The indicator "7.2.4 - Government Internet shut down in practice" of the V-Dem Dataset, which measures whether the government has the technical capacity to actively make internet service cease, thus interrupting domestic access to the internet or whether the government has decided to do so, has a score of 3 in Bhutan for the year 2025. This corresponds to "Rarely but there have been a few occasions throughout the year when the government shut down domestic access to Internet."

According to Sections 90–93 of the Information, Communications and Media Act, no person shall own or operate an ICT facility, or provide any ICT service, without a valid licence. Section 464 of the Act defines the scope of ICT services, including: (i) broadcasting services, such as mobile satellite and subscription broadcasting; (ii) information technology services, such as webcasting, e-mail, and other electronic services; (iii) Internet Protocol (IP) telephony; (iv) digital library and commercial information services; (v) network-based information and related specialised professional services provided electronically; and (vi) public switched data and other similar services. The Rules and Regulations on ICT Facilities and Services in Bhutan provide further information about this license.

According to Sections 90–93 of the Information, Communications and Media Act, no person shall own or operate a media facility, or provide any media service, without a valid licence. This requirement includes online media as defined in Section 464.

According to Section 6 of the Guidelines for Licensing of Over-the-Top (OTT) Services, individuals or entities with a valid start-up licence may establish and operate an OTT platform for up to five years. Before the end of this period, OTT providers must apply to the Authority for an ICT service licence, valid for 5 years and subject to agreed terms and conditions. Licensed telecom and internet service providers are not required to obtain a separate licence to operate OTT services, but must comply with the Guidelines and seek prior approval from the Authority.

Annex I, point (p) of the "Payment Aggregators and Payment Gateways Guidelines 2020" stipulates that entities must adopt preventive measures to ensure that data is not stored on infrastructure subject to external jurisdictions. This requirement is mandatory for payment aggregators and recommended for payment gateways. Under Section 3, payment aggregators are defined as entities that enable e-commerce platforms and merchants to accept various payment instruments from customers, thereby facilitating the completion of payment obligations without necessitating merchants to develop their own payment integration systems. On the other hand, payment gateways are entities that provide the technological infrastructure to route and facilitate the processing of online payment transactions, without engaging in the handling of funds.
Section 10 of the "Data Residency Policy for Payment Systems Data 2021" provides that a payment service provider may store its payment data either on‑premises or in the cloud, provided that any transfer of payment data outside the country is subject to the prior written approval of the Authority. The Authority shall prescribe the specific terms and conditions for such approval.

Bhutan has not joined any agreement with binding commitments to open transfers of data across borders.

Bhutan does not currently implement a comprehensive legal framework governing the protection of personal data. Instead, it relies on sector-specific laws. The Information, Communications and Media Act provides a rudimentary basis for data privacy; however, its scope remains markedly limited in addressing broader privacy concerns.

The Information, Communications and Media Act of Bhutan 2018 imposes sector-specific data retention obligations on broadcasting licensees through Section 188, which mandates that licensees retain recordings of every programme broadcast for a minimum of six months and produce them upon request for regulatory scrutiny. This duty applies to broadcasting companies that obtained a valid licence from the Bhutan InfoComm and Media Authority (Section 178). Section 464.8 defines a “broadcasting service” as “an ICT service for providing broadcasting to persons having appropriate equipment, including broadcasting receiving apparatus, for receiving that service regardless of the means of delivery of that service, but does not include: a service (including a teletext service) that provides only data, or text (with or without associated still images); or a service that makes programmes available on demand on a point-to-point basis, including a dial-up service; or a service, or a class of services, that the Authority may determine and notify as not being a broadcasting service.”

Pursuant to Section 363 of the Information, Communications and Media Act, an internet service provider (ISP) shall not incur liability for merely storing content generated by third parties and made publicly accessible, provided that: (i) the ISP has no actual knowledge of any illegality associated with such content; (ii) it is not aware of facts or circumstances from which such illegality may reasonably be inferred; (iii) upon acquiring such knowledge or awareness, it acts expeditiously to remove or disable access to the content; or (iv) it lacks the technical capacity or cannot reasonably be expected, in the circumstances, to prevent public access. Section 364 further states that an ISP shall not be held liable for third-party content that is merely transmitted or routed through its systems to facilitate public access, provided it does not initiate the transmission, select the recipient, or alter the information transmitted. In addition, Section 368 permits any party who believes that material is being used without the authorisation of the copyright owner or their agent to notify the ISP of the alleged infringement.
Section 464.63 defines an ISP as any natural or legal person, or association thereof, that provides individuals and businesses with internet access and may also offer other internet-based services.

It is reported that the enforcement of intellectual property (IP) rights in Bhutan faces persistent constraints, including limited institutional infrastructure, low legal awareness, and resource limitations. The Department of Media, Creative Industry, and Intellectual Property under the Ministry of Industry, Commerce and Employment (MoICE) is responsible for IP registration and enforcement functions, but public awareness and enforcement capacity are still developing. Copyright infringement is also reported to be widespread. For example, Samuh, an over-the-top (OTT) video streaming platform serving Bhutanese audiences domestically and abroad, has reported extensive unauthorised redistribution of its content via social media platforms such as Telegram, WeChat, Facebook, and TikTok, resulting in substantial economic losses.

Bhutan has not signed the World Intellectual Property Organization (WIPO) Copyright Treaty.

Bhutan has not signed the World Intellectual Property Organization (WIPO) Performances and Phonograms Treaty.

Bhutan lacks a comprehensive regime for the protection of trade secrets.

According to Section 51 of the Bhutan Information, Communications and Media Act 2018, the Bhutan InfoComm and Media Authority (BICMA) is mandated to regulate the interconnection and sharing of infrastructure and facilities between or among telecom facility providers. The Rules and Regulations on ICT Infrastructure Sharing 2019 further detail these obligations, requiring service providers to share passive infrastructure with other licensed providers on a “first-come, first-served” basis, and to publish on their websites detailed information regarding infrastructure available for sharing. Infrastructure sharing must be formalised through a written agreement grounded in the principles of neutrality, transparency, non-discrimination, and fair competition. A copy of the agreement must be submitted to BICMA within one month of its signing.

Section 5 of the Foreign Direct Investment Regulations 2025 distinguishes between: (1) “Priority Sector Activities” in the manufacturing and service sectors listed in Schedules I and II; and (2) “Other Activities” not listed in those Schedules. As the telecom sector is not explicitly included in the schedules, it falls under the “Other Activities” category, for which the maximum foreign investor shareholding is capped at 74% equity (section 7).