logo
Teamchevron-right Karsten U. Bartels LL.M.
Avatar von Karsten U. Bartels LL.M.

IT Law

IT-Security

Data Protection Law

AI Law

Data Law

Robotics

SaaS und Managed Services

Karsten U. Bartels LL.M.

Attorney-at-law (Partner)

Karsten is a recognised expert in IT security law and IT law. In the field of IT security law, he advises clients on a project-specific, contractual and training-related basis. His work focuses in particular on IT security agreements, legal risk management and interdisciplinary advice.

Contact Karsten U. Bartels LL.M.

Send E-Mail

His practice further covers:

  • IT contract law, in particular software/ SaaS agreements, service level and availability agreements, outsourcing, transfer projects, general terms and conditions and contract negotiations
  • AI law, in particular with regard to critical AI systems and IT security
  • Data protection law and group-wide data protection, including dispute defence
  • Robotics law in both industrial and private contexts

Current areas of focus (selection)

  • NIS-2-Umsetzungsgesetz: assessments of applicability, supply chain obligations and risk management measures
  • Cyber Resilience Act (CRA) and the new Produkthaftungsgesetz: review of business models involving digital products in light of the new IT security requirements (vulnerability management, update obligations), CE marking obligations and liability scenarios
  • Digital Operational Resilience Act (DORA): IT security regulation for financial entities and ICT third-party service providers
  • SGB V: requirements for the processing of health data in the cloud
  • KI-VO: classification of AI systems and legal issues relating to high-risk AI systems
  • Data Act: scope of data access rights and contractual frameworks

Karsten regularly holds workshops on IT contract negotiations in the IT sector, addressed to audiences ranging from sales teams to executive management.

He has been committed for many years to strengthening the protection of businesses and society through improved IT security. Since 2014, he has accompanied the legislative procedures on IT security laws, inter alia by submitting expert opinions and participating in stakeholder consultations.

He reports on his activities as a Top Voice on LinkedIn.

  • Since 2012 – Partner at HK2 Rechtsanwälte
  • 2007–2012 – Partner at BARTELS KIM WOLLENHAUPT Rechtsanwälte
  • Certified data protection officer (TÜV)
  • LL.M. in Legal Informatics, Institut für Rechtsinformatik (IRI), Leibniz Universität Hannover, within the European Legal Informatics Study Programme (EULISP). Study abroad term at Centre for IT & IP Law (CiTiP), KU Leuven, Belgium
  • Legal clerkship (Referendariat) at Kammergericht Berlin
  • Law studies at Freie Universität Berlin
  • German
  • English
  • Deutsche Gesellschaft für Recht und Informatik e. V. (DGRI)
  • Deutscher Anwaltverein (DAV) e. V.
  • Berliner Anwaltsverein e. V.
  • EULISP-Alumni Deutschland e. V.
  • Lecturer for IT security law, Rechtsinformatikzentrum (RIZ), Zertifikatsstudium „Informationsrecht & Legal Tech“, Ludwig-Maximilians-Universität München (LMU)
  • Deputy Chair of the Board of Bundesverband IT-Sicherheit e. V. (TeleTrusT)
  • Head of AG IT-Sicherheitsrecht at Bundesverband IT-Sicherheit e. V. (TeleTrusT)
  • Coach and speaker in the programme Gründungswettbewerb – Digitale Innovationen of the Bundesministerium für Wirtschaft, implemented by VDI/VDE-IT
  • Member of the jury for the TeleTrusT-Innovationspreis
  • Founder of the IT-Sicherheitsrechtstag of Bundesverband IT-Sicherheit e. V. (TeleTrusT)
  • Founder of the Deutscher IT-Rechtstag of AG IT-Recht in Deutscher Anwaltverein e. V.
  • Previously: Chair of AG IT-Recht (davit) in Deutscher Anwaltverein, lecturer for Datenschutz-Compliance (Hochschule Hof) and lecturer for IT-Recht (TH Wildau)

Co-author: Handreichung Stand der Technik in der IT-Sicherheit, Bundesverband IT-Sicherheit e. V. (TeleTrusT), ongoing since 2016

Co-author: Handreichung Security by Design, Bundesverband IT-Sicherheit e. V. (TeleTrusT), 2023

Co-author: Leitfaden Cloud Security – Sichere Nutzung von Cloud-Anwendungen, Bundesverband IT-Sicherheit e. V. (TeleTrusT), 2021

Bartels, K.U.; Backer, M., Die Berücksichtigung des Stands der Technik in der DSGVO. DuD 42, 214–219, 2018

Bartels, K.U.; Backer, M., ITSiG-konforme Telemedien. DuD 40, 22–28, 2016

Rechtliche Aspekte der E-Mail-Verschlüsselung, in: E-Mail-Verschlüsselung – Rechtssichere und vertrauliche E-Mail-Kommunikation, Bundesverband IT-Sicherheit e. V., p. 9, 2020

IT-Sicherheitsgesetz – (Un-)Sicherheit im nationalen Alleingang?, Heise iX Themenbeilage „Sicherheit & Datenschutz“, I/2015, p. 19

Bezugspunkte des IT-Sicherheitsgesetzes – Weichenstellungen einer nationalen Gesetzesinitiative, ITRB, 4/2015, p. 92

RESISCAN und Outsourcing – auf dem Weg zum ersetzenden Scannen, ITRB, 8/2013, p. 184

Rechtliche und vertragliche Anforderungen an sichere Nutzung von Cloud-Anwendungen, in: Sichere Nutzung von Cloud-Anwendungen am Beispiel des TeleTrusT als Praxisleitfaden für Verbände und KMU, TeleTrusT – Bundesverband IT-Sicherheit e. V., p. 15, 2012.

Profil