Database

Browse Database

CAMBODIA

Since July 2012

Pillar Online sales and transactions  |  Indicator Threshold for ‘De Minimis’ rule
Circular 004 MEF on the Procedures for Low Value Goods
According to Circular 004 MEF on the Procedures for Low Value Goods, the de minimis threshold, that is, the minimum value of goods below which customs do not charge duties, is USD 50, below the USD 200 threshold recommended by the International Chamber of Commerce (ICC).
Coverage Horizontal

CAMBODIA

Since December 2021
Since April 2022

Pillar Online sales and transactions  |  Indicator Restrictions on domain names
Sub-Decree No. 287 On Management and Use of National Domain Names on the Internet (អនុក្រឹត្យលេខ ២៨៧ អនក្រ.បក ស្តីពីការគ្រប់គ្រងនិងការប្រើប្រាស់ឈ្មោះដែនជាតិនៅក្នុងប្រព័ន្ធអុីនធឺណិត)
Joint Notification No. 873
Pursuant to Art. 7 of Sub-Decree No. 287 and Joint Notification No. 873, issued by the Ministry of Commerce (MOC) and the Ministry of Posts and Telecommunications (MPTC), registered companies in Cambodia are required to use a local domain name such as ".com.kh" for their websites and email addresses. Furthermore, pursuant to Notification No. 837, issued in April 2022 by the MOC and MEF, all companies operating in Cambodia must use a national second-level domain name and an email address with that domain when filing annual declarations of commercial enterprises. Domain names are valid for 1 year before they must be renewed.
Coverage Horizontal

CAMBODIA

Since November 2019
Since November 2019, entry into force in May 2020

Pillar Online sales and transactions  |  Indicator Framework for consumer protection applicable to online commerce
Royal Code No. NS/RKM/1119/016, Law on Consumer Protection (ច្បាប់ ស្តីពី កិច្ចការពារអ្នកប្រើប្រាស់)

E-Commerce Law (ច្បាប់ស្តីពី ពាណិជ្ជកម្មតាមប្រព័ន្ធអេឡិចត្រូនិក)
The Law on Consumer Protection and the Law on Electronic Commerce provide a comprehensive framework for consumer protection that also applies to online transactions. According to Art. 27 of the Law on Consumer Protection, it is required for businesses to disclose information related to the kind, grade, safety, quantity, origin, function of use, maintenance, composition, design, assembly, usage, price, packaging, advertising or supplying, manufacturing date and expiry date, information about production or information related to the supply of goods or services. The application of these requirements to e-commerce is confirmed by Art. 33 of the Law on Electronic Commerce, which requires any person using electronic communications for commercial activities with consumers to comply with all other provisions and regulations related to consumer protection.
Coverage Horizontal

CAMBODIA

N/A

Pillar Online sales and transactions  |  Indicator Ratification of the UN Convention on the Use of Electronic Communications in International Contracts
Lack of signature of the UN Convention on the Use of Electronic Communications in International Contracts
Cambodia has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.
Coverage Horizontal

CAMBODIA

Since November 2019, entry into force in May 2020

Pillar Online sales and transactions  |  Indicator UNCITRAL Model Law on Electronic Commerce
E-Commerce Law (ច្បាប់ស្តីពី ពាណិជ្ជកម្មតាមប្រព័ន្ធអេឡិចត្រូនិក)
Cambodia enacted the E-Commerce Law, drawing upon the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.
Coverage Horizontal

CAMBODIA

Since May 2005, last amended in January 2022

Pillar Cross-border data policies  |  Indicator Local storage requirement
Law on Commercial Enterprise (ច្បាប់ស្តីពីសហគ្រាសពាណិជ្ជកម្មជាភាសាខ្មែរ)
Pursuant to Art. 109 of the Law on Commercial Enterprises, a company is required to prepare and maintain at its registered office in the Kingdom of Cambodia the following corporate records: the articles of incorporation and by-laws, together with any amendments thereto; minutes of meetings and resolutions of shareholders; copies of all notices mandated by law to be issued or filed; and a register of securities. In addition, in accordance with Art. 113, a company must also prepare and retain adequate accounting records for a minimum period of ten years following the conclusion of the financial year to which such records pertain. In instances where these accounting records are maintained outside Cambodia, duplicate copies must be preserved at the company’s registered office within the country.
Coverage Horizontal

CAMBODIA

Since July 2007

Pillar Cross-border data policies  |  Indicator Local storage requirement
Law on Customs (ច្បាប់គយ និងបទប្បញ្ញត្តិ)
Art. 51 of the Law on Customs stipulates that all individuals or entities engaged in the import or export of goods must maintain accurate documentation, including books, records, and other information, in both digital and traditional formats. These records must be retained for a minimum of 10 years at the business premises in Cambodia. This obligation extends to importers, exporters, customs brokers, operators of customs temporary storage facilities and customs bonded warehouses, transportation operators, and other relevant parties.
Coverage Entities engaged in the import or export of goods

CAMBODIA

Since December 2021

Pillar Cross-border data policies  |  Indicator Infrastructure requirement
Sub-Decree No. 287 on Management and Use of National Domain Names on the Internet (អនុក្រឹត្យលេខ ២៨៧ អនក្រ.បក ស្តីពី ការគ្រប់គ្រងនិងការប្រើប្រាស់ឈ្មោះដែនជាតិក្នុងប្រព័ន្ធអុីនធឺណិត)
Art. 6 of Sub-Decree No. 287 stipulates that ministries and governmental institutions intending to utilise the national domain name designated for such entities must store their data within the Kingdom of Cambodia. The Ministry of Post and Telecommunications is responsible for hosting and storing the data of all ministries and governmental institutions using national domain names, either in the national data centre or in a government-operated data centre.
Coverage Public sector

CAMBODIA

N/A

Pillar Cross-border data policies  |  Indicator Participation in trade agreements committing to open cross-border data flows
Lack of participation in agreements with binding commitments on data flows
Cambodia has not joined any agreement with binding commitments to open transfers of data across borders. Art. 12.15 of the Regional Comprehensive Economic Partnership (RCEP) recognises that each party may maintain its own regulatory requirements governing cross‑border transfers of information by electronic means and stipulates that such transfers shall not be restricted when undertaken for the conduct of business by a covered person; however, the article simultaneously allows parties to adopt or maintain any measures they themselves deem necessary to achieve a legitimate public policy objective, as well as any measures necessary to protect essential security interests, with the parties expressly affirming that the determination of such necessity lies solely with the implementing party and that such measures shall not be subject to dispute. It is reported that this formulation enables the parties to preserve their domestic data‑control regime under the rubric of national security without risking inter‑state disputes, and that the relative weakness of Chapter 12 renders its provisions largely ineffectual in facilitating the liberalisation of cross‑border data flows, particularly because the clause entrusting necessity assessments to the implementing party effectively permits any measure to be characterised as legitimate at that party’s discretion.
Coverage Horizontal

CAMBODIA

N/A

Pillar Domestic data policies  |  Indicator Framework for data protection
Lack of comprehensive data protection law
There is currently no comprehensive data protection regime in Cambodia. However, certain general privacy provisions exist in the 2010 Constitution of the Kingdom of Cambodia (Art. 40), the 2007 Civil Code (Art. 10), the 2009 Penal Code (Arts. 301, 302, 314, 318, and 427), and the Telecommunications Law (Art. 56). In addition, the Law on Electronic Commerce includes some measures to protect consumer data collected through electronic communication; notably, Art. 32 prohibits interference with, or unauthorised access to, data held by others. Sub-Decree No. 252 on the Management, Use, and Protection of Personally Identifiable Data further applies to data in the custody of the Ministry of Interior (MOI). It is reported that the Ministry of Posts and Telecommunications (MPTC) has already circulated a draft Personal Data Protection Law to selected companies for comment and held a consultative workshop on the draft in December 2024. However, as of 2025, this law has not yet been enacted.
Coverage Horizontal

CAMBODIA

Since February 2021

Pillar Domestic data policies  |  Indicator Minimum period for data retention
Sub-Decree No. 23 on the Establishment of National Internet Gateway (អនុក្រឹត្យលេខ ២៣ ស្ដីពីការបង្កើតច្រកទ្វារអ៊ីនធឺណិតជាតិ)
Art. 14 of Sub-Decree No. 23 imposes an obligation on National Internet Gateway (NIG) operators to retain traffic data for a year. The National Internet Gateway is the gateway through which all Internet services must be connected, both nationally and internationally. Traffic refers to the amount of data that passes through a network in one second (Annex 1). NIG operators shall maintain technical records, IP address allocation table, and route identification of traffic transiting through NIG for the last 12 months. It is reported that Art. 14 means the operator(s) of the NIG can track the activities of all internet users in Cambodia, including a user’s browser history and unencrypted search history for up to 12 months. Art. 13 imposes an obligation on NIG operators to report and monitor traffic data and submit monthly, quarterly, semi-annual, third-quarterly, and annual traffic reports within seven days after the end of each month, quarter, semester, third-quarter and year to both the Telecommunication Regulator of Cambodia (TRC) and the Ministry of Posts and Telecommunications (MPTC). It is reported that, although the law is in force, it has not yet been implemented in practice.
Coverage National Internet Gateway operators

CAMBODIA

Since December 2015

Pillar Domestic data policies  |  Indicator Requirement to allow the government to access personal data collected
Law on Telecommunications (ច្បាប់ ស្តីពី ទូរគមនាគមន៍)
Art. 6 of the Law on Telecommunications requires that all telecommunications operators and persons involved with the telecommunications sector shall provide "telecommunications information and communication technology service data" to the Ministry of Post and Telecommunications. In practice, this gives the Ministry unfettered rights to demand that all telecommunications service providers provide data on their service users. This could serve as an obligation for companies to surrender data without the requirement of a judicial warrant or other safeguards protecting privacy rights.
Art. 97 of the law permits the secret surveillance of any telecommunications where it is conducted with the approval of a “legitimate authority.” There is no definition of what constitutes a “legitimate authority”. This appears to create a power to secretly eavesdrop without any public accountability or safeguards to protect individuals’ right to privacy.
Coverage Telecommunications sector

CAMBODIA

Since February 2021

Pillar Domestic data policies  |  Indicator Requirement to allow the government to access personal data collected
Sub-Decree No. 23 on the Establishment of National Internet Gateway (អនុក្រឹត្យលេខ ២៣ ស្ដីពីការបង្កើតច្រកទ្វារអ៊ីនធឺណិតជាតិ)
It is reported that some articles of Sub-Decree No. 23 may require the government to have direct access to personal data collected. Art. 14 establishes that the Ministry of Post and Telecommunications (MPTC) and Telecommunication Regulator of Cambodia (TRC) can monitor the infrastructure, connections, and equipment of the National Internet Gateway (NIG). NIG refers to the gateway through which all Internet services must be connected, both nationally and internationally (Annex 1). NIG operators shall:
- Prepare and maintain technical records, IP Address allocation table, and route identification of traffic transiting through NIG;
- Compile and maintain reports and relevant documents concerning the connections and all Internet traffic;
- Provide other information as required by the MPTC and TRC.
It is reported that, although the law is in force, it has not yet been implemented in practice.
Coverage National Internet Gateway operators
Sources

CAMBODIA

Since November 2019, entry into force in May 2020

Pillar Intermediary liability  |  Indicator Safe harbour for intermediaries for copyright infringement
E-Commerce Law (ច្បាប់ស្តីពី ពាណិជ្ជកម្មតាមប្រព័ន្ធអេឡិចត្រូនិក)
The E-commerce Law establishes a safe harbour regime for intermediaries for copyright infringements. According to Art. 24 of the law, internet intermediaries are not liable for unlawful third-party content on their online platforms. However, they must comply with mandatory content-removal procedures upon becoming aware of such content (Art. 25). Additionally, pursuant to Art. 27, intermediaries are obligated to comply with an e-commerce code of conduct.
Coverage Internet intermediaries

CAMBODIA

Since November 2019, entry into force in May 2020

Pillar Intermediary liability  |  Indicator Safe harbour for intermediaries for any activity other than copyright infringement
E-Commerce Law (ច្បាប់ស្តីពី ពាណិជ្ជកម្មតាមប្រព័ន្ធអេឡិចត្រូនិក)
The E-commerce Law establishes a safe harbour regime for intermediaries beyond copyright infringements. According to Art. 24 of the law, internet intermediaries are not liable for unlawful third-party content on their online platforms. However, they must comply with mandatory content-removal procedures upon becoming aware of such content (Art. 25). Additionally, pursuant to Art. 27, intermediaries are obligated to comply with an e-commerce code of conduct.
Coverage Internet intermediaries

Report issue     Report new measure