A technology company entering Uzbekistan discovers. often too late. that its standard AI deployment contract, software licensing terms, and data processing agreements are built on legal assumptions that do not map cleanly onto Uzbek law. What appears to be a routine market-entry step becomes a multi-layered compliance exercise spanning digital services regulation, algorithmic accountability obligations, and cross-border data transfer rules.
AI and technology law in Uzbekistan is governed by a developing but rapidly evolving body of digital legislation, covering software liability, technology licensing, data localisation, and the regulatory conditions for deploying automated systems. International businesses must register digital services, comply with local data storage requirements, and structure technology agreements in accordance with Uzbek commercial legislation before launching operations. Regulatory review timelines range from several weeks to several months depending on the type of technology and the applicable licensing regime.
This page sets out the key legal instruments, procedural requirements, common pitfalls, cross-border considerations involving Russia and the EU, and a self-assessment checklist for technology companies considering or already operating in Uzbekistan.
The regulatory environment for AI and technology in Uzbekistan
Uzbekistan has moved deliberately to build a digital economy legal system over the past several years. The country's technology legislation covers e-commerce, electronic signatures, information security, personal data protection, and the licensing of certain digital services. A dedicated state agency oversees information technology development and digital transformation policy. Its decisions directly affect how foreign technology companies structure their market entry, data operations, and software deployments.
Under Uzbekistan's data protection legislation, personal data of Uzbek citizens must be stored on servers located within the country. This data localisation requirement applies to any digital service collecting or processing such data – including AI-powered platforms, recommendation engines, and SaaS products. Failure to localise data before launch is one of the most frequently encountered compliance failures by international technology businesses entering the market.
Uzbekistan's broader digital legislation also addresses electronic transactions, the legal status of electronic documents, and the enforceability of digital signatures. These provisions are directly relevant to technology licensing and software-as-a-service agreements. A contract that relies on electronic execution must satisfy local requirements to be enforceable before Uzbek courts or in domestic arbitration.
Algorithmic accountability is an emerging concern. Uzbekistan does not yet have a comprehensive AI-specific statute analogous to the EU's AI Act. However, sector-specific requirements – particularly in financial services, healthcare, and public procurement – impose obligations on entities using automated decision-making tools. Practitioners advising in this space note that regulatory expectations in these sectors are tightening. Additionally. Businesses deploying AI systems in regulated industries should not assume that the absence of an explicit AI law means the absence of compliance obligations.
The risk of inaction is concrete. Deploying a technology product or AI system in Uzbekistan without addressing data localisation, software liability allocation. Additionally. Applicable licensing requirements can result in blocking of the service, administrative fines, and. in the case of regulated sectors – suspension of operating permissions. These consequences can take weeks to reverse and often require renegotiation of commercial arrangements that were drafted without Uzbek law in mind.
Key legal instruments and procedures for technology businesses
Technology companies operating in Uzbekistan typically require a combination of corporate, commercial, and regulatory instruments. The structure depends on the type of technology deployed, the nature of the client base, and whether the company is providing B2B or B2C services.
Software licensing agreements must be adapted to Uzbek commercial legislation. A licence agreement drafted under English or German law will not automatically be recognised in its original form. The agreement must address the governing law choice, jurisdiction for disputes, and – critically – whether intellectual property rights are being licensed or assigned. Uzbekistan's intellectual property legislation draws a clear distinction between these categories, and mischaracterisation creates both tax and legal exposure. For a broader view of IP protection instruments available in Uzbekistan, see our overview of intellectual property law in Uzbekistan, which covers trademark, copyright, and trade secret protections relevant to technology businesses.
Technology service agreements covering SaaS, cloud services, API access, and data processing must include provisions on data localisation compliance, liability caps, and service level obligations. Uzbek courts apply local consumer protection rules to B2C technology services. These rules impose mandatory warranty obligations and liability standards that cannot be contracted out. Many international technology companies underestimate this exposure and draft agreements that would be enforceable in their home jurisdiction but are unenforceable or partially void in Uzbekistan.
Digital services licensing applies to certain categories of activity. Payment processing, financial data aggregation, telecommunications-adjacent services, and platforms handling personal data of more than a defined threshold of users may require prior authorisation or notification. The applicable authority depends on the service category. Timelines for obtaining authorisation range from four to twelve weeks in straightforward cases. Complex or novel technology services – particularly those using AI for automated financial or health-related decisions – may require extended review and additional technical documentation.
Software liability is addressed primarily through contract in Uzbekistan, but courts have applied general civil liability rules to software defects causing loss to third parties. This is particularly relevant for AI systems operating in domains where errors carry real-world consequences: logistics automation, credit scoring, medical diagnostics support, and similar applications. The liability exposure is not limited to direct contractual counterparties. Businesses deploying such systems should ensure that their software liability terms, indemnification chains, and insurance arrangements are calibrated to the Uzbek legal context, not just the originating jurisdiction.
Electronic signature and document requirements must be satisfied for technology agreements executed digitally. Uzbek legislation recognises enhanced electronic signatures in specific formats. A standard DocuSign or similar Western platform execution may not satisfy Uzbek requirements for enhanced signature status. This affects both the enforceability of the agreement itself and the validity of notices and amendments sent electronically during the contract term.
To receive a tailored assessment of your technology compliance obligations in Uzbekistan, contact us at info@ferrazwhitmore.com.
Practical pitfalls for international technology clients
International technology businesses entering Uzbekistan consistently encounter the same categories of legal difficulty. Understanding these pitfalls in advance reduces both the cost and the time required to achieve operational compliance.
Data localisation underestimated at product design stage. Companies often begin Uzbek market development using global infrastructure without assessing whether their architecture can support local data storage. By the time the compliance obligation becomes apparent – frequently when a regulator or enterprise client raises the issue – the business has already committed to technical and commercial arrangements that are difficult to reverse. Addressing data storage requirements before product launch, not after, is the operationally sound approach.
Relying on English-law governing clauses without local analysis. Choosing English law as the governing law for a technology agreement does not insulate a business from mandatory Uzbek rules that apply regardless of contractual choice. Consumer protection, data protection, and employment-related technology provisions are mandatory. Courts in Uzbekistan apply these rules directly, even when parties have agreed to foreign law and foreign jurisdiction.
Assuming EU AI Act compliance transfers directly. A company that has structured its AI system for EU AI Act compliance may assume that Uzbekistan. which is observing EU regulatory developments with interest. will accept the same compliance posture. This assumption is premature. Uzbekistan is developing its own regulatory expectations, which reflect both Russian-adjacent regulatory traditions and selective adoption of international standards. The overlap with EU AI Act compliance is partial, not complete.
IP ownership gaps in software development contracts. When a foreign company engages Uzbek software developers or a local technology partner, the IP ownership position must be specified explicitly in the agreement. Uzbek intellectual property legislation contains provisions on employer ownership of works created in the course of employment, but these do not automatically extend to independent contractors. Without a clear assignment clause, the developer may retain rights that limit the foreign company's ability to commercialise, licence, or sell the software.
Underestimating the role of the digital economy authority. Regulatory engagement in Uzbekistan is not purely formal. The digital economy authority plays an active role in shaping deployment conditions for novel technology products. Early engagement – before launch, not in response to a regulatory inquiry – is consistently more productive. Technology companies that treat regulatory engagement as optional until something goes wrong typically face longer resolution timelines and more restrictive outcomes than those that engage proactively.
Cross-border considerations: Russia and EU dimensions
Uzbekistan sits at the intersection of two significant technology regulatory spheres. Its commercial and technological relationships with Russia remain extensive. Its aspirations toward international standards – including alignment with EU digital regulation – are reflected in its legislative trajectory. Both dimensions create specific cross-border legal considerations for technology businesses.
Russia dimension. Many technology companies operating in Uzbekistan have existing relationships with Russian technology providers, developers, or distribution partners. Since 2022, these relationships carry additional compliance risk for businesses subject to EU or US sanctions regimes. A technology company with EU or US investors or operations must carefully assess whether technology transfer, software licensing. Alternatively. Data sharing with Russian-connected parties creates sanctions exposure. even when the immediate transaction is framed as Uzbek. For a comparative view of the technology law environment in that adjacent jurisdiction, our analysis of AI and technology law in Russia addresses the specific regulatory instruments and enforcement context relevant to that market.
EU dimension. Uzbek companies seeking to provide digital services into EU markets. or foreign companies using Uzbekistan as part of a cross-border service chain. face EU data protection requirements. AI Act obligations. Additionally, digital services rules that apply at the EU end of the transaction. Algorithmic accountability requirements under EU law do not disappear because the AI system originates from or is hosted in a non-EU jurisdiction. Compliance must be structured end-to-end.
Technology licensing flows. Multinational technology groups often licence software from a central IP holding entity – frequently located in Luxembourg, the Netherlands, or Ireland – to local operating entities, including Uzbek subsidiaries or distributors. The royalty flows created by this structure have both tax and regulatory implications in Uzbekistan. Technology licensing fees paid to foreign related parties are subject to withholding tax under Uzbek tax legislation, and the applicable rate may be modified by the relevant tax treaty. Structuring the licence correctly from the outset avoids both over-withholding and the risk of challenge by Uzbek tax authorities.
Arbitration and enforcement. Technology disputes in Uzbekistan may be referred to international arbitration if the parties have agreed to it. Uzbekistan is a party to the New York Convention on the Recognition and Enforcement of Foreign Arbitral Awards. A well-drafted arbitration clause in a technology agreement provides meaningful protection for foreign businesses. However, the choice of seat, institution, and governing law must be consistent with Uzbek legislation on arbitrability. Disputes involving state entities or regulated services may face additional constraints on arbitration. A detailed breakdown of company formation and operational structure options is available in our guide to company formation in Uzbekistan, which addresses the structural choices relevant to technology market entry.
To explore legal options for your cross-border technology or AI deployment strategy in Uzbekistan, schedule a consultation at info@ferrazwhitmore.com.
Self-assessment checklist for technology businesses in Uzbekistan
AI and technology law services in Uzbekistan are applicable to your situation if one or more of the following conditions apply:
- Your business collects, processes, or stores personal data of Uzbek residents through any digital product or service
- You are licensing software or AI systems to Uzbek businesses, government entities, or consumers
- Your technology product involves automated decision-making in a regulated sector such as finance, healthcare, or logistics
- You have engaged or plan to engage Uzbek software developers, data scientists, or technology partners
- Your cross-border service chain includes data flows between Uzbekistan and Russia, the EU, or other jurisdictions
Before initiating operations or signing technology agreements in Uzbekistan, verify the following:
- Data storage architecture has been assessed for localisation compliance before product launch
- Software licensing and service agreements have been reviewed under Uzbek commercial legislation, not only the home-jurisdiction law
- IP ownership in any locally developed or customised software is explicitly addressed in written agreements
- Electronic signature formats used in your agreements satisfy Uzbek requirements for enhanced electronic signature status
- Any regulated digital service requiring prior authorisation has been identified, and the applicable timeline has been factored into the market-entry plan
- Sanctions screening has been conducted for any Russia-connected technology relationships in the Uzbek operational context
- The dispute resolution clause in your technology agreements is consistent with Uzbek arbitration legislation and specifies a recognised international seat and institution
Frequently asked questions
Q: How long does it take to obtain digital services authorisation in Uzbekistan?
A: Timelines vary by service category. Standard digital services that require only notification or registration typically take two to four weeks. Services requiring substantive regulatory review – including AI-powered financial, health, or public-sector tools – may take three to six months or longer. Building regulatory review time into the market-entry plan, rather than treating it as an afterthought, avoids significant commercial delay.
Q: Is EU AI Act compliance sufficient for operating an AI system in Uzbekistan?
A: No. EU AI Act compliance addresses EU regulatory requirements and does not substitute for Uzbek legal compliance. Uzbekistan is developing its own regulatory expectations for automated systems, informed by a combination of international standards and domestic policy priorities. A company that has structured its AI deployment for the EU market must conduct a separate assessment for Uzbekistan – particularly for systems operating in regulated sectors.
Q: Can a technology company use international arbitration for disputes in Uzbekistan?
A: Yes, in most commercial technology disputes between private parties. Uzbekistan is a party to the New York Convention, and foreign arbitral awards are generally enforceable before Uzbek courts. The arbitration clause must comply with Uzbek procedural requirements, and the agreed seat and institution must be specified clearly. Disputes involving state entities or certain regulated services may face additional restrictions. Engaging a lawyer in Uzbekistan with cross-border arbitration experience is strongly advisable when drafting dispute resolution clauses for high-value technology agreements.
About Ferraz & Whitmore
Ferraz & Whitmore is an international law firm based in Lisbon, advising business clients across 46 jurisdictions. Our AI and technology law practice supports technology companies, institutional investors, and in-house legal teams operating in high-growth and emerging markets, including Uzbekistan and the wider CIS region. We combine Portuguese civil law expertise with English common law tradition to deliver cross-border legal solutions in software licensing, algorithmic accountability, data protection compliance, and digital services regulation. Our team includes practitioners with experience in cross-border technology transactions across both civil law and common law systems, with direct knowledge of the regulatory environments in Uzbekistan, Russia, and the EU. As a law firm in Uzbekistan-focused technology matters, we provide results-oriented counsel for international businesses at every stage – from market-entry assessment to dispute resolution. To discuss your AI or technology compliance situation in Uzbekistan, contact us at info@ferrazwhitmore.com.
Disclaimer: This publication is provided for informational purposes only and does not constitute legal advice. The information herein should not be relied upon as a substitute for professional legal counsel tailored to your specific circumstances. Ferraz & Whitmore assumes no liability for actions taken or not taken based on the contents of this material. For advice regarding your particular situation, please contact info@ferrazwhitmore.com.