Definitive global law guides offering comparative analysis from top-ranked lawyers
CHAMBERS GLOBAL PRACTICE GUIDES
TMT 2025
Definitive global law guides offering comparative analysis from top-ranked lawyers
Contributing Editor Herald Jongen Greenberg Traurig, LLP
Global Practice Guides
TMT
Contributing Editor Herald Jongen Greenberg Traurig, LLP
2025
Chambers Global Practice Guides For more than 20 years, Chambers Global Guides have ranked lawyers and law firms across the world. Chambers now offer clients a new series of Global Practice Guides, which contain practical guidance on doing legal business in key jurisdictions. We use our knowledge of the world’s best lawyers to select leading law firms in each jurisdiction to write the ‘Law & Practice’ sections. In addition, the ‘Trends & Developments’ sections analyse trends and developments in local legal markets. Disclaimer: The information in this guide is provided for general reference only, not as specific legal advice. Views expressed by the authors are not necessarily the views of the law firms in which they practise. For specific legal advice, a lawyer should be consulted. GPG Director Katie Burrington Content Management Director Claire Oxborrow Content Manager Jonathan Mendelowitz Senior Content Reviewer Sally McGonigal, Ethne Withers, Deborah Sinclair and Stephen Dinkeldein Content Reviewers Vivienne Button, Lawrence Garrett, Sean Marshall, Marianne Page, Heather Palomino and Adrian Ciechacki Content Coordination Manager Nancy Laidler Senior Content Coordinators Carla Cagnina and Delicia Tasinda Content Coordinator Hannah Leinmüller Head of Production Jasper John Production Coordinator Genevieve Sibayan
Published by Chambers and Partners 165 Fleet Street London EC4A 2AE Tel +44 20 7606 8844 Fax +44 20 7831 5662 Web www.chambers.com
Copyright © 2025 Chambers and Partners
Contents
INTRODUCTION Contributed by Herald Jongen, Nienke Bernard and Wouter van Wengen, Greenberg Traurig, LLP p.5
MALAYSIA Law and Practice p.215 Contributed by Shearn Delamore & Co. Trends and Developments p.239 Contributed by Shearn Delamore & Co. MALTA Law and Practice p.249 Contributed by GVZH Advocates MEXICO Law and Practice p.274 Contributed by Galicia Abogados NETHERLANDS Trends and Developments p.295 Contributed by Greenberg Traurig, LLP NIGERIA Law and Practice p.302 Contributed by ǼLEX Trends and Developments p.328 Contributed by ǼLEX
BRAZIL Law and Practice p.10 Contributed by Azevedo Sette Advogados
COLOMBIA Law and Practice p.32
Contributed by Baker McKenzie Trends and Developments p.49 Contributed by Baker McKenzie EGYPT Law and Practice p.54 Contributed by Shehata & Partners FRANCE Law and Practice p.74 Contributed by White & Case LLP
GREECE Law and Practice p.97 Contributed by Nikolinakos & Partners Law Firm
NORWAY Law and Practice p.337 Contributed by Haavind
INDIA Law and Practice p.121 Contributed by G&W Legal
POLAND Law and Practice p.358 Contributed by Traple Konarski Podrecki & Partners Trends and Developments p.369 Contributed by Sołtysiński Kawecki & Szlęzak
INDONESIA Law and Practice p.143 Contributed by ABNR Counsellors at Law JAPAN Law and Practice p.165 Contributed by Mori Hamada & Matsumoto Trends and Developments p.187 Contributed by Nagashima Ohno & Tsunematsu
PORTUGAL Law and Practice p.377 Contributed by CS’Associados
SINGAPORE Law and Practice p.402
MACAU SAR, CHINA Law and Practice p.197 Contributed by Lektou
Contributed by Drew & Napier LLC Trends and Developments p.428 Contributed by Rajah & Tann Singapore LLP
3
CHAMBERS.COM
Contents
SOUTH KOREA Trends and Developments p.437 Contributed by Lee & Ko SWEDEN Trends and Developments p.446 Contributed by Advokatfirman Delphi AB
SWITZERLAND Law and Practice p.454 Contributed by Lenz & Staehelin
TAIWAN Law and Practice p.476
Contributed by Lee, Tsai & Partners Trends and Developments p.499 Contributed by Lee, Tsai & Partners
4
CHAMBERS.COM
INTRODUCTION
Contributed by: Herald Jongen, Nienke Bernard and Wouter van Wengen, Greenberg Traurig, LLP
Greenberg Traurig, LLP is an international law firm with approximately 2,750 attorneys serving clients from 48 offices in the USA, Latin Ameri - ca, Europe, Asia and the Middle East. The firm’s dedicated TMT team consists of more than 100 lawyers, of which seven are in Amsterdam. The Amsterdam team is well-versed in representing clients around the world in domestic, national
and international policy and legislative initia - tives, as well as guiding them through the busi - ness growth cycle for a variety of technologies. As a result, it provides forward-thinking and in - novative legal services to companies producing or using cutting-edge technologies to transform and grow their businesses.
Contributing Editor
Co-Authors
Herald Jongen is a shareholder at Greenberg Traurig, LLP. He
Nienke Bernard of Greenberg Traurig, LLP specialises in data protection, technology, outsourcing and commercial contracting and has over ten years of experience in
focuses his practice on outsourcing, technology transactions, data protection, strategic relationships and M&A. He has led many complex multi-jurisdictional matters in the technology and financial industries. His forte is deal-making and he goes where the deal is, which has taken him to New York, Silicon Valley, London, Paris, Brussels, Stockholm, Berlin and Frankfurt, among other places. He is known for his efficient pressure-cooker negotiations. He is a leading advisor of the Dutch government on negotiating with Big Tech and on privacy and cybersecurity.
negotiating and contracting IT and technology- related contracts and disputes. She also has a strong background in financial regulatory law, including within the context of services agreements and fintech. She has worked with Herald Jongen for more than ten years and is a trusted advisor of the Dutch government on privacy.
5
CHAMBERS.COM
INTRODUCTION Contributed by: Herald Jongen, Nienke Bernard and Wouter van Wengen, Greenberg Traurig, LLP
Wouter van Wengen is an associate at Greenberg Traurig, LLP in New York and focuses his practice on intellectual property law, cybersecurity, IT contracts and data protection law. He is
admitted to practise law in the Netherlands and New York. Combined with his experience in various complementary (tech-related) disciplines of law, he can identify and address clients’ needs from a transatlantic angle. He represents national and international clients in the creative sector, the technology industry and a variety of other companies, in both EU and US law matters.
Greenberg Traurig, LLP Beethovenstraat 545 1083 HK
Amsterdam Netherlands
Tel: +31 20 301 7300 Fax: +31 20 301 7350 Email: Herald.Jongen@gtlaw.com Web: www.gtlaw.com/en/locations/amsterdam
6
CHAMBERS.COM
INTRODUCTION Contributed by: Herald Jongen, Nienke Bernard and Wouter van Wengen, Greenberg Traurig, LLP
TMT Global Overview 2025 The global technology, media, and telecom - munications (TMT) landscape continues to be reshaped by significant regulatory and legal changes. These shifts reflect the growing inter - play between technological innovation and the evolving needs of society, with lawmakers striv - ing to balance the imperatives of economic growth, security and public trust. Rather than briefly touching upon all regula - tory and legal topics that are expected to be of importance in 2025, this chapter focuses on four pressing issues that we predict will stir the TMT sector in 2025. Of course, the full range of top - ics will be discussed in this guide by the country experts. The further legalisation of cyber-incident response: balancing risk, accountability and compliance Cybersecurity has moved from being a techni - cal concern to a legal priority, with lawmakers across jurisdictions codifying obligations around incident prevention, response and reporting. This trend, also referred to as the juridification of cyber-incident response, underscores the criticality of cybersecurity to economic stability and national security. Laws such as the EU’s Network and Informa - tion Security Directive (the “NIS2 Directive”) and the General Data Protection Regulation mandate specific actions for responding to cyber-attacks, including stringent reporting timelines, robust incident management processes and enhanced collaboration with regulators. In the US, frame - works like the Securities and Exchange Com - mission’s rules on reporting material cyberse - curity incidents, the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (the “CIR - CIA”), and state data breach laws also impose
reporting requirements, reflecting a global shift towards regulated cyber-resilience. In addition, many of these laws also require a notification of the security incident to customers. As a result, companies must navigate complex liability landscapes, especially where third-party service providers and multiple jurisdictions are involved. The increased legal scrutiny raises critical ques - tions, such as: • what constitutes a legally sufficient response to a cyber-attack? • how can organisations balance legal compli - ance with operational realities during a crisis? • to what extent are “active defence” measures (eg, hack-backs) permissible under existing laws? • can the various reporting requirements coex - ist or is there an order of precedence? For TMT players, compliance now demands not only robust cybersecurity measures but also legally informed incident response plans and clear contractual risk-sharing arrangements with partners. Expanding contractual obligations for technology providers: the downstream impact of new legislation As technology becomes integral to critical sec - tors such as finance, healthcare and energy, lawmakers are introducing regulations that place increased responsibility on technology provid - ers to manage systemic risks. The EU’s Digi - tal Operational Resilience Act (the “DORA”) is a prime example, requiring financial entities to ensure the operational resilience of their technol - ogy providers and subcontractors. The DORA requires financial institutions to impose contrac -
7
CHAMBERS.COM
INTRODUCTION Contributed by: Herald Jongen, Nienke Bernard and Wouter van Wengen, Greenberg Traurig, LLP
tual obligations on their ICT services providers to adhere to stricter standards for risk management and operational continuity. This legislative shift raises significant considera - tions for technology providers. These considera - tions are: • compliance readiness: many small and mid- sized providers may struggle to meet the complex requirements of new laws like the DORA; • contractual realignments: providers must re- evaluate contracts to address new liabilities and allocate risk appropriately across supply chains; and • global implications: multi-jurisdictional com - pliance becomes a pressing challenge for providers operating in markets with divergent regulatory regimes. These developments signal the need for TMT companies to adopt proactive compliance strat - egies, enhance internal governance and foster transparent relationships with clients and part - ners. Telecommunications: the backbone of modern society and its increasing obligations The telecommunications sector has evolved from being a critical utility to a societal back - bone, underpinning essential services such as healthcare, education and emergency response. This evolution has brought with it heightened regulatory scrutiny and obligations, particularly under frameworks like the EU’s NIS2 Directive. As telecom networks are central to societal and economic resilience, regulators are demanding that providers implement robust risk manage - ment and cybersecurity measures. Key obliga - tions include:
• conducting mandatory risk assessments and adopting stricter incident reporting standards; • ensuring the security of supply chains, par - ticularly in the context of geopolitical tensions and the reliance on third-party technology vendors; and • enhancing collaboration with governmental authorities to prevent and mitigate systemic risks. Telecom providers must now balance commer - cial imperatives with their role as stewards of societal stability. This balancing act requires sig - nificant investment in technology, stronger inter - nal controls and a willingness to collaborate with regulators to shape the future of the sector. Regulating Big Tech’s role in society The influence of Big Tech platforms such as Google, X (formerly Twitter), Facebook and Ins - tagram on democratic processes has emerged as a critical issue for policymakers. Allegations of disinformation campaigns, algorithmic bias and foreign interference have led to increased scrutiny of these platforms’ role in elections and democratic processes. Scrutiny also continues to increase regarding the distribution of child sexual abuse material (CSAM), the impact of these media on children and the propagation of (fake) news via Big Tech platforms about a wide range of other topics that may adversely influence society, including politics, public health and national security. Regulatory efforts to address these challenges include the following. Transparency in political advertising Laws like the EU’s Digital Services Act (the “DSA”) and proposed US legislation require platforms to disclose political ad spending and targeting criteria.
8
CHAMBERS.COM
INTRODUCTION Contributed by: Herald Jongen, Nienke Bernard and Wouter van Wengen, Greenberg Traurig, LLP
Conclusion The TMT sector is at the forefront of regula - tory transformation, with technology, media, and telecommunications playing increasingly pivotal roles in shaping global economies and societies. From managing cybersecurity risks to ensuring operational resilience, fostering demo - cratic integrity and meeting heightened societal expectations, the sector faces complex chal - lenges and opportunities. This guide aims to equip legal practitioners and businesses with the insights needed to navi - gate these developments effectively. Leading experts from their respective jurisdictions will provide relevant legal insight into the following topics: social media; the digital economy; cloud and edge computing; artificial intelligence; the internet of things, audiovisual media services; telecommunications; challenges with technolo - gy agreements; trust services and digital entities; and the gaming industry. By understanding the regulatory landscape and its implications, stake - holders can position themselves to lead in an era defined by rapid technological and legal change.
Content moderation standards Governments are pushing platforms to imple - ment stricter policies to combat misinformation and hate speech during election cycles. Algorithmic accountability Some jurisdictions are mandating transpar - ency in how algorithms prioritise content, with a focus on minimising the spread of divisive or false information. Enhanced protection of minors on social media platforms Enhanced protection of minors on social media platforms includes age verification systems, bans on social media platforms for minors under a specific age (eg, 14) and monitoring of con - versations and file exchanges on messaging services (potentially even those subject to end- to-end encryption). The legal landscape is fraught with challenges, including balancing freedom of speech with con - tent moderation, addressing platform account - ability across jurisdictions and ensuring that regulations are both effective and enforceable. The biggest challenge might well be not to over- regulate and thereby smother innovation. For Big Tech, the stakes are high. Companies must not only comply with new regulations but also adopt a proactive stance on ethical prac - tices, transparency and public engagement to maintain trust in their platforms and mitigate societal risks.
9
CHAMBERS.COM
BRAZIL
Colombia
Ecuador
Brazil
Peru
Brasilia
Bolivia
Law and Practice Contributed by: Ricardo Barretto Ferreira da Silva, Ingrid Bandeira Santos, Sylvia Werdmüller von Elgg Roberto and Isabella da Penha Lopes Azevedo Sette Advogados
Rio de Janeiro São Paulo
Paraguay
Chile
Argentina
Contents 1. Digital Economy p.13 1.1 Key Challenges p.13 1.2 Digital Economy Taxation p.14 1.3 Taxation of Digital Advertising p.15 1.4 Consumer Protection p.16 1.5 The Role of Blockchain in the Digital Economy p.17 2. Cloud and Edge Computing p.18 2.1 Highly Regulated Industries and Data Protection p.18 3. Artificial Intelligence p.19 3.1 Liability, Data Protection, IP and Fundamental Rights p.19 4. Internet of Things p.20 4.1 Machine-to-Machine Communications, Communications Secrecy and Data Protection p.20 4.2 Compliance and Governance p.22 4.3 Data Sharing p.22 5. Audiovisual Media Services p.23 5.1 Requirements and Authorisation Procedures p.23 6. Telecommunications p.24 6.1 Scope of Regulation and Pre-Marketing Requirements p.24
6.2 Net Neutrality Regulations p.25 6.3 Emerging Technologies p.26 7. Challenges with Technology Agreements p.26 7.1 Legal Framework Challenges p.26 7.2 Service Agreements and Interconnection Agreements p.27 8. Trust Services and Digital Entities p.27 8.1 Trust Services and Electronic Signatures/Digital Identity Schemes p.27 9. Gaming Industry p.28 9.1 Regulations p.28
9.2 Regulatory Bodies p.29 9.3 Intellectual Property p.30 10. Social Media p.30
10.1 Laws and Regulations for Social Media p.30 10.2 Regulatory and Compliance Issues p.31
10
CHAMBERS.COM
BRAZIL LAW AND PRACTICE Contributed by: Ricardo Barretto Ferreira da Silva, Ingrid Bandeira Santos, Sylvia Werdmüller von Elgg Roberto and Isabella da Penha Lopes, Azevedo Sette Advogados
Azevedo Sette Advogados was founded in 1967 and has a market-leading team of over 500 professionals working in the firm’s five offices located in São Paulo, Belo Horizonte, Brasília and Recife. In addition, the firm is supported by a broad worldwide network of correspondents and partners. Azevedo Sette Advogados works closely with its clients, providing complete, ethi - cal and effective legal solutions that help clients reach their goals, meeting their needs through strategic planning. With activities encompass -
ing the industrial, services and commerce sec - tors, government, private investors and invest - ment funds, the firm’s team is recognised as a leader in Brazil in multiple areas of law, in par - ticular M&A, contracts, projects and infrastruc - ture, civil litigation and arbitration, TMT etc. Key figures at Azevedo Sette Advogados include Danielle Chipranski Cavalcante, Stefania Mari - otti Masetti, Fabio Capelletti and Camila Sabino Del Sasso.
Authors
Ricardo Barretto Ferreira da Silva is a senior partner at Azevedo Sette Advogados working in corporate, tax, M&A,
Ingrid Bandeira Santos is a senior associate at Azevedo Sette Advogados qualified to practise law in Brazil and in the state of New York. Aside from working on technology, media,
IP, TMT, privacy and data protection. He has held positions including co-founder, Vice President (1989–94) and President (1995–98) of the Brazilian Association of Technology, Information and Telecommunications Law; chair of the Latin America Committee (1993– 95); member of the board (1995–2001, 2003– 05), secretary, treasurer and Vice President (2001–03) of the International Technology Law Association; chair of the Legislation Committee (1991–92); member of the Council (1991–93); and legal adviser (1992–93) of the American Chamber of Commerce, São Paulo. He has edited and co-authored numerous publications and articles on various topics.
digital law, privacy and data protection matters, Ingrid specialises in competition law, international trade and anti-corruption compliance. She is an author and co-author in all these areas, including of a book elected by the Superior Court of Justice as an essential work for understanding privacy and data protection in Brazil.
Sylvia Werdmüller von Elgg Roberto is an associate at Azevedo Sette Advogados acting in telecommunications, contractual and corporate matters. She has co-authored
articles in the areas of information technology, media and telecommunications published in Brazil and abroad.
11
CHAMBERS.COM
BRAZIL LAW AND PRACTICE Contributed by: Ricardo Barretto Ferreira da Silva, Ingrid Bandeira Santos, Sylvia Werdmüller von Elgg Roberto and Isabella da Penha Lopes, Azevedo Sette Advogados
Isabella da Penha Lopes is an associate at Azevedo Sette Advogados. She acts in the
areas of digital law, privacy and data protection and is the author and co-author of several articles and books on technology, privacy and data protection and artificial intelligence.
Azevedo Sette Advogados 11th floor, International Plaza II Building 1327, Presidente Juscelino Kubitschek Avenue 04543-011 São Paulo/SP Brazil
Tel: +55 11 4083 7600 Fax: +55 11 4083 7600 Email: barretto@azevedosette.com.br Web: www.azevedosette.com.br
12
CHAMBERS.COM
BRAZIL LAW AND PRACTICE Contributed by: Ricardo Barretto Ferreira da Silva, Ingrid Bandeira Santos, Sylvia Werdmüller von Elgg Roberto and Isabella da Penha Lopes, Azevedo Sette Advogados
1. Digital Economy 1.1 Key Challenges
entrepreneurship in Brazil and leveraging the modernisation of the business environment. • Transportation apps: Law No 13,640/2018 regulates the operation of paid private individ - ual passenger transportation in Brazil. • Data protection ‒ The General Data Protec - tion Act ( Lei Geral de Proteção de Dados or LGPD; Law No 13,709/2018) establishes that the processed data of individuals must be used in compliance with the law. • Financial technology: Fintechs became regu - lated in 2018 through Brazilian Central Bank (BCB) Resolution No 4,656/2018. This resolu - tion was revoked, but fintechs remain regulat - ed by other resolutions and BCB regulations, such as National Monetary Council ( Conselho Monetário Nacional CMN) Resolution No 5,050/2022. • Internet: The Brazilian Internet Act (Law No 12,965/2014) regulates the use of the internet in Brazil, providing principles, guarantees, rights and duties for those who use the inter - net, as well as guidelines for state action. • E-commerce: Decree No 7,962/2013, known as the “E-commerce Law”, regulates the Consumer Protection Code in relation to e-commerce; this law contains specific provi - sions about transactions conducted between an online store and consumers. • Electronic signatures: Provisional Measure No 2,200-2/2001 regulates the use of electronic signatures in Brazil, establishing the Brazilian Public Key Infrastructure ( Infraestrutura de Chaves Públicas Brasileira ICP-Brazil), and Law No 14,603/2020 classifies signatures into simple electronic signature, advanced electronic signature and qualified electronic signature categories. • Software: Law No 9,609/1998 regulates soft - ware protection and commercialisation, and stipulates rights and duties regarding its use.
The digital economy in Brazil is characterised by billions of daily online connections among peo - ple, companies, devices, pieces of data and pro - cesses. Technological evolutions have changed the way society interacts and consumes prod - ucts and services. The speed at which technol - ogy impacts business models and industries means that governments and society need to be brought up to date much faster. There is a need for the legislature to move as quickly as the digital economy, as companies often need opinions and solutions that are not regulated in Brazil. Brazil has been moving towards adequate reg - ulation of several digital economy services, as illustrated by the following examples. • Artificial intelligence (AI): Bill No 21/2020 proposes regulating the development and use of AI in Brazil. In addition, Bill No 2,338/2023 provides for the use of AI, considering the development, promotion and ethical and responsible use of AI, with humans assuming the central role. This latter bill has recently been approved by the Senate and is now being analysed by the House of Representa - tives. • Telemedicine: Law 8,080/1990 was modi - fied during the COVID-19 pandemic by Law 14,510/2022, which covers telemedicine ser - vices. In view of the efficiency of this modal - ity, in May 2022, Brazilian Federal Council of Medicine ( Conselho Federal de Medicina CFM) Resolution No 2,314/2022 was pub - lished to regulate telemedicine. • Start-ups: Complementary Law No 182/2021, also known as the Legal Framework for Start-ups, is aimed at improving innovative
13
CHAMBERS.COM
BRAZIL LAW AND PRACTICE Contributed by: Ricardo Barretto Ferreira da Silva, Ingrid Bandeira Santos, Sylvia Werdmüller von Elgg Roberto and Isabella da Penha Lopes, Azevedo Sette Advogados
• Metaverse: Bill No 2,175/2023 proposes a metaverse regulatory framework. • Sports bets: The recently enacted Law No 14,790/2023 regulates online betting on sports events, with several government con - trol provisions. Although the Brazilian legislature has approved various laws that touch upon the digital econo - my, technology is always evolving and is inno - vative by nature. In this context, the absence of regulations for specific sectors may be the big - gest challenge in relation to the digital economy. This absence leads to legal uncertainty for com - panies and society, difficulty in applying the law, insecurity for investors and limited guidance for clients and internet users, who are not always aware of legal changes. Nonetheless, the Brazilian government has tak - en steps towards promoting digital transforma - tion in the country through the implementation of the Brazilian Strategy for Digital Transforma - tion (E-Digital). E-Digital is a strategic frame - work comprising recommendations designed to steer the initiatives of the federal executive branch towards digital transformation. Its goals include enhancing access to public services; promoting citizens’ rights; strengthening social participation and democracy; and ensuring socioeconomic development through innova - tion, increased competitiveness, productive and technological autonomy, and improved employ - ment and income levels. In this context, the SinDigital system was recent - ly revoked, followed by the implementation of the Interministerial Committee for Digital Transfor - mation (CITDigital) by Decree No 12,308/2024. The purpose of CITDigital is to assist the Presi - dent of Brazil in the drafting, implementation and
following-up of public policies aimed at digital transformation. In the context of the foregoing, it will be impor - tant to follow up on the digital transformation expected to take place in Brazil based on gov - ernmental initiatives, legislation updates and Brazil’s tax system is known for its complexity, mainly arising from the mixing of federal, state and municipal taxes. This complexity extends to the taxation of digital services and goods, which has been a growing area of focus due to the rap - id digitalisation of the economy. Digital services and goods are taxed through a combination of indirect taxes, including the ISS ( Imposto Sobre Serviços ), ICMS ( Imposto Sobre Circulação de Mercadorias e Serviços ), PIS ( Programa de Inte- gração Social ), and COFINS ( Contribuição para o Financiamento da Seguridade Social ) taxes. ISS ISS is a municipal tax levied on the provision of services. For digital services, the ISS frame - work was expanded to include streaming ser - vices, software as a service (SaaS) and cloud computing. Rates may vary from 2% up to 5% depending on the municipality where the service provider is located. ICMS The ICMS is a state-level tax applied to goods and some services (like telecoms and transpor - tation). In recent years, Brazilian states have interpreted the applicability of ICMS in various ways, leading to disputes over whether certain digital transactions are classified as goods or services. However, the Federal Supreme Court ( Supremo Tribunal Federal ; STF) established in 2021 that the licensing or right to use software private sector inputs and demands. 1.2 Digital Economy Taxation
14
CHAMBERS.COM
BRAZIL LAW AND PRACTICE Contributed by: Ricardo Barretto Ferreira da Silva, Ingrid Bandeira Santos, Sylvia Werdmüller von Elgg Roberto and Isabella da Penha Lopes, Azevedo Sette Advogados
is subject to ISS taxation, which was an impor - tant step towards legal security in the technol - ogy market. PIS and COFINS PIS and COFINS are federal social contribu - tions levied on gross revenues. Digital goods and services are subject to PIS and COFINS at rates of 0.65% and 3%, respectively, if the ser - vice provider is under the cumulative system. If the service provider is under the non-cumulative system, the rates of PIS and COFINS are 1.65% and 7.6%, respectively, and the company is enti - tled to tax credits on some expenses provided by legislation. Special rules apply depending on whether the software is developed in Brazil or not. Special Considerations for International Providers Non-resident companies providing digital ser - vices to Brazilian consumers face additional tax requirements. A withholding tax (WHT) is imposed on cross-border transactions involving royalties or technical services at a rate of 15%. In cases involving a double tax treaty (DTT), the WHT rate may change. Additionally, CIDE ( Con- tribuição de Intervenção no Domínio Econômico ) may apply to certain technology-related pay - ments at a rate of 10%. Challenges Faced by Brazilian Companies in Managing Tax Compliance The main challenge in managing tax compliance in recent years was the classification of digital products and services, which was resolved to some extent by an STF decision according to which the licensing or right to use software is subject to ISS taxation. Another significant challenge is the lack of uni - formity in tax regulations. Tax rules vary widely
among jurisdictions, resulting in considerable discrepancies in the application of rates and rules. Previously, the digital provision of ser - vices was understood to be subject to either ICMS or ISS, depending on the interpretation of the respective tax authority. This issue is further compounded by Brazil’s administrative structure, which comprises 27 states and over 5,000 municipalities. This fragmented framework has created a highly complex environment for managing tax compliance, demanding signifi - cant resources and expertise from businesses to ensure adherence to diverse local regulations. Frequent changes in tax laws, the high cost of compliance and aggressive tax enforcement have contributed to a highly complex tax sys - tem for many years. However, the landscape has started to shift following the STF decision, which clarified certain aspects of digital taxa - tion. Looking ahead, the ongoing tax reform may bring significant changes, potentially simplify - ing compliance and addressing long-standing issues within the system. It is important to bear in mind that tax disputes in Brazil are common, with companies often resorting to litigation to settle issues. The judi - cial system is slow, and tax cases can take years to resolve, leading to prolonged uncertainty. Additionally, it is important to mention that the Brazilian Congress passed a major tax reform in the end of 2024, which shall start being pro - gressively implemented from January 2026. The transition period is expected to last a few years until the new rules are all in force. 1.3 Taxation of Digital Advertising Digital advertising, previously defined as the “provision, without definitive transfer, of audio, video, image, and text content via the internet”, is subject to a mix of federal and municipal tax -
15
CHAMBERS.COM
BRAZIL LAW AND PRACTICE Contributed by: Ricardo Barretto Ferreira da Silva, Ingrid Bandeira Santos, Sylvia Werdmüller von Elgg Roberto and Isabella da Penha Lopes, Azevedo Sette Advogados
es in Brazil. Companies operating in this sec - tor must manage several critical tax obligations, including: • ISS – the tax rate ranges from 2% to 5%, depending on the legislation of the municipal - ity where the service provider is located; • PIS and COFINS – (i) for non-cumulative taxpayers, rates are 1.65% and 7.6%, respectively, with the possibility of tax credits on specific expenses; and (ii) for cumulative taxpayers, the rates are reduced to 0.65% and 3%, respectively, but tax credits are not permitted; • cross-border digital advertising services – payments for services rendered by foreign providers to Brazilian customers are subject to (i) withholding income tax (WHT) at a rate of 15%, which may be reduced or exempted under a DTT; and (ii) tax on financial transac - tions ( impuesto sobre operaciones financieras IOF), levied at a rate of 0.38% on foreign exchange (FX) transactions. To navigate Brazil’s intricate tax regulations for digital advertising, companies should adopt the following best practices: • understand the applicable local tax rules; • maintain precise and organised financial and fiscal records; • seek advice from experienced tax profession - als; • invest in compliance technologies for rational tax management; and • stay informed about legislative updates that
the consumer relationship, covering both physi - cal and digital products and establishing funda - mental rights for consumers, such as the right to clear information, safety, quality and compensa - tion for damages. As for commercial transactions involving digi - tal goods and services, Decree No 7,962/2013 regulates e-commerce, requiring that infor - mation about products and services be clear, that customer service be easily available and establishing that the consumer has the “right to regret” (which is a legal guarantee that allows the consumer to withdraw from a purchase or ser - vice without justification within seven days). This right applies to off-premises purchases, such as those made online. With the advance of digitalisation, complemen - tary laws have also been introduced to protect consumers in the digital environment. The Civil Rights Framework for the Internet ( Marco Civil da Internet ; MCI) defines principles, rights and duties for internet use in Brazil. It protects net neutrality and user privacy and ensures access to quality services, establishing that online ser - vice providers are responsible for guaranteeing consumer security and privacy. In addition, the LGPD regulates the processing of consumers’ personal data and guarantees transparency of the practices of companies in the digital sector. The LGPD requires clear con - sent for the collection and use of data, allow - ing consumers to access, correct or request the deletion of their information. For companies to ensure that consumer rights are respected in the digital economy, it is essen - tial that they adopt clear transparency policies and invest in efficient and accessible commu - nication channels. Companies must provide
may impact tax obligations. 1.4 Consumer Protection
In Brazil, digital products and services in the TMT sector are mainly regulated by the Con - sumer Defense Code (CDC), which applies to
16
CHAMBERS.COM
BRAZIL LAW AND PRACTICE Contributed by: Ricardo Barretto Ferreira da Silva, Ingrid Bandeira Santos, Sylvia Werdmüller von Elgg Roberto and Isabella da Penha Lopes, Azevedo Sette Advogados
detailed information about products and ser - vices, respect the right to regret purchases and guarantee the security of online transactions. Compliance with the LGPD, to protect consum - ers’ personal data, is also crucial to strengthen - ing trust and avoiding sanctions. The resolution of consumer complaints in the digital economy is guided by various legal frame - works. In addition to the CDC, which establishes procedures for resolving conflicts and repairing damages, consumers can turn to consumer rights protection bodies, such as Procon, and to extrajudicial resolution platforms such as Consumidor.gov.br. The latter allows consumers to register complaints directly with companies, promoting the rapid resolution of disputes. This is without prejudice, of course, to the possibility of consumers taking legal action, as it is com - mon for these cases to be dealt with by courts of small claims. To effectively deal with consumer disputes, TMT companies must adopt best practices, such as creating agile service channels, training support teams and investing in technology to monitor and respond promptly to complaints. Mediation and conciliation are also valuable alternatives for avoiding lawsuits and maintaining customer satisfaction. 1.5 The Role of Blockchain in the Digital Economy In Brazil, there has been an evolution from scep - ticism to belief regarding cryptocurrency. This is demonstrated, for example, by the enactment of laws, the actions of regulators like the BCB and the Brazilian Securities and Exchange Commis - sion ( Comissão de Valores Mobiliários ; CVM) and a number of bills under discussion in Congress.
Cryptocurrencies are regulated mainly by Law No 14,478/2022 and by Decree No 11,563/2023, which attributed to the BCB competencies regarding virtual assets. It is expected that the BCB will be responsible for regulating the cryp - to market and for granting licences to financial institutions operating virtual currencies. The Federal Revenues Service ( Receita Federal do Brasil ; RFB) has enacted Normative Instruc - tion ( Instrução Normativa ; IN) No 1,888/2019, ruling on the taxation of cryptocurrency trans - actions. The RFB has also recently closed a public consultation on the NI that will establish “DeCripto”, a crypto-assets statement. The Brazilian Criminal Code, Law No 7,492/1986 and Law 9,613/1998 have been modified by Law No 14,478/2022, which covers the crime of fraud involving virtual assets and adds to the scope of the crime of money laundering by including the providers of virtual asset services. The AML legislation currently in place also applies to such transactions, even though it does not specifically address the matter. The BCB has issued some resolutions address - ing blockchain. The BCB and CVM have been applying regulatory sandboxes to projects involving blockchain technology, cryptocurrency, etc. The BCB has recently started a public con - sultation regarding a proposal for the regulation and authorisation of virtual asset services, which will be ongoing until at least February 2025. The Brazilian Association of Cryptoeconomics (ABCripto) launched a good practices manual in 2020, aimed at preventing money laundering and the financing of terrorism, specifically for Brazilian exchanges. ABCripto also introduced a Self-Regulation Code for companies engaged
17
CHAMBERS.COM
BRAZIL LAW AND PRACTICE Contributed by: Ricardo Barretto Ferreira da Silva, Ingrid Bandeira Santos, Sylvia Werdmüller von Elgg Roberto and Isabella da Penha Lopes, Azevedo Sette Advogados
in the custody, intermediation and brokerage of crypto assets. Although no robust regulatory framework for cryptocurrency is currently in place, it is expect - ed that such a framework will be developed in the near future. A major challenge is to adapt existing technologies to regulatory standards that will be in place after design and other param - eters have been decided upon. Another relevant issue to be addressed is fraud and security breaches. The use of technologies in regulatory sandboxes, along with public consultations and discussions, allows the exchange of experience between the TMT industry, civil society and the government, which will lead to the development of more precise, useful and feasible rules for the cryptocurrency sector. 2. Cloud and Edge Computing 2.1 Highly Regulated Industries and Data Protection Although Brazil does not have specific legisla - tion dedicated solely to cloud services, various local laws address this issue. The MCI outlines principles, rights and duties pertaining to the use of the internet in Brazil, establishing obligations for internet connection and application providers that are pertinent to cloud computing solutions. A significant aspect of the MCI is the requirements related to data retention imposed on internet application pro - viders. The LGPD regulates the handling of personal data across all sectors. Cloud service provid - ers, whether acting as controllers or processors of personal data, must adhere to this Act. The LGPD particularly influences cloud computing
and its providers by establishing criteria for per - sonal data processing and data transfers. Regarding personal data processing, there are several key points in the cloud computing con - text: • the physical location of personal data is crucial for determining the applicable national law; • multiple stakeholders typically collaborate throughout the value chain in cloud comput - ing, which raises complex issues regard - ing personal data processing requirements, including data security concerns that may escalate with the addition of new service providers; and • cloud computing often involves significant personal data transfers across borders, necessitating that both data controllers and processors ensure compliance with relevant data protection regulations. The CDC applies to consumer transactions, including those involving cloud computing prod - ucts or services. Banking Resolution No 4893/2021 of the BCB estab - lishes requirements for cloud services used by financial institutions. It imposes critical obliga - tions on entities regulated by the BCB, including specific cybersecurity policies related to cloud environments. Insurance The Brazilian Superintendence of Private Insur - ance ( Superintendência de Seguros Privados ; SUSEP) has also issued standard cybersecurity guidelines applicable to insurance companies and their service providers, extending to general cloud services (Circular No 638/2021).
18
CHAMBERS.COM
BRAZIL LAW AND PRACTICE Contributed by: Ricardo Barretto Ferreira da Silva, Ingrid Bandeira Santos, Sylvia Werdmüller von Elgg Roberto and Isabella da Penha Lopes, Azevedo Sette Advogados
Government Entities For over a decade, the Institutional Security Cabinet of the President’s Office has been issu - ing Complementary Norms ( Normas Comple- mentares ; NC) to regulate the use of technology within government agencies. The latest version (NC No 05/IN01/DSIC/GSIPR), addressing cloud computing security and data protection, prohib - its the processing of classified information on the cloud and mandates that agency-related data be stored in data centres located within national borders. The Institutional Security Cabinet of the President’s Office has issued various education - al materials since 2016, outlining best practices for federal entities when engaging with cloud services. Key contractual requirements include: • ensuring that agency data remains within Brazilian territory, including backups and replications; • using Brazilian jurisdiction to resolve legal disputes arising from contracts with cloud service providers; • guaranteeing the portability of data and applications, ensuring timely access without additional costs to promote business continu - ity; and • ensuring contractual confidentiality regarding information held by providers and prohibiting unauthorised third-party access. Finally, Digital Government Secretariat/Ministry of Management and Innovation in Public Ser - vices ( Secretaría de Gobierno Digital Secretaría de Gobierno Digital / Ministério da Gestão e da Inovação em Serviços Públicos ; SGD/MGI) Ordi - nance No 5,950 of 2023 established a template for federal public administration agencies to use when contracting software and cloud computing services. This ordinance is aimed at standardis - ing and streamlining the procurement process while emphasising the security, privacy, integrity
and governance of agency-held data. It speci - fies various aspects such as remuneration struc - tures, minimum service levels, product verifica - tion standards, acceptance criteria and security requirements. Compliance with this ordinance has been mandatory for contracts signed as of 30 April 2024. However, agencies may apply the standards to previous contracts as well. Con - tracts entered into before 1 November 2023 are exempt from this ordinance. Agencies must justify any deviations from the prescribed con - tracting models, submitting them for approval by the SGD. 3. Artificial Intelligence 3.1 Liability, Data Protection, IP and Fundamental Rights The use of AI is currently being discussed in Bra - zil through the deliberation of Bill No 3,592/2023, Bill No 2,338/2023 and Bill No 5,691/2019. Bill 3,592/2023 discusses the use of audiovisual rep - resentations of deceased people aimed at safe - guarding their dignity, privacy and rights after death. Bill No 2,338/2023 focuses on the use of AI in general. Bill No 5,691/2019 establishes the National Policy for Artificial Intelligence, with the goal of stimulating the formation of a favourable environment for the development of AI technolo - gies. This bill is the result of the unification of other previous bills. The National AI Policy establishes, as its core principles: • inclusive and sustainable development; • respect for ethics, human rights, democratic values and diversity; • protection of privacy and personal data; and • transparency, security and reliability.
19
CHAMBERS.COM
BRAZIL LAW AND PRACTICE Contributed by: Ricardo Barretto Ferreira da Silva, Ingrid Bandeira Santos, Sylvia Werdmüller von Elgg Roberto and Isabella da Penha Lopes, Azevedo Sette Advogados
The bill also states that AI should: • respect people’s autonomy; • preserve people’s intimacy and privacy; • preserve the bonds of solidarity between peo - ple of different generations; • be intelligible, justifiable and accessible; • be open to democratic scrutiny and allow for debate and control by the population; • be compatible with maintaining social and cultural diversity and not restrict personal lifestyle choices; • contain safety and security tools that allow human intervention where necessary; • provide traceable decisions without discrimi - nation, prejudice or bias; and • follow governance standards that ensure ongoing management and mitigation of potential technological risks. The bill developing most rapidly is Bill No 2,338/2023, focusing on the responsible use of AI, the protection of fundamental rights and the safety of AI systems. Some view this bill as being excessively focused on risks, but this reflects concern regarding the protection of fundamen - tal rights, risk assessment and the liability of developers and operators of AI systems. As for deepfake technologies, they would fall under the definition of synthetic content modified or gener - ated by AI systems. For now, the protection of a person’s likeness, moral rights or equivalent rights is supported by the laws that are currently in place, like the Criminal Code, the Civil Code, the LGPD, etc. Since there is no AI regulation in force, high-risk applications like autonomous vehicles are not yet regulated. The use of drones is regulated by the National Civil Aviation Agency ( Agência Nacional de Aviação Civil ; ANAC), complement - ed by the National Telecommunications Agency
( Agência Nacional de Telecomunicações ; ANA - TEL) and the Department of Airspace Control ( Departamento de Controle do Espaço Aéreo ; DECEA). Autonomous operation of drones is not currently permitted, and regulations will likely eventually apply to the use of AI in commercial and delivery drones. Pending the regulation of AI in Brazil, and since there are no specific laws at present, other leg - islation, such as the Consumer Protection Code, may impact the way AI is used and dictate the rules and obligations for the parties involved, for example in relation to data privacy and internet use. 4. Internet of Things 4.1 Machine-to-Machine Communications, Communications Secrecy and Data Protection Decree No 9,854/2019 instituted the National Internet of Things (IoT) Plan to improve quality of life, foster competition, increase productivity and integrate Brazil into the international land - scape, among other objectives. Health, cities, industries and rural environments are priorities for IoT solutions. According to the National Internet of Things (IoT) Plan, the IoT serves as infrastructure for the provision of value-added services (VAS) through virtually connected devices based on evolving information and communication tech - nologies with interoperability, whereas machine- to-machine (M2M) communications systems are telecommunications networks, including access devices, for the transmission of data to remote applications with the aim of monitoring, meas - uring and controlling devices, the surrounding environment or networked data systems.
20
CHAMBERS.COM
BRAZIL LAW AND PRACTICE Contributed by: Ricardo Barretto Ferreira da Silva, Ingrid Bandeira Santos, Sylvia Werdmüller von Elgg Roberto and Isabella da Penha Lopes, Azevedo Sette Advogados
The provision of IoT/M2M solutions is not regu - lated in Brazil. However, the connectivity required for the transmission of data between devices is relevant, since telecommunications services are regulated in Brazil – ie, are subject to the provisions of Law No 4,972/1997 (the “General Telecommunications Law”; LGT) and regulations issued by ANATEL. A licence from ANATEL is also required for the provision of such services. As per the LGT, VAS refers to the addition of new supportive utilities – related to the access, storage, presentation, movement or recovery of information – to a telecommunications service, while telecommunications services can be used to transmit and receive symbols, characters, signs, writings, images, sounds or information by wire, radio-electricity or optical means, or by any other kind of electromagnetic process. If an IoT/M2M solution involves connectivity via a third-party telecommunications provider hold - ing the applicable licence, the IoT/M2M provider is deemed to be the user of a telecommunica - tions service supporting the application, and as such is not subject to the telecommunications regulatory rules or to ANATEL’s control. In this case, the ISS tax is due, the rate of which varies according to the municipality. If an IoT/M2M solution is both a VAS (related to the IoT/M2M application) and a telecommuni - cations service (related to device connectivity), the solution provider is subject to telecommuni - cations regulatory rules and ANATEL’s control, and it should hold the relevant authorisation; in this scenario, the state tax on the circulation of goods and services ( Imposto Sobre Circulação de Mercadorias e Prestação de Serviços ; ICMS) is due at a higher rate than the ISS tax.
Connected devices are deemed communica - tions products using the radio-electric spectrum for information propagation and, as such, they should be in compliance with technical require - ments issued by ANATEL and be certified and homologated by the same agency. Prior licensing with ANATEL is also required for radiocommunication transmission station opera - tion; however, Law No 14,108/2020 exempted stations integrating M2M communications sys - tems from such prior licensing, and from the payment of certain fees until December 2025. Although the implementation and development of the IoT in Brazil is based on free competition and circulation of data, there must be compli - ance with information security and personal data protection guidelines, and several laws and reg - ulations may apply, including: • the Federal Constitution, which provides that privacy, private life, honour, the “image of people” and the confidentiality of data are inviolable (except in cases of court orders related to criminal investigations or discover - ies); • Law No 9,296/1996, which provides that the interception of information technology, telematics, telephone communications, etc is a crime; • Law No 12,737/2012, which provides for cybercrimes and classifies the disclosure of proprietary information as a crime; • Law No 12,965/2014 (Brazilian Internet Act), which sets principles and rules for ensuring data privacy and protection in relation to the internet; • Decree No 8,771/2016, which sets secu - rity standards for the custody, storage, and processing of personal data and private
21
CHAMBERS.COM
Page i Page 1 Page 2 Page 3 Page 4 Page 5 Page 6 Page 7 Page 8 Page 9 Page 10 Page 11 Page 12 Page 13 Page 14 Page 15 Page 16 Page 17 Page 18 Page 19 Page 20 Page 21 Page 22 Page 23 Page 24 Page 25 Page 26 Page 27 Page 28 Page 29 Page 30 Page 31 Page 32 Page 33 Page 34 Page 35 Page 36 Page 37 Page 38 Page 39 Page 40 Page 41 Page 42 Page 43 Page 44 Page 45 Page 46 Page 47 Page 48 Page 49 Page 50 Page 51 Page 52 Page 53 Page 54 Page 55 Page 56 Page 57 Page 58 Page 59 Page 60 Page 61 Page 62 Page 63 Page 64 Page 65 Page 66 Page 67 Page 68 Page 69 Page 70 Page 71 Page 72 Page 73 Page 74 Page 75 Page 76 Page 77 Page 78 Page 79 Page 80 Page 81 Page 82 Page 83 Page 84 Page 85 Page 86 Page 87 Page 88 Page 89 Page 90 Page 91 Page 92 Page 93 Page 94 Page 95 Page 96 Page 97 Page 98 Page 99 Page 100 Page 101 Page 102 Page 103 Page 104 Page 105 Page 106 Page 107 Page 108 Page 109 Page 110 Page 111 Page 112 Page 113 Page 114 Page 115 Page 116 Page 117 Page 118 Page 119 Page 120 Page 121 Page 122 Page 123 Page 124 Page 125 Page 126 Page 127 Page 128 Page 129 Page 130 Page 131 Page 132 Page 133 Page 134 Page 135 Page 136 Page 137 Page 138 Page 139 Page 140 Page 141 Page 142 Page 143 Page 144 Page 145 Page 146 Page 147 Page 148 Page 149 Page 150 Page 151 Page 152 Page 153 Page 154 Page 155 Page 156 Page 157 Page 158 Page 159 Page 160 Page 161 Page 162 Page 163 Page 164 Page 165 Page 166 Page 167 Page 168 Page 169 Page 170 Page 171 Page 172 Page 173 Page 174 Page 175 Page 176 Page 177 Page 178 Page 179 Page 180 Page 181 Page 182 Page 183 Page 184 Page 185 Page 186 Page 187 Page 188 Page 189 Page 190 Page 191 Page 192 Page 193 Page 194 Page 195 Page 196 Page 197 Page 198 Page 199Powered by FlippingBook