According to reports, Uzbekistan's communications regulator (Uzkomnazorat) restricted access to several platforms in 2021 for failing to store data on local servers, in violation of the 2021's amendment of the Law on Personal Data. It is also reported that, while most of the platforms have been unblocked, access to Tik Tok remains blocked.

It is reported that Uzbekistan requires mandatory SIM registration.

A basic legal framework on intermediary liability beyond copyright infringement is absent in Uzbekistan's law and jurisprudence.

It is reported that to become a registered user in online forums, individuals must provide personally identifiable information. Individuals are increasingly encouraged to register with their real names to participate in discussion forums such as the state-run Uforum.

A basic legal framework on intermediary liability for copyright infringement is absent in Uzbekistan's law and jurisprudence.

According to Art. 31 of the Law on Personal Data, government bodies, legal entities and individuals processing personal data (i.e. operators of personal data) or having the right to use and dispose personal data (i.e. owners of personal data) must designate a structural unit or a responsible person that has to organize work with respect to personal data protection in the course of its processing.

It is reported that ISPs and mobile service providers must provide to the authorities direct, real-time access to their communications networks without notification and oversight. These operators must install System for Operational Investigative Measures (SORM)-compliant surveillance equipment on their networks in order to obtain an operating license, which would provide the authorities unfettered access to internet traffic and subscribers’ information. It is reported that this measure is contained in the Resolution of the President on Measures for Increasing the Effectiveness of Operational and Investigative Actions on the Telecommunications Networks of the Republic of Uzbekistan, but the text is not available online.

Art. 15 of the Law on Cybersecurity provides that operators of critical facilities must store a backup copy of all data from information systems and resources for at least three months. This requirement affects businesses that possess, operate or interoperate information systems used in critical facilities, including public administration and the provision of public services, defense, national security, law enforcement, fuel and energy industries (including nuclear energy), chemical and petrochemical industries, metallurgy, water management and water supply, agriculture, public health, housing and utility services, banking and finance, transportation, information and communication technologies, ecology and environmental protection, extraction and processing of minerals of strategic importance, manufacturing, other sectors of the economy and the social sphere.

Uzbekistan has not joined any agreement with binding commitments to open transfers of data across borders.

The Law of the Republic of Uzbekistan on Personal Data provides for a comprehensive regime of data protection regime in Uzbekistan. It is the first unified data protection law and outlines requirements for data subjects' consent, the purposes of processing, and notifying data subjects when transferring their personal data to a third party. The excludes biometric, educational, criminal and health information, previously included in a draft version, from its application.

In accordance with Art. 15 of the Law on Personal Data, cross-border transfers of personal data can be carried out when a foreign state ensures adequate protection for the rights of the subjects of personal data. In the absence of such protection, the cross-border transfer of personal data is allowed in the following cases:
- the data subject has consented to the cross-border transfer of their personal data;
- there is a need to protect constitutional order, public order, the rights and freedoms of citizens, or the health and the morals of the population; or
- it is stipulated by international treaties.
The transfer of personal data may be prohibited or restricted in order to protect the constitutional system of the Republic of Uzbekistan, the rights and legitimate interests of citizens, or to ensure the security of the State.

The telecommunications authority in the country is the Ministry for Development of Information Technologies and Communications of the Republic of Uzbekistan (MiTC). Therefore, the authority is not independent in its decision-making and it is reported that it operates opaquely.

Art. 27-1 of the Law on Personal Data provides that the owners and/or operators are obliged to ensure that databases containing personal data of citizens of Uzbekistan are collected, systematized, and stored using technical means physically located in the territory of Uzbekistan. Moreover, the operators have to register their databases in the State Register of Personal Databases.

Uzbekistan has not appended the World Trade Organization (WTO) Telecom Reference Paper to its schedule of commitments. In fact, Uzbekistan is not a member of the WTO.

Uzbekistan does not mandate functional or accounting separation for operators with significant market power (SMP) in the telecom market.