Accountancy Europe’s new paper identifies key tax risks for SMEs and SMPs, with practical guidance, facts and checklists
Read our response to the EC consultation on better regulation, including our SME considerations
The European Commission (EC) is pressing ahead with plans for a supranational legal regime for EU companies, the so-called 28th regime that would co-exist with the current 27 national company law systems of EU Member States. The proposal is currently expected for 18 March.
According to Commissioner McGrath in charge of the initiative, the aim is for businesses to be able to opt into a legal entity with low or no minimum capital requirements and online incorporation within 48 hours. The regime would offer clear rules on governance, creditor safeguards, share issuance and transfer, liquidation, as well as digital procedures for capital increase and unified tax treatment of employee stock options.
The measures, which the start-up community has long called for, would also likely be proposed as a regulation rather than a directive, meaning the regime would have full force without needing to be transposed into national law in every Member State.
McGrath aims for wide eligibility across company types, aligning with Accountancy Europe’s consultation response.
The EC unveiled a new cybersecurity package to boost EU’s cybersecurity resilience and capabilities against growing threats.
The package includes a proposal for a revised Cybersecurity Act, which enhances the security of the EU’s Information and Communication Technologies (ICT) supply chains. It ensures that products reaching EU citizens are cyber-secure by design through a simpler certification process. It also facilitates compliance with existing EU cybersecurity rules and reinforces the EU Agency for Cybersecurity (ENISA) in supporting Member States and the EU in managing cybersecurity threats.
The package introduces a renewed European Cybersecurity Certification Framework (ECCF). The ECCF will bring more clarity and simpler procedures, allowing certification schemes to be developed within 12 months by default. Certification schemes, managed by ENISA, will become a practical, voluntary tool for businesses. They will allow businesses to demonstrate compliance with EU legislation, reducing the burden and costs.
The package also proposes measures to simplify compliance with EU cybersecurity rules and risk-management requirements for companies operating in the EU, complementing the single-entry point for incident reporting proposed in the December 2025 Digital Omnibus. Targeted amendments to the NIS2 Directive aim to increase legal clarity. They will ease compliance for 28,700 companies, including 6,200 micro and small-sized enterprises. They will also introduce a new category of small mid-cap enterprises to lower compliance costs for 22,500 companies.
The amendments aim to simplify jurisdictional rules, streamline the collection of data on ransomware attacks and facilitate the supervision of cross-border entities with ENISA’s reenforced coordinating role.
The EC referred Spain and Malta to the Court of Justice of the European Union (CJEU) for failing to transpose the Delegated Directive 2023/2775 on adjustments to the size criteria for micro, small, medium-sized and large undertakings or groups.
This Directive updates and adapt the criteria to determine the company’s size in the Accounting Directive to the impact of inflation since 2013. According to EC, it prevents micro, small and medium-sized enterprises from being subject to undue EU financial and sustainability reporting provisions applicable to larger companies.
Member States were required to transpose this Directive in full by 24 December 2024. To date, most EU Member States have declared complete transposition of the Directive. However, national implementing measures have still not been notified by Spain and Malta.
The EC sent letters of formal notice to these Member States (31 January 2025) and reasoned opinions (17 July 2025) but deems their national efforts are insufficient. Therefore, it has decided to refer these cases to the CJEU.
The EC’s 2026 Annual Single Market and Competitiveness Report evaluates the conditions for businesses, including SMEs, to innovate, grow, and compete. It uses 29 indicators on areas such as market integration and barriers, electricity prices and investment trends, and identifies priority areas for action.
The European Parliament (EP) Plenary adopted its position on the upcoming 28th regime proposal (see article above), with 492 votes in favour, 144 against and 28 abstentions. The EP’s work on the report was led by MEP Rene Repasi (S&D/Germany).
It backs a Unified European Company (S.EU) for non-listed limited liability companies based in one of the 27 EU countries. Registration of an S.EU should be fully digital and able to be completed in 48 hours, requiring a minimum paid-in capital of only one euro. MEPs also propose to ease access for S.EUs to investment, including via alternative financing models, while ensuring optional protection schemes, such as the separation of voting and economic rights or profit distribution based on contractual agreements limited in time or amount. S.EUs should be able to commercialise fundamental research and the regime should ensure improved cooperation between SMEs, start-ups, scale-ups and research institutions in the EU. S.EUs should have access to specialised and accelerated dispute resolution mechanism that could be conducted in English.
This EP opinion is non-binding, but it aims to influence the upcoming EC proposal.
