It is reported that in March 2022, there disruptions to two online communications platforms, Zoom and Microsoft Teams for a short period of time.

The specifications for the exercise of the profession of commercial advertising agent, as set out in the "Order of the Minister of Commerce and the Minister of Development, Investment and International Cooperation of 17 April 2020", require natural persons or legal representatives of legal entities wishing to exercise the profession of commercial advertising agent to hold a national licence or its equivalent or to have completed two years of higher education and to provide evidence of at least one year's professional experience in an advertising agency (Art. 3) and to be of Tunisian nationality (Art. 4). The specifications also require that the legal entity be subject to Tunisian law, be managed by Tunisians and that its foreign capital not exceed 50% (Art. 7). Arts. 6 and 8 of the specifications also require natural and legal persons to provide a bank guarantee. Annex 2 of the specifications describes the types of activities carried out by commercial advertising agents and includes digital communication agencies, which deal with the development of websites and online applications, the creation and management of online content and the management of social media networks.

A basic legal framework on intermediary liability beyond copyright infringement is absent in Tunisia's law and jurisprudence.

According to paragraph 2 of the Circular of the Ministry of Communications Technologies of November 2021, mobile phone customers in Tunisia must present documentary evidence to prove their identity upon purchasing a SIM card. Telecom operators keep records of customers’ data, including identities, dates of birth, postal addresses, and national identity numbers or passports.

Under Presidential Decree 2023-47, the authorities extended until the end of December 2023 a state of emergency originally declared in 2011 under Decree No. 2011-184 and extended several times. The Tunisian authorities declared a state of emergency under Decree 78-50, which reportedly allows them to access electronic devices without a court order.

ISPs have the duty, according to Art. 11(3-4) of Decree No. 4773-2014, “to meet the requirements of the national defence, security and public safety in accordance with the legislation and regulation in force” and to “provide to the relevant authorities all the means necessary for the performance of his duties, in that context, the provider of Internet services shall respect the instructions of the legal, military and national security authorities”. It is reported that the ISPs may be required, therefore, to cooperate with the public authorities as needed and this may imply divulgation of customers’ information.

A basic legal framework on intermediary liability for copyright infringement is absent in Tunisia's law and jurisprudence.

Tunisia has not joined any agreement with binding commitments to open transfers of data across borders.

The Organic Act No. 63-2004 on the Protection of Personal Data provides a comprehensive regime of data protection in Tunisia and sets up the National Authority of Data Protection (INPDP) in charge of its enforcement.

Art. 6 of Decree No. 54-2022 requires telecommunications service providers to keep data stored in their own information system for a period of no less than two years, including geolocation data, personal identification data, and traffic flow data. It is unclear if the information system has to be in the country or not.

It is reported that the Instance Nationale des Télécommunications (INT, National Telecommunications Authority), the executive authority for the supervision and administration of services in the telecommunications sector, is independent from the government in the decision-making process. Art. 63 (bis) of Law No. 01-2001 provides that the INT shall have legal personality and financial autonomy.

Pursuant to Organic Act No. 2004-63, the transfer of personal data is generally prohibited or subject to strict measures. According to Art. 52, prior authorisation from the Tunisian Data Protection Authority (Instance Nationale de Protection des Données à caractère Personnel, INPDP) is required in all circumstances. In addition, according to Art. 50, it is forbidden to transfer personal data to a foreign country where this is likely to harm the public security or vital interests of Tunisia. Lastly, according to Art. 51, the transfer of personal data is not permitted to countries which do not provide an adequate level of data protection. It should be noted that Art. 22 provides that the natural person or the legal representative of the legal entity wishing to carry out the processing of personal data and their agents must meet the following conditions: be of Tunisian nationality; be a resident of Tunisia; and have no criminal record. These conditions also apply to the subcontractor and its agents.

According to Art. 21 of the Decree-Law No. 2-2022, it is forbidden for companies organizing the activity of credit information to transfer their databases outside Tunisia and to host the data in the cloud.

It is reported that public companies and institutions are prohibited by the Ministry of Communication Technologies from freely transmitting and storing personal data outside of the country.

According to Art. 2 of Decree No. 2014-412, the activity of a virtual telecommunications network operator is subject to authorization from the Minister responsible for telecommunications after advice from the national telecommunications authority. Art. 5 lists the required conditions, including: to be a Tunisian citizen; to have a capital of not less than 150,000 dinars (approx. USD 48,500) owned nominally and by a majority of Tunisians.