Regulatory Updates

October 2023: Global Update

Global Updates – October 2023

Global updates – a quick glance

Belgium: Adopts new rules regarding employees becoming sick during their holidays, requires them to report sickness with a medical certificate if they wish to take leave.

Bulgaria: Amends VAT Act – (i) to introduce new reporting requirement related to uncollectible receivables effective July 12, 2023; and (ii) to provide for mandatory quarterly reporting of cash and receivables over BGN 50,000 effective August 1, 2023.


  • Law No. 14,611 on equal pay for equal work and gender equality effective July 4, 2023.
  • Updated monthly individual income tax brackets effective from May 2023.

Chile: The Internal Revenue Service of Chile (“SII”) reduced the minimum amount required for issuing simplified VAT invoices effective from July 1, 2023.


  • China extends the annual one-off bonus policy for resident individuals and the exemption for fringe benefits for foreign employees up to December 31, 2027.
  • China releases draft proposals to relax cross-border data transfer rules.  
  • China extends VAT incentives for small taxpayers through December 31, 2027.

Colombia: Reduction of minimum working hours in tranches of employees effective July 15, 2023.

Cyprus: Social insurance fund contribution rates to increase from 8.3% to 8.9% with effect from January 1, 2024. 

Czech Republic:

  • Significant amendments to the Czech Labor Code effective from October 1, 2023.
  • The Czech Republic published the ‘Act on Protection of Whistleblowers’ in line with the EU Directive, effective August 1, 2023.


  • The French government postpones the implementation of electronic invoicing system which was set to take effect from July 1, 2024. 
  • Expands benefits under parental leave and childcare provisions effective from July 21, 2023.
  • Employers to pay 30% social security contribution on mutually agreed termination indemnity effective from September 1, 2023.


  • German Whistle-Blower Protection Act is now in force with effect from July 2, 2023.
  • Reduced parental allowance income limits with effect from January 1, 2024.


  • Gibraltar presented the budget for the year 2023-24, and proposed changes in personal tax rate.
  • The New Fair-Trading Act takes effect from October 1, 2023, and the procedure for obtaining a new business license is simplified.


  • India enacted the Digital Personal Data Protection Act 2023; the effective date will be announced subsequently.
  • New time limit of 30 days for reporting invoices for taxpayers with an Aggregate Annual Turnover (“AATO”) of INR 1 billion or more, effective from November 01, 2023.
  • The Ministry of Corporate Affairs grants an extension for conducting annual general meeting (“AGM”) and extra-ordinary general meeting (“EGM”) through Video Conference (“VC”) or Other Audio-Visual Means (“OAVM”) till December 31, 2024.

Ireland: Ireland published the Budget for the year 2024; introduced changes to personal income tax slabs; implemented global minimum tax; changes to certain social security contributions; and changes to VAT thresholds.

Israel: Israeli Parliament approves ‘New Law’ to encourage investments in the technology industry effective July 31, 2023, providing tax incentives.


  • Japan implements a new invoicing system for Consumption Tax (“JCT”) effective from October 1, 2023. 
  • Mandatory e-archiving of electronic trading documents, including invoices, to apply from January 1, 2024.

Malaysia: Malaysia makes electronic tax filing mandatory effective from January 1, 2024.


  • Netherlands lowers pension age from 21 year to 18 years effective from July 1, 2023.
  • Introduces conditional dividend withholding tax of 25.8% on dividend payments to low tax jurisdictions effective from January 1, 2024. 
  • Passes bill regarding the determination of the location of supply for certain virtual services for VAT purposes.
  • Amends VAT Small Business Scheme (“KOR”) to cover businesses in EU having sales less than EUR 100,000 effective from January 1, 2025.
  • Tax Plan for 2024 presented before Parliament, changes proposed in personal income-tax slabs and rates, key corporate tax rates remain unchanged.

Singapore: Increase in standard GST rates in Singapore effective January 1, 2024.

Serbia: Extends paternity leave to fathers where mothers are self-employed effective from August 1, 2023.


  • Turkey enacts tax reforms on July 14, 2023, raises corporate tax rate from 20% to 25%, and removes certain exemptions.
  • Increases general VAT rate from 18% to 20% and reduced VAT rate from 8% to 10% effective from July 10, 2023. 


  • Council of Minister approves proposal to increase the employees’ medical allowance from baht 50,000 to baht 65,000, which is yet to be effective.
  • VAT rate of 7% to continue till September 30, 2024.

United Kingdom: UK-USA Data Privacy Framework extension becomes effective from October 12, 2023, for smooth transfer of personal data between the USA and the UK. 

Data Protection Fines Table
CountryAuthority NameFine imposed onReason for Fine Related to Data
Protection Failure
Amount of Fine
ChinaThe Cyberspace
Administration of China (‘CAC’)
China National Knowledge
(“CNKI”), a company
which provides
database service for users
including colleges,
universities, etc.
The fine was imposed for: – 
of personal information
without consent. failure to
delete users’ personal
information after
account cancellation.  failure
to make the privacy policy
failure to
provide an account
cancellation function.
of personal
beyond the
stated purpose
RMB 50 million
HungaryThe National Authority for Data
Protection and
Freedom of Information (‘NAIH’
Budapest Public Utilities Ltd
(“BKN”), (Provider of various
public utility services
including water supply,
sewage and wastewater
treatment, waste manageme
nt, public transportation etc.)
The fine was imposed for
violations of the GDPR
provisions, following a public
interest notification.  The
company failed to anonymize
personal data on its
website resulting into data
breach incident. The
authorities imposed a
fine for failure to
report the incident
and taking technical
measures to remove
or anonymize
such data.
HUF 16 million 
HungaryNational Authority for Data
 Protection and
Freedom of Information (‘NAIH’)
Digi Telecommunications and
Services Ltd (Provider of
telecommunications and
internet services in
The fine
was imposed for
violations of the
GDPR provisions
related to data
retention viz.
retaining data longer
than necessary,
and failure to address
system vulnerabilit
y, implement
the appropriate
technical and
organisational security
measures to mitigate
the risks.
HUF 80 million
IrelandThe Data
Commission (‘DPC’)
TikTok Technology
Limited (“TikTok”)
(A social media
platform, video
creation and sharing
The fine
was imposed for
TikTok’s failure to
comply with GDPR
regulations concerning
the handling of
belonging to child
EUR 345 million
South KoreaThe Personal
Information Protection
Commission (‘PIPC’)
Dreamus Company,
an electronics
and entertainment
The fine
was imposed for
failure to: notify the
data breach. 
implement appropriate
safety measures.
KRW 384.95
million and KRW 6
South KoreaThe Personal
Information Protection
Commission (‘PIPC’)
Platforms Ireland
Limited, a company which
builds technologies that help
in connecting people and
to grow businesses
A fine was imposed:
for tracking consumers’
online behaviour
without their
consent and using
their data for targeted
collecting Facebook user’s
personal data
without their consent.
KRW 6.5 billion
South KoreaThe Personal
Information Protection

Commission (‘PIPC’)

LLC, a company
engaged in providing online
and social network
A fine was
imposed for tracking
consumers’ online
behaviour information
without their
consent and using
their data for targeted
KRW 886 million
South KoreaThe Personal
Information Protection

Commission (‘PIPC’)
LG U+ Co., Ltd., a
mobile network operator
and telecom
The fine was
imposed for failure to: – 
notify data breach. 
destroy personal
data after the
expiration of the
retention period. 
implement appropriate
safety measures.
KRW 27 million
(administrative fine) and KRW
6.8 billion (penalty)
SwedenSwedish Authority for Privacy
protection (‘IMY’)
Hansa, branch of a
merged company
Tryg Forsikring A/S, a
company engaged in insurance
The branch
enabled access to
personal data by
unauthorized persons
and processing
of such data
involving sensitive
information of
customers of a merged
SEK 35 million