It has been reported that Cambodia's Customs and Excise Department engages in non-transparent practices that appear arbitrary. Importers frequently cite problems with undue processing delays, burdensome paperwork, and unnecessary formalities.

It is required that several products sold in Cambodia obtain national certification, although this certification is often based on international standards. Foreign manufacturers must sign an agreement with the Institute of Standards of Cambodia (ISC) to obtain local certification. Any entity can apply for a license that would allow it to use the ISC Certification Mark. The license has a validity of three years, which can be extended for three years at a time, subject to satisfactory operation of the license.

According to Art. 26.1 of the E-Commerce Law, e-commerce service providers and intermediaries must obtain e-commerce permits or licenses from the Ministry of Commerce (MOC) in addition to the general business registration. According to Art. 26.2, the licensing regime has two categories: (1) an e-commerce permit (for individual persons and sole proprietorships) and (2) an e-commerce license (for legal persons and branches of foreign companies). In August 2020, Cambodia issued Sub-Decree No. 134, an implementing regulation of the E-Commerce Law, clarifying that a license is required for legal persons and branches of foreign companies carrying out the following activities: e-commerce web services, e-commerce platform services, online market services, online auction website services, and other similar services provided through software or smart devices for the promotion of e-commerce (Art. 5.1).
In addition, pursuant to Art. 5.2 of the Sub-Decree, an E-Commerce permit is required for natural persons and sole proprietors that operate a business via electronic system in Cambodia (including those who conduct business via social media and electronic systems to supply or sell/purchase goods and services). Furthermore, according to Art. 7.1, legal entities or foreign branches that are intermediaries of electronic-commerce service providers must apply for a license at the MOC and meet the following conditions: (i) business registration and tax registration with registered business activities relating to e-commerce; (ii) it must have obtained an Online Service Certificate and domain name from the Ministry of Posts and Telecommunications; (iii) it must use an electronic application or means for operating e-commerce; (iv) the electronic system used by it must be accurate; (v) it must specify the payment method; (vi) it must have a business model and consumer protection form. If it is a legal entity or foreign branch acting as an intermediary, it must enter into a contract with the business service providers. Moreover, in October 2020, the MOC issued the Prakas No. 290 regulation, which set the required documents to apply for e-commerce licenses and permits and detailed procedures and time frames for the MOC to review the applications. The regulation also stipulates the timelines and procedures to renew the permits and licenses, among other things (Arts. 3–8.).
The E-Commerce Law broadly defines e-commerce service providers and intermediaries (Annex). An e-commerce service provider is defined as a "person who uses electronic means to supply goods and/or services except for insurance establishments". On the other hand, intermediary "refers to a person who provides the services of sending, receiving, transmitting or storing services of the electronic communication, either on a temporary or permanent basis, or provides other services relating to the electronic communication, including the following persons: a person representing the sender, receiver, transmitter, or the custodian; telecommunication service providers; network service providers; internet service providers; search engines providers; online payment service providers; online auction service providers; online marketplaces service providers and internet commerce service provider".

Art. 5 of the Law on Foreign Exchange states that foreign exchange operations shall be undertaken solely through authorised intermediaries. These operations include purchases and sales of foreign exchange on the foreign exchange market, transfers, all kinds of international settlements, and capital flows in foreign or domestic currency between Cambodia and the rest of the world or between residents and non-residents. As a result, only banks permanently established in the Kingdom of Cambodia are considered authorised intermediaries for international settlements.

In March 2021, the National Bank of Cambodia (NBC) enforced the Circular on E-KYC Guidance and Transaction Limit for Payment Service in Cambodia, clarifying procedures and information required for payment service institutions to identify customers and to set limits on the daily transaction amounts allowed for each type of customer. The Circular established the Bakong Payment System by the NBC, which is a centralised platform that allows customers to make bank transfers across banks and payment institutions. Based on the Circular, the size of daily transactions permitted depends on the platform, the personal information provided by the customer, and the stage of the payment service institution’s review of the customer’s information. In accordance with the different customer risk levels, customer identification procedures are determined by the four following transaction types: (i) Transactions between Bakong Accounts; (ii) Transactions between Bakong Accounts and Bank Accounts/E-Wallet Accounts; (iii) Transactions between E-Wallet Accounts and E-Wallet Accounts/Bank Accounts and; (iv) Transactions between Bank Accounts and Bank Accounts via Bakong (Backbone).
For transactions falling under items 1 – 3 above, customers are classified into three categories:
- Basic Customers: The transaction limit is KHR 2 million (approx. USD 500) per day;
- Partial KYC: The transaction limit is KHR 12 million (approx. USD 3,000) per day;
- Full KYC: The transaction limit is KHR 40 million (approx. USD 10,000) per day.
- For transactions under item 4, customers are considered full KYC customers, and the transaction limit is KHR 200 million (approx. USD 50,000) per day.

It is reported that the de minimis threshold, that is the minimum value of goods below which customs do not charge duties, is USD 50, below the 200 USD threshold recommended by the International Chamber of Commerce (ICC).

Pursuant to Art. 7 of Sub-Decree No. 287 and Joint Notification No. 873, issued by the Ministry of Commerce (MOC) and the Ministry of Posts and Telecommunications (MPTC), registered companies in Cambodia are required to use a local domain name such as ".com.kh" for their websites and email addresses. The domain names are valid for one year before they have to be renewed.

The Law on Consumer Protection and the Law on Electronic Commerce provide a comprehensive framework for consumer protection that also applies to online transactions. According to Art. 27 of the Law on Consumer Protection, it is required for businesses to disclose information related to the kind, grade, safety, quantity, origin, function of use, maintenance, composition, design, assembly, usage, price, packaging, advertising or supplying, manufacturing date and expiry date, information about production or information related to the supply of goods or services. The application of these requirements to e-commerce is confirmed by Art. 33 of the Law on Electronic Commerce, which requires any person using electronic communications for commercial activities with consumers to comply with all other provisions and regulations related to consumer protection.

Cambodia has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

Cambodia has adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.

Cambodia has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

It is reported that although the Telecommunication Regulator of Cambodia (TRC), the executive authority for the supervision and administration of services in the telecommunications sector, proclaims itself to be an autonomous public entity independent from the government in the decision-making process, the Telecommunications Law significantly undermined its independence by granting the Ministry of Posts and Telecommunications (MPTC) ultimate authority over the regulator. The TRC’s lack of independence was reportedly demonstrated in 2017 when it followed the MPTC’s order to block access to the Cambodia Daily and other news sites in the run-up to the general election in July 2018.

In March 2012, the Cambodia Custom and Excise General Department announced a ban on the import of old computers and spare parts for occupational purposes, except for self-consumption and/or charity, in a minor amount.

Art. 51 of the Law on Customs stipulates that all individuals or entities engaged in the import or export of goods must maintain accurate documentation, including books, records, and other information, in both digital and traditional formats. These records must be retained for a minimum of ten years at the premises of the business in Cambodia. This obligation extends to importers, exporters, customs brokers, operators of customs temporary storage facilities and customs bonded warehouses, transportation operators, and other relevant parties.

Cambodia has not joined any agreement with binding commitments to open transfers of data across borders.