Art. 22 of Law No. 8/2023 (which repealed the previus Investment Law No. 3/1993) establishes a screening regime for foreign investment projects considered sensitive due to their potential economic, environmental, security, or public health impacts, as well as for large-scale undertakings. This regime also applies to public-private partnership ventures, business concessions, and projects requiring at least 10,000 hectares of land, among others. According to Art. 16 of Decree No. 8/2024, applicants within this authorisation regime must submit detailed technical, economic, and financial feasibility studies to prove the viability of their projects. In contrast, projects not subject to the authorisation regime are only required to undergo a registration regime, which mandates the submission of an investment proposal without the need for comprehensive feasibility studies.

Under Art. 5 of the Electronic Transactions Law, the domain name regulation falls under the competence of the National Institute of Information and Communication Technologie - INTIC (Regulatory entity), which can grant the registration or assign this function to third parties (agents). According to Art. 8 Decree No. 82/2020, only national entities providing internet DNS services, ICT service providers and foreign companies with a branch in Mozambique can be eligible and qualify as domain registration agents.

Although foreign patents might be recognised or registered in Mozambique (upon the payment of a fee amounting to MZN 5,400, equivalent to USD 84), there is a requirement to have a local representative when applying for the registration. According to the Industrial Property Code, if the applicant is a resident (based or with registered offices in Mozambique), the application for registration may be filed directly with Intellectual Property Institute (IPI) with no need to appoint an Intellectual Property official agent. On the contrary, if the applicant is not domiciled or resident in Mozambique, they must be represented by a Mozambican Intellectual Property Agent.

It is reported that conformity procedures of the Agreement whereby the Plenary of the Federal Telecommunications Institute issues the Conformity Assessment Procedure for Telecommunications and Broadcasting contain worrying language requiring the sharing of test reports that may contain in-depth confidential information about ICT products.

It is reported that Mexico imposes restrictions on the number of shipments that can be delivered to a single recipient each month, affecting e-commerce transactions.

It is reported that the de minimis threshold, that is the minimum value of goods below which customs do not charge duties, is USD 50, below the 200 USD threshold recommended by the International Chamber of Commerce (ICC).

The Federal Law of Protection to the Consumer provides a comprehensive consumer protection framework that applies to online transactions. Art. 1, number VIII, enshrines consumer protection in digital transactions as a fundamental principle. Chapter VIII BIS of this law states the consumer rights in transactions by means of electronic, optical, and other technologies. In addition, the Code of Commerce allows the use and validity of electronic signatures (whether a simple electronic signature or advanced electronic signature) in any type of commercial transaction and consumer transaction. Furthermore, the Federal Civil Code also establishes that if express consent is required, this can be expressed by electronic means or by any other technology.

Mexico has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

Mexico has adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.

Mexico has adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

According to Art. 190 of the Federal Telecommunications and Broadcasting Law, the telecom operators must keep certain data for the first 12 months in systems that allow consultation and delivery in real-time to the competent authorities through electronic means. The data includes:
- the name or corporate name and address of the subscriber;
- the type of communication service or messaging or multimedia services
- data necessary to trace and identify the original and destination of mobile telephone communications, including the destination number and whether the line is the subject of a contract or tariff plan or is prepaid;
- data necessary to determine the date, time and duration of the communication, as well as the messaging or multimedia service;
- the date and time of the first activation of the service and the location label (cell identifier) ​​since the service was activated;
- identification and technical characteristics of the devices, including the international equipment and subscriber identity codes (where applicable); and
the digital location of the geographical positioning of telephone lines.
At the end of the 12-month period, the operator must keep the data for an additional 12 months in electronic storage systems, during which time the delivery of information to the competent authorities must be carried out within 48 hours.
It reported that all processing and storage systems used by operators and authorised people in this regard must be located exclusively in Mexico, however this is not clear from the regulatory text.

Art. 30 of the Federal Law on the Protection of Personal Data in Possession of Individuals states that all data controllers are required to designate a personal data officer or department to act as a Data Protection Officer and handle requests from data subjects exercising their ARCO Rights under the Law. Data Protection Officers are also responsible for overseeing and advising on the protection of personal data within their organisations.

The Federal Copyright Act provides a safe harbour regime for intermediaries concerning copyright infringements. According to the 2020 amendments to Arts. 114 Septies and 114 Octies of the Mexican Federal Copyright Law, Internet Service Providers (ISPs) are not liable for copyright infringements if they:
- 'Promptly and readily' remove any copyrighted works that infringe copyright, regardless of whether they are notified of the infringement or discover it themselves.
- Do not initiate the transmission of the works, performances, or productions, do not select them, and do not receive financial compensation for their transmission, making available, or reproduction.
These safe harbour provisions limit ISP liability to ensure they are not directly liable for damages when they adhere to appropriate compliance measures. However, it is reported that these provisions lack the detail and clarity found in other similar regulations.

A basic legal framework on intermediary liability beyond copyright infringement is absent in Mexico's law and jurisprudence.

Under Art. 190.II, telecommunications licensees and, where applicable, authorised entities must maintain records and controls of all communications made from any type of line, including SIM cards, to ensure the identification of the subscriber's name, designation or business name, address, and other relevant details.