Digital law for startups –
Growing in the digital world with legal certainty
Part 3: Expanding the legal framework
September 2025
As a decision-maker in your startup, you face a multitude of legal requirements. What is crucial is identifying the truly relevant areas and tackling them systematically. We have structured and prioritized the most important digital law topics for you.
In the third part of this series, we address the expansion of your "legal framework": We deal with contract drafting, AI compliance and employee data protection.
Contract drafting
Developing legally compliant terms and conditions
Well-thought-out contracts create clarity for both parties and minimize later misunderstandings.
Service terms & GTC
B2B vs. B2C: The legal requirements differ significantly depending on the target group. A solution tailored to your business model protects you optimally.
GTC-review
Valid clauses: Not all contract terms are automatically valid. A professional review ensures that your terms hold up in court.
Consumer protection
B2C specifics: Right of withdrawal, warranty, cancellation button and other consumer protection provisions have specific requirements. Proper implementation creates trust with your customers and avoids legal complications.
Accessibility Enhancement Act: Particularly for online retailers and service providers, new obligations arise for barrier-free design of their offerings. Early consideration of these standards makes your services accessible to more people while simultaneously meeting legal requirements. Applicable from 10 employees or €2 million annual revenue.
Strategically securing AI usage
Using artificial intelligence profitably with legal certainty
AI offers enormous potential for your business. However, consider the following points when using it.
EU AI Act
Roles and applicability: Review which role you occupy in the AI ecosystem and which requirements arise from this. Particularly relevant are transparency obligations for AI-generated content such as images as well as potential training requirements for your team.
Privacy
Managing input and output properly: Ensure that both the data you input and the AI outputs are handled correctly under data protection law. Well-thought-out data processing protects you and your customers.
Trade secrets and IP
Protecting your know-how: Preserve your trade secrets when using AI and consider that AI output may not be protected by copyright. A clear IP strategy creates clarity here.
Liability and bias management
Proactively minimizing risks: Consider in advance how you can reduce liability risks through appropriate contracts, transparency or technical settings. Minimizing biases and hallucinations not only protects you legally, but also improves the quality of your AI applications.
Employee privacy
Professionally manage people & privacy
Thoughtful handling of employee data creates trust in the team while simultaneously meeting legal requirements.
Application procedure
Data processing from the start: Applicants send you a lot of personal data. A clear privacy notice and conscious decisions about online research on applicants create transparency and legal certainty.
Employee data
Tracking and monitoring: There are clear ground rules here, particularly regarding what you and your software may capture from employees. You should also observe the standards when using images and other employee data as well as when informing the data subjects.
Consent Management
Obtaining consent correctly: In certain cases, you need the consent of your employees. Due to the power imbalance between employer and employee, particularly high requirements apply here regarding voluntariness.
Policies and organization
Uniform standards: Your employees process data daily. In addition to mandatory training, uniform policies create clarity for all parties involved.
Data Protection Officer
From 20 employees: In Germany, you then need a data protection officer. Although abolition has been discussed politically, this obligation still exists.
Want more?
If you haven't yet gotten around to reading our other parts of this series:
Part 1: The basics: Review of the business model, website, marketing
Part 2: Intellectual Property: Protecting your and others' intangible assets, trade secrets and cyber
Feel free to also visit our Insights page. There you will find more helpful articles.
Do you need help with one of these points?
Contact us for a free initial meeting.
We develop with you a roadmap with the most important steps and create concepts, contracts and legal documentation so that you can focus on what matters to you – your business.
Author
