Global Updates – October 2023
Global updates – a quick glance
Belgium: Adopts new rules regarding employees becoming sick during their holidays, requires them to report sickness with a medical certificate if they wish to take leave.
Bulgaria: Amends VAT Act – (i) to introduce new reporting requirement related to uncollectible receivables effective July 12, 2023; and (ii) to provide for mandatory quarterly reporting of cash and receivables over BGN 50,000 effective August 1, 2023.
Brazil:
- Law No. 14,611 on equal pay for equal work and gender equality effective July 4, 2023.
- Updated monthly individual income tax brackets effective from May 2023.
Chile: The Internal Revenue Service of Chile (“SII”) reduced the minimum amount required for issuing simplified VAT invoices effective from July 1, 2023.
China:
- China extends the annual one-off bonus policy for resident individuals and the exemption for fringe benefits for foreign employees up to December 31, 2027.
- China releases draft proposals to relax cross-border data transfer rules.
- China extends VAT incentives for small taxpayers through December 31, 2027.
Colombia: Reduction of minimum working hours in tranches of employees effective July 15, 2023.
Cyprus: Social insurance fund contribution rates to increase from 8.3% to 8.9% with effect from January 1, 2024.
Czech Republic:
- Significant amendments to the Czech Labor Code effective from October 1, 2023.
- The Czech Republic published the ‘Act on Protection of Whistleblowers’ in line with the EU Directive, effective August 1, 2023.
France:
- The French government postpones the implementation of electronic invoicing system which was set to take effect from July 1, 2024.
- Expands benefits under parental leave and childcare provisions effective from July 21, 2023.
- Employers to pay 30% social security contribution on mutually agreed termination indemnity effective from September 1, 2023.
Germany:
- German Whistle-Blower Protection Act is now in force with effect from July 2, 2023.
- Reduced parental allowance income limits with effect from January 1, 2024.
Gibraltar:
- Gibraltar presented the budget for the year 2023-24, and proposed changes in personal tax rate.
- The New Fair-Trading Act takes effect from October 1, 2023, and the procedure for obtaining a new business license is simplified.
India:
- India enacted the Digital Personal Data Protection Act 2023; the effective date will be announced subsequently.
- New time limit of 30 days for reporting invoices for taxpayers with an Aggregate Annual Turnover (“AATO”) of INR 1 billion or more, effective from November 01, 2023.
- The Ministry of Corporate Affairs grants an extension for conducting annual general meeting (“AGM”) and extra-ordinary general meeting (“EGM”) through Video Conference (“VC”) or Other Audio-Visual Means (“OAVM”) till December 31, 2024.
Ireland: Ireland published the Budget for the year 2024; introduced changes to personal income tax slabs; implemented global minimum tax; changes to certain social security contributions; and changes to VAT thresholds.
Israel: Israeli Parliament approves ‘New Law’ to encourage investments in the technology industry effective July 31, 2023, providing tax incentives.
Japan:
- Japan implements a new invoicing system for Consumption Tax (“JCT”) effective from October 1, 2023.
- Mandatory e-archiving of electronic trading documents, including invoices, to apply from January 1, 2024.
Malaysia: Malaysia makes electronic tax filing mandatory effective from January 1, 2024.
Netherlands:
- Netherlands lowers pension age from 21 year to 18 years effective from July 1, 2023.
- Introduces conditional dividend withholding tax of 25.8% on dividend payments to low tax jurisdictions effective from January 1, 2024.
- Passes bill regarding the determination of the location of supply for certain virtual services for VAT purposes.
- Amends VAT Small Business Scheme (“KOR”) to cover businesses in EU having sales less than EUR 100,000 effective from January 1, 2025.
- Tax Plan for 2024 presented before Parliament, changes proposed in personal income-tax slabs and rates, key corporate tax rates remain unchanged.
Singapore: Increase in standard GST rates in Singapore effective January 1, 2024.
Serbia: Extends paternity leave to fathers where mothers are self-employed effective from August 1, 2023.
Turkey:
- Turkey enacts tax reforms on July 14, 2023, raises corporate tax rate from 20% to 25%, and removes certain exemptions.
- Increases general VAT rate from 18% to 20% and reduced VAT rate from 8% to 10% effective from July 10, 2023.
Thailand:
- Council of Minister approves proposal to increase the employees’ medical allowance from baht 50,000 to baht 65,000, which is yet to be effective.
- VAT rate of 7% to continue till September 30, 2024.
United Kingdom: UK-USA Data Privacy Framework extension becomes effective from October 12, 2023, for smooth transfer of personal data between the USA and the UK.
| Data Protection Fines Table | ||||
|---|---|---|---|---|
| Country | Authority Name | Fine imposed on | Reason for Fine Related to Data Protection Failure | Amount of Fine |
| China | The Cyberspace Administration of China (‘CAC’) | China National Knowledge Infrastructure (“CNKI”), a company which provides database service for users including colleges, universities, etc. | The fine was imposed for: – collection of personal information without consent. failure to delete users’ personal information after account cancellation. failure to make the privacy policy public. failure to provide an account cancellation function. collection of personal information beyond the stated purpose | RMB 50 million |
| Hungary | The National Authority for Data Protection and Freedom of Information (‘NAIH’) | Budapest Public Utilities Ltd (“BKN”), (Provider of various public utility services including water supply, sewage and wastewater treatment, waste manageme nt, public transportation etc.) | The fine was imposed for violations of the GDPR provisions, following a public interest notification. The company failed to anonymize personal data on its website resulting into data breach incident. The authorities imposed a fine for failure to report the incident and taking technical measures to remove or anonymize such data. | HUF 16 million |
| Hungary | National Authority for Data Protection and Freedom of Information (‘NAIH’) | Digi Telecommunications and Services Ltd (Provider of telecommunications and internet services in Hungary) | The fine was imposed for violations of the GDPR provisions related to data retention viz. retaining data longer than necessary, and failure to address system vulnerabilit y, implement the appropriate technical and organisational security measures to mitigate the risks. | HUF 80 million |
| Ireland | The Data Protection Commission (‘DPC’) | TikTok Technology Limited (“TikTok”) (A social media platform, video creation and sharing application). | The fine was imposed for TikTok’s failure to comply with GDPR regulations concerning the handling of personal data belonging to child users. | EUR 345 million |
| South Korea | The Personal Information Protection Commission (‘PIPC’) | Dreamus Company, an electronics and entertainment company | The fine was imposed for failure to: notify the data breach. implement appropriate safety measures. | KRW 384.95 million and KRW 6 million |
| South Korea | The Personal Information Protection Commission (‘PIPC’) | Meta Platforms Ireland Limited, a company which builds technologies that help in connecting people and to grow businesses | A fine was imposed: for tracking consumers’ online behaviour information without their consent and using their data for targeted advertisements. collecting Facebook user’s personal data without their consent. | KRW 6.5 billion |
| South Korea | The Personal Information Protection Commission (‘PIPC’) | LLC, a company engaged in providing online photo-sharing application and social network platform | A fine was imposed for tracking consumers’ online behaviour information without their consent and using their data for targeted advertisements. | KRW 886 million |
| South Korea | The Personal Information Protection Commission (‘PIPC’) | LG U+ Co., Ltd., a mobile network operator and telecom company | The fine was imposed for failure to: – notify data breach. destroy personal data after the expiration of the retention period. implement appropriate safety measures. | KRW 27 million (administrative fine) and KRW 6.8 billion (penalty) |
| Sweden | Swedish Authority for Privacy protection (‘IMY’) | Trygg- Hansa, branch of a merged company Tryg Forsikring A/S, a company engaged in insurance sector | The branch enabled access to personal data by unauthorized persons and processing of such data involving sensitive information of customers of a merged company. | SEK 35 million |