There are many aspects of scaling startups internationally such as intellectual property protection, offices, staff and infrastructure, that founders quickly get advice on.
I will review some of the most common issues startups face when scaling their companies internationally.
Tax is an issue that impacts startups when scaling internationally. Tax can also present the most risk due to the endless tax laws worldwide – and the varying penalties.
I know that tax can be tedious. When startups get excited about opening their service to a global market, they do not usually have international tax issues at the top of their to-do lists.
It is impossible to cover all international tax obligations for every startup type in this book.
So why am I writing this section? I want to compel you to get professional tax advice. It is worth it.
EU VAT For Digital Goods
If you sell ‘digital goods and services’ to individuals within the EU, your company must withhold EU VAT and pay it to the EU.
Digital goods or services are categorised as being:
Not a physical, tangible good.
Essentially, it is based on IT and would not exist without technology.
Provided via the Internet.
Fully automated or involves minimal human intervention.
So, if you are selling an online course, digital downloads, eBooks, SEO or website design services to people who reside in the EU, you may be required to withhold tax for that region.
What about Apps, I hear you say? Apps are a little different. For example, if you have an App downloaded and purchased through the App Store, Apple will charge, withhold and remit the EU VAT upon sale to an individual from the EU. This agreement is made upon your company accepting Apple’s terms of service as a seller on the App Store.
The same is true of the Google Play store. Google is responsible for charging and remitting EU VAT on App purchases.
Similar to GST in Australia, EU VAT reporting must be done quarterly, and there are different VAT rates for different nations of the EU.
The proper approach for withholding and paying EU VAT is via a Mini-One-Stop-Shop (MOSS). This is where you nominate a country in the EU (usually Ireland) to be your base country, where you register, report to and pay EU VAT. Ireland will then be responsible for remitting the EU tax to the EU.
I recently advised a client regarding their Software as a Service (SaaS) and EU VAT. As you probably know, Software as a Service is accessed through a web browser. Therefore, purchases for access by EU individuals would mean that my client’s company would need to register, pay for and account for EU VAT. I advised my client to make the App available through the App Store. This means that Apple will be responsible for reporting and charging the tax. My client could also provide access to the SaaS software as an add-on to the App.
Tax on Digital Goods in the United States
The United States has a different tax system to Australia. Our Federal Government makes our tax laws uniform throughout each State and Territory. In the US, however, each US State has tax laws that vary from State to State. A recent United States Supreme Court case determined that having a physical presence in the United States is not necessary to determine whether or not a company is liable to pay tax in the US.
One of the tests on whether your company is required to pay tax in the relevant state is whether you meet a sale threshold. You guessed it; the threshold varies also. If you are confused right now, I can’t blame you. As I said earlier, you need professional advice to determine whether you need to pay tax in the countries where your customers reside.
Once you get this advice, there is a brilliant tool that you can use to integrate into your website that can help calculate international tax. Check out Quaderno: https://quaderno.io. This Software automatically calculates international tax based on users’ location.
GDPR
If you are dealing with the personal information of those living in the European Union (EU), you must ensure that your business abides by the General Data Protection Regulation (GDPR).
One of the primary requirements is to gain direct consent from people who live in the EU to use their personal information. Once you receive a user’s personal information, it may only be used in the way they authorised.
For example, if someone uses your website’s contact form, you must not automatically add them to your marketing list, as they have not given their consent freely for their information to be used that way.
However, if your website’s contact form had a ‘sign-up for our newsletter’ checkbox following the form, which a person checked before submitting the email form, it would be acceptable to send them your newsletter, as they have freely requested it.
If you use forms this way, any checkbox that a user must check to opt-in must also be unchecked.
You have probably seen websites with that pop-up bar asking whether you accept cookies or a privacy policy. This is a requirement under the GDPR, as ‘cookies’ are considered personal information that requires EU residents’ authority to collect.
Cookies are small packets of information stored in your computer after visiting a website. Many websites use these cookies to store information on users’ computers for purposes such as retargeting. You would have seen retargeting when you visited a company’s website and later saw an ad for that same company on Facebook.
Suppose you are dealing with EU residents’ information. In that case, you must have measures in place to identify information security breaches such as your database being hacked and the information being stolen, destructed, lost, or unauthorised access to that information. Breaches must be reported to authorities within 72 hours.
This brings me to my next point: if you are dealing with EU residents’ information, you must appoint a data protection officer (DPO). This person’s name and contact details must be added to your privacy policy as the nominated person to maintain compliance with the GDPR.
GDPR also requires you to develop policies on dealing with complaints, data breaches and other requests from EU residents. If you are collecting personal information of EU residents, I recommend that you get proper advice to comply with the GDPR, as the EU has significant fines for non-compliance.
