Home / Publications

Publications

Discover thought leadership and legal insights by our legal experts from across CMS. In our Expert Guides, written by CMS lawyers from across the jurisdictions where we operate, we provide you with in-depth legal research and insights that can be read both online and offline. You can also find Law-Now articles with focused legal analysis, commentary and insights to help you anticipate future challenges and much more.



Media type
Expertise
22/07/2024
New EU rules on Non-Performing Loans
An EU law update relevant to sellers, purchasers and credit servicers.
01/07/2024
Digital Operational Resilience Act - DORA Regulation Guide
Introduction to DORA In an era where digital technologies are pivotal to financial operations, the Digital Operational Resilience Act (DORA) stands as a cornerstone EU regulation aimed at enhancing the operational resilience of the financial sector against ICT (Information and Communication Technology) disruptions and threats. By establishing rigorous standards for digital resilience, DORA not only safeguards the financial entities but also ensures the broader stability of the financial system across the EU through uniform legal provisions. The regulation requires financial entities to establish an internal governance framework that rigorously manages ICT risks. DORA Times­calesme­di­umThere may be minor differences in the implementing legislation at the jurisdictional level, e.g. some EU Member States extend the scope of DORA in whole or in part to other types of financial entities or provide specific rules on the relationship between the NIS2 Directive and the DORA Regulation. It is therefore always advisable to contact a DORA expert in the relevant jurisdiction for country-specific advice. The 5 pillars of DORAmedium
14/06/2024
ICT TPPs - Third party service providers
DORA affects third party ICT providers to financial institutions by imposing mandatory rules on their operations. Services for ICT service providers include: 1.  Advice on the implementation of DORA regulation, in particular the following topics:Analysing whether the ICT service provider and ICT services fall under the effect of DORAAnalysing whether the ICT service/service provider qualifies as which supports critical or important function of the financial entityAnalysing whether the ICT service provider qualifies as key (critical) providerDue diligence by financial in­sti­tu­tion­sReg­is­ter­ing of LEI numbersInterplay between NIS2 and DORA2.  Assistance in the preparation of the necessary DORA doc­u­ment­a­tion:Pre­par­ing checklist for internal policies and pro­ced­ures­In­tern­al policies, such as Information Security Policy, ICT Business Continuity Plan, Disaster Recovery PlanIncident management policies and processes3.  Trainings for board members and employees responsible for DORA com­pli­ance:Pre­par­ing the training materials: PPT presentation and word summaryAnswering client-specific questions4.  Assistance in contracting with financial in­sti­tu­tions:Pre­par­ing DORA contract template with financial institutions including the mandatory contractual pro­vi­sion­sPre­par­ing DORA questionnaire for self-assessment pur­pose­sPre­par­ing DORA due diligence questionnaire for ICT sub­con­tract­or­sAs­sist­ing in completing the due diligence questionnaire of financial in­sti­tu­tion­sNe­go­ti­at­ing all the DORA contracts with ICT service pro­viders:Pre­par­ing the ICT service provider specific DORA contracts, including the individually negotiated parts from the previous outsourcing con­tracts,Ne­go­ti­at­ing the contracts with the financial in­sti­tu­tions.5.  Assistance in reporting and managing ICT related incidents/events to the financial in­sti­tu­tion:As­sist­ing in risk ana­lys­isAs­sist­ing in classification of ICT related in­cid­ents/event­s­Pre­par­ing incident reportsAssisting in crisis com­mu­nic­a­tion6.  To critical ICT service pro­viders:Spe­cial services to critical ICT service pro­viders:Ana­lys­ing whether the ICT service provider qualifies as key (critical) pro­viderRep­res­ent­a­tion in supervising framework before the lead authority in the different proceeding (general investigation, controls, continuous supervision, etc.)
14/06/2024
Regulated entities
Our services for regulated entities in the financial services sector include: 1.  Advice on the implementation of DORA regulation, in particular the following topics:Analysing whether the given financial entity falls under the scope of application of DORAAnalysing whether the given ICT service provider and ICT services fall under the scope of application of DORAAnalysing whether the given ICT service/service provider qualifies as which supports critical or important function of the financial entityAnalysing whether the given ICT service provider qualifies as key (critical) providerIncident reporting and managementTLPT testing, testing of digital operation re­si­li­enceCy­ber­se­cur­ity and IT security measuresAudit issues, cer­ti­fic­atesLi­ab­il­ity issues: liability of chief executive officersDue diligence of ICT pro­vider­sIn­ter­play between NIS2 and DORA2.  Assistance in the preparation of the necessary DORA doc­u­ment­a­tion:In­tern­al policies, such as Information Security Policy, ICT Business Continuity Plan, Disaster Recovery PlanIncident management policies and processes3.  Trainings for board members and employees responsible for DORA com­pli­ance:Pre­par­ing the training materials: PPT presentation and word summaryAnswering client-specific questions4.  Policy development and doc­u­ment­a­tionAs­sist­ing in developing or updating policies related to ICT risk management, incident reporting, and third-party risk management to comply with DORAHelping create comprehensive documentation that supports DORA compliance efforts, including risk assessment reports and resilience testing results5.  Assistance in managing ICT service pro­viders:Pre­par­ing DORA contract template with ICT service providers, including the mandatory contractual provisions. Preparing due diligence questionnaire for ICT service pro­vider­sAs­sist­ing in preparing the exit strategy­Assist­ing in due diligence of ICT service pro­vider­sCheck­ing the ICT service provider’s answers, certificates, conducting background checksAssisting in assessment of ICT-con­cen­tra­tion riskNegotiating all the DORA contracts with ICT service pro­viders:Pre­par­ing the ICT service provider specific DORA contracts, including the individually negotiated parts from the previous outsourcing con­tracts,Ne­go­ti­at­ing the contracts with the ICT service providers. Assisting in registering of ICT service providers and completing the data provision obligation to the supervisory authorities6.  Assistance in reporting and managing ICT related in­cid­ents/events:As­sist­ing in risk analysis, business impact ana­lys­isAs­sist­ing in classification of ICT related in­cid­ents/event­s­Pre­par­ing incident re­ports­Rep­res­ent­ing the client in the procedure before the supervisory au­thor­ityAssist­ing in crisis com­mu­nic­a­tion7.  Litigation and Enforcement Risk Man­age­ment­Pre­par­ing defence strategies for potential regulatory investigations or enforcement actions related to non-compliance with DORARepresenting investment funds in negotiations or disputes with regulatory authorities8.  Assistance in information shar­ing:Pre­par­ing information sharing agreements
15/04/2024
CMS Class Actions video series
Data-driven insights into class action risk across Europe
08/03/2024
Harmonisation of insolvency laws in the EU and in non-EU countries: "insolvency...
The series are dealing with the topic of the draft directive "insolvency avoidance actions" and show how this topic is being discussed in the Member States and what the situation is like in individual non-Member States.
25/01/2024
Emerging Europe M&A Report 2023/2024
Despite geopolitical tensions, fears of recession and strong inflationary pressures across the EU, as well as the fiscal tightening needed to contain them, M&A in the CEE region has remained reasonably buoyant. Findings from the CMS Emer­ging Europe M&A 2023/24 report, published in cooperation with EMIS, demonstrate the resilience of the Emerging Europe deals market as activity holds firm against a backdrop of geopolitical tensions and strong inflationary pressures. Welcome to the 2023/24 edition of the Emerging Europe report.
18/01/2024
Harmonisation of insolvency laws in the EU and in non-EU countries
With the articles below we are presenting Law-Now blog series "Harmonisation of Insolvency Laws in the EU", which will provide an overview of the EU Commission's draft directive, including the most important objectives and planned measures. The series are dealing with the two exciting topics of the draft directive, "pre-pack proceedings" and "insolvency avoidance actions" and show how these topics are being discussed in the Member States and what the situation is like in individual non-Member States.
28/11/2023
International Digital Regulation Hub
Following the EU Commission plan “A Europe fit for the digital age”, we have witnessed a lot of digital regulations in the EU including DMA and DSA, AI Act, Data Act and there is still more to come. Whilst presenting companies with a tumultuous landscape to navigate, the legal obligations imposed also present opportunities to develop their business in a new digital framework safeguarding responsible business practices, fair competition and personal data. The CMS Digital Regulation Hub is home to our Digital Regulation Tracker Tool, providing an overview of the key regulatory instruments for area of law, sectors and business activities which are critical for decision makers as they adapt to the increasingly digital landscape. In addition to this unique tool, we explore the impact this tsunami of regulation is having for businesses across a variety of industries and how GCs can ride the waves to stay ahead of the curve. Our latest re­port il­lus­trates the key findings across Platforms, Content providers, Life Sciences & Healthcare, Energy & Infrastructure, Banking & Finance and Automotive industries. To discuss how to cope with the challenges of Digital Regulations and to explore the opportunities for your business, please contact one of our International experts.
13/09/2023
Turning the Corner? CMS European M&A Outlook 2024
We are pleased to share with you the 2024 edition of the European M&A Outlook, published by CMS in association with Mergermarket.
12/09/2023
CMS European Class Actions Report 2023
Data-driven insights into class action risk across Europe, a key concern for major corporates
05/09/2023
CMS European Real Estate Deal Point Study 2023
The state of the real estate transaction market in Europe The new CMS European Real Estate Deal Point Study 2023 now includes more than 2,500 transactions. Compiling the study involved comparing all the transactions on which we advised in the period 2010 to 2022, enabling us to highlight developments and trends in the real estate market. The market response to our study indicates that over the years it has repeatedly proved to be a valuable tool when preparing for contract negotiations. CMS’ analysis of the real estate market in 2022 revealed the following key trends