Pursuant to Section 17.3 of the Information and Communication Technologies Act 2001 and the Information and Communication Technologies (Clearance to Import ICT Equipment) Regulations 2019, the ICT Authority issued the Clearance to Import ICT Equipment Guidelines, which govern the import of ICT Equipment in Mauritius. ICT equipment belonging to "List B" is subject to a type approval certificate. These include IoT network equipment, satellite equipment, and other telecom equipment.
When applying for type approval, the dealer must specify the type of equipment, make and model of equipment, and operating frequency, and must upload the technical brochure of the equipment and relevant documents certifying that the equipment complies with such standards determined by the Authority, including manufacturer’s Declaration of Conformity, EU-type examination certificate and its annexes as delivered by the Notified Body (an entity designated by the competent authorities of the Member States of the European Union to perform assessment tasks described in the Radio Equipment Directive) involved, and test reports issued by accredited laboratories. The type approval application may then be submitted to the ICT Authority for appropriate onward determination.

It is reported that the de minimis threshold, that is the minimum value of goods below which customs do not charge duties, is MUR 1000 (approx. USD 20), below the 200 USD threshold recommended by the International Chamber of Commerce (ICC). However, this only applies to personal shipments.

The Consumer Protection Act 1991 provides a comprehensive consumer protection framework that applies to online transactions. In addition, Section 18 of the Information and Communication Technologies Act provides that the Authority can entertain complaints from consumers in relation to any information and communication service in Mauritius and, where necessary, refer them to the appropriate authorities. Moreover, the Electronic Transactions Act includes a number of provisions aimed at protecting consumers who enter into electronic contracts (Part IV).

Mauritius has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

The Electronic Transactions Act 2000 establishes a safe harbour regime for intermediaries beyond copyright infringements. In accordance with Art. 9 of the Act, a network service provider shall not be subject to any civil or criminal liability in respect of third-party material in the form of an electronic record to which it merely provides access, where such liability is limited to the creation, publication, dissemination or distribution of such material or any statement made in such material; or the infringement of any rights subsisting in relation to such material. Under the Act, "providing access" in relation to third-party material means providing the necessary technical means by which the third-party material can be accessed.

Under Regulation 5 of the Information and Communication Technologies (Registration of SIM) Regulations, persons and organisations must provide information and documents to an operator or authorised agent if wishing to purchase a SIM or machine-to-machine (M2M) SIM. User identity requirements are as follows:
- Citizens must make an application in the form set out in the First Schedule, which needs to be accompanied by a copy of the National Identity Card or a copy of the personal details of the passport and a recent copy of a utility bill or any other proof of address.
- Non-citizen residents: must make an application in the form set out in the First Schedule, which needs to be accompanied by a copy of the personal details of the passport, the Unique Identification number, a copy of the residence permit or occupation permit, as the case may be, and a recent copy of a utility bill or any other proof of address.
- Tourists: must make an application for a SIM, other than for an M2M SIM, in the form set out in the First Schedule, which needs to be accompanied by a copy of the personal details of the passport, a copy of the visa appearing on the passport, and a copy of the proof of address in Mauritius.
- Public bodies, corporate bodies, companies, Diplomatic Missions or any other organisations: a person duly authorised by that organisation must make an application in the form set out in the Third Schedule, which needs to be accompanied by a letter from that organisation authorising the person to act on its behalf, a copy of the National Identity Card or a copy of the personal details of the passport, a recent copy of the utility bill of that organisation, if applicable, or any other proof of address, and a copy of the Business Registration Card of the organisation, if applicable.

The ICT Authority issued a communique on 1 November 2024 instructing all internet service providers to temporarily suspend access to social media platforms. The suspension was lifted the following day. The ICT Authority based this action on the powers conferred by Section 17.3 and Section 18.1.m of the Act 44/2001 (Information and Communication Technologies Act 2001), which was issued in June 2002 and was last amended in 2021. According to the Act, the ICT Authority is empowered to take measures to regulate or restrict harmful and unlawful content disseminated via the Internet and other communication services.

The indicator "7.2.4 - Government Internet shut down in practice" of the V-Dem Dataset, which measures whether the government has the technical capacity to actively make internet service cease, thus interrupting domestic access to the internet or whether the government has decided to do so, has a score of 3 in Mauritius for the year 2024. This corresponds to "Rarely but there have been a few occasions throughout the year when the government shut down domestic access to Internet."

According to Art. 24.1 of the Information and Communication Technologies Act, a license for "any service involving the use of information and communication technologies" is mandated in the country. In addition, according to Art. 24.5 the Information and Communications Technologies Authority (ICTA) must take into account “the public interest and the likelihood of unfair practice" for the issuance of the license. It is reported that the lack of precise definitions of the terms “public interest” and “unfair practice” might permit denials on virtually any basis that the ICTA desires. Licences can also be denied based on “any element” of national security, pursuant to Section 24.5b.

Under Section 36.1 of the Data Protection Act, a data controller may transfer data abroad only under certain conditions. These include compliance with appropriate safeguards, the explicit consent of the data subject and other cases of necessity of the transfer.
Under Section 36.4 of the Data Protection Act, the Data Protection Commissioner may request a person who transfers data to another country to demonstrate the effectiveness of the safeguards or the existence of compelling legitimate interests and may, in order to protect the rights and fundamental freedoms of data subjects, prohibit, suspend or subject the transfer to such conditions as the Data Commissioner may determine.

Mauritius has not joined any agreement with binding commitments to open transfers of data across borders.

The Data Protection Act applies to all categories of industries and seeks to ensure lawfulness, fairness and transparency such that individuals are well-informed and afforded protection for the confidentiality of their data in order to reduce the growing risks of data leaks. The Data Protection Office is the national data protection authority in Mauritius, and the Data Protection Commissioner (the Commissioner) is responsible for the enforcement of the Act.

Section 34 of the Data protection Act provides for data protection impact assessment where processing operations are likely to result in a high risk to the rights and freedoms of data subjects by virtue of their nature, scope, context and purposes; every controller or processor shall, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data.

Section 25.2 of the Information and Communication Technologies Act allows the Information and Communications Technologies Authority to empower officers to inspect "at all reasonable times" any installation, apparatus or premises relating to a licence without seeking a warrant. The breadth of this power is unclear, given the law’s failure to define “reasonable times”, “inspect”, and what it means for an installation, apparatus or premise to “relate” to a licence. Section 25.3 authorises a similar power but with due process protections, such as requiring a magistrate’s warrant.
Under Section 24.1, a license is granted to a person intending to operate an information and communication network or service. Information and communication technologies are defined as technologies employed in collecting, storing, using or sending out information, including those involving the use of computers or any telecommunication system.

Section 7 of the Data Protection Act states that subject to Section 26 of the Bank of Mauritius Act, Section 64 of the Banking Act, Section 83 of the Financial Services Act, Section 30 of the Financial Intelligence and Anti-Money Laundering Act and Section 81 of the Prevention of Corruption Act, the Commissioner may, by written notice served on a person, request from that person such information as is necessary or expedient for the discharge of its functions and the exercise of its powers under this Act.
Where the information requested by the Commissioner is stored in a computer, disc or cassette, or on microfilm, or preserved by any mechanical or electronic device, the person named in the notice shall produce or give access to the information in a form in which it can be taken away and in which it is visible and legible. It is not stated that a court order is needed to access the data.