Eswatini does not implement any de minimis threshold, which is the minimum value of goods below which customs do not charge duties.

According to Section 13 of the Domain Name Administration Regulations, the registration of a ".sz" domain name is only available to persons domiciled or corporate bodies registered in the Kingdom of Swaziland. The two-letter abbreviation refers to Swaziland, the country's former name from 1968 to 2018.

Eswatini does not have a legal framework that applies consumer protection to online transactions.

Eswatini has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

Eswatini has adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.

Eswatini has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

Under Art. 10 of the Electronic Communications Act 2013, the Swaziland Communications Commission is responsible for regulating individuals or entities wishing to operate an electronic communications network or provide an electronic communications service requiring a licence. In accordance with Art. 5 of the Electronic Communications Regulations 2016, the Commission may issue individual licences for: (i) electronic communications services that require the use of numbering resources; (ii) electronic communications networks; and (iii) the use of specific frequency spectrum bands. The Commission also has the authority to determine the number of individual licences available for a particular category (Art. 5.7).
The criteria for awarding licences are determined on a case-by-case basis, considering the type of licence, the market's development at the time, and its structure. As outlined in section 11.8 of the Regulations, the criteria shall also take into account, among other factors: (i) national universal access and service objectives; (ii) local ownership requirements; (iii) the technical expertise of the applicant; and (iv) the business plan and financial viability of the project.

Eswatini has not appended the World Trade Organization (WTO) Telecom Reference Paper to its schedule of commitments.

It is reported that the Eswatini Communications Commission (ESCCOM), the executive authority for the supervision and administration of services in the telecommunications sector, is independent from the government in the decision-making process.

Section 32.1 of the Data Protection Act provides that if a Southern African Development Community (SADC) Member State has transposed the requirements under the SADC Model Law on Data Protection, the transfer of data is permitted. SADC is an economic block covering 16 countries in Southern Africa. Moreover, the transfer is permitted where the recipient establishes that the data is necessary for the performance of a task carried out in the public interest or pursuant to the lawful functions of the data controller or where the recipient establishes the necessity of having the data transferred and there is no reason to assume that the data subject's legitimate interests might be prejudiced by the transfer or the processing in the Member State (Sections 32(1)(a) and (b)).
In addition, Section 33 of the Act permits the transfer of personal information to other recipients if an adequate level of protection is ensured in the country and the data is transferred solely to permit processing authorised by the controller. Apart from the above requirements, transfers of personal data are permitted where the data subject has unambiguously given their consent to the proposed transfer; the transfer is necessary for the performance of a contract between the data subject and the controller or the implementation of pre-contractual measures taken in response to the request of the data subject, among others (Sections 33(4)(a-f)).

Eswatini has not joined any free trade agreement committing to open transfers of cross-border data flows.

The Data Protection Act provides a comprehensive regime of data protection in Eswatini. The Act is Eswatini's first comprehensive privacy legislation governing the collection, processing, and disclosure of personal data. Moreover, the Act outlines the responsibilities of the Eswatini Communications Commission, as well as the requirements for processing personal information, including retention periods and data security requirements. In addition, the Act provides for several data subject rights, such as the right to access and correct personal information, and includes general provisions on unsolicited electronic communications, as well as automated decision-making. Before this law, data protection was covered by sectoral laws, including the Swaziland Communications Commission (Subscriber) Regulations, Swaziland Commission (Consumer Protection) Regulations, 2016, and the Financial Institutions Act.

Section 10.2 (a) and (b) of the Electronic Communications (Subscriber Registration) Regulations on Data protection provides that personal information shall be stored by the licensee for a period of five years after a customer has cancelled a contract with the licensee or where the licensee has ended the services provided to the customer. In this Regulation, in accordance with Section 2 (Interpretation), licensee means any electronic communications service licensed by the Eswatini Communications Commission (ESCCOM) for the provision of electronic communications services in Eswatini.

A basic legal framework on intermediary liability for copyright infringement is absent in Eswatini's law and jurisprudence.

A basic legal framework on intermediary liability beyond copyright infringement is absent in Eswatini's law and jurisprudence.