Art. 8.1, Clause 9.3, of the Law on Permits lists “using information networks and providing services” as an activity requiring a special permit issued by the Communications Regulatory Commission. Art. 19¹.1 of the Communications Law further clarifies the scope of this category, indicating that it includes IP-based interconnection, data-storage infrastructure, content distribution networks, and virtual network activity between demarcation points.

It is reported that a significant time is required for the processing of export and import documentation at the border. Prolonged processing times for international mail handling have been attributed to the customs clearance procedures administered by the International Mail Centre (IMC) of Mongolian Customs. It is also reported that the UPost system used by the IMC lacks interoperability with the systems of delivery service providers such as Mongol Post, UPC, and DHL, requiring manual data entry.

Under the "Type Approval Regulatory Guidelines for Information and Communication Equipment", the majority of wireless and telecommunications equipment must obtain type approval from the Communications Regulatory Commission of Mongolia (CRC). Section 5.1 stipulates that products must be accompanied by test reports demonstrating compliance with the relevant test standards and limits, in accordance with European Union Standards (EN), issued within 6 years before issuance. These standards include electromagnetic compatibility requirements. In addition, Section 6.5 states that if the CRC is unable to conduct testing and evaluation due to insufficient measurement capabilities or human resources, it may seek assistance from other governmental organisations of similar status, testing institutions, university laboratories, or accredited laboratories in foreign countries.

The Law of Mongolia on Personal Data Protection provides a comprehensive regime of data protection in Mongolia. It governs matters pertaining to personal privacy and regulates the collection, processing, use, and security of individuals’ personal data. The Law designates the National Human Rights Commission of Mongolia and the Ministry of Digital Development and Communications as the supervisory authorities responsible for overseeing compliance.
Other relevant legislation includes the Law of Mongolia on Cyber Security, the Law of Mongolia on Electronic Signature, and the Law of Mongolia on Public Information Transparency, all of which came into effect concurrently with the Law on Personal Data Protection. In addition to these overarching regulations, Mongolia’s data protection framework is supplemented by sector-specific legislation in the healthcare and financial sectors.

Pursuant to Art. 17.1.3 of Mongolia’s Law on Cybersecurity, legal persons providing information technology services for the processing, storage, distribution, computer analytics, and normal operation of shared information systems in cyberspace must retain information-system activity logs for the period specified in the common cybersecurity procedure. Similarly, under Art. 19.2.9, organisations with critical information infrastructure must retain information-system activity logs for the period prescribed by that procedure.
Government Decree No. 06/2023, which establishes the Cyber Security General Procedure, specifies both the required log content and retention periods. Under Section 4.16, covered organisations must retain logs of access attempts and successful access, privileged access, password changes, changes to or deletions of logs, and the granting, modification, or revocation of access rights. Section 4.17 further requires logs to identify, inter alia, the user name or ID, date, accessed address or device information, access duration, action performed, and result of the action. Finally, Section 4.19 sets minimum retention periods, including at least six months for legal persons and at least one year for organisations with critical information infrastructure.

Pursuant to Art. 20.1.5 of the Law on Personal Data Protection, the data controller and data processor are required to conduct a risk assessment to ensure the security of data processing operations.

Mongolian law and jurisprudence lack a fundamental legal framework governing intermediary liability for copyright infringement. Art. 52 of the Law on Copyright merely stipulates that internet service providers, aggregators, website owners, telecommunications service providers, broadcasting organisations, and multi-channel transmitters must facilitate the receipt of reports concerning copyright and related rights infringements. Additionally, they are obligated to suspend or terminate the unlawful use of copyrighted works and related rights on their networks upon receiving such reports.

Mongolia has adopted the World Intellectual Property Organization (WIPO) Copyright Treaty. The treaty was signed on 20 December 1996, ratified on 25 July 2002 and came into effect on 25 October 2002.

Mongolia has adopted the World Intellectual Property Organization (WIPO) Performances and Phonograms Treaty. The treaty was signed on 20 December 1996, ratified on 25 July 2002 and came into effect on 25 October 2002.

Mongolia lacks a comprehensive legal framework for the effective protection of trade secrets. Nevertheless, certain limited provisions address specific aspects of trade secret protection, including those found in the Law of Mongolia on Organisation Secrets. Similar measures are also present in the Law of Mongolia on Competition, which includes regulations concerning unfair competition, such as the misappropriation of trade secrets.

There is no obligation for passive infrastructure sharing in Mongolia to deliver telecom services to end users. However, it is practiced in the mobile sector and in the fixed sector based on commercial agreements.

The leading companies in Mongolia’s telecommunications sector include state-owned and state-dominated entities such as the Information Communication Network Company (NETcom) and Mongolian Telecom (officially, Mongolian Telecommunications Corporation JSC). The government fully owns NETcom, which operates the country’s integrated fibre optic cable network. It also holds a 94.7% stake in Mongolian Telecom, with the remaining 5.3% owned by a mix of foreign and domestic individuals and legal entities.

Mongolia does not mandate functional or accounting separation for operators with significant market power (SMP) in the telecom market.

Mongolia has appended the World Trade Organization (WTO) Telecom Reference Paper to its schedule of commitments.

It is reported that the Communications Regulatory Commission, the executive authority for the supervision and administration of services in the telecommunications sector, is independent from the government in the decision-making process.