The new Privacy Act 2020, which entered into force in December 2020, creates a conditional flow regime. Information Privacy Principle 12 in Section 22 of the Act governs cross-border data transfer. A business or organisation may only disclose personal information to another organisation outside New Zealand if the receiving organisation:
- is subject to the Privacy Act because they do business in New Zealand;
- is subject to privacy laws that provide comparable safeguards to the Privacy Act - or they agree to protect the information in such a way (e.g., by using model contract clauses), or
- is covered by a binding scheme or is subject to the privacy laws of a country prescribed by the New Zealand Government.
If none of these conditions is satisfied, a business may only make a cross-border disclosure with the permission of the data subject.
This regime does not apply to an overseas organisation that holds or processes on the business's behalf (e.g., cloud service providers).
Still, despite the IPP 12, a business may make a cross-border disclosure in urgent circumstances where it is necessary to maintain public health or safety or for the maintenance of the law.
This regime does not affect or limit other New Zealand law that regulates the availability of personal information (Section 24).

New Zealand is a party to the Patent Cooperation Treaty (PCT).

The country has a clear regime under the Copyright Act 1994 of copyright exceptions that follows the fair dealing model, which enables the lawful use of copyrighted work by others without obtaining permission. Sections 40-92 list the exceptions which include the use for purposes of criticism, review and news reporting (Section 42), the purposes of research or private study (Section 43), educational purposes (Sections 44 to 48), copying by librarians or archivists (Sections 51 to 56), public administration (Sections 58-66), literary, dramatic, musical, or artistic works (Sections 67 to 78), computer programs, sound recordings, and films (Sections 79 to 81A), communication works (Sections 82 to 91), and adaptations (Sections 92-93).

New Zealand has ratified the World Intellectual Property Organization (WIPO) Copyright Treaty.

New Zealand has ratified the World Intellectual Property Organization (WIPO) Performances and Phonograms Treaty.

Trade secrets are not statutorily protected under New Zealand civil law, but they may be protected by contract and through a common law breach of confidence action. Under Section 230 of the Crimes Act 1961, misappropriation of a trade secret, with the intent to obtain a financial or economic advantage or to cause loss to another, is a crime punishable by up to five years in prison. In addition, the crime of accessing a computer system for a dishonest purpose to obtain property may apply to digital files, which is punishable by up to seven years in prison (Section 249).

It is reported that there is no obligation for passive infrastructure sharing in New Zealand to deliver telecom services to end users. However, it is practised in both the mobile and fixed sectors based on commercial agreements.

It is reported that New Zealand does not mandate accounting separation for operators with significant market power (SMP) in the telecom market. However, Under the Telecommunications Act, functional separation is mandated for operators with significant market power.

Interconnection with and pricing to networks are regulated under Schedule 1 of the Telecommunications Act 2001. The 2011 amendments to the Telecommunications Act introduced information disclosure requirements for the companies building the ultrafast broadband fibre network and Chorus. The companies are required to meet annual reporting requirements, assurance requirements, certificates and statutory declarations, and data retention requirements.

The Telecommunications (Interception Capability and Security) Act 2013 creates upon a network operator 1) a duty to implement full interception capability (Section 9) and 2) a duty to assist a surveillance agency upon an inception warrant or any other lawful interception authority (Section 24). In order to comply with the assistance duty, a network operator must decrypt telecommunication on that operator’s public telecommunications network or telecommunications service "if (a) the content of that telecommunication has been encrypted; and (b) the network operator intercepting the telecommunication has provided that encryption."
However, this does not require a network operator to "(a) decrypt any telecommunication on that operator’s public telecommunications network or telecommunications service if the encryption has been provided by means of a product that is (i) supplied by a person other than the operator and is available to the public or (ii) supplied by the operator as an agent for that product; and (b) ensure that a surveillance agency has the ability to decrypt any telecommunication.
Nevertheless, the existence of these duties together practically means that network operators cannot design and implement end-to-end encryption. A joint communique called International Statement - End-to-End Encryption and Public Safety - expressed concern about the challenges that end-to-end encryption will pose to law enforcement but at the same time acknowledged privacy, cybersecurity, and intellectual property protection. The government' stated that it is committed to collaborating with the industry to develop "reasonable proposals" on this issue.

New Zealand has appended the World Trade Organization (WTO) Telecom Reference Paper to its schedule of commitments.

It has been reported that New Zealand lacks a telecommunications authority whose decision-making process is entirely independent of government influence. The Ministry of Business, Innovation and Employment (MBIE) is responsible for shaping the telecommunications regulatory framework, which includes establishing the rules governing the operations of telecommunications companies and ensuring product compliance. In addition, the New Zealand Commerce Commission plays a key role in overseeing competition within the telecommunications sector and regulating certain services. It holds the authority to recommend whether services should be regulated or deregulated. As an independent statutory body, the Commission is tasked with enforcing the Commerce Act and is primarily accountable to the Minister of Commerce and Consumer Affairs for its operational performance and outcomes. The Commission may also set terms and conditions, including pricing, for regulated services through Standard Terms Determinations. Furthermore, it possesses the power to mandate the availability of industry-wide services, such as number portability, impose information disclosure obligations, and implement structural remedies, including the separation of services. Although the Commerce Commission operates independently, the Minister for Communications retains the authority to accept or reject the Commission's recommendations on regulating or deregulating services. Additionally, the Minister may issue a "statement of economic policy," which the Commission is required to consider in its decision-making process.

Since its enactment in 1994, Section 22.2 of the Tax Administration Act 1994 has required certain classes of taxpayers to keep and retain specified records related to their tax liability in New Zealand for at least seven years unless an exception applies so that the Commissioner of Inland Revenue may assess the taxpayer's tax liability. Under Section 22.5, the Commissioner of Inland Revenue may extend three additional years for an additional audit or investigation. Taxpayers are exempt from the local storage requirements under Section 22(8)-(9) if authorised by the Commissioner of Inland Revenue. This requirement has been in place since its enactment in 1994.
Pursuant to this section, Revenue Alert 10/02, which was issued in 2010 by the Commissioner of Inland Revenue but did not reflect its final position, provides that "[t]taxpayers are responsible for ensuring they comply with their record-keeping obligations. Therefore, taxpayers using a cloud computing service will need to be satisfied that all their business records will be [also] stored in data centres located in New Zealand."

Since its enactment in 1985, Section 75 of the Goods and Services Tax Act 1985 has required registered entities to keep and retain specified tax-related records for at least seven years in New Zealand unless an exemption applies so that the Commissioner of Inland Revenue may assess the entity's goods and services tax liability. Under Section 75.5, which was inserted in 1992, the Commissioner of Inland Revenue may require taxpayers to retain such data for an additional period of 3 years in cases of a further audit or investigation. Taxpayers are also exempt from the local storage requirement if authorised by the Commissioner as long as the Commissioner imposes reasonable conditions under Section 75(6)-(7). This requirement has been in place since its enactment in 1985.
Pursuant to this section, Revenue Alert 10/02, which was issued in 2010 by the Commissioner of Inland Revenue but did not reflect its final position, provides that "[t]taxpayers are responsible for ensuring they comply with their record-keeping obligations. Therefore, taxpayers using a cloud computing service will need to be satisfied that all their business records will be [also] stored in data centres located in New Zealand."

New Zealand maintains specific limitations on foreign investment in key state-owned companies, including the telecommunications sector. In 2011, Chorus, a major telecommunication infrastructure company, was demerged from a network provider, Spark New Zealand Limited (Spark). Chorus’s constitution states that foreign investments exceeding 49.9% in national telecommunication companies require approval.