Interview with: Paolo Balboni and Luca Bolognini, Founding Partners

ICT Legal Consulting logo

ICT Legal Consulting

Founding partners of ICTLC – ICT Legal Consulting discuss what makes ICTLC special and how the firm is shaping the future of data protection, cybersecurity, and AI-driven compliance in an evolving global landscape.

What do you see as the main points that differentiate ICTLC – ICT Legal Consulting from your competitors?

At ICTLC, we distinguish ourselves through our uniquely integrated approach to data-related consulting. Unlike many firms that address data protection, cybersecurity, and regulatory compliance as separate silos, we provide a holistic framework that seamlessly integrates these elements. This allows us to offer our clients a comprehensive and strategic approach to data management, compliance, risk management, and data governance.

Our strength lies in our ability to develop tailored, end-to-end compliance frameworks that align with global regulatory landscapes while also being adaptable to specific industry needs. By combining legal expertise, technical know-how, and regulatory insight, we help multinational organizations navigate the complexities of data protection with a practical, business-oriented perspective.

Additionally, we act as a single point of contact for our clients, streamlining compliance processes and making them more efficient. This ensures not only regulatory compliance, but also operational efficiency, reducing redundancies and enhancing data-driven decision-making.

Furthermore, our international presence and cross-jurisdictional expertise enable us to support clients worldwide, providing them with localized legal guidance while maintaining a consistent, globally harmonized compliance strategy. This combination of legal, technical, and strategic consulting makes ICTLC a true partner in data protection, cybersecurity, and regulatory compliance, rather than just a legal service provider.

Which practices do you see growing in the next 12 months? What are the drivers behind that?

Over the next 12 months, we anticipate significant growth in three key areas: AI governance and compliance, cybersecurity, and data management. These fields are evolving rapidly, driven by technological advancements, increasing regulatory scrutiny, and growing corporate awareness of the legal and operational risks associated with data.

The rapid expansion of artificial intelligence, particularly with the widespread adoption of generative AI and machine learning models, has made AI governance a top priority for both regulators and businesses. All organizations are making very significant investments and business plans based on AI-driven technologies. To assure a return on investment, specialized legal and technical expertise are necessary to address all relevant aspects (e.g., regulatory compliance with the AI Act, the GDPR and ePrivacy Directive, as well as intellectual property concerns, relevant contractual matters, and cybersecurity dimensions).

At the same time, cybersecurity is becoming a regulatory and business imperative. The past few years have seen an explosion in cybersecurity regulations – the NIS2 Directive, the Digital Operational Resilience Act (DORA) for financial sector resilience, the Cyber Resilience Act (which introduces  security-by-design requirements for software and hardware with digital components), the EU Cybersecurity Act which establishes a cybersecurity certification framework for products and services, and the push for European Union cybersecurity certifications, e.g., the Scheme on Cloud Services (EUCS) and the Common Criteria-based Scheme (EUCC).

Last but not least, with the EU Data Act becoming applicable in September 2025, a great deal of attention will need to be paid to data sharing contracts (Chapters II, III, and IV) as well as the new obligations for Cloud Service Providers to facilitate switching from one provider to another (pursuant to Chapter VI).

As the fields of AI, cybersecurity, and data management evolve, businesses that proactively address compliance challenges will gain a competitive advantage in navigating the increasingly complex datafication of our economy.

What’s the main change you’ve made in the firm that will benefit clients?

One of the most significant advancements we have made at ICTLC is the seamless integration of our legal expertise with cybersecurity and data strategy professionals. We have strengthened our multidisciplinary approach by embedding cybersecurity advisors directly into our legal teams, ensuring that the solutions we deliver are not only legally robust but also technically sound and cyber-resilient. This integrated collaboration allows us to provide pragmatic, actionable guidance that aligns compliance with real-world security challenges, offering our clients a holistic risk management strategy. We have also continued to expand our consulting capabilities at the global level, and can now assist clients in over 60 countries, making us a very reliable legal partner for multinational organizations.

Additionally, we have expanded our team to include experts with significant experience in data strategy and governance, reinforcing our commitment to becoming a global leader in this area. Beyond traditional compliance, we are increasingly advising clients on data management, AI governance, and organizational strategies, recognizing that effective data utilization is now a key driver of business success.

For multinational corporations in particular, our approach enables them to extract maximum value from their data assets by implementing well-structured data management frameworks, AI policies, and strategic compliance plans. We help organizations transition from merely meeting legal requirements to leveraging compliance as a competitive advantage, ensuring that their data-driven initiatives align with business objectives, drive innovation, and enhance operational efficiency.

At ICTLC, our goal is to move beyond conventional legal advisory services and become a global strategic partner for companies navigating the complex landscape of data protection, cybersecurity, and digital transformation.

Is technology changing the way you interact with your clients, and the services you can provide them?

Absolutely. Technology is profoundly transforming the way we engage with clients, deliver legal services, and optimize our internal workflows. At ICTLC, we are leveraging advanced technologies to make our legal services more accurate, timely, and efficient, ensuring that we remain at the forefront of innovation in the legal industry.

We have strategically integrated technology into our operations to enhance both client interactions and service delivery. Beyond internal efficiencies, we are actively advising our clients on how to integrate technology into their own legal and compliance strategies, particularly in areas such as AI governance, cybersecurity risk management, and data protection automation. As regulatory frameworks evolve to address emerging technologies, we ensure that our clients are not only compliant but also leveraging technology as a strategic enabler.

Our commitment to technological advancement reflects our vision of being a truly cutting-edge international law firm, combining legal expertise with innovative solutions to provide exceptional service in today’s data-driven world.

Can you give us a practical example of how you have helped a client to add value to their business?

One notable case we worked on recently involved a leading AI service provider seeking to assess their legal compliance maturity before expanding into the EU market. Our team conducted a comprehensive vendor due diligence, identifying key areas where their products and services needed adjustments to align with EU regulatory requirements, particularly in AI governance, data protection, labor law, intellectual property, and cybersecurity. Beyond just ensuring compliance, we strategically guided them on how to leverage their compliance efforts as a competitive advantage, helping them communicate their readiness to potential customers in Europe. This transformed our legal advisory into tangible business value, strengthening their market positioning and increasing their credibility with European clients.

Another impactful engagement was with a global automotive leader, where we assisted in restructuring their legal team to better support internal stakeholders on emerging technical, data governance, ESG, and cybersecurity regulations. Given the highly complex and evolving regulatory environment, our work involved not only in-depth legal analysis but also a strategic organizational redesign, ensuring that their legal department acquired the right expertise to navigate the intricate landscape of EU and global regulations. We furthermore helped to restructure the communication between the legal and other relevant functions within the organization, e.g., security, IT, compliance, ESG, data strategy, and HR, etc. By blending legal proficiency with organizational consulting, we provided a future-proof solution, equipping the company to proactively manage compliance challenges across multiple jurisdictions while enhancing internal efficiency and decision-making.

These examples illustrate how our firm goes beyond traditional legal advisory, offering strategic solutions that integrate compliance, business strategy, and regulatory foresight, ultimately adding measurable value to our clients’ operations.

Are clients looking for stability and strategic direction from their law firms – where do you see the firm in three years’ time?

Clients are no longer looking for mere legal expertise. They need stability, strategic direction, and forward-thinking advisory from their law firms. Organizations are increasingly recognizing that compliance is not just about meeting regulatory requirements but about integrating legal, cybersecurity, sustainability, AI and data management strategies to create sustainable, long-term value.

In three years, ICTLC will be recognized as one of the key global players in providing integrated legal, cybersecurity, AI and data management advisory services. We are continuously evolving to stay ahead of emerging regulations and technological shifts, ensuring that our clients receive guidance that is not only legally sound but also strategically aligned with their business goals.

Our focus will remain on deepening our integration of legal, technical, and business expertise, allowing us to offer holistic solutions that go beyond compliance and deliver tangible ROI. By leveraging our global perspective, we will continue to empower multinational organizations to navigate complex regulatory environments, mitigate risks, and capitalize on opportunities in the data-driven economy.

Moreover, we will further expand our knowledge-sharing initiatives, ensuring that clients are equipped with practical insights, proactive strategies, and innovative compliance frameworks. As we grow, we will continue to set industry standards, pioneering new approaches to legal advisory that turn compliance from a regulatory obligation into a competitive advantage.

Last but not least, we will continue to execute our expansion plan at the global level.