STUDIO PROFESSIONALE ASSOCIATO A BAKER & MCKENZIE

Their core work

Baker & McKenzie's Milan studio is the Italian office of one of the world's largest international law firms. In the context of EU research, they function as embedded legal specialists within technology consortia — providing authoritative analysis of EU privacy law, digital identity regulation, and data protection compliance. Their H2020 contribution spans both the design of privacy-preserving credential architectures (advising on legal feasibility and fundamental rights) and the translation of GDPR requirements into actionable business process guidelines. For technology developers working in the digital identity and data-processing space, they bridge the gap between regulatory text and technical implementation.

What they specialise in

How they've shifted over time

Both projects fall within the Security pillar and share a data-protection thread, but the emphasis has shifted over time. The earlier ReCRED project (2015–2018) dealt with fundamental questions about how legal identity maps onto privacy-preserving digital credentials — a relatively theoretical, design-phase challenge. The later BPR4GDPR project (2018–2021) reflects a sharp pivot toward operational compliance: after GDPR came into force in 2018, the question was no longer how to design privacy into systems but how organisations must change their business processes to comply. This trajectory mirrors the broader legal market shift from privacy-by-design advocacy to GDPR enforcement readiness.

Their focus has moved from upstream legal framework design toward downstream regulatory compliance tooling — suggesting they are well-positioned for future projects tackling AI Act, Data Act, or eIDAS 2.0 implementation challenges.

How they like to work

Baker & McKenzie Milan operates exclusively as a specialist partner, never as project coordinator — consistent with a law firm's typical role of providing targeted legal expertise rather than managing research consortia. With 22 distinct partners across only 2 projects, they engage within broad, multi-stakeholder consortia rather than tight bilateral arrangements. This points to a model where they are brought in to give credibility and regulatory depth to technology-led projects, rather than driving the project agenda themselves.

Across two projects they have worked with 22 unique partners spanning 9 countries, which for a law firm is a notably broad European footprint. The geographic spread is consistent with multi-country consortia typical of Security-pillar Innovation Actions, where cross-border legal harmonisation is itself a deliverable.

What sets them apart

Most legal contributors to EU research projects are academic law departments; Baker & McKenzie brings the perspective of a firm that actually advises multinationals on compliance — meaning their legal analysis is grounded in real operational constraints, not just doctrine. Their dual focus on both identity technology law (ReCRED) and GDPR process compliance (BPR4GDPR) makes them unusually versatile for any consortium handling personal data at scale. For a project coordinator who needs a legal partner that regulators and industry will recognise by name, this is a significant credibility asset.

Highlights from their portfolio

• BPR4GDPR
  Directly addresses GDPR operational compliance with a functional toolkit — one of the most commercially relevant deliverables in the dataset, with clear licensing and commercialisation potential beyond the project lifetime.
• ReCRED
  Tackled the foundational legal challenge of device-centric, attribute-based identity before GDPR existed, making it an early-mover contribution to the privacy-by-design regulatory conversation.