Cuba is not a signatory of the 1996 World Trade Organization (WTO) Information Technology Agreement (ITA) nor the 2015 expansion (ITA II).

Costa Rica has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.

Costa Rica has adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

Law No. 7472 for the Promotion of Competition and Effective Consumer Defence, passed in 1994, provides a comprehensive framework for consumer protection that also applies to online transactions. This law structures the legal and institutional framework for protecting consumer rights and replaced ex-ante control and pricing with an ex-post monitoring system. In addition, Chapter X of Regulation No. 37899-MEIC regulates consumer protection specifically in the context of electronic commerce.

Costa Rica has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

Costa Rica does not implement any de minimis threshold, which is the minimum value of goods below which customs do not charge duties.

It is reported that Costa Rica’s telecommunications regulator, the Superintendencia de Telecomunicaciones (SUTEL), mandates retesting and recertification of mobile handset hardware subsequent to every software or firmware update. While SUTEL has reduced costs and streamlined procedures for testing and certification, this procedure is reported as burdensome and is not required by any other regulator worldwide. Since 2015, SUTEL also requires that each model has its own certificate, while previously family approvals were allowed. Any difference between models, such as color, hardware, or software, requires separate Type Approval certificates.

For the conformity assessment, the equipment has to be submitted to certification bodies recognized by the regulator for certification. The SUTEL (Superintendencia de Telecomunicaciones) recognizes the FCC or CE certificates. It is reported that an accreditation system has not been implemented in Costa Rica due to the lack of adequate laboratory equipment and funding. The Institute of Technological Norms of Costa Rica (Instituto de Normas Técnicas, INTECO) is the only entity accredited in Costa Rica that can certify that companies are following standards-related requirements. According to Section 6 of RCS-358-2018, an expert accredited by SUTEL performs the tests of mobile telecommunications terminals in accordance with the homologation test protocol. The following products need to be tested: cell phone Trackers, RFID WiFi (802.11a/b/g/n/ac), and Bluetooth modules.

Art. 53 of the Regulation on the Regime for the Protection of the End User of Telecommunications Services obliges telecommunications operators and service providers to verify the authenticity of the data provided by the client when subscribing services. If they find that the information submitted for the subscription of services is altered or falsified, they must refuse to sign the contract for the services requested.

The safe harbor regime found in the Executive Decree No. 36,880 only applies to intermediary liability related to copyright infringement, therefore the country lacks a safe harbor regime that goes beyond copyright infringement.

According to the General Regulations for Data Update of Prepayment Mobile Users, users of prepayment mobiles subscriptions must validate their identity. Mobile Network Operators (MNOs) are required to collect and record a user’s personal information and proof-of-identity documentation. It has been reported that it is mandatory for MNOs to share their customers’ full or partial registration profiles with the government upon request.

Costa Rica has a safe harbour regime in place for intermediaries for copyright infringements. Executive Decree No. 36,880 implements Art. 15.11.27 of the Central America-Dominican Republic Free Trade Agreement (CAFTA-DR) establishing limitations on liability for service providers for copyright only. Pursuant to the Decree, users who believe their rights have been violated should communicate to the service provider, which has 15 days to take down the content. Takedowns can also occur through a judicial order. The system has been criticized for ambiguity, as the limited intermediary liability applies to service providers who voluntarily abide by the rule.

Data privacy regulation in Costa Rica is contained in two laws:
- Law No. 7975, the Undisclosed Information Law, which makes it a crime to disclose confidential and/or personal information without authorization;
- Law No. 8968, Protection in the Handling of the Personal Data of Individuals together with its by-laws, which were enacted to regulate the activities of companies that administer databases containing personal information.The latter contains the authorization of PRODHAB ("Agencia de Protección de Datos de los Habitantes"), the Data Protection Agency of the inhabitants.

Art. 14 of the Law Governing Personal Data and Art. 40 of the Executive Decree require data controllers to be registered in the Inhabitants Data Protection Agency (PRODHAB), to obtain consent from the data subject in order to transfer personal data to another country. Moreover, the transfer must ensure that, where personal data is transferred to any other country, adequate levels of protection of the data subject's rights in connection with processing their personal data are provided. However, when personal data is transferred to a data processor for processing purposes only (i.e. the processor does not become a data controller), or is moved between companies of the same economic interest group, or to companies under joint control, the transfer of data to the data processor does not constitute a transfer under the Law and it is not necessary to obtain the data subject's consent (Art. 8 of the Decree).