In Austria, a screening mechanism was first introduced with Section 25a of the Foreign Trade Act 2011. The Act has been replaced in July 2020 by the Austrian Investment Control Act, which provides different scenarios where screening applies. The main relevant scenarios triggering the screening are, under certain circumstances, as follows:
- Acquisition of 10% or more of voting rights in the company when related to the following digitally sensitive sectors: defence equipment/defence technology; critical energy infrastructure; critical digital infrastructure (in particular 5G infrastructure); systems that enable data sovereignty of the Republic of Austria;
- Establishment of a new branch in Austria if an Austrian undertaking is acquired by a foreign entity and the relevant thresholds are met;
- Establishment of a new company in which foreign investors will have more than 10% voting rights.
The Foreign Direct Investment Screening Act provides that some transactions are exempt from the approval requirement where the target is a very small undertaking with less than ten employees and an annual turnover or annual balance of no more than 2 million euros.

According to Art. 43 of the Patent Act 1970, applications for patents are subject to formal and substantive examination by the Patent Office. Moreover, according to Art. 21, anyone who has neither domicile nor branch office in Austria can only assert rights under this Federal Act before the Patent Office if they are represented by a party representative listed in Section 77 (Only lawyers, patent attorneys, and notaries, as well as the financial procuratorate, are authorised to represent parties professionally before the Patent Office.). If the place of residence or branch is in the EEA or in the Swiss Confederation, however, the appointment of an authorised recipient resident in Switzerland is sufficient for the assertion of rights under this federal act. The requirement of the main residence in Austria does not apply to citizens of EEA contracting states if service is ensured by international treaties with the contracting state of the domicile of the authorised recipient or in another way.

Art. 27 of the General Data Protection Regulation (EU) 2016/679 requires a local representative for data controllers or processors not established in the EU.

Regulation 2021/821 establishes that the export of dual-use items used for both civilian and military applications is subject to control, and these goods may not leave the EU customs territory without an export authorisation. Annex I identifies a range of dual-use items that face either authorisation requirements or outright bans for exportation outside of the EU, which include electronics, computers, telecommunications and information security. Regulation 2021/821 replaces the previous regulation on the matter (Regulation (EC) No. 428/2009), as subsequently amended and implemented by Regulation (EU) No. 1232/2011 and Delegated Regulation (EU) 2018/1922, respectively.

The European Union enforces export and import controls on Russia since 2014, with the implementation of Council Regulation (EU) No. 833/2014, and more extensively since the 2022 invasion of Ukraine. A key element of these measures is Council Regulation (EU) No. 2022/328, adopted in February 2022, which prohibits the export, sale, supply, or transfer of various goods and technologies to Russia. Effective from 26 February 2022, this regulation specifically bans:
- The export of dual-use goods and technologies listed in Annex of Regulation (EU) 2021/821, affecting 6,251 goods under 929 six-digit tariff subheadings.
- The export of goods and technologies suited for use in aviation or the space industry, outlined in Annex XI, covering all products in tariff chapter 88.
This Regulation has been further complemented by several additional packages of sanctions on Russia, including measures such as bans on ICT goods—covering semiconductors, telecommunications equipment, and software—and restrictions on digital services like cloud computing. These sanctions also extend to the sale, licensing, transfer, or sharing of intellectual property rights and trade secrets that could benefit prohibited sectors or entities in Russia. Furthermore, the EU has imposed prohibitions on specific professional services, including business consultancy, legal advisory, and IT consultancy, significantly limiting Russia's access to critical expertise and resources essential for its economic and technological capabilities.
The last sanctions package ("Twelfth Package") was implemented by Council Regulation (EU) No.2023/2878, amending the Council Regulation (EU) No. 833/2014.

In February 2022, the European Union (EU) published the European Standardization Strategy, which, among other things, introduced amendments to Regulation 1025/2012 on European Standardization Organizations (ESOs). The amendment requires that ESOs limit the involvement of non-EU stakeholders in the development of harmonised European standards (EN). This change has a significant impact on the European Telecommunications Standards Institute (ETSI), which specialises in information and communications technologies (ICT) and has historically allowed direct participation from foreign firms. Additionally, it has been reported that certain policies implemented by the European Commission, such as the refusal to reference standards developed outside Europe and the imposition of new restrictions on participation in expert advisory groups (including the newly established High-Level Forum on European Standardization), indicate a broader strategy to exclude non-EU participants, challenge the recognition of international standards developed in the United States, and promote European regional standards globally.

Self-certification is allowed under equal terms for foreign and domestic companies under Art. 14 and Annex II of the Electromagnetic Compatibility Directive 2014/30/EU.
EU legislation requires that the manufacturer of a CE-marked product issues an EU Declaration of Conformity for the product and draws up technical documentation. A Declaration of Conformity (DoC) is a document signed by a manufacturer or authorised representative confirming that the product placed in the market complies with applicable EU requirements and is required for all CE Marked products sold in the EU with few exceptions. The contents of the Declaration of Conformity shall follow the model declarations set out in Annex III to Decision 768/2008/EC or in annexes to applicable legislation. (CE-marked products signify that products sold in the EEA have been assessed to meet high safety, health, and environmental protection requirements.)
The EU has concluded a number of Mutual Recognition Agreements (MRAs) with third countries that allow national conformity assessment bodies to certify product conformity for the respective markets. The EU has signed 7 MRAs, 6 of which cover electromagnetic compatibility and interference as and/or radio and telecommunications equipment.

According to the Council Directive (EU) 2017/2455 of 5 December 2017, amending Directive 2006/112/EC and Directive 2009/132/EC as regards certain value-added tax obligations for supplies of services and distance sales of goods, the de minimis threshold, that is the minimum value of goods below which customs do not charge duties, is USD 174, below the 200 USD threshold recommended by the International Chamber of Commerce (ICC).

Art. 18 (2) of Directive (EU) 2016/1148 establishes a local presence requirement, through the designation of a representative, for digital services providers not established in the Union but offering digital services within the Union. The types of digital services for the purposes of Art. 18 (2), referred to in Annex III, are online marketplace, online search engine and cloud computing services.

The European Union has joined agreements with binding commitments to open transfers of data across borders: the Trade and Cooperation Agreement between the European Union and the European Atomic Energy Community, of the One Part and the United Kingdom of Great Britain and Northern Ireland, of the Other Part (Art. 201), and the EU-New Zealand Free Trade Agreement (Chapter 12, Art. 12.4)

Since May 2018, the General Data Protection Regulation (GDPR) requires that organisations conducting "regular and systematic monitoring of data subjects on a large scale" or whose activities include the processing of sensitive personal data on a large scale must appoint a Data Protection Officer (DPO). Previously, only European institutions and bodies were required to appoint at least one person as a DPO, with some Member States also imposing such requirements on private companies. In addition, under the GDPR, Data Protection Impact Assessments (DPIAs) are mandatory for data processing activities that are likely to result in a high risk to the rights and freedoms of natural persons.

Through Council Regulation (EU) 2022/350 and Council Decision (CFSP) 2022/351, the EU has sanctioned a number of Russian TV channels as a result of "Russia's actions destabilising the situation in Ukraine". The sanctions entail the suspension of broadcast licenses and distribution agreements (e.g. over cable). A wide range of operators are supposed not to enable or facilitate the broadcast of any content by these channels, including through "IP-TV, internet service providers, internet video-sharing platforms or application". As a result, these channels have been delisted from online search results, and their social media accounts are no longer accessible in the EU. (Some of these accounts had already been voluntarily suspended by major digital platforms). Their websites are nevertheless still accessible.

The Trade Secrets Directive (EU) 2016/943 protects trade secrets while also allowing for disclosure of trade secrets for reasons of public interest, either to the public or to public authorities in the performance of their duties. Art. 1.2 states that "this Directive shall not affect: [..] (b) the application of Union or national rules requiring trade secret holders to disclose, for reasons of public interest, information, including trade secrets, to the public or to administrative or judicial authorities for the performance of the duties of those authorities."
Moreover, Art. 5 stipulates that Member States shall ensure that an application for the measures, procedures and remedies provided for in this Directive is dismissed where the alleged acquisition, use or disclosure of the trade secret was carried out in any of the following cases for revealing misconduct, wrongdoing or illegal activity, provided that the respondent acted for the purpose of protecting the general public interest.

Regulation EU 2019/1150 on promoting fairness and transparency for business users of online intermediation services (the Platform to Business Regulation) requires the disclosure of certain features of algorithms, which may constitute trade secrets. Art. 5 stipulates that online intermediation services must disclose the main ranking parameters and their relative importance to business users through terms of service, while online search engines need to make similar disclosures publicly. The Commission's December 2020 guidance on ranking (§82) argues that providers cannot refuse to disclose the main parameters based on the sole argument that these constitute a trade secret.