According to Arts. 8 and 9 of the Law No. 2015/018/AN, the regulatory body for the postal and telecommunications sector is called the "Regulatory Authority for Posts and Telecommunications", abbreviated as ARPT. This body carries out its regulatory functions in an independent, neutral, professional, impartial, and transparent manner and has legal personality and administrative and financial autonomy.

According to Art. 28 of Part II of the Law L/2016/037/AN, the transfer of personal data is subject to prior authorisation from the personal data protection authority. Any transfer of such data is subject to strict and regular control by the authorities with regard to their purposes. The authorisation is always needed, though other conditions must also be fulfilled. A controller of personal data may only transfer such data to a third country if the state ensures a higher or equivalent level of protection of privacy, fundamental freedoms and rights of individuals with regard to the processing to which such data may be subject.

Guinea has not joined any agreement with binding commitments to open transfers of data across borders.

Law L/2016/037/AN provides a comprehensive regime of data protection in Guinea. Art. 2 of Part II stipulates that "the purpose of this law is to guarantee the protection of personal data in the Republic of Guinea by defining, in particular, the rules, mechanisms, and tools for the protection and management of such data, as well as the sanctions for violations of these rules, in addition to the sanctions provided for by the law on cybercrime".

Art. 37 of the Law L/2016/035/AN sets a minimum retention period for documents relating to electronic transactions. These documents must be kept for at least 10 years. During this period, the information must be accessible and retrievable, kept in its original format, and traceable to its origin and destination.

Under Arts. 96 to 105, Law No. 2016-037 permits a "competent authority" to require legal or natural persons who offer internet access to carry out surveillance on their subscribers’ activities without specifying the role of the judicial authority in triggering the surveillance procedure.
Moreover, according to Arts. 48 and 49 of Part II of the Law, an authorised cryptographic service provider or the person responsible for processing personal data may not oppose professional secrecy to the Personal Data Protection Authority and may be required to provide all data if requested.

A basic legal framework on intermediary liability for copyright infringement is absent in Guinea's law and jurisprudence.

A basic legal framework on intermediary liability beyond copyright infringement is absent in Guinea's law and jurisprudence.

According to Art. 67 of the Law L/2016/037/AN, access to internet services from cyber cafes is subject to prior identification of users. The modalities will be determined by the Ministerial Order of the Minister in charge of Posts, Telecommunications and Digital Economy.

Art. 36 of the Telecommunications Act requires the identification of all telecommunication service subscribers. It also requires operators to transmit the identification data to the “competent authorities” upon request from the public prosecutor's office.

According to Art. 2 of the Decision D/001/ARTP/CNRPT/2021, SIM card or internet services activation is only authorised after the identification of the subscribers. The latest must provide their ID card, electoral card or passport (Art. 3).

It has been reported that Guinean authorities have implemented restrictions on Facebook, WhatsApp, Instagram, TikTok and other social media platforms in May 2023.

The indicator "6.2.4 - Government Internet shut down in practice" of the V-Dem Dataset, which measures whether the government has the technical capacity to actively make internet service cease, thus interrupting domestic access to the internet or whether the government has decided to do so, has a score of 1 in Guinea for the year 2023. This corresponds to "The government shut down domestic access to the Internet numerous times this year."
In addition, it is reported that the military junta has maintained a permanent internet shutdown since assuming power in 2022, primarily targeting periods of planned protests. Before the junta's rule, authorities also implemented a complete internet shutdown during the 2020 elections' voting period.

There is an obligation for passive infrastructure sharing in Guinea to deliver telecom services to end users. According to Art. 82 of Law No. 2015/018/AN, the Regulatory Authority for Posts and Telecommunications (ARPT) ensures the introduction of infrastructure-sharing offers in the interconnection catalogue of the dominant operators in the relevant market. These offers concern all passive infrastructures such as poles or ducts, dark fibre, and potentially active infrastructures.
Moreover, according to Decree D/2021/091/PRG/SGG, the request for infrastructure sharing cannot be refused if it does not cause any disruption or technical difficulty in terms of the proper functioning of the network and the proper operation of the service (Art. 4.4). In addition, infrastructure operators must meet requests for sharing from holders of public or private licences to operate telecommunications networks and from providers of telecommunications services under objective, transparent and non-discriminatory conditions. They must publish a catalogue of infrastructure sharing for each year (Art. 5).

According to Art. 29 of Decree D/2021/091/PRG/SGG, telecommunication network operators in Guinea must maintain separate accounting for their interconnection activities. Furthermore, it is reported that Guinea mandates functional separation for operators with significant market power (SMP) in the telecom market.