Database

Browse Database

CAMBODIA

Since May 2018

Pillar Intermediary liability  |  Sub-pillar Monitoring requirement
Inter-ministerial Prakas No. 170
Clause 7 of the Inter-ministerial Prakas No. 170 requires that all Internet Service Providers who operate in Cambodia, have to install software programs and equip themselves with internet surveillance tools to easily filter and block any social media accounts or pages that run their business activities and/or publicize illegally. In addition, Clause 6 establishes that the Ministry of Information should manage information published through electronic system including all news contents or written messages, audios, photos, videos, and/or other means on website and social media by using internet in the Kingdom of Cambodia.
Coverage Internet Service Providers, websites and social media

CAMBODIA

Since May 2018

Pillar Content access  |  Sub-pillar Blocking or filtering of commercial web content
Inter-ministerial Prakas No. 170
According to Clause 7 of the Inter-ministerial Prakas No. 170, the Ministry of Posts and Telecommunication can “block or close the websites and/or social media page which (...) publicize illegally which considered as incitement, breaking solidarity, discrimination, create turmoil by will, leading to undermine national security, and public interests and social order”. Some of the grounds, notably on "national economy", “public interest” and “national security” are not specifically defined and thus could be interpreted broadly, including to discriminate foreign websites and content providers. It is reported that such strict surveillance of social media and the internet has caused online users to stop posting and sharing content.
Coverage Websites and social media

CAMBODIA

Reported in 2018, 2020, 2021

Pillar Content access  |  Sub-pillar Blocking or filtering of commercial web content
Blocking of commercial web content
It is reported that news and other websites are periodically blocked in Cambodia. In the wake of the COVID-19 pandemic, the Cambodian government has reportedly blocked access to news sites. In March 2020, Monoroom.info, a Khmer-language news website based in France, was blocked after it published numerous articles on the impact of the coronavirus in Cambodia. The site was accessible as of April 2021. Also, the Telecommunication Regulator Cambodia (TRC) blocked two websites owned by news outlet TVFB in April 2020. The websites still appeared to be inactive in 2022.

Lastly, in July 2018, a number of independent news websites, including Radio Free Asia (RFA) and Voice of America (VOA), were blocked. The blocks were implemented two days before the general elections. Other blocked websites included Cnrp7.org, Khmer Political.com, Khmersharingnews.com, Camnews.com, Stubes.info, Pinterest.de, Vithyu.com, Freecambodia.org, Apkpure.com, and Imnsj.org.
Coverage News and other websites

CAMBODIA

Since December 2015

Pillar Content access  |  Sub-pillar Blocking or filtering of commercial web content
Law on Telecommunications
Art. 7 of the Law on Telecommunications provides that in the event of “force majeure”, the Ministry of Post and Telecommunications or other relevant ministries may order private telecommunications operators to “take necessary measures.” The Law does not specify the force majeure circumstances compelling discretionary government powers to direct the operation of private companies, or what “necessary measures” may entail. This leaves this provision vulnerable to abuses, including shutting down social networks and other internet-based services.
Coverage Telecommunication sector

CAMBODIA

Reported in 2018

Pillar Intermediary liability  |  Sub-pillar User identity requirement
Identity requirement for SIM cards
Cambodia requires mobile operators to register the identities of consumers. SIM card dealers are being asked to make copies of client's’ national identity cards, passports, or any other valid identity document before activating the SIM card.
Coverage Telecommunications sector

CAMBODIA

Since February 2021

Pillar Domestic Data policies  |  Sub-pillar Minimum period for data retention
Sub-Decree No. 23 on the Establishment of National Internet Gateway
Art. 14 of Sub-Decree No. 23 imposes an obligation on National Internet Gateway (NIG) operators to retain traffic data for a year. National Internet Gateway refers to the gateway where all Internet services must be connected nationally and internationally, and traffic refers to the amount of data that passes through a network in one second of a certain time (Annex 1). It establishes that the Ministry of Post and Telecommunications (MPTC) and Telecommunication Regulator of Cambodia (TRC), if necessary, are mandated to monitor the infrastructure, connections, and equipment of the NIG. NIG operators shall:
- Prepare and maintain technical records, IP Address allocation table, and route identification of traffic transiting through NIG;
- Compile and maintain reports and relevant documents concerning the connections and all Internet traffic;
- Provide other information as required by the MPTC and TRC.
NIG operators shall maintain technical records, IP Address allocation table, and route identification of traffic transiting through NIG for the latest twelve months.
Coverage National Internet Gateway operators

CAMBODIA

Since December 2015

Pillar Domestic Data policies  |  Sub-pillar Requirement to allow the government to access personal data collected
Law on Telecommunications
Art. 6 of the Law on Telecommunications requires that “all telecommunications operators and persons involved with the telecommunications sector shall provide to the Ministry of Post and Telecommunications the telecommunications information and communication technology service data”. In practice, this gives the Ministry unfettered rights to demand that all telecommunications service providers provide data on their service users. This could operate as an obligation for companies to surrender data without the requirement of a judicial warrant or other safeguards protecting the right to privacy.
Art. 97 of the law permits the secret surveillance of any and all telecommunications where it is conducted with the approval of a “legitimate authority.” There is no definition of what constitutes a “legitimate authority,” or the means by which such authority is competent to approve surveillance. This appears to create a power to secretly eavesdrop without any public accountability or safeguards to protect individuals’ right to privacy.
Coverage Telecommunications sector

CAMBODIA

Since February 2021

Pillar Domestic Data policies  |  Sub-pillar Requirement to allow the government to access personal data collected
Sub-Decree No. 23 on the Establishment of National Internet Gateway
Some articles of Sub-Decree No. 23 could mean the existence of requirements to provide the government with direct access to personal data collected. Art. 14 establishes that the Ministry of Post and Telecommunications (MPTC) and Telecommunication Regulator of Cambodia (TRC), if necessary, are mandated to monitor the infrastructure, connections, and equipment of the National Internet Gateway (NIG). NIG refers to the gateway where all Internet services must be connected nationally and internationally (Annex 1). NIG operators shall:
- Prepare and maintain technical records, IP Address allocation table, and route identification of traffic transiting through NIG;
- Compile and maintain reports and relevant documents concerning the connections and all Internet traffic;
- Provide other information as required by the MPTC and TRC.

NIG operators shall maintain technical records, IP Address allocation table, and route identification of traffic transiting through NIG for the latest twelve months. Traffic refers to the amount of data that passes through a network in one second of a certain time (Annex 1). It is reported that Art. 14 means the operator(s) of the NIG can track the activities of all internet users in Cambodia, including a user’s browser as well as unencrypted search history for up to one year. On the other hand, Art. 13 imposes an obligation on NIG operators to report and monitor traffic data and submit monthly, quarterly, semesterly, third-quarterly, and annual traffic report within seven days after the end of each month, quarter, semester, third-quarter and year to both MPTC and TRC. It is reported that the Sub-Decree poses risks to data protection and data privacy, requiring gateway operators to retain and share metadata.
Coverage National Internet Gateway operators
Sources

CAMBODIA

N/A

Pillar Cross-border data policies  |  Sub-pillar Participation in trade agreements committing to open cross-border data flows
Lack of participation in agreements with binding commitments on data flows
Cambodia has not joined any agreement with binding commitments to open transfers of data across borders.
Coverage Horizontal

CAMBODIA

Since May 2021
Since December 2021

Pillar Domestic Data policies  |  Sub-pillar Framework for data protection
Law on Electronic Commerce

Sub-Decree No. 252
There is no comprehensive data protection regime in Cambodia, although there are some general laws on privacy protection in the 2010 Constitution of the Kingdom of Cambodia (Art. 40), the 2007 Civil Code (Art. 10), the 2009 Penal Code (Arts. 301, 302, 314, 318 and 427) and the Telecommunications Law (Art. 56). Also, the Law on Electronic Commerce provides for some measures to protect consumer data collected in electronic communication. Art. 32 of this law prohibits the interference, access, retrieval, copying, extraction, filtering, deletion, or modification of data in the custody of another person without permission or in a malicious manner. Sub-Decree No. 252 on the Management, Use, and Protection of Personally Identifiable Data is the only legislation specifically addressing personal data protection in Cambodia. However, it is limited in scope as it only applies to personally identifiable data belonging to the Ministry of Interior (MOI), i.e., it does not cover all personally identifiable data.
Coverage Horizontal

CAMBODIA

Since June 2007

Pillar Domestic Data policies  |  Sub-pillar Minimum period for data retention
Law on Customs
Art. 51 of the Law on Customs states that traders and government agencies must keep accurate documents, records, and other information, including information in electronic format, pertaining to import and export of goods for a period of 10 years.
Coverage Horizontal

CAMBODIA

N/A

Pillar Telecom infrastructure and competition  |  Sub-pillar Functional/accounting separation for operators with significant market power
Lack of functional separation and accounting separation
There is no requirement for functional or accounting separation for operators with significant market power.
Coverage Telecommunications sector

CAMBODIA

Since December 2015

Pillar Telecom infrastructure and competition  |  Sub-pillar Other restrictions to operate in the telecom market
Law on Telecommunications
The Law on Telecommunications sets the Telecommunication Regulator of Cambodia (TRC) to have autonomy in administrative and regulatory matters for the telecommunications sector and are in charge of licences to engage in telecommunications operator services. The Ministry of Posts and Telecommunications (MPTC) is responsible for networks and infrastructure supporting the telecommunication sector. Art. 17 of the Law on Telecommunications regulates a unified (multi-service) licenses by TRC for the followings: construction and/or providing services for utilization of telecommunications infrastructures and networks; providing telecommunications services; and other operation as defined by Prakas of MPTC based on the proposal of TRC.

A license is required from the TRC/MPTC for the provision of: mobile telecommunications services, fixed-line telecommunications services, VOIP services, Internet service provider (ISP), telecommunications-type approval form, national numbering plan, access code, public switched telephone network (PSTN), and Internet cafés. TRC/MPTC grant licenses and set the terms and conditions on a case-by-case basis, but there are some customary licensing terms and steps including: (i) license terms of between 10 to 30 years onward (with some renewability); (ii) license fees based on a combination of a percentage of gross revenue (the percentage usually increases throughout the license) plus a percentage of dividend sharing; and (iii) there may be inter-connection fees, an annual frequency charge fee, micro-wave license fees, etc., applicable on a case-by-case basis. The percentage of revenue and dividends to be shared increases incrementally and reaches around 10% over 10 years. Older licensees sometimes have to pay a higher revenue share. Licensees that have some fixed-network capability or carry international traffic may also be required to share up to 50% of their gross revenue with the MPTC or TRC.
Coverage Telecommunications sector

CAMBODIA

Since September 2005
Since June 1996

Pillar Telecom infrastructure and competition  |  Sub-pillar Maximum foreign equity share for investment in the telecommunication sector
Sub Decree No.111 ANK/BK on the Implementation of the Law on the Amendment to the Law on Investment of the Kingdom of Cambodia

Law on the General Status of Public Enterprise
Sub Decree No.111 ANK/BK stipulates that Cambodia permits full foreign ownership in the telecommunication sector. However, Art. 3 of Law on Public Enterprise states that the Cambodian government must directly or indirectly hold more than 51% of the capital or the right to vote in state-owned enterprises. Given that Telecom Cambodia, the principal telecom company in Cambodia, is fully state-owned, some restrictions apply.
Coverage Telecommunications sector

CAMBODIA

Since 2005

Pillar Telecom infrastructure and competition  |  Sub-pillar Presence of shares owned by the government in telecom companies
Presence of shares owned by the government in telecom sector
Telecom Cambodia, the principal telecom company in Cambodia, is fully state-owned.
Coverage Telecommunications sector