, and encourage them to think from the user’s perspective.
  • No idea is a bad idea – embrace even the most unconventional ones!
  • Use visual tools like sticky notes or digital whiteboards to give creativity free rein.
  1. Mind Mapping: Organize your creativity

A technique to structure and connect the problem to multiple solutions, highlighting the risks and benefits of each option in a visual and intuitive way.

How to do it?

  • Start with the central problem (eg simplifying a contract).
  • Draw arrows and branches for each idea, exploring hybrid solutions as well.
  • Use colours and visuals to make the process more engaging.
  1. Envisioning: Look to the future

A visualization technique to imagine ideal scenarios, such as accessible justice or a seamless client experience.

How to do it?

  • Sketch your idea, even with simple drawings, to highlight its pros and cons.
  • Answer this question: "How would I want this solution to improve the user's experience?"

Let’s look at an example!

A client wants to make their contract templates clearer and more user-friendly.

  1. Brainstorming: With the legal team, gather ideas by using graphics to illustrate clauses, creating interactive glossaries, and drafting simplified summaries.
  2. Mind mapping: Visualize all feasible options to assess and prioritize the most effective ones.
  3. Envisioning: Sketch the new contract structure, imagining how the other party could read and understand it in minutes.

Did you know?

Ideation techniques are widely used in creative fields like industrial design and advertising. For instance:

  • Brainstorming was developed by Alex Osborn in the 1950s to inspire creativity in advertising teams.
  • Envisioning has been pivotal in designing the user interfaces of early smartphones, revolutionizing human-machine interaction.

Don’t miss the next trick!

Stay tuned for Trick #6 to learn how to "prototype" your ideas and make them even more tangible.

Author: Deborah Paracchini

 

Life Sciences

The new era of health technology assessment: HTA Regulation becomes applicable

The EU has entered a new phase for health technology assessment (HTA). On 12 January 2025, Regulation (EU) 2021/2282, known as the HTA Regulation, became applicable. The HTA Regulation introduces a harmonized approach to evaluating medicines, medical devices, and other health technologies, aiming to provide patients with faster and more consistent access to innovative treatments across the EU.

Goals and implementation of the HTA Regulation

The HTA Regulation establishes a common framework for assessing health technologies, including medicines, medical devices, medical procedures, and other measures for preventing, diagnosing, or treating diseases. It focuses on three relevant pillars:

  • European cooperation: a shared system among member states to avoid duplication and promote synergy in HTA.
  • Joint Clinical Assessments (JCA): uniform methodologies to evaluate the efficacy, safety, and benefits of health innovation.
  • Single dossier submission: developers will submit one set of documentation for EU-wide JCA, streamlining processes.

HTA evaluates the benefits of a specific health technology (eg a medicine or medical device) compared to existing market alternatives. This evaluation supports health policy decisions in member states, including pricing and reimbursement. HTA relies on scientific evidence, addressing both clinical and non-clinical factors such as costs, ethical concerns, and organizational impacts. This ensures informed decision-making and better patient outcomes.

The single European dossier simplifies submissions, eliminating redundant processes. Additionally, the active involvement of patients, healthcare professionals, and stakeholders in assessments makes decisions more inclusive and aligned with patient needs.

Gradual implementation of the HTA Regulation

The implementation of the HTA Regulation will occur in phases to allow stakeholders and member states to adapt. From January 2025, the provisions will apply to oncology medicines and advanced therapies, extending to high-risk medical devices in 2026. By 2028, orphan medicines will be included, and all new health technologies will undergo joint clinical assessments by 2030.

This phased approach allows member states and stakeholders to transition smoothly without disrupting current procedures, focusing efforts initially on priority therapeutic areas.

The role of the EMA

The European Medicines Agency (EMA) plays a central role in implementing the HTA Regulation. EMA will provide regulatory data to support clinical assessments, collaborate with the HTA coordination group to ensure scientific consistency, and advise the European Commission to maintain transparent and timely processes for marketing authorization applications.

EMA will also conduct horizon scanning to identify emerging technologies, supporting the planning of future assessments. This integration between regulatory requirements and scientific evaluations enhances overall efficiency.

HTA implementation in Italy

Italy is aligning its legal framework with the HTA Regulation. The 2014–2016 Health Pact and Law 190/2014 laid the groundwork for HTA in Italy, further developed by Legislative Decrees 137 and 138 of 2022 for medical devices.

In 2023, the Ministry of Health adopted the National HTA Program for medical devices (PNHTA 2023–2025), which aims to:

  • integrate HTA into decision-making at national, regional, and organizational levels;
  • apply HTA throughout the entire lifecycle of technologies, from design to obsolescence;
  • enhance efficiency in allocating healthcare resources.

The 2025 Budget Law mandates the Ministry of Health to update the PNHTA by 30 June 2025.

In the pharmaceutical sector, the Italian Medicines Agency (AIFA) plays a key role. Its Scientific and Economic Commission for Medicines, established in 2024, provides guidance on clinical evaluation parameters, ensuring alignment between national policies and the European framework.

A more innovative and transparent European healthcare system

The HTA Regulation marks a significant step toward a more integrated, transparent, and equitable European healthcare system. Simplified procedures and shared criteria enable faster access to innovative therapies, improving efficiency.

Collaboration between member states, institutions, and stakeholders is driving a future-focused healthcare governance model. This transformation benefits patients, providing quicker access to effective treatments and fostering a modern, sustainable, and inclusive healthcare system.

Author: Nicola Landolfi, Nadia Feola


Innovation Law Insights is compiled by DLA Piper lawyers, coordinated by Edoardo BardelliCarolina BattistellaCarlotta BusaniGiorgia Carneri, Noemi Canova, Gabriele Cattaneo, Maria Rita CormaciCamila CrisciCristina CriscuoliTamara D’AngeliChiara D’OnofrioFederico Maria Di VizioNadia FeolaLaura GastaldiVincenzo GiuffréNicola LandolfiGiacomo LusardiValentina MazzaLara MastrangeloMaria Chiara MeneghettiDeborah ParacchiniMaria Vittoria Pessina, Marianna RiedoTommaso RicciRebecca RossiRoxana SmeriaMassimiliano Tiberio, Federico Toscani,  Federico Toscani, Giulia Zappaterra.

Articles concerning Telecommunications are curated by Massimo D’AndreaFlaminia Perna and Matilde Losa and Arianna Porretti.

For further information on the topics covered, please contact the partners Giulio CoraggioMarco de MorpurgoGualtiero DragottiAlessandro FerrariRoberto ValentiElena VareseAlessandro Boso CarettaGinevra Righini.

Learn about Prisca AI Compliance, the legal tech tool developed by DLA Piper to assess the maturity of AI systems against key regulations and technical standards here.

You can learn more about “Transfer”, the legal tech tool developed by DLA Piper to support companies in evaluating data transfers out of the EEA (TIA) here, and check out a DLA Piper publication outlining Gambling regulation here, as well as a report analyzing key legal issues arising from the metaverse qui, and a comparative guide to regulations on lootboxes here.

If you no longer wish to receive Innovation Law Insights or would like to subscribe, please email Silvia Molignani.