According to Art. 13 of Law No. 53-05 relating to the electronic exchange of legal data, the import, export, supply, operation, or use of means or cryptographic services is subject to a prior statement and prior approval from the authority. The purpose of the provision is to prevent the use of cryptographic services for illegal purposes and to protect the interests of national defense, and the internal or external security of the State.

According to Art. 13 of Law No. 53-05 relating to the electronic exchange of legal data, the import, export, supply, operation, or use of means or cryptographic services is subject to a prior statement and prior approval from the authority. The purpose of the provision is to prevent the use of cryptographic services for illegal purposes and to protect the interests of national defense, and the internal or external security of the State.

The High Authority of Audiovisual Communication (HACA) in Morocco is responsible for the sector of audiovisual communication and grants licenses for audiovisual services. According to Art. 18 of Law No. 77-03 relating to audiovisual communication, applicants for license in audiovisual communication services are obliged to have at least one shareholder who is a qualified operator, a natural or legal person with convincing professional experience in the field of audiovisual communication, who must hold or undertake to hold at least 10% of the company's share capital and voting rights. This qualified operator is not allowed to hold shares in another company with the same corporate purpose. It is not clear whether the law applies to online content.

According to Art. 1 of Decision No. 04-04 of April 6, 2004, of the Director-General of National Agency for the Regulation of Telecommunications relating to the status telephony over IP, for a license requirement for the provision of any VoIP service. Only licensed public telecom operators are supposed to provide VoIP services. It is reported that this law was not implemented until January 2016 when ARTNET banned voice-over internet protocol (VoIP) services like Skype, WhatsApp, and Viber on account of the licensing requirement. The ban was quietly reversed in October of the same year following mass boycott movements by Moroccan citizens.

The Press Code, published in August 2016, imposes licensing requirements for online media and mandates the registration of journalists. For a director of an electronic media outlet, it is required to hold a press card, which is a form of certification that was previously not required for an online outlet.According to reports by Freedom on net 2021, it took seven months for directors of two French-language online news sites, Yabiladi and Le Desk to receive their press cards in 2018.
To obtain press cards and benefit from state financial support, Arts. 34 and 35 of the Press Code require online news portals to acquire two types of authorizations from two different bodies, and are valid for one year at a time:
- authorization from the Moroccan Cinema Center (CCM) to produce video content, and
- authorization from the Telecommunications Authority (ANRT) to host domain names under "press.ma.".

The indicator "6.2.4 - Government Internet shut down in practice" of the V-Dem Dataset, which measures whether the government has the technical capacity to actively make internet service cease, thus interrupting domestic access to the internet or whether the government has decided to do so, has a score of 3 in Morocco. This corresponds to "Rarely but there have been a few occasions throughout the year when the government shut down domestic access to Internet."

According to Art. 65 of Law No. 77-03, advertisements must be broadcast in Arabic, Amazigh or Moroccan dialects if they are intended for the Moroccan public. The use of other languages is among other reasons authorized if the communication of the said commercials in Arabic, Amazigh or Moroccan dialects proves to be difficult due to the specific technical concepts involved. It is not clear whether the law applies to online content.

Under Art. 104 of Law No. 88-13 relating to the press and publishing, also known as the press code, the Moroccan government has the right to suspend any periodic publication or block electronic newspaper or electronic medium “prejudicial to Islam, the monarchy, territorial integrity, or public order,” and it can also seek heavy fines or prison sentences under the penal code for the publication of offensive content. According to the 2021 Freedom on the Net Report, the Moroccan government exercises control over the information landscape through the provisions of the Press Code.

It is reported that in 2016 Morocco’s three telecommunications companies shut off access to Voice over Internet Protocol (VoIP) on mobile networks like WhatsApp, Viber, and Skype. The telcos, Maroc Telecom, Meditel, and Inwi, justified the act by claiming that the services violated Moroccan regulations.

It is reported that the Moroccan government is able to maintain control over the information landscape, including online content, through a series of restrictive laws. One of these laws is the 2003 Law to Combat Terror, known as the anti-terrorism law, which gives the government sweeping powers to filter and delete content that is deemed to “disrupt public order by intimidation, force, violence, fear, or terror.” It is further reported that authorities retain wide discretion to define vague terms such as “national security” and “public order”, opening the door for abuse. Many opposition news sites are therefore hosted on servers outside the country to avoid being shut down by the authorities.

Under the 2014 decision by the Telecommunications Authority (ANRT), purchasers of SIM cards must register their names and national identity numbers with telecommunications operators.

A basic legal framework on intermediary liability beyond copyright infringement is absent in Morocco's law and jurisprudence.

Morocco has a safe harbour regime in place for intermediaries for copyright infringements (Law No. 34-05). A service provider is defined according to Part IV-bis as an operator of facilities for online services or for access to networks with no alteration of the content between the points specified by the user and of his choice. Under Law 34-05, a service provider is not liable for information transmitted or stored on its network if it does not modify the content of the material, or does not directly enjoy financial gain attributable to the activity of infringing copyright or related rights, under circumstances in which it has the right and ability to control that activity. However, a service provider is expected to act without delay to withdraw the material hosted on its system or network or to disable access to that material on becoming aware of an infringement of copyright or related rights, or of facts or circumstances that indicate that copyright or related rights have been infringed, as a result of formal notice of allegations of infringement of copyright.

Art. 64 of Law No. 77-03 Relating to Audiovisual Communication mandates audiovisual operators to record each audiovisual program in its entirety and keep it for at least one year. In the event that the said program or one of its elements is the subject of a right of reply or a complaint concerning compliance with the laws and regulations in force, the recording shall be kept for as long as it is likely to serve as evidence. It is reported that it is not clear whether the law applies to online content.

Decision No. D-188-2020 governing the data protection impact assessment requires the data controllers or processors to carry out DPIAs when necessary, and to present the Data Protection Impact Assessments (DPIA) to the data protection authority (CNDP) in the event of a control. Situations that warrant DPIA relate mainly to processing operations presumed to involve a risk of breaching the protection of privacy and personal data, which fall into one or more of the following categories:
- Processing which violates the provisions of Art. 11 of the Law, regarding the neutrality of effects and which allow decisions to be taken on the basis of automated processing of personal data;
- Large scale processing of sensitive data which, according to Article 1 of the Law, reveal racial or ethnic origin, political opinions, political opinions, religious or philosophical convictions, or the data subject's union membership, or relating to his/her health, including his/her genetic data;
- Processing operations which allow systematic surveillance of the data subjects; and
- Processing carried out in the context of the use of innovative technological or organisational solutions.