Chad has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

Law No. 08/PR/2015 concerning electronic transactions and the Consumer Protection Law provide a comprehensive consumer protection framework that applies to online transactions. Consumer protection for online commerce is granted under Chapter IV, Section II of Law No. 08/PR/2015 of 2015 concerning electronic transactions. In addition, Chad has Consumer Protection Law No. 005/PR/2015 applicable to online transactions.

Chad has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

It is reported that the de minimis threshold, that is the minimum value of goods below which customs do not charge duties, is USD 58, below the 200 USD threshold recommended by the International Chamber of Commerce (ICC).

According to the Instruction No. 8/GR/2019 issued by the Governor of the Bank of Central African States to facilitate the interpretation and implementation of the Economic and Monetary Community of Central Africa (CEMAC) Regulation 02/18/CEMAC/UMAC/CM, for the remote settlement of transactions, including online payments, the limit is 1 million XAF (approx. USD 1,700) per month and per person. According to Arts. 7-8 above this limit, justification needs to be provided before or after operation within 30 days by any means providing acknowledgment thereof. The Instruction provides guidance on the provision of Art. 34 of the Regulation, which implements certain limits for the use of electronic payment instruments outside the CEMAC and applies to the six CEMAC member states, including Chad.

The regime of approval of telecommunications equipment is set out in Order No. 036/MPTIC/SG. Art. 16 establishes that the Office Tchadien de Régulation des Télécommunications (OTRT, Chadian Office of Telecommunications Regulation) - which has now become the Autorité de Régulation des Communications Électroniques et des Postes (ARCEP, Regulatory Authority for Electronic Communications and Posts) - determines the procedure for the approval of equipment and national and international laboratories, as well as the conditions for the recognition of standards and specializations and techniques. ARCEP may accept test reports or certificates of conformity from approved bodies in foreign countries.

According to Order No. 036 / MPTIC / SG / 2011 laying down the modalities and procedures for the approval of telecommunications terminal equipment. The importation of telecommunications equipment is subject to obtaining an approval issued by the Chadian Telecommunications Regulatory Office (OTRT) (Arts 4(a) and 12(a)).

Cryptographic services are under the authority of the National Agency for Computer Security and eCertification (ANSICE). Provision of cryptographic services without licensing, registration or authorization is a criminal offence under section V of Law No. 009/PR/2015 on Cybersecurity and Cybercrime, punishable by fines in the range of USD 1,830 to 18,306, and/or imprisonment of between one and five years.

It is reported that Chadian authorities have implemented long internet shutdowns ahead of the presidential election in April 2021. Over the period 2016-2021, it is reported that authorities have restricted the internet during mobilisations, accounting for almost two and half years of internet cuts or disruptions since 2016, according to several organisations.

The indicator "6.2.4 - Government Internet shut down in practice" of the V-Dem Dataset, which measures whether the government has the technical capacity to actively make internet service cease, thus interrupting domestic access to the internet or whether the government has decided to do so, has a score of 1 in Chad. This corresponds to "The government shut down domestic access to the Internet numerous times this year."

It is reported that the Chadian government filtered content online and blocked popular messaging applications, including the blocking of WhatsApp from 22 July to 18 August 2020. The government authorities reportedly took these drastic measures to prevent the dissemination of a video and images showing a Chadian military officer opening fire on a mechanic. It is also reported that in 2017 social media platforms and messaging apps, including Facebook, Twitter, WhatsApp, and Viber, were blocked in Chad as part of internet censorship.

According to Art. 95 of Law No. 14 of 2014, telephone operators and internet access providers are required to ensure the identification of their subscribers. If they do not comply, they are liable to the criminal and pecuniary sanctions provided for by this law.

The Law No-08-PR-2015 establishes a safe harbour regime for intermediaries for copyright infringements. Art. 92 prescribes for immunity of internet intermediaries provided that the service provider: (a) is not the source of the transmission; (b) does not select the recipient of the transmission; (c) does not select or modify the information that is the subject of the transmission. Under Art. 94, an intermediary service provider is not responsible for the information stored at the request of a recipient of the service provided that:
- the service provider has no actual knowledge of the illicit nature of the activity or information
- the service provider, as soon as it has such knowledge, following voluntary checks or on the basis of serious information communicated by a third party, acts promptly to remove the information or to restore access to it impossible.
In addition, when the intermediary service provider becomes aware of the illicit content, Art. 95 mandates that they should communicate it immediately to the certification authority which in turn approaches the public prosecutor to take necessary measures to seize the data. As long as the judicial authority has not taken any decisions on the matter, the service provider can only take measures aimed at preventing access to the information. Similar degree of safe harbour is provided under Art. 55 of Law No. 09 of 2015 on Cybersecurity and the fight against Cybercrime.

The Law No-08-PR-2015 establishes a safe harbour regime for intermediaries beyond copyright infringements. Art. 92 prescribes for immunity of internet intermediaries provided that the service provider: (a) is not the source of the transmission; (b) does not select the recipient of the transmission; (c) does not select or modify the information that is the subject of the transmission. Under Art. 94, an intermediary service provider is not responsible for the information stored at the request of a recipient of the service provided that:
- the service provider has no actual knowledge of the illicit nature of the activity or information
- the service provider, as soon as it has such knowledge, following voluntary checks or on the basis of serious information communicated by a third party, acts promptly to remove the information or to restore access to it impossible.
In addition, when the intermediary service provider becomes aware of the illicit content, Art. 95 mandates that they should communicate it immediately to the certification authority which in turn approaches the public prosecutor to take necessary measures to seize the data. As long as the judicial authority has not taken any decisions on the matter, the service provider can only take measures aimed at preventing access to the information. Similar degree of safe harbour is provided under Art. 55 of Law No. 09 of 2015 on Cybersecurity and the fight against Cybercrime.

Art. 51 of Law No. 009 of 2015 on Cybersecurity and Cybercrime mandates communications service providers to retain data that enables the identification of any person who contributed to content creation in services they provide for 10 years (according to Art. 4 of the Law, communication service is a service consisting entirely or mainly of the provision of electronic communications, excluding the contents of audiovisual communication services). This is despite the sub-regional legislation of CEMAC, to which Chad belongs, provides for a maximum duration of two years during which the States can allow operators to keep traffic data for security reasons.