In March 2021, the government amended the Critical Infrastructure Act, establishing an investment screening process. According to Art. 9, acquisitions of more than 10% of shares or voting rights in critical infrastructure has to be reviewed. This covers investment in information and communication technology and postal services. among other sectors. In addition, if the transaction compromises public order or national security, authorities can propose that the Government either (i) prohibits the transaction, or (ii) approves the transaction conditionally. The Government may then grant unconditional or conditional approval in cases where the benefits of the transaction outweigh the risks or propose remedies to ensure that the benefits outweigh the risks.

Under Regulation 2019/452, EU Member States may maintain their existing investment screening mechanisms (21 Member States currently do so), adopt new ones, or remain without such national mechanisms. Member states must inform the Commission about investments that may threaten security or public order in several member states or harm strategic EU projects or programs, such as Horizon 2020 or Galileo, however, the final decision rests with the Member State concerned.
The Regulation has been implemented in Slovakia through the amendment of the Critical Infrastructure Act 2011 and the adoption of the Screening of Foreign Direct Investments Act, which significantly expands the scope of the FDI screening regime established by the Critical Infrastructure Act 2011. However, the FDI Act will become effective in March 2023. Following the entry into force of the FDI Act, investors will have to carefully consider whether their investments might fall under the ambit of the FDI Act and in such cases, whether they constitute regular foreign investment or critical foreign investment (subject to the Critical Infrastructure Act 2011), in which case different processes will apply.

Art. 85 of the Utilities Directive (2014/25/EU) contains provisions allowing contracting public entities to reject foreign goods not covered by any EU international commitments from its tender procedures. In these cases, a tender submitted for the award of a supply contract may be rejected where the proportion of the products originating in third countries exceeds 50% of the total value of the products constituting the tender (Art. 85.2). Additionally, in cases of equivalent offers, the provisions provide for a preference for European tenders and tenders covered by EU's international obligations. In practice, this possibility has rarely been used.
In Slovakia, the Directive has been transposed with the Act No. 343/2015 on public procurement and amending certain acts, and with the Decree of the Public Procurement Office No. 153/2016 laying down a threshold for above-threshold contract, a threshold for above-threshold concession and a threshold for design contests.

It is reported that lack of transparency is a challenge for public procurement procedures in Slovakia, especially for foreign bidders, including with respect to overly narrow definitions of tenders, and implicit biases in favor of local vendors and state-owned enterprises.

Romania has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.

Romania has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

The Consumer Rights Directive 2011/83/EU provides an updated framework aimed at encouraging online sales. The Directive has been implemented by Law No. 363/2007 on unfair commercial practices of traders in relation to consumers and harmonizing the regulations with the European legislation on consumer protection.

Romania has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

In June 2021, the administration of President Klaus Iohannis signed into law a bill that effectively bars Huawei and other Chinese telecommunications providers from taking part in the development of the country's 5G telecommunication networks, on security concerns. Telecom companies need “clearance” from the country’s Supreme Defense Council (CSAT) to provide technologies, equipment or software for critical infrastructure and 5G networks. Given that Huawei has not received CSAT approval, Romanian telecom companies would have to remove all Huawei products from their networks within five to seven years, and the major Chinese firm is excluded from taking part in the development of the 5G network.

In case of mergers that may have an impact on national security, a notification to the Superior Council of National Defence is required. Sectors considered as impacting national security include: security of citizens, critical infrastructure, and IT and communications systems. However, to date, there are no cases of restrictions to mergers in the telecom or electronic communications sectors.

The EU Directive on Audiovisual Media Services (AVMS) covers traditional broadcasting services as well as audiovisual media services provided on-demand, including via the Internet. Article 13(1) provides for Member States to secure a minimum 30% share of European works in the catalogues as well as "ensuring prominence" of those works. "Prominence" involves promoting European works through facilitating access to such works using any appropriate means to ensure prominence of European works. The Directive has been implemented by Member States in different ways, ranging from very extensive and detailed measures to a mere reference to the general obligation to promote European works.
In Romania, Art. 13 is in the process of being implemented via two modifications to Audiovisual Law No. 504/2002: first, Video-on-Demand (VOD) providers have to reserve a share of European works in their catalogue, and, second, VOD providers have to use promotion tools which give prominence to European works such as indicating the country of origin in the catalogue. The modifications are still in the consultation phase as of March 2021.

In June 2021, the administration of President Klaus Iohannis signed into law a bill that effectively bars Huawei and other Chinese telecommunications providers from taking part in the development of the country's 5G telecommunication networks, on security concerns. Telecom companies need “clearance” from the country’s Supreme Defense Council (CSAT) to provide technologies, equipment or software for critical infrastructure and 5G networks. Given that Huawei has not received CSAT approval, Romanian telecom companies would have to remove all Huawei products from their networks within five to seven years, and the major Chinese firm is excluded from taking part in the development of the 5G network.

The Directive 2000/31/EC (E-Commerce Directive) is the legal basis governing the liability of Internet Services Providers (ISPs) in the EU Member States and includes a conditional safe harbor. Not all Member States have transposed the relevant articles consistently, leading to divergent national case law that could cause legal insecurity on an EU level.
The national transposition by Romania of Directive 2000/31/EC has been carried out through the E-commerce Act. Articles 11 to 15 of the law outline the liability scheme for internet intermediaries. The law largely follows the European Union E-Commerce 'safe harbours' model, immunizing intermediaries when they act as a mere conduit or when they cache or host material. Intermediaries remain liable if they are the originators of the information, if they modify the information or if they are aware of the infringing nature of the information. While there is no general monitoring duty imposed on intermediaries, once they are made aware of the infringing content they do have a duty to ‘rapidly’ remove it from their platform. Article 16 further provides that the legal remedy brought against these intermediaries is either a take-down or a blocking order (both temporary and permanent injunctive remedies are permitted).
The law differs from the EU model in two primary respects. The law does not use the term ‘internet intermediary’, instead identifying specific types of ‘service provider[s]’, suggesting a more nuanced view of the online environment. This enables the law to go further than the EU E-Commerce Directive. Specifically, Article 15 explicitly extends the internet intermediary liability protection to search engines which are not considered in the EU directive. Search engines are similarly liable if they fail to block illegal content once they have been made aware of it.

The Directive 2000/31/EC (E-Commerce Directive) is the legal basis governing the liability of Internet Services Providers (ISPs) in the EU Member States and includes a conditional safe harbor. Not all Member States have transposed the relevant articles consistently, leading to divergent national case law that could cause legal insecurity on an EU level.
The national transposition by Romania of Directive 2000/31/EC has been carried out through the E-commerce Act. Articles 11 to 15 of the law outline the liability scheme for internet intermediaries. The law largely follows the European Union E-Commerce 'safe harbours' model, immunizing intermediaries when they act as a mere conduit or when they cache or host material. Intermediaries remain liable if they are the originators of the information, if they modify the information or if they are aware of the infringing nature of the information. While there is no general monitoring duty imposed on intermediaries, once they are made aware of the infringing content they do have a duty to ‘rapidly’ remove it from their platform. Article 16 further provides that the legal remedy brought against these intermediaries is either a take-down or a blocking order (both temporary and permanent injunctive remedies are permitted).
The law differs from the EU model in two primary respects. The law does not use the term ‘internet intermediary’, instead identifying specific types of ‘service provider[s]’, suggesting a more nuanced view of the online environment. This enables the law to go further than the EU E-Commerce Directive. Specifically, Article 15 explicitly extends the internet intermediary liability protection to search engines which are not considered in the EU directive. Search engines are similarly liable if they fail to block illegal content once they have been made aware of it.

In Romania, the game server must store all data related to the provision of remote gambling services, including records and identification of the players, the stakes placed and the winnings paid out. Information must be stored using data storage equipment (mirror server) situated on Romanian territory.