Cybersecurity

Cybersecurity

Data is a valuable commodity in many organisations. We help you handle data in a compliant manner and protect it from misuse.

The legal requirements for cybersecurity are scattered across different regulations. The European Union is introducing a growing number of sector-specific regulations on information security requirements, such as DORA, NIS2, CRA and CER. We can help you identify the provisions that apply to your specific business and explain what they mean in practice. We speak the same language as ICT professionals. Several of our legal experts are also computer science graduates.

In addition to day-to-day advice, we can help you with a range of incidents. Data systems are vulnerable to disruptions and outside threats. In emergencies, the statutory and contractual obligations relating to data and personal data must be fulfilled in order to mitigate risks and safeguard your business’s ability to operate as effectively as possible. Our experts are experienced at resolving a wide range of disruptions, whether they originate from inside or outside the company.

Latest references

The Finnish Ministry of Foreign Affairs – A precedent setting cyber security incident court case

The Finnish Supreme Administrative Court has handed down decision KHO 2024:115 on balancing data protection and national security interests in cyber security incidents. We acted for the Finnish Ministry of Foreign Affairs in this precedent setting case, in which the Supreme Administrative Court agreed with our client’ core submissions and decided to overturn key parts of a data protection authority decision against our client. The court held that the Ministry had acted lawfully when taking a bit of time between discovering information about a cyber incident concerning certain diplomats and notifying all potentially affected people. The key point of principle for our client was the extent to which Article 34 of the GDPR requires such (essentially public) notifications when foreign policy and national security might require a more discrete initial approach. The court’s reasoning is important: since Finland has voluntarily, but not unreservedly, extended the scope of the GDPR to also cover foreign policy and national security, the primacy of EU law does not apply in that extended context. Thus, more specific local Finnish rules on freedom of information/confidentiality in these areas override the general Article 34 notification obligation (under the classic lex specialis derogat legi generali rule), even absent express statutory carve-outs to Article 34. Had Article 34 applied as a matter of EU law, the outcome could have been different, since the GDPR, under primacy, would override all local Finnish rules, irrespective of whether they are lex specialis or not. It’s important to understand why, and on what basis, an EU law applies to any given situation, since this could affect the principles of interpretation so much that the outcome changes significantly. The court did, however, hold that the Ministry will need to notify the DPA itself within the customary deadlines, since the DPA under Finnish law has the right to receive information confidentiality rules notwithstanding. We hope this outcome will contribute to authorities dealing with foreign policy and national security being able to balance all relevant interests going forward. Read the decision in Finnish or in Swedish .

DNB Bank ASA – Lease and development of premises

We advised DNB Bank ASA in its agreement with Fennia Mutual Insurance Company on the development and lease of the premises at Fabianinkatu 8, Helsinki. With the lease agreement, DNB Bank ASA will focus all its Finnish operations at the Fabian 8 office. The other tenants at the renewed premises will be DNB Carnegie Investment Bank AB’s Finnish operations and DNB Auto Finance Oy. In connection with the long-term lease agreement, the parties also agreed on a major renovation project to completely refurbish the premises. The object of lease will be completed in the second half of 2027.

Yellow Film Studios – Merger of Yellow Film Studios and REinvent Studios

We advised Yellow Film Studios, the largest independent film and television production company in the Nordics, in its strategic merger with Danish film industry sales and financing studio REinvent Studios. Together they form Reinvent Yellow, a unified hub for television and film production, sales, financing and innovation, combining over three decades of production experience and a vast catalogue of titles.

International reinsurance companies – Ad hoc arbitration proceedings

We successfully represented a panel of reinsurance companies in an international ad hoc arbitration. The dispute arose out of a reinsurance treaty under the terms of which the reinsurers had reinsured a portfolio of risks underwritten by the cedent. The parties disagreed as to whether the reinsurance provided coverage for a certain loss that had occurred because of the market turmoil caused by the Covid-19 pandemic. The case involved highly complex legal and contractual questions requiring special expertise on reinsurance law and practice. The arbitral tribunal rejected the counterparty’s claims for reinsurance compensation against our clients in full. The amount in dispute was approximately EUR 34 million.

Latest insights

2.10.2025 – Environment, Energy & Green Transition Fingrid extends restrictions on new energy storage facility connections in Southern Finland until 2029

Konsta Peussa

Marius af Schultén

Konsta Peussa & Marius af Schultén

12.9.2025 – Capital Markets & Public M&A Surely the preparation of interim reports does not need to be an insider project in the future?

Janne Lauha

Teresa Kauppila

Sakari Sedbom

Janne Lauha, Teresa Kauppila & Sakari Sedbom

9.9.2025 Launching C&S MBA Highlights Programme 9.7.2025 – FDI Regulatory Service Defence sector investments and acquisitions – key facts about the Finnish FDI regulation

Kiti Karvinen

Markus Rahnu

Kiti Karvinen & Markus Rahnu

Search from the site.