Dr. Gregor Schmid, LL.M. (Cambridge)


Read More

Dr. Tobias Schelinski


Read More

Anneliese Hartlaub, LL.M. (London/Dresden)

Senior associate

Read More

Dr. Gregor Schmid, LL.M. (Cambridge)


Read More

Dr. Tobias Schelinski


Read More

Anneliese Hartlaub, LL.M. (London/Dresden)

Senior associate

Read More

27 August 2020

Key legal issues for games businesses in Europe

Terms of Use/Terms of Service


Each of the 28 European Union Member States has different mandatory legal requirements protecting players, which generally apply to the terms games businesses enter into with them (often referred to as terms of use (ToU) or terms of service (ToS) and often entered into jointly with an end user license agreement (EULA)). The most common areas that are subject to the varying laws are limitations of liability, requirements for local language, indemnities, one-sided provisions generally, and restrictive choices of governing law and jurisdiction. If these legal requirements are not met those terms could be rendered unenforceable, leading in some cases to unlimited liability or at least uncertainty of terms. Also, local consumer-protection bodies can apply sanctions causing cost and potentially fines. In many cases competitors can trigger this through submissions to regulators. Furthermore, in Europe, small print is increasingly seen as a brand issue, with many games businesses using “plain speaking”, “FAQ” style approaches, which support their brand and ethos. Poorly conceived small print can lead to brand damage and thus losses of a games company, or (particularly for start-ups in the games industry) difficulties finding new investors.

Market Practice

Localising terms for all 28 European Union Member States is, of course, time consuming and raises practical issues. Our experience is that many games businesses focus on the top X markets in Europe (X may commonly be 5, or more, but rarely 20+), and develop terms that comply with the local laws in those markets. Often, it makes sense to provide local translations of the respective terms anyway.

Games Development and Publishing

Contracts for games development and publishing need to balance interests between the parties involved. The particular circumstances for the several platforms such as PC, consoles and mobile devices have to be kept in mind. New rules have been introduced in European Copyright Law in 2019 by the Directive on Copyright in the Digital Single Market, such as a binding principle of appropriate and proportionate remuneration, and transparency on revenues.

Data Protection and marketing


The General Data Protection Regulation (GDPR) harmonises data protection across Europe although several aspects remain in the national legislation via flexibility clauses (e.g. processing in employment context). GDPR builds on some existing principles, it also contains extended and new obligations regarding data processing as well as extended rights for data subjects. Most importantly, fines have drastically increased.

In addition, special national regulations must be observed due to the flexibility clauses contained in the GDPR (e.g. with regard to data processing in the employment context). Furthermore, the GDPR also applies to non-EU companies that operate in the EU and process data from EU citizens.

Guidance regarding the implementation of the GDPR is provided by national supervisory authorities as well as the European Data Protection Board.

The following principles are the basic principles of the GDPR

  • Lawfulness, fairness and transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality

Further, games companies need to implement mechanisms to ensure that the data subjects’ rights of players (e.g. access, erasure, portability) can be exercised. Special rules apply for minors and with regard to specific “sensitive” data such as health data. Also, data retention times become a matter of higher interest recently. The transfer of personal data to recipients outside the EU requires additional legitimation, such as reliance on EU model clauses or an adequacy decision of the European Commission. In light of the most recent Schrems II decision of the Court of Justice of the European Union, the Privacy Shield is not considered granting adequate protection for data transfer to the US any longer and some may challenge the EU model clauses in that regard as well. As the value of player data, and the knowledge and awareness of European consumers about their rights increases, these issues are crucial for games businesses.

The GDPR also imposes a number of requirements around the use of cookies, tracking and similar technologies. In particular, it is important to distinguish between technologies that require consent and other that do not require consent. The long-expected E-Privacy Regulation most likely will introduce additional rules for cookies. Providers of games sites/ platforms should carry cookie banners to obtain necessary consents (the requirements to be met by/ details to be included in such cookie banners vary in the European Union Member States) and cookie policies, which specify details as to cookies used along with information about how to deactivate them. Also regarding the sending of marketing/ promotional newsletters, games companies need to assess a potential consent requirement and inform the (future) recipient how to unsubscribe from that newsletter.

E-Privacy Regulation

The EU is still currently working on the revision of the E-Privacy Directive, which is (in the form of the E-Privacy Regulation) intended to strengthen citizens' rights online and regulate data protection in the online sector. The Regulation will affect almost every form of electronic communications, including both traditional communications services and novel technologies. The use of cookies is expected to be regulated more stringent, including the question which cookies require consent. The E-Privacy Regulation will exist in addition to GDPR and was initially expected to enter into force at the same time as the GDPR. As the first attempt to adopt the E-Privacy Regulation failed after four years of discussion, the EU legislator is at the beginning of the legislative process again – a new draft to be expected not before the end of the year 2020.

E-commerce, consumer protection and the digital single market

The European market is subject to “distance selling” laws that protect players in relation to purchases online. Prior and after any purchase of games, or in-game items or virtual currency, online-game businesses have to comply with numerous requirements, which include:

  • The communication of clear terms and conditions at the time and also by email (or at least a “durable medium”) upon order;
  • Fulfilment requirements in terms of payment; and
  • A right of refund for some products and services (which may apply to gaming items depending on the circumstances).

However, these requirements vary to a degree across the European Union Member States and so do the consequences of not meeting the respective requirements.

Further, each European Union Member State was required to give effect to the Directive on Consumer Rights (Directive 2011/83/EU) by 13 June 2014. Each country is doing so under its own legislation. This new Directive requires, inter alia, online games businesses to ensure the player, when placing an order, explicitly confirms that the order implies an obligation to pay. If placing an order entails activating a button or a similar function, the button or similar function must be labelled in an easily legible manner only with the words ‘order with an obligation to pay’ or a corresponding unambiguous formulation in the local language.

There are also new regulations regarding digital content, which will have an impact on games businesses, such as the requirement to obtain express consent and acknowledgment from players that the 14 days cooling off period will not apply after download.

The EU Directive on Digital Content has been adopted in May 2019 introduces the concept of “payment by data”, establish significant statutory warranties and retrieval of user content and user data upon termination. As the scope of this directive is broad, it will affect all online and mobile games providers selling to European customers.

If games businesses fail to comply with the legislation, which implements the Directive on Consumer Rights, it is likely that their players will not be legally bound under the relevant end user terms, which include, of course, the obligation to pay (e.g. the cost of the game, virtual items and/or currency). In Germany, for example, a games business failing to comply with the applicable consumer protection laws also could cause competent consumer protection agencies or competitors (sometimes even users) to bring action against them (following ignored or disputed cease-and-desist letters). It is therefore important that games businesses ensure the information disclosure and other requirements of the implementing legislation are complied with.

The EU-Geo-Blocking Regulation has entered into force in December 2018 and prohibits to block or limit access to online interfaces on the basis of nationality, residence or establishment of the customer, e.g. in the form of auto-forwarding mechanisms that lead to the user only being able to use a website in the version of his or her home country. The European Union Member States seem to be slow in enforcing the EU-Geo-Blocking-Regulation, even though they (like Germany, for example) may have implemented local laws to be able to enforce the Regulation. At least, fines or administrative orders, if any, seem not to be published so far.

Online liability

To the extent games businesses allow players to communicate with each other/ post content or comments on the platform, such businesses run the risk of content liability. European laws do include certain defences around “hosters” and “ISPs” however the applicability of these is dependent on careful consideration in terms of operating model, particularly around moderation and notice and take-down procedures for so called host providers. According to recent case law of the Court of Justice of the European Union, internet access providers may be obliged to block content infringing copyright under certain circumstances.

Hosting of tournaments

Games tournaments can be subject to various legal requirements. When hosting “offline” tournaments, the host might also have to comply with additional requirements such as in respect of protection of minors (e.g. not permitting underage gaming or supplying minors with alcohol), gambling law, advertisement law and entry requirements for players.

When streaming a tournament, that streaming may under certain conditions qualify as a broadcast and be subject to a licensing requirement. The same may apply for gamers streaming gaming content on platforms like Twitch.

Used games and key selling

Recent case law in Europe has confirmed the rights of software licensees to share software, which is “sold” and software providers, depending on their licensing model, cannot prevent this. The application of these laws to games software is uncertain but possible. Technical measures can be used and cloud based games are likely to not be caught. Of course the second hand market in disc based games is long established, however the laws present challenges for providers of downloaded games and terms need to be carefully crafted.

Similar questions arise in connection with so-called key selling. German district courts ruled (one ruling being confirmed by the German Federal High Court) that the sale of isolated product keys by a third party infringed copyright and could be stopped accordingly.

In-game currencies


  • Contractual rights to such currency, and what it can buy (meaning the terms need to be very clear on the value and rights relating to in-game currency);
  • Regulatory requirements around electronic money (which generally will only apply where a currency can be cashed out or used in other games/platforms or can otherwise be converted);
  • Regulatory issues relating to money remittance and payment systems, and also money laundering requirements in Europe; and
  • The increasing awareness in the media of the risk of minors running up significant bills through in-game purchases, leading to (i) complaints by parents/ guardians and (ii) in some markets, the threat of government intervention (such as around consent notices, or limits on spend over a fixed period of time).

Virtual currencies

Not to be confused with the regulation of issuing e-money is the somewhat less regulated world of virtual currencies (such as Bitcoin). Bitcoin, in particular, is increasingly accepted by games businesses such as Zynga, and Microsoft recently restored it as a payment option in its Xbox and Windows stores. Virtual currencies have been getting a lot of media attention, not always positive, which may scare off potential users. Any business thinking of accepting virtual currencies must consider how to manage risks including theft, fraud, exchange or marketplace insolvency, hacker attacks and money laundering as well as the risk of serious reputational damage, if things go wrong.

Along with the US and other jurisdictions, the UK government has started to consider whether regulation is necessary in this area and there is a risk that fragmented regulatory and taxation frameworks could emerge. Mainstream adoption is hindered by the overall lack of certainty in core areas and, ultimately, we expect legislation to harmonise requirements covering a range of topics, such as refunds, price guarantees, complaint handling, protection schemes and secure IT-Systems.

Publishers need to think about how they can design systems to accept virtual currencies – and how to redeem them – in an ever changing regulatory environment.

Market Practice

Whilst some games businesses may focus only on the key markets in which they operate in Europe, it is important to note that non- compliance can lead to criminal sanctions. As such, the in-game payment issues should be treated as higher risk.

Advertising Law; Influencers

Advertisement in Europe is regulated by several Directives such as the Directive on Misleading and Comparative Advertising and the Directive on Unfair Commercial Practices. There is a strict labelling requirement as all advertisements should be recognisable as such. Subliminal techniques are generally unlawful. Labelling should be sufficiently clear and visible. Advertising directed at children may not contain direct exhortations to purchase. Advertising should be true and not misleading and the advertiser needs to be able to show and prove that his assertions are correct. Specific advertising restrictions apply to certain media (e.g. broadcasting), content (e.g. violence or nudity) and specific products (e.g. alcohol). When using influencers on social media for advertising campaigns, advertisers may also liable for false or missing labelling by such influencers.

Influencers (and advertisers) need to be aware when, and how to disclose and label sponsored content. Recent Case law in Germany suggests that “#ad” and “#sponsored” will not be sufficiently clear.

Loot boxes

The purchase of so-called loot boxes is currently the subject of controversial discussion, in particular, the classification as a game of chance. The Dutch and Belgian gambling supervisory authorities have classified some games (Overwatch, FIFA franchise, CS: GO, Star Wars: Battlefront II) as gambling due to the embedding of loot boxes and found that they violate the relevant gambling laws. Either the loot boxes must be removed or a gambling license must be purchased. In Germany, loot boxes are currently not seen as generally illegal. In addition to gambling law issues, questions may also arise with regard to consumer law and the protection of minors.

General additional issues

The above issues do not include the general additional issues that any digital business operating in Europe needs to cater for including:

  • IPR protection including trade mark registration (in each territory or as a European wide Community Trade Mark);
  • IPR licensing (from partners, to users and across corporate groups);
  • VAT, corporation tax, transfer pricing and other tax and accounting issues;
  • Employment and stock options;
  • Specific issues regarding in-game content such as age-related restrictions, copyright, trademark, design and competition law issues;
  • Use or selling of cheat bots.


There are a number of upcoming European sets of rules and events, which need to be monitored, such as

  • The consequences of the EU Directive on copyright and related rights in the Digital Single Market and its respective (e.g. in Germany highly disputed) implementations into national law;
  • Brexit and its factual consequences;
  • Discussions in Germany whether e-sports will be recognized as a sport or not
  • Consequences of the Schrems II decision of the Court of Justice of the European Union
  • The second attempt to agree on an E-Privacy Regulation;
  • Plans by the EU Commission to introduce new tax rules for digital activities;
  • The EU Commission’s legislative package for a “New Deal” for consumers which amongst others may result in substantial penalties of up to 4% of the trader’s annual turnover in the event of widespread infringements.
Call To Action Arrow Image

Latest insights in your inbox

Subscribe to newsletters on topics relevant to you.