In 2016, Korea Internet Security Agency (KISA) developed a cloud security certificate (KCSC) system governing public-sector cloud service procurement. This is based on the 2016 Notice on Protection of Information for Cloud Computing Services promulgated pursuant to Art. 23-2 of the Act on the Development of Cloud Computing and Protection of Its Users, which was inserted to the statute in 2015. It is reported that this constitutes a key barrier for U.S. cloud service providers because they are unable to meet some requirements for the certification without creating a separate, Korean-unique product.

Under Art. 69 of the Electronic Government Act, enacted in 2001, and Cryptographic Module Testing and Validation Guidelines (Guidelines), promulgated in 2004, the National Intelligence Service (NIS) operates the Korea Cryptographic Module Validation Program (KCMVP). KCMVP validates that software, network (such as VPN and SW USB series), and hardware equipment that deals with non-confidential yet important information complies with the Cryptographic Module Validation Standards, which were amended in 2015. Appropriate encryption standards are ones developed in Korea such as ARIA, SEED, LEA, and Hight. It is reported that the lack of recognition of other international encryption standards constitutes a barrier for foreign suppliers.

Under the Guidelines, suppliers of software, network (such as VPN and SW USB series), and hardware equipment that deals with non-confidential yet important information must also submit the source code of their products to pass the Cryptographic Module Validation Process. It is reported that source code could potentially be required as part of common criteria certification administered by the IT Security Certification Center, a requirement for public procurement of cloud computing services.

The Enforcement Decree of the Act on Contracts to Which the State is a Party, which was promulgated in 1995, provides some situations where a competitive bidding process is limited or does not apply. In light of factors such as the purpose, characteristics, and scale of the procurement contract, the government may restrict the participation of potential bidders (Art. 21), select certain bidders to engage in further bidding (Art. 23), or execute an at-will contract (Art. 26).
This is despite Since the Act on Contracts to which the State is a Party, under Article 5, has prohibited "any special term or condition, discriminative against nationals of contracting states to the Agreement on Government Procurement and goods produced or services provided by such States and in favor of nationals of the Republic of Korea and goods produced or services provided from the Republic of Korea, to international tendering procedures."
The Act on Contracts to Which a Local Government is a Party, under Article 6, has applied the same principle since 2005. Per Art. 12, the contracting agency may not restrict participation of bidders who have gone through a competitive bidding process.

According to Art. 48 of Software Industry Promotion Act, participation in government-led software procurement is limited to SMEs. The Act allows the participation of "large" companies in exceptional circumstances. It is reported that this has effectively limited certain bids on software procurement, leaving out multinational firms.

Since 1995, the Act on Contracts to Which the State is a Party has excluded, under Article 4, international biddings in certain public procurement tenders where:
- procurement is for goods or services necessary for manufacturing other goods or services that are later to be sold or resold;
- products from SMEs are manufactured and purchased pursuant to Act on Facilitation of Purchase of Small and Medium Enterprise-Manufactured Products and Support for Development of their Markets (Act on SMEs);
- a Presidential Decree forbids so in conformity with the Government Procurement Agreement.
Furthermore, since 2005, the Act on Contracts to Which a Local Government is a Party has regulated under Art. 5 international biddings to procurements from a local government in the same manner.
It is reported that the Act on Facilitation of Purchase of Small and Medium Enterprise-Manufactured Products and Support for Development of their Markets, enacted in 2009 and applying under these procurement legal frameworks, categorize foreign-invested enterprises as "large" companies simply by virtue of being foreign or multinational. As a result, "large" foreign companies are only able to bid projects larger than USD 220,000.

Korea is a signatory of the 1996 World Trade Organization (WTO) Information Technology Agreement (ITA) nor the 2015 expansion (ITA II).

Indonesia has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.

Indonesia has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

Indonesia has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

According to the Minister of Communication and Informatics Regulation No. 5 of 2020 on Private Electronic System Operators, foreign Private Electronic System Operators (ESOs) are required to register their businesses with the relevant ministry through the online single submission system. ESOs should also appoint liaison officers, who have to be domiciled in Indonesia. The duty of the liaison officer is to facilitate any access request by government authorities and takedown requests. According to the regulation, ESOs are persons, business entities, or communities that operate an electronic system. ESOs include electronic system operators that are supervised by ministers or institutions in accordance with laws and regulations, and electronic system operators that have an online portal, site, or application through the internet. The requirement was first enacted with Government Regulation No. 71/2019 regarding the Provision of Electronic Systems and Transaction which repealed the Government Regulation No. 82 of 2012.

Law No. 11 Year 2008 concerning Information and Electronic Transactions provides a comprehensive framework for consumer protection that also applies to online transactions.

According to Regulation No. 23 of 2013 on Domain Name Management, websites are considered electronic systems, and as such, they need to get certified before registering for a domain name. Websites must also provide the identity of the party providing such an electronic system and information on the object of any transaction. It is reported that for the domain name registration, local presence is required.

The E-commerce law states that subject to certain thresholds, foreign business actors that actively conduct e-commerce activities with consumers in Indonesia are deemed as physically present in Indonesia and conducting fixed business activities in Indonesia. These thresholds include (i) number of transactions, (ii) transaction value, (iii) number of shipped packages, and/or (iv) volume of traffic or number of users. A foreign business actor that meets any of the thresholds must appoint an Indonesian representative who can act on its behalf.
In addition, in May 2020, Indonesia issued Ministry of Trade Regulation No. 50/2020 which requires certain foreign e-commerce operators to establish a local representative office in Indonesia. Foreign e-commerce operators that meet either of the following thresholds have to establish a trade representative office in Indonesia: i) those that annually transact with more than 1,000 consumers in Indonesia, and ii) those that annually deliver more than 1,000 packages to consumers in Indonesia. According to the Regulation, the assessment of whether a foreign e-commerce operator met the threshold would be done by the Ministry of Trade.

The Bank of Indonesia Regulation 19/8/2017 on the National Payment Gateway allows three types of institutions to process domestic electronic transactions: standardization institutions, switching institutions, and service institutions. According to Art. 12, all switching institutions have to be owned by at least 80% of Indonesian citizens or entities. The switching institutions are defined under Art. 1.3 as entities within the National Payment Gateway that "process payment transactions".