According to the Instruction No. 8/GR/2019 issued by the Governor of the Bank of Central African States to facilitate the interpretation and implementation of the Economic and Monetary Community of Central Africa (CEMAC) Regulation 02/18/CEMAC/UMAC/CM, for the remote settlement of transactions, including online payments, the limit is 1 million XAF (approx. USD 1,700) per month and per person. According to Arts. 7-8 above this limit, justification needs to be provided before or after operation within 30 days by any means providing acknowledgment thereof. The Instruction provides guidance on the provision of Art. 34 of the Regulation, which implements certain limits for the use of electronic payment instruments outside the CEMAC and applies to the six CEMAC member states, including Congo.

Art. 145 of the Law on Electronic Communication mandates the persons or suppliers of cryptology service to disclose the technical characteristics of the source code of the software to be used by the National Agency for Information Systems Security (ANSSI).

Self-certification is not allowed for foreign companies. Certification must approved by the Congolese Agency of Normalization and Quality. Can be subject to certification of conformity to standards, products, goods and services, management systems and skills of people.

According to the Article 54 of the Electronic Communication Law, the acquisitions of electronic communications terminal equipments are subject to approval of the regulatory agency. The purpose of the approval is to ensure compliance with the essential requirements of equipment with standards and technical specifications in force in Congo.

There is reportedly arbitrary, irregular or uneven application of customs regulations at the border. In addition, a lack of understanding of the proper application and enforcement of customs regulations by government inspectors, which can contribute to difficulties for trading partners and investors.

It is reported that the Republic of Congo government has at times cut internet, SMS, and even voice access during times of anticipated political tensions or security challenges.

The indicator "6.2.4 - Government Internet shut down in practice" of the V-Dem Dataset, which measures whether the government has the technical capacity to actively make internet service cease, thus interrupting domestic access to the internet or whether the government has decided to do so, has a score of 2 in Congo. This corresponds to "The government shut down domestic access to the Internet several times this year."

A basic legal framework on intermediary liability beyond copyright infringement is absent in Congo's law and jurisprudence. However, some regulations such as Law No. 9-2009 on Electronic Communication sector and Law No. 29-2019 on the Protection of Personal are relevant to the subject.

Art. 130 of the Electronic Communication Sector Law requires user identification for telecommunications service providers. This is to record and maintain personal information on mobile telecommunication subscribers. The Decree No. 12524 clarifies that both the national identity card and the full address are required for identification.

A basic legal framework on intermediary liability for copyright infringement is absent in Congo's law and jurisprudence. However, some regulations such as Law No. 9-2009 on Electronic Communication sector and Law No. 29-2019 on the Protection of Personal are relevant to the subject.

Articles 71 and 72 of the Law on Protection of Personal Data require that data managers involved in the processing of personal data set up a procedure to test, analyze, and evaluate the effectiveness of technical and organizational measures to ensure the security of processing.

The Republic of Congo has not joined any free trade agreement committing to open transfers of cross-border data flows.

Personal data in the Republic of the Congo is regulated by the Data Privacy Act of 2019 and the Cybersecurity Act of 2020.

Law No. 29-2019 states that the transfer of data abroad is possible if:
- the third country ensures a sufficient level of protection of privacy, fundamental rights and freedoms of people (Art. 23),
- the person to whom the data relates has agreed to their transfer;
- the transfer is necessary to protect that person's life, to safeguard the public interest and the execution of the contract between the interested party and the data manager (Art. 24).

The Republic of Congo has not appended the World Trade Organization (WTO) Telecom Reference Paper to its schedule of commitments.