About us
Tsanko Kalchev
Owner | Attorney at Law
Attorney Tsanko Kalchev holds the CIPM certification (Certified Information Privacy Manager, IAPP) as well as the TÜV SÜD certification as a Data Protection Officer.
These qualifications stand for practical data protection and risk management expertise, particularly for data-driven business models and AI systems.
He previously worked for several years as in-house counsel in the data protection team of a German bank. This in-house experience significantly shapes our advisory approach and is especially valuable for German companies with high compliance requirements. Litigation Experience as a Risk Management Asset alongside his specialization in data protection and AI law, Attorney Kalchev has been active in civil and litigation law for more than a decade and has handled over 1,000 court proceedings.
Who We Advise and What We Do
We advise companies operating across Germany and Bulgaria on the legal structuring of digital business. Our clients include German and European businesses establishing or running IT, development, and outsourcing operations in Bulgaria, as well as Bulgarian technology providers delivering services into EU markets.
We support market entry and ongoing operations with a focus on GDPR compliance, the EU Artificial Intelligence Act, and technology contracting across software/SaaS, cloud, IT projects, and cross-border services. Where required, we also represent clients in civil proceedings before German courts.
Multilingual Advice for Cross-Border Projects
Our team combines German-qualified counsel (admitted to the German Bar) with registration as foreign lawyers in Bulgaria. This enables advice aligned with German legal standards while being implemented in line with Bulgarian market practice and project realities.
From our Sofia office, we coordinate cross-border mandates in close, long-term cooperation with the German law firm Kläner and, where appropriate, with trusted Bulgarian civil law counsel—ensuring one consistent strategy and clear responsibility across jurisdictions.
Typical Mandates and Industry Focus
Typical engagements include setting up and scaling nearshoring and outsourcing structures in Bulgaria; selecting and contracting Bulgarian IT service providers; and designing enforceable governance models covering liability, SLAs, and audit rights. We regularly advise on GDPR-compliant cross-border data processing, including vendor structures, DPAs, and incident readiness.
We also support the compliant deployment of AI systems, including risk classification under the EU AI Act, documentation duties, and governance interfaces with data protection. In addition, we handle reputation, defamation, and liability matters in the digital environment, including platform-related enforcement strategies.
We advise in German, English, and Bulgarian.