Foreign investors entering the Serbian market are often reassured by initial familiarity of the transaction environment.

The corporate registry (Serbian Business Registers Agency) is fully transparent and digitalized, the legal framework mirrors continental European corporate structures, and transaction documents often reflect concepts and drafting techniques commonly used in European M&A practice.

However, that apparent familiarity should not be mistaken for complete alignment with the EU acquis, nor does it guarantee the absence of deep-seated local complexities.

While the European Commission’s 2025 Serbia Report acknowledges a “good level of preparation” in the field of company law, full harmonisation with the EU acquis remains a work in progress. Although substantial legislative amendments governing cross-border conversions, mergers, and divisions, as well as the legal framework for the European Company (SE) were adopted in March 2025, their implementation has been postponed until 1 January 2027, while additional regulatory alignment measures continue to be introduced. Consequently, M&A risk in Serbia operates on two distinct levels: the formal-legislative (navigating delayed enforcement and evolving statutory alignment) and the practical-commercial (risks that remain completely invisible within a standard virtual data room (VDR)).

Ownership arrangements, related-party dealings, informal decision-making channels, undocumented commercial dependencies, tax exposures, employee practices, legacy liabilities and relationships with key customers or suppliers are not always fully visible from corporate records or from standard due diligence materials.

For that reason, foreign investors should approach Serbian M&A transactions not only as a document-review exercise, but as a broader legal, regulatory and factual investigation into how the target business is actually owned, controlled, financed and operated.

What the VDR Won’t Tell You

Many prominent Serbian companies, particularly privately-owned and founder-driven businesses, developed during periods of rapid regulatory transition. To survive, they relied on tactical improvisation rather than rigid corporate governance. As a result, the way a target business actually operates is often not fully reflected in the documents uploaded to the VDR. Foreign buyers routinely underestimate just how much institutional knowledge, commercial leverage, and operational continuity depend on specific individuals rather than institutionalised systems.

This becomes visible surprisingly late in the process. A buyer may complete a thorough legal due diligence process and still fail to identify the main nuances: Who genuinely controls key customer relationships? Which operational decisions are made via informal handshakes? How dependent is the entire business model on a founder whose actual influence far exceeds their official title in the corporate registry?

In Serbia, due diligence should be approached as an operational investigation rather than just a mere paper-verification exercise.

You can read the article on Lexology here: Beyond the Virtual Data Room: Real M&A Risks for Foreign Investors in Serbia

The post Beyond the Virtual Data Room: Real M&A Risks for Foreign Investors in Serbia appeared first on Rokas Law Firm.

Short-term rentals have evolved into one of the most dynamic forms of real estate exploitation, with increasing economic and tax significance. This development has led to the gradual establishment of a stricter legislative framework, which is not limited solely to the tax treatment of rental activity, but also extends to issues of supervision, operational standards, and enforcement mechanisms. Within this context, the legislator seeks to establish clear limits and rules, shaping a more organized and regulated operating environment for the short-term rental market.

The Revised Framework for Short-Term Rentals

The concept of short-term rental is expressly defined in Article 111 of Law 4446/2016, as amended by Article 28 of Law 5073/2023. In particular, according to the above legislative provision, a short-term rental is defined as the lease or sublease of a property, regardless of whether it is listed on a digital platform within the sharing economy or not, and regardless of whether the agreement is concluded through a digital platform, for a specific period of less than sixty (60) days, provided that no services are offered other than accommodation and the provision of bed linens. Based on the literal interpretation of the above provision two key conditions ultimately determine whether a property lease falls within the “law of short-term rentals.” These conditions concern the agreed duration of the lease and the range of services provided by the lessor. Specifically, for a lease to be considered “short-term,” thereby falling under the provisions of the amended Article 111 of Law 4446/2016 and the relevant tax regulations, the agreed duration must be less than sixty days and, in the event that services are provided by the lessor to the lessee, such services must be limited exclusively to the provision of bed linens. For the sake of clarity, it is not required that both the use of the property for a specific period and the provision of bed linen services coexist cumulatively. It is sufficient for the property to be leased for a period of less than 60 days, provided that no other services are offered apart from the aforementioned. No additional conditions are required for a property lease to ultimately fall under this special regime of short-term rentals.

For a better understanding of the new legislative framework governing short-term rentals, it should be noted that prior to the amendment of Article 111 of Law 4446/2016 by Article 28 of Law 5073/2023, short-term rentals were considered exclusively those concluded through a digital platform (e.g., Airbnb, Booking, Vrbo) with a duration of less than one year. Under the current regime, however, a lease does not need to be concluded through an online platform in order to fall under the above special framework, nor does the property need to have been advertised or made available through such platforms.

As previously analyzed, the criteria examined in order to classify a lease as a short-term rental under Article 111 of Law 4446/2016 are: a) the granting of the use of the property by the lessor to the lessee for a period shorter than 60 days, and b) the absence of additional services provided by the lessor to the lessee, apart from the provision of bed linens.

The conclusion of short-term rental agreements through digital platforms within the sharing economy is still permitted under the new legislative framework, subject to the following conditions. The property manager^[1] must be registered in the “Short-Term Accommodation Property Registry” maintained by the Independent Authority for Public Revenue (IAPR), and the registration number in the Registry must mandatorily accompany the property listing in a visible location on digital platforms and in every promotional medium.

You can read the full article on Lexology here: Short-Term Rentals: Stricter Regulatory Framework – New Obligations – Lexology

The post Short-Term Rentals: Stricter Regulatory Framework – New Obligations appeared first on Rokas Law Firm.

Introduction

Year in review

The post New Publication: In-Depth – Insurance and Reinsurance Law Edition 14 appeared first on Rokas Law Firm.

Over the past several years, Serbia has gradually transformed its tax compliance framework through the implementation of mandatory electronic invoicing and increased digital supervision by the tax authorities. What initially appeared to be a technical modernization initiative has, in practice, evolved into a much broader compliance ecosystem affecting accounting, finance, legal, and operational risk management within companies.

The latest amendments applicable from April 2026 continue this trend by introducing additional obligations concerning internal invoicing through the Serbian Electronic Invoicing System (“SEF”). Although internal invoices have long existed under Serbian VAT regulations, the new rules significantly change their practical role and compliance importance. Transactions and VAT adjustments that previously remained largely within internal accounting records are now becoming part of a centralized electronic reporting structure directly accessible to the Serbian tax authorities.

It is noted that the obligation applies to business entities in B2B transactions (between businesses) and B2G transactions (between businesses and public sector entities), whereas in B2C transactions, (business to consumer) the obligation of universal mandatory electronic invoicing has not yet been introduced. In essence, internal VAT adjustments are no longer intended to remain exclusively within internal accounting records. Instead, they are becoming part of a centralized electronic reporting structure directly visible to the authorities. For many companies, this represents a shift from traditional bookkeeping practice toward a far more transparent and controlled compliance environment.

From Internal Accounting Documentation to Regulatory Reporting Instrument

Historically, internal invoices in Serbia were often treated as supporting accounting documentation prepared primarily for VAT calculation purposes. In practice, many businesses handled such documents manually, often without standardized workflows or dedicated internal control procedures.

By requiring certain internal invoices and VAT adjustment mechanisms to be processed through SEF, the legislator has effectively transformed internal invoicing into a formal regulatory instrument. This is particularly relevant in situations involving reverse-charge VAT obligations, corrections of the taxable base, VAT adjustments following invoice cancellations or amendments, advance payments and subsequent reconciliations, as well as corrective documentation linked to previously reported VAT transactions. The practical consequence is straightforward: transactions that previously remained largely within the internal accounting sphere are now entering a system of centralized electronic supervision maintained by the tax authorities.

Increased Transparency and Expanded Audit Visibility

At first glance, the amendments may appear administrative or technical in nature. However, their broader significance lies in the enhanced transactional visibility they provide to the Serbian tax authorities.

Through SEF, the authorities already possess extensive insight into outgoing and incoming invoices. The inclusion of internal invoices further expands this visibility by enabling regulators to monitor correction histories, VAT adjustments, timing of corrections, relationship between original and corrective invoices, internal tax calculations and reconciliation consistency between accounting and VAT recording significantly greater detail, thereby creating a fundamentally different audit environment.

As a result, accounting inconsistencies are more easily identifiable during audits. For example, where a company issues a corrective invoice but delays the corresponding VAT adjustment through SEF, discrepancies between VAT returns, accounting ledgers, and electronic invoice records may be automatically detected through cross-checking mechanisms.

As Serbian tax supervision becomes increasingly data-driven, compliance exposure is no longer limited to incorrect VAT outcomes alone. The integrity, timing, and consistency of the underlying process have become equally important.

You can read the full article here: Mandatory Internal Invoicing Through SEF – A New Compliance Reality for Serbian Companies in 2026

The post Mandatory Internal Invoicing Through SEF – A New Compliance Reality for Serbian Companies in 2026 appeared first on Rokas Law Firm.

I. Introduction

Law 5123/2024, in full force since 15 July 2025, is the most extensive reform of Greek security-interest law since the introduction of the fictitious pledge (πλασματικό ενέχυρο) by Law 2844/2000. Subject to exemptions, it is deemed to cure the twin pathologies of the previous framework, namely geographical fragmentation and fragmentation by reference to the object of the pledge and the nature of the secured claim.

II. How the Registry works

The Unified Electronic Pledge Registry (Ενιαίο Ηλεκτρονικό Μητρώο Ενεχύρων) introduced by Law 5123/2024 is end-to-end digital, maintained by the Hellenic Cadastre under Law 4512/2018, and accessible through gov.gr at enexyra.ktimatologio.gr around the clock. Article 4 eases the form requirements and a private document of certified date, a qualified electronic document under Law 4727/2020, or a “Digital Document Certification” through gov.gr each suffice. The Registry conducts a formal completeness review under Article 20, with rejections issued under Article 791 of the Code of Civil Procedure (ΚΠολΔ) and providing for a cure period. Search rights extend to attorneys, notaries, bailiffs, public authorities, and any pledge, pledgor, or debtor of the claim.

III. The exceptions

Three carve-outs narrow the Registry’s scope. First, and of utmost importance, bank deposits pledged in favour of the bank itself (Article 5(2)) and the pledge takes effect on constitution, without any registration required. Second, pledges over dematerialised shares listed on a regulated market (Article 11(3)) continue to be constituted under Law 4569/2018 and Regulation (EU) 909/2014 (CSDR), through entry into the Dematerialised Securities System (ΣΑΤ). Third, pledges constituted before entry into force remain governed by the superseded provisions (Article 25). Unlike the move from the former mortgage registries (Υποθηκοφυλακεία) to the Cadastre regime, no mandatory migration is provided or imposed.

IV. Mergers and Acquisitions: a tug-of-war of interests

M&A negotiation is a choreography of planned steps with occasional improvisation. Price, payment terms, reciprocal undertakings, and the allocation of liability for breaches of law or contract all enter the equation. Encumbrances over movables, rights and receivables sit prominently among the target’s obligations; the seller, in turn, is keen to secure payment of the price. When both sides dig in, trust erodes and deals collapse.

You can read the article on Lexology here: Security interests in motion: Greece’s Unified Electronic Pledge Registry and its impact on M&A – Lexology

The post Security interests in motion: Greece’s Unified Electronic Pledge Registry and its impact on M&A appeared first on Rokas Law Firm.

1. Το μέσο επίτευξής του είναι

Α η πρόληψη του τροχαίου και

Β η εγγύηση της άμεσης & πλήρους καταβολής της αποζημίωσης που δικαιούται ο ζημιωθείς στο τροχαίο, η οποία επιτυγχάνεται με την νομοθέτηση αστικής ευθύνης άνευ πταίσματος και υποχρεωτικής ασφάλισης. Το εύρος της εγγυημένης αποζημίωσης που δικαιούται ο ζημιωθείς καθορίζεται εξελικτικά, κυρίως από τις κοινωνικοπολιτικές αντιλήψεις που διαμορφώνουν το διαρκώς μεταβαλλόμενο νομοθετικό πλαίσιο.

Ο σκοπός της άμεσης & πλήρους αποζημίωσης δεν μπορεί να ικανοποιηθεί χωρίς το ΕΚ, λόγω της παθολογίας που παρουσιάζει τόσο το σύστημα της αστικής ευθύνης – όταν το ζημιογόνο όχημα είναι άγνωστο – όσο και το σύστημα της ασφάλισης – όταν το όχημα είναι ανασφάλιστο, αλλά και το σύστημα διακυβέρνησης της ασφαλιστικής επιχείρησης και ασφαλιστικής εποπτείας – όταν η ασφαλιστική εταιρία του ζημιώσαντος ήταν αφερέγγυα. Το ΕΚ καλύπτει τα κενά που αφήνει το σύστημα που βασίζεται στην αστική ευθύνη και στην ασφαλιστική κάλυψη της ευθύνης αυτής.

2. Για πρώτη φορά, με τη νέα Οδηγία ασφάλισης αυτοκινήτων 2021/2118 που συμπληρώνει την πάντα ισχύουσα 2009/103, εισάγεται σε ευρωπαϊκό επίπεδο ίδιος νόμιμος λόγος ευθύνης των Εγγυητικών Κεφαλαίων των Κρατών-μελών – όπως και του ΕΚ – όπου εδρεύει η αφερέγγυα ασφαλιστική επιχείρηση, απ’ ευθείας έναντι των ζημιωθέντων, προς άμεση και πλήρη αποζημίωσή τους. Η ευθύνη του ΕΚ επί αφερεγγυότητας καλύπτει τέσσερις περιπτώσεις : α) ατύχημα που έγινε στην Ελλάδα από οδηγό ασφαλισμένο σε αφερέγγυα ασφαλιστική επιχείρηση με έδρα στην Ελλάδα, β) ατύχημα που έγινε στην Ελλάδα από οδηγό ασφαλισμένο σε αφερέγγυα ασφαλιστική με έδρα σε άλλο Κράτος – μέλος, γ) ατύχημα που έγινε σε άλλο Κράτος – μέλος από ασφαλισμένο σε αφερέγγυα ασφαλιστική με έδρα στην Ελλάδα, δ) ατύχημα που έγινε σε άλλο Κράτος – μέλος από ασφαλισμένο σε αφερέγγυα ασφαλιστική με έδρα σε άλλο Κράτος μέλος (εφόσον, εννοείται, ο ζημιωθείς έχει ως τόπο συνήθους διαμονής του την Ελλάδα). Ικανοποιείται έτσι η επιταγή του ενωσιακού δικαίου προς ταχεία και πλήρη ικανοποίηση του ζημιωθέντα σε τροχαίο ατύχημα, ισότιμα και χωρίς διάκριση ως προς την έδρα της ασφαλιστικής επιχείρησης του ζημιογόνου οχήματος ή του Κράτους – μέλους όπου συνέβη το ατύχημα. Όμως, η πρόβλεψη της Οδηγίας να αποστέλλει το ΕΚ, εντός τριών μηνών από την παραλαβή της αίτησης αποζημίωσης του αιτούντα προς αυτό, αιτιολογημένη προσφορά ή αιτιολογημένη άρνηση, ενσωματώθηκε με το ν. 5113/2024 κατά τρόπο που την καθιστά ανεφάρμοστη. Τούτο διότι, πρώτον, ο νόμος προβλέπει ότι το ΕΚ θα πρέπει να αποστείλει στον εκκαθαριστή της αφερέγγυας ασφαλιστικής, την αίτηση αποζημίωσης που παρέβαλε, ο οποίος εκκαθαριστής θα πρέπει, εντός προθεσμίας 30 ημερών, να αποστείλει στο ΕΚ την τοποθέτησή του ως προς το αν δέχεται την αίτηση και να τη συνοδεύει από αιτιολογημένη προσφορά αποζημίωσης ή απόρριψη της αίτησης αποζημίωσης· ακολούθως, το ΕΚ θα πρέπει να αποστείλει προσφορά αποζημίωσης ή απόρριψη της αίτησης αποζημίωσης προς τον αιτούντα εντός συνολικά 3 μηνών από την παραλαβή της αίτησης αποζημίωσης εκ μέρους του ΕΚ. Δεύτερον, γιατί ο ν. 5113/2024 προβλέπει σε όλα τα σημεία των ως άνω νέων ρυθμίσεων, επιφύλαξη να τηρείται η διαδικασία του άρθρου 242 παρ. 3 ν. 4364/2016, που είναι διαδικασία της εκκαθάρισης. Τούτο σημαίνει αναμονή (έως) 30 ημερών από το διορισμό του εκκαθαριστή έως την πρόσκλησή του προς τους δικαιούχους απαιτήσεων προς αναγγελία αυτών, πλέον τριών εβδομάδων κατά τις οποίες επαναλαμβάνεται η δημοσίευση της σχετικής πρόσκλησης, πλέον 4 μηνών από την τελευταία δημοσίευση για την αναγγελία των απαιτήσεων, πλέον 15 ημερών, μετά την πάροδο των οποίων αρχίζει η διαδικασία της επαλήθευσης που «ολοκληρώνεται το συντομότερο δυνατόν», πλέον 2 μηνών για ανάρτηση της κατάστασης δικαιούχων «απαιτήσεων από ασφάλιση», πλέον τριών εβδομάδων κατά τις οποίες η κατάσταση δημοσιεύεται σε εφημερίδες, πλέον 45 ημερών από την τελευταία δημοσίευση προς υποβολή αντιρρήσεων κατά της κατάστασης. Έτσι, αν ακολουθήσουμε την επιφύλαξη, αναγκαία καταργείται η τρίμηνη προθεσμία απάντησης στην αίτηση αποζημίωσης του ζημιωθέντα τρίτου, ενώ αν ακολουθήσουμε την τρίμηνη προθεσμία, καταργείται η επιφύλαξη. Αντιμετωπίζονται, δηλαδή, οι ζημιωθέντες τρίτοι από τον νόμο της μεταφοράς της Οδηγίας, όπως οι λοιποί πιστωτές της αφερέγγυας ασφαλιστικής επιχείρησης, παρότι δεν ικανοποιούνται, όπως αυτοί, από ό,τι τυχόν απομείνει από το προϊόν της εκκαθάρισης, αλλά αποκλειστικά από την περιουσία του ΕΚ που καταβάλει σε αυτούς, ό,τι θα δικαιούντο αν δεν είχε κηρυχθεί η ασφαλιστική επιχείρηση σε ασφαλιστική εκκαθάριση.

3. Η Οδηγία και ο εθνικός νόμος έχουν αυστηροποιήσει τις κυρώσεις κατά των παραβατών της υποχρέωσης ασφάλισης, ώστε να μην επιβαρύνεται το ΕΚ με αποζημιώσεις τρίτων ζημιωθέντων από ανασφάλιστα οχήματα, άλλως να περιορίζεται η ευθύνη του. Τούτο δικαιολογείται παρόλο που το ΕΚ είναι ν.π. ιδιωτικού δικαίου, γιατί είναι μη εμπορική επιχείρηση, που επιτελεί κοινωνικό σκοπό, όπως γίνεται δεκτό από τον Άρειο Πάγο και σε άλλα εθνικά δίκαια, όπως στη Γαλλία όπου το Γαλλικό Ακυρωτικό έχει κρίνει ότι ο αντίστοιχος του ΕΚ οργανισμός (Fonds de Garantie des Assurances Obligatoires de dommages) εξυπηρετεί το δημόσιο συμφέρον.

4. Στο όχι απώτερο μέλλον αναμένεται η κυκλοφορία «πλήρως αυτόνομων» οχημάτων [ΑΟ], όπου το όχημα θα οδηγείται χωρίς οδηγό ή χωρίς κατ’ ανάγκη σύμπραξη οδηγού. Με το ισχύον νομικό καθεστώς, ο ζημιωθείς μπορεί να στραφεί κατά του κατόχου/κυρίου του ΑΟ και της ασφαλιστικής εταιρίας που παρέχει κάλυψη αστικής ευθύνης αυτών, καθόσον και στην ασφάλιση ΑΟ θα υπάρχει κάτοχος / κύριος. Η δε ασφαλιστική επιχείρηση που κατέβαλε αποζημίωση στον τρίτο ζημιωθέντα θα μπορεί να στραφεί:

Α. Κατά των «φορέων ΑΟ» που μπορεί να είναι διάφορα πρόσωπα, με βάση την νέα Οδηγία για τα ελαττωματικά προϊόντα που εισάγει αυστηρή ευθύνη και συγκεκριμένα κατά [1] του κατασκευαστή ή πάροχου του ΑΟ, αλλά και [2] των παρόχων ψηφιακών τεχνολογιών, [3] δημιουργών συστημάτων ΤΝ συμπεριλαμβανομένων και [4] φορέων συστημάτων πλοήγησης και [5] λογισμικού, στα οποία βασίζεται το AO και επηρεάζουν την ασφάλεια στην οδήγησή του. Αντικατάσταση της κατά της ασφαλιστικής επιχείρησης ευθείας αγωγής με ευθεία αγωγή κατά των υπαιτίων με βάση την Οδηγία για τα ελαττωματικά προϊόντα, δεν πρέπει να γίνει αποδεκτή τόσο χάριν απλοποίησης και μη αλλαγής του σημερινού καθεστώτος, με εισαγωγή περιττής διακεκριμένης ρύθμισης, όσο και γιατί η Οδηγία δεν είναι ισοδυνάμου αποτελέσματος με την ευθεία αγωγή κατά του κατόχου· ή

Β. Κατά του χειριστή του ΑΟ ήτοι του προσώπου που [1] έδωσε λαθεμένες / παράνομες εντολές ή [2] είχε δώσει δεδομένα στο ΑΟ κατά παράβαση των οδηγιών του κατασκευαστή / φορέα ΑΟ ή δεν είχε ακολουθήσει υποδείξεις/προειδοποιήσεις του κατασκευαστή / προμηθευτή του ΑΟ. Ο χειριστής του ΑΟ δεν πρέπει να έχει αντικειμενική ευθύνη, η δε έκταση της ευθύνης του δεν πρέπει να ισούται με την απεριόριστη ευθύνη που έχει ο κάτοχος μη αυτόνομου ή ετερόνομου οχήματος [ΕΟ], αλλά να είναι ανάλογη με την υποκειμενική ευθύνη του στην πρόκληση της ζημιάς.

Συνεπώς, παραμένει το σημερινό καθεστώς της αποζημίωσης του τρίτου ζημιωθέντα όταν το όχημα που προκάλεσε το ατύχημα ήταν ΑΟ, όμως στο κόστος της ασφάλισης θα πρέπει να συμμετάσχει και ο κατασκευαστής του. Τούτο γιατί στα ΕΟ, τα ατυχήματα που οφείλονται σε ελάττωμα του οχήματος, σύμφωνα με στατιστικές που αναρτιούνται στο διαδίκτυο, καταλαμβάνουν μόνο το 1% αποδιδόμενα σε ποσοστό άνω του 70% σε ανθρώπινο λάθος, ενώ στα ΑΟ ισχύει σχεδόν το αντίστροφο, με τον παράγοντα ελαττώματος του οχήματος και του ηλεκτρονικού του συστήματος, που συνεπάγεται ευθύνη του κατασκευαστή, να καταλαμβάνουν άνω του 80% των ατυχημάτων (εννοείται, σε χώρες που επιτρέπεται ήδη η κυκλοφορία των ΑΟ). Σε αυτές τις περιπτώσεις παραμένει και η ευθύνη του ΕΚ, αλλά περιορισμένη, αφού άγνωστα και ανασφάλιστα ΑΟ προφανώς θα υπάρχουν πολύ λιγότερα.

Αποτελεί, επομένως, ο θεσμός του ΕΕ την πιο έντονη έκφανση του κοινωνικού ρόλου που έχει ανατεθεί στην ιδιωτική ασφάλιση τόσο από τη Χώρα μας όσο και από την Ευρωπαϊκή Ένωση. Μέσω των εισφορών της αγοράς ασφάλισης ευθύνης από ατυχήματα αυτοκινήτων καλύπτονται τα κενά που αφήνει το σύστημα της αυστηρής αστικής ευθύνης και της υποχρεωτικής ασφάλισης, ώστε ο ζημιωθείς να αποζημιώνεται πάντοτε άμεσα και πλήρως για ό,τι δικαιούται.

Ωστόσο, η άρτια θέσπιση και εφαρμογή του συστήματος αποζημίωσης των ζημιωθέντων σε τροχαία ατυχήματα βρίσκεται σε αντίθεση με την εφαρμογή ενός αποτελεσματικού συστήματος πρόληψης τροχαίων ατυχημάτων, καθώς τα τροχαία εξακολουθούν να αντιμετωπίζονται σε μεγάλο βαθμό ως “κανονικότητα”, με στόχο τη μείωση και όχι την εξάλειψή τους.

The post Ο πρωτεύων σκοπός: η προστασία των ανθρώπων από τα τροχαία ατυχήματα appeared first on Rokas Law Firm.

This development constitutes a significant intervention in the way the national legal order seeks to regulate the presence of minors in the digital environment, in alignment with EU law and relevant European Union guidelines. It is not merely a protective measure against online risks, but one that is intrinsically linked to the broader framework of personal data protection.

A key challenge arises in relation to the practical implementation of the measure, as the imposition of an age restriction necessarily entails the development of reliable age verification mechanisms. Such mechanisms involve the processing of identity and age-related data, thereby making it essential that data protection principles be embedded from the design stage. In particular, age verification must comply with the principle of data minimization, through technical solutions that limit data collection strictly to what is necessary for confirming the relevant age threshold.

Particular importance is also attached to the choice of the age limit at 15 years. According to Article 8 of the GDPR, a minor’s consent to the processing of personal data in the context of information society services is, in principle, valid from the age of 16, while allowing Member States to set a lower threshold. The Greek legislator, through the national implementing law (Law 4624/2019), set this threshold at 15 y.o., recognizing that from this age onwards minors possess a sufficient level of digital maturity to provide valid consent independently. In this light, the adoption of the same age threshold within the emerging regulatory framework governing access to social media does not appear arbitrary but rather reflects a coherent and consistent legislative approach aligned with the national legal understanding of minors’ digital maturity.

The real challenge, therefore, lies not in the age threshold itself, but in its implementation. The objective is to design age verification mechanisms that effectively protect minors without resulting in excessive collection or processing of personal data, and without undermining in practice the level of privacy protection that data protection law seeks to guarantee.

The post Greece’s Under-15 Social Media Ban: Balancing Child Protection and Privacy Rights appeared first on Rokas Law Firm.

On 23 April 2026, the National Assembly of the Republic of Serbia adopted the Law on Amendments and Supplements to the Law on Trade (the “Adopted Law”) previously submitted by the Government on 13 March 2026.

The Adopted Law introduces several significant changes to commercial practice and the Serbian market, with expected positive effects for both producers and consumers. Overall, the Adopted Law aims to bring Serbian trade regulation into closer alignment with EU standards, particularly in the areas of misleading price reductions, unfair market practices and the further development of digitalization in the area of trade regulation.

A key area of reform concerns the concept of the “previous price” used as a reference for price reductions. In practice, the Serbian market has seen irregularities in price display and discount calculation, resulting in inconsistent application of the existing rules. In particular, traders have occasionally increased prices shortly before announcing a discount, thereby creating the impression of a greater price reduction between the so-called “old” and “new” prices.

In order to further align Serbian law with EU legislation – most notably Directive 98/6/EC of the European Parliament and of the Council of 16 February 1998 on consumer protection in the indication of the prices of products offered to consumers, and Directive (EU) 2019/2161 of the European Parliament and of the Council of 27 November 2019 amending Council Directive 93/13/EEC and Directives 98/6/EC, 2005/29/EC and 2011/83/EU as regards the better enforcement and modernization of Union consumer protection rules – the Adopted Law introduces a clearer and more precise regulatory framework.

First, when advertising a price reduction, the reference price must be the lowest price at which the trader offered the goods during the 30-day period preceding the reduction. This rule does not apply in the same way to perishable goods and goods with a short shelf life. In addition, where a product has been part of the trader’s assortment for less than 30 days, the previous price would be the lowest price applied during a period of at least 15 days prior to the reduction taking effect. This solution is intended to ensure greater transparency and a more uniform approach in the market.

A further important area addressed by the Adopted Law concerns the absence of a unified register of purchasers, as well as the lack of detailed rules governing registration and record-keeping in this area. According to the Adopted Law, the introduction of such a system should facilitate the monitoring of active purchasers, improve inspection planning and provide better visibility into the grey market, where payments are often made exclusively in cash. In that sense, the Adopted Law also appears designed to strengthen compliance with broader regulatory objectives relating to anti-money laundering.

To that end, the Adopted Law provides that the Ministry of Trade would maintain the Register of Purchasers as a unified electronic database, referred to as the “e-purchase place”. A trader operating at a purchasing point would be required to prominently display key information, including its business name, registration number, tax identification number, the type of products being purchased, working hours and the relevant period of the year during which purchasing is carried out. In addition, the trader would be obliged to display a notice clearly informing agricultural producers of the general purchasing terms prior to the sale of goods. The Adopted Law further provides that the Minister of Trade, together with the minister responsible for agriculture, would prescribe in more detail the minimum technical requirements applicable to trade at purchasing points.

You can read the article on Lexology here: Serbia Adopts Amendments to the Law on Trade: Key Changes and Market Impact – Lexology

The full article is also available here: ROKAS_Lexology_Serbia Adopts Amendments to the Law on Trade Key Changes and Market Impact

The post Serbia Adopts Amendments to the Law on Trade: Key Changes and Market Impact appeared first on Rokas Law Firm.

Introduction

The integration of digital technologies into the workplace has substantially altered the boundaries between employees’ professional activities and their private lives. In this context, an employer’s ability to monitor the use of a work computer raises critical issues of lawfulness from the perspective of personal data protection. In particular, questions arise regarding the scope of employees’ reasonable expectation of privacy in the workplace and the conditions under which the employer’s processing of their data may be considered lawful. Within this framework, legitimate concerns emerge that directly affect employees, such as whether the employer may monitor the use of a work computer, gain access to files stored on it, or even review their electronic communications in the course of performing their duties.

The Protection of Employees’ Privacy within the Employment Context

At the outset, it should be emphasized that the collection and processing of employees’ personal data, even where intended to ensure the proper functioning of the undertaking, to fulfil the purposes of the employment contract and the employment relationship itself, and to serve the employer’s freedom to conduct a business, cannot take place without oversight and limitations. Employees retain a legitimate and reasonable expectation of protection of their private life even while present in the workplace. This expectation cannot be diminished or restricted merely because the employee uses equipment, communication devices, or other professional facilities and infrastructure belonging to the employer.

In contemporary working conditions, the boundaries between professional and private life are becoming increasingly blurred. In particular, the possibility of remote work and the use of devices or technologies owned by the employee further erode these boundaries, while simultaneously increasing the flow of employees’ personal data to which employers or even third parties may have access. The European Court of Human Rights (ECtHR), in its interpretation of Article 8(1) of the European Convention on Human Rights (ECHR), has consistently held that the concept of “private life” should not be interpreted narrowly or restrictively^[1]. More specifically, it has recognized that there is no justification for excluding professional activities from the scope of protection afforded to private life. Furthermore, in its relevant case law, the Court has interpreted the notion of “home” under Article 8 ECHR as also encompassing professional premises—that is, the workplace itself—irrespective of the ownership status of the premises or the legality of the activities carried out therein.

Accordingly, employees do not forfeit their right to the protection of their private life and personal data upon “entering” the workplace. On the contrary, they retain a reasonable expectation of a certain degree of privacy within the working environment, particularly given that a significant part of their social and interpersonal relationships develops there. It is important to underline, however, that although employees enjoy a legitimate and reasonable expectation of privacy even within the framework of their professional activities, this right must be balanced, on the one hand, against the employer’s right to protect the undertaking from actions by employees that may jeopardize its reputation and overall proper functioning and, on the other hand, against the purpose and function of the employment contract, which must be duly performed.

Monitoring and Access to the Computer Used by the Employee in the Performance of Their Duties

The use of computers and internet access constitutes a fundamental and integral element of contemporary working life. However, it is frequently observed that employees also make use of internet access during working hours for personal purposes, such as browsing websites unrelated to their professional duties or storing personal files on the hard drive of a work-issued computer. The monitoring and recording of employees’ activity, as well as the employer’s access to personal data stored and maintained on the computer used by the

employee for the performance of their professional duties, constitute processing within the meaning of the GDPR (Regulation (EU) 2016/679)^[2].

Accordingly, for such processing of employees’ data by the employer to be considered lawful, the requirements set out in Articles 5 and 6 GDPR must be satisfied. In particular, monitoring and access to personal files stored on the devices used by employees in the provision of their services—activities which qualify as processing of personal data—must be based on one of the legal bases exhaustively provided for in Article 6 GDPR, and must cumulatively comply with the general principles governing lawful processing under Article 5 GDPR (namely, the principles of lawfulness, fairness and transparency; purpose limitation; data minimization; proportionality and necessity; accuracy; and integrity and confidentiality).

Furthermore, pursuant to Article 13 GDPR, the employer, acting as data controller, is under obligation to provide employees with clear and comprehensive prior information regarding the introduction and use of monitoring and surveillance measures relating to their activities^[3]. According to the Article 29 Working Party^[4], employees must be informed in advance about the monitoring of their work-related activities, the purposes of the processing of their data, and any other information necessary to ensure fair and lawful processing. In addition, employees should not only receive prior notification but should also be provided with an intelligible, clear and precise statement of the relevant monitoring policies and procedures.

It should also be noted that where monitoring of employees’ electronic activity is carried out through the use of artificial intelligence, for example, through AI applications intended to assess employee performance, the lawfulness of such processing must also be examined in light of the provisions of Regulation (EU) 2024/1689 (the AI Act).

You can read the article on Lexology here: Employee Digital Monitoring and Data Privacy: Where Does the Employer’s Authority End? – Lexology

The full article is also available here: ROKAS_Lexology_ Employee Digital Monitoring and Data Privacy

The post Employee Digital Monitoring and Data Privacy: Where Does the Employer’s Authority End? appeared first on Rokas Law Firm.

Overview

The Directive (EU) 2023/2225, which has replaced Directive 2008/48/EC on consumer credit, innovates with highly consumer protection provisions that promote responsible lending in the financial world as aligned with the new digital era. The Directive at hand, which is yet to be transposed into Greek law, with a penalty pending against our country from European Commission for the late implementation, marks a significant transformation in the European Union’s legal framework governing consumer credit agreements. While the previous directive was designed primarily for traditional credit products offered by banks and financial institutions, the new one responds to the rapid digitalization of financial services, the emergence of fintech actors, and the proliferation of innovative credit models such as Buy Now Pay Later (BNPL). As such, it represents a comprehensive modernization of consumer credit regulation, with a strong emphasis on consumer protection, transparency, and responsible lending.

Expanded Scope: Closing the Regulatory Gaps of the former regime

Directive (EU) 2023/2225 has markedly expanded its scope. Under the earlier framework, certain credit agreements—particularly low-value loans and short-term, interest-free arrangements—fell outside full regulation or were only partly covered. Therefore, this created regulatory gaps that were increasingly exploited by new market actors. The new directive, on the other hand, addresses these shortcomings by extending its application to a much broader range of credit products, including low-value loans and BNPL schemes, thereby ensuring that consumers benefit from regulatory protection regardless of the form or size of the credit they obtain. This expansion effectively closes loopholes and ensures a more level playing field across the internal market.

Lending through digital and online credit environments

Closely linked to this broader scope is the directive’s explicit recognition of digital and online credit environments. Unlike its predecessor, Directive (EU) 2023/2225 incorporates detailed provisions on distance and digital contracting, acknowledging that consumer credit is now frequently offered and concluded via online platforms and mobile applications. In this context, the directive also introduces safeguards related to automated decision-making, including the use of algorithms and artificial intelligence in creditworthiness assessments. Creditors are required to ensure transparency in such processes and to avoid discriminatory or opaque practices, thereby aligning consumer credit law with broader EU digital and data protection principles (see GDPR & AI Act).

Pre-Contractual Information and Transparency

Another cornerstone of the new directive is the strengthening of pre-contractual information requirements. While Directive 2008/48/EC already mandated the provision of standardized information, the new framework enhances both the content and the clarity of such disclosures. Creditors must provide detailed, comprehensible, and standardized information on key elements such as the total cost of credit, the annual percentage rate of charge (APR), the duration of the agreement, and repayment conditions, with the newly hereby provided option for early repayment included. The objective is not only formal compliance but also the effective understanding by consumers, enabling them to make informed comparisons between different credit offers.

You can read the article on Lexology here: Directive (EU) 2023/2225 on Consumer Credit: A Comprehensive Overhaul for the Digital Era – Lexology

The post Directive (EU) 2023/2225 on Consumer Credit: A Comprehensive Overhaul for the Digital Era appeared first on Rokas Law Firm.