Malawi has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

The Electronic Transactions and Cybersecurity Act of 2016 establishes a safe harbour regime for intermediaries beyond copyright infringements. Sections 25 to 30 of the Act protect an Intermediary service provider from liability to civil or criminal proceedings for any electronic information under its service provided that it neither initiated transmission of the message nor modified it and that it was not aware of the unlawful character of the stored information. Additionally, protection is provided if the intermediary service provider expeditiously removed or disabled access to the information when served with a takedown notice issued under the Act.

According to Sections 92-94 of the Communications Act of 2016, All SIM cards in Malawi need to be registered on a central database, and a customer’s national identity number needs to be verified when purchasing, replacing, or swapping a SIM card.

According to Section 52-53 of the Electronic Transactions and CyberSecurity Act of 2016, cryptography services or products are required to be registered by the Communications Authority. Additionally, the use, importation, and exportation of encryption programs and encryption products are subject to authorisation by the government.

According to Section 52-53 of the Electronic Transactions and CyberSecurity Act of 2016, cryptography services or products are required to be registered by the Communications Authority. Additionally, the use, importation, and exportation of encryption programs and encryption products are subject to authorisation by the government.

Malawi has not joined any free trade agreement committing to open transfers of cross-border data flows.

Malawi lacks a dedicated data protection law, with only data protection provisions found in the Electronics and Cybersecurity Act of 2016. This Act outlines principles for processing personal data, legal bases for processing activities, data subjects' rights, and the security measures required for data controllers. In March 2018, the Minister of Information and Communication Technology announced plans to enact a standalone data protection law, but it remains in Bill form.

Section 13 of the Access to Information Act mandates information holders to maintain information for a period of seven years from the date on which the information is generated by the institution or on which the information comes under its custody or control. If that information is exempted from disclosure, it may be kept for a longer period. Section 2 establishes that information holder means a public body and a relevant private body, and according to Section 3, this Act shall apply to information in custody or under the control of any information holder listed in the Schedule. Among the information holders to which the Act applies are the institutions and organisations, whether established by or under an Act of Parliament or otherwise, in which the Government hold shares or exercises financial or administrative control and persons in the service of those institutions and organisations, and organisations contracted by Government to do work for the Government and persons in the service of those organisations.
Furthermore, Section 17 of the Electronic Transactions and Cybersecurity Act establishes that where any written law requires that a document, record or information shall be retained, that requirement shall be satisfied if the document, record or information is held in electronic form. Such document, record or information shall be kept in electronic form for at least seven years.

The Electronic Transactions and Cybersecurity Act of 2016 establishes a safe harbour regime for intermediaries for copyright infringements. Sections 25 to 30 of the Act protect an Intermediary service provider from liability to civil or criminal proceedings for any electronic information under its service provided that it neither initiated transmission of the message nor modified it and that it was not aware of the unlawful character of the stored information. Additionally, protection is provided if the intermediary service provider expeditiously removed or disabled access to the information when served with a takedown notice issued under the Act.

Malawi has a copyright regime under the Copyright Act of 2016. However, the exceptions do not follow the fair use or fair dealing model, therefore limiting the lawful use of copyrighted work by others. Arts. 36-53 list the exceptions, which include personal and teaching purposes; reproduction, translation, adaptation, arrangement or other transformation of a work exclusively for the user’s own personal or private use of a work which has already been lawfully made available to the public; among others.

Malawi has not signed the World Intellectual Property Organization (WIPO) Copyright Treaty.

Malawi has not signed the World Intellectual Property Organization (WIPO) Performances and Phonograms Treaty.

The Law in Malawi, according to Sections 52 and 53 of the Electronic Transactions and CyberSecurity Act of 2016, requires cryptography services or products to be registered by the Communications Authority. Additionally, the use, importation, and exportation of encryption programs and encryption products is subject to authorisation by the government. In addition, Section 67 of the Act mandates encryption services providers to declare to the Authority the technical characteristics of the encryption means as well as the source code of the software used. Violation of these regulations is a criminal offence punishable by up by imprisonment and a fine.

Malawi has no rules applicable to the protection of trade secrets.

It is reported that there is an obligation for passive infrastructure sharing in Malawi to deliver telecom services to end users. It is practised in both the mobile and fixed sectors based on commercial agreements.