Regional Round-Up

CAMBODIA

Ban of Signal Boosters and Repeaters that Severely Affect Mobile Services

On 28 July 2022, the Ministry of Post and Telecommunications issued announcement No. 1701 on the Ban of the Use of Signal Boosters and/or Repeaters that Severely Affect Mobile Services.

Pursuant to the announcement, all relevant parties are required to immediately cease the import of signal boosters and/or repeaters that have yet to be granted approval by the Telecommunication Regulator of Cambodia. Households currently using signal boosters and/or repeaters are requested to dismantle, remove, and cease the use of these devices in their respective homes. Non-compliance could subject the parties to penalties pursuant to Article 84 of the Law on Telecommunications.

Additionally, mobile network operators are encouraged to upgrade their equipment and technology as well as construct additional base transceiver stations in order to expand cell coverage and improve quality of service.

Prakas on Quality of Telecommunications Services

On 19 July 2022, the Ministry of Post and Telecommunications issued Prakas No. 82 on the Quality of Telecommunications Services ("Prakas") to determine key quality indicators, measurement methods and monitoring mechanisms of the quality of telecommunications services.

The determination aims to:

1. Ensure that information related to telecommunications services quality provided by telecommunications operators is accurate, acceptable and comparable;
2. Provide information in relation to options, price and quality of the telecommunications services;
3. Protect consumer interests in receiving quality telecommunications services in accordance with the fee paid;
4. Provide information to telecommunications operators in order to prepare the plan to enhance their telecommunications services and network;
5. Ensure telecommunications services quality measurement reports provided by the telecommunications operators are accurate, complete and delivered on time.

The Prakas applies to telecommunications operators who provide mobile phone services, fixed phone services and landline internet services in Cambodia. Under this Prakas, the operators, within 10 months after the Prakas' entry into force, must completely strengthen the quality of their telecommunications services in compliance with the key quality indicators of the telecommunications services quality as stipulated in this Prakas.

Conditions for Continued Acceptance of Applications for E-Commerce Permit or Licence

On 7 July 2022, the Ministry of Commerce ("MOC") issued Notification No. 1964 MOC on the Application for E-Commerce Permit or License ("Notification").

The MOC used to extend the deadlines of submission of application for E-Commerce permit or licence (the latest deadline being 3 July 2022) without penalty. The Notification states that MOC will continue to accept applications for E-Commerce permit or licence submitted after 3 July 2022 but subject to the following conditions and procedures:

1. Legal entities, branches of foreign companies, and sole proprietorships operating E-Commerce businesses without the approval from MOC shall apply for E-Commerce permit or license with MOC subject to payment of applicable fine.
2. Legal entities, branches of foreign companies, and sole proprietorships which have just started or intend to operate E-Commerce businesses may apply for E-Commerce permit or license with MOC without being fined.

Natural persons who have an annual turnover less than the annual turnover of a small taxpayer (approx. US$62,500 to US$400,000) may (i) notify the MOC to obtain exemption on filing the application; or (ii) apply for an E-Commerce permit without being fined if​ such natural person wishes to do so.

Overview of Arbitral Proceedings in Cambodia

The National Commercial Arbitration Centre of Cambodia ("NCAC") was established in 2006 and has been in operation since 2013. NCAC adopted its first arbitration rules in 2014, which were amended in 2021 ("2021 Rules"). There are various key aspects in the 2021 Rules which  relate to the key stages of arbitral proceedings: (i) commencement of arbitration, (ii) interim stage, (iii) hearings, and (iv) issuance of award.

Commencement of Arbitration

The commencement of arbitration consists of three main steps:

1. Filing of the notice of arbitration ("Notice") by the Claimant with all supporting information or documents and payment of the registration fee with the General Secretariat of NCAC ("GSNCAC"). The arbitral proceedings commence from the day the GSNCAC receives the complete Notice.
2. Upon receipt of the complete Notice from the GSNCAC, submission by the Respondent of the notice of response containing the same basic information as the Notice (e.g. identities of parties, the agreed/proposed number of arbitrators), with a statement confirming or denying all or parts of the claims as well as a counterclaim, if there is any; and
3. Constitution of the tribunal with an odd number of arbitrators (unless agreed otherwise by the parties) following receipt by the GSNCAC of the Notice and notice of response.

Interim Stage

The interim stage includes the preliminary meeting and additional meetings to organise and schedule proceedings for solving the dispute in a timely and cost-efficient manner. Parties must also submit relevant documents including the statement of claim, defence and counterclaim, defence to counterclaim and other supporting documents.

Hearings

The hearing date, time and venue shall be notified to the parties at least 15 days before the hearing takes place, after the parties have agreed on the manner of conducting the arbitral proceedings (i.e. an oral hearing or proceeding on the basis of documents-only).

Issuance of Award

A final arbitral award will be issued after the hearing is concluded. However, the Tribunal may also issue an award for interim measures prior to the final award, or a consent award if a settlement has been reached.

For more information, click here to read our Legal Update.

Cambodia’s New Law on Food Safety

The Law on Food Safety ("Law") setting out the legal framework and mechanisms to regulate safety, quality and sanitation relating to food production and food businesses has come into force.

Food business operators are subject to primary obligations such as (i) obtaining a permit from competent authorities; (ii) ensuring the foods are in compliance with legal requirements; (iii) resolving any food safety-related issues and reporting to authorities in charges immediately; and (iv) cooperating with relevant authorities to implement food safety measures.

All importation and exportation of foods must be in line with the legal requirements set forth in related local laws and regulations and other legal instruments of destination countries (for export products). Failure to comply with the Law will subject the errant business operators to administrative penalties and/or criminal penalties.

For more information, click here to read our Legal Update.

CHINA

China Releases Guidelines on the Application of Security Assessment on Cross-Border Data Transfer

On 31 August 2022, the Cyberspace Administration of China ("CAC") issued the first edition of the Guidelines on the Application of Security Assessment on Cross-border Data Transfer ("Guidelines") (数据出境安全评估申报指南(第一版)) to clarify how organisations in China can apply to CAC for a security assessment for cross-border data transfer. The Guidelines, which are intended to be guidance for the Measures for Security Assessment of Cross-border Data Transfer ("Measures") (数据出境安全评估办法), were released one day before the Measures took effect on 1 September 2022.

The Guidelines repeats the circumstances where a mandatory CAC-led security assessment is required under the Measures: (i) transfers of important data out of China; (ii) transfers of personal information out of China by critical information infrastructure operators or data processing entities that process personal information of over one million individuals; (iii) transfers of personal information out of China since 1 January 2021, that consist of personal information of more than 100,000 individuals, or sensitive personal information of more than 10,000 individuals; or (iv) other circumstances as may be specified by CAC.

Schedule 1 of the Guidelines provides a list of the required application documents, including but not limited to (i) an application form (a  template of which is set out in Schedule 3 of the Guidelines), (ii) a self-assessment report on cross-border data transfer risks (a template of which is set out in Schedule 4 of the Guidelines), and (iii) a copy of cross-border data transfer agreements to be co-signed by the data recipient(s) outside of China. The self-assessment shall be completed within three months prior to the submission of the application. There should not be any material changes occurring between the completion of the self-assessment and the submission of the application. Otherwise, a fresh new self-assessment may be required to be conducted.

NDRC's New Regulations on Foreign Debt

On 26 August 2022, the PRC National Development and Reform Commission ("NDRC") issued the Administrative Measures for the Review and Registration of Mid- to Long-Term Foreign Debt of Enterprises (Draft for Comments) (企业中长期外债审核登记管理方法(征求意见稿)) ("Draft Measures").

The Draft Measures expressly provide that they will apply to the issuance of offshore bonds by an enterprise operating in Mainland China, in the name of an enterprise registered outside China, based on the equity, assets, income or other similar rights and interests of the domestic enterprise. This is generally in line with the previous notices and interpretation issued by NDRC.

Compared to the current foreign debt filing and registration system, the Draft Measures bring about certain major changes, including the following:

1. The current "filing" system is changed to a "review" system, implying that a more substantive review may take place to tighten the scrutiny of foreign debt, and a prior approval may be required for mid- to long-term foreign debt (which refers to foreign debt with a term of more than one year (exclusive)).
2. The time limit for NDRC’s review of a foreign debt application and issuance of a foreign debt approval registration certificate is extended from seven business days to three months from the acceptance of the application. Enterprises can only commence foreign exchange registration, account opening and withdrawal of fund procedures after obtaining the foreign debt approval registration certificate.
3. The Draft Measures expressly provide a list of prohibited uses of foreign debt funds (negative list), such as using the same to (i) increase the hidden debt of local governments, (ii) make up for losses or speculation, and (iii) lend to any third party (except banking institutions).

The Draft Measures show NDRC's stricter stance on the review and registration of foreign debt of enterprises. Once the Draft Measures are promulgated, Chinese foreign debt issuers must allocate more time to prepare for bond issuance deals.

China Publishes Revised Provisions on the Administration of Information Services for Mobile Internet Applications

On 1 August 2022, the revised Provisions on the Administration of Information Services for Mobile Internet Applications ("Revised Provisions"), which was issued by the Cyberspace Administration of China on 14 June 2022, came into force. The Revised Provisions were issued in response to the recent legislation on relevant data protection laws which aim to establish a data governance system in China by strengthening the supervision of application providers and application distribution platforms.

The Revised Provisions substantially amended the original ones ("Original Provisions"), increasing the provisions from 11 to 27 articles and clarifying the requirements in relation to the provision of application information services and application distribution services in the People's Republic of China ("PRC").

Clause 2 of the Revised Provisions provides for a more comprehensive definition of application information services and application distribution services. They now include almost all types of services that may be provided based on the application and new types of platforms (such as quick Apps centers, Internet applet platforms, and browser plug-in platforms) to distribute such applications.

Clauses 6 through 16 outline the requirements for application providers, which include, among others, (i) verifying user identity information; (ii) obtaining an Internet news and information services license or other administrative licenses for information services; and (iii) establishing a mechanism for examining the content of the information. In particular, the Revised Provisions stipulate the obligations in relation to cyber security, data security and personal information protection, emphasising the necessity for personal information collection and the fact that users shall not be denied the use of the basic function services of certain applications merely on account of their refusal to provide unnecessary personal information. These requirements are in line with the Cybersecurity Law and Personal Information Protection Law of the PRC.

Clauses 17 through 21 set out the requirements for application distribution platforms, which include, among others, (i) filing the required information with the local network information administration authority within 30 days from the time the platform has become operational; and (ii) establishing classification management systems. Clauses 17 through 21 also prescribe the management obligations of application distribution platforms in relation to application providers. If the applications violate the Revised Provisions, relevant laws and regulations, and service agreements, the application distribution platform shall take such measures as giving warnings, suspension of services, removal of the application from the platform, etc. It shall also keep relevant records and report the breach to competent authorities.

PRC Ministry of Justice Provides Clarification on Legal Assistance in International Civil and Commercial Cases

On 24 June 2022, the Ministry of Justice of the People's Republic of China ("PRC Ministry of Justice") published an article in Question & Answer format in respect of legal assistance in international civil and commercial cases ("Q&A"). In this Q&A, the PRC Ministry of Justice expressly states, among other things, that a judicial administration (including a court) or an individual in a foreign jurisdiction cannot directly enquire a witness who is located within the territory of PRC, either by phone call, virtual meeting or using any other technology. Instead, the judicial administration has to apply for legal assistance in accordance with the PRC Civil Procedure Law.

Based on the Q&A, there are only two ways to question such a witness: (i) a member country to the Convention on the Taking of Evidence Abroad in Civil or Commercial Matters ("Hague Evidence Convention") may request the PRC Ministry of Justice to provide legal assistance in accordance with the Convention; or (ii) a non-member country may request assistance through the diplomatic channel.

In this regard, the PRC Ministry of Justice makes it clear in the Q&A that a witness within the territory of PRC is prohibited from attending the hearing of a foreign litigation, whether voluntarily or through a subpoena issued by the foreign judicial administration. 

The PRC Ministry of Justice also highlights that due to the security requirements for cross-border data transfer, any data information located in the territory of PRC cannot be provided to a judicial administration or officer of a foreign jurisdiction without the approval of the PRC governmental authority in charge.

An arbitral tribunal does not appear to fall within the scope of "judicial administration or individual", therefore it is unclear whether the abovementioned rules apply to an arbitration in a foreign jurisdiction.

INDONESIA

Five Burning Questions about the Indonesian Personal Data Protection Bill

On 20 September 2022, the Indonesian Parliament finally approved the personal data protection bill ("PDP Bill"). As the PDP Bill awaits signing by the President, we take a closer look at how personal data protection regime in Indonesia is set to change. At its essence, the PDP Bill is set to be the foundation for personal data protection in Indonesia, and existing laws regarding personal data protection will need to be aligned with the provisions in the proposed personal data protection law ("PDP Law").

In contrast to detailed or practical rules, the PDP Law currently only establishes normative provisions for personal data protection. Therefore, in order to further implement the provisions of the PDP Law, the Government will need to issue implementing regulations in the future.

As the PDP Bill currently stands, it comprises 76 articles, which are divided into 16 chapters.  Questions are to be expected, given its comprehensive nature. We disseminate some of these questions, including whether the PDP Law will be Indonesia's one comprehensive personal data protection law as well as which parties will be impacted by the PDP Law.

For more information, click here to read our Legal Update.

Presidential Regulation 112: Indonesia’s Commitment to Renewable Energy

The 2007 Energy Law (Law No. 30 of 2007) established a target for Indonesia to generate 23% of its energy from renewable sources by the end of 2025, and 31% of its energy by the end of 2050. Currently, Indonesia only generates 13% of its energy from renewable sources, which falls far short of the target.

The Government has taken numerous measures over the last 15 years to meet the renewable energy target, the most recent of which is the issuance of Presidential Regulation No. 112 of 2022. This regulation introduces several measures in the hope of increasing renewable energy in Indonesia: (i) prohibiting new coal power plant development; (ii) reducing the number of coal power plants; (iii) replacing the basis of the renewable energy tariff and imposing ceiling prices based on the type and location of the renewable energy power plant; (iv) streamlining the renewable energy project procurement process; and (v) providing incentives for geothermal energy power plants.

For more information, click here to read our Legal Update.

Government Regulation for IP-Based Financing Finally Enacted

The Indonesian Government recently enacted Government Regulation No. 24 of 2022 on the implementing regulation to the Creative Economy Law. The regulation promotes intellectual property ("IP") assets as security objects that can be used to obtain bank and non-bank financing. Previously, the Creative Economy Law (Law No. 24 of 2019) stipulated that the Government would facilitate an IP financing scheme for creative economy entrepreneurs and allow them to develop a marketing system for IP-based products.

The purpose of this regulation is to encourage the use of IP (which is frequently the only or primary asset in the creative economy industry) as a valuable, and hence acceptable, form of security for financial or loan transactions. However, there are still issues with its implementation. The Directorate General of Intellectual Property, which is responsible for recording and registering ownership over IP assets, has not begun accepting registration of IP assets as security, and the regulation itself does not detail the enforcement of encumbered IPs. Therefore, it is possible that the enforcement of encumbered IPs will continue to be a barrier for lenders.

For more information, click here to read our Legal Update.

OJK Tightens Supervision in New Peer-to-Peer Lending Regulation

The Financial Services Authority of Indonesia or Otoritas Jasa Keuangan ("OJK"), has introduced a new regulation on peer-to-peer lending, commonly known as P2P lending. The purpose of this regulation is to promote the optimal and healthy growth of the P2P lending industry and meet OJK's requirements for effective and efficient supervision.

This new regulation introduced several new concepts in P2P lending by enhancing OJK's supervision through market conduct, and rescinded several provisions in the previous regulation on lending limits, paid-up capital and equity minimum requirements, and the licensing process. The regulation also tightens control over P2P lenders by making them go through a fit and proper test and requiring them to have and identify a controlling shareholder.

For more information, click here to read our Legal Update.

New Regulation on Personal Liabilities of Directors and Commissioners in State-Owned Enterprises

On 8 June 2022, President Joko Widodo issued Government Regulation No. 23 of 2022 on state-owned enterprises ("SOEs"), specifically regulating, among others, the appointment and removal of directors and commissioners in SOEs. In addition, the regulation also states that directors and commissioners of SOEs will be personally liable for losses of the SOEs if they are proven to have been negligent when conducting their duties.

On the other hand, Articles 27(5) and 59(2) of the regulation allow directors or commissioners to be exempted from liability under the business judgment rule if they have performed their duties in good faith, have no conflicts of interest, and have taken steps to prevent the loss to the SOEs.

For more information, click here to read our Legal Update.

LAO PDR

Decision to Authorise the Division of Industry and Commerce of Provinces and the Capital to Issue and Manage Certificates of Origin of Goods that have Received Special Privileges

On 8 September 2022, the Ministry of Industry and Commerce ("MOIC") issued the Decision to Authorize the Division of Industry and Commerce of Provinces and the Capital to Issue and Manage the Certificate of Origin of Goods that have received Special Privileges No.1197/MOIC ("Decision"). The Decision replaces two earlier decisions, namely (i) the Decision on Authorising the Right of the Division of Industry and Commerce, throughout the country, to issue Certificates of Origin under the Preferential, No. 2036/MOIC.DIMEX, dated 12 October 2010; and (ii) the Decision on Authorising the Right of the Vientiane Capital Division of Industry and Commerce to issue and manage Certificates of Origin under the Preferential, No. 1880/MOIC.DIMEX, dated 5 September 2012.

Pursuant to the Decision, the Division of Industry and Commerce of Province and the Capital is empowered to issue and manage the relevant certificates of origin of goods that have received special privileges as follows:

1. Form A for goods that meet the requirements of the product origin regulations under the general commercial privileges; preferential;
2. Form D for goods that meet the requirements of the product origin regulations under the ASEAN Trade Agreement;
3. Form S for goods that meet the requirements of the product origin regulations under the trade agreement between the Government of the Lao PDR and the Government of Vietnam;
4. Form DFTP for goods that meet the conditions of the product origin regulations under; the unilateral trade privileges from India;
5. Form APTA for products that meet the conditions of the product origin regulations under the Asia-Pacific Free Trade Agreement ("APTA");
6. Form AI for products that meet the conditions of the product origin regulations under the ASEAN-India Free Trade Agreement;
7. Form AHK for products that meet the conditions of the product origin regulations under the ASEAN-Hong Kong, China Free Trade Agreement;
8. Form RCEP for products that meet the conditions of the product origin regulations under the Regional Comprehensive Economic Cooperation Agreement ("RCEP").

The issuance and continued use of a certificate of origin of goods that have received special privileges is granted upon the applicant's compliance with the terms, conditions, and instructions of the certification of origin of goods as defined in each contract from time to time. The Department of Import and Export of MOIC will coordinate and guide the Division of Industry and Commerce of Provinces and the Capital in the proper and effective implementation of the Decision. 

Decision on Creating and Developing Secure Applications

On 12 August 2022, the Ministry of Technologies and Communications ("MTC") issued the Decision on Creating and Developing Secure Applications No.2598/MTC ("Decision"). The Decision, which was published in the Lao Gazette Official on 24 August 2022, came into effect 45 days from the date of its issuance.  It aims to encourage individuals, legal entities and organisations that create and develop applications in Lao PDR to ensure that their applications are secure, by complying with the principles set out in the Decision.

Pursuant to the Decision, creating and developing a secure application involves developing and verifying the functionality of the application to make it more secure, including puting in place technical measures such as risk assessment, vulnerability identification, prevention methods and system maintenance. The application shall be reviewed by MTC. It must cover the following aspects and principles:

1. Application development and open data for further development;
2. Functional testing of applications;
3. Use of tools and elements;
4. Maintaining personal information in the application; and
5. Security maintenance in the application.

The Decision also states that the security testing of the application must follow standardised security inspection principles such as risk assessment, vulnerability identification, prevention methods and remedial measures set out by the relevant security management unit and/or the Department of Cyber Security.

The Decision also stipulates that application creators and developers as well as application owners can submit their apps to the Department of Cyber Security in order for the latter to carry out security checks in accordance with the relevant security standards to ensure the security and reliability of their apps and their services.

Decision on Management and Use of Internet Protocol Numbers (Internet Protocol)

On 12 August 2022, the Ministry of Technologies and Communications ("MTC") issued the Decision on Management and Use of Internet Protocol Numbers No.2600/MTC ("Decision"). The Decision, which was published in the Lao Gazette Official on 24 August 2022, came into effect 45 days from the date of its issuance. The Decision states that legal entities or organisations intending to use an Internet Protocol Number ("IP number") must apply with the Asia Pacific Network Information Center ("APNIC") or through the National Internet Center and satisfy the following conditions:

1. The applicant is an Internet service provider, government organisation, financial-banking department/agency, educational institution or information center that uses the internet with its own network;
2. The applicant's technical standards comply with the requirements set by APNIC;
3. There are elements of organisational structure within the applicant such as the presence of a general management person, technical person, and financial person; and
4. Compliance with other conditions as may be prescribed by MTC.

A legal entity or organisation that intends to use the IP number from APNIC has two options to do so: (i) Channel 1: applicants will use IP numbers directly with APNIC; and (ii) Channel 2: applicants will use IP numbers through the National Internet Center (which is a partner with APNIC).

A legal entity or organisation that has received the right to use the number from APNIC must register to use the IP number correctly and completely with MTC within 15 days prior to using such IP number.

The State also encourages individuals, legal entities and organisations in both the public and private sectors to research, develop, transform and use the Internet Protocol Version 6 ("IPv6") instead of the Internet Protocol Version 4 (IPv4) in telecommunications networks, internet networks, hosting devices (Server, Cloud Computing, Hosting), software, internet code names, internet of things devices (IoT), Smart Home, Smart City and other technical systems related to their work and services to ensure the usage of IP numbers to expand their network and technical systems in the future.

The development plan for the use of IPv6 is divided into three phases: (i) Years 2021-2022: preparation phase; (ii) Years 2023-2024: implementation of the initial phase; and (iii) Year 2025 onwards: transition phase from IPv4 to IPv6.

MALAYSIA

National Energy Policy 2022 – 2040 Launched by the Government of Malaysia

The sustainable use of energy has been given increasing priority in Malaysia in recent years. One of the latest initiatives launched by the Government of Malaysia is the National Energy Policy 2022 – 2040 ("NEP"). The NEP recognises the energy sector as a key source of national income and seeks to set out targets, action plans and initiatives with the aim of future-proofing the energy sector in Malaysia to reap the economic advantages arising out of the structural shift in the trend of energy systems towards cleaner sources of energy.

The NEP sets out specific targets which include efforts to: (i) increase the total installed capacity of renewable energy; (ii) increase the amount of renewable energy supply as a percentage of the total primary energy supply in the country; (iii) increase the percentage of electrical vehicle share in the country; (iv) increase the percentage of residential, commercial and industrial energy efficiency savings, and (v) to reduce the percentage of coal use in installed capacity. These targets are intended to usher the nation toward becoming a low carbon nation by 2040.

The strategies adopted to achieve the objectives of the NEP cover the optimisation of energy resources, the stimulation of growth and market opportunities, the enhancement of environmental sustainability in the use of energy, and ensuring fiscal sustainability and energy security (i.e. the uninterrupted availability of energy sources at an affordable price). The NEP also outlines 12 strategies and 31 action plans to implement its objectives. These action plans include measures which involve enhancing solar, hydroelectric and bioenergy resources and enhancing access to renewable energy by businesses.

For more information, click here to read our Legal Update.

The Government of Malaysia Launches the Malaysia Digital Initiative

On 4 July 2022, the Government of Malaysia launched a new digital economy initiative, namely the Malaysia Digital ("Malaysia Digital Initiative"). It is intended to replace the 25-year-old Multimedia Super Corridor agenda to become the primary national strategic initiative on the digital economy in Malaysia.

This initiative was established by the Ministry of Communications and Multimedia through its digital economy agency, the Malaysian Digital Economy Corporation ("MDEC"). The vision behind this initiative is to accelerate economic growth in nine areas, namely (i) digital trade, (ii) digital agriculture, (iii) digital services, (iv) digital cities, (v) digital health, (vi) digital finance, (vii) digital content, (viii) digital tourism, and (ix) Islamic digital economy.

As part of this initiative, the Government of Malaysia, through MDEC, will award Malaysia Digital Status ("MD Status") to eligible companies that participate in and undertake any of the prescribed activities under the Malaysia Digital Initiative. Eligible activities include financial technology (fintech), data centre and cloud services, artificial intelligence, and robotics.

MD Status companies will be entitled to a set of incentives, rights and privileges from the Government, subject to necessary approvals and compliance with the applicable laws and regulations. These benefits are collectively termed as the Malaysia Digital ("MD") Bill of Guarantees ("BoGs"). The BoGs represents the manifestation of the Government’s intention to facilitate the growth and development of MD Status companies. Under the BoGs, MD Status companies are eligible to apply for and/or enjoy certain incentives such as tax incentives and exemption, and greater flexibility to source capital and funds globally, among others. In order to facilitate the applications of prospective applicants, MDEC has also launched the Malaysia Digital Platform to consolidate and ease the application procedure for all interested entities.

For more information, click here to read our Legal Update.

Personal Data Protection Department Provides Updates to Proposed Amendments to Malaysian Personal Data Protection Act

In February 2020, the Personal Data Protection Commissioner issued a public consultation paper titled "Public Consultation Paper No. 01/2020 on Review of the PDPA" ("Public Consultation Paper") in relation to the proposed amendments to the Personal Data Protection Act 2010 ("PDPA").

Following the issuance of the Public Consultation Paper, the Personal Data Protection Department ("JPDP") provided updates on the proposed amendments to the PDPA on 4 July 2022, where representatives of JPDP have stated that they have further shortlisted proposed amendments to the PDPA and have submitted the same to the Attorney General's Chambers of Malaysia for further review.

Some key shortlisted amendments to the PDPA are as follows:

1. imposition of a requirement for all data users to appoint at least one Data Protection Officer;
2. introduction of a mandatory data breach notification requirement;
3. extension of the scope of application of the PDPA (which currently only applies to data users) to data processors;
4. introduction of a right of data portability, which is the right of data subjects to obtain and reuse their data for other purposes across different services; and
5. introduction of a "black-list" regime whereby data users will generally be allowed to transfer personal data to other countries subject to compliance with certain minimum criteria stated in the amended PDPA or its regulations, save for jurisdictions that have been specifically black-listed by the Minister of Communications and Multimedia.

In addition to the above, JPDP has indicated that several minor amendments had been approved by the relevant Ministers, and will likely be tabled in Parliament together with the said principal amendments in October 2022.

For more information, click here to read our Legal Update.

MYANMAR

Financial Action Task Force (FATF) Adds Myanmar to "Blacklist"

The Financial Action Task Force ("FATF") has added Myanmar to a group of high-risk countries, known as the "blacklist", citing its failure to make enough progress in addressing illicit financial flows. Myanmar joins North Korea and Iran, which have been on the high-risk list since 2020. However, while North Korea and Iran are subject to a FATF call to apply countermeasures, Myanmar is subject to a FATF call to apply enhanced due diligence measures.

For more information, click here to read our Legal Update.

MyCO no Longer Allows Application of Company Extracts

Commencing 26 September 2022, the Directorate of Investment and Company Administration (DICA) is no longer accepting applications from third parties to receive company extracts on the Myanmar Companies Online ("MyCO") website. Only personnel authorised by the particular company will be able to apply for company extracts.

Immigration Law: DICA Announces Recommendation Policy for Foreign Visa Extensions

The Directorate of Investment and Company Administration ("DICA") has announced its recommendation policy regarding extensions for foreigner visas which took effect from 14 September 2022. The announcement states that companies intending to issue a letter of recommendation to extend a foreigner’s visa must meet certain requirements which include the following:

1. The company must have been registered with DICA for at least one year;
2. The application for extension must be lodged with DICA at least 90-120 days before the expiration of the foreigner’s current visa;
3. Companies that were previously suspended or struck-off are not able to issue recommendations. They may only do so after one year of compliance of the Myanmar Companies Law 2017 (MCL);
4. Inform DICA of any change of local address of the foreigner; and
5. Submit supporting documents. Examples include a CV Form of the foreigner, tax returns/audit reports, previous income tax payments (if the foreigner requests a further extension of visa), Employment Contract, Terms of Reference and job description of the employee’s duties, and evidence of kinship of the relevant foreigner.

Resident foreigners who fail to obtain the permit will risk imprisonment of a term which may be between six months to five years, or with a fine of minimum of Myanmar Kyats (MMK) 1,500, or both.

Insolvency Law Update

The Directorate of Investment and Company Administration (DICA) issued an announcement regarding the liquidation of companies with effect from 1 September 2022 in accordance with the Myanmar Insolvency Law 2020 (MIL). Based on the announcement, Form W-01 (Notice of appointment of liquidator for company/body corporate) and Form W-09 (Liquidator’s final account of winding up of a company/body corporate) are now to be used to register and submit winding up applications through Myanmar Companies Online (MyCO).

Ongoing company liquidation cases can still use J Forms (Forms relating to winding up), but going forward W Forms will be used for the winding up of a company.

Central Bank of Myanmar (CBM) Updates

Change of Official Exchange Rate

On 5 August 2022, CBM increased the official reference exchange rate of Myanmar Kyat ("MMK") to US Dollars, from the previous rate of MMK 1,850 per US$1 to MMK 2,100 per US$1.  

Relaxation of Conversion Requirement for Export Earnings

On 5 August 2022, CBM issued Notification No. 36/2022 ("Notification 36") clarifying its foreign currency conversion requirement for exporters. Notification 36 specifies that only 65% of income received from exportation is required to be converted to MMK within one day.

On 16 August 2022, CBM further issued Letter No. FE-1/PaKa/1956  instructing authorised dealer banks ("AD Banks") to purchase 65%  of the export balance to comply with the conversion requirement. The remaining 35% of the export balance is to be converted into MMK if exporters do not use it within 30 days. The 35% of the export balance may also be used by the exporter, transferred to non-AD entities or sold to AD Banks, for which the approval from the Foreign Exchange Supervisory Committee (FESC) must be sought. In fact, Letter No. FE-1/PaKa/2071 which was issued on 26 August 2022 requires the AD Banks to report how the 35% of export earnings are used.

In addition, Letter No. FE-1/PaKa/1957 issued on the same day provides instructions stating among others that entities exempted from Notification 12/2022 are able to freely utilise 100% of their foreign currency earnings. The Notification No. 12/2022 dated 3 April 2022 states foreign currency account holders can no longer hold their foreign currency for more than one day.

CBM Allows Foreign Entities to Own Non-Bank Financial Institutions

On 13 July 2022, the Central Bank of Myanmar ("CBM") issued Directive No. 8/2022 ("Directive") allowing 100% foreign ownership of the non-bank financial institutions ("NBFIs"). This applies to both NBFIs operating in a Joint Venture (JV) with a Myanmar entity or 100% foreign owned NBFIs. The Directive also prescribes the requirements for a Foreign Financial Institution ("FFI") when establishing an NBFI, as well as the requirements an FFI must meet when entering into an NBFI JV.

Apart from the standard requirements of providing documentation such as financial statements, business plans and Board of Directors’ resolutions, some of the key factors that must be satisfied to operate an NBFI is that the investor must be a financial institution that has been operating for a minimum of three years and that the wholly-owned NBFI must have a minimum capital of at least US$10 million, along with documentation evidencing the transfer of capital contribution from any offshore banks to domestic banks. Once the requirements are met, CBM will issue a registration certificate allowing the FFI to operate an NBFI. The estimated timeline to be notified of the approval or rejection of the application is six months.

PHILIPPINES

PCC Threshold for M&A Notification

The Philippine Competition Commission ("PCC"), through Commission Resolution No. 18-2022, has adjusted the compulsory notification threshold for mergers and acquisitions as follows: (i) from PhP 6 billion in 2020 to PhP 6.1 billion for the Size of Party ("SoP"), and (ii) from PhP 2.4 billion in 2020 to PhP 2.5 billion for the Size of the Transaction ("SoT"). 

The SoP refers to the aggregate value of assets or revenues in the Philippines of the ultimate parent entity of one of the parties to a transaction, while the SoT refers to the value of assets or revenues of the acquired entity and the entities it controls. 

Previously, all mergers and acquisitions with SOP or SoT below PhP 50 billion were exempt from compulsory notification and review by PCC under Republic Act No. 11494, otherwise known as the Bayanihan to Recover as One Act, were subject to compulsory notification and review by PCC. With the lapse of the period set under the Bayanihan to Recover as One Act on 15 September 2022, the new threshold set by PCC is now effective beginning 16 September 2022.

PCC calculated the new thresholds to be provisionally set by updating the 2020 thresholds based on the country’s nominal gross domestic product growth in the past two years, reflecting the contraction of the economy by 8.09% in 2020 and subsequent growth of 8.13% in 2021. The set thresholds will remain effective until PCC en banc approves a new set of thresholds for compulsory notification.

Supervisory Technology and Regulatory Technology for Cyber Resilience

On 1 September 2022, the Bangko Sentral ng Pilipinas ("BSP") launched the Advanced Supervisory Technology ("SupTech") Engine for Risk-based Compliance, otherwise known as ASTERisC, for deployment among selected BSP-supervised Financial Institutions ("BSFIs"). The primary purpose of ASTERisC is to strengthen and enhance the cyber resilience of banks nationwide and to protect consumers, especially considering the present wide use of digital payments.

According to BSP, ASTERisC is a unified regulatory technology ("RegTech") and SupTech solution that streamlines and automates regulatory supervision, reporting, and compliance assessment of BSFIs' cybersecurity management. BSP's RegTech and SupTech solution is the next generation digital supervision tools and techniques aimed at enhancing the timeliness and quality of risk-based decision making.

BSP is also expected to issue the Financial Services Cyber Resilience Plan soon, which will serve as the primary framework for policies and strategies to strengthen cyber defence in the financial services industry. According to BSP, the pandemic has pushed the share of digital payments in the total volume of retail transactions from 20.1% in 2020 to 30.3% in 2021. Furthermore, the value of payments facilitated by online payment platforms also rose from a 26.8% share in 2020 to 44.1% of the total retail transactions in 2021. BSP envisions further growth in the use of digital payments, necessitating greater cyber protection. In fact, BSP itself would like digital payments to make up 50% of all transactions both in terms of volume and value by year 2023.

BSP will continue to develop the ASTERisC with the goal of improving cyber security.  BSP is committed to further consult and engage the participation of BSFIs, government agencies, and industry associations for a cohesive and industry-wide approach to addressing cyber security issues, and to enhance cyber incident response.

BSP Modifies Approach to Licensing VASPs

In Memorandum No. M-2022-035, the Bangko Sentral ng Pilipinas ("BSP") introduced a modified approach in granting new Virtual Asset Service Provider ("VASP") licences, as approved by the Monetary Board. BSP recognised that while VASPs offer opportunities to promote greater access to financial services at reduced costs, they also pose varied risks which could undermine financial stability. In view thereof, BSP seeks to strike a balance between promoting innovation in the financial sector and ensuring that associated risks remain within manageable levels.

Under the modified approach, the regular application window for new VASP licenses shall be closed for a period of three years starting 1 September 2022, while only existing BSP supervised financial institutions ("BSFIs") may be granted new VASP licences. BSP further noted that the said closure is subject to re-assessment based on market developments.

BSP may entertain new applications of existing BSFIs who wish to expand operations by offering VASP services. In evaluating these applications, due consideration will also be given to the BSFIs' risk management system, including appropriate client suitability assessment and customer onboarding practices, and intensified financial consumer education and awareness programs. Additionally, existing BSFI applicants must be rated as "stable" in its Supervisory Assessment Framework.

Previously, the BSP imposed a three-stage application process for the issuance of a license to register as a VASP. The stages are as follows: Stage 1 refers to the BSP’s assessment of the applicant’s eligibility; Stage 2 refers to the application for the issuance of a Letter of No Objection for the VASP to register its Articles of Incorporation and By-laws with the Securities and Exchange Commission; and Stage 3 refers to the application for grant of a Licence to operate as VASP and to offer advanced electronic payment and financial services. 

Following the modified approach, applications that have been completed or which have passed Stage 2 of the licensing process on or before 31 August 2022, will still be processed and assessed for completeness and sufficiency of documentation or information submitted, as well as compliance with the licensing criteria to operate as a VASP based on Stage 3 requirements. Those applications with incomplete requirements as of 31 August 2022 will no longer be processed, and will be returned and tagged as "closed". Beginning 1 September 2022, BSP will no longer entertain nor accept new applications from non-BSFIs.

NPC Circular on Administrative Fines for Data Privacy Infractions

The National Privacy Commission ("NPC") has issued NPC Circular No. 2022-01 dated 8 August 2022 regarding the Guidelines on Administrative Fines for data privacy infractions committed by personal information controllers ("PICs") and personal information processors ("PIPs"). NPC Circular No. 2022-01 encourages PICs and PIPs to promote organisational accountability by initiating measures to enhance their compliance with the Data Privacy Act of 2012 ("DPA") to protect the rights of their data subjects.

Any PIC or PIP who violates the provisions of the DPA, its implementing rules and regulations, and relevant issuances of NPC shall be liable for an administrative fine for each infraction. The amount of fine for each infraction shall fall within the ranges from 0.5% to 3% and 0.25% to 2%, respectively, of the annual gross income of the PIC or PIP that committed the infraction. The fine shall be determined by the total number of affected data subjects and the frequency of the commission of the infraction.

The PIC or PIP shall be subject to an administrative fine of not less than PhP 50,000 but not exceeding PhP 200,000 for either of the following: (i) failure to register the true identity or contact details of the PIC, the data processing system, or information on automated decision making; or (ii) failure to provide updated information as to the identity or contact details of the PIC, the data processing system, or information on automated decision making.

PICs or PIPs who refuse to pay the administrative fine under the circular may be subject to a Cease and Desist Order, or other processes or reliefs as NPC may be authorised to initiate pursuant to Section 7 of the DPA, and appropriate contempt proceedings under the Rules of Court.

Philippine Creative Industries Development Act

Republic Act 11904 ("RA 11904") or the Philippine Creative Industries Development Act lapsed into law on 27 July 2022. Primarily, RA 11904 mandates the promotion and development of domestic creative industries by protecting and strengthening the rights and capacities of creative firms, artists, artisans, creators, workers, indigenous cultural communities, content providers and other stakeholders.

Creative industries refer to "trades involving persons, whether natural or juridical, that produce cultural, artistic, and innovative goods and services originating in human creativity, skill, and talent, and having a potential to create wealth and livelihood through the generation and utilisation of intellectual property".

RA 11904 also provides for the formation of the Philippine Creative Industries Development Council ("Council"), which shall be under the guidance of the Department of Trade and Industry. The Council is mandated to implement a long-term plan for the development and promotion of the Philippine creative industries, with programs aimed at creating opportunities and employment, nurturing human resources, ensuring financial-enabling mechanisms, and providing incentives to encourage and sustain Filipino excellence in the creative industries.

With the enactment of RA 11904, the Council, in coordination with national government agencies, is set to formulate the Philippine Creative Industries Development Plan. The plan shall set forth the objectives, targets, strategies, and activities on the development and promotion of creative industries.

SINGAPORE

Measures to Enhance Online Safety – Singapore Introduces New Legislation

Singapore has been making concerted efforts towards enhancing the safety of digital spaces for Singapore users, particularly for children. This is in recognition of the inherent risks posed by harmful online content, and the amplification of such risks through the proliferation of social media services.

The Ministry of Communications and Information ("MCI") had, earlier in 2022, given an indication of what changes and enhancements may be expected in the digital regulatory and compliance framework, including the introduction of codes of practice for online platforms to protect Singaporeans against harmful online content. The proposed measures have been steadily advancing along the course of implementation, and are now being further developed, with new legislation being introduced in Parliament, and responses to public feedback on the proposed measures.

From 13 July 2022 to 10 August 2022, MCI conducted a Public Consultation on Proposed Measures to Enhance Online Safety for Users in Singapore ("Public Consultation"). On 29 September 2022, MCI released a summary of its responses to the feedback received from the Public Consultation, giving further indication of the direction that the proposed measures may take. The proposed measures raised in the Public Consultation include: (i) Code of Practice for Online Safety, which sets out the required measures and safeguards against harmful content to be implemented by designated social media services; and (ii) Content Code for Social Media Services, which empowers the Infocomm Media Development Authority ("IMDA") to direct social media services to disable access to harmful content.

On 3 October 2022, the Online Safety (Miscellaneous Amendments) Bill ("Bill") was introduced in Parliament. If passed, the Bill will empower IMDA to better regulate online communication services accessible by Singapore end-users and give effect to the proposed measures. The main proposed amendment in the Bill include: (i) allowing IMDA to issue blocking directions to online communication services to deal with "egregious content"; and (ii) empowering IMDA to issue online Codes of Practice for providers of regulated online communication service.

For more information, click here to read our Legal Update.

Amendments to Carbon Pricing Act Tabled in Parliament

The carbon tax regime in Singapore is governed under the Carbon Pricing Act 2018 ("CPA") that provides for, among other things, requirements relating to registration, reporting and payment of tax in relation to greenhouse gas emissions. Singapore recently consulted on raising its climate ambition to achieve net zero by 2050. Increasing carbon tax is part of Singapore's strategy to achieve its raised climate ambition. On 3 October 2022, the Carbon Pricing (Amendment) Bill ("Bill") was tabled for First Reading in Parliament. This follows an earlier consultation by the Ministry of Sustainability and the Environment ("MSE"). You may read about the main aspects of the consultation in our Legal Update here. MSE also provided its Response to feedback received on the consultation. 

The Bill seeks to amend the CPA in the following key aspects:

1. Revising the carbon tax rate and carbon price. Under the CPA, a taxable facility is required to pay carbon tax. The current carbon tax rate is $5/tCO2e. The Bill provides for the progressive increase in the carbon tax rate. The CPA also sets out the concept and value of a carbon credit, and governs how a carbon credit may be dealt with. Currently, each carbon credit has a value of $5. The Bill renames "carbon credits" as "fixed-price carbon credits" and provides for progressive increase in the carbon price.
2. Providing for the grant of allowances for eligible taxable facilities to reduce carbon tax. In the consultation, a transition framework was proposed to provide time for emissions-intensive trade-exposed companies to adjust to a low-carbon economy. The Bill sets out provisions for the grant of allowances to eligible taxable facilities to reduce the amount of carbon tax payable for an emissions year. Please refer to the new Division 1A of Part 5 set out in the Bill.
3. Providing for the surrender of eligible international carbon credits in place of fixed-price carbon credits for the purposes of paying the carbon tax. There are also provisions to establish the International Carbon Credits Registry and international carbon credit registry account, as well as for various related matters.
4. Revising registration and emissions reporting obligations (in particular, where there has been a transfer of operational control over a business facility), and the basis for liability for carbon tax. The Bill also contains provisions to allow the deregistration of a business facility as a reportable facility or a taxable facility if the registered person of the business facility, despite having operational control over the business facility, has ceased to operate the business facility and has no intention of resuming its business activity within the next 36 months after such cessation.

For more information, click here to read our Legal Update.

SICC's Jurisdiction over Cross-Border Restructuring and Insolvency Matters

Singapore has been strengthening its position as a key nodal jurisdiction for cross-border restructuring and insolvency. In 2015, the Singapore International Commercial Court ("SICC") was established specifically to handle international commercial disputes. Singapore adopted the UNCITRAL Model Law on Cross-Border Insolvency as part of the extensive changes to its debt restructuring regime in 2017. In 2018, the Insolvency, Restructuring and Dissolution Act ("IRDA") was introduced to consolidate and further augment Singapore's restructuring and insolvency framework.

This process continues with amendments to the laws to provide that the SICC has jurisdiction over international restructuring and insolvency matters. These amendments came into effect on 1 October 2022. This development is expected to further enhance Singapore's capabilities and attractiveness as a forum of choice for cross-border insolvency.

The SICC will have jurisdiction to hear any proceedings relating to corporate insolvency, restructuring or dissolution under the IRDA (or under the Companies Act before the IRDA came into effect). Such proceedings must be international and commercial in nature.

Foreign lawyers are allowed to appear in relevant proceedings before the SICC to make direct submissions on permitted matters of foreign law, provided they are duly registered. This would allow foreign lawyers to make submissions before the SICC on matters of foreign law and certain factual matters relating to the restructuring proceedings in the foreign jurisdiction. However, submissions on the IRDA and Singapore law issues would require the involvement of local counsel.

Further, lawyers representing clients in certain insolvency cases before the SICC will be able to enter into conditional fee agreements with their clients for proceedings commenced in the SICC.

For more information, click here to read our Legal Update.

Clarifying the Right to Private Action under the Personal Data Protection Act

The Personal Data Protection Act ("PDPA") sets out the duties of businesses and organisations regarding the collection, use and disclosure of personal data. To enforce these obligations, the Personal Data Protection Commission is empowered to issue directions for compliance and impose financial penalties. In addition, affected individuals are entitled to bring private actions against the offending organisation if they have suffered loss or damage from the breach of such duties.

However, not all forms of loss give rise to the right of private action under the PDPA. In Reed, Michael v Bellingham, Alex [2022] SGCA 60, the Singapore Court of Appeal provided some much-anticipated clarification on what constitutes "loss or damage" that would entitle an individual to initiate civil proceedings under the PDPA.

The Court of Appeal held that emotional distress falls within the scope of "loss or damage" under the PDPA, but the mere loss of control over personal data does not. In reaching its decision, the Court of Appeal considered the general purpose of the PDPA and adopted a wide interpretation of its private enforcement provisions.

The Court of Appeal also considered when an employee should be held responsible for a PDPA breach, and when the employee's actions should be attributed to the employer instead. As the relevant PDPA obligations do not apply to an employee who is only acting in the course of his employment, the Court of Appeal set out the applicable principles for determining when an employee can rely on this defence.

The Court of Appeal's decision provides important guidance for organisations and individuals that manage or deal with personal data in the course of operations, shedding light on when they may be exposed to private action for PDPA breaches.

For more information, click here to read our Legal Update.

Trends in Cartel Enforcement in Singapore

With the world gradually adapting to the "new normal", competition authorities worldwide, including the Competition and Consumer Commission of Singapore ("CCCS"), are looking at cartel enforcement with renewed interest. It is therefore critical for businesses in Singapore to be alert to possible infringements under Singapore's competition laws and review their business practices accordingly.

In Singapore, Section 34 of the Competition Act 2004 prohibits agreements, decisions and practices that have the object or effect of preventing, restricting or distorting competition within Singapore ("section 34 prohibition"). This includes the prohibition of cartel activities, which are agreements between competitors that have the object of preventing, restricting or distorting competition, such as price-fixing, bid-rigging, market sharing agreements and agreements to limit output or control production/investment.

Here, we highlight key trends in CCCS's cartel enforcement with reference to case statistics.

1. Financial penalty. CCCS has become increasingly aggressive in its imposition of penalties for anti-competitive conduct. In 2018, CCCS issued its two largest financial penalties to date – S$26.9 million (reduced to S$20.1 million upon appeal) and S$19.6 million, respectively.
2. Appeal. To date, the Competition Appeal Board has reviewed appeals relating to seven CCCS infringement decisions involving the section 34 prohibition, most of which have only succeeded in reducing the amount of penalty payable.
3. Leniency. CCCS has handled 33 leniency cases as of 31 March 2021 and has seen an increase in the number of leniency cases between FY2017 to FY2020. The leniency programme has led to the issuance of infringement decisions and the impositions of financial penalties in nine out of 16 section 34 infringement decisions.
4. Fast Track Procedure. Since the inception of the Fast Track Procedure in 2016, there has only been one published case where the procedure was applied. In this case, two out of the three parties benefited from an additional 10% reduction in financial penalties as a result of their cooperation with CCCS under the Fast Track Procedure.
5. Length of investigation. The length of investigations appears to have increased – the average duration of investigation for infringement decisions issued from 2016 to date was 45.6 months, compared to 25.4 months for infringement decisions issued before 2016.
6. Scope of liability. The section 34 prohibition is extraterritorial in scope. CCCS has prosecuted three cartels involving foreign jurisdictions.

For more information, click here to read our Legal Update.

THAILAND

Amendment to Guidelines on Fair Trade Practices related to Credit Terms for SMEs

The Trade Competition Commission issued a New Notification concerning Guidelines for Consideration of Fair Trade Practices related to Credit Terms in the case of Small and Medium-sized Enterprises ("SMEs") being Sellers of Goods or Services (No. 2) ("New Notification") that took effect on 16 September 2022.  The New Notification requires that SMEs must now meet the employment and income criteria (under the previous notification, it was either employment or income criterion). An SME must also provide evidence of employment and income to prove its SME status.

New Guidelines Issued on the Collection of Personal Data

On 7 September 2022, the Personal Data Protection Committee ("PDPC"), as the Thai personal data protection regulator, issued two sets of guidelines, namely, (i) guidelines on procedures for providing a notification of the purposes and details relating to the collection of personal data from data subjects; and (ii) guidelines on procedures for requesting consent from data subjects.  The purposes of these two sets of guidelines are to provide details of and clarity to the requirements as to the consent request and notification of privacy notice/policy so that the data controllers and any relevant persons can be aware of and gain a better understanding of how to comply with such requirements.

Tougher Controls on Digital Assets

The Securities and Exchange Commission ("SEC") has issued new rules which tighten the standards and requirements, and also the regulatory oversight on the advertising of digital assets. The new rules took effect on 1 September 2022.  The main objective of the new rules is to introduce more stringent requirements on advertisement of digital asset, which include a restriction on the content of advertisements, the display of warnings for investment risk, the reduction of channels through which the advertisements can be placed (i.e. for the cryptocurrency, the digital asset operator can advertise only through its official channels), and the requirement to disclose details related to the advertisements and expenses thereof, which include the use of influencers and bloggers, to SEC within certain prescribed timeframes.

New Regulation on Personal Data Complaints

The Personal Data Protection Committee ("PDPC") issued a regulation on the filing, refusal of acceptance, dismissal, consideration, and timeframe for the consideration of complaints, which took effect on 12 July 2022.  In brief, the regulation provides that where the Data Controller or the Data Processor, including the employee or the service provider of the Data Controller or the Data Processor, violates or does not comply with the Personal Data Protection Act, the data subject has the right to file a Complaint to the Expert Committee either by: (i) direct submission; (ii) mail, or (iii) filing via electronic means or any other means, as may be prescribed by the Office of the PDPC.

VIETNAM

Amendments to Regulations on Issuance of Corporate Bonds (Decree 65/2022/ND-CP)

On 16 September 2022, the Government enacted Decree 65/2022/ND-CP to amend its existing regulations (Decree 153/2020/ND-CP) on the issuance of corporate bonds by private companies.

The amendments tighten the scope of investors that are eligible to subscribe to such bonds. Save for limited types of bonds (e.g. convertible bonds), Vietnamese law only allows professional securities investors to subscribe to and trade corporate bonds. The amendments now stipulate that individual investors may only subscribe to bonds if they have held listed securities with a value of at least VND 2 billion for at least 180 consecutive days.

The amendments also narrow the purpose for which bonds proceeds may be used. In particular, issuers are no longer permitted to use proceeds to increase their working capital or as contribution of capital to other enterprises.

Among other changes, the amendments will also impose more stringent periodic and extraordinary disclosure requirements on issuers.

Guidance on Data Localisation Requirements under Decree 53/2022/ND-CP

On 15 August 2022, the Government enacted the long-awaited Decree 53/2022/ND-CP ("Decree") to guide the Law on Cybersecurity (which was passed back in 2018). The Decree, which came into effect from 1 October 2022, provides greater clarity on the companies that are required to comply with Vietnam's data localisation requirements.

The Law on Cybersecurity required both domestic and overseas companies engaged in certain industries to localise their data. The Decree now clarifies that data localisation will be required for the following companies that collect, exploit, analyse and process the data of its service users (including personal information, data concerning users' relationship and data created by them) ("User Data"):

1. All domestic companies that engage in the provision of services on a telecoms network or the internet, or provision of value-added telecom services in cyberspace are required to localise the User Data.
2. All foreign companies that conduct business activities in a regulated sector are required to localise the User Data on the request of the authorities if their services were used to violate cybersecurity laws, and the relevant state agency has notified the company of such violation and requested for cooperation prevention, investigation and remediation, and the company fails to comply. A regulated sector covers telecoms services, data storage and data sharing services in cyberspace, provision of national or international domain names to service users in Vietnam, e-commerce, online payment, payment intermediary, transport connection services via cyberspace, social networks and social media, online games, and services of providing, managing or operating other information in cyberspace in the form of messaging, voice call, video call, e-mail or online chat. In addition, these foreign companies may also be ordered to establish a branch or representative office in Vietnam.

New Regulations on Foreign NGOs in Vietnam under Decree 58/2022/ND-CP

In August 2022, the Government enacted Decree 58/2022/ND-CP ("Decree") to guide the registration and management of operations of foreign non-government organisations ("NGOs") in Vietnam. With effect from 1 November 2022, the decree will replace Decree 12/2012/ND-CP on the same subject.

The new Decree tightens the scope of what constitutes a foreign NGO, and now legislates that a foreign NGO only refers to organisations that receive funding from foreign countries. Such NGOs cannot raise funds from domestic sources.

The Decree also makes it clear as to the circumstances when the authorities may order an NGO's operations to be suspended or terminated. Under the former decree, such circumstances were not defined, and opened the right of the authorities to order suspension or termination of the NGO's operations by mere violation by the NGO of its operational licence.