Georgia Introduces Favorable Tax Treatment for Online Gambling Operators Targeting Foreign Players

In a strategic move to attract foreign investment and strengthen its position in the global gambling industry, the Parliament of Georgia (the Parliament) has recently passed amendments to the tax laws governing online gambling (the Amendments). Adopted on 27 June 2024, the Amendments introduce more favorable tax conditions for entities operating online gambling websites in Georgia for foreign players and are set to come into effect on 1 December 2024. By reducing the tax burden and fostering a more competitive environment, the Parliament aims to draw international operators and elevate Georgia’s profile in the global gaming market.

In light of the Amendments, this article provides an overview of Georgian regulatory framework for online gambling operators targeting foreign players and the specific tax regulations that will apply to these activities.

Permit for Online Gambling Operators

Online gambling in Georgia is governed by the Law of Georgia on Organizing Lotteries, Games of Chance, and Other Prize Games (the Gambling Law). The Gambling Law sets out the regulatory framework for the industry, covering areas such as the issuance of permits, information disclosure, and the protection of players’ rights. Under the Gambling Law, all operators of online gambling websites shall hold a permit issued by the Revenue Service of Georgia (the Revenue Service). The Revenue Service, as the regulatory authority, oversees all matters related to gambling in Georgia.

To obtain a permit for online gambling, the permit seeker shall first obtain the authorization certificate from Random Systems Georgia to ensure compliance with relevant international standards and Georgian legislation. Random Systems Georgia is a company appointed by the Revenue Service for implementing and operating the electronic gaming business control system. For this purpose, the Random Systems Georgia monitors gaming products and services of Online Gambling Operators in Georgia. After the authorization certificate is issued, the permit seeker shall apply to the Revenue Service.

Once the permit for operation of online gambling is obtained, the Amendments allow permit holders to utilize two internet domains. However, in such cases where two internet domains and websites are utilized, one domain and website must be exclusively for Georgian players and the other for foreign players.

Fees to be Paid by the Permit Holder

Permits for operation of online slot salon and online casino may be issued either to holders of permits for land-based gambling or to new applicants who do not possess such permits. The annual permit fee solely for slot website is GEL 1,000,000. For an online casino, the annual permit fee is GEL 5,000,000.

However, to operate online sportsbook targeting solely foreign players, in addition to permit for online operations, the operator shall also secure a permit for a land-based sportsbook and maintain at least one land-based location. Consequently, the annual permit fees are as follows: GEL 30,000 to GEL 300,000 for the land-based sportsbook, depending on the location on the territory of Georgia, and GEL 100,000 for the online sportsbook. In addition to the annual permit fees, the operators of land-based gambling are subject to additional quarterly fees. Therefore, operator of online sportsbook will be required to pay quarterly fee from GEL 250,000 to GEL 300,000 depending on the location of land-based facility within Georgia.

Taxes to be Paid by the Permit Holder

Tax Regulations for Slot Salons – The Tax Code of Georgia governs taxation of gambling operators. For land-based slot salons, the taxable base is the Gross Gaming Revenue (GGR), which represents the difference between the total bets received from players and the winnings paid out to them. Generally, the slot salon operator is subject to a 15% corporate income tax rate.  However, according to the Amendments, GGR generated from foreign players is taxed with 5% instead of 15%.

Furthermore, a 5% income tax rate is imposed on funds withdrawn by individuals from slot websites. The operator shall withhold such tax when disbursing the winning amount to the player. The recent Amendments exempt the withdrawals of foreign players from such 5% tax, effectively reducing their overall tax burden and potentially increasing their net earnings from such activities.

Tax Regulations for Sportsbooks – Generally, the taxable amount of online sportsbook operators for corporate tax purposes is total bets made. The online sportsbook operator shall pay 7% profit tax on all bets. However, according to the Amendments, for online sportsbook operators whose websites target foreign players, the taxable amount is GGR (not total bets made) and such GGR is taxed at 5%. Additionally, according to the Amendments, foreign players who win and withdraw money from online sportsbooks, are exempt from the withholding income tax, consequently, creating a tax-free regime for foreign players in Georgia.

Tax Regulations for CasinosFor corporate income tax purposes, the taxable base for online casinos is the GGR. The Standard tax rate for GGR generated from Georgian players is 15%. However, the Amendments have introduced a tax rate of 5% for GGR generated from foreign players. Additionally, a 5% personal income tax is levied on funds withdrawn by individuals from online casino, with the operator responsible for withholding this tax when disbursing winnings. According to the Amendments, foreign players are exempt from this 5% tax on withdrawals, effectively lowering their tax liability and potentially increasing their net earnings.

In conclusion, the Amendments set to take effect on 1 December 2024 mark a significant shift in Georgia’s regulatory landscape for the gambling industry. By introducing more favorable tax conditions for entities that operate online gambling for foreign players, Georgia aims to enhance its attractiveness as a hub for online gambling. These changes reflect Georgia’s move to stimulate foreign investment, promote economic growth, and strengthen its position in the global gambling market. As the implementation date approaches, stakeholders will need to stay informed and adapt to the evolving regulatory framework to fully adapt to the opportunities these Amendments present.

MG Law Announces Tamar Jikia’s Admission to New York Bar

We are proud to announce that Tamar Jikia has recently been admitted to the New York State Bar. This achievement marks a significant milestone for both her and the firm. With her new qualification, Tamar is now licensed to practice law in both Georgia and the state of New York, expanding her capacity to serve clients across international borders.

Tamar is a graduate of Columbia Law School, where she focused her studies on corporate law, further enhancing her expertise in handling complex legal matters. Over the past nine years, Tamar has been an integral part of MG Law, providing top-tier legal advice and advocacy for clients in a wide range of industries. Her experience and legal acumen have been invaluable to the firm’s success, and her admission to the New York Bar opens up new opportunities for cross-border representation.

With this development, MG Law strengthens its international presence and broadens its outreach to clients with legal needs in both the United States and Georgia. The firm is now better positioned to assist businesses and individuals with interests in New York, whether they are Georgian clients seeking representation abroad or U.S.-based entities looking to navigate legal matters in Georgia. MG Law is developing a thriving cross-border practice focused on Fintech. Tamar’s dual qualifications will allow for smoother, more efficient handling of cases that span both jurisdictions.

We are confident that this development will enhance our firm’s ability to provide comprehensive legal services and will contribute to our continued growth as a leading law firm in Georgia and beyond.

Consumer Arbitration Proceedings in EU and Georgia

The popularity of consumer arbitration around the world is growing day by day. Consumer arbitration enables businesses and their consumers to submit disputes to an impartial third party, such as an arbitral institution. Consumer arbitration legislation is regulated differently in the European Union and in Georgia.

Consumer Arbitration in EU

In the European Union, the procedure for conducting consumer arbitration is generally regulated by the Directive on Consumer ADR (Directive 2013/11/EU) and Regulation on Online Dispute Resolution for Consumer Disputes (EU) No. 524/2013. The European Union has established the European ODR Platform, a specifically designed platform for consumers that assists them in resolving disputes with businesses. It suggests that parties negotiate amicably within 90 days after a consumer submits an online claim through the platform. In the event of failure to reach an agreement, the parties will then have 30 days to choose an alternative dispute resolution (ADR) body. For example, such an ADR body might be the European Consumer Centre Network, which unites national offices across the European Union as well as in Iceland and Norway and is governed by the European Commission for cross-border consumer disputes.

The Directive on Consumer ADR has its distinctive features. It applies only to complaints submitted by consumers against businesses, not vice versa. That is why the arbitration agreement that deprives the consumer’s right to bring an action before the courts and is concluded before the dispute arises should not be binding on the consumer. On the other hand, in most member states of the European Union, participation in ADR proceedings is voluntary for businesses.

As a rule, the overall term for dispute resolution under the Directive on Consumer ADR is approximately 90 days, subject to extensions based on the complexity of the dispute. Such shortened deadlines help the parties to protect their rights in a timely manner.

Consumer Arbitration in Georgia

In contrast to the European Union, there is no specific law in Georgia on consumer arbitration, and the Law of Georgia on Arbitration which generally governs commercial arbitration, is also applicable to business-to-consumer disputes. In this respect, there are no specific provisions governing consumer arbitration. Business-to-consumer disputes are mostly heard by local arbitration institutions in Georgia. Unlike the European Union’s model of consumer arbitration, Georgian legislation sets forth no obligations to refer to amicable settlement proceedings before commencing the arbitration process. Therefore, consumer arbitration may be directly commenced based on the parties’ arbitration agreement. However, there are certain requirements that should be considered while drafting such an arbitration agreement. For instance, pursuant to the Law of Georgia on the Protection of Consumer Rights, the arbitration agreement that obliges consumers to refer to arbitration only is regarded as an unfair and void provision, provided such arbitration is not regulated by Georgian legislation.

The Law of Georgia on Arbitration requires the arbitration agreement to be made in writing and signed by both parties, provided one of the parties is a natural person, in this case a consumer. Since in business-to-consumer disputes consumers are considered weaker parties than business entities, such requirement of the Georgian legislation ensures consumers’ full, equal opportunity to familiarize themselves with the arbitration agreement. This also reduces the risks related to the voidness of the arbitration agreement due to consumers’ lack of awareness regarding ADR mechanisms.

The Georgian legislation gives parties the possibility to execute arbitration agreements before and after materializing the dispute, in contrast to the European legislation. Moreover, once a request for arbitration is made, there is no exemption for consumers or businesses from participation in arbitration proceedings.

Prospects of Consumer Arbitration in Georgia

Considering the European legislation on consumer arbitration, there is a prospect to develop consumer-arbitration specific rules in Georgia. This will raise awareness regarding consumer arbitration and refine procedural mechanisms for arbitrating such disputes. Setting forth the pre-arbitration negotiation duties of the parties, as is the case in the European Union, might also help to resolve the dispute amicably before even commencing arbitration proceedings. Since there is a backlog of cases in the Georgian courts, development of consumer arbitration may be the most cost and time effective resolution for Georgian market.

Collective Management Organizations and Protection of Intellectual Property Rights in Georgia

The legislation of Georgia provides safeguards for intellectual property both on an individual and collective basis. Individual protection entails acquiring authorization for the lawful use of a work by signing individual contract with the rights holder, while collective protection implies concluding a contract with an organization that manages property rights on a collective basis.

In addition to the protection of intellectual property on individual basis, the laws of Georgia envisage framework collective management of the property right. The Law of Georgia on Copyright and Related Rigths (the Copyright Law) proposes the establishment of a Collective Management Organization (the CMO) – a non-entrepreneurial (non-commercial) legal entity, which is granted accreditation by the National Intellectual Property Center of Georgia Sakpatenti (Sakpatenti).

Latest Amendments to the Copyright Law and Selection of the new CMO

The most significant changes regarding the CMO were introduced to the Copyright Law on 3 July 2023. One of the most notable amendments was a direct clarification that specially created accreditation commission shall accredit the sole and exclusive CMO. The amendments determined the criteria for accreditation of the CMO, a specific system for royalty collection and distribution, criteria ensuring transparency in the organization’s activities, and mechanisms for oversight. The adoption of these amendments introduced detailed regulations and conditions for establishment of the CMO. Additionally, the guidelines for its registration and accreditation, along with the functions and obligations of the authorized body responsible for granting accreditation were stipulated.

To accredit such CMO, on 26 September 2023 Sakpatenti announced a competition for granting accreditation to a CMO of economic rights and selected the new CMO – Intellectual Property Owners Association (IPOA). Effective from 1 January 2024, IPOA is the sole and exclusive CMO on the Georgian market, which manages the following property rights: (i) the right to public performance; (ii) the right to public display; (iii) the right to public transmission; (iv) copyright to audiovisual works; (v) the right of the author of fine art works; (vi) the right to use a phonogram issued for profit; (vii) the right to reproduce; (viii) the right to synchronize; (ix) the right to adapt the work.

Rights and Duties of the CMO

The CMO operates within the framework of rights and obligations prescribed by the Copyright Law. Specifically, the CMO possesses powers which include the following: (i) conducting negotiations on use of the work and amount of royalty; (ii) issuing licenses pertaining to the use of the work; (iii) collecting and distributing royalties to right holders; (iv) representing the interests of the right holders in judicial and administrative proceedings.

In exchange for the transfer of rights, the CMO manages intellectual property in compliance with the obligations set forth in the Copyright Law. Several pivotal obligations of the CMO include: (i) safeguarding the confidentiality of information provided to the CMO; (ii) operating within the interests of the relevant right holder; (iii) complying with specific rules when collecting and distributing royalties, such as: ensuring regular and highly accurate distribution of royalties, maintaining separate accounts, and distributing royalties within a designated (9-month) timeframe; (iv) providing the right holder and user with comprehensive information about their rights.

The above legal framework establishes a system wherein the CMO collectively manages the property rights on behalf of the right holders in accordance with their interests and rights and duties of the CMO as mandated by the law.

Agreements Between the Users and the new CMO

Granting accreditation to one exclusive CMO resulted in revocation of authority for previously established CMOs. Consequently, contracts previously executed between users and former CMOs are no longer valid. To ensure the lawful use of objects protected by the Copyright Law, it is necessary to obtain appropriate permission and enter into new contracts with the newly appointed authorized CMO – IPOA or the entity designated by IPOA. IPOA is authorized to issue sub-licenses and designate authorized entities to grant specific set of rights.

It is important to highlight that when users enter into a contract with the CMO / a sub-licensee of the CMO, the peculiarities that resulted from the operation of one exclusive CMO in the market shall be considered. In this context, issues concerning licensing and termination of a contract hold particular significance. The Copyright Law stipulates the option for the CMO to decline license issuance only in the presence of substantial grounds, necessitating a stringent standard of justification, which shall also apply to termination of the contract. It would be advisable to also address such matters directly in the contract.

In conclusion, Collective Management Organization plays a significant role in protecting intellectual property rights. Through the establishment of a collective management system for property rights, legislation facilitates a simplified mechanism for both right holders and users to protect their intellectual property rights and acquire necessary permits. The recent legislative changes have further enhanced this notion, potentially fostering greater development within the field of intellectual property in the future.

Tbilisi Free University team participated in the Brown-Mosten International Client Consulting Competition

Tbilisi Free University team, sponsored by MG Law Office and Tbilisi Free University, participated in the Brown-Mosten International Client Consulting Competition. The competition was held in Lublin, Poland
At MG Law, we firmly believe in nurturing the potential of the next generation of professionals. We understand the significance of their growth and development, which is why we actively support their aspirations

The Law on Securitization comes into effect in Georgia

On 15 December 2023, the Parliament of Georgia passed the new Law on Securitization (the Law). The Law officially came into effect on April 1, 2024. It provides a legal framework for transforming future receivables from third parties into liquid assets through the issuance of securities.

Definition of Securitization

Under the Law, securitization is defined as a process, were the initiator (an entity willing to receive financing) (the Initiator) transfers to the securitization special purpose entity (the Securitization Entity) its underlying assets (any future foreseeable income), in return to which the Initiator receives funds from the Securitization Entity. The Securitization Entity issues securitization instruments (including securities, other financial instrument, unit of a securitization fund (unit), share of a securitization company, etc.), which are obtained by the investors (the Investor), who receive specific income from such instruments. Thus, the Law is applicable to the Initiators, Securitization Entities and the Investors. In some cases, securitization can be carried out without involvement of the Securitization Entity (as described below).

Securitization Entity and its Role

The Securitization Entity is a legal entity or an organization (without legal entity status) that, by purchasing underlying assets or through other means (such as derivatives), takes on the credit risk associated with these assets. It then issues securitization instruments to raise funds for acquiring this risk. The value and/or profitability of these instruments depend on the mentioned risk. Securitization Entities can take the form of either a securitization company or a securitization fund. These entities are strictly limited to activities directly related to securitization, such as acquiring underlying assets, managing risks, and issuing securitization instruments. The National Bank of Georgia (NBG) regulates the securitization market and oversees Securitization Entities.

Under the Law, a Securitization Entity must be authorized by the NBG if it engages in a public offer or has more than 20 non-qualified investors. The authorization fee for a Securitization Entity is set at GEL 5,000. Entities not requiring NBG authorization must notify the NBG before commencing activities. Initiators conducting securitization without a Securitization Entity’s involvement must also inform the NBG in advance and are limited to private offers with fewer than 20 inexperienced investors.

Investors and their Role in Securitization

The Investor may be an individual, a company, or an organization (without legal entity status) that holds a risk position in securitization through securitization instruments. The law differentiates between inexperienced, experienced and institutional investors. Where the terms inexperienced and experienced investors have already being used in other legislative acts regulating the security markets, the term institutional investor (the Institutional Investor) is novelty introduced by the Law.

The Law defines an inexperienced investor as one who is not an experienced investor under the Law of Georgia on Securities Market (the Securities Market Law), while an experienced investor, as per the Securities Market Law is characterized by possessing ample experience, assets, or income to absorb financial losses from investment activities. An experienced investors are individuals secured with substantial assets, and/or financial institutions, directors of such institutions, legal entities with capital surpassing GEL 1,000,000 or those officially recognized as such by the NBG. Under the Law, the Institutional Investor is a type of investor who falls into one of the following categories:

  • A commercial bank;
  • A microbank;
  • A microfinance organization;
  • An insurance organization;
  • An asset management company or registered/authorized investment fund;
  • A brokerage company;
  • A person acting on behalf of the pension scheme provided for by the Law of Georgia “On Cumulative Pension.” and
  • A person acting on behalf of a voluntary private pension scheme.

The Institutional Investors are supervised by the NBG and the Law sets forth specific obligations for them, including assessment of the risks associated with the underling assets and securitization instruments.

Procedure of Securitization

Securitization, in essence, is a financial arrangement where initial assets are pooled together, and securities are issued based on this pool. The overview of securitization procedure is provided below:

  • Pooling of Assets: Initially, a collection of income-generating financial assets is gathered. These could be anything from loans to other receivables.
  • Transfer to Securitization Entities: Instead of the original owner of these initial assets (Initiator) holding onto them, they are transferred to a Securitization Entities set up specifically for this purpose.
  • Funding by Issuing Securitization Instruments: The Securitization Entities then finance the acquisition of these initial assets by issuing securitization instruments (e. securities). These instruments are essentially shares in the income generated by the pooled initial assets.
  • Payment Backed by Asset Proceeds: The principal and interest payments on these instruments are funded by the income generated by the initial assets.

Accordingly, securitization allows for the conversion of diverse income-generating assets into tradable securities, providing Investors with an opportunity to invest in a diversified portfolio of assets while providing the original owner with liquidity.

Under the Law there are two procedures of securitization:

  • Traditional Securitization: This involves transferring ownership of the underlying assets to a Securitization Entity.
  • Synthetic Securitization: Here, the credit risk is transferred without transferring ownership of the underlying assets. This can be done through methods like placing a credit derivative or issuing a guarantee. In synthetic securitization, the underlying assets remain with the originator, and credit risk is directly transferred to investors. Synthetic Securitization can be carried out without the participation of a Securitization Entity, by directly transferring credit risk to the Investor(s).

In summary, the Securitization Law in Georgia empowers Securitization Entities to manage credit risks associated with underlying assets by issuing securitization instruments. Investors acquire these instruments to generate specific income, contributing to the liquidity and efficiency of Georgia’s financial markets.

MG Law Exclusive Contributor to 3rd Edition of The Legal 500

 We are pleased to announce the 3rd Edition of The Legal 500: Doing Business In Comparative Guide is now live where MG Law is the exclusive contributor. The Legal 500 Country Comparative Guides are produced in association with the world’s leading attorneys and give a practical overview of regulation in key jurisdictions, for specific practice areas.
 
At MG Law Office, Managing Partner Archil Giorgadze and Legal Director Ana Kochiashvili have provided analysis of current trends and developments on the topic “Doing Business in Georgia”.
 
 This country-specific Q&A provides an overview of Georgian laws and regulations which may be relevant for various business activities. We hope the guide will be a helpful tool for users and will give insights to those interested in setting up and doing business in Georgia.
 
Reed the Chapter here ????
 
For a full list of jurisdictional Q&As visit????

Procedures for Registration as a Payment Service Provider in Georgia

In the realm of financial services, particularly within the jurisdiction of Georgia, the operation of payment services is subject to regulatory oversight. This regulatory framework aims to ensure transparency, security, and stability within the payment sector. Central to this regulatory landscape are entities known as Payment System Providers (PSPs), which play a crucial role in facilitating various payment transactions. The PSPs encompass a diverse array of entities, including commercial banks, microbanks, and microfinance organizations. These entities serve as intermediaries between users and the payment infrastructure, enabling the smooth transfer of funds and the execution of payment transactions.

PSPs are mandated to register with the National Bank of Georgia (NBG), a regulatory requirement aimed at ensuring compliance with statutory regulations and safeguarding the interests of consumers and stakeholders alike. However, it is noteworthy that commercial banks, microbanks, and microfinance organizations are automatically authorized to provide payment services under Georgian statutory regulations. Consequently, the rules pertaining to registration as a PSP do not apply to them. Therefore, if an entity, excluding commercial banks, microbanks, or microfinance organizations, intends to offer payment services, it shall register as a PSP before the NBG.

In Georgian market, several prominent entities have established themselves as major players in the provision of payment services. Notable among these is leading commercial bank such as JSC TBC Bank. Additionally, brands such as CPAY, OPPA and eMoney Georgia have also registered as PSPs in Georgia.

The Scope of the Services Provided by PSP

Pursuant to the applicable Georgian law, the PSP is authorized to perform the following:

  • Services that ensure the debiting of funds from the payer’s account and related transactions;
  • Services related to the crediting of funds to the recipient’s account and related transactions;
  • Making payments through direct debits (including one-off orders), payment cards, or other electronic means, as well as credit transfers (including standing orders) within the funds or credit resources of a payment service user;
  • Issuance and/or acquisition of payment instruments, including electronic money instruments;
  • Execution of remittances;
  • Issuance of electronic money (issuance of tokens e.g. via an ICO and the exchange of fiat money into cryptocurrencies and the exchange from cryptocurrencies back into fiat money), along with the implementation of payment transactions through electronic money, utilizing methods such as mobile phones, the Internet, or other electronic means;
  • Execution of payment transactions based on the consent of the payer given by means of telecommunication, digital, or IT devices, to or in favour of the telecommunication, IT system, or network operator that acts as an intermediary between the payer and the payee, as well as between the user and the supplier of goods or services; and
  • Provision of payment initiation services.

Hence, entities intending to undertake any of the aforementioned activities are obliged to undergo registration as a PSP before the NBG.

Procedure for Registration of PSP

To initiate the registration process, entities must first establish a legal entity and then provide a comprehensive set of documents to the NBG. The required set of documents include general information about the entity, comprehensive list of payment services, details about the administrators of the PSP, information pertaining to significant shareholders, beneficial owners or individuals with significant influence and other documents related to the payment system.

All documents must be either original or notarized copies, with foreign documents legalized and translated into Georgian.

Moreover, the NBG retains the authority to request further information or documentation from the entity as necessary to finalize the registration decision. The NBG may, at any stage of the registration process, ask the entity to demonstrate the electronic system used for implementing payment services or grant access to its employees at the head office for assessment purposes.

Should the documentation provided by the entity fail to meet the stipulated requirements, the NBG will grant 30 calendar days for rectifying the deficiencies and/or clarifying the submitted data. After the documentation provided to the NBG meets its requirements, a thorough examination of the submitted documentation within a stipulated timeframe of 60 calendar days is conducted, reserving the prerogative to solicit supplementary information, if deemed necessary.

Upon successful registration, the NBG issues an administrative document confirming the entity’s status as a registered PSP, along with details of authorized payment services.

Provision of Payment Services After Obtaining Approval by NBG

It is important to note that Georgian law does not impose any additional costs to be paid to the NBG, apart from the application review fee of GEL5,000. However, Georgian legislation does establish general regulations applicable to all PSP companies, including rules for their administrators. The administrator of a PSP is a member of the supervisory board, a member of the board of directors, or an individual authorized to independently undertake obligations on behalf of the PSP. The administrators overseeing PSP activities must meet the specific criteria, including: (i) no record of serious criminal offenses; (ii) compliance with financial regulations; (iii) compliance with fiduciary duties; (iv) relevant education and managerial experience in finance or related fields.

Moreover, Georgian legislation categorizes PSPs as the accountable entities under Anti-Terrorism and AML laws, mandating compliance with their provisions. Specifically, these laws require PSPs to conduct customer identification and verification using reliable and independent sources, as well as identifying beneficial owners, and to undertake reasonable measures to verify their identity based on credible sources. Additionally, PSPs are obligated to monitor their business relationships with customers to ensure compliance with the Anti-Terrorism and AML laws of Georgia.

In conclusion, the regulatory landscape governing PSPs in Georgia underscores the importance of adherence to strict guidelines to ensure transparency, security, and accountability within the financial sector. The procedures outlined for registration as a PSP highlight the meticulous process involved in obtaining approval from the NBG and emphasize the significant role PSPs play in facilitating payment transactions within the country. By navigating the registration process effectively and complying with regulatory requirements, entities can contribute to payment infrastructure in Georgia, fostering economic growth.

MG Law Office Recognized Once Again as a Leading Firm in Georgia by The Legal 500

MG Law Office has once again solidified its position as a leading law firm in Georgia, receiving recognition from The Legal 500. This acknowledgment reaffirms the firm’s unwavering dedication to excellence and client satisfaction.

MG law kept its Tier 1 ranking in Dispute Resolution and top ranking in Commercial, Corporate and M&A in the guide’s 2023 rankings for Europe, Middle East and Africa (EMEA). This year also marks the first time MG Law has been ranked in Real Estate and Construction. This recognition highlights MG Law’s commitment to diversifying and enhancing its offerings to meet the evolving needs of its clients.

Our partners, Archil Giorgadze and George Svanadze have been recognized as leading individuals embodying the firm’s commitment to delivering top-tier legal services. Furthermore, Ana Kochiashvili continues to shine as a rising star, showcasing remarkable potential and talent in her field. Joining her is Lasha Machavariani, whose recognition as a rising star underscores the firm’s commitment to nurturing emerging talent.

The recognition from The Legal 500 underscores MG Law Firm’s commitment to excellence and client satisfaction. As it continues its journey of legal excellence, MG Law remains a trusted advisor, providing top-notch legal services with integrity and professionalism.

We are delighted to share with you our clients’ testimonials, selected by the Legal 500:

“MG Law demonstrated an unparalleled level of competence and attention to detail, ensuring that all legal aspects were properly addressed and resolved efficiently.”

“They have a profound knowledge of the market, with exceptional understanding of business needs and the ability to think beyond the legal frames.’”

“The firm doesn’t just offer legal advice; it provides strategic insights and solutions that help clients overcome obstacles and seize opportunities.”

“MG Law’s insights are both eye-opening and consistently helpful and clients can expect a proactive and forward-thinking approach. What sets MG Law apart is its commitment to providing tailored solutions.”

Georgia Introduces Amendments to the Law of Georgia on Personal Data Protection

The Parliament of Georgia recently adopted the new Law of Georgia on Personal Data Protection (the New PDP Law or the New Law). The New PDP Law contributes to Georgia’s fulfillment of international obligations and brings existing legislation in the field of personal data protection closer to the European standards. The New Law has entered into force on 1 March 2024.
The New PDP Law introduces several novel amendments that controller or/and data processor (the Controller or/and Processor) should consider. The Personal Data Protection Service (the Service), an independent state authority, is responsible for monitoring compliance with the New PDP Law.

Novel Grounds of Data Processing
The New Law introduces additional legal grounds for permissible data processing, such as contractual necessity, protection of important public interests, or investigative purposes. Based on these novel grounds, data processing is considered permissible when it is deemed necessary for either performance or conclusion of an agreement with the data subject or upon explicit request of the data subject. According to the New Law, data processing is also permissible when necessary to perform tasks falling within the scope of public interest as defined by Georgian legislation. These include activities related to crime prevention, investigation, prosecution, administration of justice, detention and imprisonment, non-custodial sentences and probation, operative and investigative activities, public safety safeguarding, protection of the rule of law, including information security and cyber security.

New Rules Related to Consent of the Data Subject
The New Law determines specific requirements with respect to obtaining consent of the data subject. If the Processor plans to obtain the consent of the data subject with a document that also covers other issues, the Processor is obliged to separate written consent form from other parts of the document and formulate it in a clear, simple, and comprehensible language. Also, if the consent is given within the scope of the agreement, it should be evaluated whether this consent is a necessary condition of the agreement and whether it is possible to receive the relevant service without this consent. As for the processing of special category data (such as data on/ data connected to a person’s racial or ethnic origin, political views, religious or philosophical beliefs, membership of professional organizations, state of health, sexual life, criminal history and others), such data may be processed on the basis of the written consent of the data subject or other enumerated grounds for processing of special categories of data set out in the New PDP Law.

Technical and Organizational Measures to Ensure Data Security
The Processor is obliged to take appropriate technical and organizational measures to ensure the processing of the data in accordance with the New PDP Law. Such measures should adequately ensure data protection, including against unauthorized or illegal processing, accidental loss, destruction and/or damage. The Processor must ensure that technical and organizational measures are taken to automatically process only the amount of data that is necessary for the specific purpose of the processing. These measures should be applied in such a way that an indefinite number of people are automatically granted access to only a minimum amount of data before a permitted alternative approach is chosen. Furthermore, technical, and organizational measures should be periodically updated according to categories, volume, purpose, form, means of data processing and possible threats of violation of the data subject’s rights.

New Rules related to Direct Marketing
Under the New Law, in case the personal data is processed for direct marketing purposes, receiving the written consent of the data subject is mandatory. The Controller/Processor should explain to the data subject their right to withdraw their consent at any time in a clear and comprehensible form with the simple mechanism/procedure for exercising this right. The Controller/Processor should also ensure that the data subject has the possibility to request the termination of the data processing for the direct marketing purposes in the same manner as the direct marketing is carried out.

Regulations regarding Video Monitoring
Video Monitoring of the working process and space is permitted only in exceptional cases, if the purposes for video monitoring cannot be achieved by other means or such means are associated with a disproportionately large effort. In the case of video monitoring of the working process and space, the Controller / the Processor is obliged to inform the employee regarding the purpose of video monitoring in writing. Further, in case of video monitoring, the Controller is obliged to define in writing the purpose, scope, duration and the storage period of video monitoring, the manner, and conditions of access to the video recording, its storage and destruction and the mechanisms for protecting the rights of the data subject in accordance with the principles of data processing. A crucial novelty related to video monitoring is that the warning sign must be installed in a visible place and contain an appropriate inscription, an easily perceptible image about carrying out video monitoring as well as the name and contact data of the Controller.

Mandatory Reporting of Incidents
The New PDP Law imposes the obligation to notify the Service, regarding the occurred incidents of data security breaches. Specifically, the Controller is required to maintain the registry of incidents which describe the incident, its outcome and the measures taken. Each and every incident that may cause significant harm and/or pose a significant threat to fundamental human rights, shall be reported to the Service in writing no later than 72 (seventy-two) hours after the discovery of such incident. As required under the New Law, the Service adopted the order which sets out the rules of reporting and criteria for determining whether specific incident poses harm and/or threat to fundamental human rights. According to the rules published by the Service, the information about the incident shall be submitted to the Service electronically through the official webpage of the Service.

Mandatory Appointment of the Personal Data Protection Officer
Another notable aspect of the New PDP Law is the introduction of the position the personal data protection officer (the Officer), which comes into effect from 1 June 2024. Appointment of the Officer is mandatory in various sectors such as public institutions, insurance organizations, commercial banks, microfinance organizations, credit bureaus, electronic communication companies, airlines, airports, and medical institutions and this obligation extends to entities processing substantial volumes of data or engaging in systematic and large-scale monitoring, regardless of specific mention. As required under the New Law, the Service adopted order on the list of persons who do not have the obligation to appoint or designate the Officer. According to this order, there is no obligation to appoint an Officer if the Processor: (i) processes the personal data of less than 3 percent of the population of Georgia; (ii) process the special category data of less than 1 percent of the population of Georgia; or (iii) does not engage in systematic and large-scale monitoring of data subject behavior. For the purpose of calculating the list of persons whose data is being processed, the employees of the Processor are not counted in (regardless of their number). The Processor who has an obligation to appoint the Officer may meet this requirement through three options: (i) Appointing the Officer; (ii) Adding the functions of the Officer to an employee; or (iii) Outsourcing. The Processor is obliged to publish the identity and contact information of the Officer on its website or through other accessible channels.

Rules related to Data Protection Impact Assessment
The New Law introduces the rules on data protection impact assessment, which enter into force from 1 June 2024. If, considering new technologies, categories, volume, purposes, the risk of undermining fundamental human rights and freedoms is highly likely, the Controller is obliged to assess in advance the impact on data protection. Such assessment entails adoption of the document describing the category, process, purposes of and grounds for Data Processing as well as organizational and technical measures provided for the purpose of data security protection. The data protection impact assessment is mandatory if the Controller makes decisions in a fully automated manner (including on the basis of profiling) or processes special category data of a large number of data subjects or implements systematic and large-scale monitoring of the behavior of data subjects in public gathering places.

Sanctions for Breach of the New PDP Law
The New PDP Law increases the penalties for breach. Depending on the nature of the breach, the organizational form, and the annual turnover of the offender as well as the existence of aggravating and mitigating circumstances, administrative liabilities may vary from warning to penalty in the amount of GEL1,000 (one thousand) to GEL20,000 (twenty thousand), depending on the nature of the breach of the New PDP Law.

Practical Effect of the New Law
Considering the novelties set out in the New PDP Law, the Processors of personal data should review their internal processes, technical and organizational measures and internal documents to ensure compliance with the New Law. Specifically, each Processor / Controller shall: (i) review its internal policies regarding data protection and consent form for obtaining consent; (ii) update these documents as necessary; (iii) create a register of incidents and procedures for notifying the Service; (iv) determine whether it is under obligation to appoint the Office and appoint such Officer no later than 1 June 2024, if applicable; (v) determine whether it is under obligation to adopt the data protection impact assessment and adopt such document no later than 1 June 2024, if applicable.