Decree No. 214-105 provides that the supply or importation of a cryptology means not exclusively ensuring authentication or integrity control functions, is subject to a prior declaration to the Autorité de Régulation des Télécommunications/TIC de Côte d'Ivoire (ARTCI, Telecommunications/ICT Regulatory Authority of Côte d’Ivoire). The service provider, who is subject to professional secrecy, or the person providing or importing a cryptology means, must make available to the ARTCI a description of the technical characteristics of this cryptology means (Art. 8). In addition, the use of cryptology means and services ensuring confidentiality functions is free only if they are based on secret codes managed by an organization approved by the ARTCI, and the Authority must ensure, by any means, that the secret codes are not contrary to public policy or do not undermine the interests of national defence or the internal or external security of the State (Art. 6). Besides, the use of the means and services of cryptology beyond 32 bits for confidentiality is subject to authorisation (Art. 7).

A basic legal framework on intermediary liability beyond copyright infringement is absent in Côte d'Ivoire's law and jurisprudence.

Art. 163 of Ordinance No. 2012-293 provides that telephone operators and Internet service providers are required to identify their subscribers. Art. 3 of the Decree No. 2017-193, adopted pursuant to Ordinance No. 2012-293, requires telecom operators and service providers to identify their subscribers through the collection and storage of identification data. Under Art. 13, the identification data collected includes photo, date and place of birth, profession, email and physical address, plus the biometric national identity card or biometric national driving licence or biometric passport, which all enclose fingerprints, photo, signature, names, and parentage. In addition, Art. 28 introduces measures to ensure the identification of all cybercafé users.

Côte d'Ivoire does not have comprehensive trade secret legislation. Yet, there are provisions addressing disclosure, acquisition or use of confidential information in the course of industrial or commercial activities by third parties in Art. 6 of Annex VIII of the Bangui Agreement ratified by 17 French-speaking States, including Côte d'Ivoire since 2002.

Côte d'Ivoire encourages infrastructure sharing under Art. 35 of the Ordinance No. 2012-293 and makes it compulsory for SMP operators in the market for co-location (Art. 49). It is reported that passive infrastructure sharing is practised in both the mobile and fixed sectors.

The State of Côte d'Ivoire holds 5% in the capital of the leader in mobile telephony in Côte d'Ivoire (ORANGE CI).

Côte d'Ivoire does not mandate functional separation for operators with significant market power (SMP) in the telecom market. However, Art. 45 of Ordinance 2012-293, relating to telecommunications and information and communication technologies, lays down the principle of accounting separation of operators and powerful suppliers.

Ordinance No. 2012-293 provides for licenses under which a company is allowed to establish, operate networks or provide telecommunications services. Obtaining an individual license is subject to the following conditions: being a legal entity under Ivorian law, having the technical and financial capacity, having an operating plan for the individual license that complies with the criteria established in the specifications, committing to abide by the applicable law, in particular, this Ordinance and its implementing provisions, as well as the specifications appended to the license for which it applies (Art. 9).

Côte d'Ivoire has appended the World Trade Organization (WTO) Telecom Reference Paper to its schedule of commitments.

Art. 71 of Ordinance No. 2012-293 establishes an independent administrative authority known as the Telecommunications/ICT Regulatory Authority of Côte d’Ivoire (ARTCI), which possesses legal personality and financial autonomy. It is reported that ARTCI, as the executive body responsible for the oversight and regulation of telecommunications services, operates independently of the government in its decision-making processes.

Under Art. 26 of Law No. 2013-450, the controller of a processing operation may only be authorised to transfer personal data to a third country if that country ensures a higher or equivalent level of protection of the privacy, freedoms and fundamental rights of individuals with regard to the processing of which such data are or may be subject. In addition, before any actual transfer of personal data to this third country, the controller must first obtain authorisation from the Protection Authority. The transfer of personal data to third countries is subject to regular monitoring by the Protection Authority with regard to their purpose.

Côte d'Ivoire has not joined any agreement with binding commitments on data flows.

Law No. 2013-450 provides a comprehensive regime of data protection in Côte d'Ivoire, addressing matters such as prior authorisation for processing sensitive data, defining consent as a central principle, necessitating data protection officer appointments, and providing restrictions on data transfers.

Under Art. 15 of Decree No. 2017-193, telecom operators and service providers are required to collect and keep copies of documents and data relating to subscribers’ identification throughout the duration of their subscription and, at least three years from the end of the subscription.

Law No. 2013-450 provides for the creation of a correspondent for the protection of personal data, who is a person enjoying qualifications to perform such missions and is the independent natural or legal person designated by the responsible person (the natural or legal person, public or private, any other body or association which, alone or jointly with others, takes the decision to collect and process personal data and determines the purposes thereof) to oversee the responsible person's obligations under the Law and ensure compliance with the Law (Art. 12). More information about this role can be found in Order No. 511/MPTIC/CAB. There are no requirements to carry out a Data Protection Impact Assessment in the Law No. 2013-450. However, it is reported that the Telecommunications/ICT Regulatory Authority of Côte d'Ivoire (ARCTI) is beginning to impose it as a good practice for any sensitive data processing.