Tomáš Ščerba

Local Partner, Prague



Tomáš Ščerba is a member of the energy law and ICT law practice groups at White & Case. He has broad experience in such areas as cyber security, electronic contracting, the admissibility of electronic evidence and the legal status of electronic records, reliable storage and archiving and consumer contract law, as well as the pertinent privacy issues (including GDPR). In the past, he also assisted clients in the areas of company law, M&A, restructuring and corporate finance. 

Tomáš Ščerba publishes in national and international journals, and regularly lectures on current issues in the area of ICT law, both to students at Czech faculties of law and students at foreign law schools.

Bars and Courts
Czech Bar Association
Masaryk University, Faculty of Law

Brno, Czech Republic

Masaryk University, Faculty of Law

Brno, Czech Republic

Masaryk University, Faculty of Law

Brno, Czech Republic

Erasmus Program
Ghent University


He has been providing legal advisory services to, among others, the following clients:

NET4GAS, s.r.o. with respect to issues related to the operation of equipment used for the methanation of hydrogen and the injection thereof into the gas transmission system, with a particular view to legal analysis concerning unbundling (Power2Gas-type project).

PPF Group, a global private equity investor, in the USD 2.1 billion acquisition of CME, which operates television stations in Bulgaria, the Czech Republic, Romania, Slovakia and Slovenia. The transaction is subject to customary closing conditions, including the approval of the CME shareholders, the European Commission and national regulators in certain countries in which CME is active. Mr. Ščerba has been advising on IP, compliance, cyber and information security aspects of the transaction. 

Major insurance company in connection with the preparation of an in-depth analysis of the requirements related to the implementation of dynamic biometric signatures into contractual processes with clients (ultimate consumers) covering related cybersecurity and GDPR issues.

Tink AB, a Swedish company providing software solutions based on smart financial services, in connection with the preparation of a memo on the cybersecurity aspects of Tink's operational model concerning high-quality financial data from banks across Europe through a single API. 

National Cyber and Information Security Agency (NÚKIB) of the Czech Republic in connection with cybersecurity and international investment arbitration matters. 

Ministry of Transport of the Czech Republic within the PPP project for the construction of the D4 motorway. Mr. Ščerba has been providing expert legal advice on cyber security matters in respect of intelligent transport systems.

An individual shareholder of ARBOR, one of the leading providers of technical equipment, including supporting points and telco towers, for national telecommunication operators of mobile data and voice networks in the Czech Republic, in relation to the acquisition of shares in ARBOR by DRFG Telco Management, a.s., member of the DRFG, a Czech multibillion financial group.

ČEZ, a. s., within the context of a complex cyber security project for selected ČEZ group companies. This long-term engagement primarily included legal assistance for the creation of draft policies and documentation associated with organizational and technical matters, and the provision of a host of legal opinions and communication matrices for business partners, but also for stakeholders among the public authorities. This extraordinary project also called for the drafting of a number of contractual arrangements and of security documentation that would ensure the proper operation of the ČEZ Group Security Operations Center.*

ČEZ Distribuce, a. s., within the context of comprehensive legal advice related to several contracting projects that focused on the legal status of electronic communications and the receipt thereof by internal systems of the company, processing by server solutions of the company or partners within the group, and storage and long-term archiving. The engagement, which spanned several years, included, among other things, legal assistance in connection with the drafting of a framework agreement on the provision of distribution system services and of general terms of trade, and the drafting and review of related documents (which contained various rules for electronic contracting). Mr. Ščerba's legal assistance also included the negotiation of draft agreements with professional associations (such as ANDE) and communication with the relevant public authorities (Energy Regulatory Authority, Data Protection Office, etc.).*

world BTC business, SE, in connection with issues related to the processing of personal data, the setup of internal guidelines and policies related to the transfer of client data, the drafting of notices, and a review of selected AML and GDPR documents.*

Provident Financial s.r.o., with legal advice that comprised, in particular, the setup of communication platforms allowing for the demonstrable and documentable service of documents to clients (and in particular, from the ranks of consumers). An integral part of the advisory services rendered by Mr. Ščerba was an analytical assessment of what communication tools and channels would be best suited for the delivery of notices to clients, and the processing and long-term archiving of such notices.*

ČEZ ICT Services, a. s., within the context of a project for the outsourcing of telecommunication services and the related reconfiguration of key contractual relations within ČEZ Group. This entailed, among other things, transactional advice related to the establishment of a new entity: Telco Pro Services, a. s.; a contribution-in-kind to, and increase of, the registered capital of this company; and the drafting of a comprehensive set of outsourcing contracts and related documentation.*

ARBOR, spol. s r.o., něm, ARBOR GmbH, with legal advice in the areas of information management, data protection and electronic contracting. Mr. Ščerba's legal assistance also included a GDPR compliance analysis, and the preparation of a set of recommendations for the fully compliant management and processing of specific information, including personal data.*

AUDI AG, with respect to regulatory issues related to on-board telecommunication services provided via in-built SIM cards and operating software, including the preparation of related legal analyses and the communication with the relevant public authorities (among them the Czech Telecommunications Office).*

Skytoll CZ s.r.o., in connection with the tender procedure for an electronic toll contract, with a particular focus on drafts and revisions of contractual documents, but also involving related tasks (including a number of legal memoranda).*

*Matters prior to joining White & Case