Early this year, we made some predictions on legal trends for 2024. Now it is time to look back and see where we have been right (+) and where we have been wrong (-), as well as making some new predictions for 2025.
We’ve dropped some topics this year, such as Metaverse and NFTs. We did not predict any major developments, there were no major developments, and we don’t see these topics booming next year.
But there’s still a Top Ten to cover, so let’s go…
Image credit: Adobe1. Artificial intelligence and copyright
What we predicted (+)
"While the discussion has mainly focused on AI-created audio-visual content so far, it may shift to AI-created game code and databases. At the same time, game companies will continue to explore other use cases for AI.
"Furthermore, it looks likely, considering the litigation landslide which has already begun in the US and the UK, that continental Europe will see the first Generative AI copyright infringement cases hitting the courts… Rightsholders who don’t want their works to be scraped for AI training should in any event mark their websites accordingly."
What happened
AI is seemingly everywhere. On the legal side, all that we predicted has happened, but maybe a tad slower than what we had thought.
In the US, there are plenty of legal disputes going on, but Europe is still lagging behind in terms of AI-related disputes.
Two might be worth noting:
The Hamburg Regional Court was the first German court to rule on the question of whether the training of AI infringes copyright. It dismissed a photographer’s claim, as it held that the use of his photo was covered by the so-called text and data mining exception.
A couple of months earlier, the Prague Municipal Court ruled that an image created by an AI system cannot be protected by copyright. This is in line with the current legal approach in the EU, where only a human creator can claim copyright in their work.
The AI Act imposes some quite big obligations. For games companies, the need to disclose when users are interacting with AI and to mark AI creations will arguably be the most important
On the other hand, Europe wants to be in the lead for regulation. The EU is very proud to have passed the EU AI Act as the world’s first holistic law on AI, although most of the provisions will only be applicable in 2026. The AI Act imposes some quite big obligations. For games companies, the need to disclose when users are interacting with AI and to mark AI creations will arguably be the most important.
Regulation does not prevent business from using AI. Everyone is really busy exploring the possibilities it brings. So it did not come as a surprise that X is heading in that direction as well. Still, it was maybe not noticed by everybody that as part of the November 15 TOS update, X asks its users for a license to train AI models with user posts. In fact, clause 3 of the new TOS is so wide that the user pretty much consents to X using their posts to create fake news or deepfakes.
What will happen in 2025
For games companies, the discussion on how IP and AI play together is a double-bladed sword. Game developers tend to embrace how AI can be used e.g. to create assets, credible game worlds, for play testing, moderation – or just to get inspiration. At the same time, leading AI systems readily produce images plainly reproducing game IP.
Riot’s Dan D. Nabel told us: "I expect more developments in copyright/AI litigation (hopefully, we will finally get some useful U.S. decisions on the fair use question)."
And useful guidance is desperately needed!
In Europe, there is no such thing as "fair use", but copyright law has its text and data mining exception (interestingly, design right does not have such an exception). We would expect some more guidance from courts on how exactly companies must reserve their rights, i.e. whether this must be in the form of a robot.txt or another internet protocol, or whether plain text is sufficient (currently, the recommendation would be not to rely on plain text only).
Some more guidance should come from the EU’s AI Office, which has put together working groups to develop a General-Purpose AI Code of Practise, which deals for example with copyright and transparency.
We would also hope to see more guidance on AI and data protection (there is a statement from the data protection authority of Hamburg which gives a glimpse of an AI-friendly attitude – more on that below in the data protection section of this article).
Ubisoft and others are working on a believable AI for NPCs. This might raise legal discussions about the transparency obligations towards natural persons under the AI Act, even if these do not come into force until 2026.
Finally, games companies must expect that their freelancers and subcontractors are using AI. If the respective contracts don’t already deal with this subject, it is high time to update them now. (Most bigger companies have done that already.)
2. Online platform regulation
What we predicted (+)
"Games companies will work against the February 17, 2024 deadline to become Digital Services Act compliant, trying to navigate among the multiple layers of obligations and duties that the never-so-complex EU framework is now providing for. Still, in 2024, we expect the EU Commission to first concentrate on the high-risk category of very large online platforms, not necessarily on games. Games companies will not get away unnoticed, but may not be the first being targeted in early 2024."
What happened
The European Commission targeted very large online platforms at least as fiercely as expected. Among other things, the European Commission opened formal proceedings against TikTok because of its algorithmic systems that may stimulate behavioral addictions. No game or games service has been designated as a very large online platform so far (to be considered as such, it must have on average at least 45 million monthly users in the EU.) And no major enforcement action against games companies have become publicly known.
Still game companies did ask themselves whether their games are online platforms or not under the DSA. Surprise: It depends, mainly on what kind of user information is stored on the servers, and whether that’s disseminated to the public.
At the same time, Digital Services Coordinators (the public authorities in charge of enforcing the Digital Services Act in the EU Member States) have been set up, and – at least in countries such as Germany, Ireland and France – formally or informally reached out to some games companies.
Regulation does not prevent business from using AI. Everyone is really busy exploring the possibilities it brings
Germany has taken bureaucracy madness to the next level and not only appointed one digital services coordinator but three. Germany’s implementation act designates the Federal Network Agency (Bundesnetzagentur) as competent Digital Services Coordinator for general matters in Germany. It also designates the Federal Agency for the Protection of Children and Young Persons in the Media (BzKJ) as the competent authority for the protection of minors on online platforms, and finally the Federal Commissioner for Data Protection and Freedom of Information (Bundesdatenschutzbeauftragter) for advertising based on online profiling.
The BzKJ, by the way, is the institution which can put games on the "index" if they are too violent (you may remember that the German versions of games sometimes had green blood in the past). Still, now they have extended competences and they have set up an independent office (KidD) to monitor youth protection measures of online platforms. KidD has started its work right away and published a guideline for youth protection compliance for online platforms under the DSA (an English summary can be found here)
What will happen in 2025
The DSA will likely become more relevant for the protection of minors and for games companies, at least those which qualify as online platforms. This might have the potential to spill over to other jurisdictions. Accordingly, Riot’s Dan D. Nabel told us: "For 2025, among other things, I expect to see more legislative attempts to ‘protect the children’ through platform regulation."
It seems pretty sure to us that the DSA and its compliance will become increasingly important. While we do not expect any early rulings on the role of any particular online game under the DSA, the authorities will start to take a closer look at popular games and ask game companies for more information.
For online platforms, the EU Commission intends to publish guidelines in 2025 which deal with the protection of minors.
Image credit: Adobe3. Terms of Use / EULAs and Consumer Protection
What we predicted (+)
"If teeth have not been shown in 2023, it might have been only because the new legislation was too fresh and maybe also too complex to digest easily. We should expect teeth to come out more, as soon as both consumers and the competent agencies in the EU member countries will become more familiar and experienced with the new rules in the daily practice."
What happened
Major games companies have been accused of misleading consumers into spending money by the European Consumer Organisation (BEUC). BEUC’s main point is premium in-game currency – for example, it says that prices should be displayed not only in virtual currency, but also in real-world currency.
However, while the focus of this complaint is premium in-game currencies, BEUC also examined Terms of Service of these games and, hardly surprising, was unhappy (the lack of surprise does not mean that games companies were so bad, but consumer protection organization are rarely ever happy if they pick up a topic publicly). BEUC held that EU consumers waive too many of their statutory rights and that some of the terms are not comprehensible. In particular, terms that allow game companies to modify or withdraw game features often go beyond what is legally acceptable, BEUC argues.
BEUC argues Terms of Use that allow game companies to modify or withdraw game features often go beyond what is legally acceptable
Same topic, different remedies in California. While BEUC essentially argues that consumers "purchase" virtual currency, but are deprived of the rights they should have in "purchased" goods, California recognizes the nature of virtual goods, but expects that companies make it clear they are not "purchased".
But the EU is determined to make this big topic even bigger! In its Digital Fairness Fitness Check (who came up with that name?), the European Commission expressed its concern that the use of intermediate in-app virtual currencies distorts the real value of the in-app transaction for consumers and encourages them to spend more than they intended. Moreover, the Digital Fairness Fitness Check consultations pointed to concerns about the marketing practices related to virtual items, including the presentation of prices, time-based offers, pay-to-win models and more.
Additional concerns were raised about the sunset of a game’s live services which may lead to the loss of purchased virtual items. In this context, the server shutdown of The Crew, which was no longer playable as an always-on game, caused a stir and even led to an EU petition to ‘stop killing video games’.
Games are now also firmly on the radar of consumer protection authorities in the EU member states, who have started enforcement actions against games companies. For example, the Netherlands Authority for Consumers and Markets (ACM) has imposed sanctions against Epic Games for alleged unfair commercial practices aimed at children in Fortnite.
The German consumer protection organization Vzbv is also looking at the games industry.
What will happen in 2025
The renaissance of consumer law enforcement against games companies will continue. Many of these cases will be settled behind closed doors, but consumer organizations are prepared to go to court if necessary.
While this may sound like bad news, arguably it might still be preferable to more and more legislation from EU lawmakers or, even worse, on a national level. The European Commission, however, seems to be determined to propose a new Digital Fairness Act.
4. Loot Boxes (+/-)
What we predicted
"Riot’s Dan D. Nabel told us: "’Dark patterns’ investigations will increase, as will scrutiny of monetization methods, including loot boxes."
It will be interesting to see if the Austrian rulings will be upheld. In this case, claimants – again, backed by litigation financiers – will try the same in other jurisdictions. However, we expect more outright loot box bans (like in Belgium and as announced in the Netherlands) and more sanctions for game operators (as happened lately in Austria).
What happened
Dan got it right, we didn’t.
The BEUC complaint mentioned above essentially is about monetization methods, even though the overly used term "dark patterns" is not used (and loot boxes are not discussed in this complaint either).
In Germany, there were ongoing discussions on tightening the regime for loot boxes, i.e. applying gambling laws to them, which would come close to a ban. However, contrary to what we had predicted, there was no outright ban.
Games companies must expect that their freelancers and subcontractors are using AI. If the respective contracts don’t already deal with this subject, it is high time to update them now
In fact, there was another decision in Austria about EA Sports’ soccer simulation game (in this case: FIFA 23), but this time in favor of EA Sports. The court held that the plaintiff did not purchase the Ultimate Team packs with the intention of selling the included footballers and thereby making a profit. Consequently, no "economic risk" was taken, as is required to fall under the definition of gambling.
What will happen in 2025
We don’t think the discussion on loot boxes will stop, but it might be overshadowed by the wider digital fairness discussion we mentioned in the consumer protection section above.
5. Unfinished products, product description, onscreen texts, and right of withdrawal (+/-)
What we predicted
"We still think these are relevant issues, but the attention for them seems to have gone away quicker than what we had thought. Maybe they’ll stay under the radar for a while."
What happened
Tick, but a small one. Some game companies had included a waiver on the right of withdrawal in their T&Cs which was criticized by BEUC (cf. above) but that’s all.
What will happen in 2025
The right of withdrawal in particular will be one aspect of the wider consumer protection topic discussed above.
6. Clones and other IP disputes (+/-)
What we predicted
"Clones and IP disputes will continue to be a major issue. They might actually be booming due to the use of AI."
What happened
The Pokémon vs Palworld case made the headlines – largely because it is a patent case, while cloned game cases are typically about copyright and competition law.
Also beyond this Pokémon vs Palworld dispute, clones are a major issue (as we had predicted) but AI did not seem to play a decisive role. As far as we are aware, AI is not yet used to detect cloned games in the same way it is used in other areas to detect infringements online (e.g. hate speech), and it seems that AI did not have a central role in the creating of clones either.
Many clones are always found in the Google Play Store and in the Apple App Store. Despite the Digital Services Act, it can still be a pain (or a game of luck) getting even the most blatant copies taken down. It can even be hard to get the names and addresses of the clone publishers from Apple or Google, even though the Digital Services Act imposes "know your business customer" obligations on online marketplace providers.
In October, The European Court of Justice ruled that a cheat software which only changes the content of the variables temporarily transferred in the RAM which is used during the running of the game does not fall within the protection of the Directive on the legal protection of computer programs (Directive 2009/24/EC). However, this does not mean that cheat software is generally legal (Why the European Court of Justice’s decision on cheats is not a milestone | Opinion | GamesIndustry.biz).
What will happen in 2025
IP has been a core topic for games companies since … forever, and so have IP disputes. They will continue to be very relevant, even though in public perception, these issues might be overshadowed by consumer protection, and trust and safety.
As for clones, we hope that Google and Apple will at least come closer to DSA compliance – having valid contact data from clone publishers could be a game changer in the app space. On the other hand, for high value productions, there still is a lack of reliable case law, and we don’t expect a landmark case being decided by the courts next year either.
But IP disputes go well beyond clones. We expect litigation against cheat bots to remain important. Also, as Nintendo reached a favorable agreement against another Switch emulator, other emulators will be under scrutiny as well – the case also showcases that IP can help games companies in many respects.
Finally, we expect that not all games companies will tolerate their IP showing up in AI output, and someone will test the waters unless AI system providers are helpful.
Image credit: Epic Games7. Market dominance and platforms (+)
What we predicted
"One general counsel told us that he expects ‘fights over DMA implementation in Europe with far reaching consequences to the industry and revisiting regulation over advertising in interactive entertainment’ to be the hot topics for 2024."
What happened
Epic Games launched its own app store for iPhones and Android in Europe. The launch was possible thanks to the provisions of the Digital Markets Act which obliges gatekeepers to open their core platform services to third parties. Alphabet and Apple were designated as gatekeepers by the European Commission in September 2023.
What will happen in 2025
Further app stores might follow, but that is hard to predict.
Image credit: Roblox8. Youth protection beyond blood and violence (+/-)
What we predicted
"The regime will get ever tighter. Notably the EU Regulation to Prevent and Combat Child Sexual Abuse, which is coming up on the horizon, is set to bring new obligations for communication features."
What happened
We do not have a framework Regulation to Prevent and Combat Child Sexual Abuse yet. It was controversially discussed and there is still no statement by the Council of the European Union on it. However, the youth protection regime became tighter due to other regulation such as the Digital Services Act.
It can be a pain (or a game of luck) getting the most blatant copies taken down, or even getting the names and addresses of the clone publishers from Apple or Google
What will happen in 2025
A European General Counsel told us: "Calls on video game companies to employ age verification methods will likely continue in 2025. However, age verification is not a universal remedy and needs to work on an international level as well as without interfering with users’ privacy. Instead of setting up new requirements that may be disproportionate, voluntary approaches that have proven to be effective and that respect both the parental autonomy and the children’s right to participate should be strengthened. The majority of video games are suitable for minors and parental controls are widely available free of charge."
Addictive design will also become a major topic for digital games and apps in 2025, if it is not already. The European Commission has expressed its legal opinion that digital interfaces which can cause mental harm can also fall under the General Product Safety Regulation, which has been applicable for a few weeks now. In general, there are more and more legal frameworks that have become applicable to games.
9. Data protection (-)
What we predicted
"Mr Schrems, the Austrian gentlemen who made the European Court of Justice cancel the existing instruments for data transfer to the US (i.e. Safe Harbor and Privacy Shield) will certainly not give up his fight and tackle the EU-US Privacy Framework. Groundhog day!"
What happened
Surprisingly. there are no public sources that confirm that Mr Schrems actually did take action. Instead, there were quite some discussions on using personal data for the training of AI.
The Hamburg Commissioner for Data Protection and Freedom of Information has published a discussion paper on "Large Language Models and personal data", in which the authority holds that the mere storage of a large language model (LLM) does not constitute processing according to the GDPR. This is because the so-called tokenization of the input splits all texts into small fragments, so that in most cases it is no longer possible to establish a personal reference, also because the LLM does not contain any whole words.
The authority also states that if personal data is processed during training and/or output, these processing operations must comply with the requirements of the GDPR. However, training the LLM in violation of data protection regulations should not affect the legality of the use of an LLM in an AI system. The input splits all texts into small fragments, so that in most cases it is no longer possible to establish a personal reference, and the LLM does not contain any whole words.
The authority also states that if personal data is processed during training and/or output, these processing operations must comply with the requirements of the GDPR. However, training the LLM in violation of data protection regulations should not affect the legality of the use of an LLM in an AI system. Due to the lack of storage of personal data in the LLM, the rights of data subjects under the GDPR could not apply to the model itself. Claims for information, erasure or rectification should rather be addressed to the entity responsible for input and output.
Also, the need to implement trust and safety mechanisms posed challenges from a privacy law perspective. To give a few examples: age verification / age assurance is desirable or in some cases/countries even required under youth protection law might be challenging under privacy laws. Monitoring in-game communication is good against hate speech, stalking and cyber-bullying, for example, but privacy laws and potentially even the telecommunication secret must be kept in mind.
What will happen in 2025
We still think that Mr Schrems will be back, but as no decisions are to be expected in the short-term, the trust and safety aspect might be more pressing.
10. Esports (+/-)
What we predicted
"Match-fixing and cheating will remain one of the most important matters when it comes to the integrity of esports. Alongside that, we predict that there will be discussions on the principal legal admissibility of esports betting and, as every year, on the non-profit status of esports organizations in Germany. At this point, we would like to bet that little will happen in this regard either."
What happened
There were not as many discussions on esports betting as we had expected. However, Riot Games has officially allowed its partnered esports teams to have betting sponsors as of 2025 (which is why we would argue to get a little tick).
Rockstar has a good track record in being sued by wannabe celebrities. It would really be disappointing if no B-celebrity recognizes themselves in GTA 6
Moreover, Riot Games launched a new Dispute Resolution Mechanism for legal disputes between players, coaches and teams in Riot Games’ Tier1 and Tier2 esports leagues.
Nothing happened with regard to the non-profit status of esports organizations in Germany, but we’ll be happy to report whether some promises can be found in the plans of Germany’s next government.
Finally, Valve took action against a professional CS:GO player and banned him for life – the Paris Appelation Court approved this sanction. The player had betted on his own match and deliberately lost it.
What will happen in 2025
The International Olympics Committee announced that there will be Olympic Esports Games in 2025, which will take place in Saudi Arabia. Therefore, betting on "something about integrity" would be a no-brainer. Perhaps, there is some legislation on doping in esports.
Match-fixing and cheating will be relevant – again. In addition, cybersecurity might play a more important role. With the new Cyber Resilience Act, which entered into force in December, new cyber security requirements apply basically to all kinds of hardware and software that can be connected to other devices or networks. However, the Regulation will be fully applicable not before December 11, 2027.
New trends
Political and social discussions invaded games in 2024. There were heated discussions on Dragon Age Veilguard, and whether Russian games should be boycotted. Heated political discussions can have an impact on game design, but also on content moderation, unless the game developers ban all political content.
As already mentioned last year, the clash of regulations will cause headaches. Compliance won’t become easier with all the new regulations on the horizon, e.g. there is seriously a lot on its way in terms of cyber security, and accessibility.
But frankly, the hot topic for 2025 will not be new regulation – everyone is looking for what comes from Nintendo after Switch, and for GTA 6. So far, Rockstar has a good track record in being sued by wannabe celebrities. It would really be disappointing if no B-celebrity recognizes themselves in GTA 6.
{Categories} _Category: Implications{/Categories}
{URL}https://www.gamesindustry.biz/regulation-galore-legal-trends-to-watch-in-2025{/URL}
{Author}Dr Andreas Lober{/Author}
{Image}https://assetsio.gnwcdn.com/Gavel-00.jpg?width=1200&height=600&fit=crop&enable=upscale&auto=webp{/Image}
{Keywords}Legal{/Keywords}
{Source}Implications{/Source}
{Thumb}{/Thumb}