It is reported that although an electronic public procurement system was introduced in 2018 to enhance transparency, competition for government tenders remains vulnerable to corruption.

Sudan lacks a comprehensive framework for consumer protection that applies to online transactions.

Sudan has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

Sudan has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.

Sudan has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

It is reported that, since early 2024, Sudanese authorities have prohibited the import and possession of Starlink satellite internet devices. An official letter from the Director General of the Telecommunications and Post Regulatory Authority (TPRA) to the Director General of Police ordered the enforcement of a ban on the ownership of Starlink terminals and instructed the police to take all necessary measures to prevent their circulation and use.

According to Art. 19 of the Telecommunications and Postal Regulation Law, no person may assemble telecommunications or transmission devices, or manufacture, import, export or trade in such devices, without first obtaining a licence from the Board and the competent authorities.

According to Art. 19 of the Telecommunications and Postal Regulation Law, no person may assemble telecommunications or transmission devices, or manufacture, import, export or trade in such devices, without first obtaining a licence from the Board and the competent authorities.

Type approval procedures in Sudan are regulated by the Telecommunications and Post Regulatory Authority (TPRA). It is reported that the homologation process in Sudan does not require local laboratory testing or contact with local representatives. However, a product sample can be requested from the authority for viewing.

Sudan does not implement any de minimis threshold, which is the minimum value of goods below which customs do not charge duties.

Sudan has not joined any agreement with binding commitments to open transfers of data across borders.

Sudan does not have a comprehensive regime in place for personal data, but it has the Electronic Transactions Act 2007 as a sectoral regulation. A data protection authority has not yet been appointed.

According to Art. 6 of the Anti-Money Laundering and Combating the Financing of Terrorism Act 2014, financial and non-financial institutions are required to keep records and data relating to customers and transactions and ensure that these records and information are made available to the competent authorities with reasonable speed. The records must be kept for a period of at least five years after the termination of the business relationship or the execution of the incidental transaction, whichever is longer. The article also stipulates that records and data relating to domestic and international transactions, whether executed or attempted, should be kept for at least five years after the transaction, and such records shall be detailed enough to allow the steps of each transaction to be tracked separately.

According to Art. 25(t) of the Telecommunications and Postal Regulation Law, telecommunications operators shall grant the Telecommunication and Postal Regulation Authority access to their facilities, networks and equipment, and to allow the installation of devices necessary for performance measurement and monitoring. It is reported that, under this framework, telecommunications companies are required to provide customer data to the authorities upon request.

A basic legal framework on intermediary liability for copyright infringement is absent in Sudan's law and jurisprudence.