Legal Analysis · EU Representative Duties

One Structural Situation, Three Mandates: The EU Representative a Non-EU Digital Business Needs

A business outside the Union that reaches the EU market does not face one representative duty but a family of parallel ones — under the DSA, the GDPR and the AI Act. Each rests on a distinct trigger, a distinct written mandate, and a distinct set of statutory tasks.

Published May 2026
Reading time 13 minutes
Author Theo Funk, Rechtsanwalt
Scope Art. 13 DSA · Art. 27 GDPR · Art. 22/54 AI Act

A digital business established outside the European Union that offers its services to people in the Union is confronted not with a single obligation to appoint a representative, but with a family of parallel ones. The Digital Services Act, the General Data Protection Regulation and the Artificial Intelligence Act each require certain non-EU providers to designate, in writing, a representative in a Member State. The three duties respond to the same structural situation — a company reaching the EU market without being established there — yet each has its own trigger, its own addressees, its own catalogue of tasks, and its own liability profile. They overlap in purpose but not in scope, and treating one as a substitute for the others misstates the legal position.

Key Takeaways
  • The DSA (Art. 13), the GDPR (Art. 27) and the AI Act (Arts. 22 and 54) each impose a separate, written-mandate representative duty on non-EU providers. The trigger is the same structural situation — reaching the EU market without an EU establishment — but the scope, the addressees and the liability differ in each regime.
  • The Article 13 DSA legal representative carries the broadest own-liability exposure: it may be held liable in its own right under Art. 13(3) for the provider's non-compliance, and its location fixes the competent Digital Services Coordinator under Art. 56(6) — while failing to appoint one hands jurisdiction to all 27 DSCs under Art. 56(7), subject to the Commission's own competence for very large platforms.
  • The Article 27 GDPR representative is uniquely addressable by data subjects themselves and may face enforcement proceedings; the AI Act authorised representative bears a documentation-centred mandate plus a distinctive duty to terminate the mandate and alert the authorities where the provider acts unlawfully.
  • Under all three regimes, designation is not establishment: one suitably-resourced EU entity may hold several roles, but each needs its own written mandate and task catalogue — a single undifferentiated "EU representation" contract would misstate the legal position.

§ IThree regimes, one recurring situation

The three obligations examined here share a common architecture. In each case, the Union legislature confronted the same problem: a provider located in a third country can reach data subjects, users, or purchasers inside the Union while remaining, in formal terms, beyond the reach of the authorities charged with enforcement. The legislative answer, repeated across three instruments, is to require a designated point of presence within the Union — a representative who can be addressed, who holds documents, and who can be pursued where the provider itself cannot easily be.

Beneath that common architecture the differences are substantial. The DSA representative under Article 13 may be held liable in its own right for the provider's infringements. The GDPR representative under Article 27 is the addressee not only of supervisory authorities but of data subjects themselves, and may be subject to enforcement proceedings. The authorised representative under Articles 22 and 54 of the AI Act carries a narrower, documentation-centred mandate but bears a distinctive duty to terminate the mandate and alert the authorities where the provider is acting unlawfully. A single well-resourced EU entity can, in principle, hold more than one of these roles, but each role rests on a separate written mandate with its own statutory task list. This article treats each in turn, then compares them.

Art. 13
DSA: legal representative for non-EU providers of intermediary services
Art. 27
GDPR: representative for non-EU controllers and processors under Art. 3(2)
Arts. 22 · 54
AI Act: authorised representative for third-country providers of high-risk AI and GPAI models

§ IIArticle 13 DSA: the legal representative for intermediary services

Article 13 DSA is located in Chapter III of the Regulation, within the due-diligence obligations applicable to all providers of intermediary services. Its position is deliberate: the obligation is not a special regime for very large platforms but a baseline requirement, independent of the tiered duties that apply to hosting services, online platforms, and very large online platforms and search engines. The provision reads, in its operative core, as follows:

Article 13 DSA, Legal Representatives (Wording)

"Providers of intermediary services which do not have an establishment in the Union but which offer services in the Union shall designate, in writing, a legal or natural person to act as their legal representative in one of the Member States where the provider offers its services."

"Providers of intermediary services shall mandate their legal representatives for the purpose of being addressed in addition to or instead of the provider, by the Member States' competent authorities, the Commission and the Board, on all issues necessary for the receipt of, compliance with and enforcement of decisions issued in relation to this Regulation."

"It shall be possible for the designated legal representative to be held liable for non-compliance with obligations under this Regulation, without prejudice to the liability and legal actions that could be initiated against the provider of intermediary services."

Three features of the provision matter here. First, the obligation is triggered solely by the combination of two facts: the absence of an EU establishment and the offering of services to recipients in the Union. No minimum user number, revenue threshold, or prior platform categorisation is required. The DSA applies to providers with a "substantial connection" to the Union, defined in Article 3(e) DSA by reference to an establishment, a significant number of recipients, or the targeting of at least one Member State.1 Second, the mandate of the legal representative is comprehensive: it extends to all issues necessary for the receipt of, compliance with, and enforcement of decisions under the DSA — a formulation that, as the commentary by Hofmann and Raue notes, goes clearly beyond the narrower representative obligation under the former German NetzDG.2 Third — and here the DSA representative's exposure is broadest — the representative may be held liable in its own right for the provider's non-compliance.

The concept of "establishment" that determines whether Article 13 is triggered turns on substance, not registration. The Court of Justice has interpreted establishment in internal-market law to require a real and stable presence — a fixed place of business with the human and material resources to pursue an economic activity, with the appearance of permanency to the outside world.3 A letterbox address or a registered agent without operational capacity does not qualify. As a result, a broad range of non-EU technology companies active in the European market — marketplaces, social networks, hosting and content-sharing services, and many others — fall within Article 13, provided their service qualifies as a mere conduit, caching or hosting service, whether or not they have considered their position under EU law. The Terharen Praxishandbuch treats service categorisation as the analytical starting point precisely because it determines both whether Article 13 applies and which tier of obligations follows.4

The representative's own liability under Art. 13(3) DSA

Article 13(3) DSA is unusual among EU regulatory instruments: it expressly allows the legal representative to be held liable for the provider's non-compliance, "without prejudice to" the provider's own liability. The representative's exposure is additional to, not a substitute for, that of the provider; both may face enforcement simultaneously. Because the representative may be a legal person as much as an individual, this is an entity liability the designated representative bears in its own right — a party that agrees to act is therefore not performing a mere notification function but accepting a position of legal exposure that prudent parties address through carefully drafted contractual indemnification and liability limitation.5

Why the location of the representative governs jurisdiction

Article 56 DSA concentrates supervisory competence at the Digital Services Coordinator of the provider's main establishment. For providers established outside the Union, Article 56(6) DSA adapts the rule: the competent DSC is that of the Member State in which the legal representative resides or is established. The effect is a concentration of jurisdiction — one primary regulator, one set of procedural rules, one point of contact — functionally close to having a single main establishment, subject to the Commission's own supervisory competence for very large online platforms and search engines.6

WITH LEGAL REPRESENTATIVE Art. 56(6) DSA applies 1 DSC Single jurisdiction, predictable enforcement WITHOUT LEGAL REPRESENTATIVE Art. 56(7) DSA applies DSC DSC DSC All 27 DSCs competent, multi-jurisdiction exposure

If a non-EU provider fails to designate a legal representative, Article 56(7) DSA applies, and the effect is the precise opposite: all Digital Services Coordinators in the Union become competent for oversight and enforcement. The DSA provides cooperation mechanisms and requires respect for the ne bis in idem principle, but that protection addresses double punishment — it does not prevent parallel investigations, divergent timelines, and inconsistent demands for information across Member States.7

With Legal Representative, Art. 56(6) DSA

One primary DSC has jurisdiction, providing a predictable regulatory contact point and a single, consistent set of procedural rules. Enforcement follows a coordinated pathway, the Article 13 obligation is satisfied, and exposure to infringement fines under Art. 52 DSA is avoided.

Without Legal Representative, Art. 56(7) DSA

All 27 EU Digital Services Coordinators are simultaneously competent, creating exposure to parallel proceedings across jurisdictions and multiple, potentially conflicting procedural demands. The failure to designate is itself an infringement of Art. 13 DSA, triggers penalties under Art. 52 DSA, and carries operational and reputational disruption risk.

Article 13(4) DSA requires notification of the representative's name, postal address, email address, and telephone number to the DSC where the representative resides, and requires that this information be made public, accessible, accurate, and current — typically on the provider's website, for example in its imprint or legal notice. Article 13(5) DSA adds an express clarifier of wide importance: the designation "shall not constitute an establishment in the Union." Compliance with the DSA's representative duty does not, of itself, create a permanent establishment for tax purposes or a main establishment for GDPR purposes.8

§ IIIArticle 27 GDPR: the representative for non-EU controllers and processors

The data-protection regime imposes a structurally similar, but independently triggered, obligation. It is engaged by Article 3(2) GDPR, which extends the Regulation to controllers and processors not established in the Union where the processing relates either to the offering of goods or services to data subjects in the Union — irrespective of whether payment is required — or to the monitoring of their behaviour as far as that behaviour takes place within the Union.9 Where Article 3(2) is engaged, Article 27(1) GDPR requires the controller or processor to designate, in writing, a representative in the Union.

Article 27(1) and (4) GDPR (Wording)

"Where Article 3(2) applies, the controller or the processor shall designate in writing a representative in the Union."

"The representative shall be mandated by the controller or processor to be addressed in addition to or instead of the controller or the processor by, in particular, supervisory authorities and data subjects, on all issues related to the processing, for the purposes of ensuring compliance with this Regulation."

Two features distinguish the GDPR representative from its DSA counterpart. First, the representative must be established in a Member State where the data subjects whose data is processed are located, tying the choice of seat to the provider's actual market rather than leaving it to free selection.10 Second, and more consequentially, the mandate runs not only to supervisory authorities but expressly to data subjects. A data subject in the Union may address the representative directly on all issues related to the processing — a private-facing dimension that the DSA text leaves doctrinally contested but that Article 27(4) GDPR states in terms.

The exemptions: occasional, low-risk processing and public bodies

Unlike Article 13 DSA, the GDPR obligation is subject to express exemptions. Under Article 27(2) GDPR, no representative need be designated where the processing is occasional, does not include, on a large scale, special categories of data under Article 9 or personal data relating to criminal convictions and offences under Article 10, and is unlikely to result in a risk to the rights and freedoms of natural persons — the three conditions being cumulative. A separate exemption applies to public authorities and bodies.11 The exemption is narrow, and it turns on the nature of the processing rather than on the degree of market contact: a commercial provider whose processing of Union data is more than occasional, or which processes special-category or criminal-conviction data on a large scale, will not qualify, so the safer working assumption for such a provider is that Article 27 applies.

Doctrine — Enforcement Exposure and the "Without Prejudice" Clause

Recital 80 GDPR frames the representative's position. The designation is "without prejudice" to legal actions that could be initiated against the controller or processor itself, so the representative does not shield the provider. Critically, the same recital states that the representative should be subject to enforcement proceedings in the event of non-compliance by the controller or processor. The representative is thus a point of accountability within the Union, not merely a mailbox.

The precise extent of the representative's own exposure — in particular whether administrative fines under Article 83 GDPR may be directed at the representative for the provider's breaches — is debated in the literature and has been addressed divergently by national supervisory authorities and courts. What the recital settles is narrower but clear: the representative may itself be the object of enforcement proceedings. Any entity accepting the role should therefore treat enforcement exposure as a real, contractually-allocated risk rather than a formality.

The representative's identity and contact details are not a private matter between the parties. They must appear in the records of processing activities under Article 30 GDPR and, for controllers, in the identity-and-contact information given to data subjects under the transparency duties of Articles 13 and 14 GDPR. As with the DSA, the designation is a publicly visible legal status, not an internal arrangement. And, as with the DSA, designation of a representative does not of itself establish a main establishment in the Union; it does not trigger the one-stop-shop mechanism, which turns on the presence of a genuine establishment exercising decision-making over the processing.

§ IVArticles 22 and 54 AI Act: the authorised representative for AI providers

Regulation (EU) 2024/1689, the Artificial Intelligence Act, adds a third representative duty, split across two provisions that address two different classes of provider. Both rest on the same drafting pattern seen in the DSA and GDPR — a written mandate, a designated EU presence — but the catalogue of tasks is documentation-centred and the terminology shifts to the "authorised representative" familiar from Union product-safety law.

Article 22(1) AI Act, Reg. (EU) 2024/1689 (Wording)

"Prior to making their high-risk AI systems available on the Union market, providers established in third countries shall, by written mandate, appoint an authorised representative which is established in the Union."

Article 22 governs providers of high-risk AI systems. Before such a system is made available on the Union market, a third-country provider must, by written mandate, appoint an authorised representative established in the Union. The tasks under Article 22(3) are defined with product-safety precision: the representative verifies that the EU declaration of conformity and the technical documentation have been drawn up and that the appropriate conformity-assessment procedure has been carried out; keeps the contact details, the declaration of conformity, the technical documentation and, where applicable, the certificate at the disposal of the competent authorities for ten years after the system has been placed on the market or put into service; provides those authorities, on a reasoned request, with the information and documentation necessary to demonstrate conformity; cooperates with competent authorities; and complies with the registration obligations under Article 49.12

The termination duty: an obligation to disengage

One task distinguishes the AI Act representative from the other two regimes. Article 22(4) obliges the authorised representative to terminate the mandate if it considers, or has reason to consider, that the provider is acting contrary to its obligations under the Regulation, and to inform the relevant market-surveillance authority and, where applicable, the notified body. This is an active duty to disengage and to alert the authorities where the representative identifies non-compliance — a mechanism with no direct equivalent in Article 13 DSA or Article 27 GDPR. Nor is the mandate consequence-free for the representative itself: Article 99(4)(b) AI Act attaches administrative fines to the authorised representative's failure to comply with its own obligations under Article 22.

Article 54(1) and (6) AI Act, Reg. (EU) 2024/1689 (Wording)

"Prior to placing a general-purpose AI model on the Union market, providers established in third countries shall, by written mandate, appoint an authorised representative which is established in the Union."

"The obligation set out in this Article shall not apply to providers of general-purpose AI models that are released under a free and open-source licence [...] unless the general-purpose AI models present systemic risks."

Article 54 establishes the parallel obligation for providers of general-purpose AI (GPAI) models. Before placing such a model on the Union market, a third-country provider must, by written mandate, appoint an authorised representative in the Union. Here the tasks centre on verifying that the Annex XI technical documentation has been drawn up and that the provider has complied with its obligations under Article 53 (and, for models with systemic risk, Article 55), on retaining that documentation and the provider's contact details for ten years, on cooperation with the AI Office and competent authorities, on acting as a contact point, and — again — on the duty to terminate the mandate where the provider is acting contrary to its obligations, alerting the AI Office under Article 54(5). Article 54(6) carves out an important exception: the appointment obligation does not apply to providers of GPAI models released under a free and open-source licence that allows access, use, modification and distribution, with the model's parameters, including weights, architecture and usage information, made publicly available — unless the model presents a systemic risk. The open-source route therefore relieves the appointment duty only up to the systemic-risk threshold; above it, the obligation returns.13

§ VThe three regimes compared: parallel gateways, distinct mandates

Set against one another, the three obligations share a structure but differ on four points that matter in practice: the trigger, the addressees of the mandate, the liability profile, and the recurring point that designation is not establishment.

The trigger differs in each case. The DSA duty turns on offering intermediary services in the Union without an EU establishment. The GDPR duty turns on Article 3(2) processing — offering goods or services to, or monitoring the behaviour of, data subjects in the Union — subject to the occasional-and-low-risk exemption. The AI Act duty turns on making a high-risk AI system available on, or placing a GPAI model on, the Union market from a third country, with the open-source carve-out for non-systemic GPAI models. The form, by contrast, is uniform: all three require a written mandate.

The addressees of the mandate diverge in a way that shapes day-to-day exposure. The DSA representative is addressed by competent authorities, the Commission and the Board; the GDPR representative is addressed by supervisory authorities and by data subjects; the AI Act representative is addressed by market-surveillance authorities and, for GPAI models, the AI Office. The liability profile is where the regimes separate most clearly. The DSA representative's own liability under Article 13(3) is the most pronounced. The GDPR representative can be subject to enforcement proceedings, with the precise reach of fines still contested. The AI Act authorised representative's exposure is narrower and documentation-centred, but is neither nominal nor fine-free — Article 99(4)(b) attaches administrative fines to breaches of its own Article 22 duties — and it is coupled with the distinctive duty to terminate the mandate and notify the authorities.

DSA
Addressed by authorities, Commission & Board · own-right liability, the broadest of the three
GDPR
Addressed by supervisory authorities & data subjects · subject to enforcement proceedings
AI Act
Addressed by market-surveillance authorities / AI Office · narrower duties plus a termination duty

One point recurs across all three: designation is not establishment. Article 13(5) DSA states this in terms; for the GDPR and the AI Act the same conclusion follows by analysis rather than from an identical express clause — the GDPR representative is distinct from a main establishment and does not, by mere appointment, trigger the one-stop-shop, and appointing an authorised representative under the AI Act does not convert a third-country provider into an EU-established one. This shared feature carries a practical corollary. Because each duty is legally distinct, a single suitably-resourced EU entity may, in principle, hold more than one of these roles at once — but each role rests on its own written mandate and its own statutory task catalogue. The mandates must be kept separate and must not be conflated; a single contract purporting to cover "EU representation" across all three regimes without distinguishing their tasks would misstate the legal position.

"The three obligations answer the same structural situation — a business outside the EU reaching the EU market — but each rests on its own trigger, its own written mandate, and its own catalogue of tasks. They overlap in purpose, not in scope."

§ VIPractical implementation: structuring the mandates across all three regimes

A compliant designation under any of the three regimes requires attention to detail that is routinely underestimated when the obligation is approached as an administrative formality. The designation agreement should address, at minimum: the scope of the mandate under the applicable instrument; the resources provided to the representative to ensure effective and timely cooperation; the flow of authority and, under the GDPR, data-subject communications to the provider's compliance function; the contractual allocation of liability, which matters most acutely under Article 13(3) DSA; and the governance of the publicly notified information, including prompt re-notification where the representative changes.

Where a provider is caught by more than one regime — a common position for, say, a third-country platform that also processes personal data at scale and deploys a high-risk AI system — the mandates should be structured together but drafted distinctly. A single EU entity may serve as the point of presence for each, but the DSA mandate, the GDPR mandate, and the AI Act mandate each need their own scope clause, their own task catalogue, and their own liability treatment. Consolidating them into one undifferentiated instrument invites exactly the conflation the regimes are drafted to avoid.

Practical Consideration — Separating the Representative Function from Legal Counsel

Across all three regimes, the representative function and legal counsel are distinct roles, and each is usefully provided for separately. The appointed representative — a legal or natural person established in the Union — receives and routes authority (and, under the GDPR, data-subject) communications, holds the required documentation, and maintains the documented contact point each instrument demands. Legal counsel with subject-matter expertise, engaged under a separate mandate, adds the substantive layer: assessing incoming communications, advising on response strategy, and coordinating with the provider's internal compliance function on the basis of direct legal analysis.

Separating the two roles helps keep responsibilities clearly allocated: the representative entity carries the contact-point and documentation function, while legal analysis and defence remain with regulated counsel under professional-liability rules.

§ VIIThe enforcement landscape across the three regimes

The representative duties are enforced in practice under the DSA and the GDPR, and are becoming operative under the AI Act. Under the DSA, Digital Services Coordinators are operational across all 27 Member States; the German Bundesnetzagentur has received a substantial volume of complaints in its DSC role, and the European Commission's formal proceedings against major non-EU platforms have shown that enforcement reaches beyond Article 13 to the full range of DSA obligations. The failure to designate a legal representative is itself an infringement, subject to penalties under Article 52 DSA, independent of any substantive breach.

Under the GDPR, supervisory authorities have been active since 2018, and the representative has featured in enforcement practice as an addressable presence within the Union. The precise extent to which fines may be directed at the representative remains contested, but the recital's direction of travel — a representative subject to enforcement proceedings — is clear, and the transparency and records obligations mean the appointment is visible to authorities and data subjects alike.

Under the AI Act, the obligations are phased in over the Regulation's staged timeline: the general-purpose AI model provisions (including Article 54) apply from 2 August 2025, while the high-risk regime and Article 22 apply from 2 August 2026, with the Annex III high-risk categories following on 2 August 2027. For providers in scope, the authorised-representative duty is a precondition to lawful market access — a high-risk system may not be made available, and a GPAI model may not be placed on the market, without the appointment where it is required. For a non-EU business active across digital services, personal data, and AI, the safer approach is to assess all three regimes together rather than to treat compliance with one as evidence of compliance with the others.

References and Sources

1. Art. 2(1) DSA; Art. 3(e) DSA (definition of "substantial connection"); Hofmann/Raue, Digital Services Act (Commentary), Art. 2 mn. 11 et seqq., mn. 15 et seqq.

2. Art. 13(1)-(2) DSA; Hofmann/Raue, Art. 13 mn. 18: "The powers of the legal representative under the DSA thus go clearly beyond those of the representative under the former German NetzDG (see § 5 NetzDG)."

3. CJEU, 18.7.2017, C-533/15 (Hummel Holding), ECLI:EU:C:2017:541 mn. 37 (concept of establishment); Hofmann/Raue, Art. 13 mn. 9 (establishment in the DSA context).

4. Terharen (ed.), Praxishandbuch DSA, Linde Verlag, Chapter 5.2.1.2 (service categorisation as the analytical starting point); Art. 3(g) DSA (definition of "intermediary services").

5. Art. 13(3) DSA (possibility of holding the legal representative liable, without prejudice to the provider's own liability); Hofmann/Raue, Art. 13 (on the exceptional character of the liability provision).

6. Art. 56(6) DSA; Terharen, Praxishandbuch DSA, Chapter 9.6.2: providers with a designated legal representative "benefit from a basic concentration of jurisdiction with one coordinator, analogously to the case of a main establishment in the EU" (free translation).

7. Art. 56(7) DSA (competence of all Digital Services Coordinators absent a designated representative; cooperation mechanisms; ne bis in idem).

8. Art. 13(4) DSA (notification and public availability of the representative's contact details); Art. 13(5) DSA ("The designation of a legal representative [...] shall not constitute an establishment in the Union.").

9. Art. 3(2)(a)-(b) GDPR (territorial scope: offering of goods or services to, and monitoring of the behaviour of, data subjects in the Union); Recital 23-24 GDPR.

10. Art. 27(1) GDPR (designation in writing of a representative in the Union); Art. 27(3) GDPR (representative established in a Member State where the data subjects are); Art. 27(4) GDPR (mandate to be addressed by supervisory authorities and data subjects).

11. Art. 27(2) GDPR (exemptions: (a) occasional processing that does not include large-scale special-category data under Art. 9 or criminal-conviction data under Art. 10 and is unlikely to result in a risk to rights and freedoms; (b) public authorities or bodies).

12. Art. 22(1)-(4) AI Act, Regulation (EU) 2024/1689 (Art. 22(1): written mandate; Art. 22(3): verification of the EU declaration of conformity and technical documentation, ten-year document retention after placing on the market or putting into service, provision of information on reasoned request, cooperation, registration under Art. 49; Art. 22(4): termination of the mandate where the representative has reason to consider the provider non-compliant, with notification of the market-surveillance authority).

13. Art. 54(1)-(6) AI Act, Regulation (EU) 2024/1689 (written mandate for third-country GPAI-model providers; Art. 54(3): verification of the Annex XI technical documentation and of the provider's compliance with Art. 53 (and Art. 55 for systemic-risk models), ten-year retention, cooperation with the AI Office, contact-point and termination duties; Art. 54(6): exemption for free and open-source GPAI models unless they present systemic risks).

Kanzlei Theo Funk, Counsel on EU Representative Obligations under the DSA, GDPR and AI Act

Rechtsanwalt Theo Funk advises international technology companies on the EU representative obligations under Article 13 DSA, Article 27 GDPR, and Articles 22 and 54 of the AI Act: applicability analysis, mandate structuring, notification to authorities and data subjects, and the related transparency and records requirements. The firm advises on these obligations. The appointed representative function itself can be performed by Regingada UG (haftungsbeschränkt), a legally separate, lawyer-owned company, under a separate contract; clients remain free to appoint another representative. Whether one or more of these obligations applies to your company depends on your service type, your processing, and any AI system or model category involved. If your company serves users, data subjects, or the AI market in the Union without an EU establishment, we are available for an initial consultation to assess your position across all three regimes.

Get in touch → info@kanzlei-theofunk.de

This article is provided for general informational and educational purposes only and does not constitute legal advice. It reflects the legal framework and scholarly analysis as of the date of its preparation. Companies subject to the Digital Services Act, the General Data Protection Regulation, or the Artificial Intelligence Act should seek tailored legal advice in relation to their specific circumstances. References to commentary works reflect the authors' analysis and are cited for scholarly context. © 2026 Kanzlei Theo Funk, Bamberg. All rights reserved.