The United Kingdom is a signatory of the World Trade Organization (WTO) Information Technology Agreement (ITA) of 1996 and its 2015 expansion (ITA II).

The Telecommunications Security Act 2021 gives the UK government the power to remove high-security risk vendors from the UK telecommunications infrastructure. The Act specifically bans new purchases of equipment from Chinese telecommunications company Huawei and mandates the removal of all Huawei equipment from the 5G network by 2027. Moreover, according to the UK's Office of Communications (Ofcom), the Act "allows the government to set out specific security requirements that providers must meet. This will include making sure telecoms providers securely design, construct and maintain network equipment that handles sensitive data; reduce supply chain risks; carefully control access to sensitive parts of the network; and make sure the right processes are in place to understand the risks facing their public networks and services." The Electronic Communications (Security Measures) Regulations 2022 supplements the Act, providing 16 regulations that further detail security measures expected to be put in place by network or service providers, ranging from securely designing and maintaining their public network to helping their third-party suppliers to identify and reduce risks of security compromise.

In March 2023, the United Kingdom’s Cabinet Office banned TikTok from government-issued mobile devices, citing cybersecurity concerns. According to Cabinet Office Minister Oliver Dowden, the measure was a precautionary step aimed at protecting sensitive government data, and it took effect immediately for devices used by ministers and civil servants. The restriction applies strictly to official devices and does not extend to personal phones. These actions align the U.K. with other Western governments implementing similar restrictions on the Chinese-owned platform.

All government bodies must comply with Open Standards Principles for software interoperability data and document formats in government IT, and they must apply for an exemption if they do not comply with these requirements. Additionally, the Government has mandated a preference for using open-source software for future developments and has issued a manual that lays out the standards that must be used for all new digital public services developed across the British central governmental administration. Principle 12 of the Government Digital Service (GDS) Service Standard states: "Make all new source code open and reusable, and publish it under appropriate licences. Or if this is not possible, provide a convincing explanation of why this cannot be done for specific subsets of the source code."

Section 39 of the Small Business, Enterprise and Employment Act 2015 (SBEE) gives the Minister for the Cabinet Office or relevant Secretary of State the power to impose regulations on public procurement in order to meet the goal of increasing government spending with SMEs (the goal moved from 25% in 2015 to 33% in 2020).

Federal Law No. 15/2020 concerning Consumer Protection, its Executive Regulation, and Federal Decree-Law No. 14/2023 on Trading by Modern Technological Means provide a comprehensive framework for consumer protection that also applies to online transactions.

The United Arab Emirates has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

The United Arab Emirates enacted the Federal Law No. 1 of 2006 on Electronic Commerce and Transactions, drawing upon the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce. This legislation was subsequently superseded by the Federal Decree by Law No. 46 of 2021 on Electronic Transactions and Trust Services.

The United Arab Emirates has adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

Under Section 1 of the Telecommunications Equipment Type Approval Regime, the authorisation of telecommunications equipment is determined by its potential impact on safety, electromagnetic compatibility (EMC), and the efficient use of radio spectrum. Section 4.1 introduces a three-tier compliance framework based on risk and technical complexity. Level 1, applicable to low-risk devices such as short-range devices (SRDs), NFC, RFID, bluetooth, and Wi-Fi-only tablets, relies on a supplier’s declaration of conformity (SDoC) in accordance with ISO/IEC 17050-1:2004. Level 2, covering medium-risk equipment such as GPS trackers, SIM-based radios, and modems, requires proof of conformity through International Laboratory Accreditation Cooperation (ILAC)-accredited test reports or certificates from Telecommunications and Digital Government Regulatory Authority (TDRA)-recognised entities. Where such evidence is unavailable, TDRA may mandate additional testing at the applicant’s expense. Level 3, reserved for high-risk equipment such as mobile phones, demands test reports from recognised laboratories and supplementary testing at TDRA’s national laboratory, alongside submission of product samples.
Sections 4.15 and 4.16 outline the acceptance of external conformity evidence. Under Section 4.15, the TDRA recognises technical test reports from laboratories accredited to ISO/IEC 17025 by ILAC members and reports submitted under mutual recognition agreements (MRAs). Section 4.16 extends recognition to type approval certificates issued by certification bodies accredited to ISO/IEC 17065 by International Accreditation Forum (IAF) members or appointed under MRAs.

According to Section 7.11 of the Internet of Things (IoT) Regulatory Policy, IoT service providers are required to use an encryption standard that fulfills requirements of the competent UAE authorities. In instances where an IoT Service Provider uses or intends to use an encryption standard higher than the approved one, the loT Service Provider shall seek an explicit case-by-case approval from the Digital Government Regulatory Authority (TDRA).

According to Art. 5 of the Federal Decree-Law No. 14 of 2023 Concerning Modern Technology-Based Trade, one of the requirements for engaging in “modern technology-based trade”- defined as the sale and purchase of goods, services, and related data through technological platforms or modern technology, including websites, e-platforms, smart applications, electronic or digital commerce, and social media platforms - is the obligation to obtain the necessary approvals, permits, and licences from the competent authority.
As indicated on the UAE Government portal, establishing an online business on the UAE mainland requires an application to the Department of Economic Development (DED) in the relevant emirate. In addition, all eTrade licences must be approved by the Telecommunications and Digital Government Regulatory Authority (TDRA), which regulates the e-commerce framework and transactions at the federal level. The portal also highlights emirate-specific licensing schemes, including the eCommerce licence in Abu Dhabi (introduced in 2017), the eTrader licence in Dubai, and the Eitimad domestic licence in Sharjah.

It is reported that the de minimis threshold, that is the minimum value of goods below which customs do not charge duties, is AED 1,000 (approx. USD 270).

According to Section 7 of the Internet of Things (IoT) Regulatory Policy, IoT service providers are required to register with the Telecommunications and Digital Government Regulatory Authority (TDRA) and obtain an IoT Service Provider registration certificate. As a prerequisite, providers must establish a local presence in the UAE or appoint an authorised representative who is physically based in the country and responsible for liaising with the TDRA and other law enforcement agencies. The Regulatory Procedure for Internet of Things (IoT) further specifies the application and approval process.