How to understand that the company is ready to enter the European market?

Please click here to read the details.

Sometimes businesses get to the point where they realise it’s time to expand and enter global markets. Some companies do it earlier, some do later, other don’t do it at all. One thing remains clear: you have to prepare carefully for this and be ready to meet new requirements of the European market. With entering the European market, requirements of both consumers and supervisory authorities are growing.

Today we are going to talk about the European market. So, in this article, we will define key points that you should pay attention to when entering the European market.

Check whether your company can operate in a certain market

First of all, you need to check whether you can carry out your activities in the European market at all.

Activities may not be allowed at all or need a license/patent/permit or a local company to carry them out in a particular country. Usually, these restrictions (or requirements for the company to be licensed) are found in local laws.

Therefore, you should first review the requirements of national laws to see if your activities require licenses or special permits. If your company’s activities are subject to licensing, you can focus resources on the licensing process, change the type of activity, or simply go to a different market.

Place Terms of Service/Use and policies

If you come up with the conclusion that your activity can take place in the European market, then you can move on: check terms of Service/Use for all the key terms. Among other things:

  • Mention that access and use of the services constitute such user`s agreement to be bound by these Terms.
  • Specify that the service works as is and as available (unless the software solution is tailored to the specific user).
  • When using third-party services (products of other companies), make it clear that because you are using third-party services, you have no control over those services; 
  • Provide a license to use intellectual property: for example, users are granted a limited, non-exclusive, revocable and non- transferable license to access and use services on users’ devices and to use any content that may be available through such services for non-commercial purposes; 
  • Additionally, state that all rights to the services (its reverse engineering, trademarks, copyrights, etc.) are and shall remain your property.

In addition, you should check your offer for compliance with target market law and schedule a review of the offer. For example, the Regulation on promoting fairness and transparency for business users of online intermediation services requires providers of online intermediation services to notify users of any changes to terms and conditions or other similar documents within at least 15 days.

It is crucial that the terms and policies, especially those intended for users and data subjects, shall be posted in a concise, transparent, intelligible and easily accessible form, drafted in plain and intelligible language. Special attention should be paid to any information specifically intended for children. 

Contracts and intellectual property

Before entering foreign markets and the European market, in particular, check your company’s contracts – licenses, copyright agreements, model releases, etc.

If you sell a product that contains intellectual property, you must ensure the transfer of such intellectual property. That is, you need to check the chain of custody of such intellectual property from its creator to your company.

Does your contract with the contractor who developed the software provides for the transfer of intellectual property rights? What is the scope of rights and what is considered the moment of transfer? Were all the proprietary rights transferred, or did the author retain some means of monetization?

The point is that if you haven’t transferred intellectual property rights from the contractor, you can’t transfer them further, for example, by selling the software.

In general, the protection of copyrights should also be taken care of, because in the case of a dispute, registered copyright greatly facilitates the proof in a court of the violation of intellectual property rights. Conducted intellectual property audit can facilitate export audits when dealing with customers from abroad. In addition, only registered copyright can be protected in some foreign courts.

Register your TM

It is well known that it is allowed to use a TM without registration. So, do you need such registration at all?

If you are going to enter the European market, TM registration will be reliable protection of your rights to such a trademark. Certainly, you can use a TM without such registration. However, you are at risk of someone creating something similar, registering it, using your reputation and successfully making a profit. Moreover, someone may take away your business – for example through cybersquatting (interception of the domain name) in the domain arbitration.

Thus, the registration of TM is necessary, because it provides protection from encroachment by third parties and is an important tool for business protection.

Legal protection is assigned to a trademark in a particular country. It is possible to register a single EU trademark, as well as registration under the international procedure (Madrid Protocol).

It is crucial to understand that the territory in which legal protection of a trademark is granted is limited to the one defined in the registration certificate. The registration procedure and the number of fees depend on this respectively.

Check your Payment processor

The next step is to determine which payment processor you want to use. This raises a number of questions that need to be answered before entering a new market.

Does this payment processor work for businesses and individuals (i.e. your audience) in the country where you want to use it? What currencies are supported?

What are the conditions for withdrawing and depositing money? Will your customer be able to use this payment system in a convenient way – for example, can they rotate a certain amount of currency in one day?

Can your company pass money through?

If you have figured out the answers to these questions and you are satisfied with them, you can move on.

Make sure you comply with data processing requirements

Certainly, entering the European market assumes bringing your business processes into compliance with the General Data Protection Regulation (GDPR).

If a company is registered in the EU or is not even registered, but carries out activities in the EU, or in the process of carrying out these activities receives access to the personal data of EU citizens, as well as being located in the EU, then the requirements of the GDPR will apply.

At that point, there is the issue of compliance. Not only the presence of an external “declarative” package of documents with standard cookie policy and privacy policy, but also actual compliance with the requirements of the GDPR when carrying out activities. GDPR compliance is not limited to the posting of basic documents. Indeed, the presence of only certain necessary elements is rather an imitation of compliance.

Therefore, real compliance requires much more. This includes all necessary policies, including internal, as from the Information Security Policy, and the provision of internal training for staff, the maintenance of registries (eg Personal Data Breach Register, Records of the Processing Activities) and timely responses to requests of data subjects.

It is important to review documents for GDPR compliance on a regular basis. Does the privacy policy include all requirements and take into account best practices? Are there appropriate contracts between the company and the operators that process personal data on behalf of the company? It is important to ensure that all documentation is up-to-date and compliant with GDPR. For this purpose, the date of the last update should be indicated in the policies.

In addition, it is necessary to monitor European Commission decisions for compliance with the standards of national legislation, as well as the complaints handling practices of regulators. This will help to take trends into account and identify best practices.

Particular attention should be paid to the processing of sensitive data, as it requires more organizational and technical measures for proper processing.

In addition to the general requirements of GDPR, the standards and requirements for processing personal data enshrined in the national legislation of a particular EU member state must also be considered. Sometimes they may extend the provisions of the GDPR. For example, national legislation may stipulate different ages of the data subject who may consent to data processing.

A Data Protection Officer can help with company audits and the development of documents and other actions required for GDPR compliance.

A Data Protection Officer (DPO) is a position or contractor that helps the company introduce and maintain compliance with the data protection laws across the European Union and European Economic Area.  Here you can learn more about DPO as a service from the Legal IT Group.

Take care of the proper advertising

Advertising is certainly an essential part of running a business. But it is vital to consider the requirements of EU and national legislation on advertising so that you don’t accidentally violate them and get your company into unwanted trouble.

In the EU, advertising requirements are regulated by several laws.

In particular, the Unfair commercial practices directive is one of them. 

According to Article 2 of the Unfair commercial practices directive, commercial practices means any act, omission, course of conduct or representation, commercial communication including advertising and marketing, by a trader, directly connected with the promotion, sale or supply of a product to consumers. Unfair commercial practices are prohibited.

A commercial practice shall be unfair if:

  1. it is contrary to the requirements of professional diligence, and
  2. it materially distorts or is likely to materially distort the economic behaviour with regard to the product of the average consumer whom it reaches or to whom it is addressed.

In particular, commercial practices shall be unfair which:

  1. are misleading, or
  2. are aggressive.

Additionally, there are certain issues with targeting. There are two legal grounds that can potentially justify data processing aimed at targeting social media users: the consent of the data subject (Article 6(1)(a) GDPR) or legitimate interest (Article 6(1)(f) GDPR).

Regarding obtaining data subject consent on the Internet, in practice, most websites and applications use checkboxes (checkboxes). However, the EDPB delineates in which cases the use of checkboxes to obtain consent will be considered legitimate. It is important that the user is given all the necessary information along with a request for consent from the controller. If the controller collects personal data for further targeting purposes, the user must be properly notified of exactly how their personal data will be used for targeting purposes (e.g. using the user’s geolocation).

In case of legitimate interest, data subjects must be given the opportunity to object to the processing of their data for targeting purposes before processing begins.

Another thing to be careful with is mailing lists. The main legal justification and best practice for data processing in such cases is the consent of the data subject, as it is not always possible to justify marketing actions with a contract or legitimate interest.

Furthermore, according to Article 21 of the GDPR, if personal data is processed for the purpose of direct marketing, the data subject must have the right to opt out at any time from such processing of his data, which includes profiling. In such a case, the data subject shall not be processed for direct marketing purposes.


Entering the European market can bring the company to a completely different level, significantly increasing brand recognition and profits. At the same time, careful preparation for this is a crucial stage, because the legal regulation and requirements for the company’s processes can substantially differ. That’s why we recommend preparing your company in advance for the new challenges of the European market.

So, here’s a short checklist:

  • Check whether your company can operate in a certain market
  • Place Terms of Service/Use and policies
  • Contracts and intellectual property
  • Register your TM
  • Check your Payment processor
  • Make sure you comply with data processing requirements
  • Take care of the proper advertising

    Reminder: to make a donation please click here.

    Your question to IT lawyers