Intangibles, Data and Technology

In today’s fast-paced digital environment, securing compliance with key EU digital regulations such as the Network and Information Security Directive 2 (NIS2), the Cyber Resilience Act (CRA), the Digital Operational Resilience Act (DORA), the Critical Entities Resilience Directive (CER), and the European Accessibility Act (EAA) is essential. Our Intangibles, Data, and Technology Law team provides comprehensive expertise in Dutch and EU regulatory frameworks for artificial intelligence, (data) privacy (including GDPR), cybersecurity, platform regulation, and digital technologies—often in collaboration with Deloitte’s Digital Regulation & Privacy specialists in Strategy, Risk & Transaction Advisory.

Recognising that regulatory landscapes shift in response to technological change, societal pressure, and geopolitical developments, we strive to ease your organisation’s regulatory obligations by applying Deloitte’s broad capabilities to design practical, tailored solutions. We also bring knowledge of European consumer protection law and its intersection with these digital regulations, ensuring a synergistic approach that supports both compliance and enhanced user trust. To help you identify, interpret, and comply with these evolving regulations—including NIS2, AI-Act, CRA, DORA, CER, EAA, the Data Act, and the Data Governance Act—we employ a proven three-phase approach:

• Applicability Assessment
  Conducting thorough scoping and impact analysis using AI-powered regulatory mapping to determine exactly how new regulations such as NIS2, CRA, DORA, the Data Act, the Data Governance Act, EAA, CER, and others affect your operations.
  
• Gap Assessment
  Pinpointing compliance gaps and proposing bespoke solutions driven by data insights to help maintain operational integrity and reduce risk.
  
• Advisory, Roadmap & Implementation
  Defining clear, implementable pathways to compliance, with flexible, ad hoc advisory support at every stage.

Our multidisciplinary approach—encompassing lawyers, consultants, and data engineers—draws on years of diverse experience across large corporate enterprises, healthcare, automotive, law enforcement, defence, and public-private collaborations. This translates into expert knowledge of specific types of regulations, such as the Medical Devices Regulation (MDR). Seamlessly integrating AI and technical expertise ensures actionable, scalable solutions.

In addition, we have a special focus on Japanese companies with headquarters in Europe, advising these companies often in collaboration with our Japanese firm, building bridges between nations. We are committed to guiding your organisation towards compliance, resilience, and a strategic edge in an evolving digital world.

Is your organisation using or developing AI solutions? In the current digital era, staying compliant can be a challenge, especially under new and evolving regulations such as the EU AI Act.

We help you tackle the complexities of AI regulation by, among other things, offering:

• Ad hoc support on compliance, interpretation, and applicability questions
• Designing and populating inventories, supporting further implementation efforts and assessing risk
• In-depth AI governance and gap analyses with clear action plans
• Stakeholder identification, strengthening governance, roles and responsibilities
• Tailored compliance roadmaps and standards mapping for sustainable implementation
• Customised literacy programmes and board training to equip your teams with essential AI knowledge
• Strategic guidance on AI governance and procurement
• Integrated AI policies and incident response procedures embedded seamlessly into existing frameworks

Our capabilities extend beyond AI compliance: we have deep experience in contracting, intellectual property, privacy (including GDPR), and broader EU digital regulations, leveraging Deloitte’s international network for specialised knowledge. This holistic, AI-augmented approach accelerates compliance and innovation.

Data underpins virtually every organisation—from governmental institutions to SMEs and large multinational corporations. Protecting (personal) data is not only a fundamental responsibility but also a potential competitive advantage in the digital age, where the rights of consumers and data subjects must be respected under the GDPR and related frameworks.

We assist you in building robust data privacy practices by:

• Privacy gap assessments
  Determining your organisation’s current level of personal data protection and rectifying any identified gaps.
• Data Protection Impact Assessments (DPIAs)
  Identifying and mitigating privacy risks effectively, ensuring compliance and reducing potential liabilities.
• Privacy by design and default
  Advising on privacy measures when developing or implementing new technologies, systems, and services to embed compliance from inception.
• Cross-border data transfers
  Drafting Data Transfer Impact Assessments (DTIAs), Binding Corporate Rules (BCRs), privacy manuals, and policies for secure data exchange outside the EEA.
• Reviewing and drafting data protection clauses
  Ensuring your data processing agreements (DPAs), joint controllership agreements, and (online) privacy statements meet current (local) regulatory standards.
• Data retention obligations and policies
  Establishing the protocols needed to comply with EU and local data retention requirements.
• Cookie policies
  Advising on cookie compliance to protect user privacy, mitigate risks, and build customer trust.
• Awareness training
  Raising organisational privacy awareness through tailored training programmes.
• Subject Matter Expertise
  Serving as a (Legal) SME to guide your privacy strategy and implementation.

Contracts form the basis of collaboration, innovation, and the development or delivery of products and services. In a rapidly evolving regulatory landscape, clear and enforceable contracts are critical to keeping pace with compliance obligations and market demands. Legislation in the fields of artificial intelligence, cybersecurity, and data (sharing) require extra attention in this context to remain relevant in a competitive market. By addressing regulatory requirements proactively and thoroughly in your contractual arrangements, you lessen risks and promote collaboration and accountability among all stakeholders. Our contracting services include:

• Quick scan & risk assessments
  Reviewing contractual obligations pre-contract to uncover risks and providing recommendations for remedial actions.
• Strategic (vendor) contracts
  Drafting, reviewing, and negotiation support on key contracts, ensuring clarity and enforceability, supporting sound Third-Party Risk Management processes.
• Templates & playbooks
  Developing robust templates for consistency and detailed playbooks to streamline the contracting process.
• High-volume & contract repapering
  Using technology-enabled review and dashboarding to manage extensive contract portfolios, ensuring transparency and compliance during repapering and renewals. AI-driven contract analysis accelerate portfolio management and risk identification.
• Contracting desk
  On-demand access to expert advice to guide you through contractual queries whenever required.

Intellectual Property (IP) is a core asset for organisations across every sector, from pioneering start-ups to established multinational corporations. In today’s knowledge- and data-driven economy, safeguarding IP is crucial to foster innovation and maintain a competitive edge. Our team offers guidance on diverse aspects of IP and trade secrets law, including:

• IP in the context of new laws (Digital Regulations) and technologies
  Navigating IP complexities introduced by new laws and regulations, including the EU AI Act and the EU Data Act. This includes tailored guidance to help organisations understand the implications of compliance requirements on IP management approach and strategy.
• IP legal due diligence
  Investigating the status of your IP and important contractual terms to highlight key risks and advise on mitigation measures.
• IP transactions and agreements
  Advising on and supporting IP-centric and IP-related transactions, such as assignments and licensing arrangements, and drafting distribution, R&D, and co-creation agreements.
• IP training and workshops
  Providing sessions to bolster your team’s knowledge of IP and best practices for identification, protection, and enforcement, and assessing the maturity of IP processes to formulate prioritised roadmaps.
• Confidential information and trade secrets
  Offering legal guidance on securing sensitive or valuable secret information.
• Subject Matter Expert services
  Advising as a Legal SME in IP and trade secrets, with the ability to address emerging digital regulations and technologies—such as AI—as well as their interfaces, which can influence IP management and protection.