Issue 3 / 2024

In the current CRi issue 3 (publication on: 15. Juni 2024) you find the following articles and case law:



Zirnstein, Yannick, Better cybersecurity due to increased regulation? The final European Cyber Resilience Act, CRi 2024, 65-72

The article focusses on key provisions of the Cyber Resilience Act adopted by the European Parliament in March and after a brief introduction (I.) addresses the scope (II.), the categories of products with digital elements (III.) and the obligations of their economic operators (IV.) as well as the tasks and powers of market surveillance authorities (V.) and administrative fines (VI.) before concluding in view of the remaining timeline (VII.).

Molavi Vasse’i, Ramak, The AI Act – The Epitome of Outdated Tech Governance, CRi 2024, 72-78

The paper provides a critical assessment of the EU’s AI Act, highlighting its deficiencies in addressing the complex challenges posed by AI technologies. The analysis underscores that while transparency and evaluation measures are essential components of AI governance, the Act’s over-reliance on these measures alone is insufficient to effectively regulate the rapid proliferation of AI applications. Criticizing the AI Act’s emphasis on innovation at the expense of genuinely beneficial technological development, the paper argues for governance reforms that not only adapt to the evolving nature of AI, but also prioritize its impact on individuals and society. The paper calls for a rethinking of tech governance to create regulatory frameworks that are as adaptive as the technologies they aim to govern, with a primary focus on enhancing societal well-being, which should be the fundamental goal of all economic and technological progress.

Albrecht, Daniel, China Releases New Regulation on Cross-border Data Transfers, CRi 2024, 79-84

The article describes in detail the New Regulations which introduce exemptions to the existing filing obligations for outbound data transfer, including (1) absolute exemptions, which are exemptions applicable to all regulatory procedures for outbound data transfer, and (2) exemptions from the obligation to file a security assessment, i.e., the New Regulations have modified the thresholds mandating the filing of a security assessment and if such thresholds are not met, the data processor still needs to conduct standard contract filing or PI (Personal Information) protection certification. The Regulation leaves space for special policies in Free Trade Zones.

Beardwood, John, Yes, This Is A Puff Piece? A Comparative Analysis of the Vendor Defences of Puffery, Statements of Future Intent and Disclaimers, CRi 2024, 85-91

One of the common themes among various failed ERP implementations and outsourcing transactions is the divergence between the representations made by technology vendor sales teams as to promised skills, expertise and delivery, and the actually provided skills, expertise and delivery. The article analyses the resulting lawsuits and begins in this Part 1 by providing an overview of the law of misrepresentation, and then the common vendor defences of puffery and opinion, statements of future intent, and contractual disclaimers, in Canada (I) and in the United States (II). Part 2 will then complete the overview with a look at the European Union (III) and an assessment how these defences were raised by vendors in two recent ERP failure lawsuits (IV), before concluding with lessons learned for vendors and customers (V).

Case Law

Supreme Court of the United States v. 15 March 2024 - No. 22-611, 601 U.S. 187 (2024), USA: Two-Prong-Test Determining Public Officials’ Social Media Use as State Action, CRi 2024, 91-95

Supreme Court of the United States v. 9 May 2024 - No. 22–1078, 601 U. S. ### (2024), USA: No Time Limit for Monetary Relief for Copyright Infringement, CRi 2024, 95

CJEU v. 14 September 2023 - C-27/22, EU: Applicability of Principle ne bis in idem to Severe Administrative Penalties with Punitive Purpose, CRi 2024, 95

Verlag Dr. Otto-Schmidt vom 11.06.2024