The role of legal counsel has evolved, mainly due to technological advances and new regulations: it is no longer enough to react to legal risks, now you are expected to identify them before they arise.
Regulatory pressure, international expansion, and exposure to sanctions or claims make their role more strategic than ever.
In this article, we have compiled 7 critical areas that you should consider as an in-house legal advisor. Each of them can be a headache… or an opportunity to anticipate, protect the business, and strengthen your position as a key part of the management team.
Key aspects for a legal counsel or legal advisor
1. Identify high-risk or outright prohibited AI systems
The entry into force of the EU Artificial Intelligence Regulation brings new obligations and prohibitions. Some technologies simply cannot be used in the EU, such as those that manipulate human behavior, socially classify people, or exploit vulnerabilities of sensitive groups.
The problem: many companies do not know they are already using AI, or have not classified it internally. As legal counsel, it is necessary to evaluate the systems, classify their risk level, and activate compliance mechanisms, as we discussed in identifying prohibited AI systems.
2. Keep transfer pricing under control in international operations
If your company operates with subsidiaries or provides services between entities of the same group in different countries, transfer prices must be justified and documented. It’s not just a tax issue: lack of documentation or inconsistencies between contracts, invoices, and internal policies can become a serious legal problem.
An in-house advisor must ensure that the business model design is defensible before the tax authorities, both in Spain and abroad.
3. Review terms and conditions of use
Many marketplaces, platforms, and apps are unknowingly exposed due to outdated or incomplete terms of use, especially after the entry into force of the Digital Services Act (DSA).
European regulations require transparency, traceability, content notification mechanisms, clarity on responsibilities… and much more. Therefore, it is important to be aware of the European marketplace regulations.
4. Do not miss the approval and filing of annual accounts
It may seem like a simple formality, but not approving and filing the annual accounts can have very serious consequences: financial penalties of up to €60,000 or €300,000, as applicable; difficulties obtaining financing…
It’s a basic point, yes. But also one of the most forgotten. And it’s important to manage the correct deadlines to understand the consequences of not approving or filing annual accounts.
5. Conduct periodic data protection audits
Many companies make an initial effort regarding GDPR, but then allow their policies and contracts to expire without review. Periodic data protection audits have many benefits; they are not just good practice: they can make the difference between a simple warning and a serious fine from the AEPD.
Auditing means reviewing processing activities, assessing risks, updating clauses, validating consents, and ensuring everything is documented. And it is Legal’s responsibility to lead or coordinate this process.
6. Prepare a plan for intellectual property infringements
From trademarks to software, including visual content or databases, intellectual property is one of the most valuable assets of any company. But is it protected? Would you know how to act in the event of an intellectual property infringement? Do you have the appropriate registrations? Are contracts with third parties properly configured?
A good plan should include registrations, assignments, active monitoring, and legal action strategies. Not only in case of problems… but because it is often one of the most relevant aspects in any sale or investment process.
7. Have a real protocol for data breaches
When there is a security breach, the clock is ticking, so it is important to know how to handle a data breach: you have 72 hours to notify the AEPD. But first, you need to know if it really is a breach, which data have been affected, what impact it has, and whether the affected parties must be informed.
A good incident response protocol for data breaches is not a document kept in a folder. It is a practical, agile tool, coordinated with IT and executive. And a legal advisor or legal counsel must be an active part of its design and activation.
Conclusion: a legal counsel may need help
Today more than ever, the legal counsel is not just the one who performs legal supervision, but the one who prevents risks that could compromise the business. And this task is not as easy as it seems.
That is why, at Metricson, we work hand in hand with legal counsels of many companies, large, small, and medium-sized, to help them anticipate these challenges and cover the legal aspects that allow them to fulfill their mission 100%.
Would you like to discuss any of these topics or review how you manage them in your company? Contact us by clicking here.
About Metricson
Metricson is a pioneering firm in legal services for innovative and technology companies. Since its founding in 2009, it has advised more than 1,400 companies in 14 different countries, including startups, investors, large corporations, universities, institutions, and governments.
If you want to contact us for any legal advisory matter, do not hesitate to write to us at contacto@metricson.com. We look forward to talking with you!