The Instructions for Granting Conformity Certificates No. 2 of 2018 mandate that imported goods are subject to mandatory verification through laboratory testing approved by the Directorate of Conformity Certificates at the Jordan Standards and Metrology Organisation (JSMO) and in accordance with its internal procedure. It is reported that approved laboratory testing is exclusively in Jordan. The JSMO undertakes these responsibilities by cooperating with approved labs, including those at the JSMO, Ministry of Health, Greater Amman Municipality, Ministry of Agriculture, and Royal Scientific Society, all of which perform inspection and testing.

Art. 3 of Instruction No. 3/2020, issued under the provisions of Art. 3.5 and Art. 55 of Ordinance No. 111/2017, sets forth the conditions for the accreditation of international electronic payment systems. The regulation requires providers of international electronic payment systems to:
- provide their services in one country or more other than in Jordan; and
- provide their services for a period of not less than three consecutive years prior to the date of submitting the request for obtaining accreditation.

It is reported that the de minimis threshold, that is the minimum value of goods below which customs do not charge duties, is USD 141, below the 200 USD threshold recommended by the International Chamber of Commerce (ICC).

It is reported that to register a ".com.jo" domain name, a company incorporation certificate issued by Jordan's Ministry of Industry and Trade or by Amman Municipality must match the domain name, or alternatively, a registered or pending trademark valid in Jordan that corresponds to the domain name is acceptable. Additionally, complete details of the local company representative are required, including a valid Jordanian address.

Jordan has a legal framework that applies consumer protection to online transactions. Law No. 7/2017 on Consumer Protection Law aims to prevent retailers from gaining an unfair advantage over consumers.

Jordan has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

Jordan has adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.

Jordan has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

Art. 15 of the Personal Data Protection Law provides that any cross-border transaction of personal information must be transferred to a party that has a sufficient level of data protection. The level of protection afforded to a data recipient is equivalent to that imposed by Jordanian laws and regulations, except in the following cases: judicial cooperation is established under international conventions and treaties; international cooperation in the field of combating crimes; data exchange is essential for patient treatment; data exchange is related to epidemiological and health disasters or public health related to Jordan; the data subject has approved the transfer of data after being made aware that the level of protection outside the jurisdiction is not equivalent to the level imposed by Jordanian laws and regulations; and transfer of funds abroad.

Jordan has not joined any agreement with binding commitments to open transfers of data across borders.

Law No. 24 provides a comprehensive regime of data protection in Jordan. The provisions of the Law are applicable to any personal and sensitive information processing of natural persons, whether such data was collected or processed before or after the effectiveness of the Law within Jordan, and apply to controllers who are also based outside of Jordan. The Law also applies to both domestic and international data transfers. In addition, the Law outlines several rights for individuals, namely the right to be informed, to access and obtain held data by the data controller, to object and withdraw consent, to correct, amend, add or update data, to restrict data processing, to be forgotten, to ensure data is erased, and to data portability. Furthermore, the Law includes obligations regarding the notification of data infringements and breaches to individuals.

The Instructions of Anti-Money Laundering and Counter-Terrorist Financing For Electronic Payments and Money Transfer Companies No. 12/2018, issued under the Payment and Transfer of Money Regulation No. 111/2017, introduces a data retention requirement of five years for transaction data and system logs.

Art. 11(a) of the Personal Data Protection Law provides that the controller shall be committed to appointing a DPO in the following instances:
- If the main business of the controller is the processing of personal data;
- They process sensitive personal data;
- They process the personal data of natural individuals who do not have legal capacity;
- Processing includes financial information;
- The responsible person transfers personal data outside Jordan;
- Any other case for which the Council decides to oblige the controller to appoint a DPO.

Pursuant to Art. 11(b)(2) of the Personal Data Protection Law, one of the duties of the controller is to carry out a periodic assessment and evaluation of the database, data processing systems, and systems, preserving the security and safety of data. The controller must document the outcomes of such assessment, issue the necessary recommendations for protecting the data, and implement such recommendations alongside monitoring procedures adopted for protecting data and documenting compliance with the law and relevant legislation.

Art. 5 of the Regulation Regulating the Transportation of Passengers through Smart Applications provides that the Land Transport Regulatory Commission has the discretion to request from an operator of ride-hailing apps the information it holds in its database, specifically relating to the service provider, the vehicle, the passenger and ride.
It is reported that as a result of this regulation, the Ministry of Transportation, as well as judicial and security bodies, can access the companies’ servers and databases without a court order.