Why Thomann Rethought its Rights and Obligations Management
More products, more markets, more regulation: it became clear at Thomann that the previous solutions could no longer keep pace at some point. How this leads to a new approach to rights and obligations management – all the way to an AI-powered legal register – originated, reports Kevin Rodler In conversation.
„The quality of the AI legal register increases the better a company explains its structures and interdependencies to the AI, thereby creating a reliable context.“
Insights from Compliance Practice at Thomann
Kevin Rodler is Chief Compliance Officer at Thomann GmbH, the internationally operating music retailer with its own E‑Commercial business and an extensive own-brand portfolio. For many years, he has been involved in the expansion of Product Compliance, ESG and supply chain issues within the company. In this practical report, he openly shares how Thomann transitioned from fragmented Excel lists and isolated solutions to centrally managed, AI-supported legal and compliance management, and what role the right context for AI played in this process.
What was the trigger for fundamentally addressing legal and rights management?
Thomann has grown significantly in recent years, both in terms of turnover and employees, product range and markets. At the same time, the Regulatory dynamics have increased enormously: new EU regulations, national rules, and sector-specific requirements are being added with high frequency, accompanied by increasingly extensive and complex texts. In day-to-day business, it became apparent that the solutions, which had evolved very differently, were reaching their limits. In several areas, their own small legal registers were created, often based on Excel lists or server storage. At the latest during audits or certifications, it became visible how much effort is needed to gain a reliable and up-to-date overall overview from this.
How did you specifically go about building a new legal cadastre at the time?
The first step involved an inventory of the existing structures:
- What sources do the departments use?
- Where are which lists located?
- And which tools are used?
Based on this, a concept for a central legal register was developed, which mapped all relevant requirements at Thomann, thus encompassing areas such as health and safety at work, finance, and the supply chain, in addition to product compliance. For the AI-supported system, company information was then specifically prepared, for example, descriptions of the business model, the product portfolio, the markets, and in particular of Thomann's various roles as a retailer, an e-commerce company, and as an importer or quasi-manufacturer.
This information was then formulated such that the AI could Context could recognise. It was precisely this preparatory work that later proved to be decisive, because in practice it became clear how much the AI result quality depends on a clearly described context.
What was the biggest surprise when working with the AI-based legal register?
A key insight was that a large amount of data alone does not guarantee a good outcome. Initially, many documents flowed into the system, for example, article lists, company descriptions, and customs tariff numbers. Nevertheless, individual regulations that were clearly relevant from Thomann's perspective were initially classified as not relevant. The analysis showed that the AI Thomann especially as an e-commerce retailer, and inadequately reflected the role of importer or manufacturer. Only when this context was explicitly described and the customs tariff numbers were clearly linked to the import activity did the relevance rating improve significantly.
How do you ensure the reliability of the legal cadastre when using AI?
The system first categorises laws and regulations into the categories „Applicable“ and „Not applicable“ and lodges a justification. At the same time, the responsibility for assessment remains within the company. At Thomann, the compliance department systematically reviews the results, paying particular attention to regulations that have been classified as irrelevant. Where it makes technical sense, the responsible departments are also involved. The AI takes care of sorting and pre-structuring the large volume of legal sources, with the final classification consciously carried out by dem Human-in-TheLoop principle.
What is the current situation with Thomann and what are the next steps?
It started with topics that typically fall within the compliance area, particularly Product Compliance and Extended Producer Responsibility (EPR) obligations. The legal register now encompasses numerous frameworks and several hundred concrete obligations. Expansion into further areas such as occupational health, workplace safety, and finance has commenced. Prospectively, the system is to be rolled out to all subsidiaries in order to establish unified, centralised knowledge management for compliance requirements across the entire group.
What role does the interplay between central control and specialist departments play?
At Thomann, the legal register is managed centrally within the Compliance department. The departments each receive access to the duties that are relevant to their work. This creates a shared knowledge base, as opposed to isolated information silos or purely individual solutions. Expertise deliberately remains anchored within the teams that know the processes and risks in detail. Larger implementation projects are transferred from the legal register into existing ticket systems. The AI legal register serves as as the central source for legal bases and obligations, while operational project control takes place in the established systems.
Thank you very much, Mr Rodler, for the very open and practical insights into the implementation of the AI legal register at Thomann GmbH.
Our next free webinar for you:
We regularly offer exciting webinars on the topic of AI legal registers. Customers, partners, and experts engage in dialogue with us and you to discuss experiences and best practices for implementing legal and compliance management – from Product Compliance, occupational health and safety, through to ESG and supply chain issues.