News Archives | bpv legal

The EU’s Digital Omnibus: Simplifying Rules on AI, Cybersecurity, and Data

By Roxana Daskălu, Senior Associate & Diana Ciubotaru, Associate

The European Commission published its most debated draft legislative package today, known as the Digital Omnibus[1] and the Digital Omnibus on AI[2]. The Digital Omnibus proposals aim to reduce administrative and compliance burdens, enhance legal certainty, and make the EU’s digital landscape more navigable for businesses, particularly for SMEs.

A. The proposal for Digital Omnibus

It introduces numerous amendments, of which the key ones are the following:

1. Consolidation of existing EU data laws into the Data Act

Three major instruments are merged into the Data Act, such as: (i) Regulation 2018/1807 (Free Flow of Non-Personal Data); (ii) Regulation 2022/868 (Data Governance Act/ DGA); and (iii) Directive 2019/1024 (Open Data Directive).

This cohesion of the legal provisions, among others, aims to:

▸ modernize and harmonize existing rules;

▸ strengthen the protection applicable to trade secrets and third countries (e., allowing data holders to refuse disclosures of trade secrets to a user when there is a high risk of unlawful acquisition, use, or disclosure to third countries that are subject to jurisdictions with weaker protections than those available in the Union);

▸ streamline and simplify the conditions for re-using certain categories of protected data, clarifying how the rules apply when personal data have been anonymized, by also maintaining the safeguards for transfers of non-personal data to third countries, etc.

2. GDPR & ePrivacy Directive amendments

► The Digital Omnibus draft also aims to clarify key GDPR concepts, as follows:

▸ Inserting new definitions
– Tightening the definition of personal data: by introducing a “subjective” approach depending on the specific controllers’ capability to identify the person and by potentially excluding “pseudonymous” data from the scope of the GDPR;
– It adds new definitions, including terminal equipment, web browser, media service, media service provider, online interface, and scientific research.

▸ New exemptions for special categories of data introduced, such as:
– biometric data: Processing of biometric data is permitted when it is necessary for confirming the identity of the data subject.
– residual sensitive data: Allows for the residual processing of special categories of personal data (i.e., data that remains despite efforts to avoid collecting it) for the development and operation of an AI system or model.

▸ Clarifying the “right of access” of data subjects:
– providing that controllers may refuse or charge a reasonable fee for access requests made for purposes unrelated to data protection, and it further defines the criteria for determining when such requests are excessive.

▸ Restricting the data controller’s obligation to inform data subjects under Art. 13 GDPR:
– by removing the obligation to inform data subjects when they can reasonably be expected to already have the information, except where the data will be shared with new recipients, transferred internationally, used for automated decision-making, or processed in ways that pose a high risk to individuals’ rights;

▸ Recognizing the development and operation of AI systems as a legitimate interest for processing personal data:
– this means companies could rely on legitimate interest for AI training and use, so long as the processing is necessary and does not outweigh individuals’ rights;

▸ Updating the rules on automated decision-making:
– by broadening the exemptions under Art 22 GDPR and clarifying that, for automated decision-making under Article 22 GDPR in the context of entering into or performing a contract, the requirement of “necessity” applies even if the decision could technically be made by non-automated means.

▸ Extending the breach-notification deadline to 96 hours, and creating a single EU reporting portal:
– the notification is only required if a data breach is likely to result in a high risk to the data subject’s rights;
– it is also proposed that controllers use the EU single-entry point when they notify data breaches to the supervisory authority.

▸ Introducing new rules on DPIAs:
– by creating a single EU list of processing operations that do or do not require a DPIA. The EDPB would be obliged to prepare proposals for such lists, along with a common DPIA template and methodology, which the Commission can formalize through an implementing act.

►Integration of the ePrivacy rules into the GDPR framework.

▸remove the ambiguity created by the dual GDPR–ePrivacy regime, it is clarified that the processing of personal data on or from terminal equipment is governed solely by the GDPR

3. Cybersecurity framework – Single-Entry Point for Incident Reporting

The Digital Omnibus draft aims to create a Single-Entry Point for all major EU incident-reporting obligations, assigning ENISA key responsibilities and requiring that notifications under NIS2, the eIDAS Regulation, DORA, the Critical Entities Resilience Directive (CER), and the GDPR all flow through this unified channel.

B. The proposal for Digital Omnibus on AI

To ensure a smooth and practical rollout of the AI Act, the European Commission has introduced a set of targeted simplification measures, such as:

► Implementation and Standards: The timeline for implementing high-risk rules will be linked to the availability of standards or other support tools.

► AI Literacy: The Commission and the Member States are required to foster AI literacy. This replaces unspecified obligations on providers and deployers, although training obligations for high-risk deployers remain in place.

► Reduced Registration Burden: There will be a reduction in the registration burden for providers of AI systems that are used in high-risk areas but are concluded to not be high-risk because they are only used for narrow or procedural tasks.

► EU-Level Sandbox: The AI Office will set up an EU-level AI regulatory sandbox starting from 2028.

► Legislative Clarity: Targeted changes will be made to clarify the interplay between the AI Act and other EU legislation.

[1] https://digital-strategy.ec.europa.eu/en/library/digital-omnibus-regulation-proposal

[2] Digital Omnibus on AI Regulation Proposal | Shaping Europe’s digital future

Acquisition of Distribuce Ostrava from ČEZ ESCO for UCED Group

We are very pleased that our team could participate in another significant transaction for the UCED Group with the acquisition of Distribuce Ostrava from ČEZ ESCO. Our services included legal due diligence and representation in negotiations on transaction and financing documentation, as well as in proceedings before the Office for the Protection of Competition (ÚOHS).

The transaction team was led by partner David Vosol, together with senior associate David Plevka. Project financing was conducted by partner Pavel Vintr, along with senior associate Ivana Horáková.

Congratulations to the UCED Group on another step in strengthening its position as the number one player in the field of local distribution systems!

UCED Vítkovice is part of the CREDITAS ASSETS SICAV fund from the CREDITAS Group, which has existed since 2020 and is focused on energy production and distribution. It acquired the local distribution system (LDS) in the industrial complex in Ostrava-Vítkovice from ČEZ ESCO, which serves 180 consumption points. The UCED energy division from the CREDITAS Group thus further solidifies its position as the largest operator of local distribution systems in the Czech Republic and the fourth largest energy distributor. The parties did not disclose the transaction price. The acquisition has already been approved by the anti-monopoly office.

The company Distribuce Ostrava includes a part of the ČEZ ESL plant used for the operation of the local distribution system in the cadastral territories of Moravská Ostrava, Mariánské hory, Nová Ves u Ostravy, Zábřeh-Hulváky, Vítkovice, Zábřeh-VŽ, Hrabůvka. The LDS is connected to the 110 kV network and supplies industrial complexes and adjacent consumers. It includes three main 110 kV substations with nine VHV/MV transformers with a total capacity of 365 MVA and two dozen subsequent transformer stations, the operation of which is monitored from its own control center.

Due Dilligence for Glestein in Slovakia

Our team, consisting of Igor Augustinič, Zuzana Dzilská, Juraj Gazda, and Jana Revúcka, contributed to the successful completion of an international acquisition by performing legal due diligence of the Slovak company Gleistein from the perspective of Slovak law.

This comprehensive transaction focused on the purchase of a 50 percent stake in Gleistein GmbH, a specialist in rope technology and manufacturer of fiber ropes, by the Carl Stahl Group.

Gleistein GmbH is a long-established family business based in Bremen that develops and produces high-quality fiber ropes. With around 250 employees, state-of-the-art locations in Bremen and Trencin, and a focus on innovation and sustainability, it is considered a global technology leader.

Carl Stahl brings the group’s stable global presence to this partnership, while Gleistein contributes its rope technology expertise and innovative strength. Together, the companies are thus creating the basis for sustainable growth, international opportunities, and long-term stability.

Legal assistance with the sale of Šumavská Tower

Our law firm bpv BRAUN PARTNERS represented a company from the ECO Finance Group in the sale of a building within the ŠUMAVSKÁ TOWER project.

This project includes office spaces and a commercial gallery in the complex of high-rise buildings of the same name, which offers modern offices and a breathtaking view in the very heart of Brno.

Our consultancy included the preparation and negotiation of complex contractual documentation covering the terms of sale, escrow of documents and the purchase price, and the refinancing of existing credit exposure and fulfilling the conditions for acquisition financing.

The entire acquisition team was led by partner David Vosol in cooperation with attorney František Čech.

One of the most complex transactions of the year on the Czech market

The bpv BRAUN PARTNERS team advised the investment fund IROMET on the acquisition of the assets of the insolvent Liberty Ostrava – a strategically significant steel producer with more than 70 years of tradition under the Nová huť brand.

This was one of the most complex transactions of the year on the Czech market – a challenging legal and financial process with major implications for regional industry and employment. Our advisory services covered legal due diligence, negotiation of transaction documentation, and representing in financing of the transaction.

“One of the key challenges was addressing environmental burdens and emission allowances, requiring not only in-depth knowledge of EU legislation but also a strategic mindset for legal solutions”, says David Vosol, who led the team together with František Čech, David Plevka, and Adam Dobiáš.

bpv LEGAL Office Outing 2025 – City Lights & Vineyard Nights

From 11–13 September 2025, colleagues from across the bpv LEGAL network gathered in Budapest and Etyek, Hungary for our much-anticipated Office Outing 2025, a three-day event filled with culture, collaboration, and celebration.

A Warm Welcome in Budapest

The outing began with a guided tour of the Zwack Unicum House, where participants explored Hungary’s iconic herbal liqueur heritage. A welcome lunch followed at the Aranybástya Restaurant, located in the historic Buda Castle district, offering panoramic views of the city. Our team then checked into the Abacus Business & Wellness Hotel, setting the stage for the first plenary session, “From Pilots to Practice: bpv LEGAL offices on the AI journey”. The presentations showcased the latest developments and practical applications of AI, and the discussion brought together diverse perspectives that sparked thoughtful conversations. The discussions also emphasized the importance of responsible use of AI tools in legal practice, highlighting ethical considerations and best practices. Overall, the sessions reinforced the value of curiosity and knowledge-sharing, leaving the team inspired and better equipped to explore new ideas collaboratively.

The evening concluded with an unforgettable wine tasting and dinner at the Hernyák Vineyard Estate in Etyek.

Our second full day brought a cinematic start with a behind-the-scenes tour of Korda Film Studios, one of Europe’s largest film production centers. After a shared lunch, colleagues could join in on two engaging team-building activities: a Hollywood-themed quiz game full of music and movie trivia, and an outdoor relay combining physical, mental, and creative tasks. The set of games and creative challenges sparked both problem-solving and laughter, creating moments of genuine collaboration. The games and challenges encouraged everyone to step out of their usual roles, and it was inspiring to see different strengths and perspectives come to light

The day ended in style with a Gala Dinner at Haraszthy Vineyard, followed by a lively bowling, pool, and party back at the hotel, ensuring that laughter and camaraderie carried late into the night.

The Office Outing 2025 was more than just a corporate retreat. It was a chance to strengthen professional bonds across our international offices, celebrate teamwork, and enjoy the unique blend of city lights and vineyard nights that Hungary has to offer.

We look forward to the next gathering and the many opportunities it will bring to grow together as one bpv LEGAL family.

bpv GRIGORESCU ȘTEFĂNICĂ becomes the first Romanian independent law firm to implement cutting-edge AI workspace Legora

bpv GRIGORESCU ȘTEFĂNICĂ announces its partnership with LEGORA, the leading collaborative AI platform for lawyers, implementing the technology across several practice areas. As Romania’s most prominent firm in the Technology, Media, and Telecoms sector and the first to adopt this platform, bpv GRIGORESCU ȘTEFĂNICĂ continues to pioneer industry innovation. Following a comprehensive evaluation, the firm chose Legora for its superior performance, reliability, user friendliness and seamless team integration capabilities. This strategic investment enhances the firm’s capability to deliver outstanding client services while positioning it as a market innovator.

Legora’s user-friendly design integrates seamlessly with existing workflows, enabling lawyers to focus more time on meaningful work while accelerating execution speed. Automation of routine tasks and administrative processes allows lawyers to free up time and direct their expertise toward the sophisticated legal reasoning that creates value for clients. The platform’s security architecture safeguards confidential client data throughout all automated workflows.

“Our commitment to remaining at the forefront of the industry drives us to continuously embrace new technologies that benefit our clients,” said Cătălin Grigorescu, Managing Partner at bpv GRIGORESCU ȘTEFĂNICĂ. “We have gone through an extensive evaluation process of several solutions and found Legora to be best at enabling our lawyers to focus on substantive work that employs their specialised knowledge. Technology transforms how we approach legal challenges, allowing us to provide more strategic counsel while maintaining the personalised attention our clients expect.”

Recognising that rigorous document review and research work has traditionally been assigned to junior lawyers as part of their professional development, the firm is adapting its training methodology to focus on higher-level analytical skills and strategic thinking from earlier career stages. This evolution in legal education emphasises both technical proficiency and adherence to the highest ethical and professional standards in legal practice.

“We think long and hard about the future of legal training. While it is too early to make hard statements about the future shape of our team and practice as technology develops, we already recognise that we need to train young lawyers in our firm for a partially different skill set than the traditional one. At the same time, more senior lawyers will have to adapt to new ways of delivering value to the clients. As we get this right, we will be able to enhance our team’s impact on our client matters and our business, including the team’s wellbeing, manifold in a very short period of time,” added Cătălin Grigorescu.

Key Business Enhancements will include:

► Enhanced Client Service: Faster document processing and case preparation enable more strategic client engagement and significantly improve execution speed.
► Increased Efficiency: AI-assisted review capabilities free up lawyers to focus on high-value analysis, strategy development, and negotiations.
► Strategic Market Position: Technology adoption ensures the firm remains a leader in legal service delivery and industry innovation.

The firm will continue to evaluate and integrate additional AI-enabled technologies while maintaining its commitment to the personalised service and legal excellence that clients expect. Based on positive outcomes, the firm is discussing extending the use of the Legora platform throughout bpv LEGAL in the Central and Eastern Europe with the aim to strengthen collective capabilities.

****

About Legora

Legora, the collaborative AI platform for lawyers, serves over 250 leading law firms and in-house legal teams globally, helping lawyers to review and research faster, draft smarter, and advise with precision. More than just a platform, Legora is a true partner to clients, from first interaction to company-wide rollout and beyond, powering multiple work-critical use cases and helping teams get to the heart of key issues in minutes and hours rather than days. Legora.com

bpv Huegel advises NÖM AG on strategic partnership with Vorarlberg Milch

The law firm bpv Huegel provided comprehensive support to NÖM AG during its merger with Vorarlberg Milch.

26 August 2025. As part of the transaction, NÖM AG is acquiring the production facility of Vorarlberg Milch GmbH in Feldkirch, which will be managed as part of the NÖM Group in future. At the same time, Vorarlberg Milch eGen is acquiring a direct 3% stake in NÖM AG and will be represented on the Supervisory Board.

The transaction has already been approved by the Federal Competition Authority. The majority shares in NÖM AG remain unchanged with Raiffeisen-Holding NÖ-Wien reg. Gen via Niederösterreichische Milch Holding GmbH and with MGN Milchgenossenschaft Niederösterreich reg. Gen.

bpv Huegel was responsible for structuring the transaction, conducting due diligence, drafting and negotiating the agreements, and handling the merger control proceedings.

“The partnership between NÖM AG and Vorarlberg Milch represents a significant step forward for the Austrian dairy industry. We are pleased to have supported NÖM AG in this strategic development,” said Christoph Nauer, Co-Managing Partner at bpv Huegel.

Press release

bpv Huegel advises CPI Europe on the sale of the Vienna Marriott Hotel

The international sales process for the renowned Vienna Marriott Hotel at Parkring Vienna has been successfully completed with its acquisition by an international consortium of investors.

Vienna, 01 July 2025. bpv Huegel provided comprehensive advice to CPI Europe group (S IMMO) on the sale of the Vienna Marriott Hotel to an international consortium of investors. As part of its strategic realignment, CPI Europe is selling the property at Parkring 12a and the hotel business.

The transaction was implemented through share deals and involves the iconic Viennese hotel property, a large-scale, mixed-use inner-city property, as well as the hotel operating company. The transaction value amounts to over EUR 100 million. The closing for the sale of the real estate companies took place on 27 June 2025. The closing for the hotel operating company is scheduled for January 2026.

The buyer is a joint venture between Evientro Ltd and London-based Landfair European Dislocated Opportunities SCSp, which specializes in liquidity solutions in the European real estate market.

Almost exactly 40 years after its opening on 1 July 1985, one of Vienna’s most famous hotels is changing owners. The hotel, with over 300 rooms and suites, was the first Marriott hotel in the German-speaking region. The hotel will continue to be operated by Marriott International under a long-term management agreement.

“The transaction is one of the most significant hotel sales in Vienna in recent years. We are proud to be supporting CPI Europe on this complex real estate and corporate transaction,” said Christoph Nauer, partner at bpv Huegel and co-lead on the transaction.

bpv Huegel’s advisory services covered the international bidding process, complex corporate structuring, drafting and negotiation of transaction agreements, and tax issues. The bpv Huegel team was jointly led by Christoph Nauer (Corporate/M&A), Dominik Geyer (Real Estate) and Roland Juill (Corporate/M&A), and included Nicolas Wolski (Tax Law), Paul Pfeifenberger (Real Estate, Labor Law), Patrick Nutz-Fallheier (Corporate/M&A), Tim Pasternak (Corporate/M&A) and Gerhard Fussenegger (Antitrust Law).

The buyer’s advisors included SAXINGER (lead counsel to the buyer joint venture), AKELA (co-counsel for acquisition financing on the buyer side), Binder Grösswang (merger control on the buyer side), DLA Piper (legal advisor to the buyer in Germany and Luxembourg), Wolf Theiss (legal advisor to the financing bank, UniCredit Bank Austria AG) and BDO Austria (tax law buyer), which also advised on valuation issues relating to the transaction.

The transaction was facilitated by hotel real estate specialist Christie & Co, who acted as advisor and exclusive broker.

Press release

15th anniversary of our Slovak office in Bratislava

We have just celebrated our special milestone – the 15th anniversary of our Slovak office!

To mark this demanding, yet very successful journey, we celebrated at the beautiful Bratislava Castle. Connecting again with many of our valued clients, friends as well as the partners from bpv LEGAL in such iconic setting, surrounded by the breathtaking view of the city and the Danube, we enjoyed an inspiring evening dedicated to collaboration, trust and memories of shared successes. What ann evening full of joy and a sense of community.

Thank you all for your continued support on the Slovak (and also on the Czech) market.

We look forward to many more years with you!