1. The Romanian Decision No 198/2023 on approving of the Regulation regarding the procedure for registration, investigation and settlement of complaints concerning unfair business-to-business commercial practices in the agricultural and food supply chain

 

  • The buyer is prohibited from applying financial and commercial discounts in the form of commercial rebates. Discounts in the form of draws and reductions are allowed, provided that the value of these reductions does not exceed a limit of 20% of the value of agricultural products and/or food invoiced between the buyer and the supplier.

 

  • In carrying out the assessment, the Competition Council takes into account the provisions of the agreement under which the supplier grants the reduction in question, but also the level of the selling price individually negotiated between the supplier and each buyer. At the same time, the Competition Council will consider that, within the two categories above, any other discounts or reductions granted by the supplier to the buyers are included, regardless of whether they are highlighted at the time of issue of the invoice or after this moment.

 

  • The invoiced value must relate to each individual invoice, comprising certain agricultural and/or food products, for a specific reference period to which the invoice relates, according to the terms and conditions included in the agreement between the supplier and the buyer.

 

  1. The Romanian Decree no. 215/2023 for the promulgation of the Law on cybersecurity and cyber defense in Romania, as well as to amend and supplement some normative acts

 

  • Cyber security and defense are achieved by adopting and implementing policies and measures in order to know, prevent and counter vulnerabilities, risks and threats in cyberspace.

 

  • In the field of the management of the cybersecurity incidents, the authorities have the following responsibilities:
  1. to collect notifications of cybersecurity incidents within networks and information systems within their competence, activity or responsibility;
  2. to assess data and information on cyber incidents and attacks against networks and information systems within their competence, activity or responsibility;
  3. to coordinate the management of cybersecurity incidents identified within the networks and information systems within their competence, activity or responsibility;
  4. to provide support, upon request, to owners, administrators, owners and/or users of networks and information systems within their competence, activity or responsibility, for the adoption of first-emergency reactive measures to remedy the effects of cybersecurity incidents;
  5. to keep for a period of 5 years the data relating to cybersecurity incidents and the results of measures to counter them, without collecting content data.