Art. 66 of Presidential Regulation No. 16/2018 provides that the ministries, institutions and regional apparatuses are obligated to use domestic products. Procurement of imported goods may be conducted in the event that the goods cannot be produced domestically or that domestic production volume is unable to meet the demand.

Art. 9 of the Government Regulation No. 71/2019 requires that providers of bespoke software must provide or escrow the source codes associated with their service. The requirement applies to Electronic System Providers for public scope. This requirement was already contained in Art. 8 of Government Regulation No. 82/2012, which was repealed by Government Regulation No. 71/2019.

In March 2022, the government of Indonesia issued President Instruction No. 22/2022, mandating all government agencies to spend at least 40% of their budget on local products produced by SMEs. According to the regulation, the objective is to increase the use of local products to support the "Proud of Using Products Made in Indonesia" campaign. The regulation entered into force on 30 March 2022.

Indonesia's 2012 Defence Law and Presidential Regulation 76/2014 prioritise the use of local materials and components by defence agencies, emphasising the procurement of locally produced goods and services whenever possible. Additionally, in cases where Indonesian government entities procure from foreign defence suppliers due to local supply limitations, regulations mandate "trade balancing" offsets. These offsets can include incorporating local content, production offsets, technology transfer, or a combination of these measures.

Government Regulation No. 71/2019 requires operators of electronic systems for public purposes to store electronic transaction data within Indonesia, unless the necessary technology is unavailable locally. Public Electronic System Operators (ESOs) include: (a) public bodies, such as central and regional executive, legislative, and judicial bodies, as well as any other entities established under statutory mandates; and (b) entities appointed by public bodies to operate electronic systems on their behalf.
Previously, Government Regulation No. 82, which was revoked by Regulation No. 71/2019, mandated that electronic system operators for public services connect their data to a data centre and a disaster recovery centre located within Indonesian territory for purposes of law enforcement and data protection (Art. 17). Although the term “public services” was not explicitly defined under GR 82, it was broadly interpreted by the Ministry of Communications and Informatics (MOCI) to include all services offered to the public via the Internet. This interpretation effectively extended local storage obligations to numerous private sector companies.

According to Art. 2 of the Processing and Settlement of Export-related receipts facilitated by Online Payment Gateways from 2011, the Reserve Bank of India restricts export-related payments for goods and services through online payment gateways. It is reported that PayPal had to limit payments for export-related payments above 500 USD. From July 2013, this limit has been increased to USD 10,000.
In addition, according to Section 2 of the Storage of Payment System Data Directive, all payment data held by payment companies should be held in local facilities. Furthermore, according to section 5 of the directive, data must be stored only in India after processing and should be deleted from systems abroad and brought back to India no later than 24 hours after processing. Any subsequent activity, such as settlement processing after payment processing done outside India, must be undertaken on a real-time basis, pursuant to which the data must be stored only in India. However, The RBI has clarified that banks, especially foreign banks, can continue to store banking data abroad but in respect to domestic payment transactions, the data must be stored only in India.

Following a negative response from international payment companies such as MasterCard, Visa, and American Express, the RBI has proposed (in "Frequently Asked Questions" of its website) to ease this restriction so as to allow payment firms to store data offshore as long as a copy was kept in India. The RBI has further clarified that for cross-border transaction data consisting of a foreign component and a domestic component, a copy of the domestic component may be stored abroad if required.

In accordance with NPCI Notification: NPCI/UPI/SOP-01/2020-21, the National Payments Corporation of India (NPCI), a state-owned entity, introduced a 30% market share cap for foreign electronic payment service providers processing online payments via India’s Unified Payment Interface (UPI), which is owned and operated by NPCI. Foreign digital payment companies were required to comply with this 30% market share limit by January 2023.

India does not implement a de minimis threshold, which refers to the minimum value of goods below which customs do not charge duties. Although the Courier Imports and Exports (Electronic Declaration and Processing) Regulations, 2010 refer to "low-value dutiable consignments" as those with an invoice value below INR 100,000 (approx. USD 1,000) for imports (excluding documents, gifts, and samples), the specific de minimis threshold applied in the country remains unclear.

The Consumer Protection (E-Commerce) Rules, 2020, provides a comprehensive framework for consumer protection that also applies to online transactions. The Rules introduced in 2020 established several requirements, such as displaying requirements for the name and details of sellers, details of returns, refunds, exchanges, warranties, and guarantees. In addition, requires sellers on the platform to provide an undertaking affirming the accuracy of descriptions, images, and other content of the goods or services on the platform, including that they correspond directly with the appearance, nature, quality, and purpose.

India has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

India has adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.

India has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

According to Condition 37.1 of the License Agreement for Unified License, issued by the Department of Telecommunications, Ministry of Communications and Information Technology, Internet Service Provider licensees are prohibited from employing bulk encryption equipment in their networks. The licensor or officers designated for this purpose have the authority to evaluate any encryption equipment connected to the licensee's network. However, the licensee remains responsible for ensuring the protection of communication privacy and preventing unauthorised message interception.

According to Section 84A of the Information Technology Act, the Government may, for secure use of the electronic medium and for the promotion of e-governance and e-commerce, prescribe the modes or methods for encryption. However, no rules have been introduced under this section.

Since the implementation of the Consolidated FDI Policy Circular of 2016, last amended by the Consolidated FD) Policy Circular of 2020, India permits fully owned FDI in business-to-business (“marketplace-based”) electronic commerce, i.e. "providing an information technology platform by an e-commerce entity on a digital & electronic network to act as a facilitator between buyer and seller." However, India prohibits foreign investment in business-to-consumer (or “inventory-based”) electronic commerce, also defined as "e-commerce activity where the inventory of goods and services is owned by an e-commerce entity and is sold to the consumers directly".
When a marketplace e-commerce entity exercises ownership or control over the inventory, the business is categorised into the inventory-based model. Additionally, India implemented regulations that expressly prohibit subsidiaries of foreign-owned marketplace-based electronic commerce sites from selling products on their parent companies’ sites. The rules also prohibit exclusivity arrangements by which electronic commerce retailers can offer a product on an exclusive basis.
The only exceptions for FDI in inventory-based electronic commerce are for food-product retailing and single-brand retailers that meet certain conditions, including the operation of physical stores in India. According to Section 5.2.15.3 of the Consolidated FDI Policy Circular of 2020, retail trading through e-commerce can also be undertaken before opening physical stores, subject to the entity opening physical stores within two years from the start of online retail. Overall, it is reported that these narrow exceptions limit the ability of many electronic commerce service suppliers to serve the Indian market.