Ensuring IT Security for Energy Infrastructures

1

•

Ensuring IT Security for Energy Infrastructures

European Seminar

24

_{- 25}

_{May 2012, Berlin}

With Experts from:

•

Vattenfall Services Nordic AB, Sweden

•

E.ON Energie AG, Germany

•

National Grid plc, United Kingdom

•

EDP Distribuição Energia, S.A., Portugal

•

REN SGPS, S.A., Portugal

•

Unit Critical Energy Infrastructure Protection, DG Energy, European Commission

Supporting Organisations:

Br

osc

2

Who is this seminar for?

• Network and system operators

• Power supply companies

• Energy providers and utility companies

• Energy service providers

• Public services

• Manufacturers and suppliers of power system

control technology and software

• Manufacturers and operators smart meters

as well as

• Associations and organisations of energy industry

• Responsible public sector institutions

• Specialised consultancies

• Other staff and institutions responsible for

IT security in the energy sector

From departments such as

• IT Security and Information Security

• Corporate Security and Services

• Network Operations and Network Control Station

• Network Control Technology and Power System

Control

• Power Division

• Smart Grids and Smart Metering

• Risk Management

• Business Continuity Management (BCM)

• Crisis and Emergency Management

• Asset Management

• Critical Infrastructures

• Business Development

• R&D&I

EUROPEAN SEMINAR

Ensuring IT Security for Energy Infrastructures

Are you well prepared for coping with IT threats to your

assets and systems?

Examples in several countries such as the Baltic countries, the

USA, Brazil and Iran (Stuxnet) have shown the vulnerability of

energy infrastructures to cyber threats and their dependency

on IT. By introducing new technologies such as smart grids

and smart metering this issue has intensified even more. As

information technology is absolutely essential for managing

networks, systems and supply, IT and cyber security have

become a main task and challenge for operators and utilities.

However, the IT security level in the energy sector is lagging

behind the “classical” IT in offices and data centers. Especially

network control technology is at risk. Protecting SCADA and

real-time systems, information security in system control,

data transfer and encryption in smart metering technology

as well as automated meter reading and cloud computing

are only few aspects to be considered. Moreover, also IT

risk assessment, smart grid security, coping with cyber

attacks, handling loss of IT systems and awareness raising

of responsible staff are challenges.

Therefore, today you need to have extensive knowledge on

all relevant IT security risks in the energy sector to be able

to cope with threats to your systems!

3

Your benefits

• Protect your IT systems and assure business

continuity

• Guarantee energy supply and distribution – avoid

a loss of money and image

• Save money and resources – be more resilient

against the IT threats

• Keep up-to-date with the current IT security

threats in the energy sector

• Learn how to prepare for and handle worst case

scenarios

• Learn how to set up a targeted and comprehensive

IT security strategy for your energy infrastructures

• Boost your knowledge on how to cope with cyber

threats and know which of those are really a

hazard to your systems

• Receive first-hand information on the European

Commission’s IT security initiatives for the energy

sector

• Discuss your individual questions with our experts

and practitioners – get first-hand advice and best- practiceand practitioners – get first-hand advice and best- examples

Meet colleagues from your industry –

Use this excellent opportunity to expand

your network!

On which topics will you boost your knowledge?

– Key Topics of this European Seminar

• What are the latest and most important IT security

challenges in the energy sector?

• Which IT security technologies help you in counteracting

cyber threats?

• How can you manage the consequences of IT system

failures?

• Which tools can you use to test the reliability of your

systems and what are the concrete risks to your

infrastructures?

• How can you manage information security risks within

your company?

• How should you set up a comprehensive IT security

strategy?

• Which strategies have shown to be well-proven for

protecting critical IT systems of network and systems

operators?

• How should you arrange and manage the interaction of

the several departments and centers involved in IT security

and how can you train your staff regarding IT security?

• Why are smart meters an interesting target for attackers

and how can you guarantee information security in smart

metering?

• What are the advantages and constraints of using cloud

computing?

• Why and how can you benefit by introducing the position

of a Chief Information Security Auditor (CISA) in your

company?

• Which initiatives for enhancing Europe’s energy IT security

are planned by the European Commission?

4

Registration and Hand-out of Seminar Material

Opening Remarks from the European Academy for Taxes, Economics

& Law

Welcome Note from the Chair

David Willacy, CISSP CISM, Global Business Risk

Manager, Digital Risk & Security, National Grid,

United Kingdom and Chair of the ENTSO-E Special

Interest Group for Cyber Security

9,15-10-15

Smart Grid Security – Smart Grid, Smart

Metering, Smart Thinking or Whatever

is Really Smart

• Information security “Warm up”

- What is security?

- Differences between IT and information security

- Information security – risks and challenges within an utility

• Information security within the future smart grid

• Different groups of possible attackers of a future smart grid

• Information security in smart metering

- Why could the smart meter be an interesting target for attackers

- Information security countermeasures

- Technical limits

• The “Security by Design” approach

Stephan Gerhager, Information Security Officer,

E.ON Energie AG, Germany

10.15-10.30

Discussion Round

Coffee Break and Networking Opportunity

Vattenfall’s Smart Meter Operations

and Lessons Learnt from its

Automated Meter Reading Project

• Vattenfall Services’ actions and experiences in IT security

related to its smart meter operations

• The Smart Meter Project “Number One for the Customer”

- Security risks in automated meter reading (AMR), its

communication and collection of data as well as its data

processing

Erik Nordgren, Business Area Manager Metering,

Sustainable Solutions & Developing Markets,

Vattenfall Services Nordic AB, Sweden

11.45-12.00

Discussion Round

PROGRAMME DAY 1

Ensuring IT Security for Energy Infrastructures

STEPHAN GERHAGER

Information Security Officer,

E.ON Energie AG, Germany

Stephan Gerhager has been

Information Security Officer at E.ON

Energie AG since 2007. In this role

he is also responsible for smart grid

and smart meter security. Prior to

this, he worked for AUDI AG where he was responsible

for IT Security and IT Security Governance for several

years, partly as Chief Information Security Officer (CISO).

He joined AUDI AG in 2001 as an IT Security Expert in

central IT and as member of the Security Group dealing

with web-application security and hacking technologies.

Stephan Gerhager studied computer sciences.

Case

Stud

y

ERIK NORDGREN

Business Area Manager

Metering, Sustainable

Solutions & Developing

Markets, Vattenfall Services

Nordic AB, Sweden

Since 2010, Erik Nordgren has been

responsible for Vattenfall Services’

smart meter operations. Moreover, he

was head of the Smart Meter Project of Vattenfall Eldistribution

AB from 2005 to 2008. This project is considered as a pioneer

and best practice project and was aimed at enhancing

customer services by installing innovative automated meter

reading (AMR) for all 850 000 distribution customers in

Sweden. Prior, Erik Nordgren was responsible for Group

Purchasing Coordination in the Business Unit Distribution in

Vattenfall Group.

5

12.00-12.45

Cyber Security Concepts for Smart Grids

and Your Systems

• Cyber threats, vulnerabilities and risks

• Cyber security concepts

• Perimeter security and in-depth security

• Improving security in a smart grid

Miguel Areias, Chief Security Officer and Leader

of Cyber Security Team, Department of Integration

and Development, EDP Distribuição (Portuguese

Distribution System Operator), Portugal

12.45-13.00

Discussion Round

Lunch Break and Networking Opportunity

Guaranteeing SCADA Security

• Why a large percentage of TSOs in Europe has not even

considered cyber attacks on their systems

• The new threat level and changing SCADA systems

• Insider risk

• Aged assets

- Common passwords across multiple devices

- SCADA devices

• Possible incident scenarios

• Vendors need to develop secure SCADA products

• The National Grid’s strategy for protecting its critical systems

David Willacy, CISSP CISM, Global Business Risk

Manager, Digital Risk & Security, National Grid,

United Kingdom and Chair of the ENTSO-E Special

Interest Group for Cyber Security

15.00-15.15

Discussion Round

Coffee Break and Networking Opportunity

Using Cloud Computing in Smart Grids

– Experiences from the EU FP7 „TClouds“

Project

• “TClouds” – project on Trustworthy Clouds Privacy and Resilience for

Internet-scale Critical Infrastructure

- Goals and objectives

- The European consortium

- Key results

• Smart grid scenarios

• Security challenges

• Advantages and constrains

Nuno Emanuel Nunes Pereira, Information Systems

Officer and Cyber Security Officer, Department of

Integration and Development, EDP Distribuição

(Portuguese Distribution System Operator),

Portugal

Discussion Round

End of Day One

YOUR CHAIR

DAVID WILLACY

CISSP CISM, Global Business

Risk Manager, Digital Risk &

Security, National Grid plc,

United Kingdom

As Global Business Risk Manager

David Willacy is responsible for

managing the digital risks for

National Grid, a multinational electricity and gas utility

company owning and managing grids in Britain and the

USA. He has over thirty years of experience in the utility

sector. In 2011, he supported ENISA, the European

Network and Information Security Agency, in the context

of their report on “Protecting Industrial Control Systems

– Recommendations for Europe and Member States”

published in December 2011. He also chairs the ENTSO-E

special interest group for CYBER security.

MIGUEL AREIAS

Chief Security Officer and

Leader of Cyber Security

Team, Department of

Integration and Development,

EDP Distribuição

(Portuguese Distribution

System Operator), Portugal

Miguel Areias joined EDP in 2000 to

the Department of Command and Control of the SCADA

(Supervisory Control and Data Acquisition). Since 2007 he

has been working on security and reliability of the SCADA.

Currently, Miguel Areias is Information Security Officer at EDP

Distribuição as well as member of EDP‘s CSIRT and Leader

of the Smart Grid Cyber Security Workgroup. Miguel Areias

is also involved as a Work Package (WP) Leader in the EU

FP7 project on Trustworthy Clouds Privacy and Resilience for

Internet-scale Critical Infrastructure - „TClouds“.

NUNO EMANUEL

NUNES PEREIRA

Information Systems Officer

and Cyber Security Officer,

Department of Integration

and Development, EDP

Distribuição – Energia, S.A.

(Portuguese Distribution

System Operator), Portugal

Currently, Nuno Pereira is working in the Department of

Integration and Development at the Portuguese distribution

system operator (DSO) EDP Distribuição, where he is working

on improvement of functionalities, security and reliability of

EDP’s SCADA system. He joined EDP, one of Europe’s major

electricity operators, to the Department of Product Design at

EDP Services for Energy Quality and Efficiency in 2011. In this

position he was involved in the specification of a new reactive

energy compensation solution. As Miguel Areias, Nuno Pereira

is also involved as a Work Package (WP) Leader in the EU

FP7 project “TClouds”. In 2010, Nuno Pereira worked as a

researcher for Uninova – Institute for Development of New

Technologies, where he was involved in the EU FP7 project

on innovative highly reliable and secure service-based self-learning solutions to enable tight integration of control and

maintenance of production systems. Nuno Pereira holds a

Master’s Degree in Electrotechnical and Computer Engineering

from the New University of Lisbon in Portugal.

6

9.00-9.05

Welcome Note from the Chair

David Willacy, CISSP CISM, Global Business Risk

Manager, Digital Risk & Security, National Grid,

United Kingdom and Chair of the ENTSO-E Special

Interest Group for Cyber Security

9.05-9.45

How to Set Up a Comprehensive IT Security

Strategy

• Connecting operational and IT technology

• Well-proven IT security strategies and technologies for

counteracting cyber threats

• Establishment of a comprehensive response plan

• Are your systems reliable? – Successful implementation of IT risk

assessment

- IT risk assessment tools

- Security tests/penetration tests

Rolf Adam, Director Energy & Smart Grid Europe/

Middle-East/Africa (EMEA), Enterprise Business

Group, Cisco Systems, Germany and Expert to the

European Commission on Smart Grids

9.45-10.00

Discussion Round

Coffee Break and Networking Opportunity

The Chief Information Security

Auditor (CISA) – A New Position

to Create in the Energy Industry?

• Information security as responsibility of Chief Information Security

Officers (CISOs)

- Current organisations and drawbacks

- International standards – what are they saying?

• Position and Role of a Chief Information Security Auditor (CISA)

- Differences between CISOs and CISAs

- The CISA approach and scope

- Reporting and feedbacks

• CISA as new position to create in the energy industry?

• Training and career opportunities for CISOs to become a CISA

Julien Rambeau, Chief Information Security Auditor

(CISA) and IT Security Manager, Technip, France

11.15-11.30

Discussion Round

PROGRAMME DAY 2

Ensuring IT Security for Energy Infrastructures

ROLF ADAM

Director Energy & Smart Grid

Europe/Middle-East/Africa

(EMEA), Enterprise Business

Group, Cisco Systems, Inc.,

Germany and Expert to the

European Commission on

Smart Grids

Rolf Adam is a Director with Cisco. He is responsible for

the EMEA Business Development with the Energy industry

comprising Oil & Gas and Utilities & Smart Grid. In this

role he is working with European customers, partners

and regulators in defining the future industry model of

the utilities industry and identifying opportunities for

Smart Grid build-out and business transformation. In

addition to his responsibilities at Cisco, he is an expert to

the European Commission on Smart Grids, an industry

advisor to WHEB Partners (Cleantech fund) and sits on the

Advisory Board of Entelios AG (Demand Response start-up) and emobility2go (EV eCloud start-up).

JULIEN RAMBEAU

Chief Information Security

Auditor (CISA) and IT

Security Manager, Technip

S.A., France

Julien Rambeau is Chief Information

Security

Auditor

(CISA)

and

IT Security Manager at Technip, a world leader in

engineering, technologies and project management

for the oil and gas industry. He is notably in charge of

information protection and information security audits

within Technip. Moreover, he is a Certified Penetration

Tester (SANS Institute/GIAC GPEN), Certified Information

Systems Security Professional (ISC² CISSP) and a Lead

Auditor according to ISO 27001. Before joining Technip in

2006, he worked as an IT security consultant for major

European companies.

“Great, applicable, informative and international.”

“Good for raising awareness, making connections

7

Interactive Workshop Session

11.30-11.55

Managing the Loss of IT Systems

– Handling Worst Case Scenarios

• Loss of IT systems and the implications

- For physical operations

- For commercial operations

• SCADA and the business systems required to maintain the

operation of energy networks

• Managing the risk – contingency planning, training and testing

Michael Gilbert, Director of Energy & Utility

Resilience Services Team, Steelhenge Ltd,

United Kingdom

Discussion Round

Lunch Break and Networking Opportunity

Managing the Loss of IT Systems –

Best Practice Report from REN

Redes Energéticas Nacionais

• REN’s special exercises on IT security and the protection of its

critical systems

- REN as TSO of the Electrical National Transmission Grid

- The National Dispatching Centre and the National Transmission

Operation Centre

- The N-1 hardware and links to failure of IT architecture

- The inside hacking risk and lessons learned with the Stuxnet

worm

- Interfaces and linkage to the outside of REN’s closed IT network

- The balance of being secure and allow remote maintenance/

assistance

- Information for publishing in real time data on the website

- Training of staff: Simulation of failures and IT training

Óscar Ribeiro, Adviser to the Board of Directors,

REN – Redes Energéticas Nacionais,

(Portuguese National Grid), Portugal

13.45-14.00

Discussion Round

Coffee Break and Networking Opportunity

14.30-15.45

Managing the Loss of IT Systems

Group work on a given scenario regarding the implications

of loss of IT systems for your energy networks

• When it is too late – How to cope with loss of IT systems

• Understanding the consequences

• Managing the consequences

• Review of Workshop Findings

Michael Gilbert, Director of Energy & Utility

Resilience Services Team, Steelhenge Ltd,

United Kingdom

15.45-16.00

End of Seminar and Hand-out of Certificates

MICHAEL GILBERT

Director of Energy & Utility

Resilience Services Team,

Steelhenge Ltd, United

Kingdom

Michael Gilbert held a number

of Senior Management roles in

National Grid including Head of

System Control and Head of Emergency Planning. During

his time as Head of System Control he was responsible

for the risks associated with loss of critical IT systems and

putting in place the necessary contingency arrangements.

This was part of managing the Gas National Control

Centre and four regional control centres responsible for

the daily physical and commercial operation of the UK gas

supply network. Moreover, he advised the UK Government

on energy resilience within the UK when he worked for

the Ministry now called Department for Energy & Climate

Change (DECC)). Since then, he has worked closely with

a wide range of energy and utility clients.

ÓSCAR RIBEIRO

Adviser to the Board of

Directors, REN – Redes

Energéticas Nacionais SGPS,

S.A. (Portuguese National

Grid), Portugal

Óscar Ribeiro has been holding

this position within REN, the National Grid of Portugal,

since 1998. REN is the concession holder of the National

Electricity Transmission Grid (RNT) and manager of the

National Electricity System (SEN). In the field of gas REN

is responsible for planning, construction, operation and

maintenance of the National Natural Gas Transportation

Grid (RNTGN) as well as the storage of natural gas

and LNG. Amongst others, Óscar Ribeiro is responsible

for the management of threats for REN’s critical energy

infrastructures and of their failures. In 2009, he authored

the guidelines of an exercise dealing with the shutdown

of energy infrastructures due to a cyber attack that was

held by national authorities for civil protection in a NATO

context. Prior to that, he held various positions within REN

and he has over 30 years of broad experiences in the

energy sector.

Case

Stud

8

European Network of Transmission System Operators for Electricity

The European Network of Transmission System Operators for Electricity speaks for all electric TSOs in the EU and others connected to

their networks, with one voice for all regions, and for all their technical and market issues.

Important Europe-wide planning and operations roles are assigned to ENTSO-E in new European legislation: The Regulation on cross-border exchanges of electricity that will be part of the EU 3rd Energy Package legislation due for second reading plenary voting in

the European Parliament in late April establishes the ENTSO for Electricity in order to ensure optimal management of the electricity

transmission network and to allow trading and supplying electricity across borders in the Community. The Regulation sees the need

for increased cooperation and coordination among transmission system operators to create network codes for providing and managing

effective and transparent access to the transmission networks across borders, and to ensure coordinated and sufficiently forward looking

planning and sound technical evolution of the transmission system in the Community, including the creation of interconnection capacities,

with due regard to the environment.

Contact

ENTSO-E - European Network of Transmission System Operators for Electricity

Avenue de Cortenbergh 100 | 1000 Brussels, Belgium

Tel.: +32 2 741 09 50 | Fax: +32 2 741 09 51 | www.entsoe.eu

ESNA is an independent global, not-for-profit association under Dutch law. Members share the same goal and vision and are utilities,

software, hardware and service providers, and solution integrators.

The association promotes the adoption of open Smart Metering and Smart Grid architecture, services and infrastructure, based on Network

Energy Services (NES), together with the value added applications for secure, reliable and cost-effective automatic meter management,

smart grid management, billing, CRM and CIS etc.

Utilities, Grid owners, Distribution Network Service Operators, System integrators, Installers, Application designers, IT companies as well

as Hardware manufacturers and Consultants take part in the ESNA community. ESNA is actively involved in promoting the standardization

of smart grid, smart metering and smart energy management by publishing the standards, protocols on which the system is based and

maintaining them. The standards are made available on a royalty free basis.

ESNA promotes the change in perspective of the current metering business, from selling isolated units, into offering interoperable smart

meter management systems as an embedded element in the total value chain of energy sales and distribution. In addition, AMM, based

on NES AMI architecture, offers added value in achieving the political objectives such as saving energy and reducing CO2 blast and

ensuring stability of the grid. Last but not least it will also contribute to more consumer satisfaction, in supporting a better understanding

of energy consumption and as basis for a competitive energy purchase.

Contact

ESNA

Printerweg 3 | 3821 AP Amersfoort, The Netherlands

Tel.: +31 6 53225382

SUPPORTING AND PARTNER ORGANISATIONS

9

Founded in 1989, the Information Security Forum (ISF) is an independent, not-for-profit association of leading organisations from around

the world. It is dedicated to investigating, clarifying and resolving key issues in cyber, information security and risk management and

developing best practice methodologies, processes and solutions that meet the business needs of its Members.

ISF Members benefit from harnessing and sharing in-depth knowledge and practical experience drawn from within their organisations and

developed through an extensive research and work program.

www.securityforum.org

„SECURITY EUROPE is the only specialist publication for European civil security policy, technology and business. Every month, it

provides news, analysis, contract and tendering information; opinion pieces and insight to the complex world of civil security. Get inside

the information loop, with SECURITY EUROPE. For further information or to receive a complimentary sample of the newsletter, contact

the SecEUR team at:

[email protected], visit www.seceur.info or call: Tel.: +32 (0)2.230.11.62“

SUPPORTING AND PARTNER ORGANISATIONS

10

BOOKING

Fax:

+49 (0)30 802080-250

E-mail: [email protected]

Phone: +49 (0)30 802080-230

For online booking please visit

our website: www.euroacad.eu

Date of Event

24

_{- 25}

_{May 2012}

Booking Number

S-386

Event Language

The event language will be English.

Event Price

1389,- Euro, excl. German VAT (19%)

The above price covers the following:

• Admission to the seminar

• Hand-out documents in print and digital version

• Soft drinks and coffee/tea on both event days

• Lunch on both event days

Booking Modalities

It is recommended to book soon as seats are limited. For

organisational matters, we kindly ask you to complete the booking

form in capital letters.

Contact

European Academy for Taxes, Economics & Law

Hausvogteiplatz 13, 10117 Berlin, Germany

Phone: +49 (0)30 80 20 80 230

Fax:

+49 (0)30 80 20 80 250

E-Mail: [email protected]

Internet: www.euroacad.eu

Your contact persons for the programme:

Regina Lüning, M. Sc. econ.

Head of Marketing and Sales

Phone: +49 (0)30 80 20 80 246

Fax:

+49 (0)30 80 20 80 259

E-mail: [email protected]

Luise Otto, M.E.S.

Junior Conference Manager

Phone: +49 (0)30 80 20 80 244

Fax:

+49 (0)30 80 20 80 259

E-mail: [email protected]

(Programme is subject to alterations)

Event Location

Arcotel John F

Werderscher Markt 11

10117 Berlin, Germany

Phone: +49 (0)30 2888 6578 95

E-Mail: [email protected]

Internet: www.arcotel.at

Please contact the hotel directly and refer to the “European

Academy for Taxes, Economics & Law” in order to benefit from a

limited room contingent at a special price. Please book as soon

as possible. Of course you can always look for an alternative hotel

accommodation.

ORGANISATIONAL MATTERS

11

BOOKING

BOOKING NUMBER

:

S-386 (ENTSOE)

24

_{- 25}

_{MAY 2012, BERLIN}

European Academy for Taxes, Economics & Law

Brauner Klingenberg GmbH

Hausvogteiplatz 13

10117 Berlin / Germany

Phone.: +49 (0)30 802080-230

Fax:

+49 (0)30 802080-250

E-mail: [email protected]

www.euroacad.eu

Please note, you can register as many delegates as you

wish (except, the seminar is fully booked). You only need

to copy this formular for as many persons you wish.

NOTE

Phone

Fax

E-mail

First name

Last name

Department

Job position

Your organisation

Street

Postcode / City

Country

Ms.

Mr.

Delegate 1

Phone

Fax

E-mail

First name

Last name

Department

Job position

Your organisation

Street

Postcode / City

Country

Ms.

Mr.

Delegate 2

Phone

Fax

E-mail

First name

Last name

Department

Job position

Your organisation

Street

Postcode / City

Country

Ms.

Mr.

Delegate 3

Invoice organisation

To the attention of

Street

Phone

Postcode / City

Fax

Country

E-mail

In case of registration of more than one delegate - do you prefer: single invoice? collective invoice?

With my signature I confirm my registration and accept the General Terms and Conditions as legally binding.

I herewith agree to receive further information from the

European Academy for Taxes, Economics & Law

Place, Date

Authorised Signature and Stamp

Herewith we register the following persons for the Seminar: “Ensuring IT Security for Energy Infrastructures“

Only Valid with Signature and Stamp.

NOTE

5%

Discount

12

Terms & Conditions for Conferences, Seminars and other

Training Courses

1. Area of Application

The following terms and conditions settle the contractual relationship between conference participants and the European Academy for Taxes, Economics & Law Brauner Klin- genberg GmbH [referred to as “European Academy for Taxes, Economics & Law” in the following]. Differing terms and conditions, as well as, other settlements and/or regulati-ons have no validity.

2. Registration / Confirmation of Application

A registration can be made via internet, mail, fax, or email. The registration is considered granted and legally binding if not rejected by the European Academy for Taxes, Eco-nomics & Law in writing within seven (7) days after receipt of registration. The registration will be supplemented by a booking confirmation via email. Partial bookings are only valid for seminars designed in modules. 3. Service The course fee covers the fee per participant and course in € net, subject to current German VAT. It includes training course documents as per course description, a lunch meal/ snack and refreshments during breaks, as well as, a participation certificate. The European Academy for Taxes, Economics & Law has the right to change speakers/instructors and to modify the course program if and where necessary while maintaining the overall nature of the course. All registered participants will be notified in case of a course cancellation due to force majeure, due to speakers’ preventions, due to troubles at the chosen location or due to a low registration rate. Course cancellation notification due to a low registration rate is issued no later than two (2) weeks before the course date. Course fees are reimbursed in the cases listed above; however, reimbursement for travel expenses or work absenteeism is only granted in cases of intention or gross negligence by the European Academy for Taxes, Economics & Law. Any reimbursement of travel expenses are to be considered as an exceptional goodwill gesture and form no future ge-neral obligation. In case of disturbances and/or interruptions, the European Academy for Taxes, Economics & Law commits itself to solve or limit any problems that might occur in order to maintain and continue the course as planned.

4. Payment Date and Payment, Default of Payment

Payment of the course fee is payable immediately upon receipt of invoice. Where payment is not received or lacking clear assignment to a participant prior to commencement of the course, the European Academy for Taxes, Economics & Law may refuse the relevant participant’s participation in that course. The course fee, however, is still due immedia-tely and can be claimed as part of a dunning procedure or legal action. In accordance with BGB §247 (1), in case of default of payment within the stipulated time period, default interest on arrears of at least 5% above the ECB base rate is due and payable. The European Academy for Taxes, Economics & Law can claim higher damage for delay if and where proven. Equally, the participant may prove that a damage has not occurred or has had less effect than estimated by the European Academy for Taxes, Economics & Law. Payment shall be made by cashless bank transfer; cash or cheques will not be accepted. The European Academy for Taxes, Economics & Law is not liable for any loss of means of payment. The participant may only offset such claims against the European Academy for Taxes, Economics & Law’s as are undisputed, legally recognized or recognized in writing by the European Academy for Taxes, Economics & Law. The right of retention is only acceptable in accordance with a counterclaim based on the same contract. 5. Cancellation Cancellations need to be issued in writing. Cancellation by the participant will be subject to cancellation charges as follows: • 30 days or more prior to commencement of the course: service charge of 80,00 € net, subject to current German VAT, payable immediately, course fee will be reimbursed, • two (2) weeks to 30 days prior to commencement of the course: 50% of course fee net, subject to current German VAT, payable immediately, • non-attendance or cancellation less than two (2) weeks prior to commencement of the course: 100% of course fee net, subject to current Germany VAT, payable immediately The European Academy for Taxes, Economics & Law gladly accepts without additional costs a substitute participant nominated in case of a cancellation if the substitute parti-cipant is registered at least three (3) days prior to the commencement of the course. Neither cancellation of a specific module/part of the course or substitution per module/per day is possible. 6. Copyright Seminar/course documents are protected by property rights and may not be duplicated, processed, amended, circulated or published in any other way without the written con-sent of the European Academy for Taxes, Economics & Law. The European Academy for Taxes, Economics & Law reserves all rights. 7. Liability All seminars and courses are prepared and presented by qualified speakers and instructors. The European Academy for Taxes, Economics & Law accepts no liability for the up-to-dateness, correctness and completeness of the seminar documentation, as well as, presentation of the seminar.

8. Applicable Law, Place of Jurisdiction, Place of Performance

All cases shall be governed and construed in accordance with German law to the exclusion of the UN Sales Convention. As far as legally admissible, place of performance and place of exclusive jurisdiction shall be Berlin, Germany. 9. Data Protection The European Academy for Taxes, Economics & Law protects personal data by taking appropriate protection measures. For the purpose of optimization of the product and ser-vice portfolio and according to the regulations of the data privacy laws, it stores and processes person-specific data on the training participants. Hence, all European Academy for Taxes, Economics & Law website hits are registered. All personal data will, in accordance with the law, be used for documentation requests, placed orders or other enquiries in order to send information out by post. The European Academy for Taxes, Economics & Law will, in accordance with the law, inform participants by email about special offers that resemble previously booked semi-nars. If and where personal data needs to be transferred to countries lacking appropriate data protection schemes, the European Academy for Taxes, Economics & Law shall grant alternative adequate protection. Furthermore, the European Academy for Taxes, Economics & Law will use personal data as far as participants have granted respective permission. When collecting personal data, the European Academy for Taxes, Economics & Law will always ask for permission regarding email information about offers. The participant may, at any time, express their objection to data collection for the purpose of advertisement or address via email or fax. Any data provided to the European Academy for Taxes, Economics & Law will be processed for reservations and bookings, as well as, for information about other seminars. Names and company names will be published in a participants’ list and forwarded to the mailing company.