Con­tract draf­ting for digi­tal busi­ness models

Estab­lish clear rules, ensu­re trust and mini­mi­se lia­bi­li­ty risks

Whe­ther strea­ming ser­vices, cloud plat­forms, car sha­ring or online shops – digi­tal busi­ness models have beco­me an inte­gral part of ever­y­day life. The deve­lo­p­ment of digi­tal busi­ness models and the use of modern tech­no­lo­gies offer gre­at eco­no­mic poten­ti­al, espe­ci­al­ly for com­pa­nies, but also pose legal chal­lenges and poten­ti­al lia­bi­li­ty risks. Con­tract design the­r­e­fo­re plays a key role in digi­tal busi­ness models. The con­trac­tu­al defi­ni­ti­on of rights, obli­ga­ti­ons and respon­si­bi­li­ties of the con­trac­ting par­ties is essen­ti­al and indis­pensable in order to crea­te trans­pa­ren­cy and legal certainty.

IT con­tract law

Just as the ran­ge of digi­tal busi­ness models is diver­se, their legal struc­tu­re is also com­plex. Digi­tal busi­ness models are cha­rac­te­ri­sed by new and digi­tal sources of reve­nue and cus­to­mer acqui­si­ti­on stra­te­gies. The­r­e­fo­re, the basis for con­tract design first of all is the detail­ed descrip­ti­on of the ser­vice, such as the pro­vi­si­on and use of the pro­ducts or ser­vices offe­red. Fre­quent­ly, mixed con­cepts are offe­red that are made up of various com­pon­ents. Depen­ding on the busi­ness model, regu­la­ti­ons from purcha­se, ren­tal, work or ser­vice con­tract law must be obser­ved. The digi­tal world also brings about new risks of lia­bi­li­ty, e. g. for the fail­ure of online ser­vices. Con­tracts must cle­ar­ly regu­la­te the war­ran­ty and lia­bi­li­ty obli­ga­ti­ons of the con­trac­ting par­ties in order to avo­id dis­pu­tes and claims for dama­ges. The regu­la­ti­ons must be adapt­ed to the appli­ca­ble digi­tal busi­ness model and remain within the limits of the law on gene­ral terms and conditions.

Intellec­tu­al property

In addi­ti­on to IT con­tract law, intellec­tu­al pro­per­ty also plays an important role. Com­pa­nies must ensu­re that they own the neces­sa­ry rights in and to the con­tent used and they must include appro­pria­te terms of use for their cus­to­mers. The use of open source soft­ware (OSS) poses a par­ti­cu­lar chall­enge. Even if OSS is “open source” soft­ware, it is not free of rights and is some­ti­mes sub­ject to strict licence con­di­ti­ons. Com­pa­nies should the­r­e­fo­re check whe­ther they are using OSS and ensu­re com­pli­ance with the appli­ca­ble licence con­di­ti­ons, as licence vio­la­ti­ons can have serious con­se­quen­ces such as injunc­ti­ve reli­ef claims and claims for dama­ges. If a com­pa­ny deve­lo­ps OSS fur­ther, it is also neces­sa­ry to choo­se sui­ta­ble licence con­di­ti­ons. Spe­cial chal­lenges also ari­se when using AI-generated content.

Data pro­tec­tion

The pro­vi­si­on of digi­tal busi­ness models often invol­ves the pro­ces­sing of per­so­nal data. In this case, the data pro­tec­tion respon­si­bi­li­ties of all par­ties must first be asses­sed. Depen­ding on the busi­ness model, con­tracts for com­mis­sio­ned data pro­ces­sing or joint con­trol­ler­ship may need to be review­ed and/or drawn up on this basis. The con­tracts must con­tain clear regu­la­ti­ons on data pro­tec­tion and data secu­ri­ty. This can pose a chall­enge due to the strict requi­re­ments impo­sed by the data pro­tec­tion super­vi­so­ry aut­ho­ri­ties. In par­ti­cu­lar, cri­ti­cal aspects such as the controller’s ins­truc­tion and con­trol rights, the processor’s sup­port obli­ga­ti­ons or the dele­ti­on of data after the task has been com­ple­ted must be taken into account when draf­ting contracts.


The EU has respon­ded to the incre­asing cyber thre­ats. While the regu­la­ti­on of cyber­se­cu­ri­ty has so far been rather unclear and frag­men­ted, the new Euro­pean cyber­se­cu­ri­ty law places num­e­rous spe­ci­fic requi­re­ments and obli­ga­ti­ons on com­pa­nies. The scope of appli­ca­ti­on of the new cyber­se­cu­ri­ty law is broad, mea­ning that all con­trac­tu­al part­ners, sup­pli­ers and ser­vice pro­vi­ders of a com­pa­ny must gua­ran­tee an appro­pria­te level of cyber­se­cu­ri­ty. Con­trac­tu­al regu­la­ti­ons are the means of choice to ensu­re this. In view of the incre­asing num­ber of secu­ri­ty inci­dents, con­trac­tu­al regu­la­ti­ons for all sup­pli­ers and ser­vice pro­vi­ders and the pas­sing on of obli­ga­ti­ons in the sup­p­ly chain are essen­ti­al and indis­pensable. At the same time, this redu­ces the risk of sanc­tions and mea­su­res by the super­vi­so­ry authorities.


In order to suc­cessful­ly deve­lop and mar­ket digi­tal busi­ness models, com­pa­nies must fami­lia­ri­se them­sel­ves with the num­e­rous regu­la­ti­ons of digi­tal law and draw up cor­re­spon­ding con­tracts. Exis­ting con­tracts should also be review­ed regularly.

You can find more tips on this in our one­pager on draf­ting con­tracts for digi­tal busi­ness models.


Stay up-to-date

We use your email address exclusively for sending our newsletter. You have the right to revoke your consent at any time with effect for the future. For further information, please refer to our privacy policy.