Chapter II of "Decree-Law No. 15/2012 on the Regulation of the Telecommunications Sector" establishes the National Communications Authority as the executive body responsible for overseeing and administering telecommunications services. The Authority is reported to operate independently from the government in its decision-making processes.

Pursuant to Section 2 of Schedule 58 of the "ANC Guidelines on Registration", providers of value-added network application services are required to deliver such services via a service node located within Timor-Leste or through a local access node that is connected to the public telecommunications network. This regulatory stipulation affects the provision of the following categories of services:
- Online information and database services;
- Online information and data processing services;
- Voice information services;
- Electronic broking services;
- Electronic auction services;
- Electronic transaction services, including but not limited to online commerce and online reservation systems;
- Remote computing services;
- Online gaming services;
- Mailbox services, encompassing voice mailboxes, facsimile mailboxes, email mailboxes, and multimedia mailboxes;
- Electronic data interchange services;
- Store-and-retrieve file transfer services;
- Value-added data and messaging services that facilitate end-to-end data transmission by incorporating one or more of the following value-added functionalities: deferred delivery, multi-addressing, content conversion, format conversion, code and protocol conversion, processing of control information (e.g., destination addressing), or any other transformation that enhances, diversifies, or restructures the information delivered to users.

Timor-Leste has not joined any agreement with binding commitments to open transfers of data across borders.

Section 8 and Annex A of the "ANC Guidelines on Registration" specify that certain service providers are ineligible for registration if they are not corporate entities incorporated in Timor-Leste. This restriction applies to cross-border internet-based voice and data services and value-added network application services, either originating from or terminating in Timor-Leste.

Timor-Leste does not yet possess a comprehensive legal framework for personal data protection. However, sector-specific regulations are in place. The legal framework addressing money laundering—namely, Law No. 17/2011 on the Legal Regime Covering the Prevention of and Combat against Money Laundering and the Financing of Terrorism, as amended by Law No. 5/2013—includes provisions on the processing of personal data for client identification purposes. Additionally, Law No. 20/2004 on the National Health System enshrines the right to privacy within both public and private healthcare sectors. Beyond these sectoral statutes, Decree-Law No. 19/2009, which promulgates the Penal Code, establishes criminal sanctions for breaches of privacy, including unlawful intrusions, violations of confidentiality, and the unauthorised interception of correspondence or telecommunications. In addition, the Constitution of Timor-Leste, in effect since May 2002, affirms the fundamental right to privacy under Art. 36. Art. 38 further addresses the protection of personal data, granting citizens the right to access their data, to be informed of the purposes for which it was collected, and stipulating requirements for obtaining consent in relation to the processing of certain categories of personal data.

Timor-Leste does not currently have patent legislation in force. As a result, despite reports of growing demand for patent registration, the country lacks a dedicated legal framework for the protection and enforcement of patent rights. In the absence of formal protection mechanisms, rights holders reportedly rely on cautionary notices published in the local press to notify third parties of asserted rights. Nevertheless, Timor-Leste has prepared a Draft Bill for an Industrial Property Code, which is expected to include patent-related provisions.

There is no comprehensive legal framework or substantive measures to ensure patent protection. Reports indicate that certain international corporations have resorted to publishing notices in local newspapers to assert their patent claims. Pursuant to Art. 19 of the Private Investment Law (Law No. 15/2017), all investors are entitled to the protection of intellectual property rights as recognised by law; however, it does not apply to patents which have yet to be recognised by law. Nevertheless, a Draft Bill on the Industrial Property Code is expected to include provisions on patents.

Timor-Leste is not a signatory of the Patent Cooperation Treaty (PCT).

Timor-Leste has a copyright regime under the Code of Copyright and Related Rights. However, the exceptions do not follow the fair use or fair dealing model, therefore limiting the lawful use of copyrighted work by others. Art. 129 lists the exceptions, including reproduction by a natural person for private use and without commercial intent; use for teaching and educational purposes, provided it is non-commercial and limited to parts of published works; among others. Title IV outlines the legal mechanisms for enforcement, while Title V introduces provisions on technical protection measures and electronic rights management information, including safeguards against the circumvention of effective technological measures.

Timor-Leste has not adopted the World Intellectual Property Organization (WIPO) Copyright Treaty.

Timor-Leste has not adopted the World Intellectual Property Organization (WIPO) Performances and Phonograms Treaty.

Timor-Leste lacks a comprehensive legal framework dedicated to the effective protection of trade secrets. Nonetheless, certain limited provisions exist that address aspects of this issue. Art. 19 of the Private Investment Law (Law No. 15/2017) stipulates that all investors are entitled to the protection of industrial secrets, as well as any other intellectual property rights recognised by law. In a related provision, Art. 184 of the Penal Code (enacted through Decree-Law No. 19/2009) criminalises the unauthorised disclosure of confidential information pertaining to commercial, industrial, professional, or artistic activities. This applies to individuals who acquire such information in their positions, occupations, employment, professions, or artistic engagements. However, prosecution under this provision is contingent upon the lodging of a formal complaint by the aggrieved party.
In addition, a Draft Bill concerning the Industrial Property Code, which is anticipated to include specific provisions on the protection of trade secrets, remains pending enactment.

It is reported that passive infrastructure sharing is not legally mandated in Timor-Leste. Nevertheless, Arts. 38 and 40 of "Decree-Law No. 15/2012 of 28 March 2012 on the Regulation of the Telecommunications Sector" prescribe conditions under which the sharing of cell sites must occur. Despite the absence of a general legal obligation, reports from 2020 indicate that infrastructure sharing is nonetheless practised in both fixed and mobile telecommunications services.

The Government holds shares in Timor Telecom. In 2023, the State became the company’s largest shareholder, increasing its ownership from 20.6% to 77.6%.

Art. 37 of Decree-Law No. 15/2012 stipulates the requirement for accounting separation for telecommunications operators possessing significant market power (SMP). No obligation pertaining to functional separation has been identified.