Pursuant to Art. 6 of Government Decree No. 9/2008, telecom operators are required to retain user identification data—either electronically or in physical form—for a minimum duration of five years from the date of contract conclusion. In addition, Art. 7.4 stipulates that traffic data must be preserved for at least one year from the date of its generation. According to Art. 2, the term "operator" refers to any concessionaire or licensee that provides mobile telecommunications services via a subscription contract, utilising a SIM card.

In accordance with the schedules outlined in Annex I of the "ANC Guidelines on Registration", registrants of telecommunications services, including those providing international simple resale services, resale of leased circuit services, public internet access services, virtual private network services, managed data network services, mobile virtual network operations, IP telephony services, and satellite mobile telephone or data services, are required to maintain a register documenting the particulars of their subscribers. This register must be preserved by the registrant for a minimum duration of 12 calendar months following the termination of services to the respective subscriber. In addition, registrants of IP telephony services and satellite mobile telephone or data services shall maintain call detail records (CDRs) of all calls made and received via the service, insofar as such services are operated and/or provided within the territory of Timor-Leste, for a period of no less than 12 calendar months. Also, registrants of machine-to-machine (M2M) services are required to maintain a register containing complete and accurate records of all SIM cards utilised in connection with the provision of M2M services. These records must include, at a minimum, the international mobile subscriber identity (IMSI) number and the mobile subscriber integrated services digital network number (MSISDN) associated with each SIM card. The register shall be retained by the registrant for a period of not less than 12 calendar months from the date of termination of the M2M services to the subscriber.

In accordance with Section 5.5 of the "Guidelines on the Registration of SIM Cards for Prepaid Mobile Services", the National Communications Authority is empowered to request from any service provider offering prepaid mobile services the complete set of both physical and electronic subscriber’s registration records. These records must be submitted within 24 hours of receipt of such a request, in the format and through the means as may be prescribed by the Authority from time to time. The provision does not stipulate the necessity of a court order for such a request. The data required during the registration process includes the subscriber’s full name, residential address, and the type and number of the identification document presented.

In accordance with the schedules outlined in Annex I of the "ANC Guidelines on Registration", registrants of telecommunications services, including those providing international simple resale services, resale of leased circuit services, public internet access services, virtual private network services, managed data network services, mobile virtual network operations, IP telephony services, satellite mobile telephone or data services, and mobile communications on aircraft, are required to maintain a register containing records of their subscribers and their particulars. This register shall be made available for inspection by authorised government agencies of Timor-Leste, with no requirement for a court order.

A basic legal framework on intermediary liability for copyright infringement is absent in Timor-Leste's law and jurisprudence.

A basic legal framework on intermediary liability beyond copyright infringement is absent in Timor-Leste's law and jurisprudence.

Pursuant to Art. 4 of Government Decree No. 9/2008, contracts for mobile telecommunications services involving SIM cards must include verified identification of the user. For natural persons, this entails the presentation of a current identity document bearing a photograph. In the case of legal entities, identification must be established through a registration certificate or an equivalent document attesting to the company’s legal existence. Foreign users are reportedly required to present a valid passport at the time of purchase. Additionally, under Art. 6.1, service providers are required to retain user identification data, in either physical or electronic form, for a minimum of five years following the conclusion of the contract.

The Government holds shares in the telecommunications company Timor Telecom. In 2023, the State became the company’s largest shareholder, increasing its ownership from 20.6% to 77.6%.

Art. 37 of Decree-Law No. 15/2012 stipulates the requirement for accounting separation for telecommunications operators possessing significant market power (SMP). No obligation pertaining to functional separation has been identified.

Pursuant to Art. 30 of Decree-Law No. 15/2012 (last amended in September 2024), any individual or entity intending to provide telecommunications services or operate a telecommunications network is required to register with the National Communications Authority. In addition, under Art. 61, the utilisation of radio-frequency spectrum or the operation of radio equipment is prohibited without the appropriate licensing. Although no restriction has been inditified in the country’s telecommunications legislation, it has been reported that there is a minimum capital requirement for obtaining a telecommunications licence.

Timor-Leste has appended the World Trade Organization (WTO) Telecom Reference Paper to its schedule of commitments.

It is reported that TradeInvest is responsible for the initial review of foreign investment applications, which are subsequently submitted to the Private Investment Commission for comprehensive analysis and evaluation. The Executive Director of TradeInvest serves as the Chair of the Private Investment Commission, which comprises Directors-General or their equivalents from the pertinent government ministries. Proposed investments are assessed with regard to their economic costs and benefits, as well as the financial and operational capacity of the investor. TradeInvest is authorised to issue investment certificates for projects approved by the Private Investment Commission with a value of less than USD 20 million. Projects exceeding this threshold require the approval of the Council of Ministers.

Section 8 and Annex A of the "ANC Guidelines on Registration" specify that certain service providers are ineligible for registration if they are not corporate entities incorporated in Timor-Leste. This restriction applies to cross-border internet-based voice and data services and value-added network application services, either originating from or terminating in Timor-Leste.

There is no legislation in force in Timor-Leste that provides for the protection of patents. Consequently, despite reports indicating a growing demand for patent registration, the country lacks an adequate legal framework to safeguard patent rights. It has also been reported that, in the absence of formal protection mechanisms, it has become common practice to publish cautionary notices in the local press to inform third parties of a proprietor’s rights.

There exists no comprehensive legal framework or substantive measures to ensure the protection of patents. Reports indicate that certain international corporations have resorted to publishing notices in local newspapers as a means of asserting their patent claims. Pursuant to Art. 19 of the Private Investment Law (Law No. 15/2017), all investors are entitled to the protection of intellectual property rights as recognised by law, however it does not apply to patents which have yet to be recognised by law. Nevertheless, there is a Draft Bill on the Industrial Property Code, which is expected to include provisions pertaining to patents.