Practice Areas Why EU Representation Attorney Process Fees DSA Workshops Insights Contact Self-Check
Rechtsanwalt Theo Funk
EU-Digitalregulierung — Digital Services Act & AI Act
Legal Implementation — Kanzlei Theo Funk
Kanzlei Theo Funk — Attorney at Law

EU digital regulation counsel — DSA, AI Act, GDPR

German precision, boutique agility. We advise US and global technology companies — quietly, precisely, and on Pacific time.

Contact Us Learn More

Digital Services Act & AI Act

Navigating the Digital Services Act and AI Act for international tech companies: From strategic advising and practical implementation to legal support for your representative obligations under Art. 13 DSA and Art. 22/54 AI Act — the appointed representative function itself is available from Regingada UG (haftungsbeschränkt) under a separate contract. We provide comprehensive legal guidance across both frameworks.

Learn More
Our Meeting Locations & Office

Munich & Bamberg

Meet us in our meeting- and office spaces in Munich, at our law firm in Bamberg, or online.

Contact Us
L1

What might have risen to an eagle's flight can be reduced to a snail's pace by the law.

After Friedrich Schiller, The Robbers (Act 1, Scene 2)

Kanzlei Theo Funk is a Bavaria-based EU digital regulation boutique advising US and global technology companies. With a core focus on the Digital Services Act and the AI Act, we navigate high-stakes mandates across the full stack of EU digital law. We provide top-tier, academically rigorous advocacy designed for the complexities of the European tech market. Our counsel spans the full compliance lifecycle — strategic advisory, practical implementation, ongoing monitoring, and legal support for statutory-representation duties under Art. 13 DSA and Art. 22/54 AI Act.

Practice areasDigital Services Act (DSA) · German Digital Services Act (DDG) · AI Act · Digital Markets Act (DMA) · GDPR · Data Act · Digital Content Directive · Consumer Rights Directive · E-Commerce Directive · Portability Regulation

Regingada Compliance Suite

Digital Twin. EU self-check.

Five EU regimes — mapped, sourced, mandate-ready.

Self-check Regulation map Handover to counsel

Start the self-check Free · about 10 minutes · no registration

Software by Regingada UG (haftungsbeschränkt), in cooperation with Kanzlei Theo Funk. Orientation only, not legal advice; assessment and mandate rest exclusively with Kanzlei Theo Funk.

Continuous view

EU Digital Regulation Services

DSA — Representative Obligations (Art. 13)

Counsel on Art. 13 DSA representative obligations for providers without an EU establishment: applicability analysis, appointment and contract setup, and legal support for communications with Digital Services Coordinators and the European Commission — including proceedings where required. The appointed representative function is provided, where desired, by Regingada UG (haftungsbeschränkt) under a separate contract — while Kanzlei Theo Funk remains engaged in its own mandate for ongoing compliance and regulatory support.

Read more...

AI Act — Authorised-Representative Obligations

Counsel on authorised-representative obligations under Art. 22 AI Act (high-risk systems) and Art. 54 AI Act (GPAI models) for providers without an EU establishment — appointment setup, technical-documentation duties, EU database registration (Art. 49) and serious-incident processes (Arts. 72–73). The appointed function is provided, where desired, by Regingada UG (haftungsbeschränkt) under a separate contract — while Kanzlei Theo Funk remains engaged in its own mandate for ongoing compliance and regulatory support.

GDPR — Representative Obligations (Art. 27)

Non-EU providers may need to appoint an EU representative under Article 27 GDPR. Counsel on applicability, Article 27(2) exemptions, designation requirements, and related data-protection compliance. The representative function is provided, where desired, by Regingada UG (haftungsbeschränkt) under a separate contract — while Kanzlei Theo Funk remains engaged in its own mandate for ongoing GDPR and regulatory support.

DSA — Audit and Compliance

Audit prep for DSA-regulated services. Review of transparency reports under Arts. 15 and 24 DSA, content-moderation procedures, notice-and-action systems, internal complaint-handling per Art. 20, and trusted-flagger protocols. We brief the audit team and stay in the room.

DMA & Further EU Regulation

DMA, Data Act, Digital Content Directive, Consumer Rights Directive, E-Commerce Directive, Portability Regulation. The framework around the framework — usually where the unexpected obligations live. We map exposure across the full stack and flag what actually applies to your service.

Strategic Alternative Dispute Resolution

Out-of-court dispute resolution under Art. 21 DSA, plus bespoke arbitration and mediation clauses for tech-IP disputes. WIPO and JAMS standards where they fit; ad hoc panels where they don't. The aim: keeping proprietary algorithms out of public discovery.

AI Act — EU AI Regulation

AI Act work for providers and deployers. Risk classification (prohibited / high-risk / GPAI / minimal), Annex III mapping, conformity assessment routes, technical documentation under Art. 11 and Annex IV, post-market monitoring per Art. 72. We translate the obligation list into a working compliance program.

Porträt von Rechtsanwalt Theo Funk
Profile

Theo Funk

Attorney at Law — EU Digital Regulation

Attorney Theo Funk (Rechtsanwalt) advises US technology companies on matters of EU digital regulation — as the strategic bridge between US innovation and European regulation. His practice focuses on the Digital Services Act (DSA), the AI Act, and the German Digital Services Implementation Act.

The firm secures its clients' "right to operate" in the European market — from counsel on representative obligations under Art. 27 GDPR, Art. 13 DSA and Art. 22 / 54 AI Act, through to in-depth gap analyses and risk-mitigation strategies. Southern German precision meets the speed of digital markets.

DSA

Digital Services Act

AI Act

AI Regulation

DDG

Digital Services Implementation Act

02

Our Engagement Model

We work with digital service providers and AI system operators on a phased or retained basis. Engagements can be scoped to a single phase or structured as an integrated compliance program — phases integrate into a single, continuous regulatory mandate and do not stand alone.

Regulatory Scoping & Risk Assessment
01 1–2 weeks

Regulatory Scoping & Risk Assessment

Initial scoping engagement to determine your exposure under the Digital Services Act, AI Act, and adjacent EU frameworks. We classify your service, map territorial reach, and establish a clear regulatory risk profile as the baseline for all subsequent work.

DeliverableScoping memo with classification, applicable obligations, and priority risks.
Compliance Assessment — Legal Analysis
02 2–4 weeks

Compliance Assessment & Roadmap

Detailed legal analysis of applicable obligations across all relevant regimes, including cross-regime coherence (DSA · AI Act · GDPR · Data Act). We deliver a written compliance roadmap with prioritized actions, timelines, and risk categorization — in line with recognized compliance management principles (including ISO 37301).

DeliverableGap analysis, prioritized action plan, implementation timeline.
Implementation & EU Representation
03 4–12 weeks

Implementation & Representation Setup

Structured implementation led and coordinated centrally, covering the full compliance program: documentation frameworks, policy drafting, transparency reporting, and authority communication. Where required, we structure and paper the appointment of your EU representative — performed, where desired, by Regingada UG (haftungsbeschränkt) under a separate contract — and provide legal support for communications with the Bundesnetzagentur and the European AI Office.

DeliverableDocumentation templates, authority correspondence, representative-appointment setup.
Ongoing
Retained Advisory — Team
04 Monthly · Quarterly

Retained Advisory & Regulatory Monitoring

Ongoing advisory relationship led by the firm to track regulatory developments, enforcement trends, and guidance from national Digital Services Coordinators and the European Commission. Structured as a monthly or quarterly retainer with scheduled compliance reviews, incident response support, and on-call counsel.

DeliverableRegulatory intelligence briefings, enforcement tracker, priority on-call advisory.
DSA Workshop

Complimentary DSA Workshops for Senior Executives

Learn More
DSA Workshop
EU Representation
Legal Representation

Why EU Representation Is Required

If your digital service, data processing, or AI system reaches the EU without an establishment here, more than one EU regime may require you to appoint a representative in the Union: Art. 13 DSA, Art. 27 GDPR, and Art. 22/54 AI Act. Without the required designation, you are in technical non-compliance from day one.

  • Art. 13 DSA — legal representative for intermediary services
  • Art. 27 GDPR — representative for non-EU controllers and processors
  • Art. 22 & 54 AI Act — authorised representative for high-risk AI and GPAI models
  • Service address for authorities, courts, and data subjects in the EU
  • Coordination with Digital Services Coordinators and data-protection supervisory authorities
  • Avoidance of enforcement measures and fines
Read more...
Structure & Continuity

Engagement Structure & Continuity

Direct partner-level handling with structured safeguards.

Engagements are led and handled directly by Rechtsanwalt Theo Funk. This structure provides clients with a single point of accountability, direct partner-level involvement throughout the mandate, and consistent strategic oversight across all phases.

I.

Specialist cooperation

For matters requiring specialist input outside the core scope of EU digital regulation — such as German civil litigation, tax structuring, or corporate transactions — clients can be referred to established specialist counsel on a transparent, case-by-case basis. Any such referral is subject to the client's prior consent and is documented in writing.

II. §§ 51, 53, 55 BRAO

Continuity framework

The firm maintains professional indemnity insurance substantially exceeding the statutory minimum under § 51 BRAO. In the event of extended unavailability, all client matters are subject to the statutory succession framework of the German Federal Bar under §§ 53 and 55 BRAO, which ensures orderly continuation of representation and protection of client interests in any circumstance.

III. § 43a BRAO · § 203 StGB

Confidentiality across cooperation

All specialist counsel arrangements are bound by the same professional confidentiality obligations under § 43a BRAO and § 203 StGB that apply to the firm itself. Client files, communications, and data remain protected under attorney-client privilege at all times.

03

Featured Insights

The EU Representative: Parallel Duties Under DSA, GDPR and AI Act

Non-EU digital businesses face three parallel EU representative duties (Art. 13 DSA, Art. 27 GDPR, Arts. 22/54 AI Act), each with its own trigger, mandate and liability profile.

Read More

NIS2 Implementation in Germany — Expanded Cybersecurity Obligations for Tech Companies

Overview of Germany’s NIS2 national transposition, the expanded obligations, and the official BSI affected-party assessment tool.

Read More

Apple Fined €500m, Meta €200m — Europe’s Digital Rulebook Is Now Enforcing.

Read More

CJEU Russmedia (C-492/23) — A New Architecture of EU Platform Liability.

Analysis of the CJEU’s Russmedia decision and its consequences for US and international platforms operating in the EU.

Read More

Agentic AI under the EU AI Act — A Risk-Based Regime Meets Its First Stress Test.

Legal analysis of how Regulation (EU) 2024/1689 applies to agentic AI systems whose output is no longer text, but action.

Read More
Fees

Transparent pricing for EU digital compliance

Fixed-price packages for predictable budgets; hourly billing for work beyond scope. All terms are agreed in writing (§ 3a RVG text form) in a separate fee agreement before the engagement begins.

Hourly rate

175 € per hour, net · billed in 6-minute increments

For business clients outside Germany, reverse charge applies pursuant to § 3a(2) UStG (EU B2B) or non-taxability for third-country services.

Fixed-price packages

Framework

DSA Quick Scan

Compact entry-level analysis for an initial risk assessment.

890 €net

approx. 6 hours

  • Scoping call (45 minutes)
  • Provider classification under Art. 3 DSA
  • Top-5 findings & risk indicators
  • Concise report (3–5 pages)

Full Compliance Review

Comprehensive review incl. AI Act, vendor review, and policy drafting.

3.750 €net

approx. 25 hours

  • All services of the Gap Analysis
  • AI Act conformity pre-assessment
  • Vendor & sub-processor review
  • Policy-drafting recommendations
  • Transparency-report template
  • Extended workshop session (2 h)

Flagship Engagement

Enterprise — dedicated EU digital compliance counsel

For companies with significant EU market presence and ongoing strategic regulatory needs. Dedicated retainer engagement covering ongoing counsel on Art. 27 GDPR, Art. 13 DSA and Art. 22 / 54 AI Act representative obligations and continuing regulatory support (appointed representative, where desired: Regingada UG (haftungsbeschränkt) under a separate contract), priority response, and regular board-level briefings.

  • Full support on DSA representative duties: Art. 11 DSA (contact point for authorities) and Art. 13 DSA — appointment setup and ongoing counsel for non-EU providers; appointed representative, where desired: Regingada UG (separate contract)
  • AI Act authorised-representative duties: counsel and support on Art. 22 AI Act (high-risk AI systems) and/or Art. 54 AI Act (GPAI models) — depending on product portfolio; including EU database registration (Art. 49) and serious-incident reporting (Arts. 72–73); appointed function, where desired: Regingada UG (separate contract)
  • GDPR support: Article 27 representative obligations and ongoing data-protection guidance; appointed representative on request: Regingada UG (haftungsbeschränkt), under a separate contract
  • Quarterly compliance reviews (DSA, AI Act, DMA, P2B, GDPR cross-check)
  • Priority response SLA: initial reply within 24h, business-day support
  • Regulatory early-warning system (BNetzA, BayLDA, EU Commission, BRAK)
  • Tailored policy and contract drafting (ToS, transparency reports, DPA)
  • Direct authority and regulator liaison
  • C-level and board briefings on new regulatory developments

The retainer works hand in hand with Regingada UG as appointed representative: separate contract, coordinated onboarding — no bundle price.

*SME terms apply to the firm's out-of-court legal services, not to Regingada UG's representation agreement.

Project engagement from

25.000 €

custom scope · net

SME-qualified: from €20,000 — under our SME programme*

Monthly retainer from

2.500 €

incl. allocated hours · net

SME-qualified: from €2,000 — under our SME programme*

Alternatively billed hourly under a fee agreement.

Offered exclusively on the basis of individual scoping in the initial consultation.

Fee structure at a glance

Different billing regimes apply depending on the nature of the engagement. Hourly rates and fixed-price packages relate to advisory and out-of-court work.

§ 34 RVG

Legal advisory & compliance

Gap analyses, due diligence, ongoing compliance advisory, legal opinions and memoranda on DSA and AI Act.

Freely negotiable via fee agreement. Specifically: hourly rate or fixed-price package (see above).

§ 3a RVG

Out-of-court representation

Representation before supervisory authorities in DSA and AI Act proceedings (the appointed representative function under Art. 13 DSA / Art. 22, 54 AI Act sits with Regingada UG — separate contract), submissions to authorities, regulator communications, pre-litigation correspondence.

Fee agreement (hourly rate or monthly retainer) or alternatively statutory business fees pursuant to VV RVG No. 2300 et seq.

VV RVG 3100 ff.

Court representation

Action and appeal proceedings before administrative and civil courts, interim injunctions, representation in administrative-fine proceedings.

Statutory fees based on amount in dispute (§ 49b(5) BRAO). A fee agreement is possible but must not fall below statutory fees (§ 49b(1) BRAO).

Complementary offering

SME & Early-Stage Programme

EU digital compliance matters just as much for growing companies — and it should be accessible. The programme offers qualifying SMEs and early-stage companies a 20% reduction on all out-of-court services.

Eligibility · EU Recommendation 2003/361/EC

< 250 employees and annual turnover ≤ €50m or balance sheet total ≤ €43m

Programme terms

Service List price SME programme
Hourly rate 175 € 140 €
DSA Quick Scan 890 € 710 €
Gap Analysis & DD Report 2.250 € 1.800 €
Full Compliance Review 3.750 € 3.000 €

Evidence via commercial register extract, latest annual accounts, or confirmation by a duly authorised officer. Programme terms apply for the first twelve months of the engagement, after which pricing automatically reverts to list. Capacity-limited to three concurrent programme mandates. The reduction applies exclusively to out-of-court advisory and representation under § 34 RVG; statutory minimum fees under § 49b(1) BRAO cannot be undercut for court representation.

04

Get in Touch

Address

Troppauplatz 1d, 96052 Bamberg, Germany