It has been reported that the government periodically blocks social media sites. The government restricted access to prominent social media platforms such as TikTok, Facebook, Telegram, and YouTube from 9 February 2023 until 20 July 2023. In November 2021, the government also restricted access to major social media platforms, targeting Facebook, WhatsApp, Telegram, and Facebook Messenger. Furthermore, it has been reported that Ethiopia has a nationwide internet blocking and filtering system that can be deployed at any time for political reasons. To filter the internet, authorities generally block specific internet protocol (IP) addresses or domain names at the level of the connection to the international gateway. Additionally, deep packet inspection (DPI) is employed, enabling blocking based on a keyword in the content of a website or of a communication such as an email message.

It is reported that the Ethiopian government imposed a communications blackout on the Tigray region between November 2020 and July 2021 as Ethiopian and Tigrayan security forces fought. In addition, authorities have reportedly restricted mobile data access in various major cities within the Amhara Region, including Gondar, Bahir Dar, and Woldia, starting from April 2023. Mobile data remained unavailable in these cities as of May 2023. Subsequently, in August 2023, after the reporting period had ended, authorities blocked internet access in the Amhara Region.
Additionally, the indicator "6.2.4 - Government Internet shut down in practice" of the V-Dem Dataset, which measures whether the government has the technical capacity to actively make internet service cease, thus interrupting domestic access to the internet or whether the government has decided to do so, has a score of 2 in Ethiopia for the year 2023. This corresponds to "The government shut down domestic access to the Internet several times this year."

It is reported that Ethiopia does not mandate functional separation for operators with significant market power (SMP) in the telecom market. However, there is an obligation of accounting separation.

The Ethiopian Communication Authority is mandated to limit the number and pre-conditions of new licenses to be given for investors based on Art. 6.7 and 19.2 of the Communications Service Proclamation No. 1148/2019. In other words, investors can only apply to be given a license when the government announces a call for bids. Based on these provisions, the government has only given out one license to a foreign investor so far. In June 2021, the Ethiopian Communications Authority (ECA) licensed the Global Partnership for Ethiopia (Safaricom) as the country’s second telecommunications provider even though it has not started its operations yet. Hence, the only telecom service provider in Ethiopia now is the government owned Ethio-telecom which has a monopoly of the market. The detailed procedures for getting a license are laid out in the Telecommunication Licensing Directive No. 792/2021.

Ethiopia has not appended the World Trade Organization (WTO) Telecom Reference Paper to its schedule of commitments.

It is reported that the Ethiopian Communications Authority (ECA), the executive authority for the supervision and administration of services in the telecommunications sector, is independent from the government in the decision-making process.

According to Art. 12.7 of Directive No. ONPS/02/2020, point of sale machine operators are not allowed to send domestic payment information outside Ethiopia for the purpose of authorisation, clearing and settlement. They can only send payment data made through the international card scheme to the financial institution or national switch. Similarly, automated teller machine operators cannot send any transaction outside Ethiopia for the purpose of processing, authorisation and switching (Art. 11.1).

Section 16.6 of Directive No. 832/2021 mandates that the processing of consumers' personal data in the realm of telecommunications services must be confined to servers or data centres located within Ethiopia.

Ethiopia has not joined any free trade agreement committing to open transfers of cross-border data flows.

Ethiopia does not have a comprehensive regime in place for all personal data, but it has sectoral regulations. These include, for instance, laws regulating the financial sector and others, which confer authority on various bodies to safeguard privacy. Notably, the Communication Services Proclamation No. 1148/2019 establishes the Ethiopian Communication Authority, which is tasked with promoting data privacy. Moreover, the Constitution of the Federal Democratic Republic of Ethiopia of 1995 enshrines the right to privacy.
In a significant development, it was reported that in April 2024, the Ethiopian Parliament approved Proclamation No. 1321/2016 concerning the Personal Data Protection Bill. If enacted, this legislation will introduce comprehensive provisions for data subject rights, data processing principles, and the establishment of an independent supervisory authority. Additionally, the Bill will impose restrictions on the transfer of data to third-party jurisdictions and introduce requirements such as the appointment of a DPO, the reporting of data breaches, and the performance of DPIAs.

Under Art. 24 of the Computer Crime Proclamation No. 958/2016, all service providers must retain the computer traffic data disseminated through their computer systems or traffic data relating to data processing or communication services for one year. Service provider is defined as a person who provides technical data processing or communication service or alternative infrastructure to users by means of computer system.

Art. 29 .1 of the Electronic Signature Proclamation No. 1072/2018 requires that any certificate provider for electronic signatures shall keep custody of any information related to certificate issuance, suspension, revocation or related services for two years. Any certificate provider who fails to keep custody of the above information shall be punished with a fine up to 150,000.00 ETB (approx. 2900 USD). Art. 25 (3) states that the certificate provider shall retain a copy of the subscribers’ encryption key at all times. Art. 18 (2) of the same law states that a certificate provider who wishes to terminate its certification service shall transfer its subscriber certificates and related records to another certificate provider or authority. A certificate provider is a business entity that issues digital certificates and provides encryption services and time stamp services.

The Computer Crime Proclamation No. 958/2016, and the Electronic Transaction Proclamation 1205/2020 establish a safe harbour regime for intermediaries for copyright infringements. According to Art. 16 of the Computer Crime Proclamation, intermediaries are shielded from liability unless they are directly involved in disseminating or editing criminal content data, or fail to take necessary measures to remove or disable access to illegal content data upon becoming aware of its existence. Additionally, Art. 23 of the Electronic Transaction Proclamation specifies that intermediaries cannot be held liable for transmitted information provided they do not monitor online communication, initiate transmissions, select receivers, or modify transmitted information.
Furthermore, Art. 24 absolves intermediaries from liability for the temporary storage of electronic records if such storage aims to facilitate efficient transmission of electronic messages to recipients who requested them. Moreover, Art. 25 extends protection to hosting service providers, relieving them of liability for damages resulting from stored information if they are unaware of any harm or take immediate action upon becoming aware of it.

Ethiopia has not signed the World Intellectual Property Organization (WIPO) Copyright Treaty.

Ethiopia has not signed the World Intellectual Property Organization (WIPO) Performances and Phonograms Treaty.