Issues with Scaling Startups Internationally

There are many aspects of scaling globally, such as intellectual property protection, offices, staff and infrastructure that founders are quick to get advice on. I will go through some of the most common issues that startups face when scaling their companies internationally. Tax is an issue that impacts startups when scaling internationally. Tax can also present the most risk due to the almost endless tax laws throughout the world – and the varying penalties. I know, tax can be boring. When startups get excited about the prospect of opening their service to a global market, they do not usually have international tax issues at the top of their to-do lists. It is impossible to cover all international tax obligations for every type of startup in this book. So why am I writing this section? I want to compel you to get professional tax advice. Believe me, it is worth it. EU VAT For Digital Goods If you are selling ‘digital goods and services’ to individuals within the EU, your company is required to withhold EU VAT and pay it to the EU. Digital goods or services are categories as being:

1. not a physical, tangible good.
2. essentially based on IT and would not exist without technology.
3. provided via the internet.
4. fully automated or involves minimal human intervention.

So, if you are selling an online course, digital downloads, eBooks, SEO or website design services to people who reside in the EU, you may be required to withhold tax for that region. What about Apps I hear you say? Apps are a little different. For example, if you have an App that is downloaded and purchased through the App Store, Apple will charge, withhold and remit the EU VAT upon sale to an individual from the EU. This agreement is made upon your company accepting Apple’s terms of service as a seller on the App Store. The same is true of the Google Play store. Google is responsible for charging and remitting EU VAT on App purchases. Similar to GST in Australia, EU VAT reporting must be done quarterly and there are different VAT rates for different nations of the EU. The proper approach for withholding and paying EU VAT is via a Mini-One-Stop-Shop (MOSS). This is where you nominate a country in the EU (usually Ireland) to be your base country, where you register, report to and pays EU VAT. Ireland will then be responsible for remitting the EU tax to the EU. I recently advised a client regarding their Software as a Service (SaaS) and EU VAT. As you probably know, Software as a Service is accessed through a web browser. Therefore, purchases for access by EU individuals would mean that my client’s company would need to register, pay for and account for EU VAT. I advised my client to make the App available for purchase through the App Store. This means that Apple will be responsible for reporting and charging the tax. My client could then also provide access to the SaaS software as an add-on to the App. Tax on Digital Goods in the United States The United States has a different tax system to Australia. Our tax laws are made by our Federal Government, so they are uniform through each State and Territory. In the US, however, each US State has tax laws that vary from State to State. A recent United States Supreme Court case determined that having a physical presence in the United States is not necessary to determine whether or not a company is liable to pay tax in the US. One of the tests as to whether your company is required to pay tax in the relevant state is whether you meet a sale threshold. You guessed it; the threshold varies also. If you are confused right now, I can’t blame you. As I said earlier, you need to get professional advice to determine whether you need to pay tax in the countries where your customers reside. Once you get this advice there is a brilliant tool that you can use to integrate into your website that can help calculate international tax. Check out Quaderno: https://quaderno.io This software automatically calculates international tax based on users’ location. GDPR If you are dealing with personal information of those who live in the European Union (EU) then you need to ensure that your business abides by the General Data Protection Regulation (GDPR). One of the primary requirements is that you must gain direct consent from people who live in the EU to use their personal information. Once you receive a user’s personal information, it may only be used in the way they authorised. For example, if someone uses your website’s contact form, you must not automatically add them to your marketing list, as they have not given their consent freely for their information to be used that way. However, if your website’s contact form had a ‘sign-up for our newsletter’ checkbox next to the form, which a person checked before sending submitting the email form, then it would be acceptable for you to send them your newsletter, as they have freely requested it. If you are using forms in this way, any checkbox that a user must check to opt-in, must also be in the unchecked state. You have probably seen websites with that pop-up bar that asks you whether you accept cookies or a privacy policy. This is a requirement under the GDPR, as ‘cookies’ are considered personal information that requires EU residents’ authority to collect. Cookies are small packets of information that are stored in your computer after you visit a website. Many websites use these cookies to store information on users’ computers for purposes such as retargeting. You would have seen retargeting when you have visited a company’s website and you later see an ad for that same company on Facebook. If you are dealing with EU residents’ information you must have measures in place to identify information security breaches such as your database is hacked and the information has been stolen is destructed, lost or there has been unauthorised access to that information. Breaches must be reported to authorities within 72 hours. This brings me to my next point, if you are dealing with EU residents’ information, you will need to appoint a data protection officer (DPO). This person’s name and contact details will need to be added to your privacy policy as the nominated person to maintain compliance with the GDPR. GDPR also requires you to develop policies on how you deal with things such as complaints, data breaches and other requests from EU residents. If you are collecting personal information of EU residents, I recommend that you get proper advice to comply with the GDPR as the EU has significant fines for non-compliance.