Arts. 23 and 24 of Law No. 68 require foreign entities conducting business in Kuwait to do so either through a local agent or a Kuwaiti partner, which is typically facilitated through the establishment of a Kuwaiti company with Kuwaiti participants owning at least 51% of the share capital. An exception to these restrictions on foreign ownership is when the relevant Kuwaiti company is established and licensed under the Law No. 116 (Art. 12), which allows for increased levels of foreign ownership (up to 100%). Law No. 116 permits the Kuwait Direct Investment Promotion Authority (KDIPA) to authorize, on a case-by-case basis, up to 100% foreign ownership in the following industries: communications infrastructure; information technology and software development; entertainment, investment management, among others. Although a Kuwaiti or Gulf Cooperation Council (GCC) national must own at least 51% of any local company, this requirement may be waived if non-GCC investors qualify to invest through KDIPA. A 2017 amendment to the 2016 Companies Law eliminated prohibitive requirements on limited liability companies.

Kuwait is not a party to the World Trade Organization (WTO) Agreement on Government Procurement (GPA) nor does it have observer status.

The Public Tenders Law No. 49 of 2016 governs public procurement from the government. Art. 31 requires bidders to be a Kuwait individual or company registered in a commercial register. Art. 87 of the law imposes a local content requirement on foreign bidders to purchase not less than 30% of the goods from local suppliers. In addition, Art. 62 creates a preference scheme in favor of national products or products from the Gulf Cooperation Council member countries.

It is reported that the process that manufacturers must undertake to pre-qualify new technologies by the government is lengthy and burdensome, and lacks transparency. It is also reported that the often-lengthy procurement process in Kuwait occasionally results in accusations of attempted bribery or the offering of other inducements by bidders.

Kuwait is a signatory of the World Trade Organization (WTO) Information Technology Agreement (ITA) of 1996, but is not a signatory of its 2015 expansion (ITA II).

Korea has adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.

Korea has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

Korea has signed but not ratified the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

According to Art. 32 of the Act on Promotion of Information and Communications Network Utilization and Information Protection etc., foreign IT services providers with no office in Korea must designate a local agent responsible for data privacy compliance.

The Act on Consumer Protection in Electronic Commerce Transactions provides a comprehensive framework for consumer protection that also applies to online transactions. In addition, it is reported that for business-to-business transactions, the Regulation of Terms and Conditions Act and the Fair Trade Act are the main frameworks applied.

According to Art. 4 of the Domain Name Management Rules set forth by the Korea Internet & Security Agency (KISA), domain name registrants must have a postal address of their place of residence in Korea. In addition, it is reported that a Copy of Company registration in Korea with proof of company address in both English and Korean languages is required for registration and that a Korean-based administrative contact is mandatory.

It is reported that under the Regulation on Supervision of Credit-Specialized Financial Business, electronic commerce firms operating on a cross-border basis have been prevented from either selling in Korean won or storing domestic consumers’ credit card information unless they have registered in Korea as a Payment Gateway (PG) supplier or use a local PG company service for won-denominated transactions. In the absence of a PG registration (which requires firms to develop Korea-specific payment systems and customer interfaces, and to have a local presence in Korea), foreign electronic commerce sites can only process dollar-denominated transactions for which customers enter their credit card information anew each time, which puts them at a competitive disadvantage as compared to local merchants. However, the Electronic Finance Supervisory Regulations do not impose the registration requirement for subsidiary electronic financial business entities which include PG services. It imposes such a requirement only on electronic financial business entities.

According to Art. 8 of the Notice of Import Customs Clearance for Express Goods, as amended in 2016 increasing the value of the de minimis rule, Korea has a de minimis rule that allows goods for personal consumption and samples not exceeding USD 150 (and USD 200 only for trade with the US and Puerto Rico as per Korea-US FTA) to be exempted from taxes and duties collected by customs.

Pursuant to Art. 4 of the National Intelligence Service Korea Act and Art. 56 of the Electronic Government Act, National Intelligence Service (NIS) impose security verification requirements on network equipment and cyber-security software in government procurement. Generally, they may satisfy the requirement by showing that the products are certified at a Common Criteria Recognition Arrangement (CCRA) accredited lab outside of Korea. However, certain network equipment must undergo an additional security verification process. Furthermore, the Common Criteria (CC) certification may not be sufficient for two reasons. First, NIS may substitute the CC certification with other certification mechanisms that were internally developed (e.g., GS Certification). Second, NIS may reject a CC certification when it deems that the certification does not cover particular functions of the product that the government entity needs.