Legal support for AI projects

The development and implementation of projects in the field of artificial intelligence (AI) presents companies with a variety of challenges. In addition to technical and ethical considerations, it is primarily the legal framework conditions such as the AI Regulation (‘AI Act’), the GDPR, but also aspects of labour and works constitution law that require careful planning and implementation.

AI projects harbour diverse and very specific legal risks that require expert legal support from conception to implementation and beyond.

Inquiry Website

You have further questions about our consulting services? Talk to us or send us an e-mail.

You can also send us a message using the contact form below. If you wish, we can also call you back.

By pressing the "Send" button, your data entered in the contact form will be collected and processed for the purpose of answering your enquiry. You have the right to object at any time with effect for the future. Further information on the processing of your data by RDP Attorneys can be found in our data protection information.*

Please add 1 and 9.

Our service: Legal support and advice for AI projects

Your legal security for AI projects within your company:

  • Compliance with regulatory requirements for the use of artificial intelligence
  • Legal expertise from our lawyers, from the initial idea to live operation and beyond
  • Reduced liability for your AI projects through comprehensive legal advice
  • Pragmatic and cost-effective solutions from our lawyers for the implementation of your AI project within your company.

When providing legal support for your AI projects, our lawyers perform the following tasks, among others, in the individual project phases:

1. Strategic conceptualisation of AI projects

  • Our lawyers review the legal admissibility of planned AI applications/AI systems by means of legal opinions, legal feasibility analyses and risk assessments
  • Development of usage concepts that comply with data usage regulations
  • Embedding regulatory requirements in the technical architecture
  • Definition of legally compliant objectives and governance structures, such as human oversight, human final decision-making, explainability

2. Internal guidelines for the purchase and procurement of AI systems or AI applications

  • We work with you to develop internal AI procurement guidelines
  • Definition of legally binding requirements for AI systems in procurement procedures

3. Contract law advice for AI projects from our lawyers

  • Our lawyers review and draft your contracts with AI providers (e.g. SLA, copyrights, data use, update obligations, SaaS, AIaaS)
  • Terms and conditions and licence conditions for AI models/AI systems
  • Data protection contracts with AI providers

4. Legal support for the introduction and implementation of AI projects

  • We support your company in the technical implementation to ensure the legal compliance of your AI projects (privacy-by-design, security-by-design, explainability, logging)
  • Preparation and review of legal opinions, especially in the case of regulatory controversial application scenarios (such as AI in human resources, distinctions from prohibited practices under the AI Regulation; legal opinions on the role of the company as a provider or operator of artificial intelligence)
  • Review of system components in accordance with the AI Regulation, GDPR and product liability

5. Internal implementation: labour law and co-determination in AI projects

  • When introducing AI applications or AI systems, our lawyers support you in negotiations with works councils and staff councils
  • Drafting and reviewing AI works agreements or AI framework works agreements
  • Training for works councils and staff councils on general AI understanding
  • Co-design of internal roles (AI officer, data protection coordinator, compliance officer)
  • Guidelines for the use of AI
  • Training measures for employees, managers, individual user groups (HR, IT), works councils and staff councils to ensure AI competence in the company in accordance with Art. 4 AI Regulation

6. Compliance & documentation

  • Our lawyers support you in setting up AI-specific compliance structures and control mechanisms within the company
  • Establishment of a risk management system:
    Introduction of risk analyses (e.g. systemic risk GPAI, impact on fundamental rights, etc.), AI risk classifications (e.g. ‘high-risk AI’) and internal review and approval procedures

7. Legal advice on controls & audits of your AI projects

  • We provide you with comprehensive support for internal and external audits
  • Preparation for regulatory audits and support during audits
  • Ongoing legal review in the context of retraining, software updates and model drift

Why RDP Lawyers are the right partners for your AI projects

Our lawyers have many years of experience in AI legal consulting, IT law and data protection. Since 2017, we have been supporting companies in the legally compliant implementation of innovative AI projects.

We combine legal expertise with practical technical experience and economic understanding – so that your AI projects are built on a stable legal foundation.

Arrange a no-obligation initial consultation for your AI project!

RAin Michaela Berger

Your partner

Lawyer Michaela Berger, LL.M.

Certified Specialist in IT law
certified data protection officer (TÜV Süd)
certified data protection auditor (TÜV Süd)
Partner

Michaela.Berger@rdp-law.de
Contact form

FAQ – Legal support for AI projects

Legal support for AI projects encompasses comprehensive legal advice from strategic conception and implementation to the live operation of AI systems. This includes, in particular, review in accordance with the AI Act, GDPR, labour law aspects, contract drafting with AI providers, and the establishment of AI compliance structures.

AI projects are subject to complex regulatory requirements, in particular under the AI Act and the GDPR. Errors in classification as high-risk AI, in data protection issues or in the distribution of roles (provider or operator) can result in significant liability risks and fines. Early legal advice significantly reduces these risks.

The AI Act obliges companies to implement extensive compliance measures depending on the risk classification of their AI systems. These include risk management, documentation requirements, human oversight, transparency requirements, conformity assessments and special requirements for high-risk AI. Companies must also clearly define their role as provider or operator.

An AI system is considered high-risk AI if it is used in sensitive areas, such as human resources, creditworthiness checks or critical infrastructure. In these cases, stricter requirements apply under the AI Act, particularly with regard to risk management, documentation, transparency and human final decision-making.

As soon as AI systems process personal data, the requirements of the GDPR must be strictly adhered to. These include legal bases in accordance with Art. 6 GDPR, data protection impact assessments, privacy by design, data processing agreements and transparent information obligations towards data subjects.

In AI projects, contracts with AI providers should be carefully reviewed and drafted. Important points include liability, SLA provisions, copyrights to training data and outputs, update obligations, data protection agreements, SaaS models, and specific requirements of the AI Regulation. Precise contractual drafting reduces subsequent liability risks.

The introduction of AI systems in a company regularly affects the co-determination rights of the works council. In addition, monitoring aspects, performance and behaviour controls, and qualification measures may become relevant. AI works agreements or framework works agreements are often required.

AI compliance involves setting up internal structures for the legally compliant management of AI projects. This includes risk analyses, internal review and approval processes, documentation requirements, governance structures, training in accordance with Article 4 of the AI Regulation, and ongoing monitoring and auditing of AI systems.

Without sound legal advice, there is a risk of fines under the AI Regulation and GDPR, claims for damages, prohibition orders and reputational damage. Misclassification of high-risk AI, insufficient transparency or lack of documentation are particularly critical.

As part of internal and external audits, specialised lawyers check compliance with the AI Regulation, GDPR and other regulatory requirements. This includes preparation for regulatory reviews, support with conformity assessments and legal evaluation of retraining, updates and model drift.

Ideally, legal support should be provided as early as the strategic design phase of AI projects. An early legal feasibility analysis prevents costly adjustments in later project phases and ensures a technically sound technical architecture that complies with regulations.

Basically, any company that develops, purchases or uses AI systems. A legal review is particularly relevant for companies in the human resources sector, the financial sector, the healthcare sector or those with data-intensive business models.