On March the 1st, 2023, the provisions of articles 32 to 42 of Law 4961/2022 (“Emerging IT and communications technologies, strengthening digital governance and other provisions”, Official Gazette 146/A/27-7-2022) are set to be in effect, with which a strict legislative framework regarding the use of Internet of Things technology has been implemented. The need for appropriate cyber security measures is highlighted as well as the obligations of the manufacturers of those devices, the importers, the distributors, their operators and the National Cyber Security Authority.

DEFINITION OF THE TERM “INTERNET OF THINGS”

The Internet of Things (IoT) is any technology that:

1. a) allows devices or a group of interconnected or related devices, through their connection to the Internet, to perform, based on a program, automatic processing of digital data, including the technology related to the interconnection of physical things, such as devices, vehicles and buildings, with electronic components, software, sensors, actuators, radio links and network connection and
2. b) allows the collection and exchange of digital data to offer a variety of services to users, with or without human participation.

THE PROVISIONS OF LAW 4961/2022

Those legislative interventions are primarily aimed at manufacturers, importers, distributors and operators of devices who make use of the Internet of Things technology, aiming to ensure a high level of security of the information that flows through them, especially when there an interaction with people, either directly or indirectly.

The manufacturers of these devices are obligated to:

• Take the necessary measures to achieve an appropriate level of cyber security.
• Draw up for each device a declaration of compliance to the technical and safety provisions of the ministerial decision of par. 12a of article 113 of law 4961/2022, which should be accompanied by a user manual and security information.
• Draw up preliminarily the appropriate policy for predicting and addressing possible security infringements.

Importers and distributors, before the distribution of those said device, must:

• Confirm that the device is accompanied by the manufacturer’s declaration of compliance.
• Deliver the declaration in question to the National Cyber Security Authority or any competent response team, following a relevant request.

The operators of those devices must:

• Make use of the devices in accordance with the technical and safety specifications, according to the ministerial decision of par. 12a of article 113 of Law 4961/2022.
• Appoint an IoT Security Officer.
• Maintain an archive of all interconnected devices, which should be updated on an annual basis.
• Provide all possible information to users of the said devices regarding their installation and operation, while ensuring a high level of security.

The National Cyber Security Authority is authorized to undertake the inspection and evaluation of compliance of the above-mentioned people and receive notifications from the operators of IoT devices, regarding the occurrence of security infringements or detected vulnerabilities.

Finally, the protection of personal data in accordance with the relevant legislative provisions (GDPR, Laws 4624/2019 and 3471/2006) is emphasized, through the implementation of a data processing impact assessment.

SANCTIONS

Sanctions have been implemented for the violators of the legislative provisions, with the strictest of those being the imposition of a fine of up to one hundred thousand (100,000) euros for repeat offenders.

As published on the Official Government Gazette here FEK-2022-Tefxos A-00146-downloaded -15_02_2023

The post Rules implemented regarding the use of the technology of Internet of Things (IoT) set to be in effect first appeared on Tsianakas & Partners Law Firm.

Added value services

Having a deep understanding of what it takes to run a client’s business as well as being commercial are crucial. Law firms have always struggled with the practicalities of providing added value services due to time constraints. This reason, however, is becoming less valid due to technology. Law firms are expected to invest in legal technology so that lawyers can focus on providing added value advice instead of routine legal work – optimizing time to provide commercial reasoning behind a novel legal opinion instead of time spent on a first draft of a document.

Effectiveness and efficiency

The priority is to expedite and streamline legal work. Clients are certainly demanding faster turnaround times, so they can react quickly to tighter internal deadlines and increase their deal velocity. For example, automated processes give clients more time to engage with their clients.

Legal technology is key

It’s clear that technology has a significant impact on how clients evaluate and select their legal advisors. In the future, technology is most likely to have a significant impact on how lawyers work, how they provide legal services, and the way in which the legal and justice system operates as a whole. The need for more investment in technology from law firms is evident. Paying lip service to innovation is no longer enough.

Frequent communication and regular progress updates

Trust-based relationships require transparency to be successful. Responsiveness differentiates a firm from competitors and allows for a positive client experience. Consistent All companies place a high value on the above as well as market experience.

The post What clients want from a law firm in 2023 first appeared on Tsianakas & Partners Law Firm.

The suspension is entered into force from December 1, 2022 until January 31, 2023. This suspension is made for the purpose of examining the possibility of adapting national legislation to the judgment of the court of Justice of the European Union on 22 November 2022. In that judgment, following a relevant question from a court of a member state, the court of Justice of the European Union declared invalid the article of Directive (EU) 2018/843 which allows unconditional public access to information on beneficial owners as opposed to the relevant article of Directive (EU) 2015/849 which allows access by demonstration of a legitimate interest.

According to the court, access by the general public to information on the actual ownership of the company concerned constitutes a serious infringement in terms of fundamental rights, namely private life and protection of personal data, enshrined in Articles 7 and 8 of the Charter, respectively. Indeed, the information disclosed allows an unlimited number of persons to be informed about the financial situation of a beneficial owner. Furthermore, the potential consequences for data subjects resulting from possible misuse of their personal data are exacerbated by the fact that, once these data become available to the general public, they can not only be freely collected, but also retained and disseminated.

That said, the court found that, with the measure at issue, the EU legislature seeks to prevent money laundering and terrorist financing by creating, through increased transparency, an environment less likely to be used for such purposes. It considers that in this way the legislator pursues an objective of general interest that can justify even serious interference with the fundamental rights enshrined in Articles 7 and 8 of the Charter and that general public access to information on real property is appropriate to help achieve this objective.

However, the court considers that the intervention entailed by that measure is not limited to what is strictly necessary for the objective pursued. Furthermore, the provisions at issue allow the public to make available data which are not sufficiently defined and identifiable. The scheme was introduced under the Anti-Money Laundering Directive and amounts to a much more serious interference with the fundamental rights enshrined in Articles 7 and 8 of the Charter than the previous scheme (which provided for access by competent authorities and certain bodies, for access by any person or organisation capable of demonstrating a legitimate interest), without this interference being outweighed by any benefit that could be derived from the new scheme compared to the previous scheme, with regard to the fight against money laundering and the financing of terrorism.

The joint decision of the ministers of Finance and State published in September on access to The Register introduced a series of safeguards against public access so that there is no risk to the data of beneficial owners entered in the Register.

However, in order to fully assess the impact of this landmark decision on national legislation and to investigate whether there is a need for adjustments, it is necessary to suspend public access for a specific period of time.

The system shall remain in full operation without affecting registration, update deadlines, as well as the access of competent authorities and obliged persons.

The post Public Access to the UBO Register has been suspended first appeared on Tsianakas & Partners Law Firm.

The Greek Whistleblowing Protection Law (4990/2022) was recently published in the Government Gazette (A/210/11.11.2022) and is entitled as follows:“Protection of persons reporting violations of EU Law – Incorporation of Directive (EU) 2019/1937 of the European Parliament and of the Council of October 23, 2019 and other urgent regulations”. It has been pointed out that the Law in question transposes into Greek Legislation an EU Directive (2019/1937), thus providing a concrete legal framework regarding individuals who report breaches of EU Law.

WHAT IS WHISTLEBLOWING?

The term first appeared in 1999 in the book “Les Sombres Precurseurs” by Francis Chatoreineau and Didier Torny and is described as the citizen acting for the common good. In Greek, a whistleblower (Greek: μάρτυρας δημοσίου συμφέροντος) is a person who makes a substantial contribution with the information he provides to the authorities, but without being himself involved and without having any particular benefit from the disclosure and prosecution of cases. The cases may concern active or passive corruption involving public officials, active or passive corruption of an official, active or passive corruption of judicial officials, (etc).

PURPOSE AND PROTECTION OF WHISTLEBLOWERS

According to Article 1 of the EU Directive, ‘the purpose of this directive is to ensure an integrated framework for the protection of persons reporting breaches of European Union Law and to transpose Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons reporting breaches of Union law (L 305)’.

A whistleblower discloses any form of information that is considered as illegal, unethical, or not in accordance with an organization’s regulations, so we understand that it can be anyone with well-founded allegations of any violations. The information may be related to a violation of a company’s policy, laws, or regulations or pose a threat to the public interest or national security, as well as denouncing fraud and corruption. Whistleblowers, although protected by various organizations, face criminal charges, dismissals, sanctions and gain social stigma.

Taking this into consideration, the Law in question prohibits any form of retaliation and retaliatory actions against the petitioner, whether it may come from the employer or from third parties. In addition to retaliation concerning general and special working conditions, any other harmful action against the petitioner in his professional and social environment related to the petition is also prohibited. Indicatively, dismissal, demotion, omission, and deprivation of promotion, removal of duties, change of place of work, reduction of salary, change of working hours are prohibited.

It is also criminally standardized to obstruct or attempt to obstruct a report, to carry out retaliation, and to disclose the identity of reporting persons subject to confidentiality. Fear or the threat of retaliation discourages potential public interest whistleblowers from reporting their suspicion. In this context, the importance of ensuring balanced and effective protection of public interest whistleblowers is increasingly recognized at the EU and international level. The establishment of an effective protection framework for persons reporting breaches of  EU Law is necessary in order to encourage such persons to disclose breaches of public interest.

In light of the new provisions, these persons enjoy substantial guarantees, in such a way that they do not incur the risk of prosecution or retaliation and that their information is made confidential and protected. Strengthening the protection of public interest whistleblowers contributes to the prevention and deterrence of breaches of EU Law, and through them to the defence of the public interest.

OBJECTIVE OF LAW 4990/2022

Article 2 refers to the subject of this Law, which is the establishment of a system of internal and external reporting of violations of EU Law, the protection of persons reporting such violations, the organization of the procedure for the submission – receipt, and monitoring of reports and the penalties imposed in case of violation of this law.

The provisions of Law 4990/2022 apply to the protection of persons reporting or disclosing: (A) breaches of  EU Law, as specifically defined in part I of the annex, in the areas of: (aa) public procurement, (ab) financial services, products and markets, as well as the prevention of money laundering and terrorist financing, (ac) product security and compliance, (ad) transport security, (ae) environmental protection, (af) radiation protection and nuclear safety, (ag) food and feed safety, as well as animal health and welfare, (ah) public health, (ai) consumer protection, (aj) privacy and personal data protection, and the security of network and Information Systems, (B) breaches affecting the financial interests of the Union referred to in Article 325 of the Treaty on the Functioning of the European Union (T.F.E.U) and specifically defined in the relevant union measures and C) violations related to the internal market, as referred to in par. 2 of Article 26 of T.F.E.U., including infringements of Union competition and state aid rules, as well as infringements of the internal market relating to acts infringing corporate tax rules or arrangements, the purpose of which is to secure a tax advantage which frustrates the object or purpose of applicable corporate tax law.

SANCTIONS

A penalty of imprisonment and a fine can be imposed on persons who: (a) prevent or attempt to prevent reporting in cases of violations falling within the scope of this protection, (b) retaliate or initiate malicious proceedings against the persons referred to in Article 6, (c) violate the obligation to maintain the confidentiality of the identity of the Reporting Persons in violation of Article 14. For the measurement of the penalty, the intensity of the retaliation and the gravity of the violation shall be taken into account. Responsibility of persons of par. 1 according to other provisions is not excluded. Persons who knowingly made false reports or false public disclosures shall be punished with a prison sentence of at least two (2) years and a fine. Responsibility of persons of par. 3 according to other provisions is not excluded. If any of the violations hereof were committed, for the benefit or on behalf of a legal entity, an administrative fine shall be imposed on it, the amount of which may not be less than ten thousand (10.000) Euros and greater than five hundred thousand (500.000) Euros. In order to measure the above sanction, in particular, of the gravity of the infringement and the degree of culpability shall be taken into account.

THE IMPLEMENTATION OF LAW 4990/2022

The period during which companies are required to comply with the provisions of Law 4990/2022 depends (a) on whether the company belongs to the public or private sector and (b) on the number of company’s employees. More specifically, private sector companies with fifty (50) to two hundred and forty-nine (249) employees must comply with the obligation to establish an internal reporting channel, according to Article 9, by December 17, 2023, and inform the competent supervisory body of par. 11 and 12 of Article 9 respectively. Private sector companies with more than two hundred and forty-nine (249) employees must comply with the obligation to establish an internal reporting channel, in accordance with Article 8, within six (6) months from the entry into force of this and inform the competent supervisory body of par. 11 and 12 of Article 9 respectively.

Public sector companies must comply with the obligation to establish an internal reporting channel, in accordance with Article 8, within six (6) months from the entry into force of the Law in question.

Download File – Νόμος 4990/2022 (ΦΕΚ 210/Α/11-11-2022)

The post The Greek Whistleblowing Protection Law first appeared on Tsianakas & Partners Law Firm.