It is reported that the Central Bank of Myanmar (CBM) imposes foreign exchange restrictions that limit private sector access to foreign currency, thereby constraining commercial activity. In practice, the transfer of funds into or out of Myanmar is subject to severe restrictions arising from the capital outflow controls and foreign currency conversion regulations enforced by the CBM and the Foreign Exchange Supervisory Committee (FESC).

It is reported that the de minimis threshold, that is the minimum value of goods below which customs do not charge duties, is USD 87, below the 200 USD threshold recommended by the International Chamber of Commerce (ICC).

It is reported that certain requirements apply to the registration of a ".mm" domain. However, the information currently available online relates to the second-level domains ".com.mm", ".net.mm", ".org.mm", and ".biz.mm". To register a domain under these extensions, the registrant is required to have a company or subsidiary incorporated in Myanmar.

The Consumer Protection Law, the Law on Electronic Transactions, and related legislative instruments establish a comprehensive framework for consumer protection, which extends to transactions conducted online.

Myanmar has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

It is reported that the government’s onerous import licensing regime constrains firms’ ability to import intermediate goods required for domestic production. Imports into Myanmar are contingent upon obtaining one of a limited number of licences, the requirements for which are subject to frequent change.

According to Art. 26 of the Telecommunications Law, the Ministry of Communications and Information Technology shall prescribe the standards of network equipment and telecommunication equipment that are exported. It is reported that a recommendation issued by the Post and Telecommunications Department is often required for the export of telecommunications equipment, depending on the nature of the equipment. This recommendation is needed to be granted an export license by the Department of Trade under the Ministry of Commerce.

Section 34 of the Cybersecurity Law stipulates that, where any individual or organisation authorised under prevailing legislation makes a written request for some or all of the data identified in Section 33, digital platform service providers are required to furnish such data in the prescribed manner. Section 33 enumerates the following categories of data relating to a user of the service: (a) the personal information of the user accessing the service; (b) records of the user’s utilisation of the service; and (c) such additional data as may be specified from time to time by the Department. The provision does not indicate any requirement to obtain a warrant or court order. It is reported that this framework imposes disproportionate obligations on digital platforms, obliging them to disclose user data upon the mere written request of any governmental authority. Pursuant to Section 4, “digital platform services” are defined as a category of business that provides services enabling users to display, transmit, disseminate, or otherwise utilise information online through cyber resources or analogous technologies and associated equipment, while a “digital platform service provider” refers to any person or organisation that offers such services for use within the State.

Arts. 75 and 77 of the Telecommunication Law allow the government to intercept, suspend, or obtain any information that threatens national security and the rule of law in the country. The broad provision fails to specify which government agents are authorised to do this and what sort of information specifically constitutes the general terms such as national security.

Art. 4 of the Electronic Transactions Law allows the Government to obtain personal data for purposes related to the stability, tranquillity, and national security of the State. The regulation fails to specify what information constitutes the general terms, such as national security.

A basic legal framework on intermediary liability for copyright infringement is absent in Myanmar's law and jurisprudence. It is reported that the Telecommunication Law does not explicitly hold intermediaries liable for the content, but some provisions are vague and could feasibly be interpreted to justify content removals.

A basic legal framework on intermediary liability beyond copyright infringement is absent in Myanmar's law and jurisprudence. It is reported that the Telecommunication Law does not explicitly hold intermediaries liable for the content, but some provisions are vague and could feasibly be interpreted to justify content removals.

It is reported that Myanmar’s approach to SIM registration obliges mobile network operators to collect and store users’ personal information, including proof of identity. Furthermore, it is reported that Myanmar requires the submission of biometric data for SIM registration, encompassing both fingerprint and facial recognition data. Failure to register a SIM card results in its deactivation.

Section 31 of the Cybersecurity Law provides that digital platform service providers are required to implement adequate measures to identify relevant information and associated cyber resources in circumstances where particular categories of content arise on their platforms, including material that incites hatred, undermines unity, or disrupts public peace and order; disseminates false news or rumours; is unsuitable for public viewing; contains sexually explicit depictions, including those involving children; contravenes any law in force or involves the commission of unlawful acts; gives rise to complaints concerning intended social or economic harm to an individual; infringes intellectual property rights; or relates to the incitement, commission, attempted commission, or facilitation of terrorist acts. Section 32 further stipulates that, where a digital platform service provider becomes aware of such conduct, whether independently or upon notification by the relevant Department, it must, within the prescribed timeframe, take appropriate steps to prevent, remove, destroy, or suspend the offending content or activity. Pursuant to Section 4, “digital platform services” are defined as a category of business that provides services enabling users to display, transmit, disseminate, or otherwise utilise information online through cyber resources or analogous technologies and associated equipment, while a “digital platform service provider” refers to any person or organisation that offers such services for use within the State. These provisions have been reported as imposing obligations on digital platforms, such as Facebook, effectively requiring them to monitor, identify, and remove broadly and imprecisely defined categories of content.

It is reported that instances of the blocking of commercial web content in Myanmar were ongoing as of 2025:
- In 2021, the Ministry of Communications of Myanmar issued orders to block Facebook on 3 February, followed by Instagram and X on 5 February.
- The government blocked WhatsApp and Facebook Messenger in Myanmar beginning on 16 February 2024.
- Signal was blocked in Myanmar beginning on 14 July 2024.