Rowan Legal’s TMT practice has been concentrating on AI, cybersecurity, and emerging regulations such as PSD3 and FIDA over the past year, according to Partner Josef Donat, driven by rapid technological advancements and their impact on the regulatory landscape.
CEELM: Over the last year, what has been your firm’s busiest practice?
Donat: We began our journey in the 90s, focusing extensively on IT law and this expertise has grown significantly in time. Over the past year, the developments in AI, cybersecurity, and implementation of PSD3 PRs and FIDA regulations have been our focus.
AI is a hot topic, and dealing with AI legislation is part of our daily routine. Even though everyone is using AI, few really delve into the legal aspects. Our clients are keen to explore this area – Czech banks, for instance, already have several AI tools in place, and the same goes for public sector organizations. We help them navigate regulations.
While more related to the banking and finance sector, our TMT teams are also working with major banks and card providers on what PSD3 and other upcoming regulations will involve. On the cybersecurity front, we have the DORA regulation and NIS2 directive coming up. Although they’re a bit delayed, there’s a lot of ongoing discussion in cybersecurity, which remains a critical area.
CEELM: As a consequence of these developments, what are the main areas of advisory work provided by you?
Donat: It’s quite straightforward – if a company wants to use AI tools for customer service, they need to establish an AI code of conduct and internal rules for employees, management, and suppliers. This includes developing a comprehensive set of internal and external documents. For all use cases, it’s essential to analyze GDPR and cybersecurity aspects and prepare contractual documents for suppliers, along with a risk analysis of the documents from the AI provider. We advise against using public AI tools. Additionally, a risk analysis should be conducted for the fixed terms and conditions and contractual documents for customers using the AI tool.
We’re also enhancing our internal IT capabilities, testing five different tools to benefit both ourselves and our clients. We have a collaborative approach, offering legal guidance while our clients assist us with IT development. We’re figuring out the best solutions, like Microsoft 365 Copilot, and handling the technical work.
CEELM: What is the forecast for the next few months? Are you expecting an increase or decrease in workload?
Donat: The outlook is bright and promising, as technology is evolving rapidly. From a TMT perspective, AI is just getting started, and we can expect a growing number of tools and an increasing need for clients to develop or adopt an AI code of conduct. My team is keeping an eye on legislative developments, including the Czech Republic’s AI initiatives. The legal system there has already allowed AI in several public sectors, especially social services, sparking considerable discussion about its use in these areas. I anticipate that more public sector IT professionals will adopt AI tools and focus on this field.
This is an exciting area for attracting young talent, though the hype hasn’t fully delivered results yet. In the next two years, AI tools will become essential for law firms, and crucial for data analysis and regulatory compliance. That’s why we advise our clients, especially those in heavily regulated sectors like banking, to be careful in their selection of tools.
I also believe that cybersecurity will be a critical issue not just for the upcoming year, but for the entire century. The number of targets and obligated subjects has surged from around 500 to about 10,000. This creates a large pool of clients needing help with the new cybersecurity regulations. It’s essential to offer comprehensive support, which includes not just legal, but technical, procedural, audit, and IT consultancy services.
CEELM: Is there any specific piece of legislation you’re keeping an eye on?
Donat: Cybersecurity is the biggest topic right now, generating significant discussion and noise in the Czech Republic, particularly concerning supply chains and China-based vendors. The law is moving toward stricter rules on supply chain supervision and restrictions. If some Chinese vendors, particularly in the telecom and utilities sector, are banned, it could significantly raise costs for many companies. There’s a lot of debate happening between industry players and the government. We’re keeping a close watch on how the final legislation shapes up.
