Database

Browse Database

KAZAKHSTAN

Since May 2010

Pillar Online sales and transactions  |  Sub-pillar Framework for consumer protection applicable to online commerce
Law of the Republic of Kazakhstan dated 4 May 2010 No. 274-IV on Protection of Consumer Rights (Қазақстан Республикасының 2010 жылғы 4 мамырдағы № 274-IV Заңы Тұтынушылардың құқықтарын қорғау туралы)
The Law on Protection of Consumer Rights provides a comprehensive framework for consumer protection that also applies to online transactions. Art. 33 of the Law on Protection of Consumer Rights includes provisions for the protection of e-consumers. Additionally, e-consumers enjoy all other privileges of the normal consumers.
Coverage Horizontal

KAZAKHSTAN

N/A

Pillar Online sales and transactions  |  Sub-pillar Ratification of the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts
Lack of signature of the UN Convention on the Use of Electronic Communications in International Contracts
Kazakhstan has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.
Coverage Horizontal

KAZAKHSTAN

N/A

Pillar Online sales and transactions  |  Sub-pillar Adoption of United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce
Lack of adoption of UNCITRAL Model Law on Electronic Commerce
Kazakhstan has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.
Coverage Horizontal

KAZAKHSTAN

N/A

Pillar Online sales and transactions  |  Sub-pillar Adoption of United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures
Lack of adoption of UNCITRAL Model Law on Electronic Signatures
Kazakhstan has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.
Coverage Horizontal

KAZAKHSTAN

Since August 2012

Pillar Quantitative trade restrictions for ICT goods and online services  |  Sub-pillar Export restrictions on ICT goods or online services
Decision No. 134 of the EEC Board on the Single List of Goods Subject to Prohibitions or Restrictions on Import or Export by the Customs Union Member States within the EurAsEC When Trading with Third Countries and Provisions on the Application of Restrictions, 16 August 2012
The list of goods prohibited or restricted for import and export in the Eurasian Economic Union, including Kazakhstan, was determined by the decision of the Board of the Eurasian Economic Commission in 2012. The Decision has been amended a few times since then. According to Section 1 of the so-called "Single List" contained in the Decision, the following digital goods are among the goods that are subject to export restrictions: (i) Special hardware meant for secret information acquisition; (ii) Encryption devices.
Coverage Special hardware and encryption devices

KAZAKHSTAN

Since July 2004, last amended in September 2022

Pillar Technical standards applied to ICT goods and online services  |  Sub-pillar Self-certification for product safety
Law of the Republic of Kazakhstan of July 5, 2004 No. 567-II "On Communications" (Қазақстан Республикасының 2004 жылғы 5 шілдедегі N 567 Заңы Байланыс туралы)
According to Art. 16 of the Law on Communication, technical means of communication used in the telecommunications network of the Republic of Kazakhstan are subject to a procedure of mandatory conformity acknowledgement by the authorities. The equipment has to be submitted to certification bodies recognised (or approved) by the regulator for certification.
Coverage Telecom equipment

KAZAKHSTAN

Since April 2004, last amended in December 2022
Since March 2015, as amended in July 2019, last amended September 2022
Since January 2015, last amended in October 2022

Pillar Online sales and transactions  |  Sub-pillar Licensing scheme for e-commerce providers
Law No. 544 on the Regulation of Trading Activities (Қазақстан Республикасының 2004 жылғы 12 сәуірдегі N 544 Заңы Сауда қызметін реттеу туралы)

Order No. 264 on the Approval of the Rules of Domestic Trade (№ 264 бұйрығы Ішкі сауда қағидаларын бекіту туралы)

Order No. 4 on the Approval of the Forms of Messages and the Principles of Receiving Messages by State Bodies, as well as on Determining the State Bodies That Carry Out the Reception of Messages ( бұйрығы № 4 Хабарламалар нысандарын және Мемлекеттік органдардың хабарламаларды қабылдау қағидаларын бекіту туралы, сондай-ақ хабарламаларды қабылдауды жүзеге асыратын мемлекеттік органдарды айқындау туралы)
In accordance with subparagraph 4-1 of Art. 7 of Law No. 544, the Minister of National Economy of Kazakhstan ordered the approval of the Rules of Domestic Trade (Order No. 264). Arts. 105-1 and 106-1 of the Rules mandate e-commerce sellers to indicate their BIN (business identification number), address of business operations on the territory of Kazakhstan and mobile telephone number registered in Kazakhstan in order to operate in the country. Additional information on this requirement is found in Annex 3-10 of Order No. 4.
Coverage E-commerce sector

KAZAKHSTAN

Since July 2018, entry into force in July 2019, last amended in January 2020

Pillar Online sales and transactions  |  Sub-pillar Restrictions on online payments
Law No. 167-VІ SAM on Currency Regulation and Currency Control (Закон Республики Казахстан от 2 июля 2018 года № 167-VІ ЗРК)
According to Art. 7 of Law No. 167-VІ SAM on Monetary Regulation and Foreign Exchange Control (which repealed Law No. 57 of 2005 on Monetary Regulation in July 2018), the use of a local bank is mandatory for settlements in foreign currency between residents of the KR and non-residents. Exceptions are settlements made from a foreign bank account of a non-resident, carried out on account of the performance of obligations of a resident (e.g. when a foreign parent company pays its local branch in the KR) and settlements with non-residents made from the resident's account in a foreign bank. Also, settlements between residents of the KR (including local branches of foreign non-financial legal entities considered residents) must be made in local currency.
Coverage Horizontal

KAZAKHSTAN

Since December 2017, entry into force in April 2018

Pillar Domestic data policies  |  Sub-pillar Minimum period for data retention
Law on Amendments and Additions to Certain Legislative Acts of the Republic of Kazakhstan on Information and Communications (Закон Республики Казахстан от 28 декабря 2017 года № 128-VI «О внесении изменений и дополнений в некоторые законодательные акты Республики Казахстан по вопросам информации и коммуникаций» (с изменениями от 24.05.2018 г.))
As per the requirements of the Law on Amendments and Additions to Certain Legislative Acts of the Republic of Kazakhstan on Information and Communications (2017), users have been required to identify themselves using government-issued digital signature technology or SMS verification in order to comment on domestic websites.
The law requires website operators to make it mandatory for users to enter into a formal agreement before they are permitted to post comments on local websites. The information provided in the agreement needs to be retained by the website and handed over to the authorities whenever asked.
Coverage Domestic websites

KAZAKHSTAN

Since May 2013, as amended in December 2021

Pillar Domestic data policies  |  Sub-pillar Requirement to perform a Data Protection Impact Assessment (DPIA) or have a data protection officer (DPO)
Law of the Republic of Kazakhstan of 21 May 2013 No. 94-V on Personal Data and Its Protection (Қазақстан Республикасының 2013 жылғы 21 мамырдағы № 94-V Заңы Дербес деректер және оларды қорғау туралы)
According to Art. 25.2(10) of Law No. 94-V, an owner and/or operator of a personal data database, which is a legal entity, should appoint a person responsible for organising the processing of personal data (this requirement does not apply to the activities of courts). According to Art. 25.3, such a person is entrusted with the following duties:
- Exercise internal control over observance by the owner and/or operator of a personal data database and its employees of Kazakh law requirements in relation to personal data and its protection;
- Inform the employees of an owner and/or operator of the provisions of Kazakh law with respect to processing and protection of personal data;
- Exercise control over receipt and processing of applications from personal data subjects or their legal representatives.
Coverage Horizontal

KAZAKHSTAN

Since July 2004, as amended in July 2019, last amended in September 2022

Pillar Domestic data policies  |  Sub-pillar Requirement to allow the government to access personal data collected
Law of the Republic of Kazakhstan of July 5, 2004 No. 567-II "On Communications" (Қазақстан Республикасының 2004 жылғы 5 шілдедегі N 567 Заңы Байланыс туралы)
In July 2019, the government introduced the Qaznet Trust Certificate under the Law on Communications, a machine-in-the-middle (MITM) technology that enables it to monitor users’ online activities. The certificate requires every internet user in the country to install a backdoor, allowing the government to conduct surveillance. This allows the government to conduct a so-called “man-in-the-middle” attack, which allows the government to intercept every secure connection in the country and see web browsing history, usernames and passwords, and even secure and HTTPS-encrypted traffic.
KazakhTelecom, the country’s largest telecommunications company, has said that citizens are “obliged” to install a “national security certificate” on every device, including desktops and mobile devices.
It is reported that the commentators and experts inside the country and abroad almost unanimously consider the certificate a government-initiated technology for the interception of encrypted user traffic via MITM attacks. Some of the 37 websites that University of Michigan researchers identified as targets of the certificate included Facebook, Gmail, Instagram, Mail.ru, OK, Twitter, VK, and YouTube, suggesting that its purpose was to “surveil users on social networking and communication sites.”
On 21 August 2019, Mozilla and Google simultaneously announced that their Firefox and Chrome web browsers would not accept the government-issued certificate, even if installed manually by users. Later, Apple announced that it would make similar changes to its Safari browser and that the certificate would not be installed. After this, the requirement for the installation of the certificate was postponed.
While required, the certificate appeared to affect a fraction of connections passing through the country’s largest ISP, Kazakhtelecom. This means that some, but not all, of the Kazakh Internet population was affected.
In December 2020, Kazakhstan once again tried to enforce the installation of the certificate. However, the enforcement once again halted after the protest of the major internet browsers. Although not enforced, the provisions for mandatory installation of the certificate remain in Kazakhstan's regulations.
Coverage Telecommunications sector

KAZAKHSTAN

N/A

Pillar Intermediary liability  |  Sub-pillar Safe harbour for intermediaries for copyright infringement
Lack of intermediary liability framework in place for copyright infringements
A basic legal framework on intermediary liability for copyright infringement is absent in Kazakhstan's law and jurisprudence. However, the Agreement on Enhanced Partnership between the EU and the Republic of Kazakhstan, signed in March 2016, provides a safe harbour to European companies under several conditions. According to the agreement, an information intermediary is not liable, for example, if it does not initiate the transfer, if the end-user always takes the initiative, if it does not choose the recipient of the transfer if it does not choose or change the information contained in the transfer if it complies with the conditions of access to information, observes rules for updating information, does not interfere with the lawful use of generally recognised technologies, immediately deletes information or stops access to it, after receiving a notice.
Coverage Internet intermediaries

KAZAKHSTAN

N/A

Pillar Intermediary liability  |  Sub-pillar Safe harbour for intermediaries for any activity other than copyright infringement
Lack of intermediary liability framework in place beyond copyright infringement
A basic legal framework on intermediary liability beyond copyright infringement is absent in Kazakhstan's law and jurisprudence. However, the Agreement on Enhanced Partnership between the EU and the Republic of Kazakhstan, signed in March 2016, provides a safe harbour to European companies under several conditions. According to the agreement, an information intermediary is not liable, for example, if it does not initiate the transfer, if the end-user always takes the initiative, if it does not choose the recipient of the transfer, if it does not choose or change the information contained in the transfer if it complies with the conditions of access to information, observes rules for updating information, does not interfere with the lawful use of generally recognised technologies, immediately deletes information or stops access to it, after receiving a notice.
Coverage Internet intermediaries

KAZAKHSTAN

Since December 2017, entry into force in April 2018

Pillar Intermediary liability  |  Sub-pillar User identity requirement
Law on Amendments and Additions to Certain Legislative Acts of the Republic of Kazakhstan on Information and Communications (Закон Республики Казахстан от 28 декабря 2017 года № 128-VI «О внесении изменений и дополнений в некоторые законодательные акты Республики Казахстан по вопросам информации и коммуникаций» (с изменениями от 24.05.2018 г.))
As per the requirements of the Law on Amendments and Additions to Certain Legislative Acts of the Republic of Kazakhstan on Information and Communications (2017), users have been required to identify themselves using government-issued digital signature technology or SMS verification in order to comment on domestic websites. Failure to enforce the rule after April 2018 can lead to fines. The law requires website operators to make it mandatory for users to enter into a formal agreement before they are permitted to post comments on local websites. The information provided in the agreement needs to be retained by the website and handed over to the authorities whenever asked.
Coverage Domestic websites

KAZAKHSTAN

Since July 2004, as amended in 2016, last amended in September 2022
Since July 2014, last amended in November 2022

Pillar Intermediary liability  |  Sub-pillar Monitoring requirement
Law of the Republic of Kazakhstan of July 5, 2004 No. 567-II "On Communications" (Қазақстан Республикасының 2004 жылғы 5 шілдедегі N 567 Заңы Байланыс туралы)

The Code of the Republic of Kazakhstan «On Administrative Infractions» (Қазақстан Республикасының Кодексі 2014 жылғы 5 шілдедегі № 235-V ҚРЗ Әкімшілік құқық бұзушылық туралы)
Amendments to the Law of the Republic of Kazakhstan on Communications in 2016 obliged ISPs to monitor content passing through their networks and to decide whether to restrict any problematic material. The amendments do not specify how ISPs are to carry out this obligation. The Administrative Code, in force since 2016, imposes fines on ISPs for not complying with censorship orders.
Coverage Internet service

Report issue     Report new measure