You will be redirected to the website of our parent company, Schönherr Rechtsanwälte GmbH: www.schoenherr.eu
Welcome to the May edition of Schoenherr's to the point: technology & digitalisation newsletter!
We are excited to present a selection of legal developments in the area of technology & digitalisation in the wider CEE region.
VC market remains strong. According to the Morningstar owned data and research company Pitchbook, Europe's venture capital (VC) market remained strong in Q1 this year. The data suggests that the trend of the past months has continued as we saw valuations climbing. However, Pitchbook suggests that due to the ongoing uncertainty growth might slow a little.
Early-stage pre-money valuations of start-ups reached a median of EUR 9.4m, which is nearly 40 % higher than last year's median. Therefore, the data suggests that chaotic markets did not have a huge impact on early-stage companies. A very different story are the numbers for late-stage valuations, which saw a rise of the median by "only" 6.5 % to EUR 19.4m.
Finally, because this summary would not be complete without mentioning unicorns, Europe saw 28 new unicorns in Q1. The total valuation of European unicorns reached a record EUR 424.5bln.
Dr Evil Project. To move on to a completely different topic: In 2021, the Swiss government's Spiez laboratory asked scientists Sean Ekins and Fabio Urbina to see what AI could do in the wrong hands. Their AI platform MegaSyn is usually programmed to generate non-lethal molecules that can be used for pharmaceuticals. By changing just a bit of code, MegaSyn came up with 40,000 lethal substances overnight. A single grain of each of these molecules could kill a person. No wonder regulators around the world are rushing to regulate AI, with the EU's AI Act being just one example.
Please enjoy this month's ttp technology newsletter and don't forget to subscribe!
The stablecoin TerraUSD (UST) and its sister token Luna collapsed last week. Terra was one of the most valuable cryptocurrencies and peaked at around EUR 115 in April 2022. What has happened is still not entirely clear. According to sources (e.g. Euronews), the crash is comparable to the 2008 financial crisis. UST was intended (and marketed) as a stablecoin, but instead of being backed by cash or other assets, UST used a "complex mix of code and Luna to stabilise the process". Market participants now claim that the entire system was a Ponzi scheme. According to the Euronews article, Terra's creator Do Kwon purchased EUR 3.3bln worth of Bitcoin to support UST in the event of a crisis. Kwon's Luna Foundation Guard then said in a tweet that it had withdrawn 37,000 Bitcoins – worth more than USD 1bln (EUR 962m) at then current prices – to lend out. The company said "very little" of the borrowed Bitcoins have been spent, but it is "currently being used to buy" UST. Many worry that the Luna Foundation Guard will sell a large part of its Bitcoin to support UST. Effectively, the cryptocurrency was backed with Bitcoin and apparently crashed the price of Bitcoin (which crashed all other cryptocurrencies, as they are all correlated), the article further mentions. Just like in the 2008 financial crisis, they leveraged, overleveraged and collapsed, and this affected other (real) assets. The collapse of Terra Luna shows that fast growing financial products need to be assessed with care as they impose a risk on investors and overall financial stability. This is crying out for regulation, but MICA is already on its way.
A new standard has emerged in the NFT market called semi-fungible tokens (SFTs).
This combines the properties of fungible tokens such as cryptocurrencies that are exchangeable with each other and non-fungible tokens (NFT) that represent a unique digital or real asset.
This combination can currently be mined with Ethereum's ERC-1155 standard smart contract. The SFT smart contract includes a feature that allows tokens to change their status from fungible to non-fungible.
Initially, they are fungible tokens and can therefore be exchanged for other identical SFTs at this stage. However, if a certain trigger event such as expiry or equivalence of a token has already taken place, the fungible token becomes a collectible and thus acquires the status of an NFT and therefore a completely different value. SFTs currently exist mainly in the (metaverse) gaming sector, for example to facilitate the exchange of in-game money for collectibles, such as additional items.
Likewise, a token can be an NFT at the beginning and serve to generate in-game money, which then turns it into a fungible token.
With SFTs, different attributes or trigger events can be defined for individual token IDs. For example, it can increase the value if a special player held the item as an NFT before the transformation to fungible tokens. Furthermore, with this new smart contract, tokens for different target groups can be created and combined with different functions in one smart contract. It is also possible to transfer only fractions of a token.
An additional advantage of SFTs is that transactions can be carried out more cheaply and quickly than, for example, with NFTs based on a different standard (ERC 712).
SFTs are already in use by some game providers, such as Enjin, Horizon Games or The Sandbox.
Even if SFTs are currently only used sporadically by marketplaces, decentralised applications and metaverse environments, it clearly shows that fungible and non-fungible tokens can be combined for complicated business logics, which also reduces costs and transaction times.
Yuga Labs, the company behind the popular Bored Ape Yacht Club ("BAYC") NFTs, has continued to establish itself as the top dog among NFT providers. Last month, they not only launched their first digital land plots (called Otherdeeds) to their own metaverse called Otherside, which were sold out within hours (with transaction fees sometimes higher than the cost of the NFTs themselves due to high demand), but also acquired the IP to the Cryptopunks and Meebits NFTs. As a reminder, with the purchase of an NFT, the NFT holder does not automatically acquire the corresponding IP rights. Such rights must be transferred separately as a licence. And this is exactly what Yuga Labs now intends to do. By adapting the terms & conditions to the newly acquired NFT Collections, holders of these NFTs will receive the same rights as the holders of the BAYC NFTs (see T&C BAYC).
So what does all this mean? Besides personal use rights, NFT owners would also acquire commercial rights to the artwork behind the NFTs and especially the possibility to create derivative works of their artwork. For example, Yuga Labs mentions owners shall have the right to use the artwork to produce and sell their own merchandise (e.g. T-shirts, etc.) displaying copies of the artwork. According to Yuga Labs, by doing so they also want to further encourage interoperability with other web3 projects through third-party developers. All in all, another welcome step towards the foundation of a creative meta age.
The (Austrian) copyright levy system: Any reproduction of copyrighted works (texts, pictures, graphics, music, etc.) requires the consent of the rightholder(s). While Member States may provide exceptions or limitations to the reproduction right for reproductions on any medium made by a natural person for private use and for ends that are neither directly nor indirectly commercial, it must be ensured that the rightholders receive fair compensation. In essence, a private copy does not infringe copyright, but it is not free of charge. Since it would be impossible to collect the corresponding remuneration directly from the private users, the remuneration is based on the storage material. The importers of such material add the copyright levy to the price and pay it to the collecting society (which distributes it to its members – the authors). Like VAT, the levy is ultimately borne by the private user.
The case: Austro-Mechana, an Austrian copyright collecting society, applied for an order to allow it to invoice for and take payment of remuneration in respect of "storage media of any kind" on the grounds that the German opponent Strato AG provides its business and private customers with a service known as "HiDrive", by which it makes cloud computing storage space available to them.
The question: The Austrian court wanted to know whether the expression "reproductions on any medium" also includes reproduction on servers owned by third parties that make storage space available on those servers (cloud storage). In addition, the court wanted to know whether Austrian law would be out of line with EU law if it does not make cloud computing storage service providers subject to the payment of fair compensation.
The answer: The CJEU (C‑433/20) referred to the principle of technological neutrality and decided that "reproductions on any medium" also covers private copies in the cloud. However, the Member States enjoy broad discretion regarding the fair compensation system. The CJEU recalled that it is for the Member States to determine who must pay that compensation and to establish the form, detailed arrangements for collection and the level of that compensation. Thus, it is also in line with EU law if a Member State does not make cloud computing storage service providers subject to the payment of fair compensation if the legislation provides for the payment of fair compensation to the rightsholders.
Outlook: It was not surprising that private copies in the cloud also have to be remunerated and that cloud storage is thus also subject to the copyright levy. However, the pressing question of who must pay what in which Member State to ensure fair and not excessive compensation remains open. Given the shift to streaming services, it also seems questionable to what extent devices or the cloud are still used to store copies of copyrighted third-party content.
On 28 April 2022, the European Commission announced a new code of practice signed by more than 60 countries aimed at establishing principles and rules for the use of a trusted, secure and global internet – the "Declaration for the future of the Internet". This declaration is intended to promote connectivity, democracy, peace, human rights, the rule of law and sustainable development. In a nutshell, the document reflects how democratic countries should deal with and govern the internet. But does that mean that the internet is about to undergo a major upheaval? What exactly are the declaration's goals and will undemocratic countries adhere to the principles established?
Click here to find out.
The heavy reliance on passwords as the default mechanism for digital authentication has been known as a major IT security concern for many years now, as human failure is (and probably forever will be) the most common source of error in the world of technology. Consequently, it is hardly surprising that we have seen a multitude of different approaches to establish an easier, faster and more secure method of authentication in recent years.
Arguably the most promising efforts in this regard have come from the FIDO Alliance ("Fast IDentity Online"), which set itself the goal of "solving the world's password problem" and has over 100 industry-leading tech companies within its ranks (e.g. PayPal, Alibaba Group, Apple, Google, Mastercard, Microsoft and Samsung just to name a few).
The FIDO Alliance and the World Wide Web Consortium created a passwordless sign-in standard that aims to replace the familiar username/password combination with so-called "passkeys" stored on-device (e.g. on the user's smartphone) and that can be used for authentication on different websites or applications through interaction with a FIDO-specified API. To ensure a high level of security, the standard relies on asymmetric cryptography.
During the initial registration process, users can choose a convenient form of authentication supported by their device (i.e. face ID, fingerprint scanner, voice recognition, PIN, etc.). After completing registration, users can now verify their identity on various websites and apps simply by doing what they would do dozens of times a day anyway to unlock their phone instead of having to enter their username and password for every login. In theory, the only password they would need to remember is the one for the FIDO platform.
While the protocol has already seen some use in certain Apple, Google and Microsoft products, the recently announced joint commitment of the three industry leaders and the implementation of the FIDO standard across all their platforms could provide a material push for the ubiquitous applicability of the standard. The companies plan to implement the project on a large scale before the end of this year.
Although it remains to be seen how quickly this profound change will find its way into the mainstream, it seems likely that all too well-known password classics like "123456", "qwerty" or "welcome" will finally become a relic of the past, making digital authentication not only more convenient but also more secure.
The Commission has proposed a new EU regulation to prevent and combat child sexual abuse online.
The number of indecent images of children on the internet is reported to have increased by 6,000 % between 2010 and 2020. In 2021 alone, 85m photos and films showing child sexual abuse were reported worldwide. According to a study by Internet Watch Foundation, the Covid pandemic is said to have fuelled this increase enormously (64 % year-on-year).
The Commission's proposal includes a number of measures to combat this problem, some of which have been harshly criticised.
Service providers will be responsible for detecting, reporting and removing child sexual abuse material found on their services, and for detecting and addressing the risk of abuse of their services. They must take proportionate measures to deal with risks and put protection systems in place. In particular, app stores must ensure that children cannot download apps that could expose them to a high risk of solicitation.
Member States must designate national authorities responsible for reviewing the risk assessment. National authorities can order the removal of child sexual abuse content.
A new EU Child Sexual Abuse Centre will provide not only certain support services to victims but also support service providers by acting as a centre of expertise, providing reliable information on identified material, receiving and analysing reports from providers and quickly forwarding relevant reports to law enforcement authorities.
To combat the spread of depictions of sexualised violence against children, messenger providers such as WhatsApp, Signal and Telegram as well as host providers are to be obliged to actively search for abusive material. It is up to the service providers to decide which technical measures they will use to search the chat content, e.g. to look for indications of grooming.
The problem with the planned chat control is that it would de facto undermine the end-to-end encryption (protects messages only during transport) of digital communication. Once such a system is implemented, it could be used for other purposes in the future. We are curious how data protection organisations will react to this.
However, the European Parliament and the Council would still have to approve this proposal for it to come into force in this version. We assume that some changes will be made to the current version. The proposal is available here.
Like many EU Member States, the European Commission is developing its own electronic identity service called eID. The eID will be operated based on a European blockchain called the "European Blockchain Services Infrastructure" (EBSI), a joint initiative of the European Commission and the Member States' European Blockchain Partnership.
EBSI is not based on the "proof of work" process due to its inherent high energy consumption. Instead, EBSI relies on a variant of the "proof of stake" process, the so-called "proof of authority". This variant is not based on tokens, but on an identity certified by an official body. The vision is to leverage blockchain to accelerate the creation of cross-border services for public administrations and their ecosystems, to verify information and to make services more trustworthy.
The eID will only be one of several use cases of EBSI, as it is currently planned to implement cross-border verification of educational credentials and cross-border verification of social security coverage of posted workers, to create trusted digital audit trails, to automate compliance checks – for example in time-sensitive processes – and to prove data integrity.
Every year, AIT Austrian Institute of Technology GmbH issues the Austrian Startup Monitor (AMS) to give an overview of the Austrian start-up scene. At the end of April, three ministries and the Austrian Chamber of Commerce sent out invitations to the presentation of the AMS 2021 edition. We would like to share some key facts from the AMS 2021 in our newsletter:
Maximilian
Czernin
Associate
austria vienna