According to Art. 9 of the Government Tender and Procurement Law, priority shall be given to local small- and medium-sized enterprises, local content, and companies listed in the Capital Market.
Art. 4 of the Regulations on Preference for Local Content and Local SMEs and Companies Listed on the Capital Market in Business and Procurement Transactions stipulates that upon tendering its projects and procurements, a government agency shall grant local SMEs in which Saudi nationals own greater than a 50% stake a price preference, by assuming that the bid prices of other establishments are 10% higher than the price stated in the bid documents. Furthermore, according to Art. 10, government agencies shall, in all contracts, apply the National Product Price Preference Mechanism to national products not included in the mandatory list. A national product shall be granted a price preference by assuming that the price of a foreign product is 10% higher than the price stated in the bid documents.

Under the Cloud Computing Services Provisioning Regulations, government entities are permitted to host their data only with cloud service providers (CSPs) that hold the appropriate licences or registrations issued by the Communications, Space & Technology Commission of Saudi Arabia (CST). Section 3.3.7 mandates that subscribers whose data is classified as data of Saudi government agencies must utilise CSPs registered with the CST.
These Regulations represent the fourth iteration of this legislative framework. Since the introduction of the initial version, the legislation has included progressively stringent provisions. Notably, Section 3.3.9 prohibited the transferring, storing, or processing only of Level 3 data unless the provider was registered with local authorities. Level 3 data encompasses, among other categories, sensitive information managed by public authorities.

The Regulatory Arrangements for the Local Content and Government Procurement Law mandates the Local Content and Government Procurement Authority (LCGPA) to set local content requirements for individual contracts, track the amount of local content used by contractors, and obtain and audit commitments by contractors to increase their reliance on local content in the public procurement. The Law defines local content as “total spending in Saudi Arabia from the participation of Saudi elements in the workforce, goods, services, assets, technology, etc.” The Law requires the bidder in public procurement to include a list of items provided locally in their proposal, and this list of items will vary for each bidding. The bidder should meet a minimum baseline of local content provided by LCGPA in order to participate. LCGPA also manages an online portal through which contractors register their commitments to increase local content. Contractors who fall short of their commitments will be fined and could be blacklisted from procurement for repeated failures to honour commitments over the long term.

Saudi Arabia is not a party to the World Trade Organization (WTO) Agreement on Government Procurement (GPA). However, the country has been an observer of the WTO GPA since 2007.

According to Section 1 of the Domain Registration Policy, only natural persons and entities with residency in the EU or the European Economic Area (EEA) can apply for a ".hu" domain.

Under Section 15/C of the Act CVII of 2001 on Electronic Commerce, video-sharing platform services are subject to a notification requirement. It is reported that, in the authorities' current practice, this notification has to include an official registration number, which is only available to companies with a local presence in Hungary. According to industry reports, this bureaucratic hurdle concerns other digital services and e-commerce as well.

The Consumer Rights Directive 2011/83/EU provides an updated framework aimed at encouraging online sales. The Directive has been implemented by the Act CLV of 1997 on Consumer Protection (as amended in September 2019).

Hungary has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

Hungary has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.

Hungary has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

The European Union General Data Protection Regulation (GDPR) provides a comprehensive framework for data protection that applies to all EU Member States. Hungary implemented the GDPR by amending the Act CXII of 2011 on the Right to Informational Self-determination and on the Freedom of Information.

Under the EU Directive on Data Retention, operators were required to retain certain categories of traffic and location data (excluding the content of those communications) for a period between six months and two years and to make them available, on request, to law enforcement authorities for the purposes of investigating, detecting and prosecuting serious crime and terrorism. On 8 April 2014, the Court of Justice of the European Union declared the Directive invalid. However, not all national laws that implemented the Directive have been overturned. This is the case in Hungary. Under Art. 159/A of Act C of 2003 on Electronic Communications, internet service providers have to store connection data for 12 months at least.

Art. 159/A of Act C of 2003 provides that mobile service providers and ISPs must provide user data to the authorities upon request. The Constitutional Court found this law unconstitutional in 2022 and called on parliament to amend the legislation by the end of the year, but it is reported that parliament failed to comply.

The Directive 2000/31/EC (E-Commerce Directive) is the legal basis governing the liability of Internet Services Providers (ISPs) in the EU Member States and includes a conditional safe harbour. Not all Member States have transposed the relevant articles consistently, leading to divergent national case law that could cause legal insecurity on an EU level.
Under Section 7/3 of the Act CVIII on Electronic Commerce, which transposes Directive 2000/31/EC, service providers and intermediaries are protected from liability for third-party content. However, this exemption does not cover disguised advertising, as regulated in Section 14/A.

The Directive 2000/31/EC (E-Commerce Directive) is the legal basis governing the liability of Internet Services Providers (ISPs) in the EU Member States and includes a conditional safe harbour. Not all Member States have transposed the relevant articles consistently, leading to divergent national case law that could cause legal insecurity on an EU level.
Under Section 7/3 of the Act CVIII on Electronic Commerce, which transposes Directive 2000/31/EC, service providers and intermediaries are protected from liability for third-party content. However, this exemption does not cover disguised advertising, as regulated in Section 14/A.