The Consumer Rights Directive 2011/83/EU provides an updated framework aimed at encouraging online sales. The Directive has been implemented by the "Law to Adapt the Formal Requirements of Private Law to Modern Legal Transactions."

Germany has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

The EU Directive on Audiovisual Media Services (AVMS) covers traditional broadcasting services as well as audiovisual media services provided on-demand, including via the Internet. Art. 13.1 provides for Member States to secure a minimum 30% share of European works in the catalogues as well as "ensuring prominence" of those works. "Prominence" involves promoting European works by facilitating access to such works using any appropriate means to ensure their prominence. The Directive has been implemented by Member States in different ways, ranging from very extensive and detailed measures to a mere reference to the general obligation to promote European works.
In Germany, the EU Directive was transposed into domestic law through the Interstate Treaty on Broadcasting and Telemedia. According to Art. 77 of the Treaty, to represent the diversity in the German-speaking and European regions and to promote European film and television productions, providers of television-like telemedia (VOD) must ensure that the proportion of European works in their catalogues is at least 30%.

§9b of the Act on the Federal Office for Information Security requires that critical components register with the Federal Ministry of the Interior before their first use. The use of these components can be prohibited on three grounds: if the producer is controlled by a third state government, its military or other public authorities, directly or indirectly; if the producer has previously been involved in activities with negative consequences on the public safety or order of the Federal Republic of Germany, other member states of the EU, the European Economic Area or the North Atlantic Treaty; or if the use of the critical component is in contradiction with the security interests of the Federal Republic of Germany, the EU or the North Atlantic Treaty.

Under the Digital Health Appliances Ordinance, data related to digital health appliances can only be processed in the EU or in jurisdictions where there is an adequacy decision (Section 4.3), while other exceptions, such as standard contractual clauses, are not allowed. Digital Health Appliances (Digitale Gesundheitsanwendungen) are low-risk medical digital devices that are intended to detect or alleviate illnesses, assist in diagnosis, and are based primarily on digital technology. They include apps and browser-based applications. A "DiGA" can be used either by the patient alone or shared by the doctor and patient.

The European Union General Data Protection Regulation (GDPR) provides a comprehensive framework for data protection that applies to all EU Member States. Germany implemented the GDPR in 2018 through the Federal Data Protection Act.

Germany's implementation of the EU General Data Protection Regulation (GDPR) broadens the scope of the requirement for a data protection officer under Art. 37 GDPR. According to Art. 38 of the Federal Data Protection Act, public entities and private entities with at least 20 permanent employees in automated data processing have to appoint a data protection officer; "automated data processing" here includes most computer-based activities. In addition to GDPR requirements, all entities that perform operations for which a data protection impact assessment is necessary, according to the GDPR, also have to appoint a data protection officer.

Sections 173 and 174 of the Telecommunications Act require that providers of publicly available telecommunications services for consumers establish an automated system for data access for the Federal Networks Agency and law enforcement agencies regarding certain types of data (name and address, date of birth, telephone number of a certain user) and immediately respond to other data demands if there is evidence of a concrete criminal act within the meaning of Section 2.1 of the Federal Criminal Police Office Act.

The Directive 2000/31/EC (E-Commerce Directive) is the legal basis governing the liability of Internet Services Providers (ISPs) in the EU Member States and includes a conditional safe harbour. Not all Member States have transposed the relevant articles consistently, leading to divergent national case law that could cause legal insecurity on an EU level.
Under §7-10 of the Telemedia Act, there are liability exemptions for intermediaries in cases where these have not actively triggered a transmission, chosen its recipient, where they have no knowledge of illegal content or activities or where they immediately remove related content. This broadens the scope of Art. 14 of the EU E-Commerce Directive, which only refers to "knowledge".

The Directive 2000/31/EC (E-Commerce Directive) is the legal basis governing the liability of Internet Services Providers (ISPs) in the EU Member States and includes a conditional safe harbour. Not all Member States have transposed the relevant articles consistently, leading to divergent national case law that could cause legal insecurity on an EU level.
Under §7-10 of the Telemedia Act, there are liability exemptions for intermediaries in cases where these have not actively triggered a transmission, chosen its recipient, where they have no knowledge of illegal content or activities or where they immediately remove related content. This broadens the scope of Art. 14 of the EU E-Commerce Directive, which only refers to "knowledge".

It is reported that Germany imposes an identity requirement for SIM registration. Anyone wanting to purchase a SIM card has to provide their national ID card or a passport in case of foreigners to activate a new prepaid SIM card.

NetzDG establishes broad requirements for dealing with illegal content and user complaints. Under §3 of the law, platform operators have to remove or block manifestly illegal content within 24 hours after receiving a complaint unless otherwise agreed with the competent law enforcement agency. Other illegal content has to be blocked or removed seven days after receiving a complaint unless the decision whether the content is illegal is contingent on the veracity of a factual claim or the provider has put in place an independent body dealing with these claims. These procedures have to respect due process. Providers who receive more than 100 complaints per year have to submit two reports on these procedures each year (§2 NetzDG). The law has faced criticism from various human rights groups, the United Nations and the Council of Europe, among others. Criticisms include the potential undermining of freedom of speech and expression, vague definitions and arbitrary criteria for removal of content, and disproportionate sanctions for failing to comply.

Art. 17 of Directive 2019/790 on Copyright in the Digital Single Market (DSM Directive) mandates that providers of content-sharing services seek authorisation from rights holders and implement technical solutions to remove and prevent unauthorised uploads by their users (so-called upload filters) under penalty of losing their liability safe harbour. Further arrangements are envisaged for complaints and dispute resolution mechanisms. Such upload filters are reported to be a significant cost for online platforms. Graduated exemptions are expected to be put in place for new providers active in the EU for less than three years with a turnover under EUR 10 million, and with fewer than five million users. The provision is subject to a challenge in the Court of Justice by Poland (C-401/19).
To implement Directive 2019/790, the Bundestag has adopted the Act on the Adaptation of Copyright Law to the Requirements of the Digital Single Market, therefore making online content-sharing service providers partially liable for copyright violations on their platforms.

According to §14b of the Value Added Tax Act, all VAT invoices must be stored within Germany. When these invoices are stored electronically, they can be stored within another EU member state. However, the tax authority must be notified of the location of the data servers and have the ability to access and download the data.

The Directive 2016/943 on the protection of undisclosed know-how and business information (trade secrets) is key in harmonising national laws concerning trade secrets. Germany transposed the Directive in 2018, as well as with the Law transposing Directive (EU) 2016/943 on the protection of trade secrets against their unlawful acquisition, use and disclosure.