Vanuatu has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

It is reported that the conformity assessment system in Vanuatu accepts the European documentation and test reports for market access. The homologation procedure in Vanuatu requires neither local laboratory testing nor a local representative. There are also no additional requirements concerning product labelling.

Vanuatu applies a limited de minimis threshold, that is, the minimum value of goods below which customs do not charge duties. Pursuant to Art. 23 of the Import Duties (Consolidation) Act (CAP 91), goods imported by post or airfreight for the recipient’s exclusive personal use may be admitted duty-free where the FOB value does not exceed VUV 10,000 (approx. USD 83), while no de minimis applies to other goods.

Vanuatu lacks a comprehensive framework for consumer protection that applies to online transactions.

Vanuatu has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

Vanuatu has not joined any agreement with binding commitments to open transfers of data across borders.

The Data Protection and Privacy Act No. 13 of 2024 establishes a comprehensive legal framework for the protection of personal data in Vanuatu. Applicable to both public and private sector entities, the Act possesses extraterritorial reach and stipulates conditions for cross-border data transfers. It delineates the rights of data subjects and prescribes detailed provisions governing the processing of personal data, including sensitive categories.

Under Part IV of the E-Business Act, companies engaging in electronic business must appoint a data protection officer.

Section 21 of the Cybercrime Act authorises the Commissioner of Police, by written notice, to require a service provider to disclose subscriber data where the Commissioner is satisfied that such disclosure is necessary for law enforcement purposes or for the enforcement of a serious foreign offence, and obliges the service provider to comply with the request as soon as practicable after it is received; however, the provision does not clarify whether a warrant or court order is required. The Act defines a service provider as any public or private entity that enables users to communicate by means of a computer system, as well as any entity that processes or stores computer data on behalf of such an entity or its users, including service providers regulated under the Telecommunications, Radiocommunications and Broadcasting Regulation Act No. 30 of 2009. Subscriber data is defined as any data held by a service provider, in electronic or other form, relating to a person who uses or rents its services, by which the type of service used, the relevant technical arrangements, and the period of service may be established, together with the subscriber’s identity and contact details, including postal or geographic address, telephone and other access numbers, billing and payment information, and information concerning the location of equipment required to use the service, insofar as such information is available under the service agreement or arrangement; the definition expressly excludes traffic and content data.

The Electronic Transactions Act establishes a safe harbour regime for intermediaries for copyright infringements. According to Art. 26 of the Act, an intermediary is not subject to any civil or criminal liability in respect of any information contained in an electronic record in respect of which the intermediary provides services if the intermediary was not the originator of that electronic record and the intermediary: (a) has no actual knowledge that the information gives rise to civil or criminal liability, or (b) is not aware of any facts or circumstances from which the likelihood of civil or criminal liability in respect of the information ought reasonably to have been known; or (c) follows the procedure set out in section 27 if the intermediary: (i) acquires knowledge that the information gives rise to civil or criminal liability; or (ii) becomes aware of facts or circumstances from which the likelihood of civil or criminal liability in respect of the information ought reasonably to have been known.

The Electronic Transactions Act establishes a safe harbour regime for intermediaries beyond copyright infringements. According to Art. 26 of the Act, an intermediary is not subject to any civil or criminal liability in respect of any information contained in an electronic record in respect of which the intermediary provides services if the intermediary was not the originator of that electronic record and the intermediary: (a) has no actual knowledge that the information gives rise to civil or criminal liability, or (b) is not aware of any facts or circumstances from which the likelihood of civil or criminal liability in respect of the information ought reasonably to have been known; or (c) follows the procedure set out in section 27 if the intermediary: (i) acquires knowledge that the information gives rise to civil or criminal liability; or (ii) becomes aware of facts or circumstances from which the likelihood of civil or criminal liability in respect of the information ought reasonably to have been known.

Clause 10 of the SIM Card Registration Regulation Order No. 105 stipulates that individuals intending to purchase a SIM card are required to present a valid identification card or document to the licensed provider.

Pursuant to Art. 16 of the Vanuatu Foreign Investment Promotion Act No. 25 of 2019, a foreign investor may not carry out a restricted activity unless it has been issued an investment registration certificate authorising that activity. Under Art. 25, the restricted list of investment activities is set out in Part 3 of the Schedule, which includes advertising and marketing services.

According to Section 2 of Decision 01 of 2020, local importers need to obtain a type approval import permit from the Telecommunications, Radiocommunications & Broadcasting Regulator for the approval of importation, use, and sale of a particular model each time a consignment of relevant equipment is imported to Vanuatu.

Pursuant to Section 12 of the Business License (Amendment) Act No. 35 of 2010, a Category D1 licence is required for businesses that import merchandise with the intention of re-exporting it without substantial transformation. For these purposes, “transformation” refers to the creation of a new good that is distinct from the raw materials used to produce it.