The UK has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.

The UK has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

The EU Directive on Audiovisual Media Services (AVMS) covers traditional broadcasting services as well as audiovisual media services provided on-demand, including via the Internet. Art. 13.1 provides for Member States to secure a minimum 30% share of European works in the catalogues as well as "ensuring prominence" of those works. "Prominence" involves promoting European works by facilitating access to such works using any appropriate means to ensure their prominence. The Directive has been implemented by Member States in different ways, ranging from very extensive and detailed measures to a mere reference to the general obligation to promote European works.
In the UK, the EU Directive was transposed into domestic law through the amendment of the Communications Act of November 2020 (S.I. 2020/1062). According to Section 368CB of the Act, a provider of an on-demand programme service must ensure that at least 30% of the programmes offered are European works on average each year. If a provider does not operate the service for the entire year, compliance with this requirement will be assessed based on the period during which the service was available. Additionally, any period for which an exemption applies to the provider, as outlined in subsections (3)(a) or (b), will be excluded from the compliance assessment. The term "European works" is defined in alignment with the Audiovisual Media Services Directive and includes works classified as European under that directive. Additionally, the UK has not implemented financial contribution obligations for VOD service providers.

The UK Strategic Export Control List is a comprehensive list of goods that face export bans or export licensing requirements. Among the goods that face export controls are dual-use items, including physical goods, software, and technology. After departing the EU, licensing requirements for qualifying dual-use items also apply to exports to the EU.

The purpose of the Electromagnetic Compatibility Regulations 2016 is to ensure safe electrical and electronic equipment is placed on the Great Britain market by requiring manufacturers to show how their products meet the essential requirements: equipment must be designed and manufactured to ensure that the electromagnetic disturbance generated does not exceed the level above which radio and telecommunications equipment or other equipment cannot operate as intended, and the equipment has a level of immunity to the electromagnetic disturbance to be expected in its intended use which allows it to operate without unacceptable degradation of its intended use (Schedule 1). Conformity with the Regulations can be demonstrated by the internal production control route (Section 40). Internal production control is the conformity assessment procedure whereby the manufacturer ensures and declares on the manufacturer's sole responsibility that the apparatus concerned satisfies the requirements of these Regulations that apply to it (Schedule 2). The manufacturer must perform an electromagnetic compatibility assessment of the apparatus on the basis of the relevant phenomena with a view to meeting the essential requirements set out in Schedule 1.

It is reported that the de minimis threshold, that is the minimum value of goods below which customs do not charge duties, is GBP135 (approx. 200 USD), following the 200 USD threshold recommended by the International Chamber of Commerce (ICC). The UK has not changed its de minimis threshold since departing the EU and has not stated plans to deviate from the £135 threshold.

The UK has robust consumer protection laws, as laid out in the Consumer Rights Act 2015. The rights enumerated in the 2015 legislation, which include standards for considering goods faulty, unfair contract terms, right to repair, and right to return, apply to both in-person and online transactions. The UK also applies the UK eIDAS Regulations, which "set out rules for UK trust services and establishes a legal framework for the provision and effect of electronic signatures, electronic seals, electronic time stamps, electronic documents, electronic registered delivery services and certificate services for website authentication."

The UK has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

Under Art. 44 of the United Kingdom General Data Protection Regulation (UK GDPR), it is required that any international data transfer of personal data to a third country or international organisation should only take place under certain conditions and/or with certain safeguards in place. These are further set out in Arts. 45 to 49 of the UK GDPR.
The 2018 Data Protection Act allows personal data to flow from the UK to third countries on the basis of an adequacy decision, appropriate safeguards (such as standard data protection clauses and binding corporate rules), or other conditions specified under the Data Protection Act. The UK has granted adequacy to countries within the European Economic Area, countries covered by European Commission adequacy decisions (as of 31 December 2020), and South Korea.

The United Kingdom has joined several agreements with binding commitments to open transfers of data across borders, including the Trade and Cooperation Agreement between the European Union and the European Atomic Energy Community, of the One Part, and the United Kingdom of Great Britain and Northern Ireland, of the Other Part (Art. 201), the Agreement between the United Kingdom of Great Britain and Northern Ireland and Japan for a Comprehensive Economic Partnership (Art. 8.84), the Australia-United Kingdom Free Trade Agreement (Art. 14.10), the Free Trade Agreement between the United Kingdom of Great Britain and Northern Ireland and New Zealand (Art. 15.14), the Digital Economy Agreement between the United Kingdom of Great Britain and Northern Ireland and the Republic of Singapore (Art. 8.61-F), and the Free Trade Agreement between Iceland, the Principality of Liechtenstein and the Kingdom of Norway and the United Kingdom of Great Britain and Northern Ireland (Art. 4.11).

The Data Protection Act 2018 (DPA 2018), which replaced the Data Protection Act 1998, incorporates the UK General Data Protection Regulation (GDPR), which strictly governs the processing and sharing of personal data. The UK GDPR came into force on January 1, 2021, following the UK's official departure from the EU. In the UK, a child can consent to the transfer of data at the age of 13, whereas this age of consent is 16 in the EU. There are further differences regarding how personal data is defined (the UK has a more limited definition), how criminal data is processed, how data subject rights are handled, and how administrative fines are handled.

Section 4 of the Investigatory Powers Act 2016 gives the UK police, security services, and other public bodies the power to require telecommunications companies to retain communications data for any citizen. Retention notices cannot require data to be retained for more than 12 months, and these notices can only be issued under specific circumstances relating to national security and serious crime.

The UK Data Protection Act 2018 requires that the appointment of a data protection officer (DPO) is mandatory if the organisation is a public authority; the organisation’s core activities consist of data processing operations that require regular and systematic monitoring of data subjects on a large scale, and/or the organisation’s core activities consist of large-scale processing of special categories of data (sensitive data such as personal information on health, religion, race or sexual orientation) and/or personal data relating to criminal convictions and offences. Similarly, data protection impact assessments are required in situations where processing is likely to result in a high risk to individuals.