Lao PDR is a signatory of the World Trade Organization (WTO) Information Technology Agreement (ITA) of 1996 and its 2015 expansion (ITA II).

Art. 9 of the Decree of the Prime Minister on Government Procurement of Goods, Construction, Maintenance and Services No. 03/PM stipulates that the use of the national budget for the procurement of foreign goods is not authorised if such goods can be produced locally at equal quality. The regulation also states that local firms are given priority in public procurements of goods, works, and services financed in full with domestic funds. Local firms that are not affiliated with foreign firms and that supply goods, works, and services of equal quality to local firms are given preferential rights in competitive bidding.

Art. 45 of Law No. 30/NA provides that contractors, suppliers or consultants meeting all conditions must be given domestic preference and considered to be awarded the contracts. Clause 14 of Instruction No. 0477/MOF clarifies that domestic preference should apply for international open bidding (international competitive bidding) only, and such given domestic preference must be stipulated in the bidding documents through the following conditions:
- For works and/or maintenance: if a local bidder’s bid price does not exceed 7.5% of an international bidders bid price, the local bidder must be considered as the winning bidder for works and/or maintenance.
- Supply of goods: if, as a result of a comparison, the lowest evaluated bid is a bid from Group C (bids offering goods manufactured abroad and will be directly imported), all bids from Group C must be further compared with the lowest evaluated bid from Group A (bids offering domestically manufactured goods) after adding to the evaluated price of goods offered in each bid from Group C, for the purpose of this further comparison only, an amount not to exceed 15% of the respective bid price. The lowest evaluated price from the final comparison must be selected for the award.

Under the Regulation on Supervision of Credit-Specialized Financial Business, electronic commerce firms operating on a cross-border basis have been prevented from either selling in KRW or storing domestic consumers’ credit card information unless they have registered in Korea as a Payment Gateway (PG) supplier or use a local PG company service for KRW-denominated transactions. In the absence of a PG registration (which requires firms to develop Korea-specific payment systems and customer interfaces and to have a local presence in Korea), foreign electronic commerce sites can only process dollar-denominated transactions for which customers enter their credit card information anew each time, which puts them at a competitive disadvantage as compared to local merchants. However, the Electronic Finance Supervisory Regulations do not impose the registration requirement for subsidiary electronic financial business entities which include PG services. It imposes such a requirement only on electronic financial business entities.

According to Art. 8 of the Notice of Import Customs Clearance for Express Goods, as amended in 2016 to increase the value of the de minimis rule, the de minimis threshold, meaning the minimum value of goods below which customs do not charge duties, is USD 150, which is below the 200 USD threshold recommended by the International Chamber of Commerce (ICC). This threshold applies to goods for personal consumption and samples not exceeding USD 150, with an exception for trade with the U.S. and Puerto Rico, where the threshold is USD 200 as per the Korea-US FTA, allowing these goods to be exempt from taxes and duties collected by customs.

According to Art. 4 of the Domain Name Management Rules set forth by the Korea Internet & Security Agency (KISA), domain name registrants must have a postal address of their place of residence in Korea. In addition, it is reported that a Copy of Company registration in Korea with proof of company address in both English and Korean languages is required for registration and that a Korean-based administrative contact is mandatory.

According to Art. 32 of the Act on Promotion of Information and Communications Network Utilization and Information Protection, foreign IT service providers without an office in Korea are required to appoint a local agent responsible for ensuring compliance with data privacy regulations.

The Act on Consumer Protection in Electronic Commerce Transactions provides a comprehensive framework for consumer protection that also applies to online transactions. In addition, it is reported that for business-to-business transactions, the Regulation of Terms and Conditions Act and the Fair Trade Act are the main frameworks applied.

Korea has signed but not ratified the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

Korea has adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.

Korea has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

The Electrical Appliances Safety Control Act authorises the Korean Agency for Technology and Standards to develop safety certification schemes for the import of electronic appliances. The agency has created three certification schemes: KC Safety Certification, KC Safety Confirmation, and SDoC.
The requirements are the following:
- Type 1 products must go through a certification procedure that includes factory inspection (initial and regular) with mandatory product testing every two years in order to get KC Certification. Type 1 products include electric wire, cords, switches for electrical appliances, motor-oriented electric tools, breakers, insulated transformers, and lighting appliances;
- Type 2 products, which are considered less dangerous, must overcome certification procedures that include safety testing without factory inspection. Type 2 products include electric switches, electric appliances, audio and video electronic apparatus, lighting appliances, insulated transformers, and information technology equipment;
- Type 3 products are qualified to be clear of mandatory certification procedures with a showing of SDoC. Except for products that qualify for SDoC, the other two methods, which include local testing, could be burdensome. Type 3 products include fluorescent lamp starters, DC power supplies, and electric chargers connected to the electric appliances, as well as some electric appliances, audio and video electronic apparatus, and information technology equipment.

The Ministry of Science, ICT & Future Planning (MSIP) is an authority that conducts EMC and wireless communication certification. KC certification is issued by Korea’s National Radio Research Agency (RRA) and requires testing at an RRA-approved laboratory. There are three mandatory certification mechanisms for imported broadcasting and communications equipment to test the safety of radio waves (Art. 58-2):
- Certain equipment must receive a certification of conformity from the Ministry of Science, ICT and Future Planning after undergoing a test by a designated third-party laboratory. Such equipment includes wireless telephone alarm automatic receiver, radar equipment for ships, telephone, and modem;
- Equipment that is not subject to this certification may come in only with a showing of confirmation that verifies the compatibility after undergoing a test either by a designated third-party testing body or self-tests. The equipment that falls in this category includes Computing devices and peripherals, broadcasting set-top boxes, measuring instruments, industrial devices, and connectors.
- Equipment that is not subject to either of these schemes must have interim conformity after passing a test showing conformity with domestic or international standards. Equipment that is newly developed but whose conformity assessment criteria have yet to be developed falls in this category.
Korea has entered into a mutual recognition arrangement with the United States, Canada, EU, Vietnam, and Chile. However, except for Canada, the import of broadcasting and communications equipment from other countries must still receive certification of conformity from the South Korean government, even if a conformity test has been conducted in the exporting countries.

Pursuant to Art. 4 of the National Intelligence Service Korea Act and Art. 56 of the Electronic Government Act, the National Intelligence Service (NIS) imposes security verification requirements on network equipment and cyber-security software in government procurement. Generally, they may satisfy the requirement by showing that the products are certified at a Common Criteria Recognition Arrangement (CCRA) accredited lab outside of Korea. However, certain network equipment must undergo an additional security verification process. Furthermore, the Common Criteria (CC) certification may not be sufficient for two reasons. First, NIS may substitute the CC certification with other certification mechanisms that were internally developed (e.g., GS Certification). Second, NIS may reject a CC certification when it deems that the certification does not cover particular functions of the product that the government entity needs.

If software systems or hardware equipment such as virtual private networks and firewall systems deal with non-confidential yet important information and are to be used in the government, they must pass verification for appropriate encryption modules under the auspices of the National Intelligence Service (NIS). Appropriate encryption standards are developed in Korea, such as ARIA, SEED, LEA, and Hight. The suppliers need to submit the source code of their products to receive the verification test. The same encryption standards also apply to certain network equipment such as VPN and SW USB series.