Corporate Governance 2026 Comparisons

Bulgarian law recognises several commercial business forms, but corporate practice is concentrated mainly around limited liability companies and joint-stock companies.

The limited liability company may be incorporated as a multi-member company (OOD) or as a single-member company (EOOD). It is the most common vehicle for private businesses, subsidiaries, family-owned companies and small or medium-sized enterprises. It has a simple governance structure: the general meeting of quota-holders, or the sole owner in an EOOD, takes ownership-level decisions, while one or more managers conduct the company’s business and represent it externally. The statutory minimum capital is EUR1.

The joint-stock company may be incorporated as a multi-shareholder company (AD) or as a single-shareholder company (EAD). It is generally used for larger businesses, regulated activities, capital-intensive projects and companies intending to raise funding from a broader investor base. Its minimum capital is EUR25,000. An AD may have either a one-tier system, with a board of directors, or a two-tier system, with a management board and a supervisory board. This is the required form for Bulgarian companies whose shares are admitted to trading on a regulated market.

Other forms are available but less common. A sole proprietor is a natural person registered as a merchant and has unlimited personal liability. General partnerships, limited partnerships and partnerships limited by shares are recognised but used selectively. The variable capital company is a newer flexible form designed mainly for small and growth companies, including start-ups. The European Company is also available under the applicable EU framework and Bulgarian company law.

For non-public companies, the main source of corporate governance rules is the Commerce Act, supplemented by the company’s articles of association or statute. These documents regulate the allocation of powers, management and representation, quorum and majority rules, transfer restrictions and internal approvals.

For public companies and issuers, the Public Offering of Securities Act is the central governance statute. It is supplemented by capital markets legislation, Financial Supervision Commission ordinances, market abuse rules, stock exchange rules and directly applicable EU legislation.

Companies with publicly traded shares must be organised as joint-stock companies. They are subject to additional mandatory rules on board composition, independent directors, investor relations, shareholder meetings, disclosure, remuneration, significant and related-party transactions, major shareholding notifications and takeover protections.

Corporate governance in Bulgaria is based on statutory law, constitutional documents, capital markets regulation, sector-specific rules and soft-law standards.

For private companies, the Commerce Act governs incorporation, capital, corporate bodies, representation, shareholder and quota-holder rights, transformations, liquidation and insolvency-related corporate matters. A company’s articles of association or statute are equally important in practice because they set the company’s internal governance rules within the limits of mandatory law.

For public companies and issuers, the framework is more detailed. The Public Offering of Securities Act is supplemented by the Markets in Financial Instruments Act, the Financial Supervision Commission Act, market abuse legislation, Financial Supervision Commission ordinances and directly applicable EU rules, including the Market Abuse Regulation and the Prospectus Regulation.

The Accountancy Act and the Independent Financial Audit and Sustainability Assurance Act are important for larger companies, public-interest entities and issuers. They regulate financial reporting, management reports, statutory audit, audit committees, sustainability reporting and sustainability assurance.

The National Corporate Governance Code is the main Bulgarian soft-law instrument. It applies primarily to public companies, companies planning to go public and certain public undertakings on a “comply or explain” basis. Internal policies, board rules, committee rules, conflict-of-interest policies, disclosure procedures and remuneration policies are also important governance tools.

Companies with publicly traded shares are subject to a mandatory governance regime under the Public Offering of Securities Act, in addition to the general company law rules. A Bulgarian public company must be organised as an AD and its shares must be dematerialised.

A public company may use a one-tier or two-tier board structure. At least one third of the members of the board of directors, or of the supervisory board in a two-tier structure, must be independent. Public companies must also appoint an investor relations director under an employment contract to support communication with shareholders, investors, the Financial Supervision Commission and the regulated market.

Public companies are subject to enhanced general meeting rules. The notice and materials must be available at least 30 days before the meeting through the required statutory channels, including the Commercial Register, the Financial Supervision Commission, the regulated market and the company’s website. Shareholders may ask questions, vote by proxy and, if they meet statutory thresholds, propose agenda items.

They must disclose annual and half-yearly financial reports, corporate governance information and, where applicable, sustainability information and related assurance. The annual activity report must include a corporate governance declaration covering the governance code applied, deviations from that code, internal control and risk management systems, takeover-related information, board functioning and diversity policy information.

Public companies must adopt and apply a remuneration policy for members of their management and supervisory bodies. They are also subject to special approval rules for significant transactions and related-party transactions. Certain transactions above statutory thresholds require prior general meeting approval, a reasoned report to shareholders and restrictions on voting by interested shareholders.

Shareholders must notify the Financial Supervision Commission and the company when their voting rights reach, exceed or fall below 5% or a multiple of 5%. Mandatory tender offer obligations may arise when a person acquires more than one third, 50% or two thirds of the votes, subject to statutory conditions.

The statutory requirements under company, capital markets, accounting, audit and market abuse legislation are mandatory. The National Corporate Governance Code is voluntary in form but important in practice because public companies must disclose whether they apply a governance code and explain deviations.

The main recent listing-related development is the EuroBridge Market segment of the Bulgarian Stock Exchange. It was developed with Deutsche Börse and allows Bulgarian companies to have their shares traded simultaneously on the regulated markets in Bulgaria and Germany.

EuroBridge does not create a new Bulgarian statutory board model. Public companies may continue to use either a one-tier or a two-tier structure. The main implications are practical: issuers must manage cross-market compliance, bilingual disclosure, euro-denominated trading and payments, reporting timetables, corporate event announcements and investor communications for a broader international investor base.

The Premium Equities Segment of the Bulgarian Stock Exchange also remains relevant for issuers seeking a higher market profile. Its requirements relate to free float, market capitalisation, trading activity and disclosure, including disclosure in English. These requirements do not directly alter board composition, but they raise expectations regarding transparency, reporting discipline, investor relations and internal governance systems.

For an OOD/EOOD, the principal governance bodies are the general meeting of quota-holders and the manager or managers. The manager does not have to be a quota-holder. In an EOOD, the sole owner exercises the powers of the general meeting and may manage the company personally or appoint a manager.

The general meeting is the ownership-level decision-making body. The manager organises and directs the company’s business and represents it externally. Restrictions on the manager’s representative powers are generally not effective against third parties, except where the law expressly provides otherwise.

For an AD/EAD, the principal bodies are the general meeting of shareholders and either a board of directors under a one-tier system, or a management board and supervisory board under a two-tier system. In a one-tier system, the board of directors manages and represents the company. In a two-tier system, the management board manages and represents the company, while the supervisory board oversees it and does not participate directly in management.

Other forms have more specialised structures. In partnerships, management is normally carried out by the partners or general partners. Variable capital companies have flexible governance shaped largely by their articles of association. Public companies and public-interest entities may also have governance-related functions such as an investor relations director, audit committee and compliance or internal control functions.

In an OOD, the general meeting decides on key ownership and structural matters, including amendments to the articles of association, admission and expulsion of quota-holders, approval of annual accounts, profit distribution, capital changes, appointment and removal of the manager and claims against the manager or comptroller. The manager takes ordinary-course business decisions and represents the company externally.

Some matters are reserved to the general meeting by law or by the articles of association. For example, decisions on acquiring or disposing of real estate are reserved to the general meeting. Bulgarian case law distinguishes between internal approval and external validity, so the absence of internal approval does not automatically invalidate a transaction with a good-faith third party.

In an AD, the general meeting decides on amendments to the statute, capital changes, transformation, dissolution, election and removal of board members, appointment of auditors, approval of annual financial statements, profit distribution, bond issuance and release from liability. The board of directors or management board is responsible for strategy, operations, representation and implementation of shareholder resolutions.

In partnerships, decision-making depends mainly on the partnership agreement. General partners manage and represent the business, while limited partners usually participate only in matters where the law or the agreement gives them approval rights.

The general meeting of an OOD is convened by the manager at least once a year. Written notice must be received by each quota-holder at least seven days before the meeting, unless the articles of association provide otherwise. Resolutions may also be adopted without a meeting if all quota-holders give written consent.

Voting rights usually correspond to capital participation. Ordinary resolutions are generally adopted by a majority of more than one half of the capital. Important matters, such as amendments to the articles of association or admission and expulsion of quota-holders, require higher majorities.

The general meeting of an AD is usually convened by the board of directors or the management board. The invitation must be announced in the Commercial Register at least 30 days before the meeting, unless stricter rules apply. Ordinary resolutions are generally passed by a majority of the shares represented, while major decisions require statutory quorum and qualified majorities.

The board of directors and the supervisory board must meet at least once every three months. Public companies are subject to stricter rules on meeting notices, materials, voting results, electronic participation, minutes and disclosure to the Financial Supervision Commission and the regulated market.

Bulgarian joint-stock companies may choose between a one-tier and a two-tier board structure. In a one-tier system, the company is managed and represented by a board of directors. In a two-tier system, it is managed and represented by a management board acting under the control of a supervisory board.

The board of directors must have between three and nine members. It adopts its own rules of procedure and elects a chair and deputy chair from among its members. It must meet at least once every three months.

In a two-tier system, the management board has between three and nine members, and the supervisory board has between three and seven members. A person may not be a member of both boards of the same company. Limited liability companies do not have a board in the same sense; they are managed by one or more managers.

In a one-tier system, all board members have equal rights and obligations, regardless of internal allocation of functions. The board may assign day-to-day management to one or more executive members elected from among its members. Executive members must be fewer than the remaining board members.

The board of directors represents the company externally, but representation is not necessarily exercised individually by all members. The statute and board resolutions determine whether representation is joint or individual and which members are authorised to represent the company.

Executive members carry out day-to-day management and often have operational representation powers. Non-executive members participate in board decision-making and exercise internal supervision over executive management. The chair organises board work and usually plays a central role in communication between executive and non-executive members.

In a two-tier system, the management board manages the company and is responsible for operations, strategy implementation and ordinary-course management. The supervisory board appoints and may remove management board members, determines their remuneration and oversees their activity. It does not manage the company directly.

For public companies, independent members have a more visible governance role. At least one third of the board of directors or supervisory board must be independent. Their role is to support objective decision-making, oversight of executive management, internal control and minority shareholder protection.

A board of directors must have between three and nine members. In a two-tier system, the management board must have between three and nine members and the supervisory board between three and seven members.

Board members are elected for up to five years, unless the statute provides for a shorter term. Members of the first board of directors or first supervisory board are elected for up to three years. Re-election is permitted.

A board member may be a capable natural person. A legal person may also be a board member if the statute allows this, but it must designate a natural person to represent it. The legal person is jointly, severally and unlimitedly liable with the other board members for obligations arising from that representative’s acts.

Public companies must have at least one third independent members on the board of directors or supervisory board. Persons convicted of intentional publicly prosecutable crimes, unless rehabilitated, are not eligible to serve on management or supervisory bodies of public companies. The National Corporate Governance Code also recommends transparent nomination, professional competence, independence of judgement and attention to diversity.

In an OOD, the manager is appointed and removed by the general meeting of quota-holders. In an EOOD, this power is exercised by the sole owner. Appointment and removal have effect against third parties after registration in the Commercial Register.

A manager may request removal from the Commercial Register by written notice to the company. If the company does not apply for registration within one month after receiving the notice, the manager may apply personally.

In a one-tier AD, the general meeting elects and removes the members of the board of directors. In a two-tier AD, the general meeting elects and removes supervisory board members, while the supervisory board appoints and removes management board members. A board member may also request deregistration by written notice, if the company does not register the release within six months, the board member may apply personally.

Certain persons may not act as managers or board members, including persons who have participated in management or control of companies terminated due to insolvency with unsatisfied creditors, and persons subject to special statutory disqualifications. Public company candidates must also satisfy eligibility and independence rules under the Public Offering of Securities Act.

Bulgarian law does not impose a general independence requirement on all private companies. Independence is mandatory for public companies, where at least one third of the board of directors or supervisory board must be independent.

A person will not qualify as independent in a public company if, among other things, the person works for the company, holds at least 25% of the votes directly or through connected persons, has a sustained business relationship with the company, serves in the management or supervisory body of certain connected entities, or is connected with another member of the company’s management or supervisory body.

For private joint-stock companies, board members must disclose certain external interests before election and notify the company if such circumstances arise later. Board members of an AD are also subject to a non-compete restriction. They may not conduct competing commercial activity or serve in management roles in competing companies unless permitted by the statute or expressly approved by the body that elected them.

For public companies, conflict rules are stricter. Members of management and supervisory bodies must avoid direct and indirect conflicts of interest, disclose any conflict promptly and fully in writing, and refrain from participating in decision-making in such cases.

In an OOD, the manager organises and directs the company’s business in accordance with the law and general meeting resolutions. The manager represents the company externally and must act in the company’s interest.

The manager may be liable to the company for damage caused through culpable conduct, including breach of the articles of association, general meeting resolutions, internal approval requirements or appropriate commercial care.

Board members of an AD must perform their functions with the care of a diligent merchant and in the interest of the company and all shareholders. Bulgarian case law treats this as a professional standard requiring commercial judgement, diligence, relevant information and experience.

This duty applies regardless of internal allocation of functions. Non-executive members are not relieved from responsibility simply because day-to-day management is assigned to executive members. They are expected to remain informed, participate in board work and oversee executive management.

Managers and board members are subject to conflict-of-interest and non-competition constraints. They should not use their position, company property, information or business opportunities for personal benefit at the company’s expense. Board members must also preserve confidential information obtained in their capacity as board members.

In financial distress, the management body, manager or representative of the debtor must file for insolvency proceedings within the statutory period where the company is insolvent or over-indebted. This is a personal duty and does not require prior general meeting approval. Public company directors also have capital markets duties to act in the interest of all shareholders and on the basis of reliable information.

Directors and managers primarily owe their duties to the company. In joint-stock companies, board members must act in the interest of the company and all shareholders. Public company board members are also required to act in the interest of all shareholders.

Directors should not treat their role as a mandate from a particular shareholder, even if that shareholder nominated or supported their election. Their obligation is to the corporate interest and to shareholders as a whole.

Bulgarian company law does not contain a general stakeholder duty equivalent to broader models in some jurisdictions. However, other interests may become relevant under specific rules. In financial distress, creditor interests become important. Public companies also operate within disclosure, market integrity and sustainability reporting frameworks affecting investors, creditors, employees and other stakeholders.

The company may bring claims against directors, managers or board members for damage caused by breach of duties. In an OOD, the general meeting may resolve to bring a claim against the manager or comptroller and appoint a representative for the proceedings.

In an AD, shareholders holding at least 10% of the capital may bring an action pursuing liability of board members for damage caused to the company. In public companies, shareholders holding at least 5% of the capital have broader statutory rights to bring certain company actions and claim damages caused by management or supervisory body members or by a managerial agent.

The main civil consequence is liability for damages. Board members of an AD are jointly and severally liable for damage caused through their fault, subject to exoneration if they were not at fault. Other consequences may include removal from office, refusal of release from liability, loss of remuneration in specific cases and regulatory sanctions for public companies.

A transaction entered into without required internal approval may still be valid against a good-faith third party, but the person who concluded it may be liable to the company for damage.

Claims or enforcement may also arise from management contracts, civil liability, insolvency law, tax and social security rules, capital markets legislation, market abuse rules and criminal law.

For public companies, the Public Offering of Securities Act adds specific governance and disclosure obligations. It also provides that a person controlling a public company, or another person using influence over a public company to procure a board member or managerial agent to act against the company’s interest, may be jointly and severally liable for damage caused to the company.

Bulgarian law does not generally allow directors or managers to contract out of mandatory statutory liability for their own fault. A general meeting may release board members from liability for a relevant period, but such release does not necessarily prevent minority shareholders from bringing a statutory claim on behalf of the company. Directors’ and officers’ insurance and indemnity arrangements may reduce financial exposure, but they do not remove statutory duties.

In an OOD, the general meeting appoints the manager and determines remuneration. The relationship is regulated by a written management contract entered into on behalf of the company by a person authorised by the general meeting or the sole owner.

In a one-tier AD, the general meeting determines the remuneration of board members who are not assigned management functions. The board determines the remuneration of executive members. In a two-tier AD, the general meeting determines the remuneration of supervisory board members, while the supervisory board determines the remuneration of management board members.

Members of the board of directors, management board and supervisory board must provide a management guarantee. The amount is determined by the general meeting but may not be less than three months’ gross remuneration.

Public companies must adopt and apply a remuneration policy for members of their management and supervisory bodies. Their remuneration, tantiemes (bonus) and payment period are determined by the general meeting. Public companies must also disclose a report on implementation of the remuneration policy.

A joint-stock company’s annual business report must disclose the total remuneration received by board members and certain information on their holdings, rights and participation in other companies. Failure to comply with approval requirements may lead to repayment claims, damages, refusal of release from liability or regulatory sanctions for public companies.

A Bulgarian company is a separate legal entity from its shareholders, quota-holders or partners. Shareholders and quota-holders do not own the company’s assets directly. They hold membership rights, usually including voting rights, dividend or profit distribution rights, information rights, liquidation rights and rights to participate in key corporate decisions.

The relationship is governed by the Commerce Act, the company’s articles of association or statute and, where applicable, special laws such as the Public Offering of Securities Act. Shareholder agreements may regulate relations between shareholders but cannot override mandatory law and generally bind only their parties.

Ownership information is public to different degrees. For OODs, quota-holders and their participation are recorded in the Commercial Register. For private ADs, shareholders are not generally listed in full in the Commercial Register. Registered shares are recorded in the company’s shareholder book, while dematerialised shares are recorded through the Central Depository.

For public companies, there is no single public full shareholder list. Significant shareholdings are disclosed when voting rights reach, exceed or fall below 5% or a multiple of 5%. Beneficial ownership information is regulated mainly under anti-money laundering rules, with specific treatment for listed companies subject to EU or equivalent transparency requirements.

Shareholders and quota-holders participate mainly through the general meeting. Their role is to decide on fundamental corporate matters rather than manage day-to-day business.

In an OOD, the general meeting has a stronger practical role because the manager must act in accordance with general meeting resolutions. In an AD, the separation between ownership and management is stronger. Shareholders act through the general meeting, while the board of directors or management board manages the company.

Shareholders and quota-holders decide on matters affecting structure, capital, governance and financial results. These include amendments to constitutional documents, capital changes, transformation, dissolution, appointment and removal of board members or managers, approval of annual financial statements, profit distribution and release from liability.

Additional reserved matters may be created in the articles of association, statute or shareholder agreements, especially in private companies, joint ventures and start-ups. These often include major investments, disposals, borrowings, related-party transactions, budgets or changes in business activity.

An OOD must hold a general meeting of quota-holders at least once a year. The meeting is usually convened by the manager, and written notice must be received by each quota-holder at least seven days before the meeting, unless the articles of association provide otherwise. Resolutions may also be adopted without a meeting if all quota-holders give written consent.

An AD must hold a general meeting of shareholders. The general meeting is usually convened by the board of directors or management board. The invitation must be announced in the Commercial Register at least 30 days before the meeting, unless stricter rules apply. Written materials related to the agenda must be available to shareholders in advance.

Ordinary resolutions are generally adopted by a majority of the shares represented. Certain important decisions, such as amendments to the statute, capital changes, transformation and dissolution, require statutory quorum and qualified majorities.

Public companies are subject to stricter meeting rules. Notices and materials must be disclosed through statutory channels, including the Commercial Register, the Financial Supervision Commission, the regulated market and the company’s website. Shareholders may ask questions, vote by proxy, propose agenda items where thresholds are met and use remote participation mechanisms where available.

Partnerships do not have shareholder meetings in the same sense. Their decision-making is mainly governed by the partnership agreement. A sole proprietor has no separate shareholder body.

Shareholders and quota-holders may bring claims against the company where membership rights are infringed. These may concern voting rights, dividend rights, information rights, participation in meetings, transfer rights, liquidation rights or other rights under law and the constitutional documents.

A common claim is the challenge of general meeting resolutions. A shareholder or quota-holder may seek cancellation of a resolution that contradicts mandatory law or the articles of association or statute. Defective resolutions are generally treated as voidable and must normally be challenged within short statutory time limits.

The company may bring claims against managers, directors or board members for damage caused by breach of duties. In an AD, shareholders holding at least 10% of the capital may bring an action pursuing liability of board members for damage caused to the company. In public companies, shareholders holding at least 5% of the capital have broader rights to bring certain company claims where management bodies fail to act.

Minority shareholders may also request convening of a general meeting, propose agenda items where thresholds are met and challenge unlawful resolutions. In public companies, a controlling person or another person using influence to cause conduct against the company’s interest may be jointly and severally liable for damage caused to the company.

Shareholders in publicly traded companies must notify the Financial Supervision Commission and the company when their voting rights reach, exceed or fall below 5% or a multiple of 5%. The obligation may also apply to indirect holdings, concerted action and financial instruments giving access to voting rights.

A mandatory tender offer may be required when a person acquires more than one third of the votes in a public company. Further obligations may arise when the 50% or two-thirds thresholds are crossed. A person holding more than one third but not more than two thirds of the votes is restricted from acquiring more than 3% of voting shares in one year unless the acquisition is made through a tender offer.

Where a person acquires at least 95% of voting rights as a result of a tender offer, squeeze-out and sell-out mechanisms may become available.

Stewardship means the responsible exercise of shareholder rights by institutional investors and asset managers, including monitoring investee companies, voting, engaging with management, managing conflicts and disclosing engagement practices. Bulgarian law does not impose a general stewardship obligation on all shareholders, but certain professional market participants are subject to EU-derived transparency and engagement rules.

Bulgarian companies must keep accounting records, prepare annual financial statements and, where applicable, an annual management report under the Accountancy Act. The content depends on the size and status of the enterprise, including whether it is micro, small, medium-sized, large or a public-interest entity.

Companies controlling other entities may need to prepare consolidated financial statements and a consolidated management report. Certain enterprises, including public-interest entities and companies meeting statutory audit thresholds, must have their financial statements audited by a registered auditor.

As a rule, traders must publish annual financial statements, consolidated financial statements and annual reports in the Commercial Register by 30 September of the following year. Annual activity reports are also submitted to the National Statistical Institute and the National Revenue Agency within the applicable reporting deadlines. Certain exemptions apply, including for sole proprietors not subject to mandatory independent audit and some enterprises with no activity.

Issuers whose securities are admitted to trading are subject to stricter reporting. Annual financial reports must be disclosed within 90 days after the financial year-end, and annual consolidated reports within 120 days where consolidated reporting is required. Six-month financial reports must be disclosed within 30 days, or within 60 days for consolidated six-month reports. Issuers also disclose quarterly notifications of financial condition.

Sustainability reporting is part of the broader reporting framework. Large undertakings and small and medium-sized public-interest entities within scope must include a separate sustainability section in their management report, subject to sustainability assurance.

Private companies are not subject to the same detailed corporate governance disclosure regime as public companies. Their main public disclosures are made through the Commercial Register and include constitutional documents, registered representatives, capital changes, transformations and annual financial statements.

Joint-stock companies have additional disclosure obligations in their annual business report, including information on board remuneration, board members’ holdings and rights to acquire company instruments, participation in other companies and certain contracts with board members or related persons.

Public companies must include a corporate governance declaration in the annual activity report. It must state which governance code the issuer applies, explain deviations, describe additional governance practices, and outline internal control and risk management systems related to financial reporting.

The declaration must also include takeover-related information, the composition and functioning of management and supervisory bodies and their committees, and diversity policy information or an explanation if no such policy is applied.

Public companies must disclose a report on implementation of the remuneration policy. Where sustainability reporting is required, some governance information may be included in the sustainability report if this is clearly stated.

Bulgarian companies are incorporated and registered through the Commercial Register, maintained by the Registry Agency under the Ministry of Justice. Registration is generally constitutive, so a commercial company comes into existence upon entry in the register.

The Commercial Register is public and accessible online. It is the main public source for verifying existence, representation and basic corporate status.

Filings include initial registration, changes to registered particulars, deletion of particulars and publication of acts required by law. They may cover the company name, seat and address, management and representation, capital, quota-holders where applicable, constitutional documents, branches, transformations, liquidation, insolvency, pledges and beneficial ownership information.

Applications must be supported by documents proving the relevant circumstances or acts. Documents in a foreign language must be accompanied by a certified Bulgarian translation.

Failure to make required filings may have significant consequences. A company will not exist, if initial registration is not completed. Changes requiring registration, such as changes in management, representation, capital or constitutional documents, may not be effective against third parties until entered in the register. Unregistered circumstances generally cannot be relied on against good-faith third parties.

The Registry Agency does not review commercial merits. Registration officials check compliance with statutory form and content requirements, enter circumstances, announce acts, issue certificates and maintain public access. Defective applications may lead to instructions for correction or refusal, and refusals may be challenged in court.

Bulgaria’s AML framework is based mainly on the Measures Against Money Laundering Act, its implementing rules and legislation on measures against terrorism financing and proliferation financing. It implements EU AML/CFT requirements and applies a risk-based approach.

Not every company is an AML obliged entity for all purposes, but all Bulgarian legal entities may be affected by beneficial ownership identification and registration rules. Full AML obligations apply to obliged entities, including banks, investment firms, insurers, payment and e-money institutions, crypto-asset service providers, auditors, accountants, tax consultants, certain legal service providers, real estate intermediaries and company service providers.

Obliged entities must identify and verify customers and beneficial owners, assess risks, apply customer due diligence, conduct ongoing monitoring and report suspicious activity to the Financial Intelligence Directorate of the State Agency for National Security. They must adopt internal AML rules covering controls, training, responsibility allocation, internal reporting channels and suspicious transaction indicators.

Where the obliged entity is a legal person, internal AML rules must be adopted by the persons who manage or represent it. Boards and managers should oversee risk assessment, internal rules, compliance responsibilities, staff training, escalation of suspicious activity and beneficial ownership information.

Failure to declare beneficial ownership information may lead to sanctions. Managers, directors and persons responsible for internal AML control may be personally fined if they commit, tolerate or participate in AML violations. The company may also face pecuniary penalties. Civil or criminal liability may arise in severe cases.

A Bulgarian company must appoint an external auditor where its annual or consolidated financial statements are subject to mandatory independent financial audit under the Accountancy Act, the Independent Financial Audit and Sustainability Assurance Act, EU law or sector-specific legislation.

Mandatory audit applies to medium-sized and large undertakings, public-interest entities, medium-sized and large groups, groups including at least one public-interest entity and small undertakings exceeding statutory thresholds relating to assets, net sales revenue and employees. Other undertakings may be subject to statutory audit under special law.

For joint-stock companies, the registered auditor is appointed by the general meeting. In other forms, the competent owner or corporate body generally makes the appointment. Regulated entities may be subject to sector-specific approval, co-ordination or notification requirements.

The auditor provides independent assurance on whether the financial statements comply with the applicable financial reporting framework. Management remains responsible for preparing financial statements, maintaining accounting records and operating internal controls.

Public-interest entities must establish an audit committee. The audit committee monitors financial reporting, statutory audit, auditor independence and the effectiveness of internal control and risk management systems insofar as they relate to financial reporting. Where sustainability reporting is required, the report is subject to assurance by a qualified registered auditor.

Bulgarian law does not impose a single board-level regime labelled as “geopolitical risk”. Instead, geopolitical risk is addressed through general management duties, disclosure, sector-specific risk rules, sanctions compliance, AML/CFT, cybersecurity, supply chain controls and public company reporting.

For public companies, geopolitical risk may need to be disclosed where material to the issuer’s business, financial position, prospects or securities. At board level, it should be considered as part of the broader risk management and internal control framework.

Bulgaria applies EU restrictive measures directly as an EU member state and has national rules against terrorism financing and proliferation financing. Sanctions compliance is relevant not only for financial institutions but also for companies with cross-border operations, foreign customers, export activity, logistics exposure, energy or defence-related business, financial counterparties or complex ownership chains.

Boards are expected to oversee sanctions compliance where the risk is material. This includes screening, ownership and control checks, contractual protections, escalation procedures, transaction freezes, reporting processes and staff training proportionate to the company’s risk profile.

The main ESG reporting requirements for Bulgarian companies are driven by EU law and its implementation into Bulgarian legislation. Bulgaria transposed the Corporate Sustainability Reporting Directive through amendments to the Accountancy Act and the Independent Financial Audit and Sustainability Assurance Act.

Large undertakings and small and medium-sized public-interest entities within scope must include a separate sustainability section in the management report, prepared in accordance with the European Sustainability Reporting Standards. The report must explain material sustainability impacts, risks and opportunities, and how sustainability matters affect the company’s development, performance and position.

Sustainability reporting is subject to assurance by a qualified registered auditor. Boards should ensure reliable data collection, internal controls and clear allocation of responsibility.

ESG requirements are not limited to reporting. Companies may also be affected by environmental permitting, waste, emissions, health and safety, labour, anti-discrimination, whistle-blowing, anti-corruption, public procurement, AML, sanctions and data protection rules. Financial market participants may also be subject to SFDR and EU Taxonomy reporting.

The main ESG development is the EU-wide shift from rapid expansion of sustainability reporting and due diligence obligations to simplification, burden reduction and recalibration of scope. This is relevant because Bulgarian ESG reporting obligations are largely EU-driven.

Bulgaria implemented CSRD-based amendments in 2024. The EU Omnibus process has since moved towards simplifying the CSRD and CSDDD framework, including higher thresholds, narrower scope and postponed application of parts of the due diligence regime.

Bulgarian companies should reassess whether they remain within scope, what deadlines apply and which data points remain required. Fewer companies may ultimately be directly covered, but those that remain in scope will need stronger data systems, audit trails, internal controls and board-level responsibility.

Companies outside direct reporting scope may still be affected indirectly because banks, investors, public customers and large customers may request ESG data from suppliers and counterparties.

The main legal framework for AI in Bulgaria is Regulation (EU) 2024/1689, the EU Artificial Intelligence Act, which applies directly in Bulgaria. Bulgaria does not yet have a fully developed standalone national AI law, and the national implementation framework remains under development.

There are no Bulgarian company law rules requiring AI expertise on boards, a dedicated AI committee or a mandatory AI governance mandate. Board oversight of AI derives mainly from general directors’ duties, risk management, data protection, cybersecurity, consumer protection, employment, anti-discrimination, intellectual property, sector-specific regulation and the EU AI Act.

Boards should treat AI as a governance and risk issue where the company develops, procures, deploys or materially relies on AI systems. Oversight should cover AI strategy, inventory of systems, risk classification, procurement controls, data governance, human oversight, cybersecurity, testing, documentation, incident response, vendor management and regulatory monitoring.

Most Bulgarian companies do not have a dedicated AI committee. AI oversight is usually allocated to existing structures, with implementation handled by management, legal, compliance, IT, cybersecurity, data protection, product and internal audit functions.

The principal AI governance framework applicable in Bulgaria is the EU AI Act. It is risk-based and distinguishes between prohibited AI practices, high-risk AI systems, general-purpose AI models, transparency obligations and lower-risk uses. It is complemented by data protection, cybersecurity, consumer protection, labour, anti-discrimination, IP, product safety, financial services and sector-specific rules.

Companies should build internal AI governance around an inventory of AI use cases, risk classification, approval processes, vendor due diligence, data provenance, human oversight, testing, monitoring, incident response, employee training and clear accountability.

The key 2025 development was the phased application of the EU AI Act. Prohibited AI practices apply from 2 February 2025, and rules on general-purpose AI models apply from 2 August 2025. The general application date is 2 August 2026, with certain high-risk AI rules applying later under the current EU timetable.

AI strategy is usually a board or senior management matter where AI is material to the business model. Operational responsibility typically sits with product, technology, legal, compliance, information security and data protection functions. Internal audit or external assurance may test AI controls in regulated sectors or high-impact use cases.

The main regulatory exposures arise under the EU AI Act, GDPR, cybersecurity rules, consumer protection law, employment law, anti-discrimination law, product safety regulation, IP law and sector-specific regulation. Depending on the AI system, liability may attach to the provider, deployer, importer, distributor or user.

Personal data is an immediate risk area. AI systems processing personal data may create exposure for lack of lawful basis, inadequate transparency, excessive data use, automated decision-making risks, poor security, unlawful profiling or insufficient handling of data subject rights.

Companies may face contractual and tort claims if AI use causes harm, produces defective outputs, leads to discriminatory decisions, breaches confidentiality, infringes IP rights, damages customers or causes operational disruption.

Board and officer liability may arise where directors fail to exercise adequate oversight over material AI risks. This is most relevant where AI is central to the business, used in regulated processes, affects customers or employees, or creates material disclosure, cybersecurity or compliance risks. Enforcement may come from regulators, shareholders, customers, employees and counterparties.

Bulgarian law does not currently impose a general company-law obligation to disclose all AI use, AI strategy or AI governance arrangements in annual reports. Disclosure depends on the type of company, materiality of the AI use and the applicable regulatory framework.

For private companies, AI-related disclosure will usually arise only where required by specific legal regimes, contracts, sector regulation, data protection rules, consumer protection rules or litigation. For public companies and issuers, AI-related matters may need to be disclosed where material to the company’s business, strategy, risks, financial position or securities.

If AI is material to an issuer’s business model, operations, products, controls, cybersecurity exposure, customer relationships or regulatory compliance, it may need to be addressed in the annual report, risk disclosures, management report or other regulated information. Material AI-related risks should also be included in a prospectus or offering document where they are specific to the issuer or securities and material for investors.

The EU AI Act contains specific transparency and information requirements, including duties to inform users that they are interacting with AI in certain cases, rules on AI-generated or manipulated content, technical documentation for high-risk AI systems, registration for certain systems and serious incident reporting. Data protection, cybersecurity and sector-specific laws may also require transparency notices, impact assessments or incident notifications.