Art. 27-1 of the Law on Personal Data provides that the owners and/or operators are obliged to ensure that databases containing personal data of citizens of Uzbekistan are collected, systematised, and stored using technical means physically located in the territory of Uzbekistan. Moreover, the operators have to register their databases in the State Register of Personal Databases.

In accordance with Art. 15 of the Law on Personal Data, cross-border transfers of personal data can be carried out when a foreign state ensures adequate protection for the rights of the subjects of personal data. In the absence of such protection, the cross-border transfer of personal data is allowed in the following cases:
- the data subject has consented to the cross-border transfer of their personal data;
- there is a need to protect constitutional order, public order, the rights and freedoms of citizens, or the health and the morals of the population; or
- it is stipulated by international treaties.
The transfer of personal data may be prohibited or restricted in order to protect the constitutional system of the Republic of Uzbekistan, the rights and legitimate interests of citizens, or to ensure the security of the State.

Uzbekistan has not joined any agreement with binding commitments to open transfers of data across borders.

The Law of the Republic of Uzbekistan on Personal Data provides for a comprehensive regime of data protection regime in Uzbekistan. It is the first unified data protection law and outlines requirements for data subjects' consent, the purposes of processing, and notifying data subjects when transferring their personal data to a third party. The excludes biometric, educational, criminal and health information, previously included in a draft version, from its application.

Art. 15 of the Law on Cybersecurity provides that operators of critical facilities must store a backup copy of all data from information systems and resources for at least three months. This requirement affects businesses that possess, operate or interoperate information systems used in critical facilities, including public administration and the provision of public services, defence, national security, law enforcement, fuel and energy industries (including nuclear energy), chemical and petrochemical industries, metallurgy, water management and water supply, agriculture, public health, housing and utility services, banking and finance, transportation, information and communication technologies, ecology and environmental protection, extraction and processing of minerals of strategic importance, manufacturing, other sectors of the economy and the social sphere.

Uzbekistan has ratified the World Intellectual Property Organization (WIPO) Performances and Phonograms Treaty in July 2019.

Law LRU-374 provides a framework for the effective protection of trade secrets.

There is no obligation for passive infrastructure sharing in Uzbekistan to deliver telecom services to end users. However, it is reported that passive sharing is practised in the mobile sector based on commercial agreements.

Foreign operators are reportedly not permitted to own or operate an international gateway. The ownership and operation of international gateways are monopolised by Uzbektelecom, a state-controlled entity.

The government owns shares in several telecommunications companies. In particular, 96.4% of the shares of Uzbektelecom JSC are held by Uzbek public institutions. In addition, three of the five mobile operators active in the mobile market are state-owned, namely Ucell (49% owned by the State Assets Management Agency of the Republic of Uzbekistan), Mobiuz (fully owned by the Ministry for Development of Information Technologies and Communications), and UzMobile (sub-brand of Uzbektelecom).

Foreign investors have reported that there is a lack of transparency in bureaucratic procedures for public procurement.

Uzbekistan is not a party to the World Trade Organization (WTO) Government Procurement Agreement (GPA). In fact, the country is not a member of the WTO.

Foreign operators are reportedly not permitted to own or operate an international gateway. Therefore, ownership and operation of international gateways are monopolised by Uzbektelecom, a state-controlled entity.

Art. 46 of Law No. LRU-598 stipulates that legislation may impose restrictions or prohibitions on foreign investment in specific areas of the economy to safeguard public health, flora and fauna, the environment, and national security interests. Reports indicate that the government may conduct screening of foreign investments, particularly in strategic sectors such as telecommunications; however, the screening process lacks transparency.

According to Art. 6 of Decree No. 5495, the minimum size of the authorised capital of companies with foreign investment is UZS 400 million (approx. 33.000 USD), while it was previously UZS 600 million (approx. 48.500 USD).