Art. 85 of the Utilities Directive (2014/25/EU) contains provisions allowing contracting public entities to reject foreign goods not covered by any EU international commitments from its tender procedures. In these cases, a tender submitted for the award of a supply contract may be rejected where the proportion of the products originating in third countries exceeds 50% of the total value of the products constituting the tender (Art. 85.2). Additionally, in cases of equivalent offers, the provisions provide for a preference for European tenders and tenders covered by EU's international obligations. In practice, this possibility has rarely been used.
In Slovenia, the Directive has been transposed with the Public Procurement Law (ZJN-3).

Art. 7 of the Slovenian Public Procurement Act provides that mutual recognition should be taken into account to grant equal treatment in public procurement procedures. Furthermore, Art. 11 stipulates that all economic operators from third countries shall be accorded the same treatment as economic operators from the EU only for the award of a contract which is covered by the WTO Government Procurement Agreement or by another binding agreement of the European Union or the Republic of Slovenia.

It is reported that a lack of transparency in Slovenian public procurement processes continues to be a barrier to the participation of foreign firms, which is also caused by complexities in bid preparation due to short timeframes and complex documentation. In addition, some stakeholders claim that the Slovenian National Revision Commission carries out a quasi-judicial control reviewing disputed public procurement cases whose decisions are not subject to judicial appeal.

The Investment Promotion Act, applicable to both foreign and domestic investors, does not impose any specific restrictions on foreign ownership or control on sectors relevant for digital trade.

The Investment Promotion Act, as amended by the Act on Amendments and Additions to the Investment Promotion Act (Slovenian FDI Control Rules), supersedes the temporary FDI framework previously established under the Act defining intervention measures to mitigate and address the impacts of the COVID-19 pandemic (Official Gazette of the Republic of Slovenia, No. 80/20). Under the revised Art. 31 of the Investment Promotion Act, foreign acquisitions in "critical sectors" that meet specific criteria are required to be notified to and reviewed by a Notification Commission established by the Ministry of the Economy, Tourism, and Sport. These criteria include: (i) direct or indirect acquisitions of at least 10% of the share capital or voting rights of a corporate entity registered in Slovenia, and (ii) investments in tangible or intangible assets for the establishment of a new corporate entity in Slovenia, where the foreign investor acquires, directly or indirectly, at least 10% of the share capital or voting rights of the newly established entity.
Art. 31.c of the law specifies that sectors and activities of special focus include: (i) critical physical or virtual infrastructure, such as communications, media, and data processing or storage; (ii) critical technologies and dual-use products, including artificial intelligence, semiconductors, and cybersecurity; and (iii) information and communications technology.d

Although there is no discrimination against foreign companies based on the principle of reciprocity, foreign patent applicants have to act before the Slovenian Intellectual Property Office through a patent agent, and the submission of information has to be carried out in Slovenian. A substantial examination is not required by the Slovenian Intellectual Property Office, which shall base its examination mainly on formal requirements.

In 2021, the Romanian government approved Law No. 163 of 11 June 2021 on the adoption of measures on information and communication infrastructures of national interest and conditions for the deployment of 5G networks, requiring suppliers to have approval from the Supreme Council of National Defence (CSAT) to sell 5G equipment (Art. 3). The legislation states that equipment from untrusted vendors must be replaced by 2026 (core network) and 2028 (RAN equipment). To provide 5G equipment in Romanian mobile networks after 2026 (Core) / 2028 (RAN), the vendor must apply to the Supreme Council of National Defence (CSAT) for approval. It is reported that from 2021 until 2024, Huawei chose not to apply for such a permit. Given that Huawei has not received CSAT approval, Romanian telecom companies would have to remove all Huawei products from their networks within five to seven years, and the major Chinese firm is excluded from taking part in the development of the 5G network.

The Consumer Rights Directive 2011/83/EU provides an updated framework aimed at encouraging online sales. The Directive has been implemented by Law No. 363/2007 on unfair commercial practices of traders in relation to consumers and harmonising the regulations with the European legislation on consumer protection.

Romania has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

Romania has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.

Romania has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

The European Union General Data Protection Regulation (GDPR) provides a comprehensive framework for data protection that applies to all EU Member States. The GDPR was implemented in Romania in 2018 through the Law No. 190/2018 Implementing the General Data Protection Regulation (Regulation (EU) 2016/679).

The Directive 2000/31/EC (E-Commerce Directive) is the legal basis governing the liability of Internet Services Providers (ISPs) in the EU Member States and includes a conditional safe harbour. Not all Member States have transposed the relevant articles consistently, leading to divergent national case law that could cause legal insecurity on an EU level.
The national transposition by Romania of Directive 2000/31/EC has been carried out through the E-commerce Act. Arts. 11-15 of the law outlines the liability scheme for internet intermediaries. The law largely follows the European Union E-Commerce 'safe harbours' model, immunising intermediaries when they act as a mere conduit or when they cache or host material. Intermediaries remain liable if they are the originators of the information, if they modify the information or if they are aware of the infringing nature of the information. While there is no general monitoring duty imposed on intermediaries, once they are made aware of the infringing content, they must remove it from their platform' rapidly. Art. 16 further provides that the legal remedy brought against these intermediaries is either a take-down or a blocking order (both temporary and permanent injunctive remedies are permitted).
The law differs from the EU model in two primary respects. The law does not use the term ‘internet intermediary’; instead, it identifies specific types of ‘service provider[s]’, suggesting a more nuanced view of the online environment. This enables the law to go further than the EU E-Commerce Directive. Specifically, Art. 15 explicitly extends the internet intermediary liability protection to search engines, which are not considered in the EU directive. Search engines are similarly liable if they fail to block illegal content once they have been made aware of it.