Overview
IT law and technology law are critical for businesses in the digital age. Whether you’re a tech company developing software, a business implementing IT systems, or an organization handling data privacy compliance, specialized legal guidance protects your innovations and ensures regulatory compliance.
At Law & More, we advise tech companies, startups, and businesses on all aspects of IT law, cybersecurity, and digital compliance. Located in the Brainport Eindhoven tech ecosystem, we work extensively with software companies, SaaS providers, hardware manufacturers, and digital innovators. Our IT lawyers combine technical understanding with legal expertise to protect your business in the digital landscape.
Need Expert Advice?
Our corporate law specialists are ready to help. Get personalized legal guidance today.
Quick Navigation
Latest Insights
IT Law Articles
When businesses operate across international borders, disagreements can arise over contracts, payments, or performance obligations.
Data breaches happen every day in the Netherlands. When they do, someone must take responsibility.
When an AI system makes a biased decision in hiring, credit scoring, or even compliance
What We Do
Software licensing and SaaS agreements
GDPR compliance and data protection
Privacy policies and data processing agreements
IT contracts and vendor agreements
Cybersecurity and data breach response
Intellectual property and source code protection
Cloud computing agreements
E-commerce and online platform regulation
AI and emerging technology law
Technology disputes and liability
Why Choose Law & More
Deep expertise in tech industry and digital business models
Located in Brainport Eindhoven tech ecosystem
Practical understanding of software development and IT operations
Experience with startups, scale-ups, and enterprise clients
Multilingual service for international tech companies
Key Legal Terms
Important terminology explained in plain language
GDPR (General Data Protection Regulation)
EU-wide regulation governing personal data processing, effective since May 2018. Applies to any organization processing personal data of EU residents, regardless of the organization's location. Key principles: lawful basis for processing, purpose limitation, data minimization, accuracy, storage limitation, security, and accountability. Requires transparency (privacy policies), enabling data subject rights (access, rectification, erasure, portability), Data Protection Impact Assessments for high-risk processing, and appointing a Data Protection Officer in certain cases. Breaches must be reported to supervisory authorities within 72 hours. Fines can reach €20 million or 4% of global annual turnover. Enforced by national Data Protection Authorities - in Netherlands, the Autoriteit Persoonsgegevens.
SaaS Agreement (Software as a Service)
Cloud-based software delivery model where customers access applications via the internet on a subscription basis rather than purchasing and installing software locally. SaaS agreements must address: service levels (uptime guarantees, support response times), data ownership and portability (customer retains ownership, can export data), security measures and certifications, functionality and updates, scalability, integration capabilities, termination and transition assistance, and pricing model. Critical differences from traditional licenses: customer doesn't own the software, vendor controls infrastructure and updates, data resides with vendor, and the relationship is ongoing rather than one-time. Common issues: service interruptions, data breaches, vendor lock-in, compliance with customer security requirements. Well-structured SaaS agreements balance vendor's need for operational flexibility with customer's need for reliability and data protection.
Data Processing Agreement (DPA)
Required contract under GDPR between a data controller and data processor governing how personal data will be processed. When you hire a vendor to process data on your behalf (e.g., cloud storage, email marketing, payroll services), you're the controller and they're the processor. The DPA must specify: subject matter and duration of processing, nature and purpose of processing, types of personal data and data subjects, controller's rights and obligations, and processor's obligations. Processors must: follow controller's instructions, implement appropriate security, only use approved sub-processors, assist with data subject requests and breach notifications, delete or return data when services end, and demonstrate compliance. Without a proper DPA, both parties risk GDPR violations. Standard processor terms often favor the vendor - controllers should negotiate protections aligned with their risk profile and regulatory obligations.
Source Code Escrow
Arrangement where a software vendor deposits source code with a neutral third party (escrow agent), which releases it to the customer if specified trigger events occur (vendor bankruptcy, failure to maintain software, breach of contract). Protects customers who depend on proprietary software from being stranded if the vendor can't support the product. The escrow agreement defines: what materials are deposited (source code, build instructions, documentation), deposit frequency (each major release), verification procedures (does the code actually compile?), and release conditions. Common in enterprise software deals, especially for mission-critical systems. Costs typically €2,000-€10,000 annually. Vendors resist escrow as it adds administrative burden and potentially exposes IP, but it's often necessary to close enterprise deals. Not a complete solution - even with source code, customers may lack expertise to maintain complex software. Alternatives include mandatory support terms and operational guarantees.
AI Act (EU Artificial Intelligence Act)
Comprehensive EU regulation for artificial intelligence systems, phasing in from 2025-2027. Creates risk-based framework: prohibited AI (social scoring, real-time biometric surveillance), high-risk AI (employment tools, credit scoring, critical infrastructure - requires conformity assessment, registration, ongoing monitoring), limited-risk AI (chatbots, deepfakes - transparency requirements only), minimal-risk AI (most applications - no specific rules). High-risk systems must meet requirements for: data quality, technical documentation, transparency, human oversight, accuracy, cybersecurity, and risk management. General-purpose AI models face additional obligations. Enforcement through national authorities with fines up to €35 million or 7% of global turnover. Applies to providers placing AI in EU market and users of high-risk systems in EU. Significant compliance burden for developers but provides legal certainty. International companies serving EU customers must comply.
eIDAS (Electronic Identification and Trust Services)
EU regulation establishing legal framework for electronic signatures, seals, timestamps, and other trust services across member states. Recognizes three signature levels: simple (any electronic indication of approval), advanced (uniquely linked to signatory, identifies them, created using secure means under sole control), and qualified (advanced signature with qualified certificate and secure device, legally equivalent to handwritten). Qualified trust service providers must meet strict security and audit requirements. E-signatures from one EU country must be recognized in all others. For contracts, simple signatures generally suffice; qualified required only for specific legal acts. Enables paperless transactions while maintaining security and legal certainty. Netherlands implemented through Electronic Signatures Act. Critical for digital economy and remote business. Replaced earlier E-Signatures Directive with more comprehensive framework.
Intellectual Property Assignment
Transfer of intellectual property rights from creator to another party. In Dutch law, IP rights don't automatically transfer - employment creates exception where employers own employee work product, but contractors retain rights unless contract explicitly assigns them. Written assignment must be clear and comprehensive: "assigns all right, title and interest in and to [defined work product], including all copyrights, patents, trademarks, trade secrets, and related rights." Assignments can be immediate or upon payment. Moral rights (attribution, integrity) generally can't be transferred in Netherlands but can be waived. Important to specify: what's being assigned (specific code, all work product, future improvements?), scope (worldwide? specific fields of use?), and consideration (payment, equity, other value exchange). Without proper assignment, companies may not own what they think they paid for. Essential in software development, content creation, and any commissioned creative work.
Have Questions About IT Law?
Our experienced lawyers are ready to help. Schedule a consultation to discuss your specific situation.
