Burundi has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.

Burundi has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

According to Arts. 29-31 of Law No. 100/97 of 18 April 2014 (amending the Ministerial Law No. 520/730/540/231 of 9 April 1995), operators of electronic communications networks open to the public and electronic communication services providers are required to identify subscribers at the time of any subscription, maintain subscriber lists and produce directories. They are also required to submit information on the identity of subscribers to the "Agence de Régulation et de Contrôle des Télécommunications" (ARCT, Regulatory Agency for Telecommunications).

It is reported that Order No. 1 of 8 April 2014, issued by the "Agence de Régulation et de Contrôle des Télécommunications" (ARCT), required all end users of telecommunication services to provide personal data before acquiring a SIM card. It required providing personal information such as names, addresses, places, and dates of birth, a copy of national identity cards, and passport photographs as part of the mandatory SIM card registration. Similarly, it is reported that Art. 3 of Burundi’s Ministerial Law No. 540/356 of March 17, 2016, obliges mobile operators to take all the necessary measures to verify if the SIM card users are the real subscribers and to block the SIM card if they detect an anomaly.

Art. 76 of Law No. 1/19 of September 2018, amending Law No. 1/15 of May 2015, governing the press in Burundi, stipulates that media organizations are liable for any content published on their platforms, even if it is posted anonymously. This provision has been in effect since the enactment of Law No. 1/11 in June 2013. Furthermore, Art. 62 mandates that authorised press entities must refrain from broadcasting or publishing material that contravenes public morality or order.

According to Section 3 of the 2018 Press Law, the "Conseil National de la Communication" (CNC) is entitled to unilaterally distribute and withdraw a press card to journalists with high discretion, including for electronic media.

It is reported that Onatel Burundi is a fully state-owned telecommunications provider. It provides the full range of services, including fixed and mobile voice, broadband and internet.

It is reported that Burundi does not mandate functional or accounting separation for operators with significant market power (SMP) in the telecom market.

There is a requirement to acquire a license from the "Agence de Régulation et de Contrôle des Télécommunications" (ARCT, Regulatory Agency for Telecommunications) for operation in ICT sectors and to gain access to the frequency spectrum. Decree No. 100/97 of 2014 raised the cost of acquiring a telecommunication licence by more than 500% from USD 200,000 to USD 10 Million, as per Art. 33. It is reported that the increase impacts affordability and thus limits access to the internet in Burundi.
The ARCT regulates and licenses foreign companies that provide communication services, including Voice over Internet Protocol (VoIP), issues licenses to Internet service providers (ISPs), and regulates satellite usage, GPS, and VSAT. According to Art. 8 of Decree-Law No. 1/011, the ARCT grants authorisations to operate links, independent private networks, and value-added services provided by public and private operators. However, the government grants authorisations to operate commercial services after technical advice from the ARCT.

Burundi has not appended the World Trade Organization (WTO) Telecom Reference Paper to its schedule of commitments.

Burundi has a telecommunications authority: "Agence de Régulation et de Contrôle des Télécommunications" (ARCT). However, it is reported that this entity is not fully independent.

Burundi has not joined any free trade agreement committing to open transfers of cross-border data flows.

Burundi has no comprehensive data protection law. However, Decree No. 100/182 of 30 September 1997, laying down organic provisions on telecommunications, contains data protection provisions and imposes confidentiality obligations on personal information (Art. 23-26).

Arts. 29 and 30 of Law No. 100/97 provide that, for public security reasons and judiciary inquiries, telecom operators must provide the full identity and geo-location of their subscribers in real time whenever asked by the Agence de Régulation et de Contrôle des Télécommunications (ARCT, Regulatory Agency for Telecommunications). Failure to identify subscribers attracts a fine of Burundian Francs 5,000,000 (USD 2,000).
In addition, it is reported that Art. 5 of Order No. 540/356 on fighting fraud in the ICT domain gives the "Agence de Régulation et de Contrôle des Télécommunications" (ARCT, Regulatory Agency for Telecommunications) the right to direct any operator to provide the detailed identity of any subscriber. Further, Art. 6 empowers the ARCT to provide a voice server where the operator must divert all phone communications of a user where crime is suspected. The operators must provide a secured web application to the regulator. Art. 9 allows the ARCT to request the full identity of an internet subscriber and their IP address and install IP probes on the technical installations of an ISP. Moreover, Art. 10 obliges operators to comply with any request by the ARCT and its technical partner in order to fight fraud in electronic communications. Failure to cooperate attracts a daily fine of five million Burundian Francs (USD 2,000). The legal text is not available online.

A basic legal framework on intermediary liability for copyright infringement is absent in Burundi's law and jurisprudence. The legal and regulatory framework around intermediary liability is not clear, which is reported to lead to insufficient legal certainty to conduct a wide range of activities, free from the threat of potential liability and the chilling effect of potential litigation. The Burundi Electronic Transaction Law, which has some provisions on intermediary liability, has not yet been promulgated. In addition, there are specific provisions that provide liability for intermediaries. Art. 30 of Law 100/97 of April 2014 on electronic telecommunications provides that operators of electronic communications are fully responsible for fighting fraud in their domains.