Under Art. 3 of the Terms and Conditions for Domain Name Registration and Support in the ".bg" Zone and the Sub-Zones, only Bulgarian and EU natural and legal persons can register a ".bg" domain, as well as foreigners with a right for permanent residence on these territories. Entities that do not meet these conditions must act through a representative that does.

The Consumer Rights Directive 2011/83/EU provides an updated framework aimed at encouraging online sales. The Directive has been implemented by the Consumer Protection Act of 25 July 2014. This includes comprehensive obligations to inform consumers about distance sales, a right to withdraw and rules on the recognition of digital signatures.

Bulgaria has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

Bulgaria has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.

Bulgaria has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

According to Art. 6 of the Gambling Act, when applying for a gaming license, all relevant data must be stored on a server in Bulgaria. Communications equipment and the central computer must be located in the European Economic Area (EEA) or Switzerland.

The European Union General Data Protection Regulation (GDPR) provides a comprehensive framework for data protection that applies to all EU Member States. The Personal Data Protection Act implements the GDPR into national legislation.

Under the EU Directive on Data Retention, operators were required to retain certain categories of traffic and location data (excluding the content of those communications) for a period between six months and two years and to make them available, on request, to law enforcement authorities for the purposes of investigating, detecting and prosecuting serious crime and terrorism. On 8 April 2014, the Court of Justice of the European Union declared the Directive invalid. However, not all national laws that implemented the directive have been overturned.
In Bulgaria, Under Art. 251 b of the Electronic Communications Act, providers must store connection data for six months, including the connection source, the direction, date and time, the type of connection, the device used and the cell identifier.

The Directive 2000/31/EC (E-Commerce Directive) is the legal basis governing the liability of Internet Services Providers (ISPs) in the EU Member States and includes a conditional safe harbour. Not all Member States have transposed the relevant articles consistently, leading to divergent national case law that could cause legal insecurity on an EU level.
In Bulgaria, Arts. 13-16 of the Electronic Commerce Act exclude intermediary liability in a broad range of cases, including cases where the provider has no knowledge of the transmissions, has not initiated it or has not modified it. The law implements the Directive 2000/31/EC.

The Directive 2000/31/EC (E-Commerce Directive) is the legal basis governing the liability of Internet Services Providers (ISPs) in the EU Member States and includes a conditional safe harbour. Not all Member States have transposed the relevant articles consistently, leading to divergent national case law that could cause legal insecurity on an EU level.
In Bulgaria, Arts. 13-16 of the Electronic Commerce Act exclude intermediary liability in a broad range of cases, including cases where the provider has no knowledge of the transmissions, has not initiated it or has not modified it. The law implements the Directive 2000/31/EC.

It is reported that Bulgaria imposes an identity requirement for SIM registration. Anyone wanting to purchase a SIM card has to provide their national ID card or a passport in case of foreigners to activate a new prepaid SIM card.

Under the Law on Copyright and Neighboring Rights (LCNR) and the Criminal Code (CC), it is illegal to “upload (reproduction), distribute and make available (broadcast), transmits infringing content” on the Internet. Art. 172а (1) of the Criminal Code states that “every person who uploads (reproduces), distributes and makes available infringing content or transmits, or makes any other use of the object of a copyright or neighbouring right without the consent of the rights holder as required by law, shall be punished by up to five years imprisonment and a fine up to BGN 5,000” (approx. USD 2,530). Art. 2 (3-5) of the LCNR defines the terms “upload (reproduction)”, “distribute” and “make available (broadcasting)”. Both the Internet providers hosting the infringing materials and the end users who upload (reproduce) may be held liable under this provision because the law does not make any difference on how the infringement is made, and “every person” may be held liable under this provision.
There is a contradiction between the applicable Rules of Civil Procedure and the LCNR, which requires a pending civil proceeding to be initiated before identification of infringers may be requested. In contrast, rules of civil procedure do not allow a court to open a civil case without the identification of the defendant, at least by name. This means that while Bulgarian law implements the right of information provided by Art. 8(1) of the EU Enforcement Directive, its exercise is hindered by civil procedure rules.

According to Arts. 3-4 of the Gambling Act, online gambling providers must apply for a licence, which can only be granted to companies established in the EU, the European Economic Area or Switzerland. The Gambling Commission can order internet service providers to block unlicensed foreign online gambling sites.

It is reported that the Communications Regulation Commission (CRC), the executive authority for the supervision and administration of services in the telecommunications sector, is independent from the government in the decision-making process.

It is reported that the lack of transparency is a challenge for public procurement procedures in Bulgaria, especially for foreign bidders, including with respect to overly narrow definitions of tenders and implicit biases in favour of local vendors and state-owned enterprises.