Category Archives: Articles

Territorial Applicability of GDPR

In July, 2018 and then subsequently on 24th October, 2018 the Information Commissioner’s Office, United Kingdom (“ICO”) took its first General Data Protection Regulation (“GDPR”) enforcement action against a data controller located outside the European Union (EU) against Aggregate IQ Data Services Ltd. (“AIQ”) located in Canada.

The above incident is the first example of extraterritorial applicability of GDPR, where a data controller was located in Canada but the data processing activities were targeted towards the data subjects present in EU. AIQ was monitoring the behaviour of each data subject for the purposes of targeting individuals with political advertising messages on social media and therefore the provisions of GDPR were held to be applicable. Non-European Internet-based service providers across the globe have been concerned about the applicability of GDPR.

The European Data Protection Board (“Board”) is an independent European body, which contributes to the consistent application of data protection rules throughout the European Union, and promotes cooperation between the EU’s data protection authorities.

The Board in November, 2018 issued draft guidelines (“Guidelines”) on the territorial scope of the GDPR under Article 3. Whereas the Guidelines were released for the purpose of public consultation, nonetheless the Guidelines do provide explanations on important concepts introduced under Article 3 of the GDPR which defines the territorial scope for direct application of the GDPR.

  1. Application of the ‘Establishment’ criteria under Article 3(1)

The Guidelines specify that Article 3(1) ensures that GDPR is applicable to controllers and processors individually if any one of them or both of them have an establishment in EU, and the processing of the personal data of a data subject is in the context of the activities of such establishment, regardless of the actual place of the data processing. In order to determine the applicability of Article 3 the Board recommends few norms detailed below.

‘Establishment’ in EU

It is provided that the notion of ‘establishment’ is broad and does not necessarily imply a legal personality such as a branch or subsidiary; rather it simply implies effective and real exercise of activities through stable arrangements in EU. This interpretation is in line with the interpretation of the Court of Justice of the European Union (“CJEU”) in several of its rulings.[1]

Further, it is also provided that both these factors, i.e. (i) effective and real exercise of activities and (ii) stability of arrangements should be considered in the light of the nature of economic activities and provision of the services concerned. This means that a single employee’s or agent’s presence in EU, with sufficient degree of stability maybe sufficient to consider it as an ‘establishment’. However, the accessibility of a website in EU of a non-European entity would not be sufficient to conclude that such an entity has an establishment in the European Union.

Processing of data ‘in the context of the activities of’ the establishment

The Guidelines provide that if the controller or the processor is outside EU but there exists a local establishment in EU and if the processing of the data is in the context of the activities of an establishment then the GDPR would be applicable. The Guidelines state that the activities of the local establishment in EU should be ‘inextricably linked’ to the data processing activities of the non-EU controller or non-EU processor, regardless of whether the local establishment in EU plays any role in the actual processing of the data. The Board recommends that non-EU organisations should undertake an assessment of their processing activities in the following manner:

  1. First, by determining whether personal data is being processed
  2. Secondly by identifying potential links between the activity for which the data is being processed and the activities undertaken by the organisation having any presence in EU.

Example: A website based in X country, having a local establishment dealing with marketing campaigns towards EU markets. Since the activity of the local establishment is inextricably linked to the processing of the personal data carried out by the website, Article 3(1) is applicable where the controller or the processor is present in EU.

Application of the GDPR to the establishment of a controller/processor in the Union, regardless of whether the processing takes place in the Union.

As per Article 3(1), the processing of personal data in the context of the activities of an establishment of a controller or a processor in EU triggers the application of GDPR and the related obligations for the data controller or processor concerned.

Application of the establishment criteria to controller and processor

The establishment of a controller and that of a processor must be considered separate as there are distinct obligations for controllers and for processor listed under the GDPR. The existence of a relationship between a controller and a processor does not necessarily trigger application of GDPR to both, if only one of the entities is established in EU. The two scenarios detailed below should explain the position.

  • Where processor is located outside EU and not subject to the GDPR, but the controller is present in EU: It is provided that the controller should comply with Article 28 (3) of the GDPR and ensure that the GDPR obligations are extended to the processor by the means of a contract.
  • Where the processor is present in EU and the Controller is not: Assuming that the controller is not processing data in the context of its establishment in EU, the processor alone is subject to GDPR obligations. Therefore, unless other factors are present Article 3(1) will not apply to the controller but would apply to the processor.

Further, the Guidelines provide that the EU territory cannot be used as a ‘data haven’ and the legal obligations beyond the EU data protection law, including rules with regard to public order will have to be respected by the data processor established in EU, regardless of the location of the data controllers.

  1. Application of the Targeting criterion under Article 3(2)

Article 3(2) sets out the circumstances in which the GDPR applies to a controller or processor not established in EU, depending on their processing activities.

This criterion becomes applicable in absence of an establishment of the entity in EU, if the activities of a controller or processor of the entity are related to processing of personal data of the data subjects who are present in EU. The applicability of GDPR is triggered when the processing activity is related to (i) offering goods or services to the subject or (ii) monitoring the behaviour of the subject for profiling, etc.

In order to assess the applicability the criterion, the Board recommends a two-fold approach under the Guidelines.

Data subjects in EU

It is provided that protection under Article 3(2) extends to every natural person present in EU, irrespective of their nationality or place of residence.

The requirement of the location of natural persons in EU, must be assessed when the processing activity takes place, i.e. when the offer is made or when the monitoring in undertaken as per Article 3(2) of GDPR.

It is also provided that the element of ‘targeting’ the data subjects in EU either by offering goods or services or by monitoring them is crucial and should be present for applicability GDPR under  Article 3(2). Which effectively means that, if a tourist travelling through EU makes use of an online mapping service which is available in her country and not marketed in EU and is collecting certain personal data, this act of data processing will not fall under the ambit of Article 3(2) as the services are not primarily offered to people who are using the mobile application in EU.

  1. ‘Offering goods or services’

It is provided that the trigger activity, of offering goods or services to a data subject applies irrespective of whether a payment is required to be made by the data subject for that particular good or service. Further, there should be an ‘intention’ to offer goods or services to the data subjects who are in EU. The factors that can be considered in ascertaining the intention to offer goods or service can be the language used on the website, the currency available to use while ordering from the websites, apparent mention of the offer, etc.

  1. Monitoring of data subjects behaviour

The second activity identified under Article 3(2) is monitoring of behaviour of the subject for profiling, etc. For Article 3(2) (b) to trigger the application of the GDPR, the behaviour monitored must first relate to a data subject in EU and, as a cumulative criterion, the monitored behaviour must take place within the territory of EU.

The Guidelines state that even though recital 24 relates to monitoring of behaviour through the tracking of a person on the internet, the Board considers that tracking through other types of network or technology involving personal data processing should also be taken into account in determining whether a processing activity amounts to a behavioural monitoring, for example through wearable and other smart devices.

The Board clearly mentions that ‘monitoring’ implies that the controller has a specific purpose in mind for the collection and subsequent reuse of the relevant data about an individual’s behaviour within the EU. The Board opined that any online collection or analysis of personal data of individuals in the EU would not necessarily be considered as “monitoring” and that it would be necessary to consider the controller’s purpose for processing the data and, in particular, any subsequent behavioural analysis or profiling techniques involving that data.

  1. Processing in a place where the law of the Member state applies, by the virtue of public international law – Article 3(3)

This provision is expanded upon in Recital 25 which states that “[w]here Member State law applies by virtue of public international law, this Regulation should also apply to a controller not established in the Union, such as in a Member State’s diplomatic mission or consular post.”

The Guidelines provide the following example to illustrate the applicability of Article 3(3). The Dutch consulate in Kingston, Jamaica, opens an online application process for the recruitment of local staff in order to support its administration. While the Dutch consulate in Kingston, Jamaica, is not established in the Union, the fact that it is a consular post of an EU country where Member State law applies by virtue of public international law renders the GDPR applicable to its processing of personal data, as per Article 3(3).

Designation of Representatives in EU

Article 27 provides that whenever a controller or processor becomes subject to GDPR as per Article 3(2), it has to designate a representative in EU. The Guidelines provide guidance with respect to the designation, establishment and obligations of the representative, as mentioned below.

  • Designation of the Representative

It is provided that there should be a written mandate to the representative of the controller or processor of the GDPR obligations. A representative can be legal or a natural person, who can be appointed as a representative on the basis of a contractual relationship. One person can act as a representative for multiple entities. In case of a company or any organisation – one person is to be assigned as the lead person in charge of an entity. However, the designated representative cannot be deemed to be the external data protection officer (DPO) nor does such designation qualify as an ‘establishment’ under the ambit of Article 3(1)

  • Location of the Representative

It is provided that the criterion of establishment of the representative is the location of the data subjects whose personal data is being processed and the place of processing is not relevant. It is also provided that if significant portion of the data processed is from one member state, then the establishment of representative should be in that state, as a matter of good practice.

  • Obligations of the Representative

The obligations of the controller or the processor are distinct from the obligation of the representative. The representative acts on behalf of the controller or processor. The representative shall maintain a record of the processing activities on behalf of the controller or processor. Maintenance of such record is a joint obligation, as the controller or processor should provide accurate and updated information. The representative should perform its tasks in accordance to the mandate of the controller or processor, including cooperation with the competent supervisory authorities with regards to ensuring compliance with the GDPR.

Author: Manas Ingle, Associate at NovoJuris Legal

Source:

[1] Google Inc. v AEPD, Mario Costeja González (C-131/12), Weltimmo v NAIH (C- 230/14), Verein für Konsumenteninformation v Amazon EU (C-191/15) and Wirtschaftsakademie Schleswig- Holstein (C-210/16)

Advertisements

Draft E-commerce Policy: The dawn of a new beginning

Data is the basic building block of everything we are trying to do in this age of Industry 4.0. Data is a valuable resource for any individual, corporation or the Government. Data can be used for analytical, statistical, business, security purposes among various other things. Keeping ‘data’ central to the idea of governing the e-Commerce industry in India the Department for Promotion of Industry and Internal Trade on February 23, 2019, published the ‘Draft e-Commerce Policy’ (“Draft Policy”).

The overall objective of the Draft Policy is to prepare and enable stakeholders to fully benefit from the opportunities that would arise from progressive digitalization of the domestic digital economy. The Draft Policy focuses on data protection, the State’s paternalistic attitude towards the use of the citizen’s data and cross border transactions. The Draft Policy intends to regulate some things beyond e-commerce i.e. it proposes to regulate technologies like AI, IoT, Cloud computing and Cloud-as-a-Service etc. On a holistic level, it is understood that these technologies empower e-commerce industry currently and are integral to its growth and therefore the Government intends to bring these technologies under the purview of the Draft Policy. The Draft Policy is a mix of visionary thought process, advanced technological solutions, putting in place digital infrastructure to support India’s digital economy etc.

DATA

The Draft Policy resonates the idea and intent of the legislature that is formulated under the Data Protection Bill, 2018 as far as the rights over data of an individual is concerned. The collective idea of the Draft Policy is to streamline the protection of personal data and empowerment of the users/consumers with respect to the data they generate and own. Though the question to be assessed here is whether this is the real intent of the Draft Policy?

The Draft Policy recognises the rights of an individual over its data by stating that “An Individual owns the right to his data” and therefore the use of an individual’s personal data shall be made only upon seeking his/her express consent. It further states that the data of a group is a collective data and therefore a collective property of that particular group; it extends this rationale to state that “Thus, the data that is generated in India belongs to Indians, as do the derivatives there from”. But the Draft Policy ends up categorising data of Indians as a collective resource and therefore a “national resource”.

The abovementioned intent of the Draft Policy is fair and strives to achieve the greater good of the country, but at what stake? If personal data belongs to an individual then this objective appears that the State wants to interfere with the personal rights of a person. The Draft Policy clearly states that “All such data stored abroad shall not be made available to other business entities outside India, for any purpose, even with the customer’s consent”, what follows this point in the Draft Policy, restricts sharing of data with any third party in a foreign country even if the individual has consented to such sharing of the data.

The intent behind such restriction is that currently, India lacks stringent laws regarding cross-border flow of data. If there are no strict restrictions on cross-border flow of data Indian stakeholders will merely be engaged in back end processing of data for the EU / US based e-commerce entities without having the ability to create any high-value digital products. While the Government considers data as a national resource and compares it with coal, telecom spectrums etc. it ignores the fact that the inherent nature of personal data is that it belongs to an individual and not to the State, unlike coal.

The obvious reason as to why the State is taking such a stance is to eliminate issues related to consent asymmetry. But is this paternalistic attitude warranted?

If the Government is worried about foreign countries using our national resource i.e. data to their advantage it should put in place stringent data privacy and protection laws in India taking inferences from other countries.

DATA INFRASTRUCTURE

The Draft Policy takes forward the digital India initiative and intends put in place secure and digital infrastructure and encourage the development of data –storage facilities/ infrastructure including data centres, server farms, towers, tower stations, equipment, optical wires, signal transceivers, antenna etc.

The Government will add the above-mentioned infrastructure facilities in the  ‘Harmonized Master List’. This will enable regulation of the listed infrastructure in a more streamlined manner. Whereas the infrastructure will be put in place by various implementing agencies, while financing agencies may identify these as infrastructure that they may intend to support. This will facilitate achieving last mile connectivity across urban and rural India.

The Government by developing such data/digital infrastructure wishes to support India’s fast-growing digital economy and create employment.

EASE OF REGULATION

Given the interdisciplinary nature of e-commerce, it is important for the Government to tackle various regulatory challenges. The Draft Policy suggests formulating a Standing Group of Secretaries on e-Commerce (SGoS), which shall be an important body for tackling various legal issues emerging from various statutes such and Information Technology Act, 2000 and rules thereunder, the Competition Act, 2002 and the Consumer Protection Act, 1986.

Additionally, the Draft Policy states that “All e-Commerce websites and application available for downloading in India must have a registered business entity in India as the importer on record or the entity through which all sales in India are transacted”.

SIGNIFICANT HIGHLIGHTS OF THE DRAFT POLICY

  • The Government intends to continue charging custom tariffs on any digital goods being traded electronically (imposing custom duties on electronic transmissions). Whereas the Government is strict on its stance of not accepting the permanent moratorium on custom tariffs for goods (including digital goods) traded electronically as proposed by the WTO.
  • The Draft Policy states that there should technological standards put in place for emerging technologies like IoT, AI etc.
  • The Draft Policy introduces a term, namely ‘Infant Industry’ under which small scale entities facing entry barriers to enter the market will be integrated with market keeping data as a central to this integration. This will also help strengthen platforms like ‘e-lala’ and ‘Tribes India’.
  • The Government intends to establish technology wings in each Government department.
  • The Government intends to streamline the process of importing goods in India and harmonise the functions of various administrative bodies involved in the process of import of goods in India.
  • A body of industry stakeholders will be created that shall identify ‘rogue websites’. These rogue websites will be added to ‘Infringing Website List’ (IWL). IWL will enable the ISPs to remove or disable these websites. It will also enable payment gateways to curtail the flow of payments to or from such rogue websites. Search engines will be able to efficiently remove such rogue websites identified in the IWL.
  • There shall be no trade mark infringement and customers at large shall not be deceived by using deceptively similar trademarks. In case an e-Commerce entity receives a complaint about a counterfeit/fake product which is manufactured with intent to deceive the customers. The e-Commerce entity shall convey such misuse of the trademark within 12 hours from receiving the complaint to the trade mark owner. Whereas in case any prohibited goods/products have been sold on any e-commerce platform the entity operating such e-Commerce platform shall delist such products within 24 hours from receiving such complaint.
  • Any non-compliant e-Commerce entity will be not be given access to operate in India.
  • All e-Commerce sites/apps available to Indian consumers shall display prices in INR and must have MRPs on all packaged products, physical products and invoices generated.
  • In the view of misuse of ‘gifting’ route, as an interim measure, all such parcels shall be banned, with exception of life-saving drugs.
  • Details of sellers shall be available for all the products sold online.
  • Sellers shall provide undertaking regarding genuineness of any product sold online.
  • In case of a counterfeit product is sold to a consumer, the primary onus to resolve such an issue will be of the seller but the intermediaries shall return the money paid to them by the customer and the marketplace shall seize to host such products on their platforms.
  • The intermediaries shall curtail piracy on their platforms.
  • An integrated system that connects Customs, RBI and India Post to be developed to better track imports.
  • The Draft Policy also intends to simplify the processes involved in export of goods by doing away with redundant requirements such as the need to procure Bank Realisation Certification

Once the final e-Commerce policy is enacted what will be interesting to see is whether Government opts for ease of governance or ease of doing business.

Overall this Draft Policy is a positive step towards making India one of the most prominent digital economies in the world, especially considering the strict stance the Government has taken during the WTO negotiations by not accepting the permanent moratorium on waiving custom duties on digital goods sold through electronic transmission. The Government intends to boost the local and home grown e-Commerce business entities and to provide a level playing field for MSMEs by retaining the rights to impose tariffs on electronic transmission through e-Commerce. Certain issues regarding data/personal data of an individual still needs a deep intellectual thinking, integrated with a practical approach from the Government before implementing a sector-wide policy, especially keeping in mind that at the end of the day personal data belongs to an individual and the use of such personal data shall be the decision of the respective individuals and not of the State.

Author: Manas Ingle, Associate, NovoJuris Legal

Synopsis of Amendments made to the Companies Act, 2013 in the year 2019 and allied Action Points

The Ministry of Corporate Affairs (the MCA) in the month of January & February 2019 has issued the following amendments notification under the Companies Act 2013 (the Act):

(a) Changes in Companies (Significant Beneficial Owners) Rules 2018 to identify individuals/entities having significant control over the affairs of a company

(b) Companies (Incorporation) Rules, 2014 mandating all the companies incorporated prior to 31 December 2017 to upload all their particulars of various compliances including details of registered office in Form INC 22A Active.

(c) Specified Companies (Furnishing of information about payment to micro and small enterprise suppliers) Order, 2019, mandating all the companies who receives goods or services from MSME and the payment for which is not made within 45 days from the date of acceptance or the date of deemed acceptance of goods or services from MSME to report such transactions in MSME Form I.

(d) Changes in Companies (Acceptance of Deposits) Rules, 2014 mandating all companies to file a return of deposits in Form DPT 3 with the MCA, furnishing information about filing the transactions that have not been considered as a deposit or both under the Companies (Acceptance of Deposits) Rules 2014 (Deposit Rules).

The action points under these notifications are as below:

Sl. No Particulars Summary of Notification Form to be filed Due date
1. The Companies (Significant Beneficial Owners) Amendment Rules 2019[1] Who shall disclose?

Every individual, who acting alone or together, or through one or more persons or trust, possess one or more of the following rights in a company shall be deemed to be a significant beneficial owner (SBO):

·  holds indirectly, or together with any direct holdings, at least 10% of the shares or voting rights;

·   has the right to receive or participate (by virtue of their indirect and/or direct holdings) is not less than 10% of the total distributable dividend or any other distribution; or

· has the right to exercise significant influence or control (through their indirect holdings only) on the company.

However, individuals directly holding shares of the company in their own name or hold or acquires a beneficial interest in the share of the reporting company under subsection section 89 (2) of the Act and necessary reporting is made is not be considered to be a significant beneficial owner.

Further, an individual is considered to hold a right or entitlement indirectly in the reporting company, if he satisfies any of the following criteria, in respect of a member of the reporting company, namely:

·  If the member is a body corporate (Indian or foreign) – the individual holding majority stake in that body corporate or majority stake in the ultimate holding company of such body corporate member

·  If the member is a HUF – the individual who is the Karta of the HUF

· If the member is a partnership entity – the individual is a partner or holding a majority stake in a body corporate which is a partner or majority stake in the ultimate holding company of such body corporate which is a partner

·  If the member is a trust – the individual who is a trustee (discretionary or charitable trust), a beneficiary (Specific trust), Author/settlor (revocable trust)

· If the member is a pooled investment vehicle or an entity controlled by the pooled investment vehicle – the individual who is a general partner or investment manager or Chief Executive Officer where the investment manager of such pooled vehicle is a body corporate or a partnership entity

What needs to be done?

· To send notice of this requirement to all non-individual members who hold not less than 10% of its Shares, or voting rights, or right to receive or participate in the dividend or any other distribution payable in a financial year seeking information in Form BEN-4.

·  The company to identify any such individual who is an SBO and obtain a declaration of significant beneficial ownership in Form No. BEN-1.

 Non-applicability of this requirement:

These rules shall not apply if the shares of a reporting company are held by the following entities:

· Investor Education and Protection Fund

· Holding Reporting Company of the Reporting Company (however, details of such holding company have to be filed in Form No. BEN-2)

·  the Central Government, State Government or any local Authority

·  any entity controlled by the Central Government or by any State Government or Governments or partly by the Central Government and partly by one or more State Governments;

· Investment Vehicles such as mutual funds, alternative investment funds (AIF), Real Estate Investment Trusts (REITs), Infrastructure Investment Trust (InVITs) regulated by the Securities and Exchange Board of India;

· Investment Vehicles regulated by Reserve Bank of India, or Insurance Regulatory and Development Authority of India, or Pension Fund Regulatory and Development Authority.

(a) Form BEN-1

(b) Form BEN-2

(c) Form BEN-4

 

(a) Form BEN-1- on or before 9 May 2019

(b) Form BEN-2- within 30 days from the date of receipt of Form BEN-1

(c) Form BEN-4- To be sent to seek information in Form BEN-1.

 

2. Companies (Incorporation) Amendment Rules, 2019[2] Applicability:

Every Company incorporated on or before the 31 December 2017 shall file the particulars of the Company and its registered office, in e-Form INC-22A_ACTIVE (Active Company Tagging Identities and Verification)

Pre-requisites

The Company before filing Form INC 22A Active shall ensure that it has filed the following pending forms as may be applicable:

(a) Form AOC-4- Filing of Financial statements for the previous financial year;

(b) Form MGT 7- Filing of Annual Return (e-Form MGT-7) for the previous financial year;

(c) Form DIR 12 & MR 1 as may be applicable for the purpose of appointment of whole-time company secretary. This is mandatory for the Companies whose paid-up capital is more than 5 Crore.

Non-Applicability

The following companies are not required to filed Form INC 22A Active:

1.    Companies which have been Struck off or

2.    Under the process of striking off or

3.    Under Liquidation or

4.    Amalgamated or

5.    Dissolved

Consequences of non-filing

The Company will be marked as Active non-compliant and MCA would not allow filing the following forms unless the Form INC-22A Active is filed:

a.   Form SH-7 (Change in Authorised Capital)

b.   Form PAS-3 (Change in Paid-up Capital)

c.   Form DIR-12 (Changes in Director except for cessation)

d.   Form INC-22 (Change in Registered office)

e.   Form INC-28 (Amalgamation, De-merger)

Form INC 22A Active On or before 25 April 2019.
3. The requirement of filing of MSME Form-I[3]  

With a view to support the growth of and to protect the interest of MSME’s, the MCA has issued a notification dated 22 January 2019, mandating all the Specified Companies[4], whose supply of goods or services from registered MSME and the respective payments to these registered MSME suppliers exceed 45 days from the date of acceptance or the date of deemed acceptance of the goods or services, shall file the Initial Return in MSME Form I with Ministry of Corporate Affairs

 Details required to be collected from the MSME suppliers before filing the return with the MCA

Following details are required to be collected from MSME for the purpose of filing the said form:

1. Certificate of Registration issued by the Ministry of Micro Small and Medium Scale Enterprises to the MSME to ensure that the concerned entity is an MSME.

2. Financial years to which the amount relates

3. Name of the MSME

4. PAN of MSME

5. Amount due

6. Date from which amount is due

7. Total outstanding amount due as on date of notification of this order (i.e. 22 January 2019)

8.    Reason for delay

Filing of Half yearly return

Every company who receive goods or services from MSME and whose payments to MSME suppliers exceed forty-five days from the date of acceptance or the date of deemed acceptance of the goods or services as per the provisions of the MSME Act 2006 shall file the half-yearly returns for the period ended April to September and October to March every year.

 

MSME Form I Within 30 days from the date of Notification of the said Form[5]

 

Due date for filing half yearly return

1.    For the period from April to September- On or before 31st October every year

2.    For the period from October to March- on or before 30th April of every year

4. The Companies (Acceptance of Deposits) Amendment Rules, 2019[6] Every Company shall have to file Form DPT 3 providing particulars of transaction that has not been considered as deposit[7] or both. Thus, all companies other than Government Companies will have to file Form DPT-3 also for transactions that are listed under Deposit Rules.

 Further the companies in its annual financial statements, are required to disclose about the money received from Directors (in case of companies other than private companies) and money received from Directors or relatives of Directors (in case of private companies only).

 

Form DPT 3 On or before 22 April 2019

Author: Ashwin Bhat, Junior Partner at NovoJuris Legal.

[1] Source: http://www.mca.gov.in/Ministry/pdf/CompaniesOwnersAmendmentRules_08020219.pdf

[2] Source: http://www.mca.gov.in/Ministry/pdf/CompaniesIncorporationAmendmentRules_21022019.pdf

[3] Source: http://www.mca.gov.in/Ministry/pdf/MSMESpecifiedCompanies_22012019.pdf

[4] ‘Specified companies’ means, all the Companies who receives goods or services from MSME and if the payment is not made within 45 days from the date of acceptance or the date of deemed acceptance of goods or services.

[5] MSME Form I is yet to be notified by the MCA

[6] Source: http://www.mca.gov.in/Ministry/pdf/AcceptanceDepositsAmendmentRule_22012019.pdf

[7] Transactions provided in Rule 2 of the Deposit Rules

DPIIT registered Start-ups to get relief from Angel Tax. Recognition of Start-ups becomes easier

The Department for Promotion of Industry and Internal Trade (DPIIT) vide its press release dated 19 February 2019 has shared that the Minister of Commerce & Industry and Civil Aviation, Suresh Prabhu has cleared a proposal for simplifying the process of exemptions Start-ups under Section 56(2)(viib) of the Income Tax Act, 1961.

Earlier, the DPIIT had also issued notification number GSR 34(E) dated 16 January 2019 to provide relaxations with respect to exemptions from taxation of angel investments. However, the Indian Start-up community widely considered that further relaxations were required and several industry pressure groups had been in constant deliberations with government agencies to push for further reforms.

A round-table was organized on 4 February 2019 under the chairmanship of Secretary DPIIT with Start-ups, angel investors, and other stakeholders with a view to discuss the new measures undertaken by the DPIIT to address the Angel Tax issue and understand the mechanism to deal with it institutionally.

Vide gazette notification number GSR 127(E) (the “Notification”), the Ministry of Commerce and Industry, in supersession of the earlier Notification number GSR 34(E) has amended the Start-up Policy (GSR 364(E), dated 11 April 2018) to provide for the following key relaxations:

Broadening of the definition of ‘Start-up’ and revamp of recognition process

The definition of Start-ups will be expanded. Now an entity will be considered as a Start-ups up to a period of 10 years from the date of incorporation and registration in place of the earlier duration of 7 years.

Such an entity will continue to be recognised as a Start-up, if its turnover for any of the financial years since incorporation and registration has not exceeded INR 100 Crores in place of INR 25 Crores earlier.

The process of recognition of an eligible entity as Startup has also been simplified, the steps for DPIIT recognition now are as follows:

  1. Online application over mobile app or portal set-up by DPIIT;
  2. Application to be accompanied by a copy of Certificate of Incorporation or Registration, and a write-up about the nature of business and how it is working towards innovation and other criteria for recognition;
  3. The DPIIT may after calling for further documents or after making further enquiries may grant or reject the recognition request. In case of rejection, reasons will have to be stated.

Relaxations wrt Section 56(2)(viib)

All Start-ups recognized by DPIIT will be eligible for the exemption under Section 56(2)(viib) of the Income Tax Act, 1961. The aggregate amount of paid up share capital and share premium of the startup after the issue or proposed issue of shares should not exceed INR 25 Crores.

The abovementioned limit of INR 25 Crores as aggregate amount of paid up share capital and share premium, shall not include any considerations, meaning thereby the Start-ups may raise tax-free capital, from the following entities:

  1. Non-Residents
  2. Venture capital company or a venture capital fund;
  3. Listed company having a net worth of INR 100 Crores or turnover of at least INR 250 Crores, provided that its shares are frequently traded as per SEBI (Substantial Acquisition of Shares and Takeovers) Regulations, 2011

However, the Start-up availing the exemption must not be investing in any of the following assets:

  1. Building or land appurtenant thereto, being a residential/ non-residential property, other than that used by the Start-ups for the purposes of renting or held by it as stock-in-trade, in the ordinary course of business
  2. Loans and advances, other than loans or advances extended in the ordinary course of business by the Start-ups where the lending of money is substantial part of its business
  3. Capital contribution made to any other entity
  4. Shares and securities
  5. Any motor vehicle, aircraft, yacht or any other mode of transport, the actual cost of which exceeds INR 10 Lakhs, other than that held by the Start-ups for the purpose of plying, hiring, leasing or as stock-in-trade, in the ordinary course of business
  6. Jewellery other than that held by the Start-ups as stock-in-trade in the ordinary course of business
  7. Any other asset, whether in the nature of capital asset or otherwise, of the nature specified in sub-clauses (iv) to (ix) of clause (d) of Explanation to clause (vii) of sub-section (2) of section 56 of the Act

It is to be noted that the Notification also requires the Start-up to not invest in any of the above-mentioned assets for a period of 7 years from the end of the latest financial year in which the shares are issued at a premium.

Mode for availing exemption:

Any prior approval from any government agency to avail the exemption has also been done away with. The eligible Start-ups may file a duly signed self declaration in Form 2 annexed in the Notification, with the DPIIT for availing the tax exemption. The declaration shall thereafter be transmitted by the DPIIT to Central Board of Direct Taxes (CBDT).

Scope of the Notification:

The Notification shall apply irrespective of the dates on which the shares are issued by the Start-up from the date of its incorporation, except for the shares in respect of which an assessment order has been made under Income Tax Act, 1961.

Author: Mr. Avaneesh Satyang

 

Source:

Press Release: https://dipp.gov.in/sites/default/files/press_release_19022019.pdf

Gazette Notification: http://egazette.nic.in/WriteReadData/2019/198133.pdf

Proposal cleared for DPIIT registered Start-up to get exemption from Angel Tax, definition of Start-ups widened

The Department for Promotion of Industry and Internal Trade (DPIIT) vide its press release dated 19 February 2019 (Gazette notification is awaited) has shared that the Minister of Commerce & Industry and Civil Aviation, Suresh Prabhu has cleared a proposal for simplifying the process of exemptions Start-ups under Section 56(2)(viib) of the Income Tax Act, 1961.

Earlier the DPIIT had also issued Notification number GSR 364 (E) dated 16 January 2019 to provide relaxations with respect to exemptions from taxation of angel investments. However, the Indian Start-up community widely considered that further relaxations were required and several industry pressure groups had been in constant deliberations with government agencies to push for further reforms.

A round-table was organized on 4 February 2019 under the chairmanship of Secretary DPIIT with Start-ups, angel investors, and other stakeholders with a view to discuss the new measures undertaken by the DPIIT to address the Angel Tax issue and understand the mechanism to deal with it institutionally.

The DPIIT has also stated the changes shall be soon notified vide appropriate gazette Notification, which is expected soon.

As per the Press Release the key changes to be brought in by the Notification are as follows:

Broadening of the definition of ‘Start-up’

The definition of Start-ups will be expanded. Now an entity will be considered as a Start-ups upto a period of ten years from the date of incorporation and registration in place of the earlier duration of 7 years.

Such an entity will continue to be recognised as a Start-up, if its turnover for any of the financial years since incorporation and registration has not exceeded INR 100 Crores in place of INR 25 Crores earlier.

Relaxations wrt Section 56(2)(viib)

All Start-ups recognized by DPIIT will be eligible for the exemption under Section 56(2)(viib) of the Income Tax Act, 1961. The consideration so received for the proposed issue or issuance of shares shall be exempt up to an aggregate limit of INR 25 Crores.

The abovementioned limit of INR 25 Crores shall not include any considerations, meaning thereby the Start-ups may raise tax-free capital, from the following entities:

  1. Non-Residents
  2. Alternative Investment Funds- Category-I registered with SEBI
  3. Listed company having a net worth of INR 100 Crores or turnover of at least INR 250 Crores, provided that its shares are frequently traded as per SEBI (Substantial Acquisition of Shares and Takeovers) Regulations, 2011.

However, the Start-up availing the exemption must not be investing in any of the following assets:

  1. Building or land appurtenant thereto, being a residential/ non-residential property, other than that used by the Start-ups for the purposes of renting or held by it as stock-in-trade, in the ordinary course of business
  2. Loans and advances, other than loans or advances extended in the ordinary course of business by the Start-ups where the lending of money is substantial part of its business
  3. Capital contribution made to any other entity
  4. Shares and securities
  5. Any motor vehicle, aircraft, yacht or any other mode of transport, the actual cost of which exceeds INR 10 Lakhs, other than that held by the Start-ups for the purpose of plying, hiring, leasing or as stock-in-trade, in the ordinary course of business
  6. Jewellery other than that held by the Start-ups as stock-in-trade in the ordinary course of business
  7. Any other asset, whether in the nature of capital asset or otherwise, of the nature specified in sub-clauses (iv) to (ix) of clause (d) of Explanation to clause (vii) of sub-section (2) of section 56 of the Act

Mode for availing exemption:

Any prior approval from any government agency to avail the exemption has also been done away with. The eligible Start-ups may file a duly signed self declaration with the DPIIT for availing the tax exemption. The declaration shall thereafter be transmitted by the DPIIT to CBDT.

Source: https://dipp.gov.in/sites/default/files/press_release_19022019.pdf

Issuance of Convertible Notes in India

The definition of a ‘convertible note’ first came in through a notification dated 29 June 2016 that amended the Companies (Acceptance of Deposits) Rules, 2014 (the “Rules”). A convertible note is defined under the Rules as an instrument evidencing receipt of money initially as a debt, which is repayable at the option of the holder, or which is convertible into such number of equity shares of the start-up company upon occurrence of specified events and as per the other terms and conditions agreed to and indicated in the instrument (Convertible Note”). The notification dated 29 June 2016 effectively excluded any amount of 25 lakh rupees or more received by a start-up company, by way of a convertible note (convertible into equity shares or repayable within a period not exceeding five years from the date of issue) in a single tranche, from a person[1], from the ambit of ‘deposit’. However, the Rules define start-up as a private company incorporated under the provisions of the Companies Act, 1956 or the Companies Act, 2013 (the “Act”) and recognised as a start-up under the notification on start-ups issued by the Department for Promotion of Industry and Internal Trade (“DPIIT”).

Read as such, post this 2016 amendment, a DPIIT recognised start-up company is allowed to accept money from investors by issuing Convertible Notes and without having to comply with the stringent provisions of the Rules.

Prior to this amendment, if a start-up (whether recognised by DPIIT or not) wanted to raise funds by way of any compulsorily or optionally convertible capital instruments, the start-up had to go through valuation of its shares (at least for the floor value). Valuation at early stages is always difficult, irrespective of the method of valuation adopted.

Only equity shares; fully, compulsorily & mandatorily convertible preference shares; and fully, compulsorily & mandatorily convertible debentures are treated as ‘capital’ under the existing Foreign Direct Investment Policy. Therefore, subject to certain specific exemptions under the FDI Policy, investments from foreign investors by way of any other instrument or optional conversion or repayment like a loan, fall under the ambit of External Commercial Borrowings regulated under the Foreign Exchange Management (Borrowing and Lending in Foreign Exchange Regulations), 2000 (“ECB Regulations”).

With the objective of simplifying the process of foreign investments into Indian recognised start-ups and in consonance with the 2016 notification discussed above, the Reserve Bank of India (“RBI”) issued a notification on 10 January 2017 amending the Foreign Exchange Management (Transfer or Issue of Security by a Person Resident outside India) Regulations, 2016 (“RBI Regulation”). By virtue of this, recognised start-ups are now allowed to issue Convertible Notes to foreign investors without having to arrive at valuations.

Conditions to be fulfilled for issuance of Convertible Notes to non-resident or foreign investors:

  • A person who is resident outside India (other than an individual who is a citizen of Pakistan or Bangladesh or an entity which is registered/ incorporated in Pakistan or Bangladesh), can purchase Convertible Notes issued by a recognised start-up company.
  • The minimum amount to be invested for subscription to Convertible Notes is INR 25 lakhs in a single tranche.
  • If the start-up is engaged in a sector which requires government approval for foreign investment, Convertible Notes shall be issued only with prior approval of the government. Also, the issue of shares against such Convertible Notes has to be in accordance with Schedule 1 of the RBI Regulation.
  • The start-up issuing the Convertible Notes shall receive the consideration amount by inward remittance or by debit to the NRE/FCNR (B)/ escrow account maintained by the investor in accordance with the Foreign Exchange Management (Deposit) Regulations, 2016. In the event an escrow account is maintained for the above purposes, it shall be closed immediately after the requirements are completed or within a period of 6 months, whichever is earlier. However, in no case, continuance of such escrow account shall be permitted beyond a period of 6 months.
  • NRIs may acquire Convertible Notes on non-repatriation basis in accordance with Schedule 4 of the RBI Regulation.
  • A person resident outside India can acquire or transfer, by way of sale, Convertible Notes, from or to, a person resident in or outside India, provided the transfer takes place in accordance with the pricing guidelines as prescribed by RBI. Prior approval from the Government shall be obtained for such transfers in case the start-up company is engaged in a sector which requires Government approval.
  • Compliance with the reporting requirements prescribed by the RBI is also required.

Critical Analysis:

Recognition of Convertible Notes as a capital investment instrument is definitely a positive move to make the process of investments into Indian companies’ swifter, easier and less expensive.

However, it is pertinent to note that the advantage is available only for recognised start-ups, which means that non-recognised start-ups are still not allowed to issue Convertible Notes as a capital instrument under the RBI Regulation or as a non-deposit under the Rules.

Further, a Convertible Note has to be repaid or converted into equity shares of a start-up company within 5 years from the date of issuance of the Convertible Note upon occurrence of specified events and as per the other terms and conditions agreed to and indicated in the instrument. In case of conversion, the instrument would be converted into equity shares as per Section 62(3) of the Act.

Also, there is a minimum requirement to invest atleast Rs. 25 lakhs. It might be better if there is no threshold as such.

Another important aspect to be considered is with respect to the terms of conversion of the Convertible Notes. If the Convertible Notes are being converted into equity shares at the time of a subsequent investment, the conversion will be based on a valuation arrived at the time of such conversion. Whether such conversion will be at a discount to the shares being issued to the new investors and other terms will have to be carefully evaluated, so that the same is in compliance with the applicable laws, including the pricing guidelines, in case the Convertible Notes are held by non-resident investors.

Authors: Paul Albert and Ashwin Bhat

[1] Rule 2 (1) (xvii) of the Companies (Acceptance of Deposits) Rules, 2014.

IAMAI’s Self-Regulatory Code for Curated Content Providers: Hits and Misses

Netflix, Hotstar, Jio, and six other online video on demand service providers have adopted a voluntary self-regulation code for their content in India. The Internet and Mobile Association of India, a not-for-profit industry body coordinated among the aforementioned video on demand service providers for the development of the Code for Self-Regulation of Online Curated Content Providers (“the Code”). The Code enumerates the kinds of video content which would not be published on any of the platforms. The Code also prescribes a maturity rating for content to be published through the platforms.

The Ministry of Information and Broadcasting had set up a committee to develop a new regulatory framework in early 2018. A few Public Interest Litigations had also been filed in relation to inflammatory and ‘adult’ content published over video on demand platforms such as Netflix and Alt Balaji. The adoption of the Code by the bigwigs of the VOD industry is being seen as an attempt to avoid any further regulation. It is noteworthy that other forms of media (especially news media) have had some form of self-regulation for years now. While newspapers (and journalists) are governed by self-regulatory codes devised by statutory bodies such as the Press Council of India, non-statutory bodies such as the Indian Broadcasting Foundation and News Broadcasters Association have adopted self-regulatory codes vis-à-vis  non-news/non-current affairs and news broadcasts on television respectively.

The Code adopts three ‘R’s namely (self) Regulation, Rating and Redressal.

Self-Regulation of VOD Platforms

The primary objectives of the Code include the empowerment of the consumers to choose age-appropriate content, creation of an ecosystem which respects the freedom of speech and fosters creativity and the development of a complaints redressal mechanism.

The Code specifically prohibits the VOD platforms from ‘deliberately and maliciously’ publishing any content which:

i) Disrespects the National Anthem or the National Flag;

ii) Contains any representation of the sexual parts of a child for primarily sexual purposes or represents a child engaged in real or simulated sexual activities;

iii) intends to outrage religious sentiments of any class, section or community;

iv) encourages terrorism and other forms of violence against the State; and

v) has been banned for exhibition or distribution by applicable laws or courts with competent jurisdiction.

These restrictions seem simple yet effective. The restrictions avoid the use of nebulous terms such as ‘morality’ and ‘depravity’ which have been used in the Program Code under the Cable Television Networks (Regulation) Act, 1995 and Self-Regulatory Content Guidelines for Non-News & Current Affairs Television Channels adopted by the Indian Broadcasting Foundation, thereby implying that VOD platforms can remain in compliance with the Code even if they publish any content which is not necessarily suitable for unrestricted access. Hence, Netflix and Hotstar can continue with the streaming of shows like Sacred Games and Game of Thrones, which seem to be major crowd-pullers.

Rating of content by VOD platforms

The Code mandates that the VOD platforms categorise their content into three broad categories (which can have further sub-categories) namely i) General / Universal Viewing; ii) Content which requires Parental Guidance and iii) Content meant for age-appropriate audiences. The VOD platforms which accept the Code are required to display a content descriptor or guidance message indicative of the nature of the content and age-appropriateness. The signatories to the Code are expected to implement tools which allow for parental control/access control.

While the maturity rating system prescribed by the Code is similar to the system followed by the CBFC, yet the system seems deficient in certain aspects. For instance, the rating system could have been more granular akin to the system under the content code adopted by Info-communications Media Development Authority of Singapore, which allows for 6 categories of content basis age appropriateness, namely i)G – General, ii) PG – Parental Guidance, iii) PG13 – Parental Guidance for Children below 13, iv) NC16 – No Children below 16 years of age,  v) M18 – Mature 18, for persons 18 years and above and vi) R21 – Restricted to persons 21 years and above. Following the Singaporean content code, the Code could have mandated the use of age-verification mechanisms for viewing any content appropriate for older audiences only (although, the same would affect user experience on the platform).

The Code could also have prescribed for content descriptors such as those contained in the Pan European Game Information or YouTube’s rating system. YouTube’s content descriptors include “F” for flashing lights (which might trigger epileptic seizures), “D” for drug use and “L” for strong language. The Code’s rating system also seems deficient as far as mandating the use of the rating system is concerned. The Code does not specify how exactly are the ‘ratings’ supposed to be displayed. The Code could have specified the size as well as the duration for which the ratings need to be displayed. The Code is also silent about the advertisement of any content (on the platforms) which is suitable for older audiences only.

Redressal Mechanism by VOD platforms

The Code states that the signatories to the Code need to have a department in place to receive and address any consumer related concerns and complaints in relation to content. Such departments would also be responsible for ensuring the platforms’ adherence to the Code. The contact details of the said department are to be available on the platform as well as the signatory’s website so that consumers are aware of the redressal route to be followed if a user believes that a platform has violated the Code. The Code also states that the Ministry of Information & Broadcasting and the Ministry of Electronics & Information may forward any complaint to the relevant departments of the Online Curated Content Platforms and the departments are expected to address the same.

Upon receipt of a complaint by an aggrieved user, (along-with essential details such as user’s login-id, title of the content, date of viewing and the nature of the alleged violation), the concerned department should acknowledge the complaint within 3 working days. If the department is of the opinion that the Code has not been violated, the same should be communicated to the complainant within 10 days. In case of a violation of the Code, the Department after discussions with internal stakeholders must communicate to the aggrieved user within 30 days of receipt of the complaint, specifying the precautionary action(s) taken to address the complaint.

While the prescription of the redressal mechanism is commendable yet the mechanism seems to lack ‘teeth’. An ideal self-regulatory mechanism should consist of self-regulation at two levels- entity level and the industry level. For instance, under the Press Council of India’s Norms of Journalistic Conduct, a complainant may approach the Editor of the concerned newspaper and also the Secretary of the Press council of India.  The mechanism by the Code prescribed does not allow for a route an aggrieved user may follow if his/her complaint is not acknowledged or if he/she is unsatisfied with the response provided by the concerned department, as prescribed in self-regulatory codes pertaining to other media.

Author: Mr. Asis Panda