Category Archives: Articles

The vulnerability of Medical Devices and Medical Institutions in the age of IoT and Connected Networks

Medical devices have taken quantum leaps in terms of their functionality, intelligence and precision in the last decade or so. Improved design, better and cheaper production materials, and the inclusion of more sophisticated software have all contributed to this improvement and have made medical devices more adaptable and user-friendly. However, perhaps the most significant development that has greatly enhanced the capabilities of medical devices is the use of connected networks by these medical devices to accomplish machine-to-machine communication.

The modern age medical devices do not function in isolation anymore; they function as integrated medical devices, where the medical device, networks, software, operating systems, and other various technologies are integrated to serve the ever-changing needs of the healthcare industry. An unintended consequence of this interconnectivity is the increased susceptibility of the devices/networks to cyber-attacks as any weak point in the network may be exploited by cyber offenders, leaving all the devices in the network vulnerable.

This freely downloadable handbook identifies the problem of cyber vulnerability of the medical and healthcare industry and analyses regulatory approaches undertaken by United States of America (USA), European Union (EU) and India to lower the susceptibility to cyber-attacks. Further, the handbook assesses the impact of each regulatory framework implemented by the legal jurisdictions mentioned above.

Download Here: Vulnerability of Medical Devices and Medical Institutions_NovoJuris

Advertisements

Externalization: Flipping the holding company outside of India

We have seen a steady increase in the number of companies, especially tech and tech-enabled companies set up their entities outside of India. More often than not, the reasons are better valuations, ability to raise larger investments, large customer base etc. We are also seeing a few companies (so, cannot call it a trend) internalizing and flipping their holding company into India. Strangely, for the same reasons.

Here’s an exclusive interview with Mr. Shailesh Ghorpade, Managing Partner and CIO at Exfinity Venture Partners. Exfinity provides innovation capital and with established connects and ecosystem across India and US, Exfinity focuses on pioneering start-ups that are ready to scale across the global stage. It was nearly an hour-long candid discussion on all things startups, scaling-up, cross border, hiring, issues typically faced by founders while expanding etc. The lucid thinking during the conversation was delightful to witness.

picture Shailesh-Exfinity.jpg

Good morning and thanks Shailesh for taking the time to talk to us on your experiences of working with early-stage founders and their journey of expanding beyond India.

Sharda: You have seen BTB businesses very closely and I have heard you say before that many these entities should be outside of India. Why and what are those factors that a founder should think through before structuring themselves up outside India.

Shailesh: In India, we have given more attention to BTC where the markets, consumers, sellers are in India. However, you would have noticed that in many cases, these companies are not domiciled in India. There are many investors who like the “India story” but there is some anxiety on India domiciled companies. The comfort would be to have a stable tax regime, stable regulatory regime, certainty of repatriating the proceeds during an exit are some of those.

There is a perception that it is difficult to do business in India because of the unpredictable regulatory structure and since business models are evolving faster than regulations, investors are cagey of onerous regulations being promulgated and we do have a reputation for being an over-regulated economy whether we like it or not. That is one part of it. Take the other part of the BTB businesses themselves.

Enterprise businesses don’t get as much attention as they should, though they are working on cutting-edge IP, solving a real problem, capital efficient. There are Indian large corporates who need these products. Unlike a BTC, it is not “a winner takes it all approach”. BTC will need high capital infusion, if it is the distribution game that we see India being attractive for.

However, BTB business find it hard to sell and make money in the Indian market. Indian enterprises don’t value IP or software product as much as they should and they drum-down the prices drastically. It is not about how easy or difficult to sell, but it is about ROI and price points at which the products can be sold elsewhere, especially USA.

Sharda: If it is just about customers, then the startup could have subsidiaries set up in those jurisdictions. But investors do mandate companies to set their holding companies outside of India. You did speak about “not-so-easy-do-do-business-in-India”

Shailesh: There is a greater possibility of getting a Series B, with say more than USD10 million and above, in the USA. Let me explain.

In early stage, the investor is looking at product build, its scalability more than customer revenue. This is where Exfinity and other investors in India invest the early cheque. But these companies have to scale. The larger, deeper organizations which “pay” for these products are based in the USA. So do the Series B investors who can cut a larger cheque. These Series B investors would want to invest in companies domiciled in their country since they understand the compliances, entity structures better. They also have the comfort of the other regulatory issues that I mentioned including certainty of getting the proceeds at exit.

The exit options for BTB companies is primarily trade-sale / M &A for the products. These acquirers are also based in the USA. It is so imperative that the young companies be domiciled in USA.

Sharda: Legal is certainly an issue that the founders would face. Flipping the entity or structuring them outside of India is so nuanced. The easiest part is the entity set up in the USA but the regulatory compliances from the India side is complex and nuanced (In fact, we wrote about it). Apart from the legal aspects, what are the other top 2 issues that you would highlight?

Shailesh: Hiring and Sales. They are inter-related. Let me explain. We have top notch talent in India. Indian entrepreneurs many a time are defining technology. BTB sales is about selling the technology. However, a local sales person, who knows the terrain is highly helpful. Infact, I would recommend a local sales person who can do the same “speak”, perhaps local ethnicity could play a role too in closing the sale. You might be interested to know, that sometimes the conversations veer towards India, while the discussion should be towards the product and sales itself. Hiring local sales person helps in that case.

Indian subsidiary would continue to have the product development, customer support etc.

Sharda: If there is one point you would like to tell the Indian regulators what would that be?

Shailesh: “Keep things simple”

The Government is trying its bit with Startup Fund, reducing the cost of filing IP and the like. But issues such as Angel tax, numerous compliances under Companies Act and so many other legislations are bogging the startup down. I would ask, if the legislations can help the regulator as well as the startups by keeping things simple, therefore the companies can be compliant.

Ecommerce in India: The Saga Continues

India, for many centuries, has been known for trading, establishing the Silk-route, Spice-route. With tech advancement, e-commerce (ecom) has created a new world order, “Ecom route”. Ask any FMCG company, behemoth or small, on Amazon’s disruption on their sales. Ecom, in India also finds a prominent positioning in the politician’s election mandate. The rules of the game are changing and how!

It is estimated that India’s ecommerce industry is expected to jump threefold to $84 billion by 2021. Mobile phone adoption, cheaper mobile-data plans, internet penetration are some of the driving factors.

Regulations, specifically Foreign Direct Investment norms, created certain specific ways the business and entities are structured such as ‘market Place model’, ‘inventory based model’, direct online retail.

In this Guidance note for an entrepreneur to start her ecom business, we are discussing FDI barriers, top legislations applicable to ecom, the proposed policy changes. We had earlier written a brief overview about the ecom policy, which was released on 23 Feb 2019. You can read some excerpts here.

FDI barriers and regulations in entering the e-commerce sector

India has multiple restrictions and conditions on foreign investments (under the FDI Policy) into the e-commerce sector placed by the erstwhile Department of Industrial Policy and Promotion (DIPP) and now Department for Promotion of Industry and Internal Trade (DPIIT). These restrictions are applicable to all entities who receive any FDI.

Under the FDI Policy, ‘e-commerce’ encompasses not just products traded on digital and electronic networks but includes digital products and services, as well.

An ‘e-commerce entity’ is treated differently from other kinds of entities such as manufacturers, wholesale traders, single-brand retailers, etc. In a B2C market, an e-commerce entity is only allowed to engage in a marketplace model of e-commerce, where the e-commerce entity will only act as a facilitator between the buyer and seller and will have no control over the inventory of goods and services. If the e-commerce entity starts owning the products that are being sold on the platform, they are deemed to be an ‘Inventory’ based model of e-commerce which has been restricted in India in a B2C market, whereas inventory based model of e-commerce is allowed in a B2B market.

In case an e-commerce entity is operating an ‘online marketplace’ then it is subject to further restrictions under the FDI Policy (the new changes brought in by Press Note 2 of 2018) which are summarized as follows:

  • An entity having equity participation by e-commerce marketplace entity or its group companies, or having control of its inventory by e-commerce marketplace entity or its group companies, will not be permitted to sell its products on the platform run by such marketplace entity.
  • The inventory of a vendor will be deemed to be controlled by the e-commerce marketplace entity if more than 25% of purchases of such vendor are from the marketplace entity or its group companies, thus rendering the marketplace an inventory-based of e-commerce.
  • Market place entity can provide services such as logistics, warehousing, advertisement/marketing, payments, financing etc. could be provided by e-commerce marketplace entity or other entities in which e-commerce marketplace entity has direct or indirect equity participation or common control, to vendors on the platform at arm’s length and in a fair and non-discriminatory manner. Provision of services to any vendor, on such terms which are not made available to other vendors in similar circumstances, will be deemed unfair and discriminatory.
  • An e-commerce marketplace entity cannot mandate any seller to sell any product exclusively on its platform only.
  • Cash-back provided by group companies of marketplace entity to buyers shall be fair and non-discriminatory.
  • The entity must not directly or indirectly influence the sale prices of the goods and services and shall maintain level playing field.
  • The entity will be required to furnish a certificate along with a report of statutory auditor to the Reserve Bank of India, confirming compliances of the guidelines under Para 5.2.15.2 of the FDI Policy, 2017, by September 30th of every year for the preceding financial year.

Another classification one should take care of is, whether the entity is dealing directly with final consumers (Business-to-Customer, B2C) or is simply dealing only with other business entities (Business-to-Business, B2B). The following table summarizes the different kinds of business entities having FDI that may take their businesses online and the major factors to be taken care of are:

Type of Entity Permitted Activities Can Keep Inventory? Permitted FDI/Route
E-commerce entity Marketplace Model (for goods and services:

B2C e-commerce)

No 100% Automatic
Manufacturer B2B and B2C e-commerce

(Selling its products manufactured in India, through wholesale and/or retail through e-commerce)

Yes 100% Automatic
Cash & Carry Wholesale Trader B2B e-commerce

(sells goods to retailers, industrial, commercial, institutional or other professional business users or to other wholesalers and related subordinated service providers)

Yes 100% Automatic
Single Brand Retail Trader B2C e-commerce (at least 30% Indian sourcing of products, and must be operating through at least one brick and mortar store) Yes 100% Automatic
Food Product Retail Trader B2C e-commerce (retail trading of food products manufactured and/or produced in India) Yes 100% Government Approval
Services (Subject to respective conditions and applicable laws) sale of services through e-commerce (Relevant Sectoral Cap) Automatic

Other laws and regulations to be considered while operating an e-commerce business

Irrespective of the fact that whether the entity doing the e-commerce business has FDI or not, these are the legal aspects of the business which are needed to be taken care of by any e-commerce business running entity.

Sl. No. Law / Regulation / Legal Aspect Relevance to e-commerce
1. Indian Contracts Act, 1872 read with Information Technology Act, 2000 Validity of contracts formed through electronic means. Rules as to communication and acceptance of proposals, revocation, and contract formation between customers, sellers, and the marketplace provider. Terms of Service, Privacy Policy and return policies of any online platform are to be laid out such that they are legally binding agreements.
2. Information Technology Act, 2000 (IT Act) and General Data Protection Regulations (GDPR).
  • Compliances under Information Technology (Reasonable security practices  and procedures and sensitive personal data or information) Rules, 2011
  • Intermediary Rules 2011 under the IT Act stipulates the regulations relating to the content displayed on the intermediary website especially pertaining to defamation and obscenity.
  • Under section 79 of the IT Act certain safe-harbours are available to e-commerce entities functioning as ‘Intermediaries’.
  • Regulations applicable to ‘Intermediaries’ relating to the content displayed on the portal, especially pertaining to defamation and obscenity.
  • If the end consumers happen to be an EU resident, GDPR compliance becomes mandatory.
  • Issues related to data protection standards and data security. If the end consumers happen to be EU residents, GDPR compliance may also ensue.
3. Intellectual Property Issues
  • The entity must secure all trademarks and copyrights intended to be used by it, one must also be mindful to not infringe the trademarks and copyrights of other businesses as well.
  • Selling of counterfeit goods and misuse of trademark rights by sellers listed on platform is a significant challenge, and must be dealt with by the platform operator to avoid prosecution.
  • In the age of such wide use of internet e-commerce entities shall be aware of various intellectual property infringements that may happen online such as cybersquatting, identity theft, copyright infringement, caching, derivative works, domain name protection and etc.
  • There are some added steps that the ecom entity has to take, as per the Draft Policy (read below)
4. Payment and Settlements Systems Act, 2007 and other RBI regulations on payment mechanisms Under the law “payment system” means a system that enables payment to be effected between a payer and a beneficiary, involving clearing, payment or settlement service or all of them, but does not include a stock exchange. An e-commerce entity has to make sure if it qualifies as a payment system and shall comply accordingly.

As per the RBI notification DPSS.CO.PD.No.1102 /02.14.08/ 2009-10 dated 24 November 2009, it is mandatory for an intermediary which is receiving payments through electronic modes to have a Nodal Account in operation for settling the payments of the merchants on its online e-commerce platform.

Further depending on the envisaged arrangements for payments for the transactions on the portal, the entity must comply with the relevant rules relating to online payments made by the Reserve Bank of India (RBI).

5. Labelling and Packaging An e-commerce entity as per the products listed on its platform must conform to the labelling and packaging norms set by the regulations made under relevant laws and the rules therein such as:

  1. Legal Metrology Act, 2009;
  2. Food Safety and Standards Act, 2006;
  3. Drugs and Cosmetics Act, 1940, etc.
6. Legal Metrology Act, 2009 read with Legal Metrology (Packaged Commodity) Rules, 2011 The web-platform must display requisite information about the goods displayed on sale, such as, units, dimensions, weight, etc. on product page itself.
7. Sales, Shipping, Refunds and Returns The entity must have in place an adequate policy dealing with sales and shipping of the products, the default provisions relating to the legal incidence of transfer of property in goods, and other aspects of sales such as warranties and conditions, etc. are covered under the Sale of Goods Act, 1930.

The entity must also have in place, in clear words, a returns and refunds policy to be adhered by the sellers and buyers.

8. Consumer Protection/ Dispute Resolution As a provider of goods or services under the Consumer Protection Act, 1986, the entity must have in place adequate policies to address consumer complaints. Moreover, it is advisable for the e-commerce platforms to have mediation and arbitration mechanisms in place as well.
9. Competition Issues Fixation of prices by arrangements between sellers listed on the platform and the entity, exclusive sales agreements, and other practices under the scope of Sections 3 and 4 of the Competition Act, 2002 can be brought under the scrutiny of the Competition Commission of India. The entity must be mindful of these factors while entering into any arrangements which may leverage its existing dominance in the market, or work towards the creation of foreclosure or entry barriers in the relevant market.
10. GST Applicability Irrespective of whether the annual turnover of the entity is lower than the prescribed threshold, e-commerce operators are not eligible for composition levy scheme under the GST laws of India. Moreover, it is mandatory for all e-commerce operators and sellers/distributors/suppliers who sell through e-commerce to get GST registration in all States where they purport to sell their goods/services.
11. Other Local laws and Sector Specific Laws The premises from which the business is run, and the manufacturing, warehousing, and other aspects of the business will be continued to governed by sector specific laws and local laws as applicable. Due adherence to such laws must also be ensured.

Here’s an old post that we had written on licenses and registrations for warehouses.

The future of e-commerce in India

Keeping ‘data’ central to the idea of governing the e-Commerce industry in India the DPIIT on February 23, 2019 published the ‘Draft e-Commerce Policy’ (“Draft Policy”).

The Draft Policy focuses on data protection, the State’s paternalistic attitude towards the use of the citizen’s data and cross border transactions. The Draft Policy intends to regulate some things beyond e-commerce i.e. it proposes to regulate technologies like AI, IoT, Cloud computing and Cloud-as-a-Service etc. On a holistic level it is understood that these technologies empower e-commerce industry currently and are integral to its growth and therefore the Government intends to bring these technologies under the purview of the Draft Policy. The Draft Policy is a mix of visionary thought process, advanced technological solutions, putting in place digital infrastructure to support India’s digital economy.

Following is a summary of some of the significant features of the Draft Policy.

Changes in Customs regulations and export promotion through e-commerce

The Draft Policy proposes a customs electronic data interchange (EDI) platform, aggregating various government department concerned with import and export of goods in India, such as the Indian Post Department, DGFT, RBI, and other departments for facilitation of online customs clearance through the EDI platform. In addition, provision will be made to source Export Data Processing and Monitoring System (EDPMS) data from RBI for confirmation of payments, instead of Bank Realization Certificate.

KYC will be mandatory for all the shipping companies and individual sailors. The KYC will be mandated to identify exporters and importers and track suspicious activities. The Draft Policy also intends to include e-commerce in the National Integrated Logistics Plan with focus on faster delivery with emphasis on lower costs.

To promote exports through e-commerce the Draft Policy has suggested to include e-commerce sector in the proposed National Integrated Logistics Policy, where it will increase the existing regulation exemption of INR 25,000 for consignments through courier mode, it will simplify the requirement of documentation for exports, the EDI will be put in place at the earliest, transaction costs for MSMEs and start-ups shall be reduced who are undertaking any exports, the Government will set up Air Freight Stations (AFS) in all the leading airports across India so as to facilitate cargo processing at the airports and simultaneously the Government will try to negotiate lower costs of exports with international freight carriers through Indian Post department.

The Government intends to continue charging custom tariffs on any digital goods being traded electronically (imposing custom duties on electronic transmissions). Whereas the Government is strict on its stance of not accepting the permanent moratorium on custom tariffs for goods (including digital goods) traded electronically as proposed by the WTO. 

Sale of Counterfeit and prohibited goods

A major emphasis has been given on curbing sales of counterfeit products through e-commerce in India. The Draft Policy emphasises on no trade mark infringement and that customers at large shall not be deceived by using deceptively similar trademarks. In case an e-Commerce entity receives a complaint about a counterfeit/fake product then the entity shall convey such misuse of the trademark within 12 hours from receiving the complaint to the trade mark owner. Whereas in case any prohibited goods/products have been sold on any e-commerce platform the entity operating such e-Commerce platform shall delist such products within 24 hours from receiving such complaint. This is pretty onerous and while the ecom entity is supposedly an intermediary, there are many obligations imposed on it. We had earlier written about intermediary liabilities which you can read here.

Further, all the e-commerce platforms/websites will have to display a list of all the prohibited products in India. In case a prohibited product is found to be sold on the platform or is found to be listed on the e-commerce platform the same has to be removed immediately and the seller listing such prohibited products shall be blacklisted and shall not be allowed to sell other products on the e-commerce platform. In some sense, the ecom entity should do some heavy policing.

Consumer Protection: The Draft Policy suggests a number of measures:

  • All e-Commerce sites/apps available to Indian consumers shall display prices in INR and must have MRPs on all packaged products, physical products and invoices generated.
  • Details of sellers shall be available for all the products sold online. Sellers shall provide undertaking regarding the genuineness of any product sold online.
  • In case of a counterfeit product is sold to a consumer, the primary onus to resolve such an issue will be of the seller, but the intermediaries shall return the money paid to them by the customer and the marketplace shall seize to host such products on their platforms.
  • The intermediaries shall curtail piracy on their platforms.
  • Further to curb piracy a body of industry stakeholders will be created that shall identify ‘rogue websites’. These rogue websites will be added to ‘Infringing Website List’ (IWL). IWL will enable the ISPs to remove or disable these websites. It will also enable payment gateways to curtail the flow of payments to or from such rogue websites. Search engines will be able to efficiently remove such rogue websites identified in the IWL.

Mandatory Registrations in India

As per the Draft Policy, all the e-commerce entities including intermediaries and developers of mobile application which are available for download in India shall mandatorily be registered as importer on record or as a local entity through which the commerce is facilitated in India and also provisions regarding the appointment of a local representative has been introduced.

Provisions regarding the import of gifts

In the view of misuse of ‘gifting’ route, where foreign merchants use to sell cheap products to Indian customers as gifts to circumvent the customs and import duties, as an interim measure, all such parcels shall be banned, with exception of life-saving drugs.

Ease Of Regulation

Given the interdisciplinary nature of e-commerce, it is important for the Government to tackle various regulatory challenges. The Draft Policy suggests formulating a Standing Group of Secretaries on e-Commerce (SGoS), which shall be an important body for tackling various legal issues emerging from various statutes such and Information Technology Act, 2000 and rules thereunder, the Competition Act, 2002 and the Consumer Protection Act, 1986.

Additionally, the Draft Policy states that “All e-Commerce websites and application available for downloading in India must have a registered business entity in India as the importer on record or the entity through which all sales in India are transacted”.

The Government intends to establish technology wings in each Government department.

Data Infrastructure development

The Draft Policy takes forward the digital India initiative and intends put in place secure and digital infrastructure and encourage the development of data –storage facilities/ infrastructure including data centres, server farms, towers, tower stations, equipment, optical wires, signal transceivers, antenna etc.

The Government will add the above mentioned infrastructure facilities in the ‘Harmonized Master List’. This will enable regulation of the listed infrastructure in a more streamlined manner. Whereas the infrastructure will be put in place by various implementing agencies, while financing agencies may identify these as infrastructure that they may intend to support.

This will facilitate achieving last mile connectivity across urban and rural India. The Government by developing such data/digital infrastructure wishes to support India’s fast-growing digital economy and create employment.

Data and cross-border transfer of data

The Draft Policy recognises the rights of an individual over its data by stating that “An Individual owns the right to his data” and therefore the use of an individual’s personal data shall be made only upon seeking his/her express consent. It further states that the data of a group is a collective data and therefore a collective property of that particular group; it extends this rationale to state that “Thus, the data that is generated in India belongs to Indians, as do the derivatives there from”. But the Draft Policy ends up categorising data of Indians as a collective resource and therefore a “national resource”.

The Draft Policy states that “All such data stored abroad shall not be made available to other business entities outside India, for any purpose, even with the customer’s consent”, what follows this point in the Draft Policy, restricts sharing of data with any third party in a foreign country even if the individual has consented to such sharing of the data except where in the following cases:

  • When data which us being shared has not been collected in India.
  • Where sharing of data has happened as per a commercial contract between the business entities.
  • Software and cloud computing services involving technology-related data flows, which have no personal or community implications; and
  • MNCs moving data across borders, which is largely internal to the company and its ecosystem, and does not contain data that has been generated by users in India from various sources, including e-commerce platforms, social media activities, search engines etc.

The intent behind such restriction is that currently India lacks stringent laws regarding cross-border flow of data. If there are no strict restrictions on cross-border flow of data Indian stakeholders will merely be engaged in back end processing of data for the EU / US based ecommerce entities without having the ability to create any high-value digital products.

To leave some thoughts with you

Ecom is an industry and is growing rapidly. The Government is bringing in so many regulatory changes to harness the potential of the e-commerce industry and make India one of the key markets for the e-commerce stakeholders across the world. Government also intends to boost the local and home-grown e-Commerce business entities and wants to provide a level playing field for MSMEs. We are seeing a growing tension between these two ideologies – FDI in ecom and local capital in ecom.

Further the changes that have been brought to the Legal Metrology Act, 2009, Food Safety and Standards Act, 2006, Drugs and Cosmetics Act, 1940 and the regulatory changes proposed in the Draft Policy in regards to consumer protection such curbing sale of counterfeit products, mandatory local registration etc. are clear indication that in the age of e-commerce purchasing goods and services is no more the same and therefore new and modern laws are required to address consumer protection.

It will be interesting to witness the implementation of these proposed regulations and whether at all it will help in accelerating the ecom growth in India.

Territorial Applicability of GDPR

In July, 2018 and then subsequently on 24th October, 2018 the Information Commissioner’s Office, United Kingdom (“ICO”) took its first General Data Protection Regulation (“GDPR”) enforcement action against a data controller located outside the European Union (EU) against Aggregate IQ Data Services Ltd. (“AIQ”) located in Canada.

The above incident is the first example of extraterritorial applicability of GDPR, where a data controller was located in Canada but the data processing activities were targeted towards the data subjects present in EU. AIQ was monitoring the behaviour of each data subject for the purposes of targeting individuals with political advertising messages on social media and therefore the provisions of GDPR were held to be applicable. Non-European Internet-based service providers across the globe have been concerned about the applicability of GDPR.

The European Data Protection Board (“Board”) is an independent European body, which contributes to the consistent application of data protection rules throughout the European Union, and promotes cooperation between the EU’s data protection authorities.

The Board in November, 2018 issued draft guidelines (“Guidelines”) on the territorial scope of the GDPR under Article 3. Whereas the Guidelines were released for the purpose of public consultation, nonetheless the Guidelines do provide explanations on important concepts introduced under Article 3 of the GDPR which defines the territorial scope for direct application of the GDPR.

  1. Application of the ‘Establishment’ criteria under Article 3(1)

The Guidelines specify that Article 3(1) ensures that GDPR is applicable to controllers and processors individually if any one of them or both of them have an establishment in EU, and the processing of the personal data of a data subject is in the context of the activities of such establishment, regardless of the actual place of the data processing. In order to determine the applicability of Article 3 the Board recommends few norms detailed below.

‘Establishment’ in EU

It is provided that the notion of ‘establishment’ is broad and does not necessarily imply a legal personality such as a branch or subsidiary; rather it simply implies effective and real exercise of activities through stable arrangements in EU. This interpretation is in line with the interpretation of the Court of Justice of the European Union (“CJEU”) in several of its rulings.[1]

Further, it is also provided that both these factors, i.e. (i) effective and real exercise of activities and (ii) stability of arrangements should be considered in the light of the nature of economic activities and provision of the services concerned. This means that a single employee’s or agent’s presence in EU, with sufficient degree of stability maybe sufficient to consider it as an ‘establishment’. However, the accessibility of a website in EU of a non-European entity would not be sufficient to conclude that such an entity has an establishment in the European Union.

Processing of data ‘in the context of the activities of’ the establishment

The Guidelines provide that if the controller or the processor is outside EU but there exists a local establishment in EU and if the processing of the data is in the context of the activities of an establishment then the GDPR would be applicable. The Guidelines state that the activities of the local establishment in EU should be ‘inextricably linked’ to the data processing activities of the non-EU controller or non-EU processor, regardless of whether the local establishment in EU plays any role in the actual processing of the data. The Board recommends that non-EU organisations should undertake an assessment of their processing activities in the following manner:

  1. First, by determining whether personal data is being processed
  2. Secondly by identifying potential links between the activity for which the data is being processed and the activities undertaken by the organisation having any presence in EU.

Example: A website based in X country, having a local establishment dealing with marketing campaigns towards EU markets. Since the activity of the local establishment is inextricably linked to the processing of the personal data carried out by the website, Article 3(1) is applicable where the controller or the processor is present in EU.

Application of the GDPR to the establishment of a controller/processor in the Union, regardless of whether the processing takes place in the Union.

As per Article 3(1), the processing of personal data in the context of the activities of an establishment of a controller or a processor in EU triggers the application of GDPR and the related obligations for the data controller or processor concerned.

Application of the establishment criteria to controller and processor

The establishment of a controller and that of a processor must be considered separate as there are distinct obligations for controllers and for processor listed under the GDPR. The existence of a relationship between a controller and a processor does not necessarily trigger application of GDPR to both, if only one of the entities is established in EU. The two scenarios detailed below should explain the position.

  • Where processor is located outside EU and not subject to the GDPR, but the controller is present in EU: It is provided that the controller should comply with Article 28 (3) of the GDPR and ensure that the GDPR obligations are extended to the processor by the means of a contract.
  • Where the processor is present in EU and the Controller is not: Assuming that the controller is not processing data in the context of its establishment in EU, the processor alone is subject to GDPR obligations. Therefore, unless other factors are present Article 3(1) will not apply to the controller but would apply to the processor.

Further, the Guidelines provide that the EU territory cannot be used as a ‘data haven’ and the legal obligations beyond the EU data protection law, including rules with regard to public order will have to be respected by the data processor established in EU, regardless of the location of the data controllers.

  1. Application of the Targeting criterion under Article 3(2)

Article 3(2) sets out the circumstances in which the GDPR applies to a controller or processor not established in EU, depending on their processing activities.

This criterion becomes applicable in absence of an establishment of the entity in EU, if the activities of a controller or processor of the entity are related to processing of personal data of the data subjects who are present in EU. The applicability of GDPR is triggered when the processing activity is related to (i) offering goods or services to the subject or (ii) monitoring the behaviour of the subject for profiling, etc.

In order to assess the applicability the criterion, the Board recommends a two-fold approach under the Guidelines.

Data subjects in EU

It is provided that protection under Article 3(2) extends to every natural person present in EU, irrespective of their nationality or place of residence.

The requirement of the location of natural persons in EU, must be assessed when the processing activity takes place, i.e. when the offer is made or when the monitoring in undertaken as per Article 3(2) of GDPR.

It is also provided that the element of ‘targeting’ the data subjects in EU either by offering goods or services or by monitoring them is crucial and should be present for applicability GDPR under  Article 3(2). Which effectively means that, if a tourist travelling through EU makes use of an online mapping service which is available in her country and not marketed in EU and is collecting certain personal data, this act of data processing will not fall under the ambit of Article 3(2) as the services are not primarily offered to people who are using the mobile application in EU.

  1. ‘Offering goods or services’

It is provided that the trigger activity, of offering goods or services to a data subject applies irrespective of whether a payment is required to be made by the data subject for that particular good or service. Further, there should be an ‘intention’ to offer goods or services to the data subjects who are in EU. The factors that can be considered in ascertaining the intention to offer goods or service can be the language used on the website, the currency available to use while ordering from the websites, apparent mention of the offer, etc.

  1. Monitoring of data subjects behaviour

The second activity identified under Article 3(2) is monitoring of behaviour of the subject for profiling, etc. For Article 3(2) (b) to trigger the application of the GDPR, the behaviour monitored must first relate to a data subject in EU and, as a cumulative criterion, the monitored behaviour must take place within the territory of EU.

The Guidelines state that even though recital 24 relates to monitoring of behaviour through the tracking of a person on the internet, the Board considers that tracking through other types of network or technology involving personal data processing should also be taken into account in determining whether a processing activity amounts to a behavioural monitoring, for example through wearable and other smart devices.

The Board clearly mentions that ‘monitoring’ implies that the controller has a specific purpose in mind for the collection and subsequent reuse of the relevant data about an individual’s behaviour within the EU. The Board opined that any online collection or analysis of personal data of individuals in the EU would not necessarily be considered as “monitoring” and that it would be necessary to consider the controller’s purpose for processing the data and, in particular, any subsequent behavioural analysis or profiling techniques involving that data.

  1. Processing in a place where the law of the Member state applies, by the virtue of public international law – Article 3(3)

This provision is expanded upon in Recital 25 which states that “[w]here Member State law applies by virtue of public international law, this Regulation should also apply to a controller not established in the Union, such as in a Member State’s diplomatic mission or consular post.”

The Guidelines provide the following example to illustrate the applicability of Article 3(3). The Dutch consulate in Kingston, Jamaica, opens an online application process for the recruitment of local staff in order to support its administration. While the Dutch consulate in Kingston, Jamaica, is not established in the Union, the fact that it is a consular post of an EU country where Member State law applies by virtue of public international law renders the GDPR applicable to its processing of personal data, as per Article 3(3).

Designation of Representatives in EU

Article 27 provides that whenever a controller or processor becomes subject to GDPR as per Article 3(2), it has to designate a representative in EU. The Guidelines provide guidance with respect to the designation, establishment and obligations of the representative, as mentioned below.

  • Designation of the Representative

It is provided that there should be a written mandate to the representative of the controller or processor of the GDPR obligations. A representative can be legal or a natural person, who can be appointed as a representative on the basis of a contractual relationship. One person can act as a representative for multiple entities. In case of a company or any organisation – one person is to be assigned as the lead person in charge of an entity. However, the designated representative cannot be deemed to be the external data protection officer (DPO) nor does such designation qualify as an ‘establishment’ under the ambit of Article 3(1)

  • Location of the Representative

It is provided that the criterion of establishment of the representative is the location of the data subjects whose personal data is being processed and the place of processing is not relevant. It is also provided that if significant portion of the data processed is from one member state, then the establishment of representative should be in that state, as a matter of good practice.

  • Obligations of the Representative

The obligations of the controller or the processor are distinct from the obligation of the representative. The representative acts on behalf of the controller or processor. The representative shall maintain a record of the processing activities on behalf of the controller or processor. Maintenance of such record is a joint obligation, as the controller or processor should provide accurate and updated information. The representative should perform its tasks in accordance to the mandate of the controller or processor, including cooperation with the competent supervisory authorities with regards to ensuring compliance with the GDPR.

Author: Manas Ingle, Associate at NovoJuris Legal

Source:

[1] Google Inc. v AEPD, Mario Costeja González (C-131/12), Weltimmo v NAIH (C- 230/14), Verein für Konsumenteninformation v Amazon EU (C-191/15) and Wirtschaftsakademie Schleswig- Holstein (C-210/16)

Draft E-commerce Policy: The dawn of a new beginning

Data is the basic building block of everything we are trying to do in this age of Industry 4.0. Data is a valuable resource for any individual, corporation or the Government. Data can be used for analytical, statistical, business, security purposes among various other things. Keeping ‘data’ central to the idea of governing the e-Commerce industry in India the Department for Promotion of Industry and Internal Trade on February 23, 2019, published the ‘Draft e-Commerce Policy’ (“Draft Policy”).

The overall objective of the Draft Policy is to prepare and enable stakeholders to fully benefit from the opportunities that would arise from progressive digitalization of the domestic digital economy. The Draft Policy focuses on data protection, the State’s paternalistic attitude towards the use of the citizen’s data and cross border transactions. The Draft Policy intends to regulate some things beyond e-commerce i.e. it proposes to regulate technologies like AI, IoT, Cloud computing and Cloud-as-a-Service etc. On a holistic level, it is understood that these technologies empower e-commerce industry currently and are integral to its growth and therefore the Government intends to bring these technologies under the purview of the Draft Policy. The Draft Policy is a mix of visionary thought process, advanced technological solutions, putting in place digital infrastructure to support India’s digital economy etc.

DATA

The Draft Policy resonates the idea and intent of the legislature that is formulated under the Data Protection Bill, 2018 as far as the rights over data of an individual is concerned. The collective idea of the Draft Policy is to streamline the protection of personal data and empowerment of the users/consumers with respect to the data they generate and own. Though the question to be assessed here is whether this is the real intent of the Draft Policy?

The Draft Policy recognises the rights of an individual over its data by stating that “An Individual owns the right to his data” and therefore the use of an individual’s personal data shall be made only upon seeking his/her express consent. It further states that the data of a group is a collective data and therefore a collective property of that particular group; it extends this rationale to state that “Thus, the data that is generated in India belongs to Indians, as do the derivatives there from”. But the Draft Policy ends up categorising data of Indians as a collective resource and therefore a “national resource”.

The abovementioned intent of the Draft Policy is fair and strives to achieve the greater good of the country, but at what stake? If personal data belongs to an individual then this objective appears that the State wants to interfere with the personal rights of a person. The Draft Policy clearly states that “All such data stored abroad shall not be made available to other business entities outside India, for any purpose, even with the customer’s consent”, what follows this point in the Draft Policy, restricts sharing of data with any third party in a foreign country even if the individual has consented to such sharing of the data.

The intent behind such restriction is that currently, India lacks stringent laws regarding cross-border flow of data. If there are no strict restrictions on cross-border flow of data Indian stakeholders will merely be engaged in back end processing of data for the EU / US based e-commerce entities without having the ability to create any high-value digital products. While the Government considers data as a national resource and compares it with coal, telecom spectrums etc. it ignores the fact that the inherent nature of personal data is that it belongs to an individual and not to the State, unlike coal.

The obvious reason as to why the State is taking such a stance is to eliminate issues related to consent asymmetry. But is this paternalistic attitude warranted?

If the Government is worried about foreign countries using our national resource i.e. data to their advantage it should put in place stringent data privacy and protection laws in India taking inferences from other countries.

DATA INFRASTRUCTURE

The Draft Policy takes forward the digital India initiative and intends put in place secure and digital infrastructure and encourage the development of data –storage facilities/ infrastructure including data centres, server farms, towers, tower stations, equipment, optical wires, signal transceivers, antenna etc.

The Government will add the above-mentioned infrastructure facilities in the  ‘Harmonized Master List’. This will enable regulation of the listed infrastructure in a more streamlined manner. Whereas the infrastructure will be put in place by various implementing agencies, while financing agencies may identify these as infrastructure that they may intend to support. This will facilitate achieving last mile connectivity across urban and rural India.

The Government by developing such data/digital infrastructure wishes to support India’s fast-growing digital economy and create employment.

EASE OF REGULATION

Given the interdisciplinary nature of e-commerce, it is important for the Government to tackle various regulatory challenges. The Draft Policy suggests formulating a Standing Group of Secretaries on e-Commerce (SGoS), which shall be an important body for tackling various legal issues emerging from various statutes such and Information Technology Act, 2000 and rules thereunder, the Competition Act, 2002 and the Consumer Protection Act, 1986.

Additionally, the Draft Policy states that “All e-Commerce websites and application available for downloading in India must have a registered business entity in India as the importer on record or the entity through which all sales in India are transacted”.

SIGNIFICANT HIGHLIGHTS OF THE DRAFT POLICY

  • The Government intends to continue charging custom tariffs on any digital goods being traded electronically (imposing custom duties on electronic transmissions). Whereas the Government is strict on its stance of not accepting the permanent moratorium on custom tariffs for goods (including digital goods) traded electronically as proposed by the WTO.
  • The Draft Policy states that there should technological standards put in place for emerging technologies like IoT, AI etc.
  • The Draft Policy introduces a term, namely ‘Infant Industry’ under which small scale entities facing entry barriers to enter the market will be integrated with market keeping data as a central to this integration. This will also help strengthen platforms like ‘e-lala’ and ‘Tribes India’.
  • The Government intends to establish technology wings in each Government department.
  • The Government intends to streamline the process of importing goods in India and harmonise the functions of various administrative bodies involved in the process of import of goods in India.
  • A body of industry stakeholders will be created that shall identify ‘rogue websites’. These rogue websites will be added to ‘Infringing Website List’ (IWL). IWL will enable the ISPs to remove or disable these websites. It will also enable payment gateways to curtail the flow of payments to or from such rogue websites. Search engines will be able to efficiently remove such rogue websites identified in the IWL.
  • There shall be no trade mark infringement and customers at large shall not be deceived by using deceptively similar trademarks. In case an e-Commerce entity receives a complaint about a counterfeit/fake product which is manufactured with intent to deceive the customers. The e-Commerce entity shall convey such misuse of the trademark within 12 hours from receiving the complaint to the trade mark owner. Whereas in case any prohibited goods/products have been sold on any e-commerce platform the entity operating such e-Commerce platform shall delist such products within 24 hours from receiving such complaint.
  • Any non-compliant e-Commerce entity will be not be given access to operate in India.
  • All e-Commerce sites/apps available to Indian consumers shall display prices in INR and must have MRPs on all packaged products, physical products and invoices generated.
  • In the view of misuse of ‘gifting’ route, as an interim measure, all such parcels shall be banned, with exception of life-saving drugs.
  • Details of sellers shall be available for all the products sold online.
  • Sellers shall provide undertaking regarding genuineness of any product sold online.
  • In case of a counterfeit product is sold to a consumer, the primary onus to resolve such an issue will be of the seller but the intermediaries shall return the money paid to them by the customer and the marketplace shall seize to host such products on their platforms.
  • The intermediaries shall curtail piracy on their platforms.
  • An integrated system that connects Customs, RBI and India Post to be developed to better track imports.
  • The Draft Policy also intends to simplify the processes involved in export of goods by doing away with redundant requirements such as the need to procure Bank Realisation Certification

Once the final e-Commerce policy is enacted what will be interesting to see is whether Government opts for ease of governance or ease of doing business.

Overall this Draft Policy is a positive step towards making India one of the most prominent digital economies in the world, especially considering the strict stance the Government has taken during the WTO negotiations by not accepting the permanent moratorium on waiving custom duties on digital goods sold through electronic transmission. The Government intends to boost the local and home grown e-Commerce business entities and to provide a level playing field for MSMEs by retaining the rights to impose tariffs on electronic transmission through e-Commerce. Certain issues regarding data/personal data of an individual still needs a deep intellectual thinking, integrated with a practical approach from the Government before implementing a sector-wide policy, especially keeping in mind that at the end of the day personal data belongs to an individual and the use of such personal data shall be the decision of the respective individuals and not of the State.

Author: Manas Ingle, Associate, NovoJuris Legal

Synopsis of Amendments made to the Companies Act, 2013 in the year 2019 and allied Action Points

The Ministry of Corporate Affairs (the MCA) in the month of January & February 2019 has issued the following amendments notification under the Companies Act 2013 (the Act):

(a) Changes in Companies (Significant Beneficial Owners) Rules 2018 to identify individuals/entities having significant control over the affairs of a company

(b) Companies (Incorporation) Rules, 2014 mandating all the companies incorporated prior to 31 December 2017 to upload all their particulars of various compliances including details of registered office in Form INC 22A Active.

(c) Specified Companies (Furnishing of information about payment to micro and small enterprise suppliers) Order, 2019, mandating all the companies who receives goods or services from MSME and the payment for which is not made within 45 days from the date of acceptance or the date of deemed acceptance of goods or services from MSME to report such transactions in MSME Form I.

(d) Changes in Companies (Acceptance of Deposits) Rules, 2014 mandating all companies to file a return of deposits in Form DPT 3 with the MCA, furnishing information about filing the transactions that have not been considered as a deposit or both under the Companies (Acceptance of Deposits) Rules 2014 (Deposit Rules).

The action points under these notifications are as below:

Sl. No Particulars Summary of Notification Form to be filed Due date
1. The Companies (Significant Beneficial Owners) Amendment Rules 2019[1] Who shall disclose?

Every individual, who acting alone or together, or through one or more persons or trust, possess one or more of the following rights in a company shall be deemed to be a significant beneficial owner (SBO):

·  holds indirectly, or together with any direct holdings, at least 10% of the shares or voting rights;

·   has the right to receive or participate (by virtue of their indirect and/or direct holdings) is not less than 10% of the total distributable dividend or any other distribution; or

· has the right to exercise significant influence or control (through their indirect holdings only) on the company.

However, individuals directly holding shares of the company in their own name or hold or acquires a beneficial interest in the share of the reporting company under subsection section 89 (2) of the Act and necessary reporting is made is not be considered to be a significant beneficial owner.

Further, an individual is considered to hold a right or entitlement indirectly in the reporting company, if he satisfies any of the following criteria, in respect of a member of the reporting company, namely:

·  If the member is a body corporate (Indian or foreign) – the individual holding majority stake in that body corporate or majority stake in the ultimate holding company of such body corporate member

·  If the member is a HUF – the individual who is the Karta of the HUF

· If the member is a partnership entity – the individual is a partner or holding a majority stake in a body corporate which is a partner or majority stake in the ultimate holding company of such body corporate which is a partner

·  If the member is a trust – the individual who is a trustee (discretionary or charitable trust), a beneficiary (Specific trust), Author/settlor (revocable trust)

· If the member is a pooled investment vehicle or an entity controlled by the pooled investment vehicle – the individual who is a general partner or investment manager or Chief Executive Officer where the investment manager of such pooled vehicle is a body corporate or a partnership entity

What needs to be done?

· To send notice of this requirement to all non-individual members who hold not less than 10% of its Shares, or voting rights, or right to receive or participate in the dividend or any other distribution payable in a financial year seeking information in Form BEN-4.

·  The company to identify any such individual who is an SBO and obtain a declaration of significant beneficial ownership in Form No. BEN-1.

 Non-applicability of this requirement:

These rules shall not apply if the shares of a reporting company are held by the following entities:

· Investor Education and Protection Fund

· Holding Reporting Company of the Reporting Company (however, details of such holding company have to be filed in Form No. BEN-2)

·  the Central Government, State Government or any local Authority

·  any entity controlled by the Central Government or by any State Government or Governments or partly by the Central Government and partly by one or more State Governments;

· Investment Vehicles such as mutual funds, alternative investment funds (AIF), Real Estate Investment Trusts (REITs), Infrastructure Investment Trust (InVITs) regulated by the Securities and Exchange Board of India;

· Investment Vehicles regulated by Reserve Bank of India, or Insurance Regulatory and Development Authority of India, or Pension Fund Regulatory and Development Authority.

(a) Form BEN-1

(b) Form BEN-2

(c) Form BEN-4

 

(a) Form BEN-1- on or before 9 May 2019

(b) Form BEN-2- within 30 days from the date of receipt of Form BEN-1

(c) Form BEN-4- To be sent to seek information in Form BEN-1.

 

2. Companies (Incorporation) Amendment Rules, 2019[2] Applicability:

Every Company incorporated on or before the 31 December 2017 shall file the particulars of the Company and its registered office, in e-Form INC-22A_ACTIVE (Active Company Tagging Identities and Verification)

Pre-requisites

The Company before filing Form INC 22A Active shall ensure that it has filed the following pending forms as may be applicable:

(a) Form AOC-4- Filing of Financial statements for the previous financial year;

(b) Form MGT 7- Filing of Annual Return (e-Form MGT-7) for the previous financial year;

(c) Form DIR 12 & MR 1 as may be applicable for the purpose of appointment of whole-time company secretary. This is mandatory for the Companies whose paid-up capital is more than 5 Crore.

Non-Applicability

The following companies are not required to filed Form INC 22A Active:

1.    Companies which have been Struck off or

2.    Under the process of striking off or

3.    Under Liquidation or

4.    Amalgamated or

5.    Dissolved

Consequences of non-filing

The Company will be marked as Active non-compliant and MCA would not allow filing the following forms unless the Form INC-22A Active is filed:

a.   Form SH-7 (Change in Authorised Capital)

b.   Form PAS-3 (Change in Paid-up Capital)

c.   Form DIR-12 (Changes in Director except for cessation)

d.   Form INC-22 (Change in Registered office)

e.   Form INC-28 (Amalgamation, De-merger)

Form INC 22A Active On or before 25 April 2019.
3. The requirement of filing of MSME Form-I[3]  

With a view to support the growth of and to protect the interest of MSME’s, the MCA has issued a notification dated 22 January 2019, mandating all the Specified Companies[4], whose supply of goods or services from registered MSME and the respective payments to these registered MSME suppliers exceed 45 days from the date of acceptance or the date of deemed acceptance of the goods or services, shall file the Initial Return in MSME Form I with Ministry of Corporate Affairs

 Details required to be collected from the MSME suppliers before filing the return with the MCA

Following details are required to be collected from MSME for the purpose of filing the said form:

1. Certificate of Registration issued by the Ministry of Micro Small and Medium Scale Enterprises to the MSME to ensure that the concerned entity is an MSME.

2. Financial years to which the amount relates

3. Name of the MSME

4. PAN of MSME

5. Amount due

6. Date from which amount is due

7. Total outstanding amount due as on date of notification of this order (i.e. 22 January 2019)

8.    Reason for delay

Filing of Half yearly return

Every company who receive goods or services from MSME and whose payments to MSME suppliers exceed forty-five days from the date of acceptance or the date of deemed acceptance of the goods or services as per the provisions of the MSME Act 2006 shall file the half-yearly returns for the period ended April to September and October to March every year.

 

MSME Form I Within 30 days from the date of Notification of the said Form[5]

 

Due date for filing half yearly return

1.    For the period from April to September- On or before 31st October every year

2.    For the period from October to March- on or before 30th April of every year

4. The Companies (Acceptance of Deposits) Amendment Rules, 2019[6] Every Company shall have to file Form DPT 3 providing particulars of transaction that has not been considered as deposit[7] or both. Thus, all companies other than Government Companies will have to file Form DPT-3 also for transactions that are listed under Deposit Rules.

 Further the companies in its annual financial statements, are required to disclose about the money received from Directors (in case of companies other than private companies) and money received from Directors or relatives of Directors (in case of private companies only).

 

Form DPT 3 On or before 22 April 2019

Author: Ashwin Bhat, Junior Partner at NovoJuris Legal.

[1] Source: http://www.mca.gov.in/Ministry/pdf/CompaniesOwnersAmendmentRules_08020219.pdf

[2] Source: http://www.mca.gov.in/Ministry/pdf/CompaniesIncorporationAmendmentRules_21022019.pdf

[3] Source: http://www.mca.gov.in/Ministry/pdf/MSMESpecifiedCompanies_22012019.pdf

[4] ‘Specified companies’ means, all the Companies who receives goods or services from MSME and if the payment is not made within 45 days from the date of acceptance or the date of deemed acceptance of goods or services.

[5] MSME Form I is yet to be notified by the MCA

[6] Source: http://www.mca.gov.in/Ministry/pdf/AcceptanceDepositsAmendmentRule_22012019.pdf

[7] Transactions provided in Rule 2 of the Deposit Rules

DPIIT registered Start-ups to get relief from Angel Tax. Recognition of Start-ups becomes easier

The Department for Promotion of Industry and Internal Trade (DPIIT) vide its press release dated 19 February 2019 has shared that the Minister of Commerce & Industry and Civil Aviation, Suresh Prabhu has cleared a proposal for simplifying the process of exemptions Start-ups under Section 56(2)(viib) of the Income Tax Act, 1961.

Earlier, the DPIIT had also issued notification number GSR 34(E) dated 16 January 2019 to provide relaxations with respect to exemptions from taxation of angel investments. However, the Indian Start-up community widely considered that further relaxations were required and several industry pressure groups had been in constant deliberations with government agencies to push for further reforms.

A round-table was organized on 4 February 2019 under the chairmanship of Secretary DPIIT with Start-ups, angel investors, and other stakeholders with a view to discuss the new measures undertaken by the DPIIT to address the Angel Tax issue and understand the mechanism to deal with it institutionally.

Vide gazette notification number GSR 127(E) (the “Notification”), the Ministry of Commerce and Industry, in supersession of the earlier Notification number GSR 34(E) has amended the Start-up Policy (GSR 364(E), dated 11 April 2018) to provide for the following key relaxations:

Broadening of the definition of ‘Start-up’ and revamp of recognition process

The definition of Start-ups will be expanded. Now an entity will be considered as a Start-ups up to a period of 10 years from the date of incorporation and registration in place of the earlier duration of 7 years.

Such an entity will continue to be recognised as a Start-up, if its turnover for any of the financial years since incorporation and registration has not exceeded INR 100 Crores in place of INR 25 Crores earlier.

The process of recognition of an eligible entity as Startup has also been simplified, the steps for DPIIT recognition now are as follows:

  1. Online application over mobile app or portal set-up by DPIIT;
  2. Application to be accompanied by a copy of Certificate of Incorporation or Registration, and a write-up about the nature of business and how it is working towards innovation and other criteria for recognition;
  3. The DPIIT may after calling for further documents or after making further enquiries may grant or reject the recognition request. In case of rejection, reasons will have to be stated.

Relaxations wrt Section 56(2)(viib)

All Start-ups recognized by DPIIT will be eligible for the exemption under Section 56(2)(viib) of the Income Tax Act, 1961. The aggregate amount of paid up share capital and share premium of the startup after the issue or proposed issue of shares should not exceed INR 25 Crores.

The abovementioned limit of INR 25 Crores as aggregate amount of paid up share capital and share premium, shall not include any considerations, meaning thereby the Start-ups may raise tax-free capital, from the following entities:

  1. Non-Residents
  2. Venture capital company or a venture capital fund;
  3. Listed company having a net worth of INR 100 Crores or turnover of at least INR 250 Crores, provided that its shares are frequently traded as per SEBI (Substantial Acquisition of Shares and Takeovers) Regulations, 2011

However, the Start-up availing the exemption must not be investing in any of the following assets:

  1. Building or land appurtenant thereto, being a residential/ non-residential property, other than that used by the Start-ups for the purposes of renting or held by it as stock-in-trade, in the ordinary course of business
  2. Loans and advances, other than loans or advances extended in the ordinary course of business by the Start-ups where the lending of money is substantial part of its business
  3. Capital contribution made to any other entity
  4. Shares and securities
  5. Any motor vehicle, aircraft, yacht or any other mode of transport, the actual cost of which exceeds INR 10 Lakhs, other than that held by the Start-ups for the purpose of plying, hiring, leasing or as stock-in-trade, in the ordinary course of business
  6. Jewellery other than that held by the Start-ups as stock-in-trade in the ordinary course of business
  7. Any other asset, whether in the nature of capital asset or otherwise, of the nature specified in sub-clauses (iv) to (ix) of clause (d) of Explanation to clause (vii) of sub-section (2) of section 56 of the Act

It is to be noted that the Notification also requires the Start-up to not invest in any of the above-mentioned assets for a period of 7 years from the end of the latest financial year in which the shares are issued at a premium.

Mode for availing exemption:

Any prior approval from any government agency to avail the exemption has also been done away with. The eligible Start-ups may file a duly signed self declaration in Form 2 annexed in the Notification, with the DPIIT for availing the tax exemption. The declaration shall thereafter be transmitted by the DPIIT to Central Board of Direct Taxes (CBDT).

Scope of the Notification:

The Notification shall apply irrespective of the dates on which the shares are issued by the Start-up from the date of its incorporation, except for the shares in respect of which an assessment order has been made under Income Tax Act, 1961.

Author: Mr. Avaneesh Satyang

 

Source:

Press Release: https://dipp.gov.in/sites/default/files/press_release_19022019.pdf

Gazette Notification: http://egazette.nic.in/WriteReadData/2019/198133.pdf