Lao PDR is a signatory of the World Trade Organization (WTO) Information Technology Agreement (ITA) of 1996 and its 2015 expansion (ITA II).

Art. 9 of the Decree of the Prime Minister on Government Procurement of Goods, Construction, Maintenance and Services No. 03/PM stipulates that the use of the national budget for the procurement of foreign goods is not authorised if such goods can be produced locally at equal quality. The regulation also states that local firms are given priority in public procurements of goods, works, and services financed in full with domestic funds. Local firms that are not affiliated with foreign firms and that supply goods, works, and services of equal quality to local firms are given preferential rights in competitive bidding.

It is reported that the de minimis threshold, that is the minimum value of goods below which customs do not charge duties, is MYR 500 (approx. USD 110), below the 200 USD threshold recommended by the International Chamber of Commerce (ICC).

It is reported that the registration of ".my" domain names necessitates the presence of a locally established company.

Section 4.2.3 of the "Code of Conduct (Best Practice) for Internet Messaging Service Providers and Social Media Service Providers" provides that Internet messaging service providers and social media service providers must ensure that a dedicated local content‑moderation team is permanently established within Malaysia. This team should receive appropriate training and support: (i) to develop an understanding of Malaysia’s local nuances, context, and sensitivities; and (ii) to deliver prompt and effective responses in both standard and crisis situations.

The Consumer Protection Act and the Consumer Protection (Electronic Trade Transaction) Regulations 2024 provide a comprehensive framework for consumer protection that also applies to online transactions.

Malaysia has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

Malaysia has adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.

Malaysia has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

Section 4.2 of the "Code of Conduct (Best Practice) for Internet Messaging Service Providers and Social Media Service Providers" stipulates that Internet messaging and social media service providers shall: establish clear, comprehensive, and resilient systems, mechanisms, and procedures to ensure the prompt identification, evaluation, and removal of harmful content; maintain a dedicated, locally based content moderation team within Malaysia that is consistently available and adequately trained and supported; and prevent and eradicate child sexual abuse material by immediately reporting any identified harmful content to the relevant law enforcement authorities, including the Commission, and ensuring its removal within 24 hours of such reporting, or otherwise handling the material in accordance with the directions issued by the competent law enforcement agency or agencies.

It is reported that access to Grindr began to be blocked in Malaysia on 17 April 2024. Although the restriction has not been implemented uniformly across all networks, it has continued into 2025.

According to the guidelines issued by the Malaysian Communications and Multimedia Commission (MCMC), Content Applications Service Providers (CASP) and Applications Service Providers (ASP) must obtain the relevant licenses to operate in Malaysia. In assessing the shareholding structure of an applicant, the MCMC considers the need to promote local small and medium-sized enterprises (SMEs) of Malaysian origin within the information and communications technology industry.
Furthermore, under Part IV of the Communications and Multimedia (Licensing) Regulations 2000, as amended in April 2022, a new licensed category was introduced for cloud service providers and data centres hosting cloud service applications under the ASP classification. Cloud service providers with a local presence are required to apply for an ASP license and are permitted to remain fully foreign-owned. However, cross-border suppliers of cloud services without a local presence do not need to register or obtain ASP licenses.

Under Section 3 of the "Communications and Multimedia (Licensing) (Exemption) (Amendment) Order 2024", providers of social media platforms and internet messaging services with more than eight million users in Malaysia are required to obtain a licence.

According to the Certification Requirements for Compliance Approval on Communication, Multimedia, and Hybrid Equipment, import licenses are required for hybrid ICT products. These include those devices with multiple features, including toys, medical devices, and computer products.