According to Art. 16 of the Resolution No. 418 of 2020, issuing the executive regulations for the law regulating the press and media and the Supreme Council for Media Regulation promulgated by Law No. 180 of 2018, licensed media and websites must retain all broadcast materials for no less than one year from the broadcast date. They must also deposit a copy of it to the Supreme Council on a monthly basis. The term media is defined as any terrestrial or satellite television channel or wired, wireless or electronic radio station. The term website is defined as the licensed page, link or electronic application through which press, media or advertising content is provided, whether fixed, animated or multimedia, issued under a specific name, with a specific electronic address and domain, and created, hosted or accessed through the international information network (Internet).

Art. 8 of Egypt's Law No. 151 of 2020, Promulgating the Personal Data Protection Law, requires any controller or processor to appoint "a competent employee to be responsible for the protection of Personal Data, inside its legal entity and among its personnel structure. This employee shall be registered in the register designated for the Data Protection Officers at the Center" (Data Protection Center). In addition, according to Art. 5.12, processors outside of the Arab Republic of Egypt are required to appoint a representative in the country.

Art. 3.5 of Resolution No. 151 stipulates that "The Data Protection Centre shall, upon the request of the national security authorities, notify the controller or processor to amend, delete, not display or provide or handle the personal data, within a specified period of time, according to national security considerations, and the controller or processor shall implement the contents of the notification within the period of time specified therein." It is reported that there are no clear or precise rules as to when the national security authorities can request access to the personal data maintained by the controller/processor. The main requirement is that the request made by the national security authorities to access the personal data must be for the purpose of national security.

The interception of telecommunications in Egypt is permitted under the Telecommunication Regulation Law No. 10 of 2003. The law grants the National Telecommunication Regulatory Authority (NTRA) - a body chaired by the ICT minister and composed of government representatives - the authority to regulate ISPs and mobile network operators. Art. 64 of the law "mandates telecommunications operators to provide all technical equipment, systems, software and communications, which enable the armed forces and national security agencies to exercise their powers within the Law."

Law No. 87 of 2018 Regulating Road Transport Services Using Information Technology, a law passed to regulate ride-sharing apps, requires companies to share user data with authorities “on request” and “according to the law.” Art. 9 states that all land transportation service companies are required to provide the country’s national security agencies with “all their customers’ data”. Requests for data do not need to be accompanied by a warrant, though a decree from the prime minister is required.
Resolution No. 2180 acts as the executive regulation of Law No. 87. According to Art. 10 of the Resolution, ride-sharing companies are to submit to the Ministry of Transportation six months’ worth of “customers’ data” from all rides provided upon request by the Ministry.

According to Art. 2.3 of Law No. 175, the national security authorities may request access/use to all technical capabilities from the service provider (namely mobile operators and technology service providers) and their affiliates. This is for the purpose of enabling the national security authorities to exercise their powers in accordance with Law No. 175. It is reported that this is a generic right; it does not explicitly allow the access and retention of personal data maintained by service providers. However, it is expected that the data stored might be accessible to the national security authorities while exercising this right. The main guarantee is that the use of such a right should not violate the inviolability of private life. This right is not further regulated; there are no specific guarantees that limit the national security authorities' use of their powers in this regard. There is no specific duration for the power granted.

A basic legal framework on intermediary liability for copyright infringement is absent in Egypt's law and jurisprudence. Whether intermediary liability is recognised in the Egyptian Intellectual Property Law, opinions are not conclusive. Some experts consider Art. 147 of Law on the Protection of Intellectual Property Rights covers intermediary liability due to its breadth, giving the author the right to prevent the exploitation of its work "in any form" and "in any manner, through computers, the Internet, information networks, communication networks, and other means”. An alternative view is that the law does not contain any provisions that explicitly impose liability upon Internet intermediaries for acts of infringement.

A basic legal framework on intermediary liability beyond copyright infringement is absent in Egypt's law and jurisprudence. In addition, it is reported that "the introduction of the Anti-Cybercrime Law triggered a controversial public debate" in Egypt, in particular "the offences in Articles 25, 27, 29, and 35 are very broadly defined, and cannot exclude a general liability for web administrators or managers of a legal entity for content-related violations". The application of the law will provide further clarity on this issue.

Art. 5 of the General Rules and Conditions for Protecting Mobile and Fixed Users’ Rights in A.R.E, published by the National Telecommunication Regulatory Authority (NTRA), stipulates that the identity and a national number of mobile and fixed-line services customers have to be registered "in all cases". It is also reported that, since 2010, NTRA has required distributors of SIM cards to collect personal data from buyers and copies of their identification documents before the cards can be activated.

Art. 4 of Egypt's Media Law No. 180/2018 provides the right for the Supreme Council to block publications, newspapers, media or advertising issued or broadcast from abroad from entering Egypt "for considerations required by national security". Several international reports highlight that the government has abused this article by leveraging the vagueness of the concept of national security.

The indicator "6.2.4 - Government Internet shut down in practice" of the V-Dem Dataset, which measures whether the government has the technical capacity to actively make internet service cease, thus interrupting domestic access to the internet or whether the government has decided to do so, has a score of 3 in Egypt for the year 2023. This corresponds to "Rarely but there have been a few occasions throughout the year when the government shut down domestic access to Internet."

The Media Licensing Regulations, issued in February 2020 to implement the Media Law, require media advertising companies to acquire a license to offer their services, while non-Egyptian media advertising companies have to pay a license fee and approval from the Supreme Council for Media (SCoM), which requires, among other things, operating within a specific media area, the availability to block any content involving, among other things, violence, suicide, self-harm or nudity.

Art. 14 of Law No. 151 of 2020 on Personal Data Protection prohibits the transfer of personal data to a foreign country unless the laws of the foreign country guarantee a minimum level of protection that is equal to the level stipulated by Egyptian law. Moreover, the transfer of data abroad requires an authorisation or a license from the Data Protection Centre. Art. 15 enumerates several specific exceptions to the obligation of Art. 14 subject to the express consent of the person concerned with the data or his representative.

According to Art. 6 of Law 180 of 2018, a license from the Supreme Council for Media Regulation (SCMR) is required to establish and manage a website in Egypt and operate offices or branches for websites. This license requires, inter alia, operating inside a specific media area. If a license is not obtained, the SCMR can cease or block the website. The term "website" is defined in Art. 1 as "the licensed page, link or application through which press, media or advertising content is provided, whether textual, audio, visual, static, animated or multimedia, issued under a specific name, with a specific electronic address and domain and created, hosted or accessed through the International Information Network (Internet)", therefore it also covers any online links and applications through which press, media, or advertising content is provided. According to Art. 60 of the law, websites are required to pay a fee of EGP 50,000 (approx. USD 2,800) to obtain the license and gain legal status. In addition, pursuant to Art. 40 of Law 180 of 2018, any person wishing to issue a newspaper or establish a website is required to notify the Supreme Council and provide a description of the type of content, editorial policy, sources of funding, and other detailed information. Furthermore, Art. 41 adds that it is not permitted to issue a newspaper or establish a website before completing the notification data.

Egypt has not joined any free trade agreement committing to open transfers of cross-border data flows.