Art. 37 of the Regulation of Law No. 29733 provides that the personal data bank holder or data controller, as well as the data processor, must appoint a personal data protection officer in certain circumstances. These include: (i) where a public entity carries out the processing; (ii) where the controller, data bank holder, or processor engages in the processing of large volumes of personal data, whether in terms of quantity or type, or where such processing may affect a large number of individuals, involves sensitive data, or may result in an apparent detriment to the rights or freedoms of the data subject; and (iii) where the core activities or primary business operations of the controller, data bank holder, or processor consist of the processing of sensitive personal data.

A basic legal framework on intermediary liability for copyright infringement is absent in Peru's law and jurisprudence. In addition, complaints are reported regarding long-standing enforcement problems with the intellectual property (IP) provisions of the Peru-US Free Trade Agreement (Chapter 16, Art. 16.11.29), in particular with respect to the establishment of statutory damages for copyright infringement and trademark counterfeiting, and the notice and takedown and safe harbour system for Internet Service Providers (ISPs). Moreover, this is reiterated with respect to the rules relating to ISP liability in the EU-Peru-Colombia-Ecuador Agreement (Section 29). Finally, the Comprehensive Trans-Pacific Partnership Agreement, Chapter 18, Art. 18.82, includes relevant provisions limiting ISP liability and promoting a safe harbour for ISPs. However, the national implementation of intermediate liability rules for service providers is still pending, and there is no clear timetable.

A basic legal framework on intermediary liability beyond copyright infringement is absent in Peru's law and jurisprudence.

Resolution of the Board of Directors No. 138-2012-CD-OSIPTEL, issued by the regulatory agency Supervisory Agency for Private Investment in Telecommunications (OSIPTEL), establishes identity verification requirements for mobile services. It regulates the verification of the applicant's identity and the contracting of mobile public services.
According to Art. 11 of the Resolution, mobile public service operating companies are obliged to verify the applicant's identity using the fingerprint biometric verification system, by checking the information in the RENIEC (the national identification registry, "Registro Nacional de Identificación y Estado Civil") biometric database. Also, Art. 11A states that before fingerprint verification, the company may request that the applicant (or legal representative) exhibit their hand to verify that it is free of any external objects that could invalidate the identity verification process.
Art. 11B states that the operator must include in the subscriber registry information regarding all mobile terminal equipment through which the service is provided, including equipment that has not yet been commercialised. This registry must also include the IMEI code of the mobile terminal equipment or the electronic serial number; the IMSI code that activates the mobile terminal equipment (unique international identification code for each subscriber of the public mobile service, which is integrated into the SIM Card, Chip or other equivalent); whether the subscriber is a natural or legal person and other information established by OSIPTEL.

There is an obligation for passive infrastructure sharing in Peru to deliver telecom services to end users. It is practised in both the mobile and fixed sectors based on commercial agreements.
In the mobile segment, Art. 12 of Supreme Decree No. 024-2014-MTC, which regulates the registration framework for passive infrastructure providers for public mobile services, requires such providers to make their infrastructure available to public mobile telecommunications operators that request access, subject to the regime's conditions. In parallel, Law No. 30083 introduces mobile virtual network operators (MVNOs) and rural mobile infrastructure operators, and obliges mobile network operators to provide network access (“acceso a red”), which may encompass access arrangements involving network elements used to deliver mobile services.
In fixed wholesale markets, sharing obligations apply to operators designated as Proveedor Importante in the wholesale market for internet and data transmission. Telefónica del Perú S.A.A. was selected as a Proveedor Importante for Market No. 25 by Board Resolution No. 154-2019-CD/OSIPTEL, which imposes access and shared-use obligations on the designated provider. Board Resolution No. 132-2012-CD/OSIPTEL further requires the submission of an Oferta Básica de Compartición (OBC) under this regime, and Telefónica’s OBC was approved by General Management Resolution No. 00039-2016-GG/OSIPTEL.

Art. 75 of Supreme Decree No. 009-2025-EF provides that for service (including consultancy) to be performed outside Lima and Callao with a value is up to PEN 200,000 (approx. USD 60,000), the standard tender documents can grant a 10% scoring bonus (calculated over the total score) to bidders domiciled in the province where the service is delivered, or in neighbouring provinces, even if they are in a different department/region. For this purpose, the bidder’s domicile is the one recorded in its RNP registration certificate.

Pursuant to Art. 22 of Supreme Decree No. 013-2013-PRODUCE (implementing Art. 21 of Law No. 28,015, as amended by Law No. 29,034), State entities must grant preferences to micro and small enterprises (MSEs) in the procurement of goods and services, and in works contracting and consultancy, provided that the MSEs meet the applicable technical specifications. The Decree further requires public entities to programme at least 40% of their procurements to be fulfilled by MSEs, with priority for regional and local MSEs in the locality where the procurement is conducted or the public works are executed. In addition, State entities must allocate at least 40% to manufacturing micro, small and medium-sized enterprises (MSMEs) that produce goods or provide services within Peru, provided that they can supply them in terms of quality, timeliness, price, and competitiveness.
Art. 81 of Supreme Decree No. 009-2025-EF further provides that, if two or more offers tie, the award goes (in order) to the best technical score, then to a micro/small enterprise integrated by persons with disabilities, then to a micro/small enterprise (or a consortium fully composed of them).
Both the Law and the Decree are to be repealed by Law No. 32353 of May 2025, which enters into force the day after its implementing regulation is published. However, the implementing regulation has not yet been published.

Foreign companies have highlighted several challenges in Peru's public procurement. These include the perception of the government procurement processes as cumbersome and inefficient. Additionally, some companies still view corruption as a significant issue within the country's government procurement procedures.

Peru is not a party to the World Trade Organization (WTO) Agreement on Government Procurement (GPA), nor does it have observer status.

According to Art. 1 of Legislative Decree No. 662, the State promotes and guarantees both existing and future foreign investments in all sectors of economic activity and in any business or contractual form permitted by national legislation. Furthermore, Peru reportedly maintains an open regime for both domestic and foreign private investment, without foreign ownership restrictions in any sector relevant for digital trade.

Peru is a party to the Patent Cooperation Treaty (PCT).

Peru has a copyright regime under the Decree No. 822. However, the exceptions do not follow the fair use or fair dealing model, therefore limiting the lawful use of copyrighted work by others. Arts. 41-51 list the exceptions, which include the reproduction by reprographic means for teaching or examination purposes in educational institutions and the reproduction of a work for judicial or administrative proceedings, to the extent justified by the purpose to be achieved, among others.
Moreover, Peru is a member of the Andean Community of Nations and is subject to Decision 351, issued in 1993. Art. 22 of the Decision sets forth a list of mandatory exceptions in the internal market but also allows the adoption of additional exceptions in the domestic law of members, as long as they comply with the international standards of the so-called three-step test.

Copyright is not adequately enforced online in Peru. It is reported that pirated and counterfeit goods remain widely available in Peru, and right holders cite particular concerns regarding internet piracy and illicit recordings in cinemas.

Peru has ratified the World Intellectual Property Organization (WIPO) Copyright Treaty.

Peru has ratified the World Intellectual Property Organization (WIPO) Performances and Phonograms Treaty.