Art. 85 of the Utilities Directive (2014/25/EU) contains provisions allowing contracting public entities to reject foreign goods not covered by any EU international commitments from its tender procedures. In these cases, a tender submitted for the award of a supply contract may be rejected where the proportion of the products originating in third countries exceeds 50% of the total value of the products constituting the tender (Art. 85.2). Additionally, in cases of equivalent offers, the provisions provide for a preference for European tenders and tenders covered by EU's international obligations. In practice, this possibility has rarely been used.
The Public Procurement Act transposes the Utilities Directive into law. Where two or more bids are equivalent under the award criteria of Art. 81, preference is given to those bids that do not contain more that 50% of products from third countries (Art. 61). However, tenders with at least 50% of products from third countries are allowed when competing tenders require equipment with technical characteristics that differ from those of the contracting public authority and which could result in incompatibility or disproportionate costs.

Barbados has adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.

Barbados has adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

Barbados has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

The Consumer Protection Act provides a comprehensive framework for consumer protection that also applies to online transactions. Part IV of the Act addresses distance selling, which would include Internet-based commerce. In addition, according to Art. 16 (a) (introduced by the amendment of the Electronic Transactions Act of 2014) of the Electronic Transactions Act, a person who uses electronic communications to sell goods or services to consumers shall provide accurate and accessible information describing the goods or services, as well as information about the terms, conditions, and costs associated with a transaction.

Barbados does not implement any de minimis threshold, which is the minimum value of goods below which customs do not charge duties.

The registration of the domain ".bb" in Barbados is under the supervision of the Telecommunications Unit. According to Form 52 of the Telecommunication Act, applicants for a ".bb" domain must have a local presence in the country to register a domain name.

According to Art. 21.1 (a), the Minister may enact regulations regarding the use, import, and export of encryption programs or other encryption products. Nonetheless, according to Subsection 2, a person may use any encryption programs or other encryption products of any bit size or other measure of strength that has lawfully come into possession of that person.

According to the "General and certification requirements for licensed and license-exempt radio apparatus used for radio communication", all transmitting devices are required to be type approved prior to sale in country. The following documentation is required when submitting a request for type approval: the test reports, the name of the device, the name and address of the applicant & manufacturer, the model number, the certification from a recognized standards body FCC, ETSI or ICC, pictures of the device/component, and the device Manual. This process usually takes 3–5 business days depending on the backlog of approvals and whether all the information has been submitted.

It is reported that Barbados imposes an identity requirement for SIM registration. Anyone wanting to purchase a SIM card has to provide their national ID card, or a passport in case of foreigners.

In accordance with Art. 67.1 of the Data Protection Act 2019, a Data Privacy Officer (DPO) must be appointed by both the data controller and data processor in situations where: (i) the processing is conducted by a public authority or body, excluding instances involving a court of competent jurisdiction acting in its judicial capacity; (ii) the fundamental activities of the data controller or data processor encompass processing operations that, due to their nature, scope, and objectives, necessitate regular and systematic monitoring of data subjects on a significant scale; or (iii) the core activities of the data controller or data processor entail large-scale processing of sensitive personal data.
Additionally, Art 69.1 outlines the responsibilities and functions of the DPO, which include: (i) informing and advising the data controller, data processor, and relevant employees about their obligations under the Data Protection Act; (ii) monitoring compliance with the Act and the data controller's or data processor's data protection policies; (iii) providing guidance on data protection impact assessments and overseeing their implementation in line with Art. 65; and (iv) working closely with the Commissioner, serving as the main point of contact for processing-related matters, including prior consultation as mentioned in Art. 66, and offering consultation on other pertinent issues when necessary.

The Electronic Transactions Act, Chapter 308B establishes a safe harbour regime for intermediaries for copyright infringements. According to Section 24 of the Electronic Transactions Act, there is no intermediary liability for information within electronic records they handle if: (i) they did not create the record; (ii) they have no actual knowledge that the information could lead to legal liability; and (iii) they are not aware of any facts indicating that the information could reasonably result in legal liability.

The Electronic Transactions Act, Chapter 308B establishes a safe harbour regime for intermediaries for any activity beyond copyright infringement. According to Section 24 of the Electronic Transactions Act, there is no intermediary liability for information within electronic records they handle if: (i) they did not create the record; (ii) they have no actual knowledge that the information could lead to legal liability; and (iii) they are not aware of any facts indicating that the information could reasonably result in legal liability.

The Data Protection Act 2019 of Barbados provides a comprehensive regime of data protection in the country.

According to Art. 65.1 of the Data Protection Act 2019, the data controller must conduct an assessment of the potential impact of the proposed processing operations on the safeguarding of personal data. This is applicable when a specific form of processing, particularly one utilizing emerging technologies, is anticipated to potentially pose a significant risk to the rights and freedoms of an individual. The assessment takes into consideration the characteristics of the processing, including its nature, scope, context, and purposes.