HomeAnalyticsAlertsDigital Services Regulation in Germany: New Requirements for Technology Companies

Digital Services Regulation in Germany: New Requirements for Technology Companies

Germany has moved decisively to strengthen its digital services regime. A converging body of obligations. drawn from EU-level digital services legislation, the EU AI Act compliance requirements now entering enforcement. Additionally. Germany's own technology licensing and software liability rules. has created a materially new compliance environment for technology companies operating in or targeting German users. Companies that have not yet reviewed their exposure risk enforcement action, financial penalties, and potential disruption to their German operations.

Germany's digital services regulatory update consolidates obligations under EU digital services legislation, AI Act compliance requirements, and German technology law into a unified enforcement regime. International technology companies serving German users, or registered through a German GmbH (limited liability company), must complete a compliance review and implement required controls by the applicable deadline for their business category. Companies falling into higher-risk or large-platform categories face the earliest and most demanding requirements.

This alert sets out what has changed, which business categories are affected, the applicable deadlines, and the immediate steps international companies should take now.

What changed – the regulatory development and effective date

The new requirements take effect across two overlapping timelines. EU digital services legislation obligations for very large online platforms and very large online search engines became fully applicable first. Obligations for all other providers of digital services – including intermediary services, hosting services, and online platforms – have now entered full national enforcement in Germany.

Germany's national enforcement authority has assumed direct supervisory responsibility for providers not classified at the EU level as very large platforms. That authority coordinates with the Bundesnetzagentur (Federal Network Agency) and sector-specific regulators where digital services intersect with communications and media law.

Separately, the EU AI Act compliance timetable now requires providers and deployers of AI systems. including algorithmic accountability obligations and conformity assessment duties for high-risk AI. to meet specific milestones that fall within the current calendar year. Germany's own technology legislation builds additional software liability and technology licensing duties on top of this EU baseline.

The Bundesgerichtshof (Federal Court of Justice of Germany) has confirmed in a line of decisions that digital service providers bear active compliance duties – not merely reactive ones – toward German users. The Amtsgericht (local court) network in Germany has also demonstrated a readiness to hear interim injunction applications by affected parties against non-compliant providers, meaning enforcement risk is not limited to regulatory fines.

Who is affected – threshold criteria and business categories

The obligations apply in layers depending on the type of digital service and the volume of activity in Germany. International technology companies should assess exposure against each of the following categories.

Online platforms and intermediary services: Any company operating an online platform accessible to German users is subject to baseline digital services obligations. This includes transparency requirements, notice-and-action procedures for illegal content, and reporting duties. Companies registered in Germany through a GmbH structure and entered in the Handelsregister (German Commercial Register) are directly subject to German enforcement jurisdiction.

Very large online platforms and search engines: Platforms exceeding the relevant average monthly active user threshold in the EU face the full set of systemic risk assessment, independent audit, and data access obligations. This category carries the most demanding compliance timeline and the highest penalty exposure.

AI system providers and deployers: Technology companies deploying AI systems in Germany. whether as stand-alone products or embedded in broader digital services. must assess whether those systems fall into prohibited. High-risk. Alternatively, limited-risk categories under AI Act compliance rules. Algorithmic accountability obligations apply to any system that makes or meaningfully influences decisions affecting German users.

Software and technology licensors: Companies licensing software to German businesses or public bodies face updated software liability exposure. German technology law now aligns more closely with the EU product liability regime as applied to digital products, affecting indemnity clauses and warranty structures in technology licensing agreements.

Companies whose German nexus arises solely through a small-volume service. Alternatively, through a non-commercial offering. May qualify for reduced obligations. but the threshold is applied strictly. Additionally, self-assessment errors are common among international companies unfamiliar with the German regulatory system.

To receive an expert assessment of your digital services exposure in Germany, contact us at info@ferrazwhitmore.com.

What to do now – immediate actions and compliance timeline

International technology companies should treat the following as a priority checklist. Time available for remediation is limited, and enforcement activity in Germany tends to follow quickly once supervisory deadlines pass.

  • Map your services against the category thresholds. Determine whether your platform, AI system, or software product triggers large-platform, high-risk AI, or standard digital services obligations. Do not rely on classifications applied in other EU jurisdictions – Germany applies the thresholds independently.
  • Audit your algorithmic accountability documentation. AI Act compliance requires that providers of high-risk AI systems maintain conformity assessments, technical documentation, and human oversight records. If these are not yet in place, the remediation window is narrow.
  • Review technology licensing agreements. Software liability exposure under updated German technology legislation may invalidate or significantly alter indemnity caps and warranty exclusions in existing agreements. Contracts with German counterparties warrant a targeted legal review.
  • Register or appoint a legal representative in Germany. Providers not established in Germany but offering digital services to German users must designate a legal representative. This representative can receive regulatory communications and bears responsibility for timely responses to enforcement authorities.
  • Assess insolvency-related exposure for distressed entities. For technology companies already under financial pressure, note that Germany's insolvency legislation – the Insolvenzordnung (German Insolvency Act) – imposes personal liability on directors who continue trading in breach of filing obligations. Regulatory penalties arising from non-compliance with digital services rules can accelerate the onset of insolvency thresholds.

For companies with intellectual property assets registered or enforceable in Germany, compliance failures in digital services obligations can also affect the enforceability of those rights in German proceedings. Our analysis of intellectual property law in Germany sets out the interaction between IP protection and digital services compliance in detail.

For a full picture of AI and technology law obligations in Germany. This includes AI Act compliance, algorithmic accountability. Additionally, technology licensing requirements. Our dedicated service page on AI and technology law in Germany provides a structured overview. Companies operating across multiple EU markets should also review our alert covering digital services regulation in Portugal, where similar EU-derived obligations apply with local procedural variations.

About Ferraz & Whitmore

Ferraz & Whitmore is an international law firm based in Lisbon, advising technology companies, investors, and institutional clients across 46 jurisdictions. Our AI and technology law practice covers AI Act compliance, algorithmic accountability, software liability, technology licensing, and digital services regulation in Germany and across European markets. We combine Portuguese civil law expertise with English common law tradition to advise clients who need results-oriented counsel across multiple legal systems. Engaging a lawyer in Germany or a law firm in Germany with cross-border digital services experience is essential when obligations span both EU and national enforcement layers – our team provides precisely that combination. To discuss your digital services compliance position in Germany, contact us at info@ferrazwhitmore.com.

Disclaimer: This publication is provided for informational purposes only and does not constitute legal advice. The information herein should not be relied upon as a substitute for professional legal counsel tailored to your specific circumstances. Ferraz & Whitmore assumes no liability for actions taken or not taken based on the contents of this material. For advice regarding your particular situation, please contact info@ferrazwhitmore.com.