India has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

According to Condition 37.1 of the License Agreement for Unified License, issued by the Department of Telecommunications, Ministry of Communications and Information Technology, Internet Service Provider licensees are prohibited from employing bulk encryption equipment in their networks. The licensor or officers designated for this purpose have the authority to evaluate any encryption equipment connected to the licensee's network. However, the licensee remains responsible for ensuring the protection of communication privacy and preventing unauthorised message interception.

According to Section 84A of the Information Technology Act, the Government may, for secure use of the electronic medium and for the promotion of e-governance and e-commerce, prescribe the modes or methods for encryption. However, no rules have been introduced under this section.

Since the implementation of the Consolidated FDI Policy Circular of 2016, last amended by the Consolidated FD) Policy Circular of 2020, India permits fully owned FDI in business-to-business (“marketplace-based”) electronic commerce, i.e. "providing an information technology platform by an e-commerce entity on a digital & electronic network to act as a facilitator between buyer and seller." However, India prohibits foreign investment in business-to-consumer (or “inventory-based”) electronic commerce, also defined as "e-commerce activity where the inventory of goods and services is owned by an e-commerce entity and is sold to the consumers directly".
When a marketplace e-commerce entity exercises ownership or control over the inventory, the business is categorised into the inventory-based model. Additionally, India implemented regulations that expressly prohibit subsidiaries of foreign-owned marketplace-based electronic commerce sites from selling products on their parent companies’ sites. The rules also prohibit exclusivity arrangements by which electronic commerce retailers can offer a product on an exclusive basis.
The only exceptions for FDI in inventory-based electronic commerce are for food-product retailing and single-brand retailers that meet certain conditions, including the operation of physical stores in India. According to Section 5.2.15.3 of the Consolidated FDI Policy Circular of 2020, retail trading through e-commerce can also be undertaken before opening physical stores, subject to the entity opening physical stores within two years from the start of online retail. Overall, it is reported that these narrow exceptions limit the ability of many electronic commerce service suppliers to serve the Indian market.

According to Section 2 of the Companies Act of 2013, foreign companies relating to B2B, B2C e-commerce, data interchange and other digital supply transactions, web-based marketing, database services, online services such as telemarketing, telecommuting, telemedicine, education and information research and all related data communication services, even when not incorporated in India, should register in India when they are engaged in business in the country.

According to Art. 2 of the Processing and Settlement of Export-related receipts facilitated by Online Payment Gateways from 2011, the Reserve Bank of India restricts export-related payments for goods and services through online payment gateways. It is reported that PayPal had to limit payments for export-related payments above 500 USD. From July 2013, this limit has been increased to USD 10,000.
In addition, according to Section 2 of the Storage of Payment System Data Directive, all payment data held by payment companies should be held in local facilities. Furthermore, according to section 5 of the directive, data must be stored only in India after processing and should be deleted from systems abroad and brought back to India no later than 24 hours after processing. Any subsequent activity, such as settlement processing after payment processing done outside India, must be undertaken on a real-time basis, pursuant to which the data must be stored only in India. However, The RBI has clarified that banks, especially foreign banks, can continue to store banking data abroad but in respect to domestic payment transactions, the data must be stored only in India.

Following a negative response from international payment companies such as MasterCard, Visa, and American Express, the RBI has proposed (in "Frequently Asked Questions" of its website) to ease this restriction so as to allow payment firms to store data offshore as long as a copy was kept in India. The RBI has further clarified that for cross-border transaction data consisting of a foreign component and a domestic component, a copy of the domestic component may be stored abroad if required.

In accordance with NPCI Notification: NPCI/UPI/SOP-01/2020-21, the National Payments Corporation of India (NPCI), a state-owned entity, introduced a 30% market share cap for foreign electronic payment service providers processing online payments via India’s Unified Payment Interface (UPI), which is owned and operated by NPCI. Foreign digital payment companies were required to comply with this 30% market share limit by January 2023.

India does not implement a de minimis threshold, which refers to the minimum value of goods below which customs do not charge duties. Although the Courier Imports and Exports (Electronic Declaration and Processing) Regulations, 2010 refer to "low-value dutiable consignments" as those with an invoice value below INR 100,000 (approx. USD 1,000) for imports (excluding documents, gifts, and samples), the specific de minimis threshold applied in the country remains unclear.

The Consumer Protection (E-Commerce) Rules, 2020, provides a comprehensive framework for consumer protection that also applies to online transactions. The Rules introduced in 2020 established several requirements, such as displaying requirements for the name and details of sellers, details of returns, refunds, exchanges, warranties, and guarantees. In addition, requires sellers on the platform to provide an undertaking affirming the accuracy of descriptions, images, and other content of the goods or services on the platform, including that they correspond directly with the appearance, nature, quality, and purpose.

India has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

According to the Electronics and Information Technology Goods (Requirement of Compulsory Registration) Order of 2021, and subsequent notifications, 76 ICT products must undergo registration and labelling prior to being launched in the market. In addition, no person shall manufacture or store for sale, import, sell, or distribute goods that do not conform to the Indian standard specified in the order and do not bear the Standard Mark with a unique registration number obtained from the Bureau of Indian Standards (BIS). BIS grants a license to the manufacturers to use or apply Standard Mark with a unique R-number through registration based on self-declaration of conformity for goods and articles as per Indian Standards. Examples of products subject to the scheme include set-top boxes, amplifiers, laptops/notebooks/tablets, scanners, printers, and mobile phones. It is reported that India has been tightening quality clearances for electronic products from China, which has ended up holding up products such as mobile phones from Chinese companies. While applications to the BIS are typically processed within 15 days, they now take more than two months.

According to Notification No. 5 (2015-2020), the import of goods (new as well as second-hand, whether or not refurbished, repaired, or reconditioned) notified under the Electronics and Information Technology Goods (Requirement of Compulsory Registration) Order of 2021 is prohibited unless they are registered with the Bureau of Indian Standards and comply with its labelling requirements, or on a specific exemption letter from the Ministry of Electronics and Information Technology (MEITY) for a particular consignment.

According to the Consolidated Foreign Direct Investment (FDI) Policy Circular 2020, for any single-brand retail, including e-commerce entities with physical stores in India, foreign investment exceeding 51% is only allowed when 30% of the value of goods purchased is done from India. This requirement was established by the Consolidated Foreign Direct Investment (FDI) Policy Circular 2013. It is reported that India has modified the requirements in recent years, including by allowing firms to offset the local sourcing requirement by sourcing products from India for global supply chains. In addition, despite these modifications, it is reported that the local content requirements remain prohibitive for certain retailers with highly specialised supply chains.

According to the Foreign Trade (Development and Regulation) Act, the export of dual-use items and technologies is either prohibited or permitted under a license. The list of dual-use items also includes electronics, computers, and information technology, including information security.

In September 2017, India's Ministry of Communications introduced the Telegraph (Amendment) Rules, requiring testing and certification for all telegraph equipment. This led to the implementation of the Mandatory Testing and Certification for Telecom Equipment (MTCTE) procedures in 2019, which mandate local security testing for telecom products. In September 2021, the MTCTE program was expanded to include 175 products, prompting concerns from stakeholders regarding these in-country testing requirements.
Furthermore, the 2021 Electronics and Information Technology Goods (Requirement of Compulsory Registration) Order mandates that manufacturers and importers register and certify their products with Bureau of Indian Standards-accredited laboratories, even if they have already been certified internationally. Expanded to cover 63 product categories, this order has faced criticism for insufficient government testing capacity, a complex registration process, and high compliance costs, including factory-level and component-level testing.