Under the Law on Copyright and Neighboring Rights (LCNR) and the Criminal Code (CC), it is illegal to “upload (reproduction), distribute and make available (broadcast), transmits infringing content” on the Internet. Art. 172а (1) of the Criminal Code states that “every person who uploads (reproduces), distributes and makes available infringing content or transmits, or makes any other use of the object of a copyright or neighbouring right without the consent of the rights holder as required by law, shall be punished by up to five years imprisonment and a fine up to BGN 5,000” (approx. USD 2,530). Art. 2 (3-5) of the LCNR defines the terms “upload (reproduction)”, “distribute” and “make available (broadcasting)”. Both the Internet providers hosting the infringing materials and the end users who upload (reproduce) may be held liable under this provision because the law does not make any difference on how the infringement is made, and “every person” may be held liable under this provision.
There is a contradiction between the applicable Rules of Civil Procedure and the LCNR, which requires a pending civil proceeding to be initiated before identification of infringers may be requested. In contrast, rules of civil procedure do not allow a court to open a civil case without the identification of the defendant, at least by name. This means that while Bulgarian law implements the right of information provided by Art. 8(1) of the EU Enforcement Directive, its exercise is hindered by civil procedure rules.

According to Arts. 3-4 of the Gambling Act, online gambling providers must apply for a licence, which can only be granted to companies established in the EU, the European Economic Area or Switzerland. The Gambling Commission can order internet service providers to block unlicensed foreign online gambling sites.

The EU Directive on Audiovisual Media Services (AVMS) covers traditional broadcasting services as well as audiovisual media services provided on-demand, including via the Internet. Art. 13.1 provides for Member States to secure a minimum 30% share of European works in the catalogues as well as "ensuring prominence" of those works. "Prominence" involves promoting European works by facilitating access to such works using any appropriate means to ensure their prominence. The Directive has been implemented by Member States in different ways, ranging from very extensive and detailed measures to a mere reference to the general obligation to promote European works.
In Bulgaria, the EU Directive was transposed into domestic law through the amendment of the Radio and Television Act of December 2020 (SG No. 109 of 2020). According to Art. 19 of the Act, providers of on-demand audiovisual media services must ensure that at least 30% of their catalogues consist of European works, which must be given prominence. The share of European works is calculated on an annual average basis, based on the number of titles in the service's catalogue.

The European Union General Data Protection Regulation (GDPR) provides a comprehensive framework for data protection that applies to all EU Member States. The Personal Data Protection Act implements the GDPR into national legislation.

Under the EU Directive on Data Retention, operators were required to retain certain categories of traffic and location data (excluding the content of those communications) for a period between six months and two years and to make them available, on request, to law enforcement authorities for the purposes of investigating, detecting and prosecuting serious crime and terrorism. On 8 April 2014, the Court of Justice of the European Union declared the Directive invalid. However, not all national laws that implemented the directive have been overturned.
In Bulgaria, Under Art. 251 b of the Electronic Communications Act, providers must store connection data for six months, including the connection source, the direction, date and time, the type of connection, the device used and the cell identifier.

The Directive 2000/31/EC (E-Commerce Directive) is the legal basis governing the liability of Internet Services Providers (ISPs) in the EU Member States and includes a conditional safe harbour. Not all Member States have transposed the relevant articles consistently, leading to divergent national case law that could cause legal insecurity on an EU level.
In Bulgaria, Arts. 13-16 of the Electronic Commerce Act exclude intermediary liability in a broad range of cases, including cases where the provider has no knowledge of the transmissions, has not initiated it or has not modified it. The law implements the Directive 2000/31/EC.

It is reported that Bulgaria exhibits inadequate prosecution efforts, lengthy and inefficient procedures, and a lack of deterrent criminal penalties, particularly in the area of online piracy. Stakeholders have expressed concerns about notorious online piracy sites reportedly hosted in or operated from Bulgaria.

Bulgaria and the European Union have adopted the World Intellectual Property Organization (WIPO) Copyright Treaty. Bulgaria acceded to the Treaty on 29 March 2001, with its provisions coming into force on 6 March 2002. Subsequently, the European Union ratified the Treaty on 14 December 2009, and it entered into effect on 14 March 2010.

Bulgaria and the European Union have adopted the World Intellectual Property Organization (WIPO) Performances and Phonograms Treaty. Bulgaria acceded to the Treaty on 29 March 2001, with its provisions coming into force on 20 May 2002. Subsequently, the European Union ratified the Treaty on 14 December 2009, and it entered into effect on 14 March 2010.

The Directive 2016/943 on the protection of undisclosed know-how and business information (trade secrets) is key in harmonising national laws concerning trade secrets. In Bulgaria, the Trade Secret Protection Act introduces a comprehensive protection framework for business secrets.

It is reported that passive sharing is mandated and practised in both mobile and fixed sectors based on commercial agreements. The Communications Regulation Commission may impose on undertakings with significant market power an obligation to provide access to and use of necessary network elements and/or facilities, inter alia, in situations where the denial of access or setting of terms and conditions having a similar effect to denial, would hinder the emergence of a sustainable competitive market of retail services or would be detrimental to end-users. Additionally, with the Electronic Communication Networks and Physical Infrastructure Act (ECNPIA), which transposed Directive 2014/61/EU into national law, obligations for access to physical infrastructure are imposed on all electronic communications network operators and utility companies.
In addition, Directive 2014/61/EU (Art. 3.2) establishes that Member States shall ensure that, upon written request of an undertaking providing or authorised to provide public communications networks, any network operator must meet all reasonable requests for access to its physical infrastructure under fair and reasonable terms and conditions, including price, with a view to deploying elements of high-speed electronic communications networks. Such written request shall specify the elements of the project for which the access is requested, including a specific time frame.

Bulgartel (established in November 2004) is a wholly state-owned telecommunications company. The company's shares are divided between Bulgartransgaz EAD (50%) and Electricity System Operator EAD (50%), both of which are also state-owned entities in Bulgaria.

Bulgaria does not mandate functional separation for operators with significant market power (SMP) in the telecom market. However, by Decisions No. 356 and No. 357, the Communications Regulation Commission (CRC) imposed account separation obligations on three operators (BTC, Telenor, and A1) in the relevant markets. The CRC determines the format and methodology for introducing and implementing accounting separation by Decision No. 1882.

It is reported that the Communications Regulation Commission (CRC), the executive authority for the supervision and administration of services in the telecommunications sector, is independent from the government in the decision-making process.

According to Art. 6 of the Gambling Act, when applying for a gaming license, all relevant data must be stored on a server in Bulgaria. Communications equipment and the central computer must be located in the European Economic Area (EEA) or Switzerland.