Portrait ofERIK_ULLBERG_600.jpg

Erik Ullberg

Managing Partner

CMS Wistrand
Mårten Krakowgatan 2
411 04 Göteborg

Mailing address

P.O Box 11920
SE - 404 39 Göteborg
Languages Swedish, English, French

Erik Ullberg is managing partner of CMS Wistrand Gothenburg and a partner at CMS Wistrand’s IP and TMC practice group. He specializes in Swedish and international IP law, marketing law, IT law and data protection law with a particular focus on digital business, consumer products and services, technology, life sciences, media and marketing.

With over 20 of experience, he has extensive experience in advising Swedish and international organizations, including leading global brands, media and communication agencies on matters concerning IP and marketing disputes, IP strategies and trademark prosecution, advertising and marketing practices clearance, data protection and anti-bribery compliance as well as commercial agreements with a specific focus on IP, media and marketing.

He has also served as law clerk. Additionally, Erik Ullberg has contributed to legal education through guest lectures at the University of Gothenburg and Chalmers University of Technology.

He has been recommended by Legal 500 within Intellectual Property and Media and IT & Telecoms.

Erik Ullberg joined CMS Wistrand in 2004 and was appointed partner in 2017.

Professional experience

  • Managing Partner, CMS Wistrand, 2023-
  • Partner, CMS Wistrand, 2017- 
  • Senior Associate, Wistrand Advokatbyrå, 2009-2016 
  • Associate, Wistrand Advokatbyrå, 2004-2009 
  • Law Clerk, Borås District Court, 2005-2007 
  • Internship, Clifford Chance, 2003
more less

Relevant experience

  • Strawberry | on acquisition of the naming and certain other rights relating to the Swedish national arena.
  • Sesol | on compliance and contractual work related to GDPR, consumer protection, e-commerce, marketing and advertising.
  • Input Interiör I on copyright litigation before the Swedish Patent and Market Courts.
  • Strawberry I on IP matters in relation to new launches, concepts and cooperations regarding new hotels and restaurants.
  • Supplier of AI tool I on matters related to IPR and agreements with customers and partners.
  • Market leading global brand for handheld power equipment I on project for launch of a new global e-commerce platform regarding marketing law, consumer protection and GDPR.
  • Leading international marketing and communications agency I on media and communications agreements with Swedish and international customers and IPR.
  • Advised various global consumer brands I on marketing regulatory matters and clearance of advertising, prize promotions and sweepstakes.
  • Advised various clients I on regulatory complaints before the Swedish Consumer Agency regarding the Marketing Practices Act and compliance.
  • Advised various clients I on cyber and data breaches.
more less

Memberships & Roles

  • Swedish Bar Association, 2009
  • International Trademark Association (INTA)
  • International Association of Young Lawyers (AIJA)
  • The Swedish Association for the Protection of Intellectual Property (SFIR)
more less

Awards & Rankings

  • Recommended Lawyer, Legal 500 2024: IT & Telecom
  • Recommended Lawyer, Legal 500 2024: Intellectual Property and Media
more less


  • LL.M., Gothenburg School of Business, Economics and Law, 2003
  • Université de Sherbrooke, 2001-2002
more less


Meet CMS Wistrand's AI Team
Find out how our expertise can be of benefit to your organisation in navigating the complexities of AI law and regulation
Pharmaceutical advertising regulation and medical device advertising in...
1. Which laws are applicable regarding advertising of medicines and medical devices? 1.1. Medicines Provisions concerning advertising of medicines are stipulated in the Medicinal Products Act (2015:315)...
Cyber and Information Security - Update of the NIS Directive (NIS2)
The so-called NIS Directive[1] has been updated through the NIS2 Directive[2], which is set to be applied no later than October 18, 2024. The update aims to enhance the overall cybersecurity level of...
Cyber and Information Security - Update of the NIS Directive
The so-called NIS Directive[1] has been updated through the NIS2 Directive[2], which is set to be applied no later than October 18, 2024. The update aims to enhance the overall cybersecurity level of the EU and entails tightened requirements for actors in both the private and public sectors.  Further developments of the implementation of the NIS2 Directive in SwedenOn 14 December, 2022, the European Parliament and the Council adopted the NIS2 Directive, which constitutes an EU-wide legislation on cybersecurity. As a result of the adoption of the NIS2 Directive, the Swedish government appointed a special investigator with the task to suggest necessary implementation measures in Swedish law. On 5 March, 2023, the special investigator published an interim report[3] containing suggestions on implementation measures. In accordance with the interim report, such measures would mainly be incorporated through a new Swedish Cyber Security Act (the “Act”). The Act is proposed to enter into force on 1 January, 2025.[4] Which actors will be subject to the new Swedish Cyber Security Act?There are two essential differences between the current legislation in Sweden implementing the NIS1 Directive[5], and the proposed new Swedish Cyber Security Act implementing the NIS2 Directive. Firstly, the Act would apply to a larger number of operators. Operators within sectors covered by the Act would be expanded from 7 to 18 (sectors such as energy, transport, health, financial market infrastructure and digital infrastructure would be included among these new sectors). Secondly, the requirements in the Act would apply to the entire operations of such actors, not only to their essential and digital ser­vices.[6] All private operators of a certain size or specifically identified ones and public operators carrying out activities in any of the envisaged 18 sectors would be required to comply with the new provisions under the Act. With regard to private operators, the Act’s provisions would only apply to such operators which employs at least 50 people or have a minimum global annual turnover of EUR 10 million. As a result, the Act  many small businesses would be excluded. However, certain specifically identified individual operators would be subject to the provisions in the Act regardless of size (e.g. operators providing public electronic communications net­works).[7] What requirements will be stipulated in the new Swedish Cyber Security Act?The proposed Act contains several obligations which operators covered by the Act would be subject to[8]:An operator would have to register with its supervisory authority and provide information such as its identity, contact details and activities. The information would be used by the authority to classify the operators as essential or important, and register them. A separate register for cross-border operators would also be implemented. The operator would have to undertake risk management measures to protect network and information systems and its physical environments against incidents. Such measures should be based on a risk analysis, be proportional to the risk and be subject to evaluation. The operator would be required to carry out systematic, risk-based information security work, require its management to undergo training and offer training to employees. Operators would be obliged to report significant incidents to the Swedish Civil Contingencies Agency in its capacity as Computer Security Incident Response Team (CSIRT) within a specified timeframe. This means that an operator would have to report a warning to the CSIRT within 24 hours of having become aware of a significant incident. Moreover, an incident report would have to be submitted within 72 hours, and a final report within one month. What sanctions may be imposed in case of infringements of the Act?Depending on which provision has been violated, the supervisory authority’s enforcement measures consist of measures such as issuing of orders (which may be combined with a financial penalty) or administrative fines. The administrative fines may be set at no less than SEK 5 000 and no more than SEK 10 000 000.[9] Furthermore, sanctions may also be imposed on natural persons as the possibility of imposing prohibitions on persons with management responsibilities to perform management functions, is introduced in the interim report. What are the next steps?The interim report will now be circulated for formal consultation. Thereafter, the Swedish government will proceed with the preparation the new Act which is, as mentioned above, expected to enter into force on 1 January, 2025. However, until then, it will be uncertain exactly how the Act will be designed. In the meantime, organisations will benefit from reviewing the proposed scope of the Act and analyse whether their operations would be subject to its provisions and what this potentially means. In any case, the NIS2 Directive can be expected to entail major changes for both actors already covered by the NIS1 Directive and for previously unaffected actors, and not least - also for the representatives of all actors concerned. CMS Wistrand will follow the upcoming development. Please do not hesitate to contact us if you have any questions about how your business may be affected.  [1] Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union.[2] Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU). 2018/1972, and repealing Directive (EU) 2016/1148 (NIS2 Directive).[3] Nya regler om cybersäkerhet, SOU 2024:18.[4] Nya regler om cybersäkerhet, SOU 2024:18, p. 23 and 31.[5] Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union.[6] Nya regler om cybersäkerhet, SOU 2024:18, p. 24.[7] Nya regler om cybersäkerhet, SOU 2024:18, p. 25.[8] Nya regler om cybersäkerhet, SOU 2024:18, p. 26.[9] Nya regler om cybersäkerhet, SOU 2024:18, p. 28.
Sweden joins CMS
The decision to become a part of CMS, one of the world’s largest law firms, was made to future-proof our position as one of Sweden’s leading law firms and to expand internationally. CMS’s unique structure ensures that CMS Wistrand can continue to be an independent, locally rooted firm for Swedish clients while benefiting from CMS’s global expertise and net­work.‘’Ef­fect­ive and well-structured teams across borders are crucial in today’s legal landscape. It creates value for clients by reducing friction in deliveries and expediting the processes of acquiring legal services’’, says Maria Kosteska Fäger­quist.‘’Sig­ni­fic­ant time and cost savings are achieved for our clients by leveraging unique legal expertise across borders, sectors and practice areas, working in structured teams with common values and focus’’. We now have the opportunity to further drive the innovation necessary to shape the legal services of the fu­ture.‘’Be­ing future-facing means proactively anticipating challenges and driving innovation. Now, we position ourselves to deliver solutions that shape the industry and help our clients confidently navigate the changing landscape’’, says Fredrik Råsberg, Chairman of the Board in Stock­holm.‘’But our commitment doesn’t end with innovation. Successfully steering the ESG agenda with a focus on climate change and social responsibility is of great importance for companies now and in the future, and as a law firm, we have a responsibility to help our clients navigate in the right dir­ec­tion.’’It was announced back in November 2023 that Wistrand would become a part of CMS. For CMS, entering the Swedish market was cru­cial.“De­vel­op­ing a strong Nordic platform is important as our clients expect us to support them in major business hubs around the world,” says Pierre-Sé­bas­tien Thill, CMS Chairman. “We already have CMS Kluge offices in Bergen, Oslo and Stavanger. Now with CMS Wistrand, we can offer clients deep local expertise in Sweden, combined with our global reach.”  
Wistrand assists Strawberry in contract negotiations regarding naming rights...
Wistrand has assisted Strawberry in the contract negotiations with Stockholm Live regarding the naming and certain other rights relating to the Swedish national arena in Solna. Under the agreement Strawberry...
Wistrand appoints new Counsels
Wistrand Advokatbyrå is pleased to announce the appointment of Jeanette Jönsson and Justus Pettersson as Counsels at the Gothenburg office. They will assume their new roles on January 1, 2024. Both...
Wistrand appoints new partners
Wistrand Law Firm is pleased to announce the appointment of Hanna Trygg and Tobias Svadling as new partners at the Gothenburg office, and Victor Palm at the Stockholm office. All three are experienced...
Wistrand future-proofs - joins forces with international law firm CMS
A sharp increase in cross-border business, record-breaking technological development and an increasingly strong focus on sustainability are affecting both today's and tomorrow's business community. External...
Wistrand writes the Swedish chapter in Advertising & Marketing 2023 in...
Wistrand writes the Swedish chapter in the Advertising & Marketing 2023 in Global Chambers Practice Guide. The guide features 26 jurisdictions and provides the latest legal information on advertising...
Wistrand writes Swedish chapter in The Legal 500: Advertising & Marketing...
The chapter provides an overview of Swedish law in advertising and marketing. The chapter is written by Erik Ullberg, Christel Rockström, Andreas Salehi and Lisa Hedbäck. Read the chapter here
Wistrand advises in the sale of Greencarrier Freight Services International...
Greencarrier AB and JAS Worldwide, a global freight forwarding service provider headquarted in Atlanta, USA, have signed a share purchase agreement regarding transfer of Greencarrier Freight Services...