5 items found for ""
- A New Era for AI Regulation: The First AI Act
On March 13, 2024, the European Parliament approved the world's first harmonized regulatory act, The AI Act (hereinafter referred to as "The Act"), establishing a groundbreaking legal framework for Artificial Intelligence (AI). The Act aims to establish principles and obligations for AI developers and users concerning the ethical use of AI. It applies to: Providers operating within the EU regardless of their registration or founding place. Users utilizing AI situated within EU territory. Providers and users utilizing AI and its products developed outside the EU in EU member states. Notably, the Act excludes AI created for specifically military purposes and does not affect governments of non-EU members and international organizations. This article provides a brief overview of the main purposes of The Act and proposed AI categories. The Act determines obligations and standards for AI, its products, including categorizing AI and transparency requirements. The Act defines the following AI categories: Unacceptable risk; High risk; Minimal risk. Unacceptable risk: AI falls into the unacceptable risk category if it can: Manipulate individuals through subliminal techniques beyond their consciousness or exploit vulnerabilities of specific vulnerable groups to significantly alter their behavior (e.g., children and/or persons with disabilities); Engage in social scoring, classifying individuals based on their behavior, socio-economic status, and personal characteristics; Identify and categorize individuals based on their biometric data. Utilize real-time, remote biometric identification systems (e.g., face recognition in street surveillance cameras). Although AI with unacceptable risk is not outrightly prohibited, its usage by states is strictly limited to situations where it is necessary to achieve a substantial public interest, such as searching for potential crime victims, including missing children. High risk: AI falls into the high-risk category if it poses significant risks to health, safety, or fundamental rights of individuals. High-risk AI includes: 1. AI systems intended as safety components of products subject to third-party ex-ante conformity assessment; 2. Stand-alone AI systems, which should be registered in the EU database, such as: Systems managing critical infrastructure (e.g., transportation, natural resource supply, etc.); Systems used in education or vocational training (e.g., automated feedback and scoring systems); Systems used in employment, workforce management, and self-employment (e.g., automatic CV reviews, task allocation, employee monitoring, etc.); Systems determining essential private and public services and benefits (e.g., granting loans, credits, etc.); Systems used by law enforcement authorities (e.g., detecting the emotional state of individuals, polygraphs, etc.); Systems used in migration, asylum, and border control management (e.g., automated application and document review systems); Systems intended for interpreting legislation (e.g., researching and interpreting facts and laws, applying the law to specific facts). All AI systems falling into the high-risk category must undergo examination, assessment, and CE marking before being placed on the market. Also, throughout the AI system's lifecycle, individuals will have the opportunity to submit complaints to relevant authorities. AI categorized as minimal risk must adhere to transparency standards (additional information is provided below). The Act recommends (though not mandatorily) that such systems also follow the standards set for high-risk AI and/or develop internal guidelines and regulations. Regarding transparency, the Act establishes that AI systems interacting with humans, identifying emotions or social categories based on biometric data, or generating/manipulating content (e.g., deep fakes) must provide relevant information to the person interacting with the system. For instance, individuals should be informed if they are communicating with a chatbot. Moreover, when AI systems are used to create photo/video/audio content, there is an obligation to disclose and indicate the artificial origin of the product. The Act will come into force twenty days after its publication in the Official Journal of the European Union and will be enforceable twenty-four months thereafter, with exceptions: Norms prohibiting specific actions/systems will be effective 6 (six) months after the Act's enforcement; Practical Codes that will be effective 9 (nine) months after the Act's enforcement; General Purpose Artificial Intelligence Regulatory Norms will be effective 12 (twelve) months after the Act's enforcement; Obligations imposed on high-risk AI systems will be effective 36 (thirty-six) months after the Act's enforcement. The AI Act represents a significant milestone in establishing a global legal framework for artificial intelligence. It sets a precedent for addressing AI challenges at the legal level and aims to ensure the reliability of AI processes, safeguard fundamental human rights and freedoms, and uphold safety and ethical principles within and beyond the European Union.
- Polish-Speaking Account Manager
The primary duties of the candidate will include: Liaising with the corporate administrators, clients, with colleagues and other institutions in reference to various tasks performed other institutions Assistance with the administration of a portfolio of companies General business administrative activities Checking and responding to potential client inquiries Addressing requests from clients and potential clients Managing communication channels to ensure prompt and effective responses Providing information and guidance to potential clients regarding services offered Maintaining a database of client interactions and transactions for future reference Ensuring accurate and timely documentation of client inquiries and resolutions Ideal candidate should meet the following requirements: Proficient knowledge of Polish language - written and spoken. English and Other languages will be an advantage Proactive, professional, customer service oriented with good organizational skills Knowledge of MS Office tools (Outlook, Word, Excel, PowerPoint) Experience or background in law or business administration will be considered as an advantage University degree or graduate student Working Conditions: Hours: 09:30:00 – 18:30 Probation period: 2 months. The selected candidate will be offered work in a friendly and professional environment and development possibilities, ongoing training related to corporate services and will have exposure to an international working environment. The chosen individual will be reporting to the Regional Manager in Georgia and Managing Director, as well as other designated colleagues. Candidates, who meet the requirements listed above, should send their CVs to the following E-mail: n.khakhutashvili@ibccs.tax
- Navigating the New Landscape: The New Law on Personal Data Protection.
As of March 1, 2024, the new law “On Personal Data Protection” has been enacted (Hereinafter – “Law”). Certain provisions of this Law will take effect on June 1, 2024, while others will be implemented on January 1, 2025. The primary objective of the new Law is to enhance the standards and guarantees of personal data protection while reinforcing effective mechanisms aimed at safeguarding human rights. The amendments to the Law primarily impact video monitoring, introducing legal norms for audio monitoring and defining the basis for their implementation. Additionally, significant changes include the regulation of data processing for direct marketing purposes, the establishment of the personal data protection officer institution, and a substantial increase in sanctions for violations, marking important innovations. The article will address crucial topics and business requirements arising from legislative changes. 1. The introduction of a new standard for video monitoring implementation To conduct video monitoring, the data processor is obligated to specify the purpose and scope of video surveillance, the duration of surveillance and recording storage, access protocols for video recordings, procedures for storage and deletion, and mechanisms for safeguarding the rights of data subjects, all in accordance with the principles of data processing. The data processor or authorized person must prominently display a warning sign indicating ongoing video surveillance, which should include the identity and contact details of the data processor. 2. The procedure for audio monitoring Audio monitoring is permissible with the consent of the data subject, for protocol recording, during remote communication, for personal safety and property protection purposes, as well as for safeguarding confidential information when alternative measures are not feasible, and in other cases expressly authorized by legislation. The data processor is required to establish in writing the purpose and extent of audio monitoring, its duration, access rules, storage and disposal procedures for audio recordings, mechanisms for protecting the rights of data subjects, and to notify the data subject in advance or promptly after the commencement of audio monitoring. 3. Data processing for the purpose of direct marketing Data processing for direct marketing involves the processing of personal data for the purpose of sending advertising messages. It is permissible by Law only with the explicit consent of the individual whose data is being processed (data subject). The data subject must be informed clearly, simply, and understandably that they have the right to withdraw their consent to the processing of their data at any time. Upon receiving such a request, the data processor is obligated to cease processing the individual's data within 7 working days. 4. Personal Data Protection Officer (DPO) The Law establishes the institution of the Personal Data Protection Officer (DPO), which stands as one of the most significant innovations. The rights and duties of the DPO include informing the data controller/processor and their staff about data protection issues, providing consultation and methodological assistance, contributing to the development of internal regulations and impact assessment documents on data protection, analyzing data processing activities, handling statements and complaints, and issuing appropriate recommendations. The Law specifies the entities responsible for appointing a Data Protection Officer: Public institutions Insurance organizations Commercial banks Micro-finance organizations Credit Bureaus Electronic communication companies Airlines Airports Medical institutions Data controllers process personal data of at least 3 percent of the population of Georgia or conduct systematic and large-scale monitoring of individuals' behavior. The role of a Data Protection Officer can be fulfilled by either an employee or an external individual or entity under a service agreement. 5. Strengthened sanctions for violation of the Law The penalties for breaching the regulations set by the new Law have been significantly strengthened. Fines are determined based on the type of offense and typically range from 1,000 to 6,000 GEL. The precise amount of the fine is determined by the individual's annual income and the presence of aggravating circumstances. Note: All changes discussed separately in the article came into force on March 1, 2024, except for the obligation to appoint a Personal Data Protection Officer, which will come into force on June 1, 2024. The Law establishes a high standard of personal data protection and introduces changes and additions concerning issues such as the mandatory procedure for obtaining the data subject's consent and the information required to be provided to them. Companies will be required to implement additional measures to ensure their processes comply with the standards set by the new Law.
- Georgia's Commitment to CRS and Its Impact on International Account Holders
In 2011, Georgia made a resolute move towards global financial transparency by embracing the Common Reporting Standard (CRS), an international framework developed by the Organization for Economic Co-operation and Development (OECD). This strategic decision not only solidifies Georgia's commitment to combating tax evasion but also holds implications for international customers with bank accounts in the country. Understanding CRS: A Global Effort for Financial Integrity The Common Reporting Standard (CRS) is an international initiative designed to facilitate the automatic exchange of financial account information between countries. Developed by the OECD, its core objective is to prevent tax evasion by ensuring that tax authorities worldwide have access to accurate and comprehensive information about the financial accounts of foreign residents. The automatic exchange of information occurs annually, promoting tax transparency and legal compliance on a global scale. Legal Framework and Georgia's Pledge to International Standards Georgia's commitment to CRS is rooted in the Convention of January 25, 1988, of the OECD and the Council of Europe. In 2022, Georgia took a significant step forward by signing the Multilateral Competent Authority Agreement (CRS MCAA), signaling its dedication to the implementation of CRS. To support this commitment, new articles 702 and 2792 were introduced into the Tax Code of Georgia, outlining the obligations of reporting financial institutions and the associated tax liabilities. Navigating CRS Compliance in Georgia For international customers holding bank accounts in Georgia, Article 702 of the Tax Code mandates that financial institutions collect and provide information on the tax residency of customers to the Revenue Service. The Revenue Service acts as the central authority overseeing CRS implementation, ensuring compliance with obligations and facilitating information exchange with other participating jurisdictions. Financial institutions in Georgia are now obligated to determine the tax residency status of each international customer. If a customer is a tax resident of a foreign country, their information is shared with the Revenue Service. This legislation, effective since January 1, 2023, requires financial institutions to submit information annually from January 1, 2024, to June 30, ensuring timely compliance with CRS standards. Implications for International Account Holders International customers with bank accounts in Georgia should be aware that their information may be subject to automatic exchange under CRS. The Revenue Service, as the competent agency, plays a crucial role in obtaining, transferring, and monitoring compliance with CRS-mandated information exchange. It is advised that account holders familiarize themselves with these developments and ensure proper compliance with tax residency requirements. Conclusion: Georgia's Commitment to International Financial Standards Georgia's adoption of CRS reflects its commitment to international financial standards and signals a proactive approach towards global cooperation in combating tax evasion. International account holders in Georgia should stay informed about these regulatory changes and work with financial institutions to ensure seamless compliance with CRS, contributing to enhanced financial transparency on an international scale.
- Amendments to Georgia's Law on Entrepreneurs: Revised Compliance Deadlines
Incorporating the latest amendments to the New Law on Entrepreneurs, updated deadlines have been established for entrepreneurs registered in Georgia until January 1, 2022, to bring their registered data into compliance with the new regulations. Furthermore, the legislation outlines in a thorough manner the legal consequences in case of non-fulfillment of this obligation. The article discusses in depth the implications for businesses based on the recent changes. 1..The deadline for complining registered data with the requirements All entrepreneur registered in Georgia before January 01, 2022, except for individual entrepreneurs, are obliged to ensure compliance of their registration data with the requirements of the New Law On Entrepreneurs (also referred to as the "New Law") no later than April 1, 2025. For this purpose, the decision of the shareholders should be submitted to the National Agency of Public Registry. It's important to note that, before the most recent legislative changes, entrepreneurs were required to comply with the New Law by January 1, 2024. 2. Consequences of Non-Compliance Failure to fulfill the obligation of bringing the Company's registered data into compliance with the New Law results in the suspension of registration. This information will be reflected in the register, and subsequently, no extracts from the register will be issued. The registering body shares information about the suspension of registration with the relevant administrative bodies and banks. The suspension of registration limits: the representative power of the person(s) with the representative power of the Company; the right to dispose of property by the Company; participation in tax operations; the right to manage a bank account, open a new account, dispose of the money in the account; Ability to take credit. Therefore, the representative powers and operational capabilities of the Company will be restricted. Registration will be restored as soon as the Company fulfills the obligation. 3. Public Notice and "Compliance Registration Platform" The decision on the suspension of registration is published as information on the registered data page of the unified electronic Platform of the registering authority, designated specifically for posting details on re-registration (hereinafter referred to as the "Platform"). The Platform will serve as an "informative center" for compliance-related purposes. Placing the decision on the Platform signifies its publication, and consequently, the decision becomes effective on the day of its publication. 4. “Grace“ Period and Status of a Defective Company If a Company fails to fulfill its obligations by April 1, 2025, the registration authority shall, on its own initiative, make a decision on the identification of a defect and grant the Company the status of a Company with a defect, which will be indicated in the Registry and notified to the Company. An additional "Grace" period of 3 months will be set to rectify the defect. The decision to identify the defect is also published on the Platform. The rule of publication has replaced other options, such as the rule of delivering the decision to the legal address or placing it on the electronic address of the Company. This modification allows the registering body to cancel the Company's registration within 3 (three) months from the date of the decision's publication. While the status of the Company remains Defective, the validity of the registered data is suspended, and an extract from the Registry shall not be issued. A Defective Company, in its entirety, has limited representational powers and operational capabilities. 5. Revocation of Registration and Liquidation If the defect is not rectified within 3 (three) months from January 1, 2026, the registering body will make a decision to cancel the entrepreneur's registration. If, following the revocation of the registration of the Company, it is discovered, upon the initiative of an interested party, that the society still possesses assets, the liquidation of the Company proceeds in a standard manner. Upon application by a Shareholder or creditor of the Company, the court appoints the liquidator. 6. Exception for Individual Entrepreneurs and Non-Entrepreneurial (Non-Commercial) Legal Entities The amendments have specified the addressees to whom the compliance obligations apply, and it has been determined that the obligation to bring them into compliance does not apply to individual entrepreneurs and non-entrepreneurial (non-commercial) legal entities. The obligation to ensure the compliance of registration data with the requirements of the New Law does not extend to individual entrepreneurs. Additionally, a non-entrepreneurial (non-commercial) legal entity is entitled, though not obligated, to apply to the registration body to bring its registered data into compliance with the New Law. Entrepreneurs have been granted an additional deadline until April 1, 2025, to comply their registered data with the provisions of the New Law. Non-fulfillment of the obligation within the established terms will result in the suspension of the Company registration at the first stage, followed by the determination of defective status, and ultimately resulting in the revocation of the Company's registration.