COMPARATIVE GUIDE
19 February 2025

Digital Business Comparative Guide

BA
BDK Advokati

Contributor

BDK Advokati logo
Explore Firm Details
Digital Business Comparative Guide for the jurisdiction of Serbia, check out our comparative guides section to compare across multiple countries
Serbia Technology
Bogdan Ivanišević,Jelena Hrle,Anja Gligorević
+1 Authors

1 Legal framework

1.1 Which key legislative and regulatory provisions govern digital business in your jurisdiction?

The most relevant laws governing digital content and services, digital transformation and the conduct of business online are:

Serbia has not yet taken steps to enact laws analogous to the EU Digital Markets Act or the Data Act.

1.2 Do any special regimes apply (eg, in specific sectors or to certain types of products)?

The Digital Assets Act applies to digital assets such as cryptocurrencies and other instruments, referred to as ‘digital tokens'. Serbia has not yet taken steps to enact a law analogous to the EU Digital Services Act which would regulate the provision of intermediary services in the online environment.

1.3 Which bodies are responsible for implementing and enforcing the digital business regime in your jurisdiction? What is their general approach in doing so and what are their key areas of focus?

The relevant regulatory bodies are:

2 Market snapshot

2.1 How embedded is digital business in your jurisdiction?

Serbia lags behind most European countries in regulating digital content and services. National laws similar to EU legislation on data protection, cybersecurity and the use of AI have been adopted or are being prepared. Other sectors – including online publishing and copyright in the digital market – are still under-regulated. With the exception of the legislation on the processing of personal data, the laws adopted thus far on digital content and services remain largely untested.

Serbia is among those European countries that have adopted a law regulating:

  • the issuance and admission to trading of cryptocurrencies and other digital assets; and
  • the authorisation and supervision of digital asset service providers.

However, digital markets in Serbia are still in their infancy and the current law is aligned with EU Regulation 2023/1114 on Markets in Crypto-Assets. While rules governing open banking services were introduced through recent amendments to the Payment Services Act, their implementation is not scheduled to begin until May 2025.

2.2 Are the main players domestic, foreign and/or international?

Both domestic and foreign companies and trading platforms are present in the Serbian market. Domestic fintech service providers are still rare, although some notable new players are now providing fintech services.

2.3 Describe the key features of the following digital business sectors in your jurisdiction: (a) E-commerce; (b) Fintech and (c) Digital health.

(a) E-commerce

The most relevant law governing the conduct of business online is the E-commerce Act. Other laws also apply to the conduct of business online, such as:

  • the Trade Act;
  • the Electronic Communications Act;
  • the Consumer Protection Act; and
  • the Data Protection Act.

The E-commerce Act regulates:

  • the provision of information society services;
  • disclosure requirements;
  • the content of commercial communications;
  • contracting online;
  • liability; and
  • supervision.

The law imposes certain disclosure requirements on information society service providers, including in relation to details of:

  • the products or services offered;
  • prices;
  • payment methods; and
  • delivery terms.

Contracts concluded using electronic means are valid unless:

  • a special law prohibits e-signing;
  • the law requires:
    • the contract to be in the form of a solemnised document or a notarial record; or
    • the signatures of the contracting parties to be authenticated; or
  • in the case of a surety contract, the party granting surety is acting outside of its trade, business or profession.

Where the law requires a contract to be in written form, the contract must be signed using a qualified e-signature to be legally binding.

In contracts concluded using electronic means, offer and acceptance are exchanged through electronic communication. Such a contract is formed when the offeror receives the acceptance of the offer through electronic communication.

No law requires a hosting provider to proactively monitor to identify unlawful content. Under the E-commerce Act, service providers are not liable for information stored at the request of a recipient of the service, on condition that:

  • the provider did not have and could not have had knowledge of the illegal activity of the recipient of the service or the content of the information; or
  • the provider, upon obtaining such knowledge, acts expeditiously to remove or disable access to the information.

(b) Fintech

The most relevant laws for providers of fintech services in Serbia are:

A number of other laws are also important for fintech services, including:

  • the Foreign Exchange Act;
  • the Banking Act;
  • the Factoring Act;
  • the Capital Markets Act; and
  • the Financial Consumer Protection Act.

The most recent amendments to the Payment Services Act introduced open banking services to the Serbian market in a manner that is meant to mirror the Second EU Payment Services Directive. The amendments regulate two new types of services:

  • account information services allowing banks to exchange the payment account data of payment service users; and
  • payment initiation services allowing for the initiation of a payment order with respect to a payment account held with another payment service provider.

The amendments also introduce a regulatory sandbox mechanism for testing new types of services without the need to comply with the relevant regulatory requirements and incur the associated costs.

Cryptocurrencies and other instruments referred to as ‘digital tokens' are regulated by the Digital Assets Act. The act governs:

  • the issuance and admission to trading of digital assets in Serbia;
  • the authorisation and supervision of digital asset service providers;
  • anti-money laundering rules; and
  • other matters related to digital assets.

The law imposes various other requirements on digital asset service providers, such as:

  • organisational requirements;
  • rules on the safekeeping of client funds; and
  • an obligation to act honestly, fairly and professionally.

(a) Digital health

The Serbian government has adopted a detailed Programme of Digitalisation of the Health System of the Republic of Serbia for 2022–2026. In line with this programme, Serbia has taken steps to digitalise healthcare, particularly through the introduction of new digital solutions. However, these solutions have not yet been fully implemented.

The recently adopted Health Documentation and Health Records Act (2023) introduced:

  • RIZIS, an integrated health information system that will enable the connection of various health information systems, including those of:
    • healthcare institutions;
    • private practices;
    • institutes of public health; and
    • the Republic Health Insurance Fund; and
  • eDossier, the core component of RIZIS, which contains comprehensive data that is important for patients' long-term health status, derived from their records and health insurance records.

According to the Rulebook on the Form and Content of Medical Prescriptions, the Manner of Issuing and Prescription of Pharmaceuticals (2018, as amended), e-prescriptions for medicines are issued using an integrated health information system, with paper prescriptions available exceptionally.

The government has announced plans to introduce additional systems, including:

  • eReferral, to manage medical referrals electronically; and
  • eSickLeave, for the electronic submission of reports on an employee's temporary incapacity to work for his or her employer.

Telemedicine is not regulated in Serbia. Although medical software is not specifically regulated, a medical app may fall within the scope of the Medical Devices Act, depending on its intended use. For example, an app used to diagnose a disease or to control or support conception may qualify as a medical device.

3 Technologies

3.1 How are the following digital business technologies regulated in your jurisdiction and what key issues should be borne in mind in relation to each? (a) Online payments (including cryptocurrencies and digital wallets); (b) Artificial intelligence; (c) Connected devices/Internet of Things and (d) Other (eg, cloud services, quantum technology, chip technology).

(a) Online payments (including cryptocurrencies and digital wallets)

The Payment Services Act is the principal statute regulating payment services in Serbia, including online payments. Payment services may be provided by:

  • the National Bank of Serbia and Serbian-licensed commercial banks;
  • payment institutions;
  • e-money institutions;
  • the public postal service institution; and
  • the Serbian Treasury.

The law also regulates the issuance of e-money by e-money institutions and broadly follows the Second EU E-money Directive (2009/110/EC). Authorised issuers of e-money include:

  • the National Bank of Serbia;
  • Serbian licensed commercial banks;
  • licensed e-money institutions;
  • the public postal service institution; and
  • the Serbian Treasury.

Foreign e-money issuers that process cross-border payments for Serbian residents must notify the National Bank of Serbia before providing such services.

The Digital Assets Act:

  • contains rules on the transfer of digital assets; and
  • provides that a transaction in which cryptocurrencies are given for a service or commodities is treated as an exchange and not as a means of payment.

Furthermore, the direct exchange of digital assets for services or commodities in retail is not allowed in Serbia. Retail purchases with digital assets must be made through a digital asset service provider whose licence covers digital asset acceptance/transfer services.

Services relating to trading and custody of digital assets can be provided in Serbia by licensed digital asset service providers. However, there are no obstacles that prevent natural and legal persons from holding digital assets abroad using foreign digital service providers.

(b) AI

AI is not yet regulated in Serbia. The government has announced that a draft law on AI should be completed by the end of the first quarter of 2025. The government has hinted that this law will be largely aligned with the recently adopted EU AI Act, while being more friendly to businesses and the development of innovation.

In 2023, the government adopted Ethical Guidelines for the Development, Application and Use of Reliable and Responsible AI. The guidelines define four principles of ethical AI:

  • explainability and verifiability;
  • dignity;
  • a prohibition against causing damage; and
  • fairness.

The guidelines also establish requirements for robust and accountable AI, such as:

  • privacy;
  • transparency;
  • diversity;
  • non-discrimination; and
  • equality.

Additionally, the guidelines provide a non-exhaustive list of high-risk AI systems, including those used in:

  • education;
  • employment;
  • healthcare; and
  • law enforcement.

The Data Protection Act 2018 regulates automated decision-making, including profiling. In line with the General Data Protection Regulation, the act stipulates that individuals have the right not to be subject to decisions based solely on automated processing – including profiling – that produce legal or similarly significant effects, unless certain conditions are met, such as the individual's explicit consent.

(c) Connected devices/Internet of Things

Connected devices and the Internet of Things are not specifically regulated in Serbia. If a connected device collects or generates personal data (eg, a fitness tracker recording heart rate), the Data Protection Act applies. The exchange and use of non-personal data generated by connected devices are not specifically regulated in Serbia.

(d) Other (eg, cloud services, quantum technology, chip technology)

Cloud services and quantum technology are not specifically regulated in Serbia.

Chip designs may qualify for a specific type of IP protection under the Topography of Semiconductor Products Act 2013. The act allows for the protection of topography as an intangible asset (ie, spatial arrangement of integrated circuit elements), which can be applied to semiconductor products, including chips. Other aspects, such as the following, are outside the scope of protection:

  • manufacturing technologies;
  • the information contained in the integrated circuit; or
  • the circuit's function.

To qualify for protection, the topography must:

  • be a result of the creator's own intellectual effort; and
  • not be commonplace in the semiconductor industry.

Rights holders have two exclusive rights:

  • to authorise or prohibit the reproduction of a protected topography; and
  • to authorise or prohibit commercial exploitation or the import for that purpose of a topography or a semiconductor product manufactured using the topography.

The exclusive rights expire at the end of the calendar year which marks the passing of 10 years since the exclusive rights were obtained.

4 Data

4.1 What is the regime in your jurisdiction for regulating the processing of personal data and what specific implications does this have for digital business?

The Data Protection Act 2018 applies to the processing of personal data. For the most part, the act is a translation of the EU General Data Protection Regulation (2016/679) (GDPR).

The Data Protection Act is founded on seven principles of data processing:

  • lawfulness, fairness and transparency;
  • purpose limitation;
  • data minimisation;
  • accuracy;
  • storage limitation;
  • integrity and confidentiality; and
  • accountability of the controller.

For data processing to be lawful, it must be based on one of the six legal bases for processing, such as consent or legitimate interest. Stricter requirements apply to the processing of special categories of data, such as health data.

Under the Data Protection Act, data subjects have various rights, including:

  • the right to access their data;
  • the right to rectification; and
  • the right to erasure.

The Data Protection Act imposes various obligations on controllers and/or processors. These obligations pertain to, for example:

  • ensuring the security of data processing;
  • handling data breaches;
  • transferring personal data internationally;
  • appointing a data protection officer; and
  • contractually regulating relationships with processors and joint controllers.

The Data Protection Act has extraterritorial application, applying to:

  • domestic controllers and processors; and
  • under certain conditions, foreign controllers and processors that process the data of individuals from Serbia.

The data protection regime does not create specific legal implications for digital businesses. The Data Protection Act applies to both automated and non-automated data processing. Digital businesses, which typically process data primarily in an automated manner, are subject to equally stringent data protection requirements as any other entity that engages in data processing.

4.2 What is the regime in your jurisdiction for regulating the processing and sharing of non-personal data and what specific implications does this have for digital business?

Serbia has no law akin to the EU Data Act that sets out rules for accessing and using personal and non-personal data generated by smart products.

Among the laws that regulate the processing and sharing of non-personal data, the following have particular relevance for digital business:

  • the Trade Secrets Act, which restricts the unauthorised access and use of confidential business information that is classified as a trade secret; and
  • the Electronic Communications Act, which applies to both digital and non-digital businesses and contains provisions on data breach notifications.

The laws on employment, healthcare and accounting prescribe minimum retention periods for documents or data. Databases enjoy copyright protection if the selection or arrangement of their contents is original and meets other requirements for copyright protection. Copyright does not extend to the contents themselves. If a database does not meet the conditions for copyright protection, it can enjoy more limited protection as a ‘related right'. This right gives the rights holder control for 15 years over the extraction and reutilisation of all or substantial parts of the contents of the database.

5 Cybersecurity

5.1 Does your jurisdiction have specific cybersecurity legislation and what implications does this have for digital business?

In Spring 2025, Serbia will probably have a new law on cybersecurity, aimed at harmonising the national legal framework with EU law, as expressed in the Second Networks and Information Services Directive 2022 (NIS2). Compared to the current Information Security Act 2016, the draft law:

  • covers a wider range of entities; and
  • introduces new obligations regarding:
    • risk assessment;
    • the frequency of compliance checks;
    • mandatory safeguards; and
    • incident reporting.

Like NIS2, the draft law distinguishes between two relevant categories of information and communication technology (ICT) system operators:

  • ‘essential' entities; and
  • ‘important' entities.

However, the draft law does not subject essential entities to more proactive and intrusive supervision by the cybersecurity authorities.

Compared to NIS2, the draft law sets out more rigorous formal requirements, but the sanctions in case of non-compliance are far lighter than those under the European directive. The draft law provides that the maximum fine for violating the law will be:

  • €17,000 for essential entities; and
  • €8,500 for important entities.

These are negligible figures compared to those envisaged by NIS2.

Operators of ICT systems in Serbia will have to carry out more frequent compliance checks than those required under the implementing laws adopted in EU member states. Incident handling requirements are also more stringent, as:

  • early reporting of incidents must be detailed; and
  • interim reporting is mandatory and frequent.

6 Financial crime prevention

6.1 What provisions govern money laundering and other forms of financial crime in your jurisdiction and what specific implications do these have for digital businesses?

The Anti-money Laundering Act and the Criminal Code are the principal statutes regulating:

  • money laundering; and
  • other forms of financial crimes, such as:
    • fraud;
    • embezzlement;
    • forgery; and
    • bribery.

Legal acts regulating the establishment and operation of certain regulated activities – such as the Banking Act, the Undertakings for Collective Investment in Transferable Securities Funds Act, the Alternative Investment Fund Act and the Insurance Act – also stipulate that undertaking the respective activities without a licence constitutes a criminal act. The Digital Assets Act treats insider trading and digital market abuse as crimes.

Serbia has also ratified:

  • the Convention on High-Tech Crime; and
  • the related Additional Protocol and Second Additional Protocol on High-Tech Crime.

Amendments to the Criminal Code and the Law on the Organisation and Competence of State Bodies for the Fight against High-Tech Crime have transposed various forms of high-tech criminal acts into the Serbian legal system.

7 Consumer protection

7.1 Do the consumer protection measures in your jurisdiction have specific implications for digital business?

The consumer protection measures in Serbia have specific implications for digital business. Several laws protect consumers from:

A new consumer protection law drafted by the government in 2024 and expected to be enacted in 2025 will further adapt Serbia's consumer protection regime to the digital age. The law will transpose into the Serbian legal system a number of provisions from three EU directives adopted in 2019:

  • Directive 2019/770/EU on certain aspects concerning contracts for the supply of digital content and digital services;
  • Directive 2019/771/EU on certain aspects concerning contracts for the sale of goods; and
  • the Enforcement and Modernisation Directive (2019/2161).

8 Taxation

8.1 Does your jurisdiction impose a digital services or similar tax; and/or in light of digital business structures, has it introduced rules to modify the level of presence or connection required to fall under the tax regime? If so, to what extent has your jurisdiction committed to removing these taxes or measures should the Organisation for Economic Co-operation and Development-negotiated Multilateral Convention on a new taxing right (Amount A of Pillar 1) come into effect?

There is no digital services tax or similar tax in Serbia, and thus no measures are needed to remove any such taxes. No rules have been introduced to modify the level of presence or connection required to fall under the tax regime.

8.2 What are the main tax measures, trends and developments in your jurisdiction with implications for digital businesses?

There are no specific tax measures, trends or developments in Serbia that specifically address digital business.

9 Cross-border trade

9.1 Have any legal measures been implemented to facilitate digital cross-border trade in your jurisdiction?

The E-commerce Act generally enshrines the freedom to provide cross-border e-commerce services. In cross-border trade, parties may choose both:

  • the applicable law; and
  • the forum for dispute resolution.

Contracts concluded by electronic means – including both business-to-consumer (B2C) and business-to-business contracts – may be executed in a foreign language. However, in the case of B2C contracts, certain pre-contractual information must be provided in Serbian. Furthermore, there are no licensing requirements for entities engaged in digital cross-border trade.

9.2 What specific challenges or concerns does digital cross-border trade present in your jurisdiction that digital businesses should bear in mind?

While the E-commerce Act generally allows contracting online, there are some limitations – this is not permitted where:

  • a special law prohibits e-signing.
  • the law requires:
    • the contract to be in the form of a solemnised document or a notarial record; or
    • the signatures of the contracting parties to be authenticated; or
  • in surety contracts, the party granting surety is acting outside of its trade, business or profession.

There are no special forums for breach of contracts concluded online and there is no online dispute resolution mechanism.

The provision of services involving online payments and digital assets is subject to licensing requirements. Currently, no passporting provisions apply to EU payment service providers. An exception to this general applies to foreign e-money issuers that process cross-border payments for Serbian residents, which can perform these services in Serbia subject only to notification requirements to the National Bank of Serbia.

The Foreign Exchange Act contains a number of restrictions aimed at:

  • protecting the local currency; and
  • monitoring payments abroad.

While cross-border payments between Serbian and foreign residents are generally free and can be made in both domestic and foreign currency, payments in Serbia between Serbian and foreign residents must be in local currency. There are certain exceptions to this general rule – for example, in case of the purchase of software or digital products, payment in foreign currency is allowed even if the payment is considered to have been made in Serbia, provided that the payment is made using a credit card or e-money through a payment service provider in Serbia.

10 Brand protection

10.1 How are brands protected in your jurisdiction? Are there any specific challenges or considerations for digital businesses to bear in mind?

Brands are protected through trademark registration. According to the Trademark Act 2020, a sign (eg, a word, drawing, letter, three-dimensional shape or sound) can be registered as a trademark if it is capable of:

  • distinguishing the goods and services of one undertaking from those of other undertakings; and
  • being presented in the Register of Trademarks in a manner that enables the competent authorities and the public to determine the clear and precise subject matter of the protection.

The procedure for trademark protection is carried out by the Serbian IP Office. A registered trademark is valid for 10 years and can be renewed indefinitely for additional 10-year periods.

There is currently no case law on the use of trademarks in digital environments. Digital businesses may potentially face challenges in defending trademarks registered for virtual goods against identical or similar signs related to their real-world counterparts. Competent authorities might consider virtual goods and their real-world counterparts as dissimilar due to, for example, differences in the nature, purpose or method of use of the compared goods. Challenges for trademark holders may also arise from the practical difficulties in:

  • identifying infringers in the digital environment; and
  • determining the appropriate jurisdiction.

11 Innovation

11.1 How is innovation in the digital business space protected in your jurisdiction? What key issues should digital businesses bear in mind in this regard?

Any innovation in digital technologies may be patented if it meets the requirements for patentability. Under the Patents Act 2017, as amended, an invention must satisfy the general requirements of novelty, inventive step and industrial applicability to be eligible for patent protection. Certain items are not considered inventions and therefore cannot be patented, such as:

  • computer programs;
  • discoveries;
  • scientific theories;
  • mathematical methods; and
  • presentations of information.

The procedure for patent protection is carried out by the Serbian IP Office. A patent remains valid for 20 years from the moment the patent application is filed, as long as the rights holder regularly pays the official fees.

12 Competition

12.1 Does the applicable competition regime in your jurisdiction have specific implications for digital business?

The competition regime in Serbia presents no specific legal implications for digital businesses. Digital businesses should pay attention to common competition concerns in the digital environment, such as those relating to:

  • most-favoured-nation (MFN) clauses;
  • self-preferencing behaviour;
  • anti-steering rules; and
  • abusive use of personal data.

In 2022, the Commission for Protection of Competition published a sector analysis report examining the competitive environment in the market for digital platforms for food and goods delivery. Based on information provided by a number of digital platforms operating in Serbia, the commission expressed concerns regarding issues such as:

  • economic barriers to market entry, resulting from the need for substantial investments in:
    • platform development;
    • marketing and technical infrastructure; and
    • securing partnerships with restaurants and other partners;
  • the potential for a new form of competition driven by advanced analytics, as he ability of digital platforms to collect, analyse and control large volumes of data allows them to:
    • improve performance;
    • develop more detailed user segmentation;
    • optimise marketing strategies; and
    • create new products and services.
  • All of the above can potentially result in economic barriers to entry; and
  • MFN clauses – according to the report, uniform pricing across all digital platforms reduces the incentive for platforms to compete based on their commission rates, potentially leading to the distortion or restriction of competition.

13 Employment

13.1 Does the applicable employment regime in your jurisdiction have specific implications for digital business?

Please see question 13.2.

13.2 What rules and restrictions apply to remote working in your jurisdiction?

According to the Labour Act, remote work is a specific type of employment. It is permitted only for the performance of jobs that:

  • are not hazardous or harmful to the health of the employee or others; and
  • do not endanger the environment.

In addition to the mandatory elements of any employment agreement, agreements for remote work must contain the following elements:

  • regulation of work hours;
  • the method of employee supervision;
  • whether the employee will use the employer's or his or her own equipment and work tools;
  • if the former, how the equipment and work tools will be maintained; and
  • if the latter, whether the employee will be compensated for:
    • the amortisation of own equipment; and
    • other remote work-related costs.

The agreement may, of course, also regulate other rights and obligations.

Employees who work remotely must not receive a lower base salary than their colleagues who perform the same jobs on the employer's premises, where such employees exist.

The volume of work and the deadlines for completing work must not prevent remote employees from exercising their rights to:

  • daily breaks;
  • rest between two workdays;
  • weekly rest; and
  • annual leave.

13.3 How can digital business attract specialist talent from overseas where necessary?

The main advantage that digital businesses can offer to employees is flexibility. Since COVID-19, it has become evident that many jobs that were traditionally performed on-site can be carried out remotely. As a result, the workforce has started to value remote work and flexible work hours. Consequently, even companies that operate predominantly on-premises have started offering hybrid work arrangements and flexible schedules in an attempt to compete with digital businesses and attract and retain talented personnel.

14 Environmental, social and governance (ESG)

14.1 What specific challenges or concerns does digital business present from an environmental perspective? What key considerations should be borne in mind in this regard?

There are no regulations in Serbia tailored specifically for the environmental aspects of digital business, but the generally applicable regulatory framework on environmental matters also applies to digital business – including in relation to special waste streams (eg, e-waste), pollution, energy efficiency and so on – to the extent applicable.

14.2 What specific challenges or concerns does digital business present from a social perspective? What key considerations should be borne in mind in this regard?

There are no regulations in Serbia tailored specifically for the social aspects of digital business.

14.3 What specific challenges or concerns does digital business prevent from a governance perspective? What key considerations should be borne in mind in this regard?

There are no regulations in Serbia tailored specifically for the governance aspects of digital business.

15 Trends and predictions

15.1 How would you describe the current landscape for digital business and prevailing trends in your jurisdiction? Are any new developments anticipated in the next 12 months, including any proposed legislative reforms?

The current government consistently emphasises that digitalisation is a priority, with a particular emphasis on:

  • AI;
  • the digitalisation of healthcare; and
  • the digitalisation of education.

A draft law on AI is scheduled for completion by the end of the first quarter of 2025 and is expected to be more business-friendly and supportive of innovation than the EU AI Act.

As explained in more detail in the responses to other questions (5.1 and 7.1), the government has prepared:

  • a draft law on cybersecurity in response to the Second Networks and Information Services Directive 2022; and
  • a draft law on consumer protection aimed at adapting the Serbian consumer protection regime to the digital age.

Although Serbia was among the first European countries to adopt a law on digital assets (the Digital Assets Act), that law is not aligned with EU Regulation 2023/1114 on Markets in Crypto-Assets. Furthermore, a number of fintech services are not adequately recognised and as such regulated under the existing legislation. It is reasonable to expect that certain services such as crowdfunding will soon be regulated; however, no draft laws were in place as of the start of 2025.

16 Tips and traps

16.1 What are your top tips for digital businesses in your jurisdiction and what potential sticking points would you highlight?

When designing their business operation models for the Serbian market, fintech service providers should be aware of the potential need to obtain a licence to conduct their operations in Serbia as a result of a restrictive reading of the laws by the competent authorities. Thus, for instance, robo-advice and auto-trading services – although not explicitly regulated – could fall under the definition of ‘investment services' under the Capital Markets Act and could thus require a licence. Similarly, crowdfunding platforms could be perceived as a classic lending service that requires a licence.

Companies that qualify as ‘essential' or ‘important' entities in terms of the cybersecurity regulations should count on having to carry out more frequent compliance checks and cope with more cumbersome incident handling requirements than when operating in EU member states.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Bogdan Ivanišević
Bogdan Ivanišević
Photo of Jelena Hrle
Jelena Hrle
Photo of Marija Gligorević
Marija Gligorević
Photo of Anja Gligorević
Anja Gligorević
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More