Cybersecurity

Cybersecurity

Data is a valuable commodity in many organisations. We help you handle data in a compliant manner and protect it from misuse.

The legal requirements for cybersecurity are scattered across different regulations. The European Union is introducing a growing number of sector-specific regulations on information security requirements, such as DORA, NIS2, CRA and CER. We can help you identify the provisions that apply to your specific business and explain what they mean in practice. We speak the same language as ICT professionals. Several of our legal experts are also computer science graduates.

In addition to day-to-day advice, we can help you with a range of incidents. Data systems are vulnerable to disruptions and outside threats. In emergencies, the statutory and contractual obligations relating to data and personal data must be fulfilled in order to mitigate risks and safeguard your business’s ability to operate as effectively as possible. Our experts are experienced at resolving a wide range of disruptions, whether they originate from inside or outside the company.

Latest references

The Finnish Ministry of Foreign Affairs – A precedent setting cyber security incident court case

The Finnish Supreme Administrative Court has handed down decision KHO 2024:115 on balancing data protection and national security interests in cyber security incidents. We acted for the Finnish Ministry of Foreign Affairs in this precedent setting case, in which the Supreme Administrative Court agreed with our client’ core submissions and decided to overturn key parts of a data protection authority decision against our client. The court held that the Ministry had acted lawfully when taking a bit of time between discovering information about a cyber incident concerning certain diplomats and notifying all potentially affected people. The key point of principle for our client was the extent to which Article 34 of the GDPR requires such (essentially public) notifications when foreign policy and national security might require a more discrete initial approach. The court’s reasoning is important: since Finland has voluntarily, but not unreservedly, extended the scope of the GDPR to also cover foreign policy and national security, the primacy of EU law does not apply in that extended context. Thus, more specific local Finnish rules on freedom of information/confidentiality in these areas override the general Article 34 notification obligation (under the classic lex specialis derogat legi generali rule), even absent express statutory carve-outs to Article 34. Had Article 34 applied as a matter of EU law, the outcome could have been different, since the GDPR, under primacy, would override all local Finnish rules, irrespective of whether they are lex specialis or not. It’s important to understand why, and on what basis, an EU law applies to any given situation, since this could affect the principles of interpretation so much that the outcome changes significantly. The court did, however, hold that the Ministry will need to notify the DPA itself within the customary deadlines, since the DPA under Finnish law has the right to receive information confidentiality rules notwithstanding. We hope this outcome will contribute to authorities dealing with foreign policy and national security being able to balance all relevant interests going forward. Read the decision in Finnish or in Swedish .

Efima – Sale of financial management services business

We advised Efima Oyj on the sale of its financial management services business to Rantalainen as part of its strategic focus on fully concentrating on the delivery of business applications as well as data and AI solutions. As a result of the transaction, customer contracts related to financial management services and 65 experts working in these services will transfer to Rantalainen. The transaction will be carried out as a transfer of business, and the experts will move to the new owner as existing employees. Efima is a Finnish digital company that supports the sustainable growth of large and mid-sized companies by streamlining their business processes and by creating competitive advantage through the innovative use of artificial intelligence and data. The company has nearly 200 experts based in Helsinki and Tampere.

Ugly Duckling Ventures – EUR 6.5 million funding round of Skyfora

We advised lead investor Ugly Duckling Ventures on the EUR 6.5 million funding round of Skyfora. The round also included Eviny Ventures, LUMO Labs and EIC Fund, alongside non-dilutive funding from Business Finland. The investment will support the commercial scale-up of Skyfora’s weather intelligence solutions, the expansion of partnerships with telecom operators, forecasting providers and meteorological institutions, and the continued growth of the team. Skyfora is a Finnish company developing high-resolution weather data solutions using patented technology that extracts atmospheric data from GNSS receivers embedded in existing infrastructure, such as telecom networks. By unlocking previously untapped data sources, Skyfora enables the next generation of AI-driven weather forecasting and supports improved decision-making across weather-sensitive industries. Ugly Duckling Ventures is a Copenhagen-based venture capital firm focused on early-stage Nordic B2B technology companies, with an emphasis on medtech, resilience tech and business services.

castren snellman general atlantic iceye

General Atlantic – ICEYE’s EUR 1 Billion Series F Funding Round

We advised General Atlantic as the lead investor on ICEYE’s EUR 1 billion series F funding round, valuing the company at over EUR 10 billion. ICEYE raised EUR 450 million (USD 520 million) in a primary Series F funding round led by General Atlantic. Additional investors included Solidium, Tesi, Varma, Ilmarinen, Lifeline Ventures, Nokia, Qatar Investment Authority (QIA) and TCV. Together with a secondary placement, the total fundraising exceeds EUR 1 billion. ICEYE is the world leader in sovereign intelligence from space, providing continuous monitoring capabilities to detect and respond to changes in any location on Earth. The company operates the world’s largest and most advanced Synthetic Aperture Radar satellite constellation. General Atlantic is a leading global investor with more than four and a half decades of experience providing capital and strategic support for over 885 companies throughout its history. As of March 31, 2026, General Atlantic manages approximately USD 126 billion in assets across its investment strategies. We advised General Atlantic on this transaction in collaboration with the international law firm Paul, Weiss, Rifkind, Wharton & Garrison.

Latest insights

13.5.2026 – Venture Capital & Minority Investments Newly launched Series Seed 4.0 is a comprehensive standard seed financing documentation for the Finnish market

Jarno Tanhuanpää

Tuomas Honkinen

Jussi Mäkikangas

Jarno Tanhuanpää, Tuomas Honkinen & Jussi Mäkikangas

8.5.2026 – Environment, Energy & Green Transition Reform of Finland’s land use legislation – key takeaways for project developers

Tarja Pirinen

Marius af Schultén

Joel Aartolahti

Tarja Pirinen, Marius af Schultén & Joel Aartolahti

28.4.2026 – Private M&A Unlocking value in carve-outs – Why integration planning deserves top priority in every carve-out

Benjamin Bade

Maiju Mäkinen

Samuli Salminen

Benjamin Bade, Maiju Mäkinen & Samuli Salminen

30.3.2026 – Competition & Procurement Finnish FDI screening under reform — Update following the stakeholder consultation

Kiti Karvinen

Johanna Kyllöinen

Joachim Wik

Kiti Karvinen, Johanna Kyllöinen & Joachim Wik

Search from the site.