According to Art. 7 of Decree No. 2,025, the export of smartphones/mobile phones is prohibited, with some exceptions:
- Export is allowed if travelers carry the phones when leaving the national territory as personal possession (and no more than three units);
- In the case of temporary export (as regulated in Art. 289 of Decree No. 2,685);
- In case of definitive export (as regulated in Decree No. 1,165 of 2019, Art. 774), when they are considered waste electrical or electronic equipment;
- When the export of smartphones/mobile phones originates in a free zone within Colombia and the products are transformed, assembled, stored, repaired or serviced by free zone users.

In addition, Art. 4 of Decree No. 2,142 modified Art. 7 of Decree No. 2,025 (chapter II), but export conditions for mobile phones remain in place.

According to Art. Art. 33 of Law 182, as modified by Art. 4 of Law 680, the main digital television channel of a digital multiplex must comply with the percentages of national production programming established. The minimum percentages of national production programming are:
- National channels: From 7:00 p.m. to 10:30 p.m., 70% of the programming will be national production. From 10:30 p.m. to 12:00 a.m., 50% of the programming will be nationally produced. From 12:00 a.m. to 10:00 a.m., 100% of the programming will be free. From 10:00 a.m. to 7:00 p.m., 50% will be nationally produced programming. On Saturdays, Sundays and holidays the percentage is: 50% in triple A hours;
- Regional channels and local stations: the emission of programming of national production must be 50% of the total programming.
It is not clear whether this applies also online.

Article 2.2.19.3 of Decree No. 681 on national audiovisual work for users in Colombia, which implements Art. 154 of the National Development Plan 2018-2022, requires video-on-demand (VOD) platforms that operate in Colombia (such as Amazon Prime, Netflix, HBO, among others) to create an exclusive section that highlights and compiles audiovisual works of Colombian origin.

It is reported that Decree No. 2,025 creates burdensome restrictions and administrative requirements for trade in mobile phones. The Decree establishes measures to control the import and export of intelligent mobile phones, cellular mobile phones, and their parts, susceptible to classification under Customs Tariff subheading 8517.12.00.00 and 8517.70.00.00, as part of its strategy to address the theft of mobile phones.

Chapter I of Decree No. 2,025 establishes the import conditions of mobile phones. According to Art. 3, mobile phones whose IMEI (International Mobile Equipment Identity) is registered in the databases referred to in Art. 106 of No. Law 1,453 of 2011 may not be imported. But, importation is permitted if: (a) it is an IMEI reported in the positive database, (ii) in the case of import in compliance with a guarantee or (iii) the re-import of previously exported phones. Also, intelligent mobiles can be imported if the travelers carry them when entering the national territory as a personal possession (and no more than three units). Importation is also allowed under the modality of postal traffic and urgent shipments, if it is just one mobile/intelligent phone that fulfills customs regulations."

Colombia's slow customs clearance procedures are reportedly hampering import and export activities. In addition, there have been reports that Colombia has experienced significant delays in implementing crucial customs reforms that would allow traders to submit copies of invoices electronically instead of physical documents.

The External Circular No. 002 establishes labeling requirements that producers, suppliers, or retailers of mobile devices must follow to indicate the cellular network (2G, 3G, 4G, etc.) that the mobile device supports. There are reports of concerns about the unusually large font size labeling requirements required by the Circular may be overly burdensome, and do not take into account the size of cell phone packaging.

According to Resolution No. 912, telecom subscribers must provide to telecom concessionaires: name, address, contact number and ID number. This database is duplicated by the police. Telecommunications service providers authorized to operate must “allow remote queries” to subscriber’s data “via web through VPN” which must contain the following information: complete names or registered corporate or trade name; Identification number and type or tax identification (for legal entities); address; Telephone number; City of residence; Mobile number or fixed line number; “ID and FLOTA number” if any; Activation date. In case of changes, telecommunications service providers must send updates to DIJIN ("Dirección de Investigación Criminal e INTERPOL de la Policía Nacional") every month (Art. 1 and Annex I).

Decree No. 1,630, of May 2011, creates a national registry of mobile phones, through the adoption of two databases. The negative database contains the IMEI (International Mobile Equipment Identity) of the devices that have been reported as stolen or lost, both in Colombia and abroad, while the positive database includes the mobile equipment imported or legally manufactured in Colombian territory. The latter connects the IMEI with the identity of the user, who is required to provide the telecommunication operators (or mobile telecommunications networks and services providers) with their full name, type and identity document number, address and telephone number. Although there is no mandatory registration of SIM cards, the IMEIs are associated with a specific user. Art. 5 of Decree No. 1,630 states that telecommunications providers must bear the costs of the system that supports the positive and negative databases, which must be managed by an independent legal entity and should guarantee the quality of the service. More regulation on the databases is contained in Resolution No. 3,128.

A basic legal framework on intermediary liability beyond copyright infringement is absent in Colombia's law and jurisprudence. The liability regime for damages applicable to Internet intermediaries in Colombia is the same as that generally applied to any other activity, that is a regime of subjective civil liability, since the law does not provide for a presumption of fault (or objective) for intermediaries.

A basic legal framework on intermediary liability beyond copyright infringement is absent in Colombia's law and jurisprudence. The liability regime for damages applicable to Internet intermediaries in Colombia is the same as that generally applied to any other activity, that is a regime of subjective civil liability, since the law does not provide for a presumption of fault (or objective) for intermediaries.

According to Art. 23 of Decree 1,377, controllers and processors should appoint a person or function within the company that assumes responsibility for the protection of personal data, tasked with reviewing and solving claims made by data subjects. Furthermore, title VI of Law No. 1,581 establishes the duties of those responsible for data treatment and in charge of data treatment.

The country has two main instruments regulating data protection, Law No. 1,581 and Decree No. 1,377. Law No. 1,581 establishes the guiding principles of data protection (such as finality, transparency, and confidentiality). Decree No. 1,377 complements and modifies Law No. 1,581.
Law No. 1,266 developed the habeas data, particularly regarding financial, credit, commercial, services, and third countries information.

Pursuant to Art. 4 of Decree No. 1,704, telecommunications providers must keep and store for a period of five years subscribers' personal information, such as identity, billing address, connection type. This information must be available to the Attorney General or any competent authority in the context of a criminal investigation.

Art. 5 of Law No. 1,266 establishes a rule on international data transfers as carried out by data bank operators. The transfer is permitted to other data operators when there is authorization from the data subject; or when the destination database has the same purpose as the operator that delivers the data.

If the receiver of the data is a foreign data bank, the delivery without authorization must be done with a written record and due verification by the operator that the laws of the recipient of the information offer guarantees for the protection of the rights of the data subject.

According to Art. 13.11 of the First Amending Protocol (which amends the Additional Protocol to the Framework Agreement of the Pacific Alliance), the four parties (Chile, Colombia, Peru and Mexico) commit to allow cross-border information transfers through electronic means, including also the transfer of personal data for business activities. Moreover, in Art. 13.11.bis the parties commit to ban forced localisation of computer facilities in their national territories.