Under Regulation 5 of the Information and Communication Technologies (Registration of SIM) Regulations, persons and organizations must provide information and documents to an operator or authorized agent if wishing to purchase a SIM or machine-to-machine (M2M) SIM. User identity requirements are as follows:
- Citizens: must make an application in the form set out in the First Schedule, which needs to be accompanied by a copy of the National Identity Card or a copy of the personal details of the passport, and a recent copy of a utility bill or any other proof of address.
- Non-citizen residents: must make an application in the form set out in the First Schedule, which needs to be accompanied by a copy of the personal details of the passport, the Unique Identification number, a copy of the residence permit or occupation permit, as the case may be, and a recent copy of a utility bill or any other proof of address.
- Tourists: must make an application for a SIM, other than for an M2M SIM, in the form set out in the First Schedule, which needs to be accompanied by a copy of the personal details of the passport, a copy of the visa appearing on the passport, and a copy of the proof of address in Mauritius.
- Public bodies, corporate bodies, companies, Diplomatic Missions or any other organisations: a person duly authorised by that organisation must make an application in the form set out in the Third Schedule, which needs to be accompanied by a letter from that organisation authorising the person to act on its behalf, a copy of the National Identity Card or a copy of the personal details of the passport, a recent copy of the utility bill of that organisation, if applicable, or any other proof of address, and a copy of the Business Registration Card of the organisation, if applicable.

In accordance with Art. 9 of the Electronic Transactions Act 2000, a network service provider shall not be subject to any civil or criminal liability in respect of third party material in the form of an electronic record to which it merely provides access, where such liability is limited to the creation, publication, dissemination or distribution of such material or any statement made in such material; or the infringement of any rights subsisting in relation to such material. Under the Act, "providing access", in relation to third party material, means providing the necessary technical means by which the third party material can be accessed.

Section 7 of the Data Protection Act states that, subject to Section 26 of the Bank of Mauritius Act, Section 64 of the Banking Act, Section 83 of the Financial Services Act, Section 30 of the Financial Intelligence and Anti-Money Laundering Act and Section 81 of the Prevention of Corruption Act, the Commissioner may, by written notice served on a person, request from that person such information as is necessary or expedient for the discharge of its functions and the exercise of its powers under this Act.
Where the information requested by the Commissioner is stored in a computer, disc or cassette, or on microfilm, or preserved by any mechanical or electronic device, the person named in the notice shall produce or give access to the information in a form in which it can be taken away and in which it is visible and legible. It is not stated that a court order is needed to access the data.

Under Section 26 of the Cybersecurity and Cybercrime Act, an investigatory authority can serve a notice on a person who is in possession or control of traffic data for the expedited preservation or disclosure of the traffic data without a warrant. The Act defines an investigatory authority as the police or any other body lawfully empowered to investigate any offence. Traffic data is defined as any computer data relating to a communication by means of a computer system, generated by a computer system that forms a part in the chain of communication, indicating the communication’s origin, destination, route, time, date, size, duration, or type of underlying service.

Section 25(2) of the Information and Communication Technologies Act allows the Information and Communications Technologies Authority to empower officers to inspect "at all reasonable times" any installation, apparatus or premises relating to a licence without seeking a warrant. The breadth of this power is unclear, given the law’s failure to define “reasonable times”, “inspect” and what it means for an installation, apparatus or premise to “relate” to a licence. Section 25(3) authorises a similar power but with due process protections such as requiring a magistrate’s warrant.
Under Section 24(1), a license is granted to a person intending to operate an information and communication network or service. Information and communication technologies is defined as technologies employed in collecting, storing, using or sending out information and include those involving the use of computers or any telecommunication system.

Section 33 of the Banking Act provides that every financial institution must keep in relation to its activities a full and true written record of every transaction it conducts. Every record must be kept for a period of at least 7 years after the completion of the transaction to which it relates. Financial institution is defined as any bank, non-bank deposit taking institution or cash dealer licensed by the central bank.

Section 34 of the Data protection Act provides for data protection impact assessment where processing operations are likely to result in a high risk to the rights and freedoms of data subjects by virtue of their nature, scope, context and purposes, every controller or processor shall, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data.

Mauritius has not joined any agreement with binding commitments to open transfers of data across borders.

The Data protection Act applies to all categories of industries, and seeks to ensure lawfulness, fairness and transparency such that individuals are well informed and afforded protection for the confidentiality of their personal data in order to reduce the growing risks of data leaks. The Data Protection Office is the national data protection authority in Mauritius, and the Data Protection Commissioner (the Commissioner) is responsible for the enforcement of the Act.

Under Section 36(1) of the Data Protection Act, a data controller may transfer data abroad only under certain conditions. These include the compliance with appropriate safeguards, the explicit consent of the data subject and other cases of necessity of the transfer.
Under Section 36(4) of the Data Protection Act, the Data Protection Commissioner may request a person who transfers data to another country to demonstrate the effectiveness of the safeguards or the existence of compelling legitimate interests and may, in order to protect the rights and fundamental freedoms of data subjects, prohibit, suspend or subject the transfer to such conditions as the Data Commissioner may determine. It is reported that the authorities are yet to enforce these principles.

Mauritius has appended the World Trade Organization (WTO) Telecom Reference Paper to its schedule of commitments.

Section 4 of the Information and Communication Technologies Act, provides the establishment of the Information and Communication Technologies Authority. This mission is to promote affordable and adequate access to quality ICT services through functional market-driven competition and regulatory principles in a trouble-free Networked Information and Knowledge Society. It is reported that this entity is autonomous in the decision-making process.

The government holds controlling shares in Mauritius Telecom, the leading provider of voice, mobile, Internet and data communication services in Mauritius. The government owns 33.5% of the shares, while SBM Holdings Ltd, also owned by the government, owns 19% of the shares.

It is reported that Mauritius does not mandate functional or accounting separation for operators with significant market power (SMP) in the telecom market.

Mauritius does not have a comprehensive framework in place that provides effective protection of trade secrets, but there are limited measures addressing some issues related to trade secrets in Sections 4 and 9 of the Protection against Unfair Practices (Industrial Property Rights) Act.