Uganda does not implement any de minimis threshold, which is the minimum value of goods below which customs do not charge duties. However, it is reported that there is an informal threshold of USD 50.

The Uganda National Bureau of Standards (UNBS) does all product testing including that of electronic equipment. Self-certification is not accepted. The Electrical Testing Laboratory carries out analysis of electrical products and appliances to assess their compliance with Uganda and international standards. There are also fees charged for testing of these equipment.
The Qmark is recognised by all East Africa Partner States. Products containing this mark are automatically recognised in another EAC Partner State's conformity assessment or certification of a product by exporting EAC Partner State.

The Investment Code Act (ICA) underscores the importance of the Government’s national content policy and the Buy Uganda Build Uganda (BUBU) policy, which require foreign investors to use local services, raw materials and labour. Under the ICA, investment licenses carry specific performance conditions varying by sector, such as to use Ugandan goods and services to the greatest extent possible. Section 12 of the Act sets out specific national content requirements for investors who wish to apply for incentives, and Section 17 provides for the requirements for application of an investment licence including local content requirements which must be met by every investor before an investment certificate can be issued.

Art. 6 of the NITA-U (Certification of IT Providers and Services) Regulations set out criteria for certification of operators for the provision of IT services. In addition, according to Art. 7 of the regulation, applicants for certification should be registered companies in Uganda and separately acquire certification for conducting business online or providing IT services. Other conditions include the need to abide by standards for the provision of technology, demonstrate financial viability, have competent management, have policies and procedures governing the service provision, employ competent staff, and have appropriate infrastructure and equipment.

In January 2021, Uganda’s telecom operators MTN Uganda, Airtel Uganda and Africell Uganda complied with the directive from the Uganda Communications Commission (UCC) to immediately block access to the internet until further notice. The three operators published notices on their social media handles informing their subscribers of the directive by the UCC. Further, MTN Uganda stated that it had implemented the directive in compliance with its “National Telecommunications Operator License and in accordance with MTN’s group-wide Digital Human Rights due diligence framework”. The copy of the directive is not publicly available.

The indicator "6.2.4 - Government Internet shut down in practice" of the V-Dem Dataset, which measures whether the government has the technical capacity to actively make internet service cease, thus interrupting domestic access to the internet or whether the government has decided to do so, has a score of 3 in Uganda. This corresponds to "Rarely but there have been a few occasions throughout the year when the government shut down domestic access to Internet."

It is reported that the Uganda Government temporarily blocked social media and the internet prior to and after the 2021 and 2016 elections. Furthermore, the Uganda Communications Commission ordered internet service providers (ISPs) to block Rwanda’s New Times website and Igihe.com for two days in August 2019 amid tensions between the two countries, though the websites have remained inaccessible on some ISPs for over one year. Finally, in 2021, a list was provided by the Uganda Communications Commission of 100 virtual private networks (VPNs) to block.

The Regulation of Interception of Communications Act of 2010 introduces obligations to intermediaries to install surveillance equipment, to assist “the monitoring centre” and ensure that their services can render real-time interception. Failure to assist the monitoring centre is an offence, that upon conviction may result in a fine, imprisonment for up to five years, or cancellation of the intermediaries license.

In December 2020, Google turned down a request by the Uganda Communications Commission (UCC) to suspend 17 YouTube channels and asked for more justifiable reasons to take any action. Likewise, during the same month Facebook suspended fake and duplicate accounts on its platform, which it said were linked to the Ministry of Information and had been used to impersonate users and boost the popularity of pro-government posts. It is reported that the government retaliated in January 2021 by keeping Facebook blocked, even after it permitted access to other social networks.

Uganda has a safe harbour regime in place for intermediaries beyond copyright infringements. According to Section 29 of the Electronic Transactions Act No. 8 of 2011, a service provider is not subject to civil or criminal liability in respect of third-party material which is in the form of electronic records to which it merely provides access. This is provided that the intermediary is not directly involved in the making, publication, dissemination, or distribution of the material or a statement made in the material; or the infringement of any rights subsisting in or in relation to the material. In addition, pursuant the Art. 30 of the Act, service providers are not liable for infringement for referring or linking to a “data message or infringing activity” if the service provider, is unaware of the infringement, does not receive financial benefit from the infringement, and “removes or disables access to the reference or link to the data message or activity within a reasonable time after being informed that the data message or the activity relating to the data message infringes the rights of the user.”

Section 9 of the Regulation of Interception of Communications Act obliges all telecommunication service providers to ensure that, before they enter into contract with any person for the provision of telecommunication services, such a person is duly registered. Every person who purchases a SIM card for telecommunications or internet services is required to register their personal details.

Uganda has a safe harbour regime in place for intermediaries for copyright infringements. According to Section 29 of the Electronic Transactions Act No. 8 of 2011, a service provider is not subject to civil or criminal liability in respect of third-party material which is in the form of electronic records to which it merely provides access. This is provided that the intermediary is not directly involved in the making, publication, dissemination, or distribution of the material or a statement made in the material; or the infringement of any rights subsisting in or in relation to the material. In addition, pursuant the Art. 30 of the Act, service providers are not liable for infringement for referring or linking to a “data message or infringing activity” if the service provider, is unaware of the infringement, does not receive financial benefit from the infringement, and “removes or disables access to the reference or link to the data message or activity within a reasonable time after being informed that the data message or the activity relating to the data message infringes the rights of the user.”

Section 7 of the Data Protection and Privacy Act provides that, where necessary for the proper performance of a public duty by a public body, cases of national security or for the prevention, detection, investigation, prosecution, or punishment of an offense or breach of law, or for medical purposes, the public authority may collect data even at the objection of the data subject. It is not clarified whether a court order is needed.

The Regulation of Interception of Communications Act of 2010 introduces obligations to intermediaries to collect customer information (names, addresses, ID numbers), install surveillance equipment, and disclose information to authorities when presented with a warrant. It is however reported that state security agents have violated such provisions in 2018 when security agents stormed a telecom provider’s data centre without a court warrant.
In addition, intermediaries are obliged to assist “the monitoring centre” and ensure that their services can render real-time interception. Failure to assist the monitoring centre is an offence, that upon conviction may result in a fine, imprisonment for up to five years, or cancellation of the intermediaries license. In addition, an application for interception can be made orally before a judge as long as the written application follows within 48 hours of the oral application.

Clauses in the Anti-Terrorism Act 2002 (Part VII - Interception of Communications) give security officers appointed by the interior minister the power to intercept the communications of individuals suspected of terrorism and to keep the individuals under surveillance without judicial oversight.