DORA Regulation & ICT Third-Party Risk Management
The European Union has been on a regulatory sprint to strengthen its digital defences. Alongside the NIS2 Directive, the Cyber Resilience Act, the EU AI Act and the Critical Entities Resilience Act, the Digital Operational Resilience Act (hereinafter: DORA)[1] forms part of a sweeping framework to harden Europe’s cyber posture. These laws reflect a recognition […]
Register Your Startup or Spin-off in The Register of Subjects of the National Innovation System
Updated: March 2026 | Next review: October 2026 A startup registered in the Registry of Subjects of the National Innovation System does not have to prove to the tax authorities that it conducts innovative activity. The Registry confirms that on its behalf. That is not a minor point: the registration is a condition for accessing […]
Should You Consider Purchasing a Shelf Company or an Existing Company Instead of Establishing One in Serbia?
Updated: March 2026 | Next review: October 2026 Most foreign investors entering the Serbian market wait 10 to 15 working days for the Business Registers Agency decision, then another few weeks for a bank account. That is not a malfunction: it is the standard timeline for company registration in Serbia. But there is an alternative […]
7 Fatal Legal Mistakes Startups Make
Updated: March 2026 | Next review: October 2026 According to Startup Genome research, around 90% of startups fail globally. Ten percent cease operations in the first year alone. Those figures reflect primarily developed ecosystems like the US. In Serbia the situation is not dramatically better, but the reasons for failure are different: Serbian startups rarely […]
New Law on Information Security – challenge or opportunity for companies in the Republic of Serbia?
In an era when over 11 000 publicly reported cyber-incidents rattled organisations across the EU[1] in a single year — with DDoS attacks vaulting into first place and ransomware still haunting nearly half of all critical breaches — Serbia’s newly proposed Law on Information Security lands at a pivotal moment. Meanwhile, across the Atlantic, Verizon’s […]
CEO as Data Protection Officer? Expect a Hefty Fine
In October 2024, Austria’s Data Protection Authority (hereinafter: the “DSB“) delivered a clear message: you cannot appoint your managing director as your Data Protection Officer (DPO) without risking a hefty fine. DSB imposed a €5,000 fine on a company for appointing its managing director as its DPO. The DSB found that the dual role created […]
Open Banking in Serbia: A New Era for Finance?
The amended Law on Payment Services introduces significant changes for the fintech industry In early August 2024, the Law Amending the Law on Payment Services (hereinafter: the “Law”) entered into force, aiming to enhance the payment services market in Serbia, foster the digitalization of financial services, and align the regulatory framework with that of the […]
Serbian Tax Law: Key Incentives for IP and Innovation in 2026
Tax incentives are crucial in shaping corporate strategies in an era where intellectual property (IP) and innovation stimulate competitive advantage. Several countries, including Serbia, have introduced a range of tax benefits to encourage investment in technology, software development, and other high-value innovations. These benefits include incentives for research and development (R&D), IP Box regimes, incentives […]
Management Agreement in Serbia
Following the decision on establishing the company, it can be said that the decision on who will be the company’s managing director is the second most important decision when starting a business. Although each step in the company formation procedure requires absolute attention and planning, about which you can read more in the blog post […]
Commissioner Checks GDPR Compliance – Hotels Among Top Priorities
All hotels, in the course of their operations, collect and process personal data of their employees, guests, and other individuals. In doing so, they are required to comply with the obligations prescribed by the Law on Personal Data Protection (hereinafter referred to as the “Law”). If you operate a hotel and have not yet aligned […]