Under Art. 2 of Federal Law No. 57, foreign states, international organisations, and entities under their control — including those established in Russia — are prohibited from entering into transactions that would grant them a majority interest in business entities deemed strategically important for national defence and state security. Consequently, foreign state-controlled investors are restricted from acquiring more than 50% of shares or majority voting rights in such companies.
According to Art. 6 of the law business strategically important for national defence and state security include those involved in the development and production of encryption tools, maintenance of cryptographic systems, and provision of encryption services, as well as activities such as detecting covert information-gathering devices.

The Law on Mass Media, initially enacted in 1991 and subsequently amended multiple times, underwent significant revisions in January 2016 concerning foreign ownership regulations. According to Art. 19-1, foreign entities such as foreign states, international organisations, entities under their control, foreign legal entities, Russian legal entities with foreign participation, foreign citizens, stateless persons, and Russian citizens holding dual citizenship are prohibited from acting as founders or participants of mass media organisations, editorial offices of mass media, or entities engaged in broadcasting. Additionally, Art. 19-1 prohibits direct or indirect possession, management, or control by the aforementioned foreign entities or individuals of more than 20% of shares in the authorised capital of entities involved in mass media or broadcasting activities. This has led to large-scale redistribution of property in the media market and the departure from Russia of a number of major international publishers (e.g. Finnish Sanoma, Axel Springer, the German, the American Dow Jones and FT Group). Other foreign shareholders in the Russian media either reduced their stakes in Russian media or re-registered their ownership in the Russian jurisdiction.

According to Art. 6 of Federal Law No. 160-FZ (amended in 2017), transactions involving Russian business entities by foreign investors require prior approval under Art. 57 of Federal Law No. 57 on "Procedures for Foreign Investments in Companies Having Strategic Importance for National Security and Defence". This law aims to safeguard national defence and security interests. Following the 2017 amendments, the Government Commission for Control over Foreign Investments, as outlined in Art. 12 of Federal Law No. 57, has the authority to impose additional conditions on foreign investors seeking approval for transactions deemed critical to protect national defence and state security.

Arts. 6 and 7 of Federal Law No. 57-FZ specify that preliminary approval is required for certain transations related to the acquisition of shares in entities deemed of strategic importance. These entities include companies involved in the development and production of encryption tools, maintenance of cryptographic systems, and provision of encryption services.
Additionally, pursuant to Art. 14 of Federal Law No. 57-FZ and the Resolution of the Government of the Russian Federation No. 795, foreign investors must notify the Federal Antimonopoly Service (FAS) of any transaction enabling the acquisition of 5% or more of shares or interests in such strategic entities. This notification must be submitted within 45 days of the transaction's closure.

Russia is a signatory of the World Trade Organization (WTO) Information Technology Agreement (ITA) of 1996 but is not a signatory of its 2015 expansion (ITA II).

Kyrgyz Republic has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

Art. 15 of Law on Licensing System in the Kyrgyz Republic outlines that licenses are required for certain activities and operations specified by law including the following:
- Foreign currency exchange services;
- Payment intermediary services using IT-based and electronic payment systems;
- Acceptance, processing, and issuance of financial information (processing and clearing services) relating to payments and settlements between third parties and participants of the payment system of a given processing or clearing center.

It is reported that the de minimis threshold, that is the minimum value of goods below which customs do not charge duties, is 18,700 KGS (approx. USD 200).

Kyrgyz Republic lacks a comprehensive framework for consumer protection that applies to online transactions.

Kyrgyz Republic has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

Kyrgyz Republic has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.

Law No. 58 on Personal Information provides a comprehensive regime of data protection in the Kyrgyz Republic. The Law provides general requirements for data controllers and processors. There is not yet a data protection authority and thus there has yet to be any enforcement action related to the data protection or further guidance on compliance.

Section 15 of the "Instruction on the Procedure for Interaction of Telecommunication Operators and Mobile Cellular Operators with State Bodies of the Kyrgyz Republic Carrying Out Operational-Search Activities" requires ISPs and mobile service providers to store subscribers’ metadata for up to three years.

Section 15 of the "Instruction on the Procedure for Interaction of Telecommunication Operators and Mobile Cellular Operators with State Bodies of the Kyrgyz Republic Carrying Out Operational-Search Activities" requires ISPs and mobile service providers to allow authorities direct, real-time access to their communications networks without notification and oversight. Every ISP and mobile service provider is obliged to install equipment compliant with the System for Operational Investigative Activities (SORM) in their ICT infrastructure to allow the authorities unfettered access to internet traffic and subscribers’ information (Section 7). It is reported that these requirements could enable mass surveillance without judicial oversight.