Paraguay enacted Law No. 6822/2021, drawing upon the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.

Paraguay enacted Law No. 6822/2021, drawing upon the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

According to Art. 6 of Resolution 588/2009, the commercialisation, installation, and operation of telecommunications apparatus or equipment are only allowed with prior approval by CONATEL (National Telecommunications Commission). According to Art. 2, the goods that need to be homologated include: telecom equipment and devices intended to be connected to public telecom networks or connected through a network termination; telecom equipment and devices that make use of the radioelectric spectrum (including antennas); equipment that does not fall into the previous categories, which are subject to some technical regulation, at the discretion of CONATEL. Certification by foreign suppliers is allowed, but the application must be submitted to the regulatory body for equipment homologation (Art. 17). Once equipment type testing has been performed, a Paraguayan representative must apply for CONATEL’s certificate of approval by submitting the required documentation, as well as sending a type approval request letter addressed to the president of CONATEL.
It is also reported that the following ICT goods need to be homologated: car audio systems, RF transceivers, BT speakers, modems, wireless microphones, and RFID (Radio Frequency Identification) equipment.

Paraguay implements a de minimis threshold, that is the minimum value of goods below which customs do not charge duties, equal to USD 100, below the USD 200 threshold recommended by the International Chamber of Commerce (ICC). Resolution No. 1298 of 2018 of the Ministry of Industry and Commerce, as well as Art. 223 of the Customs Code, establishes that express shipments up to USD 100 that are not subject to prior import licenses are exempt from paying customs duties. Yet, these shipments are liable to pay the casual VAT of 13% and the transportation payment. As for operations between USD 100 and USD 1,000, they must pay between 15% and 35% of the Common External Tariff, as applicable. Art. 219 of the Customs Code further states that international postal shipments are not subject to customs duties for values up to 200 USD.

According to Art. 1197 of the Civil Code, companies incorporated abroad that want to offer their services in Paraguay are required to establish a representation with a domicile in the country, in addition to the particular domiciles resulting from other legal causes.

Law No. 1334 provides a comprehensive framework for consumer protection that also applies to online transactions. According to Art. 3 of Law No. 1334, the Law on consumer protection applies to all activities between suppliers and consumers in connection with the distribution, sale, purchase or any other form of commercial transactions of goods and services.

Paraguay has signed and ratified the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

Paraguay has joined agreements with binding commitments to open transfers of data across borders. According to the Art. 7.2 of the Mercosur Agreement on E-Commerce signed by Paraguay, each Party shall permit the cross-border transfer of information when the purpose of such transfer is to realise the commercial activities of a person of a Party. Furthermore, according to the Art. 7.11 of the Free Trade Agreement between Chile and Paraguay, each Party shall permit the cross-border transfer of information by electronic means, where such activity is for the conduct of the business of a person of a Party.

Law No. 7593/25 on the Protection of Personal Data in the Republic of Paraguay provides a comprehensive regime of data protection in the country.

According to Art. 10 of Law No. 4868, intermediary service providers and data service providers shall store the connection and traffic data generated during the established communication for at least six months.

According to Art. 1 of Resolution No. 1350, telephone service providers shall store a detailed call log of all Paraguayan users for a period of six months.

In accordance with Arts. 1-3 of Resolution No. 2583/2024 of the National Telecommunications Commission (CONATEL), which establishes the obligation for all Internet Access and Data Transmission Service licensees to retain connection records, such licensees must keep connection logs for each subscriber for a minimum period of six months, including the data necessary to identify the subscriber. The Resolution further requires licensees to store for a minimum period of six months, for each connection made by the subscriber, including the assigned IP address and, where network address translation (NAT) is used, the TCP/UDP ports employed and the date and time of the IP communication, together with the identification of the subscriber to whom the service is contracted.

According to Arts. 14 and 15 of Law No. 7593/25 on Personal Data Protection in the Republic of Paraguay, the controller must carry out a data protection impact assessment (DPIA) before any processing operation that, by its nature, scope, context or purposes, is likely to pose significant risks to data subjects’ rights. A DPIA is mandatory where:
(a) there is a systematic and comprehensive evaluation of personal aspects based on automated processing, including profiling, underpinning decisions with legal or similarly significant effects;
(b) large-scale processing of sensitive data or data on criminal convictions and offences is undertaken; or
(c) large-scale, systematic monitoring of publicly accessible areas takes place. The supervisory authority must publish a list of operations requiring a DPIA and may also issue a list of operations exempt from this requirement.
Where a DPIA shows that the envisaged processing would still involve high risk in the absence of mitigation measures, the controller must engage in prior consultation with the supervisory authority and may not commence processing until the authority has issued its opinion.
Moreover, according to Art. 4(h), the controller or processor, where applicable, shall designate a data protection officer. Art. 18 regulates the role of the data protection officer, who is responsible for supporting and supervising compliance with data protection rules.

Law No. 4868 on Electronic Commerce establishes a safe harbour regime for intermediaries for copyright infringements. According to Art. 11 of Law No. 4868, if the service receiver provides the data, the intermediary service provider shall not be responsible for the information transmitted under several circumstances, including when providers or data do not initiate the transmission is not changed by providers. Art. 16 requests all providers to establish a mechanism to remove content that violates copyright and related rights and industrial property laws from the network. This mechanism must be public and accessible to any user.

Law No. 4868 on Electronic Commerce establishes a safe harbour regime for intermediaries beyond copyright infringements. According to Art. 11 of Law No. 4868, if the service receiver provides the data, the intermediary service provider shall not be responsible for the information transmitted under several circumstances, including when providers or data do not initiate the transmission is not changed by providers. Art. 16 requests all providers to establish a mechanism to remove content that violates copyright and related rights and industrial property laws from the network. This mechanism must be public and accessible to any user.