- Home
- News & Insights
Search by
Latest
Bulgaria’s long road to NIS2 is over
Across most of the European Union, the NIS2 Directive has already become operational reality. Bulgaria’s path to transposition, however, has been materially delayed. The Cybersecurity Act amendments intended to implement the NIS2 Directive were first submitted to the Parliament in September 2024, passed at first reading in February 2025 and reached final adoption in February 2026, with the new framework entering into force on 17 February 2026. This delay has consequences that go beyond the mere legal uncertainty. While Bulgaria was still preparing its implementation framework, in January 2026 the European Commission proposed a new EU cybersecurity package, including amendments to the NIS2 Directive and a draft Regulation
Navigating the MiCA landscape: Considerations for forum shopping in CEE and beyond
As the European financial market undergoes a major digital transformation, the implementation of the Markets in Crypto-Assets Regulation (MiCA) stands out as a defining milestone. By introducing a harmonised legal framework, the EU is transforming from a frag mented regulatory landscape into the world’s largest single market for regulated digital assets. For crypto-asset service providers (CASPs) and institutional investors, this shift offers a “single passport”, legitimising the industry and enabling growth. Yet the practical application of these rules varies across Member States, influenced by differences in administrative capacity, supervisory culture, and national legal traditions. Choosing a “home” jurisdiction
NIS2 and the New Serbian Law on Information Security
The Republic of Serbia has adopted a new Law on Information Security (Zakon o informacionoj bezbednosti) (“Serbian NIS2”), marking a significant reform of the national cybersecurity framework and alignment with the EU NIS2 Directive. The Serbian NIS2 broadens the range of regulated entities, strengthens institutional coordination, and introduces clearer obligations for organisations operating ICT systems of special importance. Secondary legislation is expected in 2025–2026, and the previous law remains partially applicable until the end of 2025 to secure continuity during the transition period. This article provides an overview of the key novelties introduced by the Serbian NIS2, together with an outline of the
Kinstellar welcomes leading Austrian financial markets expert Miriam Broucek as Partner in Vienna
Kinstellar is delighted to announce that Miriam Broucek, a highly regarded banking & finance lawyer, has joined our newly launched Vienna office as a Partner. Her arrival marks the launch of our Banking & Finance practice in Austria, a significant step in expanding our capabilities in this core area. With her outstanding track record and expertise, Miriam will play a key role in building and leading our finance offering in Vienna, ensuring we provide clients with seamless support on complex local and cross-border matters. Miriam is a recognised expert in financial markets law with many years of experience advising Austrian and international financial institutions on a broad range of regulatory matters, including
Croatia introduces Draft Foreign Direct Investment Screening Act
The Croatian Government has introduced the Draft Act on the Screening of Foreign Investments, which is currently undergoing public consultations. The Draft Act seeks to establish a foreign direct investment (FDI) screening mechanism in line with Regulation (EU) 2019/452 and OECD investment standards. Its aim is to create a national framework for reviewing FDIs that may pose risks to national security or public order. The Draft Act is open to public comments (via https://esavjetovanja.gov.hr/) until 3 October 2025. Scope of application The screening mechanism will apply to: Foreign investors – natural or legal persons from third countries, and EU entities that are under direct or
Updates on NIS2 in Romania
Following up on our initial article regarding the transposition of the NIS2 Directive (EU) 2022/2555 (“NIS2”) in Romania via Government Emergency Ordinance no. 155/30.12.2024 (“GEO 155”), we would like to inform you of the following relevant evolutions in this area as of today, 20 August 2025: The Romanian National Directorate for Cybersecurity ("DNSC”) has issued the long awaited application norms for registering with DNSC as important or essential entity. DNSC Order no. 1/2025 was published in the Official Gazette of Romania on 20 August 2025. As of publication, in-scope entities have 30 days at their disposal to register with DNSC. Registration should primarily be done using the online
Open banking: Ukraine enters new stage of payments market digital transformation
The National Bank of Ukraine (NBU) enacted a series of regulations on 1 August 2025 that establish an open banking system in Ukraine and significantly improve the regulatory environment for modern fintech services. The new legal framework sets out clear legal standards for secure data sharing, API-based payment services, and third-party access to user accounts — all aligned with the EU’s PSD2 Directive. The reforms are important step in the digital transformation of Ukraine’s financial services market. Click on one of the images below or use the following links to read our overview in English or in Ukrainian. Download in English: Download in Ukrainian:
Kinstellar assists Odine Solutions Teknoloji Ticaret ve Sanayi on the acquisition of Logate
Kinstellar is delighted to have advised Odine Solutions Teknoloji Ticaret ve Sanayi (“Odine”) on its acquisition of a 53.03% shareholding in Logate, a Montenegro-based software company with a strong presence across the European market in 5G core network technologies, banking infrastructure, and digital transformation solutions. Logate is known for its scalable 5G core network software, banking infrastructure solutions, and digital transformation products. The transaction perimeter included Logate Institut Za Informacione Tehnologije, a wholly owned subsidiary of Logate D.O.O. engaged in software-related training and human resources development, and Logate GMBH, an Austria-based marketing company in which Logate D.O.O.
Kinstellar advises Halyk Bank on strategic cross-border fintech partnership with Click
Kinstellar has recently advised JSC Halyk Bank on its USD 237 million strategic partnership with Uzbekistan’s leading fintech platform, Click – a landmark transaction reflecting the growing convergence of banking and digital services in Central Asia. Under the deal, Halyk acquires a 49% stake in Click for USD 176.4 million, while Click’s shareholders take a 49% stake in Halyk’s Uzbek subsidiary, Tenge Bank, for USD 60.76 million. Representing the largest private sector transaction in Uzbekistan to date, the deal features an innovative and balanced structure that enables both parties to remain independent while forming a powerful alliance in Uzbekistan’s rapidly evolving digital finance landscape. The partnership
Kinstellar advises JSC Kaspi.kz on landmark USD 650 million Eurobond issuance
Kinstellar is pleased to have acted as Kazakhstan counsel to JSC Kaspi.kz in its successful debut bond issuance, raising USD 650 million through 6.250% senior unsecured notes due in 2030. This marks the largest investment-grade bond issuance by a private Kazakhstani company, reflecting Kaspi.kz’s strong market position and the growing appeal of Kazakhstan as an investment destination. The bonds, which garnered significant interest from investors across the US, Europe, and Asia, are listed on the London Stock Exchange and the Astana International Exchange. The funds raised will support Kaspi.kz’s ongoing business development and enhance its digital services, reinforcing its leadership in the fintech and e-commerce sectors.
Navigating the regulatory landscape: An overview of the tokenization of real-world assets
As financial markets embrace digital transformation, the tokenization of real-world assets (RWA) is emerging as a ground-breaking innovation that has the potential to redefine ownership, investment, and liquidity. By leveraging blockchain technology, tokenization enables the digital representation of tangible and intangible assets – ranging from real estate, commodities, and artworks, to securities, debt instruments, and intellectual property. Proponents believe that such a transformation democratizes access to high-value assets, enhances market efficiency, and introduces new investment opportunities across industries. However, the legal and regulatory framework surrounding tokenization remains complex and rapidly evolving.
Cybersecurity: Romania transposes the NIS2 Directive. What’s next?
Directive (EU) 2022/2555 (NIS2) aims to further strengthen the cyber resilience of the EU by requiring entities in various sectors to dial up their cybersecurity efforts. NIS2 replaces the former NIS1 Directive (EU) 2016/1148, expands the range of entities falling under its provisions, and introduces stricter requirements for these entities. On 31 December 2024, the Romanian government passed Government Emergency Ordinance no. 155/2024 (GEO 155/2024) transposing NIS2 into national legislation. Whom does it concern? NIS2 and GEO 155/2024 target entities across various industry sectors and categorises them into essential and important entities. Entities active in the following areas should check whether