Regulatory Updates

April 2023: Global Updates

Global updates – a quick glance

Argentina: Companies with 100 or more employees to provide child-care spaces or non-remunerative allowance in lieu of child-care spaces by July 31, 2023.


  • Respect at Work’ bill providing stringent provisions against sexual harassment and discrimination at workplace received royal assent on December 12, 2022, and became a law.
  • Superannuation guarantee contribution base increased to AUD 62,270 per quarter and contribution rate increased from 10.5% to 11% p.a., effective from July 1, 2023
  • Effective from August 1, 2023, businesses with more than 15 employees are obliged to provide 10 days of family and domestic violence paid leave.

Bulgaria: Amends VAT Act to revise turnover threshold for VAT registration and raises refund thresholds effective from January 1, 2023.


  • Canada presented the federal budget for 2023 on March 28, 2023; Proposed increase in the Alternate Minimum Tax (“AMT”) rate from 15% to 20.5%.
  • Canada introduces 10 days of mandatory paid sick leave annually for federal workers, effective from December 1, 2022, and other changes.
  • Québec: A new requirement to report significant beneficiaries’ information beginning March 31, 2023.
  • Quebec presented the Budget for 2023 on March 21, 2023; Changes to Personal income tax rates and income thresholds.
  • Ontario: New requirement to maintain “Transparency Register” of Significant Beneficiaries comes into effect from January 1, 2023.


  • From January 1, 2023, small and thin profit enterprises (“STPEs”)  to have an effective CIT rate of 5% (as against effective tax rate of 2.5% for the year 2022) on annual taxable income of up to CNY 1 million.
  • Final Standard contractual clauses for overseas transfer of personal data to be effective from June 1, 2023.


  • Companies with more than 150 employees are obliged to file Unified Occupational Risk Assessment Document (DUERP) online from July 1, 2023.
  • Employers are obliged to issue updated pay slip containing “Net Social Amount” beginning from July 1, 2023.

Honduras: Changes in Individual income tax slabs published for 2023. No change in rates.

Hong Kong:

  • Hong Kong’s budget for 2023 increases basic and the additional child allowance for each child born during the tax year 2023–24 from the current HKD 120,000 to HKD 130,000.
  • Hong Kong amends Companies Ordinance to allow the conduct of general meeting through fully virtual and hybrid mode.

Hungary: Effective from January 1, 2023, mothers aged between 25 and 30 years of age exempted from personal income tax, subject to monthly salary cap.

Germany: Elimination of the obligation to submit the certificate of incapacity for work to the employer by employees who are members of the statutory health insurance, effective from January 1, 2023.


  • India enacts Finance Act, 2023, with the following key provisions –
  • Makes ‘without deductions’ personal income tax regime as ‘default’ tax regime by introducing beneficial tax brackets and slabs. Also allows individuals an option to select ‘with deduction’ tax regime where tax rates and brackets are less beneficial, but individual can claim various deductions;
  • Doubles the withholding tax rates applicable under domestic law for certain payments to non-residents from 10% to 20%.
  • Central Board of Direct Taxes extends the paper filing of Form 10F (for claiming DTAA benefit) until September 2023.


  • New requirements for verification of director’s identity by providing their Personal Public Service Number (“PPSN”), effective from April 23, 2023.
  • Implementation of EU Working Conditions Directive, effective from December 16, 2022 – probationary periods cannot exceed 6 months for most new hires in the private sector.

Israel: The Tax Authority publishes updated personal income tax slabs and rates for 2023.

Italy: Italy Budget 2023 introduces changes in parental leave and social security contribution relief to employees as well as employment incentives for recruiting certain categories of employees.

Japan: Unemployment insurance contribution on salaries increased from 1.35% to 1.55% effective from April 2023.


  • Malaysia amends Employment Act to introduce prior approval from January 1, 2023, for hiring foreign workers in Malaysia.
  • Malaysian Prime Minister presents revised budget–
  • Proposes to reduce corporate tax rates for Micro, Small and Medium Enterprises (“MSMEs”) from 17% to 15% for taxable income up to RM 150,000 effective from year of assessment 2023;
  • Announces changes to personal tax rates effective from year of assessment 2023.

Philippines: Monthly VAT returns replaced by quarterly VAT returns from January 1, 2023.

Poland: Remote work regulations and employee sobriety check regulations effective from February 21, 2023, and April 7, 2023, respectively.

Serbia: E-invoicing applicable to business-to-business (“B2B”) transactions from January 1, 2023.

Singapore: Budget 2023 receives assent from the President on March 23, 2023; Enterprise Innovation Scheme introduced; Paid paternity leave increased from 2 weeks to 4 weeks for children born on or after January 1, 2024; GST rates to be increased.

South Africa: South Africa announces national budget, revises personal income-tax slabs and rates and corporate tax rates effective tax year 2023.

Spain: Companies to have internal information and reporting system for whistle-blower protection.

Switzerland: Two weeks adoption leave introduced from January 1, 2023, for employees.

Taiwan: Increases exemption limit for Income Basic Tax (alternative minimum tax) for companies from 2023.

Thailand: Labor Protection Act amended to facilitate remote working and work-from-home from April 18, 2023.

United Kingdom: Finance Bill 2023 published to implement announcements in Spring Statement such as pension tax relief, transfer pricing documentation and global minimum tax provisions.

Data Protection Fines Table
Country Authority Name Fine imposed on Reason For Fine Related to Data Protection Failure Amount of Fine
France The French Data Protection Authority (Commission nationale de l’informatique’et des libertés/CNIL)   APPLE INC. and its subsidiaries (collectively the “APPLE Group”), a multinational company engaged in designing, manufacturing, and selling smartphones, personal computers, tablets, wearables, accessories and sells a range of related services. Fine was imposed for failure to obtain direct/indirect consent from users for processing their data for targeted advertising in Apple Stores. EUR 8 million
France The French Data Protection Authority (Commission nationale de l’informatique’et des libertés/CNIL)   Microsoft Ireland Operations Limited, a multinational company engaged in the business of software development. Fine was imposed for making the mechanism for refusal of cookies more complex as compared to the mechanism to accept cookies and thus nudging users to accept cookies. CNIL concluded that this infringes the freedom of consent of internet users. EUR 60 million
France The French Data Protection Authority (Commission nationale de l’informatique’et des libertés/CNIL)   TikTok, a multinational company engaged in providing social networking platform to users Fine was imposed for the platform’s violation regarding consent for cookies. CNIL concluded that it did not provide users with an appropriate option to opt out of cookies. EUR 5 million
France The French Data Protection Authority (Commission nationale de l’informatique’et des libertés/CNIL)   Cityscoots SAS, a company engaged in the services of renting cars, electric scooters, and motor vehicles. Fine was imposed for breach of data minimization obligation as it collected data of the geolocation of vehicles every 30 seconds and kept a record of this information. EUR 125,000
Hungary The National Authority for Data Protection and Freedom of Information (‘NAIH’)  TV2 Média Csoport Zrt., a media company engaged in managing the television portfolio.   Violation of the principle of fair and transparent data management in respect of personal data managed on the websites. It was asked by the authorities to bring the data management in line with the GDPR, including providing adequate information and having legal grounds of processing. HUF 10 million
Ireland The Data Protection Commission (“DPC”) WhatsApp Ireland Limited, a company in the social media service industry. Fine was imposed for forcing users to provide consent which violates GDPR principle of free and informed consent. Also, the company provided insufficient clarity as to the purpose and nature of processing operations carried out on the user’s personal data. EUR 5.5 million
Ireland The Data Protection Commission (“DPC”) Centric Health Ltd., a company engaged in providing health care services. A fine was imposed for not sending notifications about ransomware attacks to the patients whose sensitive data was compromised during the attack. The attack caused loss and alteration of personal and special category data of around 70,000 data subjects. EUR 460,000
Ireland The Data Protection Commission (“DPC”) Meta Platforms Ireland Limited, a multinational company. (Operating as the data controller of the social media platform – Facebook and Instagram both of which are multinational Information Technology companies). A fine was imposed for breaches under GDPR on Facebook and Instagram services for lack of transparency and clarity to users in relation to purpose and processing operations carried out on their personal data. DPC has directed both to reassess the legal basis for running of advertising based on personal data in the European Union. EUR 210 million – for breaches of the GDPR relating to its Facebook service.   EUR 180 million- for breaches in relation to its Instagram service.
Italy Italian data protection authority (‘Garante’)  Areti S.p.A, a company engaged in electricity distribution services. Fine was imposed for the following reasons: Failure to follow data retention practices;Processing of inaccurate and outdated data;Inadequate technical and organizational measures for data processing; andFailure to adequately respond to the complainant’s request to exercise their rights. EUR 1 million
Italy Italian data protection authority (‘Garante’)  Edison Energia S.p.A, a company engaged in providing electricity and natural gas. Fine was imposed for the following reasons: Violation in providing transparent information.Failure to follow the data protection requirements in promotional campaigns.Failure to provide direct and simplified data processing requirements. EUR 4.9 million
South Korea The Personal Information Protection Commission (‘PIPC’) Meta Platforms Inc (builds technologies that help in connecting people and grow businesses). A fine was imposed on the grounds that Meta banned users from accessing Facebook and Instagram services where users did not consent to collect behavioural data. PIPC also directed Meta to change its policies in addition to a levy of fine. KRW 6.6 million
United Kingdom The Information Commissioner’s Office (“ICO”) It’s Ok Limited, a company engaged in the service of repair of household appliances, home, and garden equipment, etc. Unlawfully making marketing calls to people registered with the Telephone Preference Service (“TPS”) GBP 200,000