According to Section 62, the telecommunication apparatus requires approval of the Authority before it is connected for use by a licensee. As a basis of approval, the Authority may publish a notice in the Gazette establishing standards to which an apparatus of a specified description shall conform to be approved. It is reported that self-declaration of conformity is not allowed in Zimbabwe.

According to Art. 47 of the Mid-Term Monetary Policy Statement, users are restricted to only one mobile wallet account per person and a daily transfer limit of ZW 5,000 (approx. USD 50). This applies to individuals for person-to-person transfers, person-to-merchant payments for goods and services, bill settlement and purchase of airtime. In addition, pursuant to Art. 50 merchants are not allowed to make payments from their wallets. This is also the case for agent mobile money wallets, which have been abolished by the Policy. In this regard, users can no longer make transactions through mobile money agents. It is reported that this is likely to affect customers in rural Zimbabwe who rely on the agents to access mobile money services. These agents gave rural consumers the opportunity to integrate into the financial system.

It is reported that the de minimis threshold, that is the minimum value of goods below which customs do not charge duties, is USD 10, below the 200 USD threshold recommended by the International Chamber of Commerce (ICC).

The Consumer Protection Act (Chapter 14:44) of 2019 provides a comprehensive framework for consumer protection that also applies to online transactions.

Zimbabwe has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

Zimbabwe has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.

Zimbabwe has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

The Interception of Communications Act provides wide-ranging powers to state security agencies to have access to personal data. Section 5 mandates that intelligence, defence, police, and prison services request warrants of interception from the executive in charge of postal and telecommunication services. Section 9 of the Interception of Communications Act instructs ISPs to install necessary surveillance technologies and intercept any content that the state may deem fit. In addition, Section 9 obliges data services providers and processors to cooperate with the state in enabling data access. To this end, data processors are instructed to capture full personal information, regularly update it, and use technologies that can be intercepted.
It is reported that warrants allowing the monitoring and interception of communications are issued by the Minister of Information at their discretion. Consequently, there is no adequate judicial oversight or other independent safeguard against abuse, and the extent and frequency of monitoring remains unknown.

The Postal and Telecommunications Act allows the government to intercept ostensibly suspicious communications (Section 98) and requires a telecommunications licensee, such as an ISP, to supply information to government officials upon request. It is not clear whether a court order is required.

The Cyber and Data Protection Act provides for a safe harbour regime in Zimbabwe. This is provided for in Section 379C(1), which states that an ISP shall not be responsible or liable for a crime if they have not initiated the transmission, selected the receiver of the transmission and/or modified the information contained in the transmission. Most importantly, the Act provides that the ISPs will not be liable for data carried on their platforms and those of intermediaries if they remove it after a court order. In addition, ISPs and intermediaries will not be liable if they remove the information upon their realisation or gain knowledge that the information is illegal.

The Cyber and Data Protection Act provides for a safe harbour regime in Zimbabwe. This is provided for in Section 379C(1), which states that an ISP shall not be responsible or liable for a crime if they have not initiated the transmission, selected the receiver of the transmission and/or modified the information contained in the transmission. Most importantly, the Act provides that the ISPs will not be liable for data carried on their platforms and those of intermediaries if they remove it after a court order. In addition, ISPs and intermediaries will not be liable if they remove the information upon their realisation or gain knowledge that the information is illegal.

According to Art. 5.1 of the Postal and Telecommunications (Subscriber Registration) Regulations, 2013. Telecommunications providers must each establish a subscriber database of all SIM card holders, connecting their phone number to their name, address, gender, nationality, and passport or ID number. The law obliges service providers to regularly hand over copies of this data to the government, which will then establish its own central subscriber information database.

The indicator "6.2.4 - Government Internet shut down in practice" of the V-Dem Dataset, which measures whether the government has the technical capacity to actively make internet service cease, thus interrupting domestic access to the internet or whether the government has decided to do so, has a score of 3 in Zimbabwe for the year 2023. This corresponds to "Rarely but there have been a few occasions throughout the year when the government shut down domestic access to Internet."

According to Art. 7.1 of the Broadcasting Services Act, no person may provide a broadcasting service or operate as a signal carrier in Zimbabwe without a broadcasting licence or a signal carrier licence. Art. 7.2 specifies that a broadcasting licence authorises the licensee to offer various types of broadcasting services, including narrowcasting, datacasting, and webcasting. However, under Art. 8.1, a broadcasting licence can only be issued to individuals who are citizens of Zimbabwe or to a corporate entity in which a controlling interest is held, whether directly or indirectly, by one or more Zimbabwean citizens.
Art. 7 of Broadcasting Services (Licensing and Content) Regulations, 2004 provides the licensing requirements for narrowcasting, datacasting, and webcasting. It is reported that the Zimbabwean authorities might use this section to require licensing fees for video-on-demand and live-streaming services (YouTube, Facebook, Netflix, etc.), and, as a result, smaller companies have to obtain licenses ranging from USD 2,500 to USD 20,000.

Zimbabwe has a telecommunications authority: The Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ). However, it is reported that this entity is not fully independent.