Archive for Post

  1. Post

    Law and Hospitality in Russia: Know Your ABCs

    Development of new hotels is substantially driven by international social, political, cultural and sport events, such as the FIFA World Cup, which will be hosted in 2018 by 11 Russian cities. Such an expansion requires solid legal support by experts who are well experienced in hotel deals. This post highlights the legal ‘ABCs’ for the industry. Legal Structures for Hotel Operations In most cases, operating a hotel in Russia involves the following basic legal structures: (1) operating your own hotel, (2) franchising, (3) management, or (4) lease. The first option is rather a traditional model in which the hotels are operated by the owners of their immovable and movable property. Russia still has many old-fashioned, Soviet-style hotels (some of them more or less renovated) or small, often family-owned guest houses that operate in this way. However, this option is not common for international hotel brands, which prefer contractual relationships with the hotel owners. Franchising Franchise agreements enable the owners (franchisees) to operate their hotels using the brands, trademarks, know-how and reputation of well-known international hotel chains. The brand holders (franchisors) are not involved in the day-to-day business of the hotels; their role is mostly limited to the promotion of the hotels by means of advertising and worldwide booking systems, supervision of the hotels’ compliance with brand standards and collection of royalties for the use of their trademarks. Management Under the management model, the hotel owners entrust all day-to-day activities to the operators (managers) and pay them a management fee. As a rule, the amount of the fee depends on the business results of the manager, which are often evaluated in comparison to other hotels of the same level in the same area. The manager operates the hotel on behalf of the owner, and most of the personnel are employed by the owner. Management agreements are normally entered into in combination with trademark license agreements, international booking and marketing services agreements and, sometimes, with other technical or advisory services agreements. As the hotel management agreement model has been brought to Russia from common law jurisdictions, proper localisation is very important for the successful operation of the hotel. Lease While the parties’ relationships under franchise or management agreements are purely contractual, the lease option also involves the transfer of rights to real estate. There are two types of lease agreements available to the hotel operators: (a) lease of the hotel building or premises, and (b) lease of the enterprise. The second option means that the lessee takes over the hotel real estate together with all the related fixed assets, including FF&E (furniture, fixtures and equipment), other supplies, as well as proprietary, IP and other rights and liabilities associated with the hotel. Enterprise lease agreements enable the lessees to allocate operational losses to the hotel owners, which often makes this model more attractive to operators than a simple real estate lease. Information on the lease is recorded in the public real estate register. Certain premises in the hotel can be further subleased to third party tenants (shops, restaurants, spas, etc.).   International hotel operators select the legal structure on a case-by-case basis depending on the brand, category of the hotel and the owner’s business model. For example, among Marriott hotels in Moscow, there are franchised, managed and leased hotels (like the recently opened ‘flagship’ hotel on Novy Arbat street). But whatever contractual model applies, agreements between hotel owners and operators are very industry-specific and full of terms that are unique to the hospitality business. Lawyers advising hotel owners or operators must be well experienced and reputable within the industry, which sometimes makes selection of legal advisors in Russia a difficult task for hoteliers. 

    Published: 29.1.2018
  2. Post

    Assessing the Value of IP Always Pays Dividends in M&A

    As a prospective buyer, you should always make sure that the target company's intellectual property is included in the scope of the due diligence review. IP due diligence is particularly important when the buyer is not familiar with the market or industry of the target company. A proper review will enable you to make an informed decision, as the value of IP could have a major impact on the valuation of the entire target. Financiers also tend to be very interested in whether the company they are funding can mitigate the risks and avoid business interruptions that could be caused by, for example, a missing licence or a competitor's infringement claim. To help you avoid some of the worst IP pitfalls, we have put together a list of six key issues for a buyer to focus on when preparing a deal. 1. What IP Does the Target Company Have? 2. Is the Target Company's IP Sufficiently Protected? 3. Who Owns the Target Company's IP? 4. Has the Transfer of IP Been Sufficiently Secured? 5. Is the Target Company Infringing Any IP? 6. Does the Target Company Use Open Source in Its Products? Answering these questions will help you form a good picture of the risks related to your target company's IP. When you know exactly what you are buying, what the target company's IP portfolio contains and what the strengths and weaknesses of its IP protection are, you will have a solid base of information to bring with you to the negotiating table. 

    Published: 25.1.2018
  3. Post

    Reinventing Interaction With Business Law Firms

    The Best Client Experience – Digitised Legal advisory will always be the core value of business law services, but the way services are delivered will change.  To meet client expectations in a new digital world, we have to actively explore the opportunities technology is providing. Setting Up The Challenge We wanted the participants of our Legal Tech track and challenge ‘ Accessing the Law ’ to help us reinvent how clients interact with law firms and access the law. We provided the hackers with three examples of areas they could focus on to ensure an interesting hack. In the first area, we asked the hackers to find a solution for both clients and lawyers to track the progress of a project. In the second area, we encouraged the hackers to create a solution that provides a price estimate for a project. The third possible area to focus on was to create a solution to gather the information needed to run a legal project successfully. In addition to these three areas, we encouraged the hackers to be brave and think outside the box to improve our client experience. The Clients’ Journey As we were preparing for Junction, it became clear that defining and communicating the scope of the challenge was no easy task. We wanted the guidelines to help the hackers get onto the right track, but not stifle them or discourage them from bringing new ideas to the table. Given that our hackers were not necessarily familiar with the legal field, we decided to provide few examples of typical client interactions that take place during a legal assignment. We used the picture below to communicate our challenge to the hackers. We felt that any one of these examples could benefit from a hack and were happy to see our hackers tackle many of them. Experiencing Groundbreaking Innovation As a first timer at a Hackathon, we didn’t know what to expect. It felt as if we were taking a leap into the unknown, which is always exciting. On the flip side, we weren’t sure what the hackers would think of our challenge. At first, it seemed as if they weren’t very interested in our track. Luckily, this turned out not to be the case—quite the opposite actually. Our track was fully booked with over 40 participants. It was amazing to watch the teams work and admire how they radiated energy and innovativeness. It is difficult to describe the atmosphere at the venue over the weekend. Everyone should have a chance to experience something similar. The thing that impressed us the most during these two days were the people—their motivation and talent. None of us had experienced this kind of innovation event before. Teamwork Junction was concrete proof of the power of teamwork. In this case, this applied not only to the competing teams, but to us as well. We brought a team of our own people and people from our business partners Talent Base, CSI Helsinki, Arc Technology and Taival to support the participants and give them the best shot to succeed in our challenge. We were so happy to see the seamless collaboration between lawyers, business service experts and our business partners’ experts. Everyone’s expertise was put to good use over the weekend, and we also received excellent feedback both from the teams and Junction’s organisers. And The Winner Is? The demos started with a demo expo in which every team had the opportunity to present their project to a larger audience and get feedback to encourage them to develop their ideas further. Every track chose their own judges who picked the winners of the track. The Legal Tech track judge team consisted of Pia Ek and Heikki Ilvessalo from our firm as well as Asko Relas (Talent Base) and Reko Lehti (Taival). The judges went from table to table to listen to each team. Each team had to demo their project in a maximum of four minutes, after which the judges had two minutes for questions.    Photo: Juha Nurmela We have to admit that it was very hard to choose the winner from the twelve amazing solutions presented to us. In the end, we chose the team ‘ Discover ’ as the winner of the Legal Tech track.  The team’s solution redefined interaction between lawyer and client in a unique way. The goal of the solution is to connect lawyers and clients using an intuitive and forward-thinking interface, including document management, time management and project budgeting, where transparency is of utmost importance. The tied second best teams ‘Legal Timer’ and ‘Lexio’ chose to create a solution for price estimates. Legal Timer’s solution uses machine learning to analyse the data from our ERP system to create a quick price estimate in place of time-consuming manual assessment. The solution uses intuitive visualisation, is easy to use and can be integrated into our existing CRM system. Lexio’s solution provides a price estimate of the probable cost of an assignment. The service also uses ERP data to provide insight on how much the client can expect to spend according to the total costs of similar cases. Lexio’s solution gives the lawyer a starting point for pricing the case and provides an easy to use interface to send the estimate to the client. We look forward to having interesting follow-up discussions with the winning teams. You can explore all the solutions from here . Designing the Best Client Experience We have already started to discuss the results of Junction with our experts and clients to identify the value of the new ideas in terms of improved client experience. As our client or business partner, we would like to invite you to help us focus our development initiatives. Feel free to contact us for further information on the Junction challenge and the lessons we learned from it or contact your favorite lawyer to start a dialogue on how we can improve our client experience.

    Published: 7.12.2017
  4. Post

    Caught between Sanctions and Data Protection— What is a Company to Do?

    Many companies have found themselves in an awkward position with respect to compliance with trade sanctions and data protection legislation. Specifically, I’m talking about US trade sanctions, which companies operating in the EU are not generally obligated to comply with under EU or national law. However, the US has set such a wide scope of application for the sanctions that even if a foreign company has only the slightest link to the US, it may find itself subject to the regulations set in the sanctions. A company is typically subject to US sanctions if its parent company is from the US or it has US employees. The serious consequences of violating sanctions are a real source of concern in the international business community. When faced with this risk, many companies have decided it’s better to just comply with the sanctions lists. However, this raises another issue—namely are companies violating privacy and data protection norms by doing so? Swedish Data Protection Authorities Take a Stand In Sweden, it looks like the balance between corporate interests and the rights of individuals is tipping in favour of individuals, in other words, privacy considerations are winning out. GE Healthcare Group applied to the Swedish data protection authority for special permission to comply with US sanctions lists. Following the authority’s negative decision, the matter went to trial, and the court also found that the company had no right to comply with the sanctions listings in question, which were partially deemed to include also sensitive personal data. [1] Both the authority and the court acknowledged that the company had a legitimate interest to comply with the US OFAC sanctions , but this interest was not enough to override the protection of the privacy of the individuals put on the list. Status Unclear in Finland We haven’t yet seen any comparable cases in Finland. In its national legislation, Finland has committed to the UN’s and EU’s sanctions, so complying with the EU’s sanctions list is compulsory for Finnish companies, but Finnish legislation is silent on compliance with US sanctions. The point of departure for Finnish data protection legislation is that compliance with sanctions should be based on Finnish or EU legislation, not US legislation. Even just processing personal data on the basis of US sanctions legislation could, thus, be deemed to be unjustified and constitute a violation of Finnish data protection regulation. Companies Caught in the Cross-Current A quick recap of this regulatory maze is probably in order. Compliance with US sanctions is based only on compliance with US legislation. Through the lens of data protection, the processing of personal data has to be based on proper grounds under Finnish data protection rules, which in the case of sanctions data can be either Finnish or EU legislation. Of course, in the absence of legislative grounds, personal data can also be processed with the explicit consent of the data subject, but this is rarely a practical solution in the case of sanctions checks. Lacking legislative grounds or consent, could there still be a back door that would make compliance with US sanctions possible. Legitimate Interest? The new Data Protection Regulation, which will enter into force in May 2018, will make it possible for companies to process personal data in situations where they have a legitimate interest. [2] This is the argument GE Healthcare Group used in its application for an exceptional permit in Sweden. However, at least in Sweden, the decision was that an individual’s privacy is a weightier interest than a company’s obligation to comply with foreign trade sanctions. This being the case, Finnish companies will not be able to automatically rely on ‘legitimate interest’ being magic words giving them the right to comply with US sanctions. The search for a solution must continue. Statutory Obligation to Identify Business Partners When even legitimate interest is no help, it’s time to go back to assessing legislative grounds and look for a solution in special legislation. The financial sector applies the Act on the Prevention of Money Laundering and Terrorist Financing, which sets an obligation on companies to identify their clients. The Finnish Financial Supervisory Authority also requires the organisations it supervises to comply with US sanctions. This allows financial sector companies to navigate their way out of the conflict described above. However, the vast majority of companies in Finland do not fall within the scope of this act. Where could we find a similar legal route for them? In Search of Solutions For companies that are not subject to the Act on the Prevention of Money Laundering and Terrorist Financing, there is no easy answer at this point, and they will have to keep looking for a way out of the dangerous seas they are in. I would recommend reviewing industry-specific legislation to see if it might provide a solution. The situation would also be made easier by authority guidelines or even a legislative amendment. To Starboard or Port? Finnish and other EU companies have found themselves in a thankless position. As things stand now, they have to choose between limiting their business geographically or possibly violating data protection requirements. Due to the heavy consequences of violating US OFAC sanctions, it is likely that many companies will see breaching data protection rules as the lesser of two evils. However, this state of affairs could be reversed in the near future. The new EU Data Protection Regulation is entering into force next May. It will make it possible for administrative sanctions to be imposed for data protection violations. It would be very important for the authorities to do something to ease the cross-current that companies are facing before May of 2018. [1] Judgement available in Swedish at http://www.kammarrattenistockholm.domstol.se/Domstolar/kammarrattenistockholm/Domar/Domar%202016/Dom%20i%20m%c3%a5l%20nr%203946--3958-15.pdf .

    Published: 20.11.2017
  5. Post

    Circular Economy And Other Environmentally Friendly Solutions Gaining Ground in Public Procurement

    If and when the public sector starts incorporating environmental factors into its procurements, this could have a huge guiding effect on market development.     If the number of new instructions and guidelines are anything to go by, environmentally friendly procurements, which is the category that circular economy procurements fall under, are booming: In addition to the above, Motiva and the public procurement advisory unit have issued many guidelines for environmentally friendly and innovative procurements. The Finnish Innovation Fund Sitra is pioneering the promotion of carbon-neutral circular economy . So, if the public sector is genuinely interested in promoting environmental sustainability, there is no shortage of help. Plenty of Work in Procurement Strategies In order to make strategic procurements, the purchaser has to have a procurement strategy. In 2013, the Finnish State committed to promoting sustainable environmental and energy solutions in its cleantech framework decision . Municipalities still have a lot of work to do in this area. According to a recent study by the Finnish Environment Institute, only every fourth municipality currently sets sustainability goals for procurement.  Fortunately, many large and small municipalities are currently in the process of drafting sustainable procurement strategies. Thus, a great deal of strategy work remains in the field of sustainable procurement. A procurement strategy needs to be linked to the rest of the authority's strategy. Public bodies need to give the parties carrying out procurements a strong mandate to take environmentally friendly solutions into account in procurements. At the moment, the situation is still that procurements are often guided mainly by urgency and the avoidance of risk—including legal risk. Innovation Partnership Supporting Circular Economy Solutions Finland's recently reformed procurement legislation provides new opportunities for developing and implementing innovative elements in public procurement projects. The new Public Procurement Act includes a new process called innovation partnership . In innovation partnerships, the developer of an innovative product, service or form of contract also partners with the contracting authority in the implementation phase. At the same time, the process protects the business secrets of the participating companies and provides them with incentives to develop novel solutions. Innovation partnerships have a lot of potential in the development of circular economy solutions for the public sector. Could Lawyers Help Already When Planning New Operating Models? The application of complex and detailed procurement law calls for people skilled in procurement and often requires multi-disciplinary expertise. It is a good idea to bring lawyers into a major procurement project already in the planning phase instead of waiting until problems have already come up. If your aim is to promote circular economy solutions through public procurement, you have to build the entire process on a solid legal foundation.

    Published: 14.11.2017
  6. Post

    Keeping Your Company’s Most Valuable Assets Safe –New Trade Secrets Act Clarifies Employees’ Responsibilities

    With this in mind, the proposed new Trade Secrets Act is a long overdue and very welcome development. It is based on EU directive 2016/943, and for a more thorough analysis of the proposal and the new act, please see the bulletin written by my colleague Johanna Lähde . A Welcome Clarification to the Status Quo, Not a Revolution The proposed Trade Secrets Act would provide a common definition for what constitutes a trade secret and would connect the provisions that currently regulate and prohibit the wrongful usage of trade secrets. It would also clarify employees’ obligations regarding their employer’s trade secrets. The proposal has received lots of media attention regarding the impact on employees, and has been the subject of intense discussion. One matter that has been debated is the perceived extension of employee obligations that some view as an undue restriction of the employee’s rights. According to the proposal, employees would not only be prohibited from using or disclosing their employer’s trade secrets, but also those of their employers’ business partners and clients. However, this is not as new or revolutionary as it may seem at first glance, and in many ways, this already is the case. First of all, the distinction between who a specific trade secret belongs to is not always clear, and often a client’s trade secrets may constitute trade secrets of the employer company as well. Second, the whole distinction feels rather outdated in today’s world of constant information exchange. In a way, prohibiting an employee from using trade secrets only when they specifically belong to the employer does not exactly protect the employee. Rather, it muddies the waters, and ambiguity never leads to legal security. You could argue that having the concept of trade secret also encompass trade secrets of certain third parties actually enhances the legal security of employees as it makes the matter clearer. Hence, this inclusion seems more like a clarification of the status quo, and to the extent it has not been current practice, it is a long overdue addition. The sometimes grey area between trade secrets and professional knowledge is also unaffected by this, as for the purpose of that distinction, it does not matter who is the de facto owner of a particular trade secret. Another hot topic has been the inclusion of a specific clause allowing employees to disclose trade secrets to their representatives under certain circumstances. This inclusion is also more a matter of codifying established practice and does not seem to either extend or restrict employee rights. Improved Rules for a Complicated Issue Despite the attention and debate surrounding the proposal, its actual effect on employment relationships remains rather limited, and it does little to change the status quo, but it is a welcome statute that would help clarify a rather complicated issue. Irrespective of the changes, it is worth noting that the Employment Contracts Act would still be the primary law in employment relationships, including in relation to trade secrets. However, there is also a proposal to amend the Employment Contracts Act in connection with the enactment of the Trade Secrets Act in order to clarify the relationship between the two. Nevertheless, the new act will definitely serve as a timely reminder of the importance of trade secrets, and the new act’s clearer definition of what trade secrets entail will help companies protect their assets. Still, employers will continue to need separate confidentiality clauses and non-disclosure agreements, especially for employees who are entrusted with and handle trade secrets on a regular basis. Even in cases where the statutory protection would suffice, a separate, well-formulated confidentiality clause may serve not only as a reminder, but provide additional motivation for employees to be more careful, which in turn would mean fewer leaked trade secrets. We should remember that no matter what forms of recourse are available and what sanctions the company has at its disposal, nothing will fix the leakage already done. This is why pre-emptive protection is so important and confidentiality agreements will continue to play their part, only now on a playing field with better defined rules.  

    Published: 6.11.2017
  7. Post

    Work Safety is Everyone’s Concern – Know Your Responsibilities and Act Now

    Over a hundred judgments are issued each year for work safety offences. In addition to corporate fines imposed on companies, work safety offences can carry personal criminal liability for individual employees. Contrary to popular belief, liability may not be limited to the highest levels of the organisation, but can reach from upper management, through middle management all the way to the supervisor level. Once criminal proceedings start, management is often surprised by what the process means not just in terms of financial figures and corporate reputation, but also for the wellbeing of the work community and individual employees—particularly the suspects. A work safety offence occurs when an employer or representative of an employer intentionally or negligently violates work safety regulations. Insufficient commitment to managing occupational safety matters in a company in general may also be punishable as an occupational safety offence. Under the Criminal Code of Finland, the employer or employer’s representative is deemed to be the person who is responsible for a particular work safety obligation at a given time. The assessment of the offence takes into account the position, duties and authority of the person in question as well as that person’s part in the development or continuation of a situation contrary to the law. The concept of work safety is commonly linked to factories or construction sites. However, work safety is of key importance in all workplaces regardless of the field of business. Though there may not be many physical risks in the work environment, a safe mental work environment is a work safety perspective that has to be taken into account in every workplace. What to do when the Police Call? What should you do if the police call you in for questioning due to a suspected work safety offence? Go over your company’s strategy internally without delay and make sure you have a knowledgeable attorney to support you. The most important task of an attorney in questioning is to ensure that the suspect does not contribute to their own incrimination. This protection against self-incrimination is one of the foundational principles of criminal law. The attorney has to take an active role both before and during questioning, as having an attorney who just sits passively through the interrogation will not ensure that this principle is realised. It is worth preparing carefully for questioning with your attorney. One thing to think about is what to say to the police. Sometimes it best to go into a great deal of detail, while other times it is best to say as little as possible. The key in every case is to understand the core of protection against self-incrimination, which is to not bring up facts that are disadvantageous to you. In questioning, the attorney makes sure that the protection against self-incrimination is realised in every form. As the only concrete product of questioning is the examination record, your attorney’s expertise will also be of great significance when reviewing the record. The record entries are the police officer’s summarised understanding and interpretation of what the questioned party said. The purpose of the review is to make sure that the entries correspond to the questioned party’s statements and that the message is correct both as to its contents and tone. Once the preliminary investigation material is ready, the parties are usually entitled to issue a final statement. As the final statement can take a position on the legal grounds of the case, it is always best to let your attorney write it. Make Work Safety a Priority The police will begin a preliminary investigation if they have reason to suspect an offence has occurred. If the threshold for a preliminary investigation is exceeded, there is no avoiding being contacted by the police, and the criminal proceedings cannot be stopped at the request of the suspect or accused. This is why it is important for companies to diligently and continually make work safety a priority. Upper management can seek to avoid criminal proceedings by creating sufficient prerequisites for work safety, in other words by building a proper work safety organisation and providing sufficient resources for work safety duties as well as for developing and monitoring work safety procedures. Middle and lower management for their part should make sure that work safety measures are implemented every day, for example, by supervising the work environment and safe working methods, by training personnel and by drafting instructions.

    Published: 24.10.2017
  8. Post

    AI Redefining the Practice of Law

    In the future, it will be possible to use AI applications for communication between clients and attorneys as well as for proposing concrete solutions to clients. When used right in companies other than law firms, AI may also be able to help make in-house departments more efficient or even replace an in-house lawyer entirely. Leveraging Automation in Contracts and Reports It is clear that AI will be increasingly put to use in M&A and real estate transactions. As the automation of tables data and even the reports themselves progresses, vendor due diligence reports will likely become the standard beside information memorandums and teaserses. Appendices that are currently only seen in the largest M&A transactions will likely become more common in smaller deals as well, as it will be possible to just check off what appendices you want from a list based on material reviewed by an AI. Reviews carried out by AI applications will become common beyond just M&A and real estate transactions. We are currently in discussions with some of our clients about what other types of cases could benefit from AI. The simplest way to find an answer is to ask what kinds of contracts a company has high volumes of. With these kinds of contracts, a company will often encounter a situation in which the template it has been using has to be changed to reflect a change in legislation, a business decision of the company or a practical risk that has arisen. This would be a situation in which an AI could be unleashed into the mass of similar contracts to find how many of them contain a particular relevant clause. From the perspective of the duty of care of the board of directors, the availability of an AI application could mean that the board would be expected to use AI to identify risks. The fact that the relevant material is too extensive would no longer serve as grounds to base a risk analysis on an estimate rather than a review. What Next? The applications available at the moment are quite advanced, but not yet close to producing fully automated results—a great deal of human work is still needed. So, what can companies and their boards do now to prepare to make use of AI in the future? The foundation for using any AI application is to provide the AI with a mass of digital data. If you don’t already have a digital contract database, now would be the time to establish one. AIs can also certainly improve the efficiency of legal departments. AIs only need to be programmed once to perform a certain sequence of tasks and it will have all of the company’s written data at its disposal. The next stage is seeing how AI will change traditional communication between lawyers and their clients. When will we have a legal AI system that works like the AI developed by Duodecim for patient data systems A system like that would read the documentation provided by the client, provide direct links to legal literature, laws and government services and recommend ‘current care guidelines’ for the client’s problem. As electronic channels are used for the majority communication in client relationships, it is only natural that it will matter less and less whether you are communicating with a human or a machine. Of course, machines will not be able to replace humans in more complex problems any time soon. This is both due to machines lacking the ability of abstract though and to the fact that these kinds of assignments are often the most attractive to lawyers—no one is looking to get rid of them.

    Published: 23.10.2017
  9. Post

    Adopting Robotic Process Automation – Five Things to Keep in Mind in the Procurement Contract

    RPA is well suited, for example, to invoice and payment data processing in financial administration or to customer feedback processing and management. I have listed five things for companies to keep in mind when drafting an RPA procurement contract. Make Sure RPA is Compatible with Your other Software RPA functions by making use of the software you are already using in your company. This means that you have to make sure that the licence terms and conditions of the software you are using do not prohibit or restrict the use of RPA. You should add a clause to the procurement agreement stating that RPA is compatible with the software in use by your company. Agree on Liability It is critical to make sure that the procurement agreement sets out liability issues in case RPA does not perform as expected and produces incorrect results. It is particularly important to agree on liability issues if you are using RPA to replace key business functions. The compatibility issues mentioned above also relate to liability, in other words, it is important for the parties to agree on how to respond to potential infringement claims with respect to third-party software.  Prepare for Changes When the software being used by a company is changed, updated or replaced, the need to change the functioning principles of any RPA in use must also be assessed. In order to make sure that your RPA keeps functioning, the procurement agreement should include clauses on reconfiguring the RPA command rules due to changes in the company’s software and IT-systems.  Support and Maintenance In addition to preparing for change situations, you need to agree on the response and repair times for RPA defects. It is a good idea to agree on an alternative process to immediately replace RPA if it does not function as expected in a key business task in order to prevent business interruptions. One option is for the company itself to prepare a backup plan and implement it, for example, by maintaining its employees’ expertise with respect to the automated processes.  Prepare for Changes to Licence Metrics The successful adoption on a RPA could affect the number of software licences used by a company. Successfully implementing RPA could lead to a reduced requirement for ERP or CRM licences. If RPA has replaced employee input, you will need to agree on changes to licence numbers with third-party software providers.

    Published: 26.9.2017
  10. Post

    What Should Businesses Know About Russia’s New VPN Law?

    Not surprisingly, the new rules may jeopardize the use of corporate VPN connections of international companies. How can a business keep its VPN running even if Russian employees want to see more than they are allowed to by the state? Corporate VPNs Feared to be a Backdoor to Illegal Content There are several types of online content that are illegal and subject to ban in Russia.  They include, among other things, war and suicide propaganda and extremist materialsBanning procedures vary depending on the nature of the illegal information, but the result is always the same – access restriction to a relevant website. The Russian Federal Service for Supervision of Communications, Information Technology and Mass Media ( Roskomnadzor ) keeps records of websites and their network addresses and demands that website owners and hosting providers ban illegal content. If they fail to do so, all Russian Internet service providers (ISPs) will be required to block users’ access to the forbidden content. That is why the ban can be easily bypassed if users access a website through a non-Russian ISP. Here is where online VPN services step into the breach and assist Russians in moving Internet traffic through exit nodes beyond Russian borders. Corporate VPNs work in the same way, but for a different purpose, as they help establish secured connections between all parts of a corporate network. In the meantime, Russia-based employees of international companies may enjoy uncensored Internet via their corporate computers. New Rules to Prevent Access to Illegal Content On 29 July 2017 the Russian President signed amendments to the IT Law [1]  introducing the following rule:  owners of information and telecommunications networks and/or information resources (Internet websites and webpages, information systems and computer programs) that are used to provide access to information resources and information and telecommunications networks banned in Russia, are prohibited from allowing the resources and networks they own to be used in such a way as to allow access to banned resources and networks in of Russia (the Prohibition ). The law touches upon both online VPN services intended for private users and business solutions such as corporate VPN clients. According to the amendments, an ‘owner of information and telecommunications networks and/or information resources’ (i.e., a VPN owner) will have to connect to the federal state information system which contains a list of information resources and networks access to which is restricted in Russia (the State Database ). The State Database will be maintained by Roskomnadzor and will filter all censored content. In case of non-compliance, Roskomnadzor may deny access to VPN through Russian ISPs. As of today, the Prohibition is primarily targeting publicly available VPNs, but corporate networks also fall under the Prohibition according to its literal reading. For this reason, the amendments provide for two exceptional cases. Exceptions to VPN Restrictions The Prohibition will not apply to state and/or municipal networks and also will not apply in situations where two conditions are fulfilled: (a)    the users of the VPN that allows access to illegal content banned in Russia are predetermined and (b)    VPN is used for technological purposes of supporting operations of the person using it. The law does not elaborate on these two conditions which leaves them open for interpretation. At this point, it is clear that a VPN owner should list all Russia-based employees using the VPN in order to meet the first condition. According to a common business practice in Russia, the list should be prepared in writing and adopted by the CEO of the company. However, determining which company needs to prepare the list in a group of companies may prove to be difficult. The Russian IT Law knows no distinction between the parent company, which usually owns the VPN tools, and its subsidiaries and affiliates, the employees of which use the corporate VPN. Another thing to consider is guest networks which may share the same VPN connection with corporate networks. If that is the case, the company should keep a record of visitors using the guest network to comply with the requirements of the Prohibition. As to the second condition, the actual scope and limits of ‘technological purposes’ seem unclear. The company should somehow ensure that its Russia-based employees do not use the VPN for any purpose other than the ‘technological purposes’. It is also uncertain whether the ‘person using’ the VPN (as specified in the original legal text of the amendments) means the employee or the company. Whatever ‘technological purposes’ are they surely do not include personal needs of the staff. International Companies Should Prohibit Personal Use of VPNs Based on Russian business practice, the most feasible approach for Russian subsidiaries of international companies is to amend the local IT policies or release a separate VPN policy prohibiting any personal use of the VPN and corporate computer systems connected with VPN as well as any other use aiming at bypassing local (Russian) laws.  Such policies must be amended/adopted in a formal procedure according to the Labour Code of the Russian Federation. It will be clear whether or not these measures are sufficient only after the amendments enter into legal force and Roskomnadzor begins their enforcement. That is why we should keep an eye on Roskomandzor’s next steps regarding the Prohibition. [1] Federal Law No. 276-ФЗ On Amendments to the Federal Law  On Information, Information Technology and Protection of Information dated 29 July 2017

    Published: 21.9.2017