Delina Chonova

Assistant Manager, Legal Department

Chris Koutouroussis

Partner, Legal and Corporate Services

Linkedin

The post Bulgaria: Changes in the legislation concerning UBO disclosure appeared first on Baker Tilly South East Europe.

Οι υπηρεσίες της επιχείρησης στο εξωτερικό είναι οι ίδιες με αυτές που προσφέρονται στην Κύπρο και με μικρές μόνο παραλλαγές σε θέματα συμμόρφωσης με τους κανόνες της κάθε αγοράς. Το βασικό πλεονέκτημα της Baker Tilly, σύμφωνα με τον κ. Κλείτου, έγκειται στο ότι μπορεί να προσφέρει υπηρεσίες στις πέντε χώρες μέσω μιας επαφής στη χώρα που θα επιλέξει ο πελάτης (single point of contact). Την ίδια στιγμή, κάθε τμήμα της επιχείρησης σε οποιαδήποτε από τις χώρες, μπορεί να προσφέρει στους πελάτες, κάτω από τη μεγάλη ομπρέλα της Baker Tilly South East Europe, υπηρεσίες που εμπερικλείουν τις εμπειρίες και τις γνώσεις από όλα τα γραφεία της εταιρείας στο region.

Καθώς στρέφουμε τη συζήτηση στις προκλήσεις της επέκτασης με θυγατρικές στο εξωτερικό, ο Σάββας Κλείτου υπογραμμίζει πως η εμπειρία του τον έχει διδάξει δύο πράγματα. Το πρώτο ότι η δυσκολία να δημιουργήσεις κάτι στο εξωτερικό σε σχέση με την Κύπρο, είναι αναλογικά 1:10. Το δεύτερο, ότι η διαχείριση των γραφείων στο εξωτερικό δεν μπορεί να γίνει με τηλεχειριστήριο, πρέπει να είσαι παρών. Κατά τα άλλα, ο ίδιος θεωρεί ότι τα προβλήματα είναι τα ίδια,  ιδικότερα με την παγκοσμιοποίηση και την εξέλιξη της τεχνολογίας. Έτσι και αλλιώς, στην Baker Tilly South East Europe έχουν διαμορφώσει το δικό τους reporting system, που επιτρέπει την επιτυχή λειτουργία και παρακολούθηση των απανταχού δραστηριοτήτων. «Η ψηφιακή μετάβαση έχει κάνει τις διαδικασίες διαχείρι σης ποιότητας και αποτελέσματος πολύ πιο εύκολες και αποδοτικές. Επενδύουμε συνεχώς σε νέες τεχνολογίες και συστήματα με βασικό γνώμονα τη βελτίωση του επιπέδου των υπηρεσιών που προσφέρονται άλλα και την παροχή των καλυτέρων ευκαιριών στον κόσμο μας για να εξελιχθεί». Αξίζει να σημειωθεί ότι η Baker Tilly South East Europe θεωρείται, πλέον, ο βασικός σύνδεσμος για το δίκτυο της Baker Tilly International στα Βαλκάνια και την περιοχή της Ανατολικής Ευρώπης.

Και ποιο είναι το συστατικό της επιτυχίας της; Ο κ. Κλείτου κάνει λόγο για ένα και μοναδικό τρίπτυχο: Η σκληρή δουλειά, ο επαγγελματισμός και η επιλογή της σωστής ομάδας συνεργατών μπορούν να εκτοξεύσουν στα ύψη τις δραστηριότητες μιας επιχείρησης.

Πηγή: https://inbusinessnews.reporter.com.cy/inb.imh.com.cy.html#/reader/51017/1803958

The post Doing Business Overseas – Cover Story For Inbusiness Magazine appeared first on Baker Tilly South East Europe.

Article by: Constantinos Michael, Director – Legal Services , Baker Tilly South East Europe

Considering that 2023 was the “year of AI”, it seems now that 2024 is already moving to be quite similar. There is great hype about envisaged and proposed legislation at EU level for these matters, and organisations are already working on understanding their current (and forthcoming) obligations under these acts, putting in the necessary governance frameworks to meet such obligations which does not seem to be an easy task to handle.

In a nutshell and according to the EU’s legislative agenda, it seems that nearly forty digital sector laws are still in negotiation or planned as initiatives.

We are putting emphasis on three of these laws which seem, based on intense legal writings across the paper and digital worlds, to be considered as having heavy impact on many businesses from 2024 onwards.

NIS2 Directive

The NIS2 directive, or the Network and Information Systems Directive 2, is a European Union directive aimed at enhancing the cybersecurity and resilience of critical infrastructure and digital services. NIS2 repeals and replaces the NIS1 Directive and is designed to harmonise the approach to cybersecurity among EU member states. Some important points of the directive (coming into force in October 2024), which broadens the scope of the previous Directive, include:

Scope: It applies to operators of essential services (OES) in sectors such as energy, transport, banking, financial market infrastructures, health, water supply, and digital infrastructure, as well as to digital service providers (DSPs) such as cloud computing services, online marketplaces, and search engines. In certain cases (in the “essential” and “important” sectors) it will apply regardless of the organization’s size, and it will also apply to medium and large entities (i.e., those with less than 250 employees and an annual turnover below €50 million) in those sectors. Small entities — those with less than 50 employees and annual turnover below €10 million — are largely exempt, unless the entity is important to the functioning of the EU member state.

Obligations: OES and DSPs are required to implement risk management measures, report incidents to national authorities, and adhere to security and incident notification requirements. New enhanced obligations will relate to cybersecurity, governance and incident management.

Cooperation and coordination: Member States are encouraged to cooperate and coordinate with each other to ensure effective implementation and response to cybersecurity incidents.

Supervisory authorities: Each Member State is required to designate one or more competent national authorities to oversee compliance with the directive and handle incident response. For a breach of its reporting obligations, an essential organization could receive a maximum fine of the greater of €10 million or 2% of worldwide annual turnover for the previous financial year, while fines for important entities can be up to the greater of €7 million or 1.4% of worldwide annual turnover.

DORA

The Digital Operational Resilience Act (DORA) is part of the EU’s Digital Finance Package, which is a bloc-wide cybersecurity regulatory initiative for the financial services sector and aimed to come into force early 2025.

Scope: DORA applies to a wide range of entities, including credit institutions, investment firms, central counterparties, central securities depositories, data providers, cloud computing service providers, and more. It covers both financial entities and digital service providers.

Objectives: DORA aims to ensure the continued provision of critical services in the digital sector and enhance the overall operational resilience of financial entities. It focuses on preventing and mitigating cyber incidents, ensuring robust incident response capabilities, and enhancing coordination among relevant authorities. Its main obligations can be grouped in (a) governance and controls, (b) ICT risk management, (c) incident reporting and (d) third party contracting.

Cyber Resilience Act

The Cyber Resilience Act (CRA) seeks to set European-wide cybersecurity compliance standards for digitised products that are manufactured / sold in the EU. The law was agreed by the EU legislative bodies in November 2023; it will likely be passed early next year and take effect in 2025.

The CRA puts requirements on manufacturers to protect European consumers against cybersecurity risks and report vulnerabilities within 24 hours and obligations on manufacturers, importers and distributors to ensure products meet high cyber security standards. These include undertaking risk and conformity assessments, ensuring that the products they import bear CE markings and contain other transparency information.

Penalties under the CRA are similar to the GDPR provisos. A manufacturer that doesn’t meet its obligations can be subject to a fine of up to the higher of €15 million or 2.5% of total worldwide annual turnover. Other infringements can lead to similar fines up to a percentage of global annual revenue. If incorrect, incomplete or misleading information is given to authorities in response to a request, fines may once more be imposed.

The post Key EU Laws Impacting Businesses In 2024 appeared first on Baker Tilly South East Europe.