Cybersecurity

Cybersecurity

Data is a valuable commodity in many organisations. We help you handle data in a compliant manner and protect it from misuse.

The legal requirements for cybersecurity are scattered across different regulations. The European Union is introducing a growing number of sector-specific regulations on information security requirements, such as DORA, NIS2, CRA and CER. We can help you identify the provisions that apply to your specific business and explain what they mean in practice. We speak the same language as ICT professionals. Several of our legal experts are also computer science graduates.

In addition to day-to-day advice, we can help you with a range of incidents. Data systems are vulnerable to disruptions and outside threats. In emergencies, the statutory and contractual obligations relating to data and personal data must be fulfilled in order to mitigate risks and safeguard your business’s ability to operate as effectively as possible. Our experts are experienced at resolving a wide range of disruptions, whether they originate from inside or outside the company.

Latest references

The Finnish Ministry of Foreign Affairs – A precedent setting cyber security incident court case
The Finnish Supreme Administrative Court has handed down decision KHO 2024:115 on balancing data protection and national security interests in cyber security incidents. We acted for the Finnish Ministry of Foreign Affairs in this precedent setting case, in which the Supreme Administrative Court agreed with our client’ core submissions and decided to overturn key parts of a data protection authority decision against our client. The court held that the Ministry had acted lawfully when taking a bit of time between discovering information about a cyber incident concerning certain diplomats and notifying all potentially affected people. The key point of principle for our client was the extent to which Article 34 of the GDPR requires such (essentially public) notifications when foreign policy and national security might require a more discrete initial approach. The court’s reasoning is important: since Finland has voluntarily, but not unreservedly, extended the scope of the GDPR to also cover foreign policy and national security, the primacy of EU law does not apply in that extended context. Thus, more specific local Finnish rules on freedom of information/confidentiality in these areas override the general Article 34 notification obligation (under the classic lex specialis derogat legi generali rule), even absent express statutory carve-outs to Article 34. Had Article 34 applied as a matter of EU law, the outcome could have been different, since the GDPR, under primacy, would override all local Finnish rules, irrespective of whether they are lex specialis or not. It’s important to understand why, and on what basis, an EU law applies to any given situation, since this could affect the principles of interpretation so much that the outcome changes significantly. The court did, however, hold that the Ministry will need to notify the DPA itself within the customary deadlines, since the DPA under Finnish law has the right to receive information confidentiality rules notwithstanding. We hope this outcome will contribute to authorities dealing with foreign policy and national security being able to balance all relevant interests going forward. Read the decision in Finnish or in Swedish .
Case published 15.11.2024
Lenders to ICEYE – EUR 300 million revolving credit facility for ICEYE
We advised an international bank syndicate in a EUR 300 million revolving credit facility (RCF) for ICEYE, the world leader in sovereign intelligence from space. The bank-syndicate comprised Nordic and global banks, with Citi and Danske Bank acting as Joint Global Coordinators and Mandated Lead Arrangers. The RCF will support the issuance of guarantees for customer contracts, enable continued business growth, and serve as a liquidity backstop. 
Case published 21.5.2026
Terrieri Kiinteistöt, A. Ahlström Kiinteistöt and S-Bank Building Plot non-UCITS Fund – Sale of a production and logistics property
We are advising Terrieri Kiinteistöt Ky and A. Ahlström Kiinteistöt Oy in the sale of a modern production and logistics building complex to Swedish property investment company Catena AB. We are also assisting S-Bank Building Plot non-UCITS Fund which in connection with the transaction, has agreed to sell the land area where the building complex is located to Catena AB. The building complex located in the immediate vicinity of Helsinki-Vantaa Airport was completed in 2021 and comprises approximately 23,260 square metres of leasable area, fully leased to Cramo Finland Oy. The approximately 140,000-square-metre plot offers additional long-term development potential in the form of approximately 45,000 square metres of additional building rights.
Case published 21.5.2026
Huhtamäki – EUR 300 million bond and tender offer of bond maturing in 2027
We advised Huhtamäki Oyj on its issuance of a EUR 300 million 6-year senior unsecured bond under the EMTN programme and on the tender offer of its EUR 500 million senior unsecured bond maturing in 2027. The new bond bears interest at a fixed rate of 3.875 per cent per annum. Huhtamäki used the net proceeds from the issuance of the new bond for the partial repurchase of its bond maturing in 2027 and for general corporate purposes.
Case published 21.5.2026
All cases

Latest insights

Article published 13.5.2026 – Venture Capital & Minority Investments Newly launched Series Seed 4.0 is a comprehensive standard seed financing documentation for the Finnish market
Jarno Tanhuanpää
Tuomas Honkinen
Jussi Mäkikangas

Jarno Tanhuanpää, Tuomas Honkinen & Jussi Mäkikangas

 Article published 8.5.2026 – Environment, Energy & Green Transition Reform of Finland’s land use legislation – key takeaways for project developers
Tarja Pirinen
Marius af Schultén
Joel Aartolahti

Tarja Pirinen, Marius af Schultén & Joel Aartolahti

 Article published 28.4.2026 – Private M&A Unlocking value in carve-outs – Why integration planning deserves top priority in every carve-out
Benjamin Bade
Maiju Mäkinen
Samuli Salminen

Benjamin Bade, Maiju Mäkinen & Samuli Salminen

 Article published 30.3.2026 – Competition & Procurement Finnish FDI screening under reform — Update following the stakeholder consultation
Kiti Karvinen
Johanna Kyllöinen
Joachim Wik

Kiti Karvinen, Johanna Kyllöinen & Joachim Wik
Insights