The Consumer Rights Directive 2011/83/EU provides an updated framework aimed at encouraging online sales. The Directive has been implemented by the Finnish Consumer Protection Act 2005.

Finland has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

Finland has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.

Finland has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

The EU Directive on Audiovisual Media Services (AVMS) covers traditional broadcasting services as well as audiovisual media services provided on-demand, including via the Internet. Art. 13.1 provides for Member States to secure a minimum 30% share of European works in the catalogues as well as "ensuring prominence" of those works. "Prominence" involves promoting European works by facilitating access to such works using any appropriate means to ensure their prominence. The Directive has been implemented by Member States in different ways, ranging from very extensive and detailed measures to a mere reference to the general obligation to promote European works.
In Finland, the EU Directive was transposed into domestic law through the amendment of the Act on Electronic Communication Services of December 2020 (Law No. 1207/2020 on Amending the Electronic Communications Services Act). According to Art. 209 of the Act, subscription programme service providers must reserve at least 30% of their programme list for European works and ensure the visibility of these works within the list. This obligation does not apply to subscription programme service providers with a small turnover or audience, or in cases where compliance would be practically impossible or unjustified. Furthermore, Finland has not implemented financial contribution obligations for VOD service providers.

The Act on Electronic Communications Services implements the EU toolbox on securing the security and protection of critical parts of the communications network. The Act gives the Finnish government powers to deem certain telecommunications components and equipment a threat to national security and exclude them from the Finnish network. While the Act does not explicitly name Huawei or ZTE, as other EU member states have, it is likely that components from these telecommunications providers will face heightened scrutiny or possible bans.

It is reported that the Finnish Transport and Communications Agency (FICORA), the executive authority for the supervision and administration of services in the telecommunications sector, is independent from the government in the decision-making process.

The Act on the Secondary Use of Health and Social Data facilitates the use of personal data in social and health activities for secondary purposes, establishing specific conditions regarding the environments in which such data may be analysed. While the Act itself does not impose restrictions on the transfer of personal data, the Social and Health Data Permit Authority has issued Regulation 1/2022, which, in Section 3.1.2 of Annex 1, stipulates that the environment must be physically located within the EU/EEA.

The European Union General Data Protection Regulation (GDPR) provides a comprehensive framework for data protection that applies to all EU Member States. Finland implemented the GDPR in 2019 through the Data Protection Act.

Under the Directive on Data Retention, operators were required to retain certain categories of traffic and location data (excluding the content of those communications) for a period between six months and two years and to make them available, on request, to law enforcement authorities for the purposes of investigating, detecting and prosecuting serious crime and terrorism. On 8 April 2014, the Court of Justice of the European Union (ECJ) declared the Directive invalid. However, not all national laws that implemented the Directive have been overturned.
In Finland, data retention laws are still in force, but as of 2021, they are under review. Chapter 19 of the Electronic Communications Services Act authorises the Finnish Ministry of the Interior to request data retention obligations of telecommunications providers. The retention obligations require telecommunications providers to retain traffic and location data for individuals under investigation for certain crimes for a period of 6-12 months, depending on the type of data. It is also true that following the ECJ ruling invaliding the Data Retention Directive, the scope and the application of the Finnish Information Society Code is limited. For instance, it does not include website browsing. Moreover, small operators are not required to retain their data. The data retention period goes from six months to 12 months, according to the category of the data.

Chapter 19 of the Electronic Communications Services Act allows the Ministry of the Interior to request retention obligations of telecommunications providers without a judicial warrant. These retention obligations require telecommunications providers to retain traffic and location data for certain individuals or between 6-12 months, depending on the type of data, for use by the authorities in solving certain criminal acts. While the contents of communications cannot be accessed by authorities, Chapter 19 gives the Finnish government the ability to amend certain retention obligations by Government Decree. Thus, Chapter 19 essentially allows Finnish authorities to access personal traffic and location data for individuals suspected of committing certain crimes without a warrant.

The Directive 2000/31/EC (E-Commerce Directive) is the legal basis governing the liability of Internet Services Providers (ISPs) in the EU Member States and includes a conditional safe harbour. Not all Member States have transposed the relevant articles consistently, leading to divergent national case law that could cause legal insecurity on an EU level.
In Finland, the Act 458/2002 on Information Society Services and Electronic Commerce implements the E-Commerce Directive almost verbatim, but at the same time, it has some important distinctions, such as not implementing Art. 15 on prohibition of monitoring obligations.

The Directive 2000/31/EC (E-Commerce Directive) is the legal basis governing the liability of Internet Services Providers (ISPs) in the EU Member States and includes a conditional safe harbour. Not all Member States have transposed the relevant articles consistently, leading to divergent national case law that could cause legal insecurity on an EU level.
In Finland, the Act 458/2002 on Information Society Services and Electronic Commerce implements the E-Commerce Directive almost verbatim, but at the same time, it has some important distinctions, such as not implementing Art. 15 on prohibition of monitoring obligations.

The Limited Liabilities Company Act states that at least one of the members of the Board of Directors must be a resident of the European Economic Area (EEA) unless an exemption is granted by the regulatory authority. Furthermore, the managing director must also be a resident of the EEA.

The Act on the Screening of Foreign Corporate Acquisitions grants the Finnish Ministry of Economic Affairs and Employment (TEM) the authority to screen foreign investments. According to Art. 3 of the Act, if the TEM believes that an FDI might conflict with a key national interest, the Ministry may refer the matter of confirmation or denial to a government plenary session for consideration. As defined in Art. 2, as amended in 2020, key national interest includes securing military, and national defence, functions vital to society, national security and foreign and security policy objectives, and safeguarding public order and security in accordance with Arts. 52 and 65 of the Treaty on the Functioning of the European Union, if there is a genuine and sufficiently serious threat to a fundamental interest of society.