Uroša Martinovića 8, 11070 Beograd

IT/ICT Law

 

INFORMATION TECHNOLOGY LAW

 

WHERE LEGAL SERVICES MEET THE ICT INDUSTRY

The expansion of the internet and information technologies over the past quarter-century has required special regulatory treatment, which is reflected in the adaptation of existing laws and the creation of new regulations to fill the emerging legal gaps and provide greater legal certainty for both IT and ICT service providers and their users, including the end consumers of digital services, software, and the information society in general. The stakeholders in these processes are striving, with varying degrees of success, to keep pace with the highly demanding and urgent market needs, where technological solutions evolve and are upgraded rapidly.

As a result, traditional branches of law, such as contract law, intellectual property law, and even criminal law, have gained an entirely new context reflected in digital forms of goods and services, electronic communication, and internet platforms as a new marketplace for borderless trade.

This context, along with the new economic sector that created it, first needed to be understood, followed by diagnosing issues and identifying and proposing regulatory solutions. This is far from simple, especially considering the slow pace of legislative administration and procedures compared to the rapid development of technology and the dynamic nature of this market.

Over the past decades, European Union Directives and Regulations have followed one after another, attempting to establish a legal framework for a domain that had already staked its territory and marked the informal boundaries of its operation. Where these lines of practice and regulation did not diverge significantly and where existing solutions could be relatively easily applied, it went more easily. However, in cases where it was necessary to “straighten the crooked river” and reset some rapidly advancing processes to “factory settings,” the process was often painful and turbulent. This was exemplified by the GDPR and the Copyright Directive in the Digital Single Market, both of which stirred considerable controversy and whose dust has yet to fully settle within the Union.

For example, establishing copyright protection for software solutions, and even aligning general rules regarding the permissible scope of decompiling computer programs for legitimate purposes, did not generate significant public controversy. However, achieving deeper interoperability goals, both in hardware and software contexts, can have much broader implications, often encroaching on the interests of rights holders and digital service owners. This is precisely one of the focal points of the new EU regulation—the Digital Markets Act (DMA)—which aims to establish control mechanisms over so-called “gatekeeper” companies and steer their operations more toward the interests of citizens rather than merely focusing on profit.

In any case, all these new developments and the emergence of Unicorn companies, which rely not on “tangible” assets but on data as the most valuable resource of the modern era—and upon which their entire business models are based—have necessitated new practices and posed new challenges for everyone, including those of us in the legal profession.

Under the influence of all these processes, a new legal field has emerged, which we legal professionals call IT Law, or Information Technology Law. Some refer to it as ICT Law, adding communication as an important segment of the entire industry alongside information technology. Although still informal and without the status of an independent legal branch, the field of IT Law deserves to be recognized and studied as such.

The scope of this field extends across numerous branches of law, particularly in areas where specific legal solutions are applied within the context of the internet, computer programs, electronic commerce and information society services, personal data protection, electronic communications, and various other practical situations related to IT and the internet.

Significant changes have occurred in contract law, given the revolutionary shift in how legal relationships are established, as well as in intellectual property law, where the computer program has emerged as a primary object of protection. It has become a dominant subject of copyright protection, alongside the previously more prevalent musical, film, and literary works.

IT LAW SERBIA

These changes are not only related to large companies and major markets, or developed countries. In fact, since Serbia is closely connected to the European and global IT markets, IT law in Serbia has also followed global trends and developments. As a result, several law firms have specialized in IT law in Belgrade and Serbia over the past decade. The law firm MILIĆ Legal is one of the pioneers in this field, with years and decades of experience providing services to young Serbian IT companies, starting from their early stages of development.

 

LEGAL FIELDS IN THE CONTEXT OF THE IT INDUSTRY

The term “IT law” or “ICT law” refers to legal disciplines that are directly or indirectly related to the information technology industry. This includes legal issues arising from various branches of law, such as civil, commercial, and labor law, and pertains to specific situations within the IT/ICT sector. The development of information technologies imposes new demands on legal professionals, who must ensure that their knowledge of traditional areas of law, such as contract law, is supplemented and adapted to meet the demands and specificities of the IT industry.

Specialization in IT/ICT law inevitably involves the application of general legal principles to new, often technically demanding issues. This is a result of the pervasive digitalization and the so-called third and now fourth industrial revolution, driven by generative artificial intelligence. This area of law covers a broad range of legal challenges, including, but not limited to, the labor and legal status of IT professionals, legal issues related to intellectual property and copyright on computer programs, other legal requirements for IT/ICT companies, as well as complex contractual relationships with clients and suppliers.

For example, regulating the employment relationship of programmers, protecting the intellectual results of their work, the legal aspects of software licensing, data management in compliance with privacy laws such as the GDPR, and corporate legal issues are key aspects where IT lawyers must be particularly competent.

In this context, IT/ICT lawyers are responsible for interpreting and applying legal norms in a way that supports the innovative nature of the IT industry, while simultaneously ensuring compliance with legal regulations that protect not only the technology companies themselves but also their clients, employees, and the wider community. Therefore, IT lawyers face the added challenge of managing the compliance aspect of the operations of IT/ICT companies.

We can conclude that we can no longer adhere to the outdated division of legal branches, as they inevitably overlap with a completely new context that requires legal norms to be applied in an entirely different environment – the digital one.

As personal data has become one of the most valuable resources of today and a way to generate substantial profits, as recognized by major global internet companies like Alphabet and Meta, the need has arisen to treat personal data protection as a distinct legal field. This field requires knowledge of broader legal and technological areas than those seeking to apply it.

As if things weren’t complicated enough from a legal perspective, the arrival of blockchain technology, digital assets, and NFTs has introduced the need to legally define new concepts and establish legal mechanisms to ensure that the issuance of digital tokens and their trading take place in the safest possible legal and market environment.

Information Technology Law, or IT law, provides the regulatory framework for the circulation, collection, storage, and use of data in digital form and computer programs within and outside the global internet network, as well as the protection of digital information and currencies through encryption and cryptography.

Cybersecurity is also perhaps the most promising subfield of IT law, with its role as a bridge between technical knowledge and services, and legal understanding, treatment, and application of security measures. It is another reason for lawyers to step out of their traditional comfort zones and expand their knowledge to include technical aspects of information security, at least at the level of understanding this field. With the adoption of the NIS 2 Directive in the EU, this area gains importance, and with the ratification of these rules in the Republic of Serbia through the new Information Security Law, the significance of cybersecurity as a branch of law increases in our country, within the field of – IT law Serbia.

With the development of artificial intelligence and e-commerce, an increasing number of legal relationships that are currently happening and being resolved in the real world will shift to the realm of the internet and information technologies. Therefore, the development of this legal field is a market necessity as it rapidly moves into the virtual space.

This branch of law closely overlaps with Internet law, which, indeed, covers issues such as intellectual property, privacy rights, the rights and obligations of participants in online commerce, internet freedoms, and freedom of speech. However, areas such as network security, internet protocols, internet domains, etc., are regulated by both types of law, each from a different perspective. For many, Internet law is considered a subcategory of  IT law.

IT CONTRACTS AND THEIR CHARACTERISTICS

The needs of the IT industry have posed challenges even in labor law, offering various models of engagement for individuals working on the development of computer programs, for example. In different types of contracts with individuals, legal entities, or entrepreneurs, there has emerged a need for the implementation of detailed clauses related to intellectual property rights, data confidentiality, and non-compete agreements. New types of designated contracts, collaboration models, and documents have also appeared, which our legal system does not specifically regulate but only broadly, such as IT CONTRACTS—Master Service Agreement, Scope of Work, Statement of Work, Request for Quote, Request for Proposal, etc.

The speed of technology has also initiated the development of new licenses that have facilitated the transfer of rights to computer programs and made their use more flexible.

We can say that the field of ICT, or IT law, encompasses, among others, the following areas:

 

COMPUTER PROGRAM – SOFTWARE

When thinking about the IT industry, the first thing that usually comes to mind is computer code, or computer programs, because today, whatever product or service from information technology we take as an example, it is either based on a computer program or connected to it.

Therefore, the computer program is a very important segment of the IT industry and IT law in general, especially because confusion often arises regarding its legal nature, which determines the legal framework for such creations, and most importantly, the legal protection of the creator’s interests. It is crucial for programmers to know their rights both during the process of creating the program and after its completion. Additionally, it is necessary for employers, such as IT companies, to fully understand the legal aspects of their activities so that they can regulate and manage their business in the best possible way and minimize risks to an acceptable level.

The protection of computer programs and databases, the status, and the possibility of using and implementing open-source code in new commercial solutions are just some of the legal issues present in the operations of almost every IT company worldwide, including in our country. Any lawyer with the ambition to provide legal support to such a company must first become familiar with the legal and technological characteristics of the service being ordered or performed, as well as the purpose intended to be achieved.

Although the Law on Copyright and Related Rights (hereinafter: the Law) most comprehensively regulates rights concerning computer programs, it does not define them, unlike databases, which it conceptually delineates. On the other hand, the Criminal Code of the Republic of Serbia considers a computer program to be an organized set of instructions used to control the operation of a computer or to solve a specific task using a computer. The Law, however, classifies computer programs as literary works due to their characteristics, alongside books, brochures, articles, etc. Copyright protection covers not only the computer code but also the technical and user documentation in any form of expression accompanying the computer program, including preparatory materials for their creation.

Therefore, a computer program is recognized under the Law as a literary work and enjoys copyright protection like any other original product of intellectual and creative effort expressed in a particular form. Therefore, we can state that a computer program is subject to intellectual property law.nHowever, as previously noted, a clear distinction between branches of law cannot always be drawn, and segments of intellectual property law inevitably extend into the field of IT law.

From everything presented, we can conclude that it is crucial for a lawyer specializing in IT law to have expertise in intellectual property law, particularly experience in copyright law, even before the expansion of the IT industry and the startup scene. This gives a significant advantage to law firms that have been active for decades and have been present since the early stages of IT development in Serbia and abroad.

AUTHOR – PROGRAMMER AND RIGHTS HOLDERS OF THE SOFTWARE

Given the “intellectual” origin of any copyrighted work and its strong connection to the creator’s personality, the author of a computer program can only be a natural person—for instance, the programmer who created the program. Therefore, a legal entity can never hold the status of an author. However, a legal entity can hold the economic copyright to a computer program, which often happens in practice.

The initial holder of copyright for a computer program is, therefore, the author, while another rights holder can be the owner of economic copyright if acquired through a contract or by law. For example, if a computer program is created by an employee under an employment relationship, the employer holds all exclusive economic rights to the work unless otherwise specified in the contract. However, the author may be entitled to special compensation if stipulated in the contract. This legal provision differs from other forms of copyrighted works, where, unless otherwise regulated by contract, economic rights belong to the employer for five years, after which the author becomes the rights holder.

COPYRIGHT IN RELATION TO COMPUTER PROGRAMS

As with other copyrighted works, computer programs are subject to the division of subjective copyright into moral and economic rights, also referred to as personal and property-related entitlements.

Moral rights pertain to the author’s personality and include, among other things, the right to be recognized and identified as the author of the work, the right to publish or withhold the work, the right to oppose inappropriate use, and the right to protect the integrity of their work.

Economic rights primarily relate to the economic exploitation of the copyrighted work and the right to collect compensation. For example, economic rights include the right to reproduce the copyrighted work, distribute copies of the work, broadcast it, make it available to the public, including the right to make the work accessible interactively to the public, and so on.

The right to reproduce a computer program

One of the fundamental economic rights that belongs to the author or rights holder of a computer program is the right to reproduce it. In other words, the author of a computer program has the exclusive right to permit or prohibit the reproduction of the program that has been created as a result of adaptation, translation, arrangement, or modification of the original program, without affecting the rights of the person who made such changes. By reproduction, the legislator also includes making the program operational on a computer.

TRANSFER OF RIGHTS IN A COMPUTER PROGRAM

Rights such as moral rights are strictly linked to the author’s personality and cannot be transferred. Therefore, they cannot be alienated even by the author’s will, and any form of their transfer would be legally void. The author is, therefore, the author, and no one else can claim this status.

On the other hand, property rights can be disposed of, meaning they can be acquired through legal transactions, such as contracts, and can also be subject to inheritance.

Property rights can be disposed of in an exclusive or non-exclusive manner, with the contract specifying whether it involves an exclusive transfer. In the case of an exclusive transfer of property rights, only the transferee will be authorized to exploit the work in the manner prescribed by the contract, while the author or third parties will not have that right. Furthermore, in the case of an exclusive transfer, the transferee will have the right, with the special permission of the author or their legal successor, to transfer that right to third parties.

The transfer of property rights can further be limited in terms of scope (according to the number of actions the transferee is authorized to perform), territorially (according to the territory where the transferee can exercise the rights), and temporally (according to the duration of the rights).

CONTRACT FOR THE DEVELOPMENT OF A COMPUTER PROGRAM – SOFTWARE DEVELOPMENT AGREEMENT

In addition to the Copyright Agreement as the primary legal transaction through which the rights to a computer program are disposed of, in practice, it is also common to conclude a Software Development Agreement – a computer program, which, in relation to the general rules of a copyright agreement, carries its own specificity.

When it comes to IT law, there is the greatest practical need for the engagement of attorneys and legal experts in regulating relationships between IT companies or between IT companies and hired programmers or contractors, particularly in the context of concluding IT contracts. Issues such as who will own the rights to the source code, work methodologies, Scope of Work (SoW), payment schedules, and the launch and maintenance of the product are just a few of the elements of these contractual relationships that require careful attention.

Therefore, given the regulation of rights to the executed work-product, the intellectual property clause is a key element of every software development agreement. Whether the rights to the program are assigned exclusively or non-exclusively determines the scope of future usage rights, including any limitations, as well as the right to protection that can be asserted against third parties.

For the proper application of legal norms in the context of IT business, it is crucial to understand the characteristics of computer programs and databases as subjects of protection under copyright and related rights.

Whether it’s a Request for Information (RFI), Request for Proposal (RFP), Non-Disclosure Agreement (NDA), Master Service Agreement, or Software Development Agreement, each of these business phases in the IT industry carries a specific scope of rights and obligations, which require the involvement of an expert for proper evaluation. Additionally, the implementation of the Scope Statement (SoW) must also align with the main agreement, whose provisions it specifies and supplements.

Dealing with cases from the IT/ICT sector is not reserved only for programmers, developers, and platforms providing online services and software development. High technologies have become an integral part of every business, and today, the only way to successfully manage a company is by adhering to emerging trends and continuously improving your operations both technologically and in terms of human resources.

The specificity of the online environment, where the need for the application of this regulation arises, and the requirement for both theoretical and practical experience, sets this legal field apart in such a way that only a few legal representatives possess the necessary qualifications to represent legal and natural persons in relation to the digital and IT/ICT industries.

As in other areas, it is necessary to do everything possible through legal regulation and contracts to prevent disputes, which often have an international element in these cases. Only once all arguments for reaching a settlement have been exhausted should the parties present the case before the competent court.

IT / IKT law also encompasses smart contracts, which represent the most advanced approach to creating contracts using digital technologies and Blockchain.

Also, legal support for blockchain technological solutions used to track the activities and transactions of entities in cyberspace falls under IT law. This modern model of recording actions on the network forms the basis for further development of decentralizing the trade of goods and services and bypassing traditional, slower, and less secure payment and contract conclusion methods.

LIMITATIONS OF COPYRIGHT ON COMPUTER PROGRAMS

General Rules on the Limitations of Copyright

The right to reproduce a computer program belongs exclusively to its author – the programmer or another rights holder to whom this right has been transferred or who holds it by operation of law.

However, when there is a public or societal interest, or the interest of lawful license holders, the copyright on a computer program can be limited, meaning certain acts of exploitation may be permitted without the consent of the rights holder, and without payment of compensation.

For example, in copyright law, there is a general rule that allows temporary reproduction of any type and form of copyrighted work without the author’s permission and without payment of royalties if the reproduction is transient or incidental; an integral and essential part of the technological process itself; the purpose of the reproduction is to enable data transfer in a computer network between two or more parties through an intermediary; or the purpose of the reproduction is to allow the lawful use of the copyrighted work, provided that the reproduction does not have independent economic significance.

The rules for the limitation of copyright that apply to computer programs

In addition to the general rules for limiting copyright outlined in the previous section, the Copyright and Related Rights Act (hereinafter: the Act) also stipulates additional rules on limitations – suspensions of rights that apply specifically to computer programs. These limitations can be divided into two categories informally. The first concerns enabling the use of the program by the lawful license holder and the second involves permitting decompilation under certain conditions in order to establish interoperability of the program.

Limitations for the Purpose of Enabling Uninterrupted Use of the Computer Program

There are acts of reproducing a program that are necessary for the program to be used at all, and in this regard, the legislator has prescribed situations in which such acts of reproduction are allowed without the need to obtain special consent from the rights holder.

If the copyrighted work is a computer program (unless otherwise specified in the agreement between the rights holder and the user of the program), the person who has legally acquired a copy of the computer program (the legal licensee) is allowed to reproduce the computer program or parts of it, either permanently or temporarily, without the author’s permission and without paying royalties, provided that such reproduction is necessary for the program to be used and is in accordance with the intended purpose of the computer program.

Additionally, for the same purpose, the legal holder of a copy of the computer program is allowed to load, display, run, transmit, or store the computer program in the computer’s memory. In this regard, the legal holder of the copy may also, without the author’s or rights holder’s permission, correct errors in the program to ensure its proper functioning.

If it is necessary to create copies of the program on a physical medium or in the computer’s memory for the purpose of using and running the program, such storage must be allowed, and cannot be prohibited for the legal user of the program, even by a license agreement.

Limitations for Achieving Interoperability

The legitimate holder of a copy of a computer program may observe, examine, or test the program in order to identify the ideas and principles upon which certain elements of the program are based, provided that this is done while performing actions such as loading, displaying, running, transferring, or storing the program in memory in accordance with its intended use and manner of operation. In addition to enabling the proper use of the program by the licensee, the purpose of such provisions is to foster the dissemination of knowledge and ideas, further technological advancement, and innovation. One reason for such testing and examination may be to establish interoperability with another computer program, for which purpose the original code is translated. This process of uncovering the original code of a computer program is called decompilation. In principle, decompilation is prohibited, except in the manner and to the extent prescribed by the legislator.

Decompilation of a computer program, which involves the reproduction and translation of the source code, may be permitted without the authorization of the rights holder, but only if it is necessary to obtain data required to achieve interoperability between an independently created computer program and other programs.

Also, for the exception to copyright protection to apply, meaning for decompilation to be permitted, the following conditions must be cumulatively met:

  • The act of copying the source code and translating its form must be carried out by the lawful license holder, or another person authorized by them to perform these actions.
  • The data necessary to achieve interoperability must not have been otherwise available to the parties mentioned in the previous point.
  • The actions mentioned in point two must be limited to only those parts of the original program that are necessary to achieve interoperability.

The described exception to copyright protection is subject to additional conditions regarding the use of information obtained by copying the source code and translating its form. Specifically, the data obtained in this manner can only be used for the purpose of achieving interoperability of an independently created software program, with particular prohibition on disclosing the obtained information to others (unless necessary for achieving the interoperability of the independently created program). The data obtained through decompilation must not be used for the development, production, or marketing of a software program that is substantially similar in expression to the program being decompiled, or for any other action that infringes upon the copyright of that program. Using the data obtained from decompilation for an unauthorized purpose would constitute a violation of copyright and could potentially involve criminal liability.

It is important to note that the provisions of the Law regulating the limitations of copyright for the purpose of achieving interoperability are imperative in nature and cannot be excluded or limited by contract.

Interoperability in the software sense refers to the ability of computer systems and software programs to exchange information, meaning they can recognize each other and function together.

The issue of interoperability of computer programs is complex and layered, as it can be broken down into several types, such as semantic and structural interoperability, which refers to the ability of systems and programs to exchange data and recognize and open file formats. There is also technical or syntactic interoperability, which involves the ability to establish, among other things, security protocols used for communication over a network.

Interoperability works in such a way that two or more computer programs are created and configured to exchange information, recognize commands, and collaborate with each other. Without interoperability, computer programs would not be able to function together, nor could they be installed on operating systems, or connect to networks and various devices on the hardware level.

For example, in order for applications to be downloaded onto devices running the Android operating system and function properly, the software (applications) must be interoperable with Android. In order to achieve interoperability, it is necessary to determine the characteristics of the source code on which the operating system is based, which is done through the process of decompilation.

The term decompilation refers to the reverse process of creating a computer program. A computer program is created when a programmer first writes the source code, which is then translated by a compiler into machine-readable assembly code. This assembly code is an intermediate step toward the final binary language, which is converted into object code that can be recognized by computer devices. In this context, when someone wants to perform decompilation of a program, they start with the object code, then move through the assembly code to reach the human-readable source code, which can be copied and translated.