International laws and standards

A global application sold to international markets must conform to the laws and standards of each market and business. To understand your risks and obligations, you should consult an expert. Here are some basic guidelines to get you started.

Security

With the proliferation of support for languages, scripts, and glyphs, software internationalization has a direct impact on security. For example, you might consider validating user-supplied URLs to avoid IDN homograph attacks. To learn about the security engineering practices used at Microsoft to build and operate highly secure apps and services, see Microsoft Security Engineering.

Privacy and international law

Privacy is an important consideration in many countries and regions. For example, the General Data Protection Regulation (GDPR) in the European Union (EU) applies to anyone doing business in or with the EU. See EUR-Lex -32018R1725 for official versions of the regulation. For information about GDPR, and for information about how to fulfill GDPR obligations when using Microsoft products and services, see General Data Protection Regulation Summary.

Intellectual property, copyright, and piracy laws vary widely by market. In many markets, you may be subject to legal action if you violate local laws. Some countries and regions have signed international copyright laws, such as the TRIPS Agreement 1994 and/or the Berne Convention 1928. If using another entity's components—open-source or not—it's important to understand the license agreement associated with that code and to adhere to that agreement. See Intellectual property and open innovation to learn about the multiple modes of intellectual property and open innovation systems that Microsoft relies on.

Encryption declaration

Cryptography laws vary by country and region. Some countries and regions ban encryption in communication. Other countries and regions require a license to use encrypted software, or require that police have decryption keys in case they're needed in an investigation. For example, although encryption in France is perfectly legal, it's subject to strict government control regarding its distribution (supply), import/export, and usage. Your product may need to submit the necessary approvals to the French government prior to shipping to France. See Encryption Control.

Language laws

La Loi de Toubon (Toubon Law) applies to products and services sold in France, no matter which country or region they're from. It requires the use of the French language in:

  • marketing and presentation materials (labels, leaflets, catalogs, brochures, order forms, product sheets, delivery slips)
  • instructions for use (whether on paper, audio, through an online resource, or built into the software)
  • descriptions of the extent and the conditions of guarantee
  • announcements (including advertising) intended for the general public

English and French are a fundamental characteristic of the Canadian identity, and the importance of language rights is clearly recognized in the Canadian Charter of Rights and Freedoms, part of the Constitution Act of 1982. In addition to the requirement that government services be available in both languages, there are further laws that require specific materials to be available in both languages. For example, the Safe Food for Canadians Regulations requires that labels on food must be shown in both languages. For more information, see About official languages and bilingualism. In the province of Québec, French was declared the official language by Bill 96. See National Assembly of Québec: Bill 96 for an explanation of the scope of where French is to be used in Québec.

Other markets have their own laws and new laws are added by countries and regions periodically.

Language reforms

Some markets have local regulatory boards that specify official spelling, grammar, and terminology for a given language. For example, Reform der deutschen Rechtschreibung von 1996 (German orthography reform of 1996) led to a mandate of the use of new spelling rules in schools and public administration. For more information about German orthography, see Rat für deutsche Rechtschreibung (Council for German Orthography).

Entry to market

Some markets may require you to register your software before it can be distributed or sold in that market. The prerequisites and processes vary by market. For example, China requires that software and services support the GB18030 standard.

License terms

For any product that supplies a legal document for licensing, also known as an End-User License Agreement (EULA), you should engage a lawyer that understands the laws of the country or region in which the document will apply. It's probably best to create separate documents for each target country or region, rather than to write one document and translate it for each country or region. If you intend to use the same document in multiple markets, you may need to engage a translation agency that specializes in legal translation to reduce risk to your company.

Laws or standards particular to your program

For applications that target specific functionality—such as taxes or health care—keep in mind that different laws and standards apply and your program may be liable to adhere to those laws. For example, you may need to conform to the US Health Insurance Portability & Accountability Act (HIPAA) regulations, the European Union General Data Protection Regulation (GDPR) regulations, or the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) regulations depending on target markets.