Cambodia has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

The Law on Consumer Protection and the Law on Electronic Commerce provide a comprehensive framework for consumer protection that also applies to online transactions. According to Art. 27 of the Law on Consumer Protection, it is required for businesses to disclose information related to the kind, grade, safety, quantity, origin, function of use, maintenance, composition, design, assembly, usage, price, packaging, advertising or supplying, manufacturing date and expiry date, information about production or information related to the supply of goods or services. The application of these requirements to e-commerce is confirmed by Art. 33 of the Law on Electronic Commerce, which requires any person using electronic communications for commercial activities with consumers to comply with all other provisions and regulations related to consumer protection.

Cambodia has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

Cambodia enacted the E-Commerce Law, drawing upon the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.

Pursuant to Annex 5 of Sub-Decree No. 370 on the Enforcement of the List of Prohibited and Restricted Goods, the importation of used computers is restricted and is permitted only with authorisation from the Ministry of Environment.

According to Art. 15 of the Law on Telecommunications, any person may apply to the Telecommunication Regulator of Cambodia (TRC) for a permit to engage in the importation, exportation, supply, and distribution of telecommunications equipment. Under Art. 16, individuals may also apply to the TRC for a certificate to act as a Qualified Agent (QA) for the import of such equipment.
In addition, under Art. 7 of Sub-Decree No. 110, individuals intending to import, supply, or distribute computer instruments and electronic devices equipped with ICT technology or software must obtain an operational certificate from the General Department of ICT. If the equipment is classified as restricted under Sub-Decree No. 370, an additional import permit is required and must be obtained via the National Single Window online system.
The TRC is the competent authority responsible for issuing licences, certificates, and permits in the telecommunications sector. This includes QA certificates for the import, supply, and distribution of telecommunications and ICT equipment, as well as import permits for items included in the restricted goods list.

According to Art. 15 of the Law on Telecommunications, any person may apply to the Telecommunication Regulator of Cambodia (TRC) for a permit to engage in the export of telecommunications equipment. Additionally, under Art. 7 of Sub-Decree No. 110, individuals intending to export computer instruments and electronic devices equipped with ICT technology or software must obtain an operational certificate from the General Department of ICT. The TRC serves as the competent authority for issuing licences, certificates, and permits in the telecommunications sector.

It is required that several products sold in Cambodia obtain national certification, although this certification is often based on international standards. Foreign manufacturers must sign an agreement with the Institute of Standards of Cambodia (ISC) to obtain local certification. Any entity can apply for a license to use the ISC Certification Mark. The license has a validity of three years, which can be extended for three years at a time, subject to satisfactory operation of the license.

According to Art. 26.1 of the E-Commerce Law, e-commerce service providers and intermediaries must obtain e-commerce permits or licenses from the Ministry of Commerce (MOC) in addition to the general business registration. According to Art. 26.2, the licensing regime has two categories: (1) an e-commerce permit (for individual persons and sole proprietorships) and (2) an e-commerce license (for legal persons and branches of foreign companies). In August 2020, Cambodia issued Sub-Decree No. 134, an implementing regulation of the E-Commerce Law, clarifying that a license is required for legal persons and branches of foreign companies carrying out the following activities: e-commerce web services, e-commerce platform services, online market services, online auction website services, and other similar services provided through software or smart devices for the promotion of e-commerce (Art. 5.1).
In addition, pursuant to Art. 5.2 of the Sub-Decree, an E-Commerce permit is required for natural persons and sole proprietors that operate a business via an electronic system in Cambodia (including those who conduct business via social media and electronic systems to supply or sell/purchase goods and services). Furthermore, according to Art. 7.1, legal entities or foreign branches that are intermediaries of electronic-commerce service providers must apply for a license at the MOC and meet the following conditions: (i) business registration and tax registration with registered business activities relating to e-commerce; (ii) it must have obtained an Online Service Certificate and domain name from the Ministry of Posts and Telecommunications; (iii) it must use an electronic application or means for operating e-commerce; (iv) the electronic system used by it must be accurate; (v) it must specify the payment method; (vi) it must have a business model and consumer protection form. If it is a legal entity or foreign branch acting as an intermediary, it must enter into a contract with the business service providers. Moreover, in October 2020, the MOC issued Prakas No. 290, which set the required documents for applying for e-commerce licenses and permits, and detailed procedures and timeframes for the MOC to review applications. The regulation also stipulates the timelines and procedures for renewing permits and licenses, among other things (Arts. 3–8).
The E-Commerce Law broadly defines e-commerce service providers and intermediaries (Annex). An e-commerce service provider is defined as a "person who uses electronic means to supply goods and/or services except for insurance establishments". On the other hand, intermediary "refers to a person who provides the services of sending, receiving, transmitting or storing services of the electronic communication, either on a temporary or permanent basis, or provides other services relating to the electronic communication, including the following persons: a person representing the sender, receiver, transmitter, or the custodian; telecommunication service providers; network service providers; internet service providers; search engines providers; online payment service providers; online auction service providers; online marketplaces service providers and internet commerce service provider".

In March 2021, the National Bank of Cambodia (NBC) issued the Circular on E-KYC Guidance and Transaction Limit for Payment Service in Cambodia, clarifying procedures and information required for payment service institutions to identify customers and set daily transaction limits for each customer type. The Circular established the Bakong Payment System by the NBC, which is a centralised platform that allows customers to make bank transfers across banks and payment institutions. Based on the Circular, the size of daily transactions permitted depends on the platform, the personal information provided by the customer, and the stage of the payment service institution’s review of the customer’s information. In accordance with the different customer risk levels, customer identification procedures are determined by the four following transaction types: (i) Transactions between Bakong Accounts; (ii) Transactions between Bakong Accounts and Bank Accounts/E-Wallet Accounts; (iii) Transactions between E-Wallet Accounts and E-Wallet Accounts/Bank Accounts and; (iv) Transactions between Bank Accounts and Bank Accounts via Bakong (Backbone).
For transactions falling under items 1 – 3 above, customers are classified into three categories:
- Basic Customers: The transaction limit is KHR 2 million (approx. USD 500) per day;
- Partial KYC: The transaction limit is KHR 12 million (approx. USD 3,000) per day;
- Full KYC: The transaction limit is KHR 40 million (approx. USD 10,000) per day.
- For transactions under item 4, customers are considered full KYC customers, and the transaction limit is KHR 200 million (approx. USD 50,000) per day.

According to Circular 004 MEF on the Procedures for Low Value Goods, the de minimis threshold, that is, the minimum value of goods below which customs do not charge duties, is USD 50, below the USD 200 threshold recommended by the International Chamber of Commerce (ICC).

Pursuant to Art. 7 of Sub-Decree No. 287 and Joint Notification No. 873, issued by the Ministry of Commerce (MOC) and the Ministry of Posts and Telecommunications (MPTC), registered companies in Cambodia are required to use a local domain name such as ".com.kh" for their websites and email addresses. Furthermore, pursuant to Notification No. 837, issued in April 2022 by the MOC and MEF, all companies operating in Cambodia must use a national second-level domain name and an email address with that domain when filing annual declarations of commercial enterprises. Domain names are valid for 1 year before they must be renewed.

The E-commerce Law establishes a safe harbour regime for intermediaries for copyright infringements. According to Art. 24 of the law, internet intermediaries are not liable for unlawful third-party content on their online platforms. However, they must comply with mandatory content-removal procedures upon becoming aware of such content (Art. 25). Additionally, pursuant to Art. 27, intermediaries are obligated to comply with an e-commerce code of conduct.

The E-commerce Law establishes a safe harbour regime for intermediaries beyond copyright infringements. According to Art. 24 of the law, internet intermediaries are not liable for unlawful third-party content on their online platforms. However, they must comply with mandatory content-removal procedures upon becoming aware of such content (Art. 25). Additionally, pursuant to Art. 27, intermediaries are obligated to comply with an e-commerce code of conduct.

It is reported that Cambodia requires identity verification for SIM card registration. Individuals seeking to purchase a SIM card must present a national identity card or, for foreign nationals, a passport to activate a new prepaid SIM. This requirement has reportedly existed since 2012, although its implementation remained incomplete for several years.
In August 2022, the authorities issued a final warning directing all telecommunications operators to ensure full SIM registration by 2023. This framework was subsequently formalised through Sub-Decree No. 41 on Equipment Identity Registration, issued in February 2023, which established a SIM identification registration system and a national database to support regulatory compliance.