According to Art. 16 of the Law on Communication, technical means of communication used in the telecommunications network of the Republic of Kazakhstan are subject to a procedure of mandatory conformity acknowledgement by the authorities. The equipment has to be submitted to certification bodies recognised (or approved) by the regulator for certification.

In accordance with subparagraph 4-1 of Art. 7 of Law No. 544, the Minister of National Economy of Kazakhstan ordered the approval of the Rules of Domestic Trade (Order No. 264). Arts. 105-1 and 106-1 of the Rules mandate e-commerce sellers to indicate their BIN (business identification number), address of business operations on the territory of Kazakhstan and mobile telephone number registered in Kazakhstan in order to operate in the country. Additional information on this requirement is found in Annex 3-10 of Order No. 4.

According to Art. 7 of Law No. 167-VІ SAM on Monetary Regulation and Foreign Exchange Control (which repealed Law No. 57 of 2005 on Monetary Regulation in July 2018), the use of a local bank is mandatory for settlements in foreign currency between residents of the KR and non-residents. Exceptions are settlements made from a foreign bank account of a non-resident, carried out on account of the performance of obligations of a resident (e.g. when a foreign parent company pays its local branch in the KR) and settlements with non-residents made from the resident's account in a foreign bank. Also, settlements between residents of the KR (including local branches of foreign non-financial legal entities considered residents) must be made in local currency.

According to Art. 136 of Law No. 115-VI ЗРК of the Republic of Kazakhstan, imports placed under the customs procedure for domestic consumption with a total customs value not exceeding the threshold of EUR 200 (approx. 219 USD) are exempt from import duties and taxes.

According to Art. 56 of the Law on Informatization requires that internet resources with ".kz" and ".қaz" domains must be hosted on hardware and software complexes located in Kazakhstan. In other words, an internet resource (website, web application, web service) using a ".kz" or ".қaz" domain must be hosted on a server in a data centre located in Kazakhstan. The server must also be connected to a Kazakh internet provider and use a (dedicated or shared) Kazakhstan IP address. It is reported that the owners of Internet resources were originally required to start using Kazakhstan's data centres by November 2020; however, since the related transition required additional costs and time, the deadline for meeting this requirement was extended to February 2021.

The Law on Protection of Consumer Rights provides a comprehensive framework for consumer protection that also applies to online transactions. Art. 33 of the Law on Protection of Consumer Rights includes provisions for the protection of e-consumers. Additionally, e-consumers enjoy all other privileges of the normal consumers.

Kazakhstan has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

Kazakhstan has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.

Kazakhstan has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

Amendments to the Law of the Republic of Kazakhstan on Communications in 2016 obliged ISPs to monitor content passing through their networks and to decide whether to restrict any problematic material. The amendments do not specify how ISPs are to carry out this obligation. The Administrative Code, in force since 2016, imposes fines on ISPs for not complying with censorship orders.

It is reported that the government has extensive authority to block online content. The National Security Committee of the Republic of Kazakhstan (NSC) has controlled the State Technical Service (STS) since 2017, assuming the authority to block content and disrupt internet networks for investigative purposes and to prevent crimes. The NSC can act without a court order, though it must notify other state bodies within 24 hours. In 2017, the NSC and a number of other state entities adopted new rules for blocking or suspending networks, ICT resources, and other web resources. The rules are classified. There are no publicly available data on the extent of state censorship, although one unofficial estimate puts the number of blocked websites at more than 30,000. Ministries occasionally release information on content restrictions. For example, in August 2018, the Ministry of Information and Communication announced that it had blocked more than 1,800 online “materials” since the beginning of 2018 and intended to block 9,340 more through 534 court proceedings. It is also reported that in 2019, the government prohibited access to social media and temporarily blocked independent news websites. In February 2020, amid an outbreak of intercommunal violence between ethnic Kazakhs and the Dungan minority, the government temporarily blocked WhatsApp in a bid to stop the violence. Furthermore, in response to an access-to-information inquiry, the Ministry of Information and Social Development specified that in 2022, 14,469 pages were blocked following 774 requests from the regulator. Only 241 of those were registered in the .kz domain zone, and between January and May 2023, 6,175 more pages were blocked, 6,047 of which were based abroad.

The indicator "6.2.4 - Government Internet shut down in practice" of the V-Dem Dataset, which measures whether the government has the technical capacity to actively make internet service cease, thus interrupting domestic access to the internet or whether the government has decided to do so, has a score of 3 in Kazakhstan for the year 2023. This corresponds to "Rarely but there have been a few occasions throughout the year when the government shut down domestic access to Internet."

According to the Art. 7 of the Advertisement Law, an advertisement that contains a comparison of the advertised goods (works, services) with the goods (works, services) of other individuals or legal entities, as well as statements, images discrediting their honour, dignity, and business reputation, is prohibited. Advertisements, regardless of the form or used means of distribution (placement), should be reliable and recognisable without special knowledge or the use of special tools directly at the time of its presentation.

Licensing procedures are applied to the importation of certain digital goods to the territory of the Eurasian Economic Union, including Kazakhstan. These digital goods include (i) Civil radio-electronic equipment and/or high-frequency devices, including those which are built-in or form a part of other goods; (ii) Special hardware meant for secret information acquisition; (iii) Encryption devices.

In accordance with Art. 12.2 of Law No. 94-V, personal data must be stored in a database situated within the territory of Kazakhstan by the owner and/or operator, as well as by third parties. Pursuant to Art. 27-1, the Rules for the Implementation of Measures to Protect Personal Data by the Owner, Operator, and Third Parties were approved. According to Paragraph 8 of these Rules, the collection and processing of personal data with restricted access must be conducted via information facilities located within the Republic of Kazakhstan. The storage and transfer of such data should be carried out using cryptographic protection tools that meet at least the third level of security, as defined by the standard established in Kazakhstan. Personal data of restricted access includes all personal data, except for that which the data subject has made publicly available or that which is publicly accessible by explicit provision of the law. A similar provision was already in effect since 2021 in Rules bearing the same name, repealed in 2023, under its Paragraph 10.