Privacy Act 2020
REQUIRED
NZ Privacy Act 2020 aligns with GDPR principles. Mandatory privacy breach notification. Lighter than GDPR but requires documented processes.
Regional Deep Dive/APAC
Tax & Regulatory // New Zealand
Entity type: Limited Company (Ltd)
Core Compliance
Corporate Tax
28%
Flat rate; no lower rate for small companies
GST
15%
Highest in APAC region; register above NZ$60K annual NZ turnover
Ease of Incorporation
24 hours online
NZ Companies Office — fastest digital registration in the Pacific
Regulatory Vectors
watch
Entity Setup
24 hours
NZ company registration via Companies Office is fully digital and can be completed in under 24 hours with an NZ director or registered office.
Data Residency
NOT MANDATED
No mandatory data localisation. Government agencies have internal policy preferences for NZ hosting but no legal requirement.
IRD Tax Compliance
REQUIRED
IRD registration, GST registration, and PAYE if employing. Well-documented and easy to comply with via NZ-based accountant.
Key Legislation
Privacy Act 2020
Information privacy principles and mandatory breach reporting.
Consumer Guarantees Act 1993
Implied guarantees in consumer contracts — relevant for consumer-facing products.
Electronic Transactions Act 2002
Governs validity of electronic contracts and digital signatures.
Entry Recommendation
NZ has minimal regulatory barriers for software companies. Incorporate, register for GST, and implement Privacy Act 2020 documentation. This can all be completed in under 2 weeks with a NZ accountant and solicitor.
Regulatory Flashpoints — Evidence Base
Primary regulatory flashpoint
confidence 40Privacy Act 2020 obligations including cross-border disclosure controls.
Needs human review