Author: admin

As Croatia prepares to implement a new real estate tax, Ilej & Partners in cooperation with Karanovic & Partners Partner Franka Baica, BDV Legal Partner Vladimir Batarelo, and CMS Partner Tamara Jelic Kazic talk about its objectives, potential impacts, and how property owners and investors should respond.

Returning Real Estate to the Residential Market

“The primary objective of the real estate tax is to promote a more equitable tax structure among property owners and to equalize the tax burden between short-term and long-term rentals, thereby encouraging long-term rentals as a more stable form of property usage,” Baica explains. “By targeting unutilized properties, the government intends to encourage sustainable property development and stabilize the real estate market, which could potentially lead to lower prices as well as broadened accessibility of housing. Furthermore, one of the objectives is to generate more revenues for local governments.”

Batarelo highlights the layers of the reform. “First, municipalities retain their autonomy to set rates, with the range adjusted from EUR 0.60-5.00 to EUR 0.60-8.00 per square meter. Significantly, municipalities will now receive 80% instead of 100% of revenue, with 20% going to the state budget. This might prompt moderate rate increases to maintain current revenue levels,” he explains. He notes that the reform makes the tax mandatory across all municipalities. “Tax administration data shows 95 local government units currently don’t implement it. These municipalities must introduce the tax, retaining the freedom to set rates within the range, defaulting to EUR 0.60 if they don’t act.” According to him, “the legislation aims to address approximately 600,000 vacant residential units and standardize property taxation across Croatia.” Given the moderate rate changes, he expects “the market impact to be more administrative than financial for areas already implementing the tax.”

Jelic Kazic adds that “the main objective of the new real estate tax is to improve the housing situation and correct the market imbalances by returning vacant real estate and short-term rentals to the residential real estate market.” However, she warns that the reform is “being implemented without a comprehensive housing strategy,” and that, in the absence of precise calculations, it is “impossible to estimate the effect of these changes to the real estate market, especially considering that other non-tax measures may be implemented at a later stage.”

R.E.thinking Investment Strategies

“By taxation of properties that are either rented out for short-term or vacant, the government expects the new tax should stimulate the property owners to put their unused or rarely used properties to a functional use,” Baica observes. “The overall investment landscape may turn to projects that offer consistent returns rather than quick gains, potentially leading to more stable and responsible investment practices.”

Batarelo notes that “both foreign and domestic investors will face the same rules, with the main change being consistent application across Croatia. The rate structure remains relatively moderate, so the impact should focus more on compliance and documentation requirements than increased costs.” Moreover, he adds that the exemption for long-term rentals of 10 months or more “provides planning opportunities for investors who may want to restructure their holdings.”

Jelic Kazic points out potential shifts in investment preferences, adding that “the tax liability will depend on the square footage of the real estate; this may result in less investment in larger houses. Lessors, especially foreign investors, may opt for smaller apartments to reduce their tax burden.” She notes that while more real estate may become available for targeted groups, overall investment in the sector might decrease.

Can Taxation Alone Achieve the Goal?

Baica expresses cautious optimism about increasing housing availability for young families. “If the reform effectively restricts short-term rentals and enhances the affordability of real estate, it could lead to a greater focus on housing projects for young families. The generated revenue could fund public housing initiatives or subsidies for first-time homebuyers, further fostering accessibility,” she explains. “However, achieving this goal depends on the efficacy of the implementation and how the local government will prioritize the use of tax revenues.”

 

Batarelo offers a pragmatic viewpoint. “As a tax practitioner, I have to be realistic about what tax measures alone can achieve. Given the moderate rate changes, any direct impact on housing availability will likely be limited. However, the standardized implementation across all municipalities, including those that previously had no such tax, combined with clearer enforcement mechanisms, might encourage some property owners to either sell or rent out currently vacant properties,” he posits. “The long-term rental exemption could particularly help create more stable rental options. But this is just one piece of a broader housing policy puzzle.”

Jelic Kazic, however, remains skeptical. On the one hand, “it is certain that some owners will start renting out their vacant real estate, and the rental market may improve to an extent. However, data on the vacant real estate in Croatia is not reliable because of a lot of illegal renting, and legalizing these arrangements will only seemingly increase the market share of long-term rentals,” she says. “On the other hand, the proposed tax effect will probably not motivate those who hold real estate as a long-term investment.”

Potential Rise in Prices

However, there might be unintended consequences. “While the tax aims to regulate the market, it may inadvertently lead to increased property values as well as higher rental prices, especially in areas heavily burdened by the new taxes,” Baica cautions. “Property owners might be compelled to raise rents to offset added costs, potentially aggravating housing affordability unless the market adjusts effectively.”

Focusing on risks, Batarelo adds that “the most immediate impact might be felt in municipalities that previously did not levy the tax. In these areas, we might see some adjustment in property values to reflect the new tax burden.” His take is that “the revenue-sharing mechanism, where 20% goes to the state budget, could affect local government policies. There is also a risk that some owners might attempt to pass on costs through increased rents, although the long-term rental exemption might help mitigate this.”

Jelic Kazic highlights challenges for certain properties. “An unintended consequence could be a sudden increase in rent prices as lessors will try to compensate for the loss of profit from switching to long-term rentals. In addition, some real estate is simply not suitable or attractive for long-term rentals, mainly due to their location – for example, rural areas where real estate is usually rented on a short-term basis.” According to her, this means that owners of such properties are forced to choose between selling them or paying taxes that may make renting unprofitable.

Preparation Is Key

All three agree that property owners and investors need to take strategic steps to prepare for the upcoming tax changes. “Property owners and investors should proactively assess their current assets and potential liabilities,” Baica advises. “By better understanding the tax implications and necessary adjustments, they should develop a strategic approach that includes diversifying investment portfolios.”

Jelic Kazic underscores the importance of awareness as well. “The best way to prepare is to be aware of the upcoming changes. Basically, a taxpayer will be any domestic or foreign, natural or legal person who owns real estate in Croatia, which is not used for permanent living arrangements.”

Finally, Batarelo stresses three aspects to keep in mind. “First, documentation – the requirements for proving exemption status, particularly for primary residences, are quite specific. Second, timing – the March 31, 2024 reporting deadline is crucial, and the penalties for non-compliance are significant. Third, structure – particularly for our clients with multiple properties, we are reviewing whether their current holding structure optimizes their position under the new rules,” he explains.

This article was originally published in Issue 11.11 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

Ostermann Ivancic Managing Partner Mojmir Ostermann and Divjak, Topic, Bahtijarevic & Krka Attorney at Law Dominik Glavina look at Croatia’s new lobbying law and the challenges it poses for businesses engaged in regular talks with public organizations.

A Long Time Coming

“The subject of lobbying regulation is not new in Croatia – in fact, it has been on the legislator’s radar for over a decade,” Ostermann begins. “Additional incentives came from the recommendations of the European Commission and the Group of States against Corruption, but many find that the ultimate impulse was from the OECD and the eagerly awaited joining of Croatia to that organization.”

Ostermann emphasizes that the main goal is to make the decision-making process more transparent. “Who are the members of expert groups in the legislative procedure; whose interests are taken into account while passing laws; how and with whom do the authorities make deals; based on which criteria is public money is invested in private companies – all of these matters and many more have been mostly hidden from the public.”

Glavina adds that this is the first time that lobbying activities have been regulated in Croatia. “The main reason for such regulation is the implementation of the Croatian Government’s Anti-Corruption Strategy 2021-2030, which identified the areas of lobbying activities and conflict of interest in public bodies as the ones in which the integrity of the public officials should be strengthened.” He notes that, in line with international standards and recommendations, “Croatia adopted the Lobbying Act representing an important step forward in the implementation of anti-corruption policy and preventive anti-corruption action.”

Lobbying or Daily Business

While the law aims to promote transparency, certain aspects may pose challenges for businesses in interpreting and complying with the new regulations. “An important challenge with the new act is that the definition of lobbying can be interpreted in more than one way,” Ostermann points out. “For this reason, some companies may not be sure whether their planned or current activities even fall within the scope of the Lobbying Act.” For example, he outlines that “it is currently unclear whether pharmaceutical companies should be subject to the Lobbying Act in the process of determining the list of medicines covered by health insurance.” Advising caution, Ostermann stresses that “companies which ultimately determine they are in fact subject to the Lobbying Act should be aware that, in relation to the competent authority, the lobbyists cannot refuse to provide information about lobbying by invoking professional secrecy.” Glavina echoes these concerns. “Since the Lobbying Act prescribes a broad definition of lobbyists, there are a lot of aspects that businesses should now take into account as there are industries – mostly regulated ones – in which communication with public officials is occurring as part of its daily business.” He emphasizes that businesses will face challenges in understanding what actions would be considered as lobbying as well as which persons are considered as lobbied persons under the act.

Importantly, understanding how Croatia’s law stacks up internationally can provide context and help businesses prepare better. Ostermann notes that “Croatia was one of the last countries in the region to officially regulate lobbying. Slovenia has regulated the profession since 2010, Montenegro since 2012, Northern Macedonia 2008, and Serbia since 2019.” Highlighting some of the differences, he says that, “same as in Croatia, registration and reporting in Slovenia is obligatory for all lobbyists. However, unlike in Croatia, lobbyists in Slovenia are obligated to include financial information in their yearly report (amounts received by the client, donations to political parties).” And, in Montenegro, “all lobbyists are required to pass an exam with the Agency for Prevention of Corruption.” Ostermann suggests that for Croatia to fully meet international recommendations, “some find it necessary to include the obligation of lobbied persons to keep records of their meetings with lobbyists, which should be publicly available, as is the case with the officials of the European Commission and representatives in the European Parliament.”

Glavina observes that the act could be considered part of the group with stricter lobbying provisions in the EU. “It has a broad definition of lobbyists, the mandatory framework includes both executive and legislative branches, prescribes mandatory reporting of interactions with lobbied persons, however without their publication, and has set up independent authority oversight.”

Ambiguities Causing Compliance Concerns

The ambiguities of the act may ultimately affect compliance. Identifying specific issues, Ostermann notes that an “ambiguity can be found in the obligatory content of the lobbyist’s report, which, among other information, must include the ‘indication’ of the lobbied person, which makes it questionable if the lobbyist should state the name of the contacted public official or including only their position is sufficient.” He also notes that “The act does not specify whether the content of the lobbyists’ reports will be made public and, if so, to what extent, nor does it indicate how the competent authority will verify the accuracy and completeness of the reports. The competent authority has not yet published any guidelines with regards to these issues.”

Agreeing that ambiguities will hinder compliance efforts to a certain extent, Glavina adds that “this especially applies to businesses in regulated industries since their daily business consists of their communication with the public officials that might be caught by the definition of the lobbied persons under the Lobbying Act.” He expects that the Commission for the Resolution of Conflicts of Interest, as the competent authority, will provide interpretations. “Once the Commission identifies the ambiguities of the act in practice, we believe the provided interpretations should be reflected as amendments to the act.”

Staying Ahead of the Curve

Navigating the new lobbying landscape requires proactive measures and strategic planning. Ostermann advises that “it is important to keep in mind that the Lobbying Act prescribes obligations not only for professional lobbyists, but also for in-house lobbyists and professional associations.” He suggests that companies should “make a thorough analysis and seek legal advice if they suspect that the act could apply to them and their employees or associates.” Despite the relatively low financial fines, “the reputational risk is certainly not negligible.” Moreover, he recommends “keeping track of the competent authority’s opinions.” Given that lobbyists cannot invoke professional secrecy when prompted for additional information by the competent authority, “it is probably a good call to review what information is given to the lobbyist and if any of it constitutes professional secrecy which is not really necessary for their activities,” he adds.

“Businesses should first assess their position in terms of their interaction with the public officials,” Glavina says, suggesting a strategic approach. “Following their assessment, the businesses should decide whether they will engage the professional lobbyists, or they will instruct their employees to register as in-house lobbyists – this decision mostly depends on the level of interaction between the businesses and the public officials.” He adds that for businesses with daily interactions, it should be operationally easier to “register their employees as in-house lobbyists in order to be compliant while remaining business-oriented.”

This article was originally published in Issue 11.11 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

mBank Deputy General Counsel Pawel Szczepaniak talks about his path to banking and reflects on how his varied background continues to shape his approach to complex legal challenges.

CEELM: Tell us a bit about yourself and your career path leading up to your current role.

Szczepaniak: Interestingly, my path to law wasn’t obvious from the beginning. I was quite talented in math, even winning a national math competition in primary school, which led me to attend one of the best math-focused secondary schools in Poland. For a time, I thought architecture might be my future, influenced by my strong interest in design and structure. However, I later shifted gears after some conversations with my mother, who worked in finance. I was drawn to both finance and law and ultimately chose to study law – a decision that has been incredibly beneficial in my current role. My background allows me to communicate effortlessly with finance professionals, which has become a valuable asset in our work.

Early in my studies, I tried various areas of law by gaining practical experience with international law firms. I worked in real estate, insurance, litigation, and a few other fields, but banking and finance truly resonated with me. I enjoyed the work, found it engaging, and decided to pursue it as my career. Today, every new project brings a sense of excitement, which is why I advise young professionals to find what genuinely excites them. It’s so much more rewarding to pursue something you’re passionate about, and that motivation comes through in your work.

Like many, I didn’t know exactly what I wanted to do from the start, and it took me some time to be sure this was the right path. Ultimately, law proved to be a fascinating and fulfilling field for me.

CEELM: What was the biggest shock when transitioning to the in-house world? On the flip side, what was the most pleasant surprise?

Szczepaniak: My legal journey began at Clifford Chance during my final year at university, where I gained hands-on experience working on high-level projects. Working in an international law firm allowed me to develop practical skills, from drafting agreements and legal documents to conducting thorough research. This practical side of law isn’t always emphasized in academia, which tends to be more theoretical, so I valued the opportunity to build a practical toolkit early on.

For five years, I worked across various international law firms and funds before joining mBank (at the time, BRE Bank) in 2009, during the financial crisis. This was a defining moment. The opportunity to contribute to the bank’s legal efforts to secure its post-crisis position was both challenging and rewarding. Working in-house gave me a broader perspective on business, finance, and the operational side of a company – an aspect that I found especially compelling and hardly visible from a law firm perspective. It felt like my skillset was perfectly aligned with the needs of the bank, and I’ve enjoyed developing my career in this direction ever since.

CEELM: How large is your in-house team currently, and how is it structured?

Szczepaniak: I currently serve as the Deputy General Counsel at mBank, where we have a team of about 60 lawyers. The team is divided into three main areas: retail, investment, and finance, which then break down into six divisions. Each division has a deputy head who reports either to me or directly to the General Counsel. Although we have a clear structure, we promote flexibility and encourage our team members to work outside their immediate areas. This not only broadens their experience but also fosters collaboration on complex projects that require a multidisciplinary approach. Our institution is very client-oriented, so this flexible setup helps us provide tailored, innovative solutions, from which we are proudly recognized in the market.

CEELM: What has been keeping you and your in-house team busy over the last 12 months? What about the upcoming 12 months?

Szczepaniak: The past year has been packed with regulatory projects and transactional work, especially within green financing and financing obtained for us as the issuer with several landmark deals, including a notable top two largest securitization transaction ever from Poland and the issue of non-preferred senior green bonds (NPS) based on the Green Bond Principles. The issue with a nominal value of EUR 750 million is the largest issue of NPS green bonds placed by a Polish bank in history and the largest bond issue in the mBank Group.

Additionally, we dedicated significant resources to ESG and sustainability transition financing, not only providing green financing to our clients but also conducting active campaigns to educate clients and potential clients on climate transformation. For the year ahead, we anticipate more of the same, as the regulatory landscape and sustainability requirements continue to evolve.

CEELM: How do you decide if you are outsourcing a project, and when picking external counsel, what criteria do you use?

Szczepaniak: We frequently collaborate with external experts, especially for specialized areas that require niche knowledge or an international perspective. Our policy outlines when and how to engage external counsel, and we select firms based on the specific expertise needed for a project.

We’re open to collaborating with a range of external law firms. While we have established relationships with some trusted firms, we also welcome new firms, especially those that distinguish themselves, for instance, with insightful seminars or effective negotiation skills. We review our panel of external law firms annually, ensuring they meet specific criteria aligned with our needs, and we share this information internally with our business partners.

CEELM: What do you foresee to be the main challenges for GCs in Poland in the near/mid future?

Szczepaniak: For us at mBank, ESG and sustainable finance will remain top priorities, particularly as we are a market leader in funding projects in renewable energy, green finance, and other environmentally driven areas. We’re fully committed to supporting new technology solutions and sustainable financing for our clients. Looking ahead, we also have some exciting transactions in the pipeline, including the first Additional Tier 1 (AT1) issuance ever from Poland, which, if all goes well, should be finalized soon.

Beyond ESG, artificial intelligence is one of the most prominent emerging challenges, especially with the surge in interest in generative AI in the financial sector. Meeting rising consumer expectations – especially in retail banking – means incorporating AI solutions that are both practical and compliant. This requires not only understanding the technology but also navigating the regulatory landscape. AI and other new technologies are already reshaping how we structure our legal department, as we consider integrating these tools to optimize internal processes. In the next three to five years, we expect to see a significant evolution as we begin implementing these technologies based on our current evaluations. Rapid changes in tech are pushing us to go deep within our internal processes to ensure we remain adaptable, efficient, and at the forefront of these advancements. This is in line with our strategy, which motto is defined as “from the icon of mobility to the icon of possibilities.”

This article was originally published in Issue 11.11 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

Belupo General Counsel Eva Kovacic reflects on her journey from law firm beginnings to steering legal and compliance in the fast-paced pharmaceutical world.

CEELM: Tell us a bit about yourself and the career path you took leading up to your current role.

Kovacic: Currently, I serve as Group General Counsel for Legal and Compliance at Belupo Pharmaceuticals and Cosmetics Inc., a pharmaceutical company based in Croatia that operates across multiple EU and non-EU markets. It’s a broad scope, and we’re actively engaged in diverse regulatory environments.

My career began at a law firm though. Private practice days were an invaluable period because I gained experience in various branches of law, representing clients in court and learning to understand the perspective of opposing parties. Combined with my postgraduate studies in European law, this helped my deeper understanding of EU legislation and its implications for businesses – a decision that proved crucial as the European market evolved.

About two decades ago, I transitioned to in-house legal work at a multinational pharmaceutical company GlaxoSmithKline. I started as a junior lawyer and gradually climbed the ranks, taking on increasing responsibilities. Initially, I oversaw the legal needs of the Adriatic region, but over time, my scope expanded to include broader Southeast and Central European regions. This role involved managing legal teams across multiple jurisdictions with the support of external lawyers. We worked well as a virtual team while maintaining strong personal connections through team-building events and on-site visits. My final position at the same company was a global role – working as a lawyer for GSK R&D and supporting a diverse portfolio of products. This position required frequent collaboration across markets as varied as Asia and the U.S., making it both challenging and rewarding.

After years in such a structured multinational setting, I transitioned to Belupo Pharmaceuticals and Cosmetics Inc. This move was an opportunity to apply my global experience to a company rooted in my home country, keeping my focus on the pharmaceutical business. Over the past two years, I’ve focused on growing my team, navigating a specific industry and regulatory framework, and learning from new challenges. It’s a fulfilling role with a supportive and collaborative management team. It is a privilege to share our management’s vision and at the same time protect company values. 

Mentorship is another passion of mine, especially when it comes to supporting young professionals and advocating for gender equality in the workplace. Some of the people I’ve mentored have risen to impressive heights in their careers, which I find incredibly rewarding. For me, leadership is as much about empowering others as it is about achieving results.

CEELM: What was the biggest shock when transitioning to the in-house world? On the flip side, what was the most pleasant surprise?

Kovacic: Since I worked extensively with in-house teams during my time in private practice, the transition wasn’t particularly shocking. My background gave me a solid understanding of how external counsel could support businesses, so I was able to adjust quickly.

That said, one significant difference between private practice and in-house work is the cultural and operational diversity of multinational companies. Leading teams across jurisdictions with different legal frameworks and cultural nuances was both challenging and enriching. For example, managing legal matters in markets like the U.S., Asia, and Europe pushed me to develop a deeper understanding of regional dynamics. I also appreciated the chance to specialize in pharmaceutical law and compliance, which has been pivotal in shaping my career.

The most pleasant surprise was the collaborative aspect of in-house work, often requiring building multinational teams. This has been incredibly rewarding, as has working closely with business leaders to shape strategy.

CEELM: How large is your in-house team currently, and how is it structured?

Kovacic: Our team is divided into several specialized areas. On one side, we have the core legal team, which handles multiple legal areas and matters. On the other side, we have a compliance group that focuses purely on regulatory adherence. We also oversee corporate security and occupational safety and health, which encompasses aspects of those specific risks, ensuring alignment with group-wide standards.

Given the overlap between legal, compliance, occupational safety and health, and corporate security, we collaborate closely across these functions. This integrated approach ensures that we maintain high standards while addressing complex issues effectively.

CEELM: How do you decide whether to outsource a project or use in-house resources, and what criteria do you use when picking external counsel?

Kovacic: We prioritize using in-house resources wherever possible. Our team is well-equipped to handle most projects, but for highly specialized matters – such as acquisitions or specific regulatory issues – we bring in external counsel. When selecting external lawyers, we prefer firms with deep expertise in the relevant field and a proven understanding of our industry.

We follow a structured procurement process to ensure a fair and thorough selection. This involves specialized procurement documentation related to compliance and experience. Once we gather this information, we evaluate qualifications and select partners based on clear criteria.

We value long-term relationships with external counsel, as understanding each other’s ways of working and the specifics of our industry significantly enhances collaboration. Many of our external partners have supported us for years, which fosters trust and efficiency.

CEELM: What has been keeping you and your in-house team busy over the last 12 months? What about the upcoming 12 months?

Kovacic: Over the past year, we’ve focused on various topics across many different areas of the pharmaceutical industry, including competition law, supporting the launch of new products and markets, executing several strategic projects, driving necessary compliance changes, and much more. We’ve additionally supported the shaping of a new corporate identity, corporate culture, and implemented strategies to drive organizational growth.

Looking ahead, our workload will remain dynamic. We’re keeping a close eye on industry trends and regulatory developments, particularly in the pharmaceutical sector. Ensuring we stay compliant while supporting business strategic goals through innovation, ambitious growth, new markets, and strengthening market position in existing markets will be a major focus. We work hand in hand with every function at Belupo to develop and deliver medicines to patients, where they are needed most. We’ll maintain our profound commitment to do what is right, to act with integrity, and to use our legal expertise and strong voice to shape a framework that governs our business to the benefit of patients.

CEELM: What do you foresee to be the main challenges for GCs in Croatia in the near/mid future?

Kovacic: One of the biggest challenges is managing the sheer complexity of operating across multiple jurisdictions. Balancing the demands of various legal systems, cultures, and regulatory environments requires strong organizational skills and experience especially when starting our strategic business cooperation in new markets. Building a strong team, maintaining good relationships with colleagues in the industry, and staying informed about emerging trends will also be crucial.

Another ongoing challenge is finding a balance between professional responsibilities and personal priorities. As workloads increase, it’s important for GCs to prioritize effectively and create space for strategic thinking.

I am proud to lead an outstanding, highly skilled, and business-oriented Legal and Compliance team and am grateful to every member for playing a critical role in fulfilling our purpose.

This article was originally published in Issue 11.11 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

An in-depth look at Bartosz Miszkurka of Solivan covering his career path, education, and top projects as a lawyer as well as a few insights about him as a manager at work and as a person outside the office.

Career:

• BTA Solivan; Founding Partner; 2012-present
• Deloitte Legal; Partner Associate; 2010-2012
• KPMG Legal; Partner Associate; 2008-2010
• GFKK B. Miszkurka and Associates; Managing Partner; 2007-2008
• Linklaters; Managing Associate; 2002-2007
• Clifford Chance; Legal Trainee; 1999-2002

Education:

• London School of Economics and Political Science; LLM; 1998
• College of Europe; MA in European Studies; 1997
• University of Warsaw; MA in Law; 1995
• University of Silesia in Katowice; Faculty of Law, BA; 1995

Favorites:

• Out of office activity: road cycling, cyclo tourism, brevets, gardening work at the farm, learning Spanish
• Quote: “Life is like riding a bicycle. To keep your balance, you must keep moving.” – Albert Einstein
• Book: Les Bienveillantes by Jonathan Littell
• Movie: Everybody’s Fine (2009) by Kirk Jones

Top 5 Projects:

• Advising Meinl European Land RE Fund on the acquisition of a portfolio of seven shopping centers in Poland from Echo Investment S.A.
• Advising Catalyst Capital on the acquisition of an office building through the acquisition of shares in a very complex corporate structure and with elements of re-financing
• Advising LiuGong Machinery on the acquisition of a part of the production business in the HSW S.A.
• Advising the Orco property group on the permitting process, construction, and sale of the Zlota 44 residential tower
• Advising BGK (Bank Gospodarstwa Krajowego) on the first PRS project on the Polish market and standard legal documentation

CEELM: What would you say was the most challenging project you ever worked on and why?

Miszkurka: Without a doubt, real challenges arise when you are a novice lawyer, with too little experience and someone has entrusted you with a task that attracts media attention, is pioneering, requires a great deal of practical non-legal knowledge. This was the situation I found myself in when I was at the beginning of my career fresh from passing the bar exam. The project was the design, obtaining all necessary planning and building consents, and commercialization of the Zlota 44 (Daniel Libeskind’s design) high-rise residential project – a project which won many national and international awards including at the International Property Awards London and the City of Warsaw award. In 2024, a record was set as one of the flats in the Zlota 44 building achieved the highest price on the Polish market and was sold for almost EUR 6 million. The complex nature of the project meant that it was the first of its kind in Poland and the lawyer’s role was to verify all the creative ideas that arose as a result of weekly project meetings and brainstorming. We had to defend the project against protesters and those behind them who used legitimate legal means but in fact were engaging in blackmail aimed at financial gain.

CEELM: And what was your main takeaway from it?

Miszkurka: The most valuable experience was the unique opportunity to participate in the creative process of designing, negotiating, building, and selling from a business perspective. I was deeply embedded in a process in which lawyers are not often involved from the very beginning.    

CEELM: What is one thing clients likely don’t know about you?

Miszkurka: I pay great attention to good and practical architecture. I have successfully managed several private building projects and I think that my true vocation would be to set up a property development company. I like to see tangible projects come to life and how they function afterward.

CEELM: Name one mentor who played a big role in your career and how they impacted you.

Miszkurka: Right after passing the bar exam, I ended up in the real estate department of Linklaters managed by Jonathan Gimblett – an English-qualified lawyer. Working with Jonathan, I learned how to concisely and understandably define and describe legal risks in a way that is understandable to English-speaking clients. There, I was supervised by Artur Kulawski who was then a Partner at Linklaters. Artur was an example of a very efficient, experienced lawyer able to manage large transactions. From the very beginning, I enjoyed a high degree of independence in working on projects and, on the other hand, I could always count on help and support. I very much appreciated the way he managed our team and the calmness which was very important in this very tense working environment.

CEELM: Name one mentee you are particularly proud of.

Miszkurka: I always have good memories of working with Darek Zboch, with whom I had the opportunity to work for many years on very complex real estate transactions before he decided to change his specialization for which I appreciate him very much. He is a very hard-working person who was always looking for new challenges and was able to adapt to the changing legal environment (in his case, the law of new technologies and renewable sources of energy).

CEELM: What is the one piece of advice you’d give yourself fresh out of law school?

Miszkurka: Do not be uncritical toward template contracts and documents, even if they come from reputable law firms, and always try to verify and improve them.

This article was originally published in Issue 11.11 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

An in-depth look at Damir Topic of Divjak, Topic, Bahtijarevic & Krka covering his career path, education, and top projects as a lawyer as well as a few insights about him as a manager at work and as a person outside the office.

Career:

• Divjak Topic Bahtijarevic & Krka; Founding Partner; 1994-present
• Katavic & Pelicaric; Legal Trainee;1990-1994

Education:

• University of Zagreb, Faculty of Law; LL.M.; 1990

Favorites:

• Out-of-office activity: sport, sport, and, again, sport
• Quote: “May you live in interesting times”
• Book: Crime and Punishment by Fyodor Dostojevski
• Movie: The Deer Hunter (1978)

Top 5 Projects

• Advising Nomad Foods on the acquisition of 100% shares in the frozen foods business owned by Fortenova for EUR 625 million. The deal won both the CEELM Croatian Deal of the Year and CEE Deal of the Year.
• Advising Entain in the acquisition of the SuperSport Group, the Croatian leading gaming and sportsbook operator with a 54% market share. With a value of approximately EUR 920 million, the transaction is by far the all-time largest deal to take place in Croatia and the wider region. The transaction was shortlisted for the CEELM Deal of the Year award for 2022.
• Advising on United Group’s acquisition of the Croatian business of the international telecom operator Tele2 AB. 
• Advising Dogus Group in relation to its over EUR 200 million investments in the Croatian hospitality sector, i.e., full due diligence, and transactional support in the acquisitions of several marinas and hotels in Croatia and the subsequent sale of the marinas to CVC and hotels to Erste Pension Fund.
• Advising Allianz in two major transactions involving Zagrebacka banka, part of the UniCredit Group: the sale of Allianz SE’s 11.72% stake in Zaba to UniCredit Group and Allianz Holding EINS’s purchase of Zaba’s 16.84% minority stake in Croatian insurance company Allianz Croatia d.d.

CEELM: What would you say was the most challenging project you ever worked on and why?

Topic: This is, probably, the first due diligence we ever carried out. It was a diligence of the largest Croatian insurance company and our team was facing, for the first time, a physical data room (where we spent six full days in a room without windows), reviewing hundreds of documents, red-room rules (where I was admitted with only a pen and piece of paper), and all other elements that, from today’s perspective, seems outdated and plain vanilla. At that time (and it was almost 30 years ago), this was a complete novelty in Croatia and we were fortunate to be the first or among the first couple of firms that had the privilege to work on a project that was never seen before – no one had any experience with such work and, literally, we were an icebreaking team of lawyers in the area of M&A transactions in Croatia.

CEELM: And what was your main takeaway from it?

Topic: Don’t be afraid of new challenges, get out of your comfort zone, and remember that your best weapon is knowledge. Look at the market and learn what those better than you are doing – learn from them and there is no need to reinvent the wheel. Just get to the bottom of things and try to understand why something is done – what’s the purpose and the goal. And believe in your common sense – sometimes it is better than to blindly follow the market.                          

CEELM: What is one thing clients likely don’t know about you?

Topic: The clients probably don’t know how much anger I can store inside me and how much of it gets out in some other places – usually on the tennis court. The general perception of me is that I’m calm, patient, and emotionally neutral but, believe me, this is only when I negotiate a deal.

CEELM: Name one mentor who played a big role in your career and how they impacted you.

Topic: There is no specific mentor in my career who played a big role over some period of time but there was a colleague – Tin Dolicki – from whom I have learned a lot sitting on the other side of the table. Tin Dolicki was “the lawyer” in Croatia for many years and, working with him, I realized that fighting over each and every word and provision in agreements doesn’t make sense in the greater scheme of things. During our interactions, we managed to streamline the discussions on only a few important things and remained relaxed that the rest would be “market standard,” fair and balanced wording. Working with such a behemoth was, maybe, the best LL.M. I could have ever obtained.

CEELM: Name one mentee you are particularly proud of.

Topic: During my professional career I had two or three mentees who, I believe, were exceptional lawyers and good men or women. Currently, I’m privileged to have Dina Salapic, as my closest co-worker and she has all that I think is necessary to be a great lawyer and a good person to work with. I see, from deal to deal, that there is less and less I can teach her and soon she will lead our teams further with confidence and clear vision.

CEELM: What is the one piece of advice you’d give yourself fresh out of law school?

Topic: Dream big but don’t forget to remain patient. Sometimes I was only dreaming and was ready to sacrifice everything for the firm but time showed me that patience was equally important for success. Overnight success doesn’t bring joy and, usually, is not founded on solid and sustainable growth and reputation. Hence: “Life is a marathon, not a sprint, dear young Damir.”

This article was originally published in Issue 11.11 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

The European Union is following its roadmap to strengthen the cybersecurity framework. After the Cybersecurity Act (Regulation (EU) 2019/881), which created a certification framework and established the European Union Agency for Cybersecurity (ENISA), and NIS 2 (Directive (EU) 2022/2555), which aims at enhancing the cybersecurity of essential and important services, the European Union introduced the protection of connected software and devices, in other words, the cybersecurity of the IoT. In October 2024, the European Council officially adopted the Cyber Resilience Act (CRA) which is about to be published in the EU Official Journal. The Czech Republic is now intensively preparing for the adoption of the Cybersecurity Act, which transposes the NIS 2 Directive, but awareness of CRA is low, even though critical software is being developed in the Czech Republic.

Scope of Application

The CRA sets out cybersecurity requirements for products with digital elements that are made available on the market. A product with digital elements is software or hardware that is directly or indirectly connected to another device or network. IoT products that will fall under the new regulation are laptops, smartphones, hard drives, operating systems, password managers, smart home solutions, and many more (IoT products). On the other hand, the CRA will not apply to medical devices, in vitro diagnostic medical devices, and motor vehicles, which are covered by the General Safety Regulation. The application of the CRA to products subject to sectoral legislation may be limited or excluded if such legislation requires an equivalent or higher level of protection. With regards to free and open-source software, the CRA will only apply if it is distributed and used for commercial activities. Non-commercial open-source software will be excluded from the new regulation.

Categories of IoT Products

The CRA recognizes three categories of products: important IoT products of class I, important IoT products of class II (both listed in Annex III), and other products.

Important IoT products of class I provide functions critical to the cybersecurity of other products or provides functions significantly affecting a large number of other products. Examples of these products are standalone and embedded browsers, password managers, mobile device management software, physical network interfaces, smart home products, and personal wearables.

Important IoT products of class II provide both a critical cybersecurity function and significantly affect a larger number of products. Examples of these products include operating systems for servers, desktops, and mobile devices, hypervisors and container runtime systems that support virtualized execution of operating systems and similar environments, public key infrastructure and digital certificate issuers, firewalls, and intrusion detection and/or prevention systems intended for industrial use.

Obligations for IoT Product Providers

Providers of IoT products – designers, developers, and producers – must meet essential cybersecurity requirements laid down in Annex I of the CRA Providers must ensure an appropriate level of cybersecurity based on the risks, place products on the market without known exploitable vulnerabilities, configure the product to be secure by default, provide with security updates, ensure protection of confidentiality and integrity, etc. Providers also must provide users with security-related information and possibility to securely and easily remove all data and settings.

Providers of IoT products must conduct a thorough risk assessment and manage the cybersecurity risks associated with their products. They have to provide the necessary information and instructions, such as the intended purpose of the product, foreseeable misuse that could lead to cybersecurity risks, security support, etc. Providers must establish processes to identify and address vulnerabilities in their products. They must also report significant cybersecurity vulnerabilities and incidents to the authorities.

Compliance with the CRA

Developers of non-critical products may conduct self-assessments. Class I products may be self-assessed or their providers may choose third-party assessment. For the providers of class II products, third-party assessment is obligatory.

Penalties are dealt with in a similar way to other European regulations – that is, a certain amount or percentage of worldwide turnover.

Providers will have to comply with the regulation within three years after it comes into force. The Czech Office for Cyber and Information Security should step up and actively communicate the new regulation in the same way as it is being done with NIS 2.

By Michal Matejka, Partner, and Eva Fialova, Attorney, PRK Partners

This article was originally published in Issue 11.11 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

Slovakia is currently still in the process of approving the draft legislation for the implementation of Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS2 Directive). However, Slovakia has missed the implementation deadline of October 17, 2024, with the draft pending approval in Parliament, expected by late November 2024.

The proposed legislation closely mirrors the NIS2 Directive’s text and introduces significant changes in several areas in comparison with the current legislation. A major adjustment involves incident reporting, making reporting and vulnerability notifications mandatory.  Importantly, the NIS2 Directive removes the distinction between essential service providers and digital service providers, categorizing regulated entities into two types based on their significance: essential entities that provide critical essential services and important entities that deliver other essential services.

The draft legislation departs from existing laws by eliminating the classification of serious cybersecurity incidents into categories. Incident reporting will transition to a centralized cybersecurity information system, enhancing efficiency and consistency in incident management. Essential service operators will face expanded responsibilities for reporting cybersecurity incidents.

Under the NIS2 Directive framework, the proposed legislation introduces a threshold for the size of regulated businesses. Notably, critical entities will be regulated without a size assessment. Security measures will be refined to align with new standards and enhanced risk analysis tools will be established, ensuring a baseline level of cybersecurity across Slovakia.

The draft legislation also strengthens supervisory activities, promotes education, increases accountability, and enhances the role of cybersecurity managers. New entities subject to essential service operator obligations will be required to undergo cybersecurity audits, ensuring compliance with updated security requirements and best practices.

In Slovakia, the National Security Authority has been designated as the responsible body for cybersecurity, serving as both a supervisory authority and the national contact point for cybersecurity issues. It has established the National Cybersecurity Centre SK-CERT, which provides incident management services, recovery support, and system restoration after incidents, functioning as a national Computer Security Incident Response Team.

Operators of essential services must report significant cybersecurity incidents, substantial cyber threats, last-minute events that could lead to severe incidents, and vulnerabilities in publicly accessible networks and information systems they manage. The legislation will impact various entities, including domain name registrars, online marketplace providers, internet search services, and social media platforms, which will be tasked with updated cybersecurity obligations. These obligations include establishing security policies, appointing responsible individuals, mandatory reporting of security incidents to the National Security Authority, and conducting cybersecurity audits.

Domain name registration service providers will need to maintain a record of registration data, including details such as the domain name, registration date, and contact information for the domain holder.

The implementation of the draft legislation is expected to affect approximately 3,400 new entities, according to the National Security Authority. Among these, around 2,750 will be medium-sized enterprises, and approximately 650 will be large entities. However, this count may be somewhat inflated, as many organizations, particularly those classified as critical infrastructure, are already subject to existing legislation.

With the NIS2 Directive’s implementation, businesses in newly regulated sectors will face new compliance costs, potentially amounting to thousands of euros. Many operators already comply with international ISO security standards, and the main costs associated with the NIS2 framework will involve regulatory compliance, particularly concerning security requirements, incident reporting duties, and oversight measures, including compliance documentation through audits.

The draft legislation also includes specific decrees related to training center recognition. Should the Slovak draft legislation be approved by the end of this year, it is expected to take effect on January 1, 2025, with a 12-month timeline for implementing required security measures. Following the law’s passage, businesses must ensure compliance to avoid potential legal penalties and financial losses.

By Bernhard Hager, Managing Partner, and Simona Makuchova, Senior Associate, Eversheds Sutherland

This article was originally published in Issue 11.11 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

Hungary was one of the quickest in the EU to begin implementing Directive (EU) 2022/2555 (NIS2) and one of those few EU member states that met the deadline for implementation. Nevertheless, the Hungarian NIS2 implementation is still incomplete, and the current implementing laws have caused some practical and interpretational issues for various companies.

In this article, we briefly summarize the past, present, and potential future of Hungarian cybersecurity laws.

Hungarian Cybersecurity Laws before NIS2

Hungary has had a relatively sophisticated cybersecurity law since 2013. The Information Security Act (Act L of 2013 on the Information Security of State and Municipal Bodies), despite its name, applies not only to the electronic information systems (EIS) of state and municipal bodies but also to operators of critical infrastructures (including private-sector companies) and certain IT suppliers of these organizations.

The Information Security Act requires entities subject to it to categorize their EISs into security classes and identify their organization’s required security level. Based on such security classes and levels, the organization concerned must take appropriate physical, logical, and administrative measures to protect its EISs and handle security events.

NIS2 Implementing Laws

The first Hungarian NIS2 implementing law, the Cyber-Certification Act (Act XXIII of 2023), has been applicable since January 2024. The scope of the Cyber-Certification Act is very similar to the scope of NIS2, but there are some alterations from the list of the in-scope entities: for example, Hungarian pharmaceutical wholesalers are concerned entities if they meet the relevant thresholds. Similarly to NIS2, deciding on whether an entity is subject to the Cyber-Certification Act might be challenging in certain cases because the Hungarian law refers to other legal areas (e.g., concerning food businesses and waste management activities).

Concerned entities must register in the Hungarian Cybersecurity Authority’s (SZTFH) relevant registry within 30 days after they begin their activity subject to the Cyber-Certification Act. If the concerned entity was already performing its regulated activity before 2024, it had to register by June 30, 2024.

Since October 18, 2024, concerned entities must take appropriate measures to ensure the security of their EISs and the physical environment thereof. A part of such measures is specified by a related law. Similarly to entities subject to the Information Security Act, concerned entities must also categorize their EISs (and the data processed in them) into security classes and choose security measures accordingly.

Each concerned entity must conclude a contract with one of those cybersecurity auditors authorized by the SZTFH within 120 days after registration and have cybersecurity audits every two years (noting that there are special interim rules applicable to most entities that had to register already). Concerned entities must pay a supervisory fee to the SZTFH (the specific amount has not been determined at the time of writing).

Despite the fast implementation, based on our experience, there have been some considerable practical and interpretational issues relative to the Cyber-Certification Act. For example, based on the Cyber-Certification Act, concerned entities must include in their contracts with various IT service providers that the service provider undertakes to comply with the Cyber-Certification Act. Compliance with such a rule might cause challenges to multinational company groups where IT services are procured centrally and shared based on intracompany agreements. Furthermore, the Cyber-Certification Act is not clear on whether the IT service provider of the concerned entity must comply with the Cyber-Certification Act relative to all of its EISs or only concerning those that are used for the provision of services to the concerned entity (which is a crucial question in terms of expenses).

In addition, the Cyber-Certification Act does not include provisions based on Article 26 of NIS2, which stipulates special jurisdictional rules. Therefore, it is not settled at a legislative level whether, for example, providers of public electronic communications networks and/or services established in another EU member state must register and pay supervisory fees in Hungary.

Potential Future Changes

On October 29, 2024, the Hungarian government submitted to the Hungarian Parliament draft legislation that would replace both the Cyber-Certification Act and the Information Security Act. Based on the current draft, the new legislation might improve on the Cyber-Certification Act’s current issues and bring Hungarian cybersecurity laws closer to NIS2. On the other hand, in our view, the current draft is still not fully in line with Article 26 of NIS2, which might cause some confusion over its interpretation. Naturally, time will tell whether the new legislation’s final version will stand the test of practice.

By Csaba Vari, Head of IPTech, and Andras Gaal, Attorney, Baker McKenzie

This article was originally published in Issue 11.11 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

On August 1, 2024, the Artificial Intelligence Act (Regulation (EU) 2024/1689, AI Act) came into effect, establishing several regulations concerning artificial intelligence systems within the European Union. Although the regulation is already in force, its requirements will gradually come into effect: the first deadlines are set for February and August 2025, while most of the requirements will apply starting August 2, 2026.

Mapping Artificial Intelligence Systems

The first step is to create a comprehensive overview of the AI systems you use – whether developed in-house or merely AI-based tools used in daily operations. This will help you assess which systems fall under the regulation’s risk categories: unacceptable, high, limited, or minimal risk.

When mapping the systems, consider your role, as obligations differ somewhat according to roles. You need to clarify for each AI system whether you are, for example, a provider, deployer, importer, product manufacturer, or in some other role. An overview of the systems will provide a clear picture of their compliance with the regulations. And even if the AI Act does not apply, there may still be a need to comply with other legal requirements.

Assessing Compliance

After mapping, you can begin to analyze what risk level your systems correspond to. First, you must determine whether the AI systems you are using are allowed, as some systems will be prohibited starting February 2, 2025. The AI Act deems systems such as applications used for emotion recognition in workplaces, manipulative systems, etc. as incompatible with the values and fundamental rights of the European Union.

Next, examine whether the AI system is intended to be used as a safety component of a product, or the system is itself a product (e.g., industrial machines, toys). Additionally, the regulation lists fields that may involve high risk (e.g., biometrics, systems used in critical infrastructure, education, or employment).

In contrast, minimal-risk systems as those used in spam filters pose a relatively small threat to people’s rights. The regulation does not restrict their use nor impose additional requirements.

Clarify Requirements

Next, clarify what the specific requirements are and what needs to be done in the context of each AI system. If you have determined that you have a high-risk AI system, you need among others to: (a) create a risk management system, (b) organize data management, (c) prepare technical documentation, and (d) ensure transparency.

Ensuring Compliance with Other Legal Regulations

In the rush to implement the AI Act, do not forget to comply with other closely related legal acts, such as the General Data Protection Regulation. If you use personal data for the development and further training of AI systems, it is essential to ensure that such activities are purposeful and based on appropriate legal grounds. Transparency must also be ensured, meaning that necessary information must be provided regarding data processing related to the AI system and the rights of data subjects established by law must be respected.

Copyright regulations are also important, as it must be ensured that the use of content protected by copyright for training and utilizing AI complies with the relevant rights. Verify that the training data and the outputs of the AI system do not infringe on anyone’s copyrights and that there is permission for content usage.

Ensuring Cybersecurity

Even though Estonia has not yet established specific guidelines, adopted implementing legislation, and designated responsible authorities under the AI Act, it remains a digital innovation leader within the European Union. The country is home to many companies that heavily rely on advanced AI systems. To support the development plans of Estonian organizations, the Estonian Information System Authority has commissioned an analysis of AI technology risks and mitigation measures. This is an essential read for aanyone planning to adopt artificial intelligence or has already adopted it but has not considered the associated risks. It offers an overview of the current state of AI systems, their deployment models, and the associated cybersecurity risks, along with practical measures to address these challenges. As part of this initiative, a quick guide and worksheet have been created for AI system implementers, providing tools to assess deployment models and systematically evaluate risks and compliance needs. These resources are also recommended for effective system risk control and selecting appropriate mitigation measures.

Although there is still time to comply with the AI regulation, it is crucial to act now. Build a team that includes specialists who can cover both the technological and legal requirements. If there are many AI systems with different risk levels, compliance should be approached systematically and gradually, establishing realistic internal deadlines – starting with prohibited systems, then moving to high-risk systems.

By Egon Talur, Partner, Priit Pold, Senior Associate, and Liina Jents, Specialist Counsel, Cobalt

This article was originally published in Issue 11.11 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.