Chapter
Intellectual property
NFT and intellectual property law
What is NFT?
NFT stands for 'non-fungible token'. In this case, we should understand the word 'non-fungible' as 'having no equivalent in other objects/currencies'. Generally speaking, NFT is a type of cryptographic token based on blockchain technology.
Popularity of the NFT
NFT gained huge popularity during the global lockdown in 2020. Initially, the technology was associated exclusively with art, particularly images and visuals. Nowadays, NFT is gaining popularity and is used in areas such as entertainment, gaming, fashion and even retail and real estate.
In 2021, the valuation of the NFT market was estimated at $40 billion.
Copyright of a work and NFT
The trading of NFT tokens has not yet been regulated in any way. Therefore, it is now necessary to adapt the existing legal regulations to the specifics of NFTs.
An NFT may constitute a work within the meaning of Article 1(1) of the Act of 4 February 1994 on Copyright and Related Rights if it fulfils the statutory prerequisites for recognition as a work within the meaning of copyright law.
First of all, it is necessary to distinguish between the situation in which a real existing e.g. work of art has its counterpart in the form of NFT, and the creation of a graphic or other work immediately in the form of NFT. In the first case, the sale of the NFT would not normally lead to a transfer of copyright in the associated existing artwork. In the second case, on the other hand, one should be able to distinguish between two situations. The first is the ownership of the NFT and the second is the ownership of the intellectual property rights to the NFT token.
It is important to note that the owner of an NFT may own, for example, a particular copy of a 'digital' photograph or music file, and not own the intellectual property rights to that photograph or music file.
The acquisition by the purchaser of an NFT token of the intellectual property rights to that token, is of great importance in the context of its further dissemination.
In order for the intellectual property rights to pass to the purchaser of the NFT, that purchaser must enter into an agreement for the transfer of copyright, as it is not sufficient to simply buy the NFT token in question. The consequence of the failure to effectively transfer copyright to the purchaser of the NFT token is that it is still the original creator who holds those rights. And as a consequence, the owner of the NFT may not be entitled, for example, to reproduce, distribute or publicly perform the NFT object.
Does the acquisition of an NFT result in a licence?
The acquisition of an NFT will most often not involve a transfer of copyright, but at most a licence.
On the legal side, the sale of an NFT is closest to a non-exclusive licence, which does not give the purchaser exclusive rights to the work.
A licence agreement may be a more practical solution than an actor's rights transfer agreement for the reason, among others, that a non-exclusive licence does not have to be in writing. Depending on the platform on which NFT tokens are sold, the scope of the licence may vary. Typically, a narrow scope licence is granted, which does not include the right to commercially exploit the works acquired under NFT.
Want to know more about blockchain technology and NFT?
We invite you to read our article: Blockchain, metaverse and NFT - are society, businesses and regulators ready for the challenges ahead? | EY Poland
Chapter
IT
The Cyber Security Certification Scheme for Cloud Services
ENISA (The European Union Agency for Cybersecurity) is currently drafting a regulation on cyber security certification for cloud services (EUCS).
What is the purpose of the proposed EUCS?
The Cyber Security Certification Scheme for Cloud Services („Programme”) aims to further improve the conditions for the Union's internal market in cloud services by strengthening and streamlining the cybersecurity assurance of services. The EUCS project is a comprehensive set of rules, technical requirements, standards and procedures agreed at European level to ensure adequate cyber security of a specific product, service or process.
The draft legislation aims to harmonise the security requirements of cloud services with the provisions of other European acts, international standards, industry best practices, as well as with existing certifications in EU Member States.
Current stage of work
The public consultation has now closed. The project is currently in the dialogue phase. It is difficult to assess how quickly the work will progress.
Highlights of the certification
- At the moment, certification is voluntary i.e. cloud providers can decide for themselves whether they want their products to be certified;
- Certification will apply to all types of cloud services - from infrastructure to applications
- Certification will increase confidence in cloud services by setting reference security requirements;
- Certification includes three levels of assurance: "basic", "substantial" and "high";
- The certification scheme proposes a new approach inspired by existing national systems and international standards;
- Certification can be issued for a maximum period of three years;
- The certification scheme includes transparency requirements, such as the location of data processing and storage.
Lack of agreement on the "sovereignty requirement"
The European Commission has asked the European Union Cyber Security Agency (ENISA) to add sovereignty requirements to the Programme to ensure resilience against foreign jurisdictions. Concerns about adding a „sovereignty requirement” to the draft Programme were raised by Denmark, Estonia and Greece, among others. Sovereignty requirements were supported by France and Italy, for example.
Accordingly, on 19 September 2022. Germany called on the European Commission for a political discussion on the sovereignty requirements that the European Commission wants to include in the Programme.
Why is this important?
In addition to the advantage of obtaining a certain level of safety, certification will certainly make it easier for non-EU operators to operate in the European market and help build confidence in the European market for such suppliers.
Chapter
Cybersecurity
Statement of the Polish Financial Supervision Authority (PFSA) on the cyber security activities of insurance and reinsurance undertakings
The Office of the PFSA pointed out the incorrect practice:
- Overly simple and obvious encryption of documents containing insurance secrets by using PESEL number, date of birth as password;
- Excessive use of active links in SMS/mail
In the Authority’s Statement, attention was drawn to:
- The need to use more secure customer interaction channels, such as the insurance company's mobile app;
- The need to ensure the use of multi-factor authentication in accessing documents containing insurance secrets - indirectly, its absence could jeopardize the security of customer funds through unauthorized access to account number information;
- The need to monitor third-party IT providers based on the IT guidelines for the insurance sector (equivalent to Recommendation D in the banking sector);
- Expanding customer education campaigns to include channels other than the internet or the app, as this creates a gap among those who do not use these forms of communication.
Chapter
Data protection
27 December 2022 is the deadline for SCC exchange for data transfers
Pursuant to the European Commission's Implementing Decision 2021/914 of 4 June 2021, the deadline for the implementation of the new standard contractual clauses (SCCs) for the transfer of personal data to third countries adopted under the aforementioned Decision expires on 27 December 2022.
Chapter
E-commerce
Digital Markets Act
Overview
Regulation of the European Parliament and of the Council on contestable and fair markets in the digital sector (Digital Markets Act) was published in the Official Journal of the European Union on 12 October 2022 and came into force on 1 November 2022.
The aim of the new regulation is to put an end to unfair practices by companies that act as „Gatekeepers” in the online platform economy
When will a company be considered an „Gatekeepers”?
- When it has a significant impact on the internal market. This requirement will be presumed where the undertaking to which it belongs achieves an annual EEA turnover equal to or above EUR 6.5 billion in the last three financial years, or where the average market capitalization or the equivalent fair market value of the undertaking to which it belongs amounted to at least EUR 65 billion in the last financial year, and it provides a core platform service in at least three Member States;
- This requirement will be presumed where the company provides a core platform service that has more than 45 million monthly active end users established or located in the Union and more than 10 000 yearly active business users established in the Union in the last financial year;
- it enjoys an entrenched and durable position in its operations or it is foreseeable that it will enjoy such a position in the near future. A company is presumed to meet this requirement when the thresholds indicated above have been reached in each of the last three financial years.
Contact us!
Summary
Here is the second study prepared as part of the Make IT clear program.
Every month we will show you the trends that entrepreneurs should follow and the solutions that should be implemented in order to be up to date with the law of technology, intellectual property and data protection. We will also indicate the risks and challenges associated with your business.
Do not hesitate to contact us!
Contact us
Interested in the changes we have made here,
contact us to find out more.