The year 2025 was characterized by significant judicial decisions, regulatory enforcement actions, and evolving compliance frameworks affecting the games industry. This overview concentrates on German and EU law.
Protecting games IP against AI
IP law has always been crucial for games companies, who own valuable assets.
2025 saw a couple of landmark decisions at the intersection between AI and IP. While neither claimants nor defendants in these cases were games companies, these decisions are highly relevant for the games industry.
At the Regional Court of Munich, GEMA, Germany's collective society for music rights, secured a favorable ruling against OpenAI's ChatGPT (decision of 11 November 2025 – 42 O 14139/24). The Court found that ChatGPT's training model contained unauthorized copies of GEMA members' original works, which were subsequently reproduced and made available through user prompts. This was deemed a breach of copyright law. This precedent establishes important implications for the industry, as there is no reason to assume that games-related IP should be treated differently.
The Higher Regional Court of Hamburg ruled that AI training using copyrighted material may be permissible under the EU copyright law's Text and Data Mining exception, even if the rights holder had declared its “opt-out” in plain text (decision of 10 December 2025 – 5 U 104/24). The court held that plain text failed to meet the "machine-readable" requirement for a valid “rights reservation” (i.e. “opt out”). This ruling shows the importance to implement proper technical opt-out mechanisms for rights holders wishing to prevent their intellectual property from being used in AI training datasets.
At a regulatory level, the EU's AI Office published its General Purpose AI Code of Practice, providing guidance for businesses seeking compliance with AI Act obligations concerning safety, transparency, and copyright for general-purpose AI models.
AI Implementation: Ownership and Valuation Risks
Games companies are also leveraging AI for their own purposes, such as asset creation and AI-assisted coding, and must therefore consider the aforementioned decisions.
AI-generated content and code generally lacks copyright protection. This necessitates ensuring that key visual elements remain human creations rather than machine-generated content. The frequent use of coding assistants raises questions about code protectability. For companies heavily reliant on AI for asset creation or coding, this presents potential valuation challenges in merger and acquisition contexts, where intellectual property traditionally serves as a key value driver. (see our blogpost (German))
AI Implementation: Regulatory Constraints
The availabilty of AI solutions through “AI marketplaces” under open-source licenses has faciliated and integration into local clients and user interfaces. However, determining liability under the AI Act for companies integrating third-party AI into their interfaces remains complex.
Apart from such marketplaces, the AI Act's impact on the gaming industry has been limited thus far. While the European Commission has indicated that AI integration in games may be prohibited in certain cases, particularly for games designed to be highly addictive or exploit vulnerabilities in children, this remains more of a theoretical concern for the time being. Also, AI use cases specific to the games industry generally do not fall in the "high risk" category, but games companies have to be mindful of the more general requirements, e.g. when using AI for HR purposes.
More games-specific are the transparency obligations notably regarding NPCs and bot-filled competitive game lobbies.
Data Protection
In a decision on AI training using publicly available data, the Higher Regional Court of Cologne ruled that Meta's use of Facebook data for AI training was lawful, rejecting an application for a preliminary injunction filed by the Consumer Protection Association of North Rhine-Westphalia (decision of 23 May 2025 – 15 UKl 2/25). The Court held that, in this specific context, Meta's "legitimate interest" in AI product development was outweighing data subject interests, provided that users were given transparent information and the opportunity to opt-out. This decision may be useful for games companies aiming to train AI themselves.
Terms of Use, EULAs, and Consumer Protection
The Consumer Protection Network (CPC) and European Commission published Key Principles that, while non-binding, were presented as if they were binding.
According to the Key Principles, the extensive obligations of the European Consumer Rights Directive should also apply when premium in-game virtual currency is sold or spent. This includes, but is not limited, to the call for a display in real world money, and the sizes in which “bundles” of virtual currencies should be sold.
Regarding withdrawal rights when premium in-game virtual currency is spent, the CPC identified the following practices to avoid:
In July 2025, the European Commission published guidelines on the protection of minors, addressing implementation of in-game purchases, virtual currencies, and communication features. These positions align with broader consumer and minor protection initiatives concerning allegedly manipulative design practices.
The European Commission has announced plans to work on the Digital Fairness Act. This will provide an additional layer of consumer protection, targeting dark patterns and addictive design.
In late 2025, the German Federal Council (Bundesrat) adopted a resolution calling for significantly stricter loot box regulation to enhance youth protection. The initiative urges an examination of whether loot boxes should be legally classified as gambling due to their "gambling-like mechanisms," potentially resulting in mandatory 18+ age ratings for games containing such features. The Council demands full transparency regarding winning odds and pricing while advocating for unified European regulation within the Digital Fairness Act framework.
In Sony v. Datel cheating proceedings, the German Federal Court of Justice delivered its final judgement following a 2024 decision by the European Court of Justice, ruling that mere RAM modifications might not constitute copyright infringement. However, this ruling has limited impact on multiplayer game cheat enforcement, as it restricts specific copyright claims on the manipulation of data in the working memory while leaving the tools for enforcing unfair competition law and breach of EULA intact.
Interaction risks, including chat features and monetization mechanics, are increasingly considered in age ratings. Germany's rating authority USK estimates that approximately one-third of rated games contain such risks, with one-third of those (11% in total) receiving higher age ratings than they would without these mechanics.
Germany also updated its Interstate Treaty on Media Minor Protection, granting the Commission for the Protection of Minors in the Media (KJM) decisive new enforcement tools. The amendment specifically targets loopholes previously allegedly exploited by some foreign providers to bypass German age verification laws. Key measures include authority to order payment service provider transaction blocking to non-compliant platforms and, as last resort, network blocking implementation. The reform transforms KJM's ability to act against offshore violators, shifting from administrative warnings to revenue stream disruption. However, this legislation faces criticism regarding "over-blocking" risks, as broad technical mandates could lead to inadvertent censorship of legitimate content if automated filters lacking contextual nuance are introduced.
Dr Andreas Lober
Lennart Kriebel
Daniel Trunk
Fabian Eckstein
