Seeing growing interest from our clients to stay ahead of market trends, prepare for upcoming legislation changes on a local and EU level, we have compiled a regional TMT newsletter to share relevant sector trends, updates in legislation, know-how, and more with our network.

Below you can find our quarterly TMT newsletter, covering the latest updates about the implementation of the European Electronic Communications Code in the Baltic countries, requirements for the use of cookies, Estonian startup sector, Digital Nomad Visas in Latvia and regulation of cryptocurrency in Lithuania.


TMT Insights

Estonian startups raise EUR 1 billion of capital with 4 months

Estonian startups have started 2022 with a bang, raising a total of EUR 1 billion in capital within the first four months of the year. With 10 unicorns in a country of 1.3 million people, Estonia is leading Europe in terms of startups, unicorns and investments per capita. Sorainen, the go-to law firm for startups, has advised on more than 3/4 of the total capital raised in 2022. See more here.

Issuing of Digital Nomad visas in Latvia

Latvia is the third country in the European Union to decide to start issuing Digital Nomad visas.

Digital Nomad visa will:

  • be issued for one year, with the right to apply for an extension of one year
  • enable third-country nationals to carry out their work remotely
  • be available for highly qualified professionals

See more here.

Intellectual property highlights in Estonia, Latvia & Lithuania

  • Obligation to notify authors and performers in Estonia took effect on 7 June 2022
  • Amendments to Latvian Electronic Mass Media Law entered into force on 21 April 2022
  • Lithuania has, as of 1 May 2022, implemented the EU Copyright Directive (2019/790) and EU Retransmission (CabSat) Directive (2019/789)

See more here.


EU legislation

Council approves Data Governance Act

Following the approval by the European Parliament, the Council has also approved the Data Governance Act (DGA) to promote the availability of data. The DGA will set up robust mechanisms to facilitate the reuse of certain categories of protected public-sector data, increase trust in data intermediation services and foster data altruism across the EU.

DGA will enter into force on 23 June and apply from 23 September 2023. See more here.

European Data Protection Supervisor and European Data Protection Board publish joint Opinion on EU’s Data Act

The EDPS and EDPB welcome the efforts made to ensure that the Data Act does not affect the current data protection framework. At the same time, since the Data Act would also apply to highly sensitive personal data, the EDPS and EDPB urge the co-legislators to ensure that data subjects’ rights are duly protected.

The press release is available here, the full joint opinion is available here.


Data protection

What are the legal requirements for the use of cookies?

Our experts go over the requirements website operators must meet in order to use cookies in the Baltic countries. See more here.

EDPB publishes draft guidelines on certification as a tool for transfers

The European Data Protection Board adopted guidelines on certification as a tool for transfers. Art. 46(2)(f) GDPR introduces approved certification mechanisms as a new tool to transfer personal data to third countries in the absence of an adequacy agreement. The main purpose of these guidelines is to provide further clarification on the practical use of this transfer tool.

The guidelines complement guidelines 1/2018 on certification, which provide more general guidance on certification. The guidelines will be subject to public consultation until the end of September. See more here.

EDPB publishes draft guidelines on the use of facial recognition technology in the area of law enforcement

See more here.

EDPB publishes draft guidelines on the calculation of administrative fines under the GDPR

See more here.

The Data State Inspectorate of Latvia has published the explanation how to report the data breach of whistleblower

In a nutshell, a person may submit the application to the Data State Inspectorate if:

  1. the person has not been identified as a whistleblower, but considers that unlawful processing of personal data has taken place;
  2. the person has been recognized as a whistleblower and the institution has not ensured the personal data protection requirements regarding the compliance taking into account the requirements specified in the Whistleblowing Law.

See more here (in Latvian).



Stricter regulation of the cryptocurrency sector is under consideration in Lithuania

Cryptocurrency activities are still considered unregulated in Lithuania. Therefore, it is sufficient for companies engaged in virtual currency activities to set up a company with minimum capital requirements. However, stricter requirements are now under consideration. See more here.



National Electronic Mass Media Council of Latvia (NEPLP) prohibits the distribution of 80 TV programs registered in Russia

The decision of 6 June 2022 was based on the amendments to the Electronic Media Law adopted in May 2022, which prohibits the distribution of another country’s electronic media audiovisual programme if the state under its jurisdiction undermines or threatens the territorial integrity, sovereignty or national independence of another country. Due to the ban on these programmes, no distribution of the television programme registered in Russia is allowed in Latvia. The NEPLP decision is available here (in Latvian). The decision still can be challenged before the Administrative court of Latvia. See more here (in Latvian).



App developed by Estonia’s CERT-EE protects against phishing and malware

The Incident Response Department (CERT-EE) of the Estonian Information System Authority (RIA) has created a solution that protects smart devices from malicious web links and malware. The solution can protect against domains containing malicious content on which the RIA has information. The application blocks malware and phishing attempts and uses DNS to filter out malicious links for the user. See more here.

Estonia, Latvia and Lithuania rank high in Global Cybersecurity Index

According to National Cyber Security Index (NCSI), Estonia, Lithuania and Latvia rank exceptionally high. Lithuania, with a score of 93.51, is first of the group, and Estonia is second. Estonia is highly ranked also in the ITU Global Cybersecurity Index, holding 3rd place in the world. ITU Global Cybersecurity Index, holding 3rd place in the world. See more here.



Estonia’s first 5G license awarded, further license auctions are in progress

Elisa has been awarded the first 5G license in Estonia, after winning the auction for the first license with a bid of EUR of 7 206 208. A total of three 5G licenses are auctioned in the 3410-3800 MHz range. Telia, Tele2 and Bite will be bidding for the remaining two 5G licenses.

In addition, Estonia has proposed to distribute six more 5G licenses in the 700 MHz frequency range in the future. Each participant of the 700 MHz frequency range auction will have the right to acquire a maximum of two frequency licenses in this range. See more here.

European Court of Justice: EU law prohibits indiscriminate retention of electronic communications data

The European Court of Justice has confirmed once again that general and indiscriminate data retention regime for traffic and location data for the purposes of combating serious crime is contrary to European law.

The Court also confirmed that EU law does not preclude data retention for the purposes of combating serious crime and preventing serious threats to public security if the retained data is limited according to the categories of persons concerned or by means of geographical criteria, such as places that are particularly vulnerable to serious crime (airports, stations, maritime ports). See more here.

The EECC still is in the implementation process in Latvia

On 14 July 2022 the Parliament of Latvia finally adopted the Electronic Communications Law that implements the European Electronic Communications Code (EECC). Subsequently, the President refused to proclaim the law and returned to the Parliament for reconsideration. The President is of the opinion that the law must be improved with respect to data retention requirements and the right to privacy. Thus, the timeline of the EECC implementation in Latvia remains unclear.

In Lithuania and Estonia the implementing amendments transposing the EECC have entered into force.

AI tool assists Lithuanian Communications Regulatory Authority in ensuring security on the web

Communications Regulatory Authority (RRT) started using a tool developed by company “Oxylabs” based on artificial intelligence for the search for harmful content on internet. More than 288 thousand of Lithuanian websites were checked using this tool. The potentially illegal and harmful or harmful content identified on these websites was sent for further assessment of RRT specialists. See more here.