Art. 68(f) of Decree-Law No. 370 states that the use of foreign servers to host websites is an offence. According to Art. 82 of Decree-Law No. 360/2019, "when due to connectivity needs or other interests, the entity requires hosting a site on servers located in a foreign country, this is done as a mirror or replica of the main site on servers located in Cuba, and the required measures are established to guarantee their security, in particular during the process of updating the information". In addition, according to Art. 83, "The network servers of an entity intended to facilitate access to or from abroad and those for internal use must be installed in different areas of the network, in such a way as to avoid connection between them."

Law 149/2022 includes provisions for cross-border data transfer and outlines that there are only five specific exceptions for data transfers outside the country. The cross-border data transfer is therefore only allowed in the case of international judicial cooperation, exchange of medical data when necessary for the treatment of the data subject, bank or stock exchange transfers about the relevant transactions, under applicable international treaties, and if the transfer of data is for the purpose of international cooperation in the fight against crime (Art. 65.1). In addition, Art. 66 grants to certain authorities the competencies to authorise the international transfer of personal data in other circumstances.

Cuba has not joined any agreement with binding commitments to open transfers of data across borders.

In Cuba, Law 149/2022 regulates the protection of personal data, consolidating the right to privacy provided under Art. 97 of the Constitution of the Republic of Cuba. The Law applies to public and private bodies and introduces the concepts of data owners with specific rights, as well as responsible persons and designated persons. The processing of personal data in Cuba is underpinned by 12 personal data protection principles, which must be followed in any such activities. Interestingly, the law details an extensive definition for personal data, requires the establishment of a data retention regime, and specifies a statutory retention period of five years if it is not otherwise stated by law for a category of record. Although the law does not establish a new data protection authority, the Ministry of Justice (MINJUS) is tasked with ensuring compliance and allowing various public bodies to authorise cross-border transfers of personal data.

Art. 60 of Decree-Law No. 360/2019 establishes that computer systems in which access is possible by multiple users should implement a personal and unique user identifier. The article adds that the people to whom user identifiers are assigned are responsible for the actions realised with their user identifier. In the event of termination of the employment relationship or other causes determined by the entity managing the computer system, the user identifier should be eliminated. In all cases, the traces of the use of the access credentials should be preserved for a period of at least one year.

Copyright is not adequately enforced online in Cuba. It has been reported that grassroots digital innovations, such as El Paquete Semanal, have facilitated access to extensive collections of frequently pirated digital content, relying on implicit government tolerance. It is also reported that the issue of piracy becomes even more complex on state-run digital platforms in Cuba, where foreign series, movies, and other materials are distributed. A notable example in the telecommunications sector is the illegal use of Windows, as the country lacks the means to obtain licenses. This situation extends to other content broadcast on television and to tools such as Office, the Adobe suite, and many others.

Cuba has not signed the World Intellectual Property Organization (WIPO) Copyright Treaty.

Cuba has not signed the World Intellectual Property Organization (WIPO) Performances and Phonogram Treaty.

The country lacks a comprehensive framework in place that provides effective protection of trade secrets, but there are limited measures addressing some issues related to them. According to Art. 429.2 of the Penal Code (Law 151/2022), shall be punished by imprisonment for six months to two years or a fine of two hundred to five hundred quotas or both whoever, without due authorisation, discloses, divulges, registers or exploits in the country or abroad, an undisclosed invention or information that should remain confidential and causes damages to its legitimate owner. Moreover, although private contracts may exist between the contracting party and the bidder, the possibility is left open that certain contracts may not be executed if they do not correspond to the priorities of the Cuban State.

Art. 55 of Decree-Law No. 35 stipulates that there is a mandate for operators to share certain resources associated with ducts, conduits, towers, poles, and other facilities. Art. 29 defines passive telecommunications infrastructures as installations that are primarily composed of towers, masts, poles, ducts, channels, conduits, chambers, cables, and dark fibre, among other components, and which are situated in various locations, including aerial, terrestrial, underground, submarine, or underwater.

Arts. 85 and 86 of the Law No. 35 establish that telecommunication services be provided by state companies. This presents restrictions or exclusions to foreign companies in the Telecommunications sector and in the Technology, Information and Communication sector (Chapter II, Sections Four and Eight). Currently, the Cuban Telecommunications Company has full ownership of telecommunications services. Therefore, foreign companies face a monopolistic barrier on the part of the national company in the telecommunications sector that includes services such as basic telephone services, signal conduction, data transmission, cellular land mobile telecommunications, virtual telephony, public telephone booths and stations, internet access, trunked mobile radio communication, provision of applications in the Internet environment and subscription television.

The Cuban Telecommunications Company. S.A. (ETECSA) has a state monopoly on telecommunications services and goods. Art. 1 of Decree No. 321 grants the administrative concession to ETECSA, enabling it to provide public telecommunications services granted in the national territory in the modalities for the term and under the conditions established in the decree. This Decree updates Decree 275 of 2003 of the Council of Ministers, giving it a period of up to 2023 to continue controlling all telecommunications services.

Cuba is not a signatory of the 1996 World Trade Organization (WTO) Information Technology Agreement (ITA) nor the 2015 expansion (ITA II).

Cuba is not a party to the World Trade Organization (WTO) Agreement on Government Procurement (GPA), nor does it have observer status.