A basic legal framework on intermediary liability for copyright infringement is absent in Egypt's law and jurisprudence. Whether intermediary liability is recognised in the Egyptian Intellectual Property Law, opinions are not conclusive. Some experts consider Art. 147 of Law on the Protection of Intellectual Property Rights covers intermediary liability due to its breadth, giving the author the right to prevent the exploitation of its work "in any form" and "in any manner, through computers, the Internet, information networks, communication networks, and other means”. An alternative view is that the law does not contain any provisions that explicitly impose liability upon Internet intermediaries for acts of infringement.

A basic legal framework on intermediary liability beyond copyright infringement is absent in Egypt's law and jurisprudence. In addition, it is reported that "the introduction of the Anti-Cybercrime Law triggered a controversial public debate" in Egypt, in particular "the offences in Arts. 25, 27, 29, and 35 are very broadly defined, and cannot exclude a general liability for web administrators or managers of a legal entity for content-related violations". The application of the law will provide further clarity on this issue.

Art. 5 of the General Rules and Conditions for Protecting Mobile and Fixed Users’ Rights in A.R.E, published by the National Telecommunication Regulatory Authority (NTRA), stipulates that the identity and a national number of mobile and fixed-line services customers have to be registered "in all cases". It is also reported that, since 2010, NTRA has required distributors of SIM cards to collect personal data from buyers and copies of their identification documents before the cards can be activated.

Under Art. 7 of Egypt’s Law No. 175 of 2018, authorities may order the blocking of websites that broadcast content constituting a criminal offence or posing a threat to national security or the economy. Such orders must be submitted to a competent court within 24 hours and ruled upon within 72 hours. In urgent cases, a temporary block may be imposed but must be formalised within 48 hours or it becomes void. Courts may subsequently confirm, amend, or lift the block, which is nullified if the case is dismissed or results in acquittal. It has been reported that the National Telecommunication Regulatory Authority (NTRA) has instructed several telecom companies to block websites pursuant to Art. 7. As of June 2024, 562 websites have been blocked in Egypt, including approximately 132 news outlets.
A similar requirement is contained in Art. 4 of Egypt's Media Law No. 180 of 2018, which provides the right for the Supreme Council to block publications, newspapers, media or advertising issued or broadcast from abroad from entering Egypt "for considerations required by national security". Several international reports highlight that the government has abused this article by leveraging the vagueness of the concept of national security.

Under Art. 16 of the "Executive Regulations for Law No. 180 of 2018 on Press, Media, and the Supreme Council for Media Regulation", media outlets and licensed electronic websites are obliged to retain all broadcast content for a minimum of one year from the date of transmission. They must also submit a copy of this content to the Supreme Council for Media Regulation (SCMR) on a monthly basis. Additionally, a copy of the digital version of the content must be situated in a dedicated server within the Arab Republic of Egypt, in a location designated by the media outlet or website. This location must be secure, disclosed to the Supreme Council, and may not be altered without prior approval from the Council.
According to Art. 1 of Law No. 180, a media outlet is defined as terrestrial and satellite television channels, as well as wired, wireless, and electronic radio stations. A licensed electronic website refers to a page, link, or electronic application that is formally authorised and provides journalistic, media, or advertising content in textual, audio, visual, static, dynamic, or multimedia formats. It must be issued under a specific name, possess a defined electronic address and domain, and be created, hosted, or accessed via the Internet.

Section 7-3 of Egypt’s IoT Framework explicitly requires that satellite operators licensed to provide IoT connectivity services must establish an Earth station within Egypt. This station must be used to transmit IoT service data across the country. Exceptions to this requirement are only permitted with prior approval from the National Telecom Regulatory Authority (NTRA).

Art. 14 of Law No. 151 of 2020 on Personal Data Protection prohibits the transfer of personal data to a foreign country unless the laws of the foreign country guarantee a minimum level of protection that is equal to the level stipulated by Egyptian law. Moreover, the transfer of data abroad requires an authorisation or a license from the Data Protection Centre. Art. 15 enumerates several specific exceptions to the obligation of Art. 14 subject to the express consent of the person concerned with the data or his representative.

Egypt has not joined any free trade agreement committing to open transfers of cross-border data flows.

Law on the Protection of Personal Data provides a comprehensive regime of data protection in Egypt. The law has similarities with the EU's General Data Protection Regulation (Regulation (EU) 2016/679) and includes data subject rights, data controller and processor obligations, and strict conditions for data transfers to foreign countries.

Art. 2.1 of the Anti-Cybercrime Law requires every telecommunications service to maintain records (i.e. logs) for 180 consecutive days. These logs should include, among others, information sufficient to identify the user and information related to the content of the operating system dealt with.

According to Art. 16 of the Resolution No. 418 of 2020, issuing the executive regulations for the law regulating the press and media and the Supreme Council for Media Regulation promulgated by Law No. 180 of 2018, licensed media and websites must retain all broadcast materials for no less than one year from the broadcast date. They must also deposit a copy of it to the Supreme Council on a monthly basis. The term media is defined as any terrestrial or satellite television channel or wired, wireless or electronic radio station. The term website is defined as the licensed page, link or electronic application through which press, media or advertising content is provided, whether fixed, animated or multimedia, issued under a specific name, with a specific electronic address and domain, and created, hosted or accessed through the international information network (Internet).

Art. 8 of the Law on the Protection of Personal Data stipulates that data controllers and processors must designate a suitably qualified employee to serve as the data protection officer, who is required to be registered with the Data Protection Centre. Pursuant to Art. 9, the data protection officer is obliged to undertake evaluations and periodic reviews of personal data protection systems, ensure their resilience against breaches, document the outcomes of such assessments, and issue appropriate recommendations to safeguard the data.

Art. 3.5 of Resolution No. 151 stipulates that "The Data Protection Centre shall, upon the request of the national security authorities, notify the controller or processor to amend, delete, not display or provide or handle the personal data, within a specified period of time, according to national security considerations, and the controller or processor shall implement the contents of the notification within the period of time specified therein." It is reported that there are no clear or precise rules as to when the national security authorities can request access to the personal data maintained by the controller/processor. The main requirement is that the request made by the national security authorities to access the personal data must be for the purpose of national security.

The interception of telecommunications in Egypt is permitted under the Telecommunication Regulation Law No. 10 of 2003. The law grants the National Telecommunication Regulatory Authority (NTRA) - a body chaired by the ICT minister and composed of government representatives - the authority to regulate ISPs and mobile network operators. Art. 64 of the law requires each operator and provider, at their own expense, to provide within the telecommunication networks licenced to them, all technical possibilities, including equipment, systems, software and communications, to enable the armed forces and national security entities to exercise their powers within the law. This could include capabilities for decrypting encrypted communications. Contravention of this prohibition is a criminal offence punishable by imprisonment and a fine of between EGP 10,000 and 100,000 (approx. 635 and 6350 USD).

Law No. 87 of 2018 Regulating Road Transport Services Using Information Technology, a law passed to regulate ride-sharing apps, requires companies to share user data with authorities “on request” and “according to the law.” Art. 9 states that all land transportation service companies are required to provide the country’s national security agencies with “all their customers’ data”. Requests for data do not need to be accompanied by a warrant, though a decree from the prime minister is required.
Resolution No. 2180 acts as the executive regulation of Law No. 87. According to Art. 10 of the Resolution, ride-sharing companies are to submit to the Ministry of Transportation six months’ worth of “customers’ data” from all rides provided upon request by the Ministry.