According to Art. 15 of the Peruvian Data Protection Law and Art. 19 of its Regulation N. 003-2013-JUS, personal data can be transferred to other countries whose data protection level is considered to be adequate. If the recipient country does not have an adequate level of protection, the data transmitter must guarantee that the processing of the personal data is made in accordance with the Peruvian legal framework. This provision is not applicable in the following cases:
- when the data subject has granted their consent to the transfer of their data under these conditions;
- the transmission of personal data is conducted within the framework of international judicial cooperation or the application of international trade in this regard;
- international cooperation among intelligence agencies;
- when the personal data is necessary for the execution of a contractual relationship with the data subject;
- when referring to banking and security transfers;
- when the transfer is made for the purposes of protecting, preventing, diagnosing, and providing medical treatment to the data subject.

According to Art. 13.11 of the First Amending Protocol (which amends the Additional Protocol to the Framework Agreement of the Pacific Alliance), the four parties (Chile, Colombia, Peru and Mexico) commit to allowing cross-border information transfers through electronic means, including also the transfer of personal data for business activities. Moreover, in Art. 13.11.bis the parties commit to ban forced localisation of computer facilities in their national territories. Other binding commitments on data flows can be found in Article 14.11.2 of the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP) and in Art. 13.11.2 of the Peru-Australia Free Trade Agreement.

Peru has a data protection framework in place. Law No. 29,733 aims to assure the fundamental right to the protection of personal data. The Regulation of the Data Protection Law, title III, regulates data treatment by both public and private entities.

The Second Final Supplementary of Decree N. 1182, on the preservation of data derived from telecommunications, states that the concessionaires of public telecommunications services and the public entities related to these services must keep the data derived from telecommunications during the first 12 months in computer systems that allow their consultation and delivery online and in real-time. At the end of the aforementioned period, they must keep said data for an additional 24 months in an electronic storage system. The delivery of data stored for a period not exceeding twelve months is done online and in real-time after receiving judicial authorisation. In the case of data stored for a period greater than 12 months, it will be delivered within 7 days following the judicial authorisation under responsibility.

A basic legal framework on intermediary liability for copyright infringement is absent in Peru's law and jurisprudence. In addition, complaints are reported regarding long-standing enforcement problems with the intellectual property (IP) provisions of the Peru-US Free Trade Agreement (Chapter 16, Art. 16.11.29), in particular with respect to the establishment of statutory damages for copyright infringement and trademark counterfeiting, and the notice and takedown and safe harbour system for Internet Service Providers (ISPs). Moreover, this is reiterated with respect to the rules relating to ISP liability in the EU-Peru-Colombia-Ecuador Agreement (Section 29). Finally, the Comprehensive Trans-Pacific Partnership Agreement, Chapter 18, Art. 18.82, includes relevant provisions limiting ISP liability and promoting a safe harbour for ISPs. However, the national implementation of intermediate liability rules for service providers is still pending, and there is no clear timetable.

A basic legal framework on intermediary liability beyond copyright infringement is absent in Peru's law and jurisprudence.

Art. 11 of the Resolution of the Board of Directors N. 138-2012-CD-OSIPTEL by the regulatory agency OSIPTEL ("Organismo Supervisor de la Inversión Privada en Telecomunicaciones") implemented identity requirements for mobile services regulates the verification of the identity of the mobile public service applicant and the contracting of mobile public services. Art. 11, last amended by Art. 1 of Resolution of the Board of Directors N. 072-2022-CD/OSIPTEL, states that mobile public service operating companies are obliged to verify the identity of the applicant through the use of the fingerprint biometric verification system by verifying the information of the biometric database of RENIEC (the national identification registry, "Registro Nacional de Identificación y Estado Civil"). Also, Art. 11A states that before the fingerprint verification, the company may request the exhibition of the hand of the applicant (or legal representative) to verify that it is free of any external object that could invalidate the identity verification process.
Art. 11B states that the operator must include in the subscriber registry the information referring to all the mobile terminal equipment through which the service is provided, including the equipment that has not been commercialised yet. This registry must also include the IMEI code of the mobile terminal equipment or the electronic serial number; the IMSI code that activates the mobile terminal equipment (unique international identification code for each subscriber of the public mobile service, which is integrated into the SIM Card, Chip or other equivalent); whether the subscriber is a natural or legal person and other information established by OSIPTEL.

Decision No. 486, Decree No. 1,075, and Decree No. 1,044 provide a framework for the effective protection of trade secrets. First, Art. 260 of Decision No. 486 defines trade secrets and Art. 245 allows requesting precautionary measures to stop an alleged infringement, obtaining or retaining evidence, or ensuring the effectiveness of the action or compensation for damages. Moreover, Art. 3 of Legislative Decree No. 1,075 considers trade secrets as an element of industrial property and Art. 13 of Decree No. 1,044 lists trade secrets infringement factual situations. INDECOPI ("Instituto Nacional de Defensa de la Competencia y de la Protección de la Propiedad Industrial") is the competent authority that applies the above-mentioned regulations in proceedings regarding trade secrets.

There is an obligation for passive infrastructure sharing in Peru to deliver telecom services to end users. It is practised in both the mobile and fixed sectors based on commercial agreements. Art. 12 of Supreme Decree No. 024-20l4-MTC establishes that passive infrastructure providers for mobile public services are obliged to make their infrastructure available to operators of public mobile telecommunications services that require it […]. Law No. 30,083 regulates passive infrastructure providers and creates a framework to allow mobile operators to enter the market. For this purpose, mobile service businesses must allow access to networks (passive and active infrastructure). These providers must register in the Transports and Communications Department, complying also with Supreme Decree No. 024-2014-MTC.
Moreover, the sharing of passive infrastructure is currently mandatory for Telefónica del Perú S.A.A., as it has been declared an important provider in the wholesale market for internet and data transmission by Resolution of the Board of Directors No. 154-2019-CD/OSIPTEL. In accordance with the provisions of Board of Directors Resolution No. 132-2012/CD-OSIPTEL Likewise, Telefónica del Perú S.A.A. is obliged to share passive infrastructure (poles, ducts, co-location, among others), for which the Basic Offering of Sharing approved by Resolution No. 00039-2016-GG/OSIPTEL applies.

Peru does not mandate functional separation for operators with significant market power (SMP) in the telecom market. However, there has been an obligation to separate the accounts since 2019. The Instructions on Accounting Separation in the Telecommunications Sector and the Procedure for Accounting Separation regulate how accounting separation must be made in the telecommunications sector.

Peru has appended the World Trade Organization (WTO) Telecom Reference Paper to its schedule of commitments.

It is reported that the Supervisory Body for Private Investment in Telecommunications (OSIPTEL), the executive authority for the supervision and administration of services in the telecommunications sector, is independent from the government in the decision-making process.

Foreign companies have highlighted certain challenges concerning public procurement in Peru. These include the perception of the government procurement processes as cumbersome and inefficient. Additionally, some companies still view corruption as a significant issue within the country's government procurement procedures.

Peru is not a party to the World Trade Organization (WTO) Agreement on Government Procurement (GPA), nor does it have observer status.

According to Art. 1 of Legislative Decree No. 662, the State promotes and guarantees both existing and future foreign investments in all sectors of economic activity and in any business or contractual form permitted by national legislation. Furthermore, Peru reportedly maintains an open regime for both domestic and foreign private investment, without foreign ownership restrictions in any sector relevant for digital trade.