It is reported that Eswatini does not mandate functional or accounting separation for operators with significant market power (SMP) in the telecom market.

Eswatini is not a signatory of the 1996 World Trade Organization (WTO) Information Technology Agreement (ITA) nor the 2015 expansion (ITA II).

According to the ".ee" Domain Regulation, it is required to appoint an administrative contact for the application for the ".ee" domain name. The administrative contact has to be a citizen of Estonia with an Estonian personal identification code or a European Economic Area (EEA) citizen.

The Consumer Rights Directive 2011/83/EU provides an updated framework aimed at encouraging online sales. The Directive has been implemented by the Consumer Protection Act. The Act includes provisions on the right to information, safety and quality of goods or services, and unfair commercial practices. The Act also safeguards 'distance contracts'. E-commerce is regulated by the Estonian Consumer Protection and Technical Regulatory Authority.

Estonia has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

Estonia has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.

Estonia has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

The European Union General Data Protection Regulation (GDPR) provides a comprehensive framework for data protection that applies to all EU Member States. Estonia implemented the GDPR in 2018 through the Personal Data Protection Act.

Under the EU Directive on Data Retention, operators were required to retain certain categories of traffic and location data (excluding the content of those communications) for a period between six months and two years and to make them available, on request, to law enforcement authorities for the purposes of investigating, detecting and prosecuting serious crime and terrorism. On 8 April 2014, the Court of Justice of the European Union declared the Directive invalid. However, not all national laws that implemented the Directive have been overturned.
In Estonia, the Electronic Communications Act continues to mandate traffic and location data retention. Arts. 111 and 112 of the Act require communications undertakings to retain various categories of communications metadata (including, but not limited to, location data) for a period of one year from the date of the communication.

Art. 112 of the Electronic Communications Act mandates that electronic communications providers furnish the communication data retained under Art. 111 within 10 hours for urgent requests, and within 10 days for other requests, made by the relevant agencies specified in the Act. Additionally, mobile telephone service providers are obliged to supply real-time identification of the location of the mobile device in use. Requests from the agencies may be made either in writing or orally. Notably, this provision does not require prior judicial authorisation. Art. 111 stipulates that internet and telecommunication service providers must retain a broad spectrum of communication data for the purposes of identifying, inter alia, the source, destination, time, duration, and location of the communication.

The Directive 2000/31/EC (E-Commerce Directive) is the legal basis governing the liability of Internet Services Providers (ISPs) in the EU Member States and includes a conditional safe harbour. Not all Member States have transposed the relevant articles consistently, leading to divergent national case law that could cause legal insecurity on an EU level.
The Information Society Services Act (ISSA) is based on the EU e-Commerce Directive (Directive 2000/31/EC).

The Directive 2000/31/EC (E-Commerce Directive) is the legal basis governing the liability of Internet Services Providers (ISPs) in the EU Member States and includes a conditional safe harbour. Not all Member States have transposed the relevant articles consistently, leading to divergent national case law that could cause legal insecurity on an EU level.
The Information Society Services Act (ISSA) is based on the EU e-Commerce Directive (Directive 2000/31/EC).

Art. 17 of Directive 2019/790 on Copyright in the Digital Single Market (DSM Directive) mandates that providers of content-sharing services seek authorisation from rights holders and implement technical solutions to remove and prevent unauthorised uploads by their users (so-called upload filters), under penalty of losing their liability safe harbour. Further arrangements are envisaged for complaints and dispute resolution mechanisms. Such upload filters are reported to be a significant cost for online platforms. Graduated exemptions are expected to be put in place for new providers active in the EU for less than three years with a turnover under EUR 10 million and with fewer than five million users. The provision is subject to a challenge in the Court of Justice by Poland (C-401/19).
To implement Directive 2019/790, the Parliament has adopted the Act amending the Copyright Act (transposition of copyright directives) 368 SE, therefore making online content-sharing service providers partially liable for copyright violations on their platforms.

Current tensions with Russia have induced the Estonian regulatory authority to block Russian websites for geo-political reasons. It is reported that in February 2022, the Consumer Protection and Technical Regulatory Authority (TTJA) ordered telecommunications operators to restrict the online broadcasting of six pro-Kremlin TV channels, including RTR-Planeta, RTVI, Rossiya 24, REN TV, NTV Mir, and PBK, for twelve months in an effort to limit Russian war propaganda. In March 2022, the TTJA ordered the blocking of another TV channel RBK (RBC TV), seven websites (ntv.ru, ren.tv, 5-tv.ru, 78.ru, 1tv.com, lenta.ru, and tass.ru.), and 12 internet channels, whose “content incites to commit offences towards national security and national defence, to the detriment of the security of society,” according to a TTJA press release.