Chad has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.

Chad has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

Chad has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

Cryptographic services are under the authority of the National Agency for Computer Security and eCertification (ANSICE). Provision of cryptographic services without licensing, registration or authorisation is a criminal offence under section V of Law No. 009/PR/2015 on Cybersecurity and Cybercrime, punishable by fines in the range of approx. USD 1,830 to 18,300, and/or imprisonment of between one and five years.

According to Order No. 036/MPTIC/SG/2011, specifying rules and procedures for approving telecommunications terminal equipment is subject to obtaining approval issued by the Chadian Telecommunications Regulatory Office (OTRT) (Arts 4(a) and 12(a)).

The regime of approval of telecommunications equipment is set out in Order No. 036/MPTIC/SG. Art. 16 establishes that the Office Tchadien de Régulation des Télécommunications (OTRT, Chadian Office of Telecommunications Regulation) - which has now become the Autorité de Régulation des Communications Électroniques et des Postes (ARCEP, Regulatory Authority for Electronic Communications and Posts) - determines the procedure for the approval of equipment and national and international labouratories, as well as the conditions for the recognition of standards and specialisations and techniques. ARCEP may accept test reports or certificates of conformity from approved bodies in foreign countries.

According to the Instruction No. 8/GR/2019 issued by the Governor of the Bank of Central African States to facilitate the interpretation and implementation of the Economic and Monetary Community of Central Africa (CEMAC) Regulation 02/18/CEMAC/UMAC/CM, there is a limit of 1 million XAF (approx. USD 1,700) per month and per person for the remote settlement of transactions, including online payments. According to Arts. 7-8, justification needs to be provided above this limit. The Instruction provides guidance on the provision of Art. 34 of the Regulation, which implements certain limits for using electronic payment instruments outside the CEMAC and applies to the six CEMAC member states, including Chad.

It is reported that the de minimis threshold, that is the minimum value of goods below which customs do not charge duties, is USD 20, below the 200 USD threshold recommended by the International Chamber of Commerce (ICC).

Law No. 08/PR/2015 concerning electronic transactions and the Consumer Protection Law provide a comprehensive consumer protection framework that applies to online transactions.

Processing of special categories of data (including sensitive data) is prohibited unless consent of the data subject is obtained (Chapter V of Law No. 007/PR/2015 on the Protection of Personal Data). According to Art. 52, authorisation of the "Agence Nationale de Sécurité Informatique et de Certification Électronique" (ANSICE) is mandated to process this data. It is not clear how this requirement affects the capacity of companies to transfer data across borders.

Art. 29 of Law No. 007/PR/2015 on the Protection of Personal Data prohibits the transfer of personal data to a country that is not a member of the Economic and Monetary Community of Central Africa (CEMAC) or the Economic Community of Central African States (ECCAS) unless that state ensures a sufficient level of protection of the privacy, freedoms and fundamental rights of individuals. Certain exceptions apply (Arts. 30-33). Before any transfer of personal data abroad, it is required that the data controller informs the regulatory authority, the National Agency for Information Security and Electronic Certification (ANSICE).

Chad has not joined any free trade agreement committing to open transfers of cross-border data flows.

Law Law No. 007/PR/2015 on the Protection of Personal Data provides a comprehensive regime of data protection in Chad. The Law encompasses various aspects, including general notifications related to data processing, the rights of data subjects, security obligations, and contractual requirements for data controllers and processors. Additionally, relevant regulations can be found in Decree No. 075/PR/2019, which implements the provisions of Law No. 007/PR/2015, as well as in Law No. 008/PR/2015 concerning electronic transactions, and Law No. 009/PR/ on cybersecurity and cybercrime.

Art. 61 of Law No. 009 of 2015 on Cybersecurity and Cybercrime mandates operators of information systems to retain connection and traffic data for ten years. According to Art. 4, an information system means any isolated device or set of interconnected or related devices, ensuring by itself or by one or more of its elements, according to a program, an automated data processing. This is despite the sub-regional legislation of CEMAC, to which Chad belongs, providing for a maximum duration of two years, during which the States can allow operators to keep traffic data for security reasons.

Art. 51 of Law No. 009 of 2015 on Cybersecurity and Cybercrime mandates communications service providers to retain data that enables the identification of any person who contributed to content creation in services they provide for ten years. According to Art. 4, a communication service is a service consisting entirely or mainly of the provision of electronic communications, excluding the contents of audiovisual communication services). This is despite the sub-regional legislation of CEMAC, to which Chad belongs, providing for a maximum duration of two years, during which the States can allow operators to keep traffic data for security reasons.