It is reported that foreign investors must comply with local content rules, which vary by sector. A certain percentage of local content must be included in goods and technologies produced by companies with foreign investors. In addition, local content rules require that foreign workers not exceed 10% of the total workforce. It is also reported that local content rules are applied inconsistently, creating disincentives for foreign investment.

It is reported that there is a requirement for prior authorisation or licences issued by the Ministry of Trade for all exports. Businesses in Equatorial Guinea have identified this requirement as the most cumbersome part of the trade process. All traders are also required to register with the Ministry of Trade. The country's export regulations and procedures also lack transparency, and official trade data and information are not readily available. These challenges are reported to be problematic for shipping companies, small traders and traders of non-traditional products.

Art. 18 of Law 7/2005 establishes that all telecommunications apparatus, terminals, equipment and systems require a certificate of approval for connection to the network and for the provision of any telecommunications service or activity to be issued in the manner established by regulation of the Regulatory Authority. The same article stipulates that no telecommunications equipment or system may be imported or marketed in any manner whatsoever without the appropriate approval certificate. Within the framework of these legal provisions, the Regulation on the Approval of Telecommunications Equipment, Devices and Systems was adopted in 2012.
Art. 2 of the Regulation on the Approval of Telecommunication Equipment, Devices and Systems in the Republic of Equatorial Guinea establishes the general regime, requirements, procedures, deadlines, characteristics and conditions for the approval of telecommunications equipment, apparatus and systems, as well as their installation in Equatorial Guinea with the objective to avoid electromagnetic interference and to ensure electromagnetic compatibility with other uses of the frequency spectrum. Art. 10 stipulates that the "Oficina Reguladora de las Telecomunicaciones (ORTEL)" may use the following mechanisms to carry out approval processes: technical tests carried out by ORTEL or homologation in laboratories accredited by ORTEL if the equipment or device has not been subject to approval. If the equipment or device has been approved abroad, ORTEL will validate and certify the approval through the recognised certification of a third country. Art. 21 provides that ORTEL acknowledges the validity of technical specifications, certificates of conformity, or documents of compliance with international technical regulations from international organisations and laboratories listed in Annex II of the Regulation.

Chapter I of Title IV of Law No. 1/2017 establishes a safe harbour regime for intermediaries for copyright infringements. According to Art. 35, all providers of Internet communication services and network operators are subject to the regime of responsibility established by this law. The following articles explain the responsibilities of the different service providers:
- Art. 36: Responsibility of network access providers and telecommunications network operators.
- Art. 37: Responsibility of the service provider for temporary copies of data requested by users.
- Art. 38: Responsibility of the provider of data hosting or storage services.
- Art. 39: Responsibility of providers of linking services or search tools.

Chapter I of Title IV of Law No. 1/2017 establishes a safe harbour regime for intermediaries beyond copyright infringements. According to Art. 35, all providers of Internet communication services and network operators are subject to the regime of responsibility established by this law. The following articles explain the responsibilities of the different service providers:
- Art. 36: Responsibility of network access providers and telecommunications network operators.
- Art. 37: Responsibility of the service provider for temporary copies of data requested by users.
- Art. 38: Responsibility of the provider of data hosting or storage services.
- Art. 39: Responsibility of providers of linking services or search tools.

It is reported that Equatorial Guinea's approach to SIM registration requires mobile network operators to collect and store a user's personal information and proof of identity. The relevant legislation could not be found.

Equatorial Guinea has not appended the World Trade Organization (WTO) Telecom Reference Paper to its schedule of commitments as it is not a member of the WTO.

Equatorial Guinea has a telecommunications authority: the Oficina Reguladora de las Telecomunicaciones (ORTEL). However, its decision-making process is not fully independent of the government. Art. 22 of Law 7/2005 establishes ORTEL as a technical advisory body on telecommunications matters, with its own legal personality, under the aegis of the Ministry responsible for telecommunications.

Arts. 27 and 28 of Law No. 1/2016 provide that organisations may not transfer any personal information to countries that fail to provide a legally equivalent level of protection unless the transfer has been previously authorised by the Governing Body for the Protection of Personal Data or under some exceptions, such as consent or contractual necessity. It is reported that the Governing Body for the Protection of Personal Data has not yet been established, and there is no list of legally equivalent countries.

Equatorial Guinea has not joined any agreement with binding commitments to open transfers of data across borders.

Law No. 1/2016 on the Protection of Personal Data provides a comprehensive regime of data protection in Equatorial Guinea. The Data Protection Authority (the Governing Body for the Protection of Personal Data) established by Law No. 1/2016, however, is not yet operational and, as such, many provisions within the Data Protection Law are of limited effect.
Apart from Law No. 1/2016, the Electronic Communications Law (Law No. 2/2016 of 22 July 2016) regulates the domestic handling of data in the framework of electronic communications and networks, as well as several other laws and sectoral directives containing relevant provisions.

According to Art. 1 of the Law on Data Retention in Electronic Communications and Public Communication Networks, providers and operators of electronic communications services and public communication networks must retain the data generated, produced or processed in their activities of electronic communications services or public communication networks. According to Art. 5, these providers must retain the following data: (i) data necessary to trace and identify the origin of communication for fixed network telephony and mobile telephony, Internet access, e-mail and Internet telephony; (ii) data necessary to identify the destination of communication for fixed network telephony and mobile telephony, e-mail and Internet telephony; (iii) data necessary to determine the date, time and duration of a communication; (iv) data necessary to identify the type of communication; (v) data necessary to identify the communication equipment of the users; and (vi) data necessary to identify the location of the communication equipment. According to Art. 9, the obligation of electronic storage of data ceases after one year, computed from the date on which the communication took place, except in cases of particular interest for the criminal investigation, in which case the duration may be extended up to a maximum period of two years through the corresponding court order.

Art. 19 of Law No. 1/2017 provides that information society service providers, registries and domain name registration agents and the owners of domain names are obliged to provide the public authorities with the data requested or required in the exercise of their powers of inspection, control and sanction, as well as when necessary for the investigation of cybersecurity incidents. The need for a court order is not specified in the law. Information society services are defined as any business, activity or product thereof provided electronically for consideration at the request of the recipient or on an unremunerated basis, provided that it constitutes an economic activity for the service provider.

Art. 42 of Law No. 1/2017 states that service providers and recipients shall have an obligation to provide the government with all the information and collaboration necessary for the exercise of their legal powers, allowing their agents and inspecting or controlling personnel access to their facilities, the consultation of any documentation and the manipulation of their electronic equipment, systems and applications. The need for a court order is not specified in the law. Service providers are defined as the natural or legal persons who provide communication or information services via the Internet or the information society.

Art. 41 of the Ministerial Order No. 3/2020 states that the judicial authority and other bodies authorised by Equatoguinean legislation can authorise interception by telecom licence holders, subject to public service obligations. Obligated subjects must configure their equipment in such a way as to facilitate access by authorised agents to all communications transmitted, generated for transmission or received by the subject of a lawful interception, as well as to the traffic data associated with these communications. Also, Art. 42.6 provides that where obliged entities apply compression, encryption, digitisation or any other type of encoding to communications subject to lawful interception, they shall hand over those communications without the effects of such processes, provided that they are reversible. In addition, Art. 42.7 stipulates that interception must take place in real-time. Art. 42.3 also stipulates that the obligated parties must communicate to the authorised agent, among other data, the identity or identities of the subject of the interception measure and the other parties involved in the electronic communication.
According to 6 and Art. 34 of the Ministerial Order, the companies subject to public service obligations include fixed telephony, broadband, 2G, 3G, 4G and 5G mobile telephony and data services. In addition, carrier services for the provision of voice, data and broadband, as well as broadcasting services and their respective networks, are also considered essential.