Cybersecurity

Cybersecurity

Data is a valuable commodity in many organisations. We help you handle data in a compliant manner and protect it from misuse.

The legal requirements for cybersecurity are scattered across different regulations. The European Union is introducing a growing number of sector-specific regulations on information security requirements, such as DORA, NIS2, CRA and CER. We can help you identify the provisions that apply to your specific business and explain what they mean in practice. We speak the same language as ICT professionals. Several of our legal experts are also computer science graduates.

In addition to day-to-day advice, we can help you with a range of incidents. Data systems are vulnerable to disruptions and outside threats. In emergencies, the statutory and contractual obligations relating to data and personal data must be fulfilled in order to mitigate risks and safeguard your business’s ability to operate as effectively as possible. Our experts are experienced at resolving a wide range of disruptions, whether they originate from inside or outside the company.

Latest references

The Finnish Ministry of Foreign Affairs – A precedent setting cyber security incident court case
The Finnish Supreme Administrative Court has handed down decision KHO 2024:115 on balancing data protection and national security interests in cyber security incidents. We acted for the Finnish Ministry of Foreign Affairs in this precedent setting case, in which the Supreme Administrative Court agreed with our client’ core submissions and decided to overturn key parts of a data protection authority decision against our client. The court held that the Ministry had acted lawfully when taking a bit of time between discovering information about a cyber incident concerning certain diplomats and notifying all potentially affected people. The key point of principle for our client was the extent to which Article 34 of the GDPR requires such (essentially public) notifications when foreign policy and national security might require a more discrete initial approach. The court’s reasoning is important: since Finland has voluntarily, but not unreservedly, extended the scope of the GDPR to also cover foreign policy and national security, the primacy of EU law does not apply in that extended context. Thus, more specific local Finnish rules on freedom of information/confidentiality in these areas override the general Article 34 notification obligation (under the classic lex specialis derogat legi generali rule), even absent express statutory carve-outs to Article 34. Had Article 34 applied as a matter of EU law, the outcome could have been different, since the GDPR, under primacy, would override all local Finnish rules, irrespective of whether they are lex specialis or not. It’s important to understand why, and on what basis, an EU law applies to any given situation, since this could affect the principles of interpretation so much that the outcome changes significantly. The court did, however, hold that the Ministry will need to notify the DPA itself within the customary deadlines, since the DPA under Finnish law has the right to receive information confidentiality rules notwithstanding. We hope this outcome will contribute to authorities dealing with foreign policy and national security being able to balance all relevant interests going forward. Read the decision in Finnish or in Swedish .
Case published 15.11.2024
Urban Partners – Financing of EUR 100 million construction project in Herttoniemi, Helsinki
We advised the real estate investor and developer Urban Partners in the financing of a EUR 100 million construction project in Helsinki, which combines build-to-rent housing and care homes within one scheme.  A fund managed by Urban Partners (NSF V) purchased the plot of land in Herttoniemi, Helsinki and subsequently secured planning consent to deliver a hybrid living scheme. The modern complex will offer high-quality housing and care facilities for the elderly alongside rental accommodation. A total of 425 apartments and 108 care homes will be delivered across four buildings on the site.  The project will be implemented in accordance with Urban Partners’ sustainability targets. All buildings will be constructed to energy class A, and the project will aim for the highest Platinum level of the international LEED environmental certification and will be implemented in accordance with the EU taxonomy criteria.
Case published 5.1.2026
Citycon – Sale of a 275-apartment residential portfolio
We assisted Citycon Oyj in the sale of the Lippulaiva residential assets in Espoo, Finland. The sold residential assets consist of 275 apartments totaling approximately 13,000 sqm, located in connection to Citycon’s Lippulaiva shopping centre. The assets were sold at their latest IFRS book value for a gross purchase price of EUR 61.5 million.
Case published 19.12.2025
S-Bank – Issuance of EUR 150 million SNP notes and tender offer for notes maturing in 2026
We advised S-Bank Plc in its issuance of a EUR 150 million Senior Non-Preferred Notes and on the tender offer of its EUR 150 million Senior Preferred MREL Eligible Notes maturing in 2026. The tender offer required prior approval from the Finnish Financial Stability Authority based on the Commission’s regulatory technical standards (EU) 2023/827. The Stability Authority granted S-Bank a permission for repurchases of the notes. Based on the permission, S-Bank replaced the notes with own funds or eligible liabilities instruments of equal or higher quality at terms that are sustainable for the income capacity of S-Bank. According to the final tender offer results published on 10 December 2025, S-Bank repurchased a total of EUR 97.9 million of the notes. The new notes will pay a floating interest rate, which is determined based on 3-month Euribor added with a margin of 1.35 per cent. The notes were issued on 11 December 2025 and listed on Nasdaq Helsinki Ltd. The maturity date of the notes is 11 December 2029. The purpose of the issue was to meet the minimum requirement for own funds and eligible liabilities (MREL) and to finance the bank’s activities.
Case published 18.12.2025
All cases

Latest insights

Article published 16.12.2025 – Environment, Energy & Green Transition Parliament approves substantial increases in tax on mined minerals
Tarja Pirinen
Mikko Alakare
Noora Ahonen

Tarja Pirinen, Mikko Alakare & Noora Ahonen

 Article published 11.12.2025 – Venture Capital & Minority Investments SAFE financing explained: Why it’s complicated under Finnish law
Karlo Siirala
Vesa Rasinaho

Karlo Siirala & Vesa Rasinaho

 Article published 2.12.2025 – Competition & Procurement Sustainable Procurement: Legislative requirements and practical challenges
Laura Vuorinen
Johanna Lähde

Laura Vuorinen & Johanna Lähde

 Article published 25.11.2025 – Equity Capital Markets The IPO window is open – How to identify the right time for listing?
Karin Hentunen
Sakari Sedbom

Karin Hentunen & Sakari Sedbom
Insights