This article is aimed at senior executives who are considering compliance and regulatory risks that they should be prepared for in the context of anticipated international expansion. This is intended as an overview since these issues involve subject expertise beyond localization and translation technology. In general you should think about the following.
Taxes
Depending on where you are headquartered and which regions you are in or planning to operate in, you may need to pay or collect taxes. I am not a tax expert but this is something I’ve encountered at prior companies.
When Lyft expanded into Canada we had to set up a Canadian business entity, transact in Canadian Dollars, and collect value added tax from riders to be paid to the Canadian tax authorities, This turned out to be a pretty significant engineering effort because Lyft had been operating in the US for years, and had tons of assumptions about US operation baked into the product.
All digital products that are based in the US have less exposure to this, but once you develop a physical footprint in other countries or generate enough revenue to draw the attention of tax authorities, you may need to consider this. Companies that are headquartered in EU markets or have an on the ground presence will run into this almost right away.
You should definitely consult tax experts and have them perform a risk assessment and develop an implementation check list so you don’t run afoul of this.
One tech tip is to look into payment platforms that handle this for you. Calculating and collecting VAT is region specific and kind of a nightmare. At Lyft in 2017, we had to build this from scratch. I have to think this problem has already been solved, at least in major markets.
Currency & Payment Methods
Another consideration is if you will need to display prices or settle in local currency, which is discussed in more detail in the article Localized Payment Support.
The general rule of thumb to follow here is as follows:
- If you are business to business service, such as a SaaS offering, especially if you are early stage, it’s usually OK to display prices and settle in USD. That said if you cater to larger companies or public entities, you will need to at least display prices in relevant local currencies. Modern payment services make this easy to do.
- If you are offering a consumer service, such as games, you’ll probably see better results if you accept payments in local currencies. Payment services and app stores make this relatively easy to do.
- If you have a physical presence or on the ground elements, you’ll probably need to set up a business entity and transact in the local currency. This is a much bigger lift than simply using Stripe to collect funds in Euros and settle in USD.
Regulatory Risks
If you have a physical presence in a country, you will also need to comply with relevant regulations that can affect everything aspect of your business.
When Lyft expanded into Canada, we had to comply with other regulations related to passenger safety, driver onboarding and other matters. This also involved additional product and engineering work, for example to implement driver background checks using different documentation and background check providers.
What regulations apply to you will depend on which countries you operate in, your industry sector and other considerations so it is not possible to provide a one-size-fits-all here other than “consult with a law firm that operates in country and knows your sector.”
Privacy Laws & AI Regulations
Another issue you’ll need to be prepared for is to comply with privacy regulations, and if you are offering AI based services, AI related regulations. The bad news here is that even if you offer an all-digital service, you’ll probably run into this.
The best example is GDPR, which enforces privacy and data storage regulations on companies offering services in the EU region, and imposes significant penalties on companies that are out of compliance (up to 4% of global revenue for severe infractions). A similar California law (CCPA) also governs how customer information is stored and handled. CCPA violations can result in civil penalties of up to $7,500 per intentional violation, which can add up quickly.
Regarding AI, the EU AI Act is now in force and classifies AI systems by risk level. If your product uses AI in ways that affect users in the EU, engage a specialist to understand your obligations
Privacy and AI law compliance is discussed and well handled elsewhere. Most localization professionals are not privacy law experts so you are better off to engage with firms that specialize in this area.
Spanish For The Domestic US Market
One of the reasons I encourage US companies to start with Spanish for the US market is to decouple language support from issues related to international expansion. Since you are not expanding international, the addition of a Spanish presentation layer doesn’t expose you to operational or regulatory risk.
Building the tooling and infrastructure to support multiple languages requires effort and is usually front loaded. You’ll need to build this anyway, and by doing this, you can split the program into two distinct stages: 1) foundational work to make the presentation layer portable across languages, and 2) additional work to deal with regulatory compliance and other issues that are specific to your industry sector and the countries you’re expanding to.
This heuristic applies equally well to companies operating in other countries. For example, there is a large Arabic speaking population in France. In Germany, Turkish is a major secondary language.
Conclusions & Checklist
The good news for most digital-first US companies is that privacy law (GDPR/CCPA) is the most universal exposure, while tax, payment, and regulatory obligations scale primarily with your physical footprint.
Key risk areas to be aware of include:
| Risk Area | Applies When |
| Tax / VAT | Physical presence, or large revenue in-country |
| Currency / Payments | Consumer product, or enterprise B2B customers |
| Regulatory Compliance | Physical presence, regulated industry |
| Privacy (GDPR/CCPA) | Serving EU customers or California residents (almost everyone) |
Related Reading
Localized Payment Support – this article describes considerations around localized currencies and payment methods, primarily from a product or engineering manager’s perspective.
Spanish As A Prelude To International Expansion – as mentioned above, launching Spanish in the US market is a good way to decouple foundational work to support multiple languages from additional work that is needed to operate internationally.
Which Languages And Regions Should We Target – this article describes a data driven methodology for ranking and targeting regions and languages.