Fiji is not a party to the World Trade Organization (WTO) Agreement on Government Procurement (GPA), nor does it have observer status.

Fiji’s foreign investment regime is governed by the Investment Act 2021, which establishes an open investment framework. According to Art. 10 of the Act, investors are free to invest in all sectors and regions in Fiji.

According to Art. 7 of the Investment Act 2021, the minister responsible for investment may prohibit a foreign direct investment for the protection of national security interests. A foreign investor intending to invest in a sector that may have potential effects on, inter alia (i) critical infrastructure such as energy, transport, communications, data storage or financial infrastructure; (ii) critical technologies such as artificial intelligence, robotics, semiconductors, technology with potential dual use application, cyber security; (iii) the security of supply of critical inputs; or (iv) access to sensitive information or the ability to control sensitive information, must submit a proposal of the investment to the Minister for an approval to invest in that sector.
According to reports, the Investment Regulation 2022 outline a detailed process for the prior screening system. However, the full legal text is not currently available online.

According to Art. 5 of the Investment Act 2021, the minister responsible for investment, with the approval of Cabinet and following consultations with relevant stakeholders, must prescribe by regulation a comprehensive and exclusive list of reserved and restricted activities. In the case of restricted activities, the regulation may establish a minimum investment threshold, an ownership ceiling, whether general or activity-specific, or any other measure considered effective in achieving its intended objective.
Pursuant to Section 3 of the Investment (Reserved and Restricted Activities) Regulation 2022, the minimum capital requirement for foreign investment is set at FJD 300,000 (approx. USD 134,000). However, certain activities listed under Schedule 1 of the restricted activities are subject to higher thresholds. The current version of the Schedule 1 does not include any activity related to digital trade.

Fiji is not a party to the Patent Cooperation Treaty (PCT).

The Law on Consumer Rights provides a comprehensive framework for consumer protection that also applies to online transactions. Arts. 4(d), 10, and 12 include provisions for the protection of e-consumers.

Georgia has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

Georgia has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.

Georgia has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

According to Art. 5 of the Law of Georgia on the Control of Military and Dual-Use Goods, the export of "Dual-Purpose Products" included in the "control lists" outlined in Art. 2(p) is carried out on the basis of an export permit issued in accordance with the Law of Georgia on Licences and Permits, as specified in its Art. 24. Dual-purpose products, as defined in Art. 2(m), include computer software and technologies that serve both civil and military purposes.
The control list, detailed in the Government of Georgia's Resolution No. 394 on the Approval of Lists of Military and Dual-Purpose Products, includes semiconductor photocathodes, electro-optical converters, optical fibre, and optical fibre connectors, among other products. Additionally, Section 21 of Resolution No. 394 provides specific information about the types of software that fall under the licensing regime.

Self-certification is permitted for radio transmission, electromagnetic interference (EMI), and electromagnetic compatibility (EMC). Foreign companies are authorised to self-certify compliance with these standards through a Supplier Declaration of Conformity (SDoC). The registration of the equipment with the regulatory authority is not required, nor is testing by an accredited laboratory mandatory. In cases where testing is conducted, the selection of the testing laboratory is at the discretion of the supplier or manufacturer.

According to Art. 185 of the Customs Code of Georgia, the importation of goods whose total value does not exceed the threshold of GEL 300 (approx. USD 111), with the exception of alcoholic products, perfumes, toilet water, tobacco and tobacco products, are exempt from import duties. This threshold is lower than the USD 200 threshold recommended by the International Chamber of Commerce (ICC).

Law No. 3144 provides a comprehensive regime of data protection in Georgia. The Law aims to bring Georgian legislation on personal data protection into closer alignment with the EU General Data Protection Regulation (GDPR) by establishing obligations such as the appointment of a data protection officer (DPO) and the conducting of a data protection impact assessment (DPIA), as well as requirements regarding data breach notifications, data subject rights, and international data transfers. Law No. 3144 superseded the Data Protection Act of 2011 (No. 5669), with effect starting from June 2024.

Art. 7 of Resolution No. 3 of the Georgian National Communications Commission "Regulations on the Rules of Provision of Services and Protection of Consumer Rights in the Sphere of Electronic Communications" addresses the information concerning the user that the service provider retains. The service provider must safeguard the following categories of user information for a period of four years: (a) the user's identification and contact details; (b) data related to the equipment or devices transferred to or used by the subscriber; (c) agreements or transactions related to service delivery; (d) payment information; (e) details of services received or provided, including a comprehensive record of incoming and outgoing telephone communications. Art. 3 defines a service provider as an operator of an electronic communications network or an authorised person who has access to the relevant elements or resources thereof and intends to, or is engaged in, provide electronic communication services through the elements or resources of the said network.
An article concerning the information retained by service providers about consumers has been included in the Regulations since its initial version. However, it was originally listed as Art. 5, and there were some variations in the specific data categories and the duration of data retention.

Art. 31 of Law No. 3144 requires data controllers to conduct data protection impact assessments (DPIAs) in cases where there is a high probability of threat of violation of fundamental human rights and freedoms during data processing, taking into account new technologies, categories, the volume of data, and the purposes and means of data processing. In addition, a DPIA is mandatory if the data controller : (i) makes decisions in a fully automated manner, including on the basis of profiling, which may have legal, financial, or other significant consequences for a data subject; (ii) processes data of a special category of a large number of data subjects; or (iii) carries out systematic and large-scale monitoring of data subjects' behaviour in places of public gathering. In the case of a substantial change in data processing, the controller is obliged to update the DPIA report and keep it for the entire period of data processing and for at least one year after termination of processing.