HomeFor Tech CompaniesSelling Internationally

Selling Internationally

Laws that attach when you expand beyond the US

Overview ·Federal ·International

Overview

Selling software or services internationally is easier than ever from a logistics standpoint. The legal side is more complicated. When you have customers in another country, that country's laws may apply to your product and business practices — regardless of where your servers are or where your company is incorporated. The most significant obligations typically relate to data privacy, but they're not the only ones. Export controls, consumer protection laws, sector-specific regulations, and local tax obligations all potentially attach.

The practical starting point is understanding your data flows. Where do your customers reside? Where does their data go? Who can access it? For EU customers, GDPR is the primary concern — and it applies to your company even if you've never set foot in Europe. For customers in Brazil, Canada, Japan, South Korea, Singapore, and a growing number of other countries, national privacy laws with similar structures apply. Building a product that works across these frameworks from the beginning is significantly less painful than adapting it later.

Federal Laws

Federal
Export Administration Regulations
EAR
Controls the export and re-export of dual-use items -- commercial goods with potential military applications -- including encryption technology and certain software. Administered by the Bureau of Industry and Security, it requires export licenses for controlled items. Applies to any company exporting technology, software, or technical data outside the United States.

Browse by Country

AustraliaBrazilCanadaCross-BorderFranceGermanyIndiaIrelandIsraelItalyJapanMexicoNetherlandsNew ZealandPolandSingaporeSouth KoreaSpainSwedenUnited Arab EmiratesUnited Kingdom

How Jurisdictions Differ

The key structural difference between GDPR and most other privacy laws is enforcement posture and penalty scale. GDPR fines can reach 4% of global annual revenue — a figure that has produced billion-dollar penalties for large companies. Most other national laws have lower maximum penalties but are increasingly actively enforced. Cross-border data transfer is a particularly complex area — sending personal data from the EU to the US requires a valid transfer mechanism (the EU-US Data Privacy Framework, Standard Contractual Clauses, or Binding Corporate Rules). Similar transfer restrictions exist under UK GDPR, Brazil's LGPD, and others.

Official Resources

Related Articles

More articles coming soon.