Home / News

News

Catch up on the latest news and press releases about CMS – the firm, latest developments and insights from our publications. Read all about the newest developments in the legal industry. If you are a journalist or media representative looking for commentary on the legal implications of trends and developments in the business world, please visit our global press room for wider global press queries.



Expertise
15/05/2024
Six years of GDPR: Europe-wide analysis shows increasingly dynamic sanction...
Highest GDPR fine of 1.2 billion euros imposed by the Irish data protection authority in May 2023 for a breach of the rules on international data transfers. Further fines imposed by this authority in 2023 amounted to hundreds of millions of euros. The main violations are “Insufficient legal basis for data processing” and “Failure to comply with the general principles of data processing”. The next most common violation is “Insufficient technical and organizational measures to ensure information security”. Spain tops the list of countries with the most fines for the fifth year in a row, followed by Italy and Romania. Ireland, Luxembourg and France have the highest average fines and total amounts per country. Berlin – Today, international law firm CMS has published the fifth edition of its annual Enforcement Tracker Report. The English-language report shows the developments of all publicly known GDPR fines based on CMS's own online database, GDPR Enforcement Tracker. The current edition of the report covers the analysis period between March 2023 and March 2024. 510 fines were added for the past year as of the editorial deadline on 1 March 2024. This brings the total number of data protection fines since the GDPR came into effect in May 2018 to 2,225, or 2,086 if only fines with full details such as the amount of the fine, date and authority are counted. The total amount of fines since the start of the survey is around 4.5 billion euros. This means that fines of around 1.7 billion euros have been added compared to last year’s Enforcement Tracker Report. This shows that authorities are no longer shying away from imposing high fines. The average fine for the entire reporting period was around 2.1 million euros - with high fines against “big tech” companies in 2021/22 and the first fine in the billions in 2023 having a particularly heavy impact.“At the top of the list of GDPR fine triggers is, once again, insufficient legal basis and non-compliance with the general data processing principles as well as insufficient technical and organisational measures. Companies should pay particular attention to this,” says Christian Runte, lawyer and partner at the international commercial law firm CMS Germany. Dr Alexander Schmid from the Enforcement Tracker team at CMS Germany adds: “In addition to data protection authorities, the courts have also increasingly dealt with the interpretation of the GDPR. For example, the Court of Justice of the European Union has further clarified the scope of data subjects' right of access. “These rulings create more clarity, but at the same time tighten the requirements for companies, which is why, in addition to a viable compliance concept, current developments will also be decisive for them in practice in the future.”Read the full Enforcement Tracker Report here; a summary can be found here. Pressekon­takt presse@cms-hs. com
08/05/2024
Meet CMS Wistrand's AI Team
Find out how our expertise can be of benefit to your organisation in navigating the complexities of AI law and regulation
29/04/2024
How to invest in commercial real estate in Sweden
A practical guide from CMS 
24/04/2024
Renowned Legal Figure and Former Justice Stefan Lindskog Joins CMS Wistrand...
CMS Wistrand is thrilled to announce the appointment of Stefan Lindskog, an esteemed legal professional, to the role of Senior Counsel. His addition brings a wealth of experience and insight to our esteemed team.
23/04/2024
Cyber and Information Security - Update of the NIS Directive
The so-called NIS Directive[1] has been updated through the NIS2 Directive[2], which is set to be applied no later than October 18, 2024. The update aims to enhance the overall cybersecurity level of the EU and entails tightened requirements for actors in both the private and public sectors.  Further developments of the implementation of the NIS2 Directive in SwedenOn 14 December, 2022, the European Parliament and the Council adopted the NIS2 Directive, which constitutes an EU-wide legislation on cybersecurity. As a result of the adoption of the NIS2 Directive, the Swedish government appointed a special investigator with the task to suggest necessary implementation measures in Swedish law. On 5 March, 2023, the special investigator published an interim report[3] containing suggestions on implementation measures. In accordance with the interim report, such measures would mainly be incorporated through a new Swedish Cyber Security Act (the “Act”). The Act is proposed to enter into force on 1 January, 2025.[4] Which actors will be subject to the new Swedish Cyber Security Act?There are two essential differences between the current legislation in Sweden implementing the NIS1 Directive[5], and the proposed new Swedish Cyber Security Act implementing the NIS2 Directive. Firstly, the Act would apply to a larger number of operators. Operators within sectors covered by the Act would be expanded from 7 to 18 (sectors such as energy, transport, health, financial market infrastructure and digital infrastructure would be included among these new sectors). Secondly, the requirements in the Act would apply to the entire operations of such actors, not only to their essential and digital ser­vices.[6] All private operators of a certain size or specifically identified ones and public operators carrying out activities in any of the envisaged 18 sectors would be required to comply with the new provisions under the Act. With regard to private operators, the Act’s provisions would only apply to such operators which employs at least 50 people or have a minimum global annual turnover of EUR 10 million. As a result, the Act  many small businesses would be excluded. However, certain specifically identified individual operators would be subject to the provisions in the Act regardless of size (e.g. operators providing public electronic communications net­works).[7] What requirements will be stipulated in the new Swedish Cyber Security Act?The proposed Act contains several obligations which operators covered by the Act would be subject to[8]:An operator would have to register with its supervisory authority and provide information such as its identity, contact details and activities. The information would be used by the authority to classify the operators as essential or important, and register them. A separate register for cross-border operators would also be implemented. The operator would have to undertake risk management measures to protect network and information systems and its physical environments against incidents. Such measures should be based on a risk analysis, be proportional to the risk and be subject to evaluation. The operator would be required to carry out systematic, risk-based information security work, require its management to undergo training and offer training to employees. Operators would be obliged to report significant incidents to the Swedish Civil Contingencies Agency in its capacity as Computer Security Incident Response Team (CSIRT) within a specified timeframe. This means that an operator would have to report a warning to the CSIRT within 24 hours of having become aware of a significant incident. Moreover, an incident report would have to be submitted within 72 hours, and a final report within one month. What sanctions may be imposed in case of infringements of the Act?Depending on which provision has been violated, the supervisory authority’s enforcement measures consist of measures such as issuing of orders (which may be combined with a financial penalty) or administrative fines. The administrative fines may be set at no less than SEK 5 000 and no more than SEK 10 000 000.[9] Furthermore, sanctions may also be imposed on natural persons as the possibility of imposing prohibitions on persons with management responsibilities to perform management functions, is introduced in the interim report. What are the next steps?The interim report will now be circulated for formal consultation. Thereafter, the Swedish government will proceed with the preparation the new Act which is, as mentioned above, expected to enter into force on 1 January, 2025. However, until then, it will be uncertain exactly how the Act will be designed. In the meantime, organisations will benefit from reviewing the proposed scope of the Act and analyse whether their operations would be subject to its provisions and what this potentially means. In any case, the NIS2 Directive can be expected to entail major changes for both actors already covered by the NIS1 Directive and for previously unaffected actors, and not least - also for the representatives of all actors concerned. CMS Wistrand will follow the upcoming development. Please do not hesitate to contact us if you have any questions about how your business may be affected.  [1] Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union.[2] Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU). 2018/1972, and repealing Directive (EU) 2016/1148 (NIS2 Directive).[3] Nya regler om cybersäkerhet, SOU 2024:18.[4] Nya regler om cybersäkerhet, SOU 2024:18, p. 23 and 31.[5] Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union.[6] Nya regler om cybersäkerhet, SOU 2024:18, p. 24.[7] Nya regler om cybersäkerhet, SOU 2024:18, p. 25.[8] Nya regler om cybersäkerhet, SOU 2024:18, p. 26.[9] Nya regler om cybersäkerhet, SOU 2024:18, p. 28.
02/04/2024
CMS Wistrand ranked high by Legal 500
Legal 500's annual ranking has been published. We deeply apreciate the recognition from our clients for their positive experiences working with us. We are grateful for the Tier 1 ranking in Insolvency and Real Estate, as well as our rankings within Insurance, Tax, Banking & Finance, Commercial, Corporate and M&A, Dispute Resolution, Employment, Energy, Environment, IT & Telecoms, Construction and Intellectual Property and Media. 48 of CMS Wistrand's lawyers have been ranked individually, including:Hall of FameChristian Bergqvist - InsolvencyRobert Kullgren - Commercial, Corporate and M&AJörgen Eklund - InsuranceLeading IndividualHarry Bergman - Dispute ResolutionAnders Nilsson - Insolvency Next Generation PartnerNina Baecklund - In­solv­ency Fre­drik Thor - In­solv­encyMar­tina Blomberg Roald - Real EstateRising starIda Dahlborg - ShippingSee the full ranking here. Legal 500 is a ranking institute that annually maps and ranks law firms worldwide. Their result are based on interviews with law firms' clients and partners. For more information, see www. legal500. com.
27/03/2024
CMS Wistrand has assisted the sellers in connection with the sale of AlexisHR...
AlexisHR is an HRM software company founded in 2019 with headquarters in Stockholm. In short time, AlexisHR has built a modern and innovative HCM software that makes people administration effortless and simple. AlexisHR has customers in Sweden, Norway, the Netherlands and many other European countries. Simployer group has a longstanding expertise in HR solutions and aims to change the way HR software is used and offer innovative solutions through the acquisition of AlexisHR. CMS Wistrand's team has mainly consisted of partner Louise Rodebjer and associate Lovisa Attesjö. 
22/03/2024
CMS Wistrand advises Ruby Hotels in its first hotel project in Scandinavia
CMS Wistrand has advised Ruby Hotels on all legal issues in connection with a new Ruby hotel located at Kungsholmen, Stockholm, Sweden. The hotel will be Ruby’s first project in Scand­inavia.  The Munich-based Ruby Group was founded in 2013 and operates 17 Ruby hotels across Europe and with a further nine hotels under construction or in the planning phase. Ruby also offers Ruby Workspaces in Munich, Hamburg, Dusseldorf, Amsterdam, and Vienna. Under its Lean Luxury philosophy Ruby offers a contemporary, affordable form of luxury for modern, cost and style-conscious customers. The real estate is owned by Alecta Fastigheter, a real estate company wholly owned by Sweden’s largest pension fund, Alecta. The new Ruby Hotel is scheduled to open in spring 2026. CMS Wistrand's team has consisted of Per Dalemo and Simon Thungren.
18/03/2024
Sweden joins CMS
The decision to become a part of CMS, one of the world’s largest law firms, was made to future-proof our position as one of Sweden’s leading law firms and to expand internationally. CMS’s unique structure ensures that CMS Wistrand can continue to be an independent, locally rooted firm for Swedish clients while benefiting from CMS’s global expertise and net­work.‘’Ef­fect­ive and well-structured teams across borders are crucial in today’s legal landscape. It creates value for clients by reducing friction in deliveries and expediting the processes of acquiring legal services’’, says Maria Kosteska Fäger­quist.‘’Sig­ni­fic­ant time and cost savings are achieved for our clients by leveraging unique legal expertise across borders, sectors and practice areas, working in structured teams with common values and focus’’. We now have the opportunity to further drive the innovation necessary to shape the legal services of the fu­ture.‘’Be­ing future-facing means proactively anticipating challenges and driving innovation. Now, we position ourselves to deliver solutions that shape the industry and help our clients confidently navigate the changing landscape’’, says Fredrik Råsberg, Chairman of the Board in Stock­holm.‘’But our commitment doesn’t end with innovation. Successfully steering the ESG agenda with a focus on climate change and social responsibility is of great importance for companies now and in the future, and as a law firm, we have a responsibility to help our clients navigate in the right dir­ec­tion.’’It was announced back in November 2023 that Wistrand would become a part of CMS. For CMS, entering the Swedish market was cru­cial.“De­vel­op­ing a strong Nordic platform is important as our clients expect us to support them in major business hubs around the world,” says Pierre-Sé­bas­tien Thill, CMS Chairman. “We already have CMS Kluge offices in Bergen, Oslo and Stavanger. Now with CMS Wistrand, we can offer clients deep local expertise in Sweden, combined with our global reach.”  
14/03/2024
Wistrand ranked in Chambers Europe 2024
Chambers Europe have now published their ranking for 2024 of Europe´s leading law firms and we are truly grateful for the acknowledgements by our clients in respect of their experience of working with...
04/03/2024
Wistrand has assisted EG Sverige AB in its recommended public offer to...
EG announced on 9 February 2024 a recommended public offer to the shareholders of Mestro. On 19 February 2024, EG announced a revised offer with an increased offer consideration. The revised offer values...
21/02/2024
Wistrand advises on launch of new hotel chain by Strawberry and Slättö
Wistrand has advised Strawberry regarding the launch of a new hotel chain together with Slättö. The investment is made in cooperation with Slättö and is a complement to the four hotel chains Strawberry...