Law No. No. 94-V provides a comprehensive regime of data protection in the Kazakhstan. The Personal Data Law provides general regulations on the collection and processing of personal data, and notably includes broad requirements for data localisation. In addition, the Amendment Law was introduced in July 2020, significantly extending data protection obligations for organisations. The Amendment Law introduces, among other things, further requirements for data collection and processing, obligations for data operators (similar to data processors), and redefines key concepts. The Amendment Law further establishes the competency of the data protection authority including its powers and role.

In addition to the legal requirement of local processing of personal data in Kazakhstan introduced in 2015 in the Personal Data Law (Art. 12.2), pursuant to Art. 16.2 of the Law, a copy of personal data may only be transferred from Kazakhstan to a foreign country (including for purposes of processing) without prior permission from the personal data subject only if the recipient of the personal data is located in a country that protects personal data (at either the national level (by adopting national laws and regulations) or the international level (through international treaties). Pursuant to Art. 16.3 of the Personal Data Law, if no such protection is available, cross-border transfers of personal data are only possible if:
- The subject gives specific consent;
- In cases specified by international treaties ratified by Kazakhstan;
- In cases stipulated in the laws of Kazakhstan in order to protect the constitutional order, public order, rights and freedoms of an individual and a citizen, and public health and morality; and
- In the case of the protection of the constitutional rights of an individual and citizen, where getting the consent of the subject or their legal representative is impossible.
It is reported that national legislation does not specify a list of countries to which transfer of data is prohibited, nor are there any criteria listed for determining the countries that provide a proper level of protection of personal data.

Art. 21 of the Law of the Republic of Kazakhstan on Communications stipulates that operators of communication networks of all categories included in the unified telecommunications network of the Republic of Kazakhstan shall be obliged to create at their own expense a system of centralized management of their networks, which must be located on the territory of the Republic of Kazakhstan.

Pursuant to Art. 12.2 of the Personal Data Law, personal data should be stored in a database located on the territory of Kazakhstan by the owner and/or operator, as well as third parties. In addition, in accordance with Subparagraph 4) of Art. 26 of the Personal Data Law, the Government of Kazakhstan decreed the approval of the Rules for the Implementation by the Owner and/or Operator, and a Third Party of Measures on Protection of Personal Data (Decree No. 909). In 2021, the Rules were supplemented with the provision that the collection and processing of personal data "of limited access" is carried out through informatization objects located on the territory of Kazakhstan. In accordance with paragraph 10 of these Rules, it is necessary not only to store personal data in Kazakhstan, but to collect and process personal data in Kazakhstan. It is reported that there is no clear distinction between publicly accessible data and data "of limited access". It is presumed that all personal data is of restricted access (including last name, first name, patronymic name, year, date of birth, nationality, information about the place of residence, individual identification number ('IIN'), details of identity documents), until the data subject makes them publicly accessible.

Paragraph 6-1 of Resolution No. 246 prohibits the storage of telecommunication subscriber information outside the country.

Kazakhstan has a telecommunications authority: The Telecommunications Committee of the of the Ministry of Digital Development, Innovations and Aerospace Industry of the Republic of Kazakhstan. However, it is reported that the decision making process of this entity is not fully independent from the government.

Art. 56-1 of the Law on Informatization requires that internet resources with ".kz" and ".қaz" domains must be hosted on hardware and software complexes located in Kazakhstan. In other words, an internet resource (website, web application, web service) using a ".kz" or ".қaz" domain must be hosted on a server (owned / rented / cloud hosted / VDS hosted / virtually hosted) in a data center (server / office) located in Kazakhstan. The server must also be connected to a Kazakh internet provider and use a (dedicated or shared) Kazakhstan IP address.
A similar requirement was in place since 2005, as established in Clauses 7 and 8 of the Regulations for the Allocation of Domain Space in the Kazakhstan Segment of the Internet. These clauses provided that an application for domain name registration may be refused, or registration may be cancelled, if the domain servers were not located inside Kazakhstan.

Pursuant of the Law on Licensing and the Law on Permissions and Notifications, the companies providing telecommunications services require an operating license from the Ministry of Digital Development, Innovation, and Aerospace. It is reported that all telecommunications operators are legally obliged, as part of the licensing requirement, to connect their channels to a public network controlled by KazakhTelecom.

Kazakhstan has appended the World Trade Organization (WTO) Telecom Reference Paper to its schedule of commitments.

It is reported that the telecommunication companies are required to purchase and install equipment related to the state’s System for Operational Investigative Measures (SORM) and to cover costs related to the database of International Mobile Equipment Identity (IMEI) codes and to pay regular fees to the State Radio Frequency Service, which is the IMEI database operator. These obligations may deter new players from entering the market.

Kazakhtelecom is a majority state-owned company (45.9% of shares are owned by the government) that provides most of Kazakhstan’s communications services, including broadband internet, mobile and television. It is reported that the company dominated the market and it also fully or partially owns a number of other backbone and downstream ISPs. According to the website of the Register of State Preporty of Kazakhstan, the government will start the privatization of the Kazakhtelecom in 2024. It is reported that the so-called Billing Center of Telecommunication Traffic, established by the government in 1999, helps monitoring the activity of private companies and strengthen the monopolist position of KazakhTelecom in the IT sphere.

It is reported that Kazakhstan does not mandate accounting separation for operators with significant market power (SMP) in the telecom market. However, there is an obligation of functional separation since 2013.

It is reported that Kazakhstan has no obligation for passive infrastructure sharing in the country to deliver telecom services to end users, and it is not practiced in the mobile sector and in the fixed sector based on commercial agreements.

The Civil Code of the Republic of Kazakhstan and the Enterprise Code of the Republic of Kazakhstan provide a framework for effective protection of trade secrets. According to Art. 126.1 and 1017.1 of the Civil Code of the Republic of Kazakhstan, a trade secret comprises valuable information including secrets of production (know-how), production technology, management model, as well as ways and methods of increasing profits. In addition, according to Art. 28 of the Enterprise Code of the Republic of Kazakhstan, among other provisions, the protection of trade secrets consists in prohibiting the unlawful receipt, distribution or use of information constituting a trade secret in accordance with this Code and the legislation of the Republic of Kazakhstan. This regulatory framework includes remedies and penalties for the disclosure of trade secrets.

Kazakhstan has ratified the World Intellectual Property Organization (WIPO) Copyright Treaty.