It is reported that the de minimis threshold, that is the minimum value of goods below which customs do not charge duties, is USD 100, below the 200 USD threshold recommended by the International Chamber of Commerce (ICC).

According to Art. 29 of Law No. 058/2021 of 13/10/2021 Relating to the Protection of Personal Data and Privacy, any person intending to act as a data controller or data processor must register with the National Cyber Security Authority (NCSA). As specified in Section 3.4 of the Guide on Data Controller & Data Processor Registration, data controllers and data processors are required to submit the following documents for registration:
- Memorandum of Understanding (MoU) or agreement with a local representative (if the controller/processor is neither established nor resident in Rwanda but processes data of individuals located in Rwanda, as established in Art. 39 of the No. 058/2021);
- Application letter addressed to the Chief Executive Officer of NCSA;
- Application form;
- Operating certificate or licence of the company (e.g. Rwanda Development Board certificate, Rwanda Utilities Regulatory Authority licence, Rwanda Central Bank licence, etc.);
- Copy of a valid National Identification Card or passport of the data protection officer;
- Hosting invoice, receipt, or agreement;
- Company or institution profile.
The supervisory authority must issue a registration certificate to any applicant who meets the requirements within 30 working days from the date of receipt of the application. The validity period of the registration certificate will correspond to the validity of the submitted operating licence.

Law No. 36/2012 on Competition and Consumer Protection provides a comprehensive consumer protection framework that applies to online transactions. The law is in place to promote fair competition, provide consumers access to products and services at competitive prices and better quality, and create an environment that is conducive to investment.

Rwanda has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

Rwanda has adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.

Rwanda has adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

Under Art. 210 of the Law Governing Information Communication and Technologies, all licensed electronic communications service providers in Rwanda are required to register the complete personal details of subscribers or SIM card holders using their networks or services. The Regulatory Authority oversees the registration process by issuing related regulations and ensuring compliance.
Moreover, according to Art. 4 of Regulation No. 18/R/SM-ICT/RURA/2024, all licensees operating in Rwanda must register all SIM card holders using their network services. As specified in Art. 7, for national citizens, the information required for the registry includes: full names, date of birth, identity card number, a clear scanned copy of the passport or national identity card, nationality, registered telephone number, sex, and biometric data.
In addition, as established in Art. 8, the registration process for foreigners without a resident permit (or visitors) must include the following: the travel document used for entry into the country, fingerprint verification, and biometric data, which must match the travel document information. This process must be conducted manually and in the physical presence of the applicant.

According to Art. 53 of Law No. 24/2016 of 18/06/2016 Governing Information Communication and Technologies, the Rwandan government holds the authority to suspend telecommunications services indefinitely—either in general or in relation to specific communications—when deemed necessary to preserve national integrity. In practice, this has translated into reported cases of online blocking targeting independent media platforms and news websites. Among the affected outlets are 15 online radio stations and websites, including The Rwandan, Rugali, and Le Prophète. Since 2019, reciprocal restrictions with Uganda have resulted in the continued blocking of several Ugandan news sources by the Rwanda Utilities Regulatory Authority (RURA), including Daily Monitor, The Observer, and The Independent. While most international news platforms remain accessible, the website of Agence France-Presse exhibited signs of disruption in 2024.

According to Art. 2 of the Regulation Governing Cybersecurity, there is a licensing scheme for all ICT infrastructure and services, which include data, systems, equipment, networks and applications.

The Regulations Governing the Licensing of Multimedia Services impose licensing requirements for online newspapers, internet radio services, internet TV services, video-on-demand (VoD) services, IPTV, mobile TV services, and other related multimedia services.

Art. 40 of the Law Governing Information Communication and Technologies establishes licensing requirements for various categories of electronic communications services. These categories are broadly defined and may encompass services that are not strictly related to broadcast or broadband spectrum use. As a result, the licensing requirement potentially extends to nearly all Internet service providers and related businesses, including digital news platforms.
The categories include:
- Application service licensees: Entities that offer services built upon the infrastructure of network service providers, such as sound transmission, electronic data storage, internet access, and other forms of information transfer.
- Content service licensees: Entities that deliver content via communications networks, including satellite television, radio earth station transmissions, online information access platforms, and other electronic communications services.

Rwanda has established a regulatory framework to control the importation of used information and communication technology (ICT) equipment. Ministerial Guidelines No. 1 of 25 October 2011 prohibit the import of used computers for commercial purposes into Rwandan territory (Art. 6). Nevertheless, Arts. 7 to 14 outline specific exemptions, including imports for educational institutions and personal use. Complementing these provisions, Regulation No. 5/2022, which governs the trade in used electrical and electronic equipment, introduces a licensing regime for the importation of such goods. The list of authorised used equipment permitted for importation and marketing is detailed in Annex II to the Regulation.

It has been reported that import duties are applied inconsistently; for instance, local customs officials have attempted to charge importers duties based on their perception of the value of an import, regardless of the actual purchase price. This may limit the volume of ICT products that can be imported.

In Rwanda, a Simplified Type Approval Regime is issued following a third-party certification from Conformity Assessment Bodies recognised by the Regulatory Authority; as such, there is recognition of test reports and certificates.
Under Art. 17 of Regulation No. 011/R/STD-ICT/RURA/020 of 29/05/2020, Governing Importation, Supply and Type Approval for Electronic Communication Equipment, the Electronic Communications Equipment (ECE) that possesses the appropriate Certificate of Compliance from either a National Regulatory Authority or a Conformity Assessment Body recognised by the Regulatory Authority confirming compliance with the required standards may be eligible for Simplified Type Approval Regime.
Additionally, under Art. 35, any test report from an accredited testing laboratory is only accepted by the regulatory authority if it is in compliance with ISO/IEC 17025 and/or certified by an accreditation body that is a member of ILAC.

Art. 29 of Annex 2 of Regulation No. 013/R/EC-ICT/RURA/2021 sets out the operational requirements that licensees must follow. This includes, but is not limited to, the purchase of equipment, construction, installation, and facility delivery. The Licensee must give priority to: (i) materials and products made in Rwanda; and (ii) service providers based in Rwanda, owned by Rwandan citizens or companies incorporated under Rwandan law with majority Rwandan ownership—provided this does not compromise safety, efficiency, or cost-effectiveness.
The Licensee is also required to prioritise the employment of Rwandan citizens across all operational phases, while maintaining safety, efficiency, and economy. In addition, it must provide training to Rwandan staff to support their advancement into managerial and technical roles. An annual report must be submitted to the Regulatory Authority detailing the strategies used to meet these obligations.