Pursuant to Section 363 of the Information, Communications and Media Act, an internet service provider (ISP) shall not incur liability for merely storing content generated by third parties and made publicly accessible, provided that: (i) the ISP has no actual knowledge of any illegality associated with such content; (ii) it is not aware of facts or circumstances from which such illegality may reasonably be inferred; (iii) upon acquiring such knowledge or awareness, it acts expeditiously to remove or disable access to the content; or (iv) it lacks the technical capacity or cannot reasonably be expected, in the circumstances, to prevent public access. Section 364 further states that an ISP shall not be held liable for third-party content that is merely transmitted or routed through its systems to facilitate public access, provided it does not initiate the transmission, select the recipient, or alter the information transmitted.
Section 464.63 defines an ISP as any natural or legal person, or association thereof, that provides individuals and businesses with internet access and may also offer other internet-based services.

Bhutan’s regulatory framework on SIM registration requires mobile network operators to collect and store users’ personal information together with proof of identity. Section 9 of the Code of Practice on Registration of Subscriber Identity Module (SIM) Cards stipulates that issuance of a SIM card requires: (a) a completed registration/application form, including a signed agreement and SIM card usage terms and conditions; and (b) a copy of the subscriber’s identity proof, as follows: (i) Bhutanese nationals: citizen ID card number, or, in the case of minors, the ID of a parent or guarantor; (ii) residents of Bhutan: resident permit number; and (iii) foreigners other than Indian nationals: passport number.
Section 9.2 further obliges service providers to maintain a register of all subscribers, both post-paid and pre-paid, and to keep a corresponding computerised database of this information.

The indicator "7.2.4 - Government Internet shut down in practice" of the V-Dem Dataset, which measures whether the government has the technical capacity to actively make internet service cease, thus interrupting domestic access to the internet or whether the government has decided to do so, has a score of 3 in Bhutan for the year 2024. This corresponds to "Rarely but there have been a few occasions throughout the year when the government shut down domestic access to Internet."

According to Sections 90–93 of the Information, Communications and Media Act, no person shall own or operate an ICT facility, or provide any ICT service, without a valid licence. Section 464 of the Act defines the scope of ICT services, including: (i) broadcasting services, such as mobile satellite and subscription broadcasting; (ii) information technology services, such as webcasting, e-mail, and other electronic services; (iii) Internet Protocol (IP) telephony; (iv) digital library and commercial information services; (v) network-based information and related specialised professional services provided electronically; and (vi) public switched data and other similar services. The Rules and Regulations on ICT Facilities and Services in Bhutan provide further information about this license.

According to Sections 90–93 of the Information, Communications and Media Act, no person shall own or operate a media facility, or provide any media service, without a valid licence. This requirement includes online media as defined in Section 464.

According to Section 6 of the Guidelines for Licensing of OTT Services, individuals or entities with a valid start-up licence may establish and operate an OTT platform for up to five years. Before the end of this period, OTT providers must apply to the Authority for an ICT service licence, which is granted for five years and subject to agreed terms and conditions. Licensed telecom and internet service providers are not required to obtain a separate licence to operate OTT services but must comply with the Guidelines and seek prior approval from the Authority.

According to Section 2.1 of the Rules and Regulations for Publication, no person may publish books, newspapers, and periodicals, whether in physical form or as electronic publications, without holding a valid licence issued by the Bhutan InfoComm and Media Authority (BICMA). Section 2.4 sets out the eligibility criteria for applicants. A licence may be granted only to a person who:
(i) is a citizen of Bhutan;
(ii) is of sound mind;
(iii) is not a political party;
(iv) has not been declared insolvent or convicted of a criminal offence under Bhutanese law, unless their reputation has been restored through due process; and
(v) holds less than 5% of shares in any other media licence issued by the Authority.

According to Section 2.3 of the Rules and Regulations on ICT Facilities and Services in Bhutan, only Bhutanese citizens are eligible to apply for an ICT facility licence, ICT service licence, or a consolidated licence, provided that the applicant does not hold a majority share in any other ICT facility or service licence.
Art. 464 of the Bhutan Information, Communications and Media Act 2018 defines ICT facilities and ICT services, encompassing: (i) telecommunications services, such as public telephony, telegraphy, facsimile, cellular telephony, and pay-phone/communication services; (ii) information technology services, such as internet services; and (iii) transmission facilities, including fixed links and cables, computer facilities, pay-phone/communication facilities, and radio communication transmitters, receivers, and links.
Additionally, the Rules and Regulations for Licensing and Operation of Internet Service Providers in Bhutan establish specific requirements for applications for an Internet Service Provider (ISP) licence.

Bhutan has not appended the World Trade Organization (WTO) Telecom Reference Paper to its schedule of commitments.

Section 28 of the Bhutan Information, Communications and Media Act 2018 establishes the Bhutan InfoComm and Media Authority (BICMA) as an autonomous regulatory authority for the telecommunications sector. It is reported that BICMA operates independently from the government in its decision-making processes.

Annex I, point (p) of the "Payment Aggregators and Payment Gateways Guidelines 2020" stipulates that entities must adopt preventive measures to ensure that data is not stored on infrastructure subject to external jurisdictions, that is infrastructure located outside the country. This requirement is mandatory for payment aggregators and recommended for payment gateways. Under Section 3, payment aggregators are defined as entities that enable e-commerce platforms and merchants to accept various payment instruments from customers, thereby facilitating the completion of payment obligations without necessitating merchants to develop their own payment integration systems. On the other hand, payment gateways are entities that provide the technological infrastructure to route and facilitate the processing of online payment transactions, without engaging in the handling of funds.

Bhutan has not joined any agreement with binding commitments to open transfers of data across borders.

Bhutan maintains a copyright framework under the Copyright Act of the Kingdom of Bhutan of 2001. The Act does not adopt an open-ended fair use or fair dealing model; instead, it establishes a closed list of narrowly defined exceptions, which restricts lawful use to specific, enumerated purposes. Several of these exceptions, such as those relating to quotation and reproduction for teaching, are expressly conditioned on compliance with the principle of fair practice, requiring that the use be compatible with fair practice and limited to what is justified by the purpose. Arts. 10-17 set out these exceptions, which include private reproduction for personal purposes; quotation; reproduction for teaching; reprographic reproduction by libraries and archives; reproduction, broadcasting and other communication to the public for informational purposes; reproduction and adaptation of computer programs; importation for personal purposes; and the display of works.

Reports indicate that copyright infringement is widespread within the country. Samuh, the first over-the-top (OTT) platform offering video streaming services to Bhutanese audiences both domestically and abroad, has observed that its content is extensively disseminated across social media platforms such as Telegram, WeChat, Facebook, TikTok, and others, resulting in substantial economic losses for the company.

Bhutan has not signed the World Intellectual Property Organization (WIPO) Copyright Treaty.