In 2021, the Romanian government approved Law No. 163 of 11 June 2021 on the adoption of measures on information and communication infrastructures of national interest and conditions for the deployment of 5G networks, requiring suppliers to have approval from the Supreme Council of National Defence (CSAT) to sell 5G equipment (Art. 3). The legislation states that equipment from untrusted vendors must be replaced by 2026 (core network) and 2028 (RAN equipment). To provide 5G equipment in Romanian mobile networks after 2026 (Core) / 2028 (RAN), the vendor must apply to the Supreme Council of National Defence (CSAT) for approval. It is reported that from 2021 until 2024, Huawei chose not to apply for such a permit. Given that Huawei has not received CSAT approval, Romanian telecom companies would have to remove all Huawei products from their networks within five to seven years, and the major Chinese firm is excluded from taking part in the development of the 5G network.

According to Art. 15 of Emergency Ordinance No. 77, in order to conduct remote gambling activities, the gaming server is required to have a registration system capable of identifying the gamers as well as a system which stores and transmits data to a backup server which is situated on Romanian territory. The gaming server has to be approved by the National Gambling Office (Oficiul National pentru Jocuri de Noroc, ONJN) and in compliance with the procedure established under the implementing rules of the Emergency Ordinance. In addition, the game server and the backup server must store all data, including the registration and identification of players, the stakes placed and the winnings paid out, for a period of five years after the prescription deadline in relation to the repayment of public debts related to this data.
In addition, Art. 15 provides that the communications equipment, other than one of the suppliers of electronic communication services and networks defined in the Government Emergency Ordinance No. 111/2011, must record the geographical location of the IP addresses as well as identify the date, time and the duration of a game session once they have registered as a participant in a game on the organiser's website. The data must be stored for a period of a minimum of five years from the date of collection and processing. Moreover, such equipment, as well as the central location at which the organiser's central ICT system, is to be installed on Romanian territory or the territory of another EU Member State or another State party to the Agreement on the European Economic Area or in the Swiss Confederation.

Arts. 27 and 28 of "Government Decision No. 112/2023 on the Approval of the Guideline for the Governance of the Government Cloud Platform" stipulate that special categories of personal data must be stored on technical infrastructures located within Romania, whereas personal data more broadly must be stored on technical infrastructures situated within the European Union, expressly excluding its overseas territories.

Art. 109 of "Law No. 207/2015 Regarding the Fiscal Procedure Code" stipulates that entities subject to its provisions must retain tax and accounting records, either in physical or electronic form, within Romania, at the taxpayer’s registered office or secondary establishment corresponding to their domicile.

The European Union General Data Protection Regulation (GDPR) provides a comprehensive framework for data protection that applies to all EU Member States. The GDPR was implemented in Romania in 2018 through the Law No. 190/2018 Implementing the General Data Protection Regulation (Regulation (EU) 2016/679).

Copyright is not adequately enforced online in Romania. It is reported that online piracy remains a concern, with some notorious pirate sites allegedly hosted or registered in the country. Additionally, penalties for IP infringements are reportedly insufficient, hampering investigations and failing to deter further crimes. Law enforcement agencies often consolidate significant cases into criminal files for tax evasion. Furthermore, Romania lacks an effective and timely mechanism for rights holders to file takedown requests against online marketplaces and hosting platforms for infringing material. Adequate resources, including additional training for law enforcement, are needed to enhance enforcement quality.

Romania and the European Union have adopted the World Intellectual Property Organization (WIPO) Copyright Treaty. Romania ratified the Treaty on 1 February 2001, with its provisions coming into force on 6 March 2002. Subsequently, the European Union ratified the Treaty on 14 December 2009, and it entered into effect on 14 March 2010.

Romania and the European Union have adopted the World Intellectual Property Organization (WIPO) Performances and Phonograms Treaty. Romania ratified the Treaty on 1 February 2001, with its provisions coming into force on 20 May 2002. Subsequently, the European Union ratified the Treaty on 14 December 2009, and it entered into effect on 14 March 2010.

Trade secrets are protected in Romania, especially by Law No. 11/1991 on combating unfair competition. In April 2019, Romania adopted Government Emergency Ordinance No. 25, which protects undisclosed know-how and business information (trade secrets) against unlawful acquisition, use, and disclosure in compliance with Directive (EU) 2016/943.
The law defines and protects trade secrets by reference to Law No. 11/1991 and information that is not generally known or easily accessible, which is valuable because it is secret and its owner has taken reasonable measures to ensure its secrecy. Protection covers its divulgation, acquisition and use without the owner's consent. Exceptions are specifically provided in certain cases and under clear conditions for:
- Exercising the right to freedom of expression;
- Revealing misconduct, wrongdoing or illegal activity;
- Disclosure by workers to their representatives as part of the legitimate exercise by those representatives of their functions.

It is reported that passive sharing is mandated in Romania, and it is practised in the mobile and fixed sectors based on commercial agreements. In addition, Art. 3.2 of the Directive 2014/61/EU establishes that Member States shall ensure that, upon written request of an undertaking providing or authorised to provide public communications networks, any network operator must meet all reasonable requests for access to its physical infrastructure under fair and reasonable terms and conditions, including price, with a view to deploying elements of high-speed electronic communications networks. Such written request shall specify the elements of the project for which the access is requested, including a specific time frame.

It is reported that Romania does not mandate functional separation for operators with significant market power (SMP) in the telecom market. However, accounting separation is required by law.

It is reported that the Autoritatea Naţională pentru Administrare şi Reglementare în Comunicaţii (ANCR), the executive authority for the supervision and administration of services in the telecommunications sector, is independent from the government in the decision-making process.

The definition of the “economic operator” in Art. 3 (1) of the Public Procurement Act has been amended and provides five specific categories of bidders who are allowed to submit an offer in a public procurement procedure in Romania, namely those which are established in (i) an EU Member State; (ii) a Member State of the European Economic Area (EEA); (iii) third countries which have ratified the World Trade Organisation Agreement on Government Procurement, to the extent that the awarded public procurement contract falls under the scope of Annexes 1, 2, 4 and 5, 6 and 7 to the European Union’s Appendix I to the respective Agreement; (iv) third countries which are in the process of joining the European Union, or in (v) third countries not covered by point (iii), but which are signatories to other international agreements by which the European Union is obliged to grant free market access in the field of public procurement.
Additionally, under recent amendments to the public procurement legislation introduced by Government Emergency Ordinance No. 25/2021, contracting authorities may exclude from tenders any natural or legal person from non-EU countries or from states that have not concluded commercial or pre-accession agreements with the European Union.

Art. 85 of the Utilities Directive (2014/25/EU) contains provisions allowing contracting public entities to reject foreign goods not covered by any EU international commitments from its tender procedures. In these cases, a tender submitted for the award of a supply contract may be rejected where the proportion of the products originating in third countries exceeds 50% of the total value of the products constituting the tender (Art. 85.2). Additionally, in cases of equivalent offers, the provisions provide for a preference for European tenders and tenders covered by EU's international obligations. In practice, this possibility has rarely been used.
In Romania, the Directive has been transposed with the Law No. 99/2016 on sectoral procurement.