Norway's National Security Act gives authorities extensive powers to block foreign investments in accordance with national security interests. These interests are broadly defined and also include national financial stability and autonomy. According to Art. 10 of the Act, any person who wishes to acquire a qualified ownership interest in an undertaking which is subject to the act shall notify the ministry accordingly. In cases where the undertaking does not fall within the area of responsibility of any ministry, such notice shall be given to the National Security Authority.
A qualified ownership interest exists if the acquisition will, overall, give the acquirer, either directly or indirectly,
(i) At least one-third of the share capital, participating interests or votes in the undertaking;
(ii) The right to own at least one-third of the share capital or participating interests, or;
(iii) Significant influence over the management of the company otherwise.
The ministry will then have sixty business days to decide whether to approve or prohibit the relevant transaction. In addition, the law is not sector-specific but rather targets companies that have been brought into the scope of the law on a case-by-case basis.

According to Section 3.5 of the Implementation Framework of the Nigeria Data Protection Regulation, multinational corporations with a subsidiary in Nigeria are mandated to appoint a dedicated Data Protection Officer (DPO) who resides in Nigeria and has direct access to the organisation's management team in the country. This requirement applies to organisations classified as data controllers under any of the following conditions:
- The entity is a governmental body, ministry, department, institution, or agency;
- The organisation’s core activities involve the processing of personal data relating to more than 10,000 data subjects annually;
- The organisation routinely processes sensitive personal data as part of its operations; or
- The organisation holds critical national information infrastructure, as defined under the Cybercrimes Act or any subsequent amendments, which includes personal data.

It is reported that the Nigerian government is increasingly “encouraging” digital companies to establish a physical presence in the country. In 2023, a digital firm, which had its access to the Nigerian web space revoked for an unrelated matter, was required to set up a local office as part of the negotiations to regain its access.

The Federal Competition and Consumer Protection Act, 2018 provides the general framework for consumer protection in Nigeria. However, it is reported that the non-existence of a law on electronic transactions in Nigeria has created an unpredictable legal environment for e-commerce.

Nigeria has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

Nigeria has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.

Nigeria has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

It is reported that importers complain about inconsistent application of customs regulations and lengthy clearance procedures, often due to outdated manual processing systems and corruption. These factors sometimes contribute to product deterioration and result in significant losses for importers. Disputes among Nigerian Government agencies over the interpretation of regulations often cause delays, and frequent changes in customs guidelines slow the movement of goods through Nigerian ports.

Section 11.1 of the Guidelines for Nigerian Content in Information and Communication Technology mandates telecom companies to:
-use locally developed or manufactured software components, equipment, cables, and devices for the provision of communication services;
-use indigenous companies to build network infrastructure (both active and passive). These include but are not limited to cell site towers, base stations, cables, software, and network equipment and ensure that at least 80% of the value and volume are locally sourced;
- Use indigenous companies to provide at least 80% of all value-added services (VAS) and network services on the networks. They must also ensure that such companies are creating at least 80% of the volume and value of services provided locally.

The restrictions also existed in the 2013 Guidelines on Nigerian Content Development in ICT, such as the obligation for all ICT companies (including telecommunication companies) to use only locally manufactured SIM cards for data and telephony services and host their websites on a ".ng" top-level domain. These requirements are no longer in the amended Guidelines. On the other hand, the requirement for ICT companies to use local companies’ networks for at least 60% of all value-added services, as well as source at least 50% of value-added services locally from a Nigerian company, has been revised upwards to 80% in the 2019 Guidelines (Section 11.1).

The 2013 Guidelines on Nigerian Content Development in ICT already contained local content obligations, such as requiring all ICT companies (including telecommunications operators) to use only locally manufactured SIM cards for data and telephony services and to host their websites on a “.ng” top-level domain. These obligations, however, were removed in the amended version of the Guidelines.

The requirements concerning the sourcing of VAS from local companies were strengthened in the 2019 Guidelines for Nigerian Content in Information and Communication Technology. Specifically, Section 11.1 raised the thresholds established in the 2013 Guidelines: ICT companies must now ensure that at least 80%—up from 60%—of all VAS are provided by local companies, and that at least 80%—up from 50%—of the total value of these services is sourced domestically.

According to Section 9.3 of the Guidelines for Nigerian Content in Information and Communication Technology, Hardware Multinational Companies and Original Equipment Manufacturers (OEMs) of ICT products are required to provide a detailed local content development plan for the creation of jobs, recruitment of Nigerians, human capital development, use of indigenous ICT products and services for value creation.
The Guidelines further provide the minimum local content threshold for compliance by indigenous manufacturers in indigenous ICT products. Under Section 9.1 (3), OEMs must maintain at least 40% local content by value and volume either directly or through outsourcing to local manufacturers engaged in any segment of the product value chain. Section 9.2 (4) mandates Indigenous Original Design Manufacturers (ODMs) of ICT products to maintain at least 70% local content by value and volume either directly or through outsourcing to local manufacturers engaged in any segment of the product value chain.
Similar requirements for Hardware Multinational Companies, OEMs, and ODMs were provided in the 2013 Guidelines for Nigerian Content Development in ICT, which have been revised or maintained in the amended 2019 Guidelines. The threshold for local content from local manufacturers is revised down for OEMs from 50% in 2013 to 40% in 2019, and for ODMs, this has been adjusted upwards from 50% in 2013 to 70% in the 2019 Guidelines. Provisions maintained include the requirement for the local content development plan.

Self-certification is not allowed in Nigeria for Radio and Telecommunication equipment. Section 4 (1)(n) of the Nigerian Communications Act of 2003 mandates the Nigerian Communications Commission (NCC) to carry out type approval tests on communications equipment and issue certificates based on relevant technical specifications and standards. Otherwise, selling or installing any communications equipment or facilities without first obtaining the Commission’s type approval test certificate is an offence and, on conviction, punishable by a fine or imprisonment, or both fine and imprisonment.

In 2013, the National Information Technology Development Agency (NITDA) released guidelines on Nigerian content development in information and communications technology, which were subsequently amended in 2019. These guidelines, applicable to both public sector entities and private enterprises, require multinational companies to provide verifiable documentation and execute affidavits concerning the origin, safety, source, and operational aspects of software being sold and deployed within Nigeria in order to "ascertain the full security of the product and protect national security" as well as to assure the full security of source code.

In Nigeria, the law sets out the conditions for the interception of encrypted communications, including the power to require licensees to provide relevant security agencies with the key, code, or access to the protected or encrypted communication. Rule 9 of the Lawful Interception of Communications Regulations states that, notwithstanding any other law in force, no licensee shall provide any communications services which cannot be monitored and intercepted. Rule 10 of the Regulations stipulates that, when required by the Commission, the companies licensed have to install interception capabilities that allow or permit the interception of communications. Rule 16 states that a licensee failing to comply with the provisions of these Regulations shall be liable to a fine, or the commission may revoke the license.

According to Section 4.4.8 of the Guidelines on Point-of-Sale Card Acceptance Services, all domestic transactions in Nigeria, including but not limited to POS and ATM transactions, must be switched using the services of a local switch and shall not under any circumstance be routed outside Nigeria for switching between Nigerian issuers and acquirers.

According to Section 3.6.1 of the Guidelines on International Money Transfer Services, there is a limit of USD 2,000 per transaction for foreign transfers, subject to periodic review by the Central Bank of Nigeria. It is reported that entrepreneurs are not able to accept credit card payments over the Internet due to legal and business concerns.