Art. 53 of Decree 42/2021 establishes the permission for the Cuban state communications company to block or suspend the networks used to disseminate information considered false or harmful to "public order".

To access the Internet in Cuba, the user must go to one of the offices of the state-owned Empresa de Telecomunicaciones de Cuba S.A. and sign up for an account at Nauta, the Internet service network. Registration requires payment and presentation of an identity card. With this, the user creates an account with a password and obtains a rechargeable credit card to access the Internet at any point of entry with Wi-Fi.

Art. 60 of Decree-Law No. 360 establishes that computer systems in which access is possible by multiple users should implement a personal and unique user identifier. The article adds that the people to whom user identifiers are assigned are responsible for the actions realised with their user identifier. In the event of termination of the employment relationship or other causes determined by the entity managing the computer system, the user identifier should be eliminated. In all cases, the the traces of use of the access credentials should be preserved for a period of no less than one year.

A basic legal framework on intermediary liability beyond copyright infringement is absent in Cuba's law and jurisprudence.

According to Art. 110.1 (Chapter II ) of the Decree Law No. 389 of 2019, the authorities can carry out electronic surveillance without prior judicial approval and use the information obtained in criminal cases.

A basic legal framework on intermediary liability for copyright infringement is absent in Cuba's law and jurisprudence.

In Cuba, Law 149/2022 regulates the protection of personal data, consolidating the right to privacy provided under Art. 97 of the Constitution of the Republic of Cuba. The Law applies to public and private bodies, introduces the concepts of data owners, with specific rights, as well as responsible persons, and designated persons. Processing of personal data in Cuba is underpinned by 12 personal data protection principles which must be complied with in any such activities. Interestingly, the Law details an extensive definition for personal data and requires the establishment of a data retention regime and even specifies a statutory retention period of five years, if it is not otherwise stated by law for a category of record. Although the Law does not establish a new data protection authority, the Ministry of Justice (MINJUS) is tasked with ensuring compliance and various public bodies are permitted to authorise cross-border transfers of personal data.

Art. 60 of Decree-Law No. 360 establishes that computer systems in which access is possible by multiple users should implement a personal and unique user identifier. The article adds that the people to whom user identifiers are assigned are responsible for the actions realized with their user identifier. In the event of termination of the employment relationship or other causes determined by the entity managing the computer system, the user identifier should be eliminated. In all cases, the traces of the use of the access credentials should be preserved for a period of at least than one year.

Cuba has not joined any agreement with binding commitments to open transfers of data across borders.

Law 149/2022 includes provisions for cross-border data transfer and outlines that there are only five specific exceptions for data transfers outside the country. The cross-border data transfer is therefore only allowed in the case of international judicial cooperation, exchange of medical data when necessary for the treatment of the data subject, bank or stock exchange transfers about the relevant transactions, under applicable international treaties, and if the transfer of data is for the purpose of international cooperation in the fight against crime (Art. 65.1). In addition, Art. 66 grants to certain authorities the competencies to authorise the international transfer of personal data in other circumstances.

The Ministry of Communications is the one that regulates, controls and supervises the telecommunications sector and it is reported that it is a non-independent state entity. This authority is established by Art. 16 of Decree-Law No. 35 on Telecommunications, Information and Communication Technologies and the Use of the Radio Spectrum (Decreto Ley No. 35 De las Telecomunicaciones, las Tecnologías de la Información y la Comunicación y el Uso del Espectro Radioeléctrico). The Ministry of Communications, according to Chapter II, Art. 6, is the governing body within the framework of the telecommunications and Technology, Information and Communications sector and the use of the radioelectric spectrum.

Art. 68(f) of Decree Law No. 370 states that the use of foreign servers to host websites is an offence. According to Art. 82 of Decree No. 360/2019, "when due to connectivity needs or other interests, the entity requires hosting a site on servers located in a foreign country, this is done as a mirror or replica of the main site on servers located in Cuba and the required measures are established to guarantee their security, in particular during the process of updating the information. In addition, according to Art. 83, "The network servers of an entity intended to facilitate access to or from abroad and those for internal use must be installed in different areas of the network, in such a way as to avoid connection between them."

Although Cuba does not have any licensing requirements that could be considered discriminatory, there are restrictions that discriminate against foreign or foreign investment companies. Empresa de Telecomunicaciones de Cuba. S.A. (ETECSA) is the only company that has legal ownership and administration of telecommunications services Art. 1 of Decree No. 321 grants the administrative concession to ETECSA, enabling it to provide public telecommunications services granted in administrative concession in the national territory in the modalities, for the term and under the conditions established in the Decree-Law No. 35 in its Article 25 establishes that "public telecommunications services have priority over private telecommunications services" explicitly imposing, within a legal framework, discrimination against companies foreigners in favor of the state ones.

Decree No. 321 broadens the scope of the concession to the Cuban Telecommunications Company. S.A. to more modalities of telecommunications services mentioned in Art. 3, including the following modalities: basic telephone service; signal driving service; data transmission service; land mobile telecommunications cellular service; virtual phone service; booth service and public telephone stations; Internet access service; value-added telecommunications service; trunked mobile radio communication service; application provision service in the Internet environment; subscription television service; and contact center services. This represents a form of discrimination that gives all administrative space exclusively to the state company and none to foreign companies.

Cuba has not appended the World Trade Organization (WTO) Telecom Reference Paper to its schedule of commitments.

It is reported that there is no mandate for accounting nor functional separation for telecom providers with significant market power. The dominant and monopolistic company in the sector is the state company ETECSA.