International laws and standards
The legal requirements for your software will vary by market and business. If your software is distributed globally, then it must adhere to all local laws. To understand your risks and obligations, you should consult an expert. Here are some basic guidelines to get you started.
The Security guidelines for international outlines things to consider at the intersection of internationalization and security. For information on security specifically, see Microsoft Security Engineering.
Privacy and international law
Privacy is an important consideration in many countries. Consider the General Data Protection Regulation (GDPR) in the European Union (EU), which applies to anyone doing business in or with the EU. See EUR-Lex -32018R1725 for official versions of the regulation.
Intellectual property, copyright, and piracy
Intellectual property, copyright, and piracy laws vary widely by market. In many markets, you may be subject to legal action if you violate local laws. Some countries have signed international copyright laws, such as the TRIPS Agreement 1994 and/or the Berne Convention 1928 . If using another entity’s components — open-source or not — it is important to understand the license agreement associated with that code and to adhere to that agreement.
Cryptography laws vary by country. Some countries ban encryption in communication, while some require a license to use encrypted software, or require that police have decryption keys in case they are needed in an investigation.
Although encryption in France is perfectly legal, it is subject to strict government control regarding its distribution (supply), import/export, and usage. Your product may need to submit the necessary approvals to the French government prior to shipping to France.
La Loi de Toubon (Toubon Law) applies to products and services sold in France, no matter which country they’re from. It requires the use of the French language in the designation, marketing, presentation (i.e., labels, leaflets, catalogues, brochures, order forms, product sheets, delivery slips, etc.), instructions for use (whether on paper, audio, through an online resource, or built into the software), the description of the extent and the conditions of guarantee, as well as in announcements (including advertising) intended for the general public.
In Canada by its constitution, both French and English are official languages. In addition to the requirement that government services be available in both languages, there are further laws that “places obligations on private actors in Canadian society to provide access to goods or services in both official languages (such as the requirement that food products be labeled in both English and French).”
English and French are a fundamental characteristic of the Canadian identity, and the importance of language rights is clearly recognized in the Canadian Charter of Rights and Freedoms, part of the Constitution Act of 1982. There are laws requiring access to goods or services in both official languages. For more information, please see About official languages and bilingualism.
Other markets have their own laws and new laws are added by countries periodically.
Entry to market
Some markets may require you to register your software before it can be distributed or sold in that market. The perquisites and processes vary by market. For example, China requires that software and services support the national standard: GB18030 code page.
End-User License Agreement (EULA)
For any product that supplies a legal document, such as an End-User License Agreement (EULA), you will need to engage a lawyer that understands EULA legislation, international law, and nuances of providing a document in a particular language that varies in different jurisdictions. For example, English for the United States and the United Kingdom, or French for Canada and France. Additionally, you may need to engage a translation agency that specializes in legal translation to ensure your company does not open itself to risk.
Laws or standards particular to your program
For applications that target specific functionality — such as taxes or health care — keep in mind that different laws and standards apply and your program may be liable to adhere to those laws. For example, you may need to conform to the US Health Insurance Portability & Accountability Act (HIPAA), the European Union (EU) such as GDPR (EUR-Lex -32018R1725 for official versions of the regulation), or Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) depending on the markets you are targeting.