Estonia has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

According to the ".ee" Domain Regulation, it is required to appoint an administrative contact for the application for the ".ee" domain name. The administrative contact has to be a citizen of Estonia with an Estonian personal identification code or a European Economic Area (EEA) citizen.

The Consumer Rights Directive 2011/83/EU provides an updated framework aimed at encouraging online sales. The Directive has been implemented by the Consumer Protection Act. The Act includes provisions on the right to information, safety and quality of goods or services, and unfair commercial practices. The Act also safeguards 'distance contracts'. E-commerce is regulated by the Estonian Consumer Protection and Technical Regulatory Authority.

Estonia has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

Estonia has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.

The European Union General Data Protection Regulation (GDPR) provides a comprehensive framework for data protection that applies to all EU Member States. Estonia implemented the GDPR in 2018 through the Personal Data Protection Act.

Under the EU Directive on Data Retention, operators were required to retain certain categories of traffic and location data (excluding the content of those communications) for a period between six months and two years and to make them available, on request, to law enforcement authorities for the purposes of investigating, detecting and prosecuting serious crime and terrorism. On 8 April 2014, the Court of Justice of the European Union declared the Directive invalid. However, not all national laws that implemented the Directive have been overturned.
In Estonia, the Electronic Communications Act continues to mandate traffic and location data retention. Arts. 111 and 112 of the Act require communications undertakings to retain various categories of communications metadata (including, but not limited to, location data) for a period of one year from the date of the communication.

Art. 112 of the Electronic Communications Act mandates that electronic communications providers furnish the communication data retained under Art. 111 within 10 hours for urgent requests, and within 10 days for other requests, made by the relevant agencies specified in the Act. Additionally, mobile telephone service providers are obliged to supply real-time identification of the location of the mobile device in use. Requests from the agencies may be made either in writing or orally. Notably, this provision does not require prior judicial authorisation. Art. 111 stipulates that internet and telecommunication service providers must retain a broad spectrum of communication data for the purposes of identifying, inter alia, the source, destination, time, duration, and location of the communication.

The Directive 2000/31/EC (E-Commerce Directive) is the legal basis governing the liability of Internet Services Providers (ISPs) in the EU Member States and includes a conditional safe harbour. Not all Member States have transposed the relevant articles consistently, leading to divergent national case law that could cause legal insecurity on an EU level.
The Information Society Services Act (ISSA) is based on the EU e-Commerce Directive (Directive 2000/31/EC).

The Directive 2000/31/EC (E-Commerce Directive) is the legal basis governing the liability of Internet Services Providers (ISPs) in the EU Member States and includes a conditional safe harbour. Not all Member States have transposed the relevant articles consistently, leading to divergent national case law that could cause legal insecurity on an EU level.
The Information Society Services Act (ISSA) is based on the EU e-Commerce Directive (Directive 2000/31/EC).

Art. 17 of Directive 2019/790 on Copyright in the Digital Single Market (DSM Directive) mandates that providers of content-sharing services seek authorisation from rights holders and implement technical solutions to remove and prevent unauthorised uploads by their users (so-called upload filters), under penalty of losing their liability safe harbour. Further arrangements are envisaged for complaints and dispute resolution mechanisms. Such upload filters are reported to be a significant cost for online platforms. Graduated exemptions are expected to be put in place for new providers active in the EU for less than three years with a turnover under EUR 10 million and with fewer than five million users. The provision is subject to a challenge in the Court of Justice by Poland (C-401/19).
To implement Directive 2019/790, the Parliament has adopted the Act amending the Copyright Act (transposition of copyright directives) 368 SE, therefore making online content-sharing service providers partially liable for copyright violations on their platforms.

Current tensions with Russia have induced the Estonian regulatory authority to block Russian websites for geo-political reasons. It is reported that in February 2022, the Consumer Protection and Technical Regulatory Authority (TTJA) ordered telecommunications operators to restrict the online broadcasting of six pro-Kremlin TV channels, including RTR-Planeta, RTVI, Rossiya 24, REN TV, NTV Mir, and PBK, for twelve months in an effort to limit Russian war propaganda. In March 2022, the TTJA ordered the blocking of another TV channel RBK (RBC TV), seven websites (ntv.ru, ren.tv, 5-tv.ru, 78.ru, 1tv.com, lenta.ru, and tass.ru.), and 12 internet channels, whose “content incites to commit offences towards national security and national defence, to the detriment of the security of society,” according to a TTJA press release.

The Estonian government issued sanctions on the Russian app Yandex. The reason provided is that individuals using the application Yandex must provide access to a considerable amount of personal data, which is processed by the company on servers located in Russia. To prevent the collection and use of Estonian data by the Russian authorities, the government is banning the application, requiring app stores to restrict downloads of the Yandex application.

The EU Directive on Audiovisual Media Services (AVMS) covers traditional broadcasting services as well as audiovisual media services provided on-demand, including via the Internet. Art. 13.1 provides for Member States to secure a minimum 30% share of European works in the catalogues as well as "ensuring prominence" of those works. "Prominence" involves promoting European works by facilitating access to such works using any appropriate means to ensure their prominence. The Directive has been implemented by Member States in different ways, ranging from very extensive and detailed measures to a mere reference to the general obligation to promote European works.
In Estonia, the EU Directive was transposed into domestic law through the amendment of the Media Services Act of February 2022 (RT I, 27.02.2022). According to Art. 24 of the Act, on-demand audiovisual media service providers are required to ensure that at least 30% of the programmes in their catalogue consist of European works. Additionally, these providers must report their compliance with this requirement to the Consumer Protection and Technical Regulatory Authority by 15 February each year. Estonia has not implemented financial contribution obligations to VOD service providers.

It is reported that the government of Estonia owns 51% shares of Levira AS. Levira AS is a media and telecommunications company based in Estonia. It provides a range of services in the fields of broadcasting, media, and IT infrastructure.