Equatorial Guinea does not mandate functional or accounting separation for operators with significant market power (SMP) in the telecom market.

The government has reportedly blocked access to the internet during periods of political tension.

The licensing regime in the telecom sector is regulated by Law No. 7/2005 and Ministerial Order No. 3/2020. Chapter IV of Law No. 7/2005 contains the regime of concessions and authorisations, which is further detailed in the Ministerial Order. According to Art. 34 of the Ministerial Order, certain telecom activities that are classified as "essential public telecommunications/ICT services" are subject to public service obligations, including financing the universal service and contributing to the Telecommunications Development Fund (Art. 36). Among others, the following are considered essential public telecommunications/ICT services: fixed telephony, broadband, 2G; 3G; 4G; and 5G mobile telephony and data services (Art. 6). Additionally, carrier services for the provision of voice, data, and broadband, as well as broadcasting services and their respective networks, are also considered essential.

Equatorial Guinea has not appended the World Trade Organization (WTO) Telecom Reference Paper to its schedule of commitments as it is not a member of the WTO.

Equatorial Guinea has a telecommunications authority: the Oficina Reguladora de las Telecomunicaciones (ORTEL). However, its decision-making process is not fully independent of the government. Art. 22 of Law 7/2005 establishes ORTEL as a technical advisory body on telecommunications matters, with its own legal personality, under the aegis of the Ministry responsible for telecommunications.

Arts. 27 and 28 of Law No. 1/2016 provide that organizations may not transfer any personal information to countries that fail to provide a legally equivalent level of protection, unless the transfer has been previously authorized by the Governing Body for the Protection of Personal Data or under some exceptions, such as consent or contractual necessity. It is reported that the Governing Body for the Protection of Personal Data has not yet been established and there is no list of legally equivalent countries.

Equatorial Guinea has not joined any agreement with binding commitments to open transfers of data across borders.

Law No. 1/2016 on the Protection of Personal Data provides a comprehensive regime of data protection in Equatorial Guinea. The Data Protection Authority (the Governing Body for the Protection of Personal Data) established by Law No. 1/2016, however, is not yet operational and, as such, many provisions within the Data Protection Law are of limited effect.
Apart from Law No. 1/2016, the Electronic Communications Law (Law No. 2/2016 of 22 July 2016) regulates the domestic handling of data in the framework of electronic communications and networks, as well as several other laws and sectoral directives containing relevant provisions.

According to Art. 1 of the Law on Data Retention in Electronic Communications and Public Communication Networks, providers and operators of electronic communications services and public communication networks must retain the data generated, produced or processed in their activities of electronic communications services or public communication networks. According to Art. 5, these providers must retain the following data: (i) data necessary to trace and identify the origin of communication for fixed network telephony and mobile telephony, Internet access, e-mail and Internet telephony; (ii) data necessary to identify the destination of communication for fixed network telephony and mobile telephony, e-mail and Internet telephony; (iii) data necessary to determine the date, time and duration of a communication; (iv) data necessary to identify the type of communication; (v) data necessary to identify the communication equipment of the users; and (vi) data necessary to identify the location of the communication equipment. According to Art. 9, the obligation of electronic storage of data ceases after one year, computed from the date on which the communication took place, except in cases of particular interest for the criminal investigation, in which case the duration may be extended up to a maximum period of two years through the corresponding court order.

Art. 19 of Law No. 1/2017 provides that information society service providers, registries and domain name registration agents and the owners of domain names are obliged to provide the public authorities with the data requested or required in the exercise of their powers of inspection, control and sanction, as well as when necessary for the investigation of cybersecurity incidents. The need for a court order is not specified in the law. Information society services are defined as any business, activity or product thereof, provided electronically for consideration at the request of the recipient or on an unremunerated basis, provided that it constitutes an economic activity for the service provider.

Art. 42 of Law No. 1/2017 states that service providers and recipients shall have the obligation to provide the government with all the information and collaboration necessary for the exercise of their legal powers, allowing their agents and inspecting or controlling personnel access to their facilities, the consultation of any documentation and the manipulation of their electronic equipment, systems and applications. The need for a court order is not specified in the law. Service providers are defined as the natural or legal persons who provide a communication or information services via the Internet or the information society.

Art. 41 of the Ministerial Order No. 3/2020 states the judicial authority but also other bodies authorised by Equatoguinean legislation can authorize interception by telecom licence holders subject to public service obligations. Obligated subjects must configure their equipment in such a way as to facilitate access by authorised agents to all communications transmitted, generated for transmission or received by the subject of a lawful interception, as well as to the traffic data associated with these communications. Also, Art. 42.6 provides that where obliged entities apply compression, encryption, digitisation or any other type of encoding to communications subject to lawful interception, they shall hand over those communications without the effects of such processes, provided that they are reversible. In addition, Art. 42.7 stipulates that interception must take place in real time. Art. 42.3 also stipulates that the obligated parties must communicate to the authorised agent, among other data, the identity or identities of the subject of the interception measure and of the other parties involved in the electronic communication.
According to 6 and Art. 34 of the Ministerial Order, the companies subject to public service obligations include: fixed telephony, broadband, 2G, 3G, 4G and 5G mobile telephony and data services. In addition, carrier services for the provision of voice, data and broadband, as well as broadcasting services and their respective networks, are also considered essential.

Chapter I of Title IV of Law No. 1/2017 establishes a safe harbour regime for intermediaries for copyright infringements. According to Art. 35, all providers of Internet communication services and network operators are subject to the regime of responsibility established this law. The following articles explain the responsibilities of the different service providers:
- Art. 36: Responsibility of network access providers and telecommunications network operators.
- Art. 37: Responsibility of the service provider for temporary copies of data requested by users.
- Art. 38: Responsibility of the provider of data hosting or storage services.
- Art. 39: Responsibility of providers of linking services or search tools.

Chapter I of Title IV of Law No. 1/2017 establishes a safe harbour regime for intermediaries beyond copyright infringements. According to Art. 35, all providers of Internet communication services and network operators are subject to the regime of responsibility established this law. The following articles explain the responsibilities of the different service providers:
- Art. 36: Responsibility of network access providers and telecommunications network operators.
- Art. 37: Responsibility of the service provider for temporary copies of data requested by users.
- Art. 38: Responsibility of the provider of data hosting or storage services.
- Art. 39: Responsibility of providers of linking services or search tools.

It is reported that Equatorial Guinea's approach to SIM registration requires mobile network operators to collect and store a user's personal information and proof of identity. The relevant legislation could not be found.