Security & Defence - Castrén & Snellman

Security & Defence

The security landscape in Europe has fundamentally changed in recent years. Shifting geopolitical realities and accelerated technological development are creating both new opportunities and new challenges for security and defence operators.

Companies in this field must navigate a highly regulated and rapidly evolving environment. They face increasingly complex compliance requirements, heightened scrutiny around investments and ownership, and growing expectations around ethics and responsible business conduct.

Legal advisor to the security and defence sectors

Castrén & Snellman provides top-tier legal services to domestic and international clients operating in the security and defence industries. Our deep industry knowledge helps clients anticipate legal risks and seize strategic opportunities in a changing world.

We advise both private and public sector organisations across the full corporate lifecycle, from early-stage funding and cross-border structuring to strategic partnerships and regulatory risk management.

Our clients include defence sector authorities, defence tech developers, dual-use manufacturers, critical infrastructure operators, public authorities, institutional investors, banks and venture capital and private equity funds. Many are driving innovation in areas such as space, cybersecurity, AI, connectivity and sustainable technologies.

As the go-to supplier of legal services, we advise security and defence operators, as well as their business partners, on matters such as:

Corporate structuring, ownership and shareholder arrangements
Tax and administrative procedures
Intellectual property rights and protection of innovation
Data, technology, cybersecurity and telecom regulation
Public procurement, security clearances and classified contracts
Strategic commercial contracts: negotiation, drafting and enforcement
M&A and financing transactions
Growth funding rounds and IPOs
Investment screening (FDI), foreign subsidy regulation (FSR) and competition clearance
Ethics & compliance policies, export controls, sanctions and regulatory monitoring
Dispute resolution, criminal procedures and investigations

Castrén & Snellman is a trusted legal partner in matters where national security, regulation and geopolitical complexity intersect. Our legal advice helps safeguard operational continuity, promote responsible growth, and support the strategic resilience of the security and defence ecosystem.

Latest references

Milexia Group – Acquisition of business of Alpha Positron

We advised Milexia Group, a portfolio company of the French PE sponsor Crédit Mutuel Equity, on its acquisition of the activities of Alpha Positron Oy, a Finnish distributor specializing in GPS/GNSS, time and frequency solutions for the electronics industry, process automation, corporate IT, defense, and other demanding markets. Milexia Group is one of the world’s leading European suppliers for high-quality electronic components, systems and scientific instruments technology. It has offices, warehouses and technical centres in France, Italy, Spain, the United Kingdom, Germany, Nordics and Hong Kong. The acquisition aligns with Milexia’s strategy to expand its presence in the Nordic region and enhance its portfolio of communication solutions.

WithSecure – Sale of cyber security consulting business

We advised WithSecure Corporation in the sale of its cybersecurity consulting business to Neqst. WithSecure is a global cyber security company (listed on NASDAQ OMX Helsinki). Neqst is a Swedish investment firm, focusing on technology companies. The closing of the transaction remains subject to customary conditions and regulatory approvals.

The Finnish Ministry of Foreign Affairs – A precedent setting cyber security incident court case

The Finnish Supreme Administrative Court has handed down decision KHO 2024:115 on balancing data protection and national security interests in cyber security incidents. We acted for the Finnish Ministry of Foreign Affairs in this precedent setting case, in which the Supreme Administrative Court agreed with our client’ core submissions and decided to overturn key parts of a data protection authority decision against our client. The court held that the Ministry had acted lawfully when taking a bit of time between discovering information about a cyber incident concerning certain diplomats and notifying all potentially affected people. The key point of principle for our client was the extent to which Article 34 of the GDPR requires such (essentially public) notifications when foreign policy and national security might require a more discrete initial approach. The court’s reasoning is important: since Finland has voluntarily, but not unreservedly, extended the scope of the GDPR to also cover foreign policy and national security, the primacy of EU law does not apply in that extended context. Thus, more specific local Finnish rules on freedom of information/confidentiality in these areas override the general Article 34 notification obligation (under the classic lex specialis derogat legi generali rule), even absent express statutory carve-outs to Article 34. Had Article 34 applied as a matter of EU law, the outcome could have been different, since the GDPR, under primacy, would override all local Finnish rules, irrespective of whether they are lex specialis or not. It’s important to understand why, and on what basis, an EU law applies to any given situation, since this could affect the principles of interpretation so much that the outcome changes significantly. The court did, however, hold that the Ministry will need to notify the DPA itself within the customary deadlines, since the DPA under Finnish law has the right to receive information confidentiality rules notwithstanding. We hope this outcome will contribute to authorities dealing with foreign policy and national security being able to balance all relevant interests going forward. Read the decision in Finnish or in Swedish .

WithSecure – Sale of open source data collection product and business

We advised WithSecure Oyj in the sale of its open source data collection product and business to Patria Oyj. The divested business combining software and services falls outside WithSecure’s current strategy. Through the sale, WithSecure sharpens its focus on the Elements portfolio. WithSecure is a global cyber security company (listed on NASDAQ OMX Helsinki) with more than 35 years of industry experience. WithSecure offers partners flexible commercial models, ensuring mutual success across the dynamic cyber security landscape. Patria is an international company in the defence and security industry offering defence, security and aviation life cycle support services and technology solutions. As a result of the transaction, Patria will open a new office in Oulu and 10 WithSecure experts currently working in the business area will join Patria.

Latest insights

9.7.2025 – FDI Regulatory Service Defence sector investments and acquisitions – key facts about the Finnish FDI regulation

Kiti Karvinen

Markus Rahnu

Kiti Karvinen & Markus Rahnu

25.6.2025 – Tax & Structuring Administrative Court ruling: the Profit Tax Act targeting electricity companies is in conflict with EU law

Janne Juusela

Mikko Alakare

Samuli Tarkiainen

Anette Laitinen

Noora Ahonen

Joakim Nivala

Janne Juusela, Mikko Alakare, Samuli Tarkiainen, Anette Laitinen, Noora Ahonen & Joakim Nivala

18.6.2025 Change brings opportunities for growth

Jarno Tanhuanpää

Jarno Tanhuanpää

21.5.2025 – Banking & Finance Sustainable finance reimagined: What you need to know about the 2025 updates to green, social, and sustainability-linked loan principles

Minna Korhonen

Anna-Sofia Alahuita

Minna Korhonen & Anna-Sofia Alahuita

Search from the site.