A basic legal framework on intermediary liability beyond copyright infringement is absent in Sudan's law and jurisprudence.

It is reported that in Sudan, customers must show passports at the point of sale of sim cards and provide a copy of the passport with a form to fill in. Once the procedure is complete, customers may receive the sim card and activate it.
It is reported that, in July 2022, the Technical Committee of the Council of Security and Defence in Sudan ordered service providers to suspend all SIM cards that were not registered with a national ID number.

Reports indicate that various laws and regulations in the country are utilised to block or filter online content. In December 2020, the Telecommunications and Post Regulatory Authority (TPRA) introduced regulations granting it the authority to block specific categories of websites, including those related to gambling, peer-to-peer file sharing, VPN services, advocacy for atheism, and any additional classifications deemed appropriate by the authority. It is reported that, under Art. 8 of these regulations (which are not publicly available), internet service providers (ISPs) are required to block websites immediately upon receiving a TPRA notice, with non-compliance subject to fines of up to SDP 300,000 (approx. USD 500).
Furthermore, the Cybercrime Act has reportedly been used to restrict access to online news platforms. For instance, in September 2022, the website of the Al-Sudani newspaper was ordered to be blocked under the framework of this law.

The indicator "6.2.4 - Government Internet shut down in practice" of the V-Dem Dataset, which measures whether the government has the technical capacity to actively make internet service cease, thus interrupting domestic access to the internet or whether the government has decided to do so, has a score of 1 in Sudan for the year 2023. This corresponds to "The government shut down domestic access to the Internet numerous times this year."
It is reported that Sudanese authorities have a long history of using internet shutdowns to curtail fundamental human rights. The warring parties in Sudan have weaponised internet shutdowns by instructing telecommunications companies to limit access or by damaging ISP data centres, thereby controlling and impeding the free flow of information in areas held by opposing factions.
Sudan has reportedly imposed at least two internet shutdowns in 2023 during the ongoing conflict. Major shutdowns continued into 2024, including a month-long shutdown starting in February, which affected the entire country after the Rapid Support Forces (RSF) reportedly took over telecommunications facilities in Khartoum.
It is reported that when fighting between the ruling Sudanese Armed Forces (SAF) and paramilitary groups led by the RSF broke out in Khartoum in April 2023, SAF authorities immediately ordered telecommunications providers to shut down their services nationwide. In the hours leading up to the ceasefire deadline, yet another nationwide blackout occurred across multiple providers.

According to Art. 9 of the Press and Publications Act 2009, the National Council on Press and Publications (NCPP) issues practical approvals for several media companies, including advertising agencies. It is reported that the cost of issuing the licence is SDP 400,000 (approx. USD 900).

According to Art. 9 of the Press and Publications Act 2009, the National Council on Press and Publications (NCPP) issues practical approvals for press companies, institutions, presses, publishers, distributors, service centres and advertising agencies.
For newspapers and other forms of press-related publications to be duly published, the following requirements must be met:
- Obtain a permit from the NCPP upon payment of the fees provided for in the Regulations (Art. 21.a);
- Authorisations/licences may be renewed on an annual basis upon payment of the fees provided for in the Regulations (Art. 21.b).
It is reported that the cost of issuing the licence for each media service and news site is SDP 400,000 (approx. USD 900).

Type approval procedures in Sudan are regulated by the Telecommunications and Post Regulatory Authority (TPRA). It is reported that the homologation process in Sudan does not require local laboratory testing or contact with local representatives. However, a product sample can be requested from the authority for viewing.

It has been reported that a licence is required for the provision of fixed-line telecommunications, mobile telecommunications, and internet services. The submission of a licence application must be accompanied by a feasibility study for the proposed project, as well as a detailed rollout plan. The award of the licence is determined through a competitive bidding process. However, the process involves minimum capital requirements specified in the bidding documents. Furthermore, the renewal of the licence is dependent on the licensee's adherence to the approved rollout plan.

Sudan has not appended the World Trade Organization (WTO) Telecom Reference Paper to its schedule of commitments. In fact, Sudan is not a member of the WTO.

It is reported that the Telecommunications and Postal Regulatory Authority (TPRA), the executive authority for the supervision and administration of services in the telecommunications sector, is independent from the government in the decision-making process.

The legal framework of Sudan does not mention the limitation of transferring data to a foreign country. Still, it is reported that de facto, there is a limitation to transferring data abroad for security reasons, especially for the strategic and sensitive sectors, such as telecom and audio-visual.

Sudan has not joined any agreement with binding commitments to open transfers of data across borders.

Sudan does not have a comprehensive regime in place for personal data, but it has the Electronic Transactions Act 2007 as a sectoral regulation. A data protection authority has not yet been appointed.

According to Art. 6 of the Anti-Money Laundering and Combating the Financing of Terrorism Act 2014, financial and non-financial institutions are required to keep records and data relating to customers and transactions and ensure that these records and information are made available to the competent authorities with reasonable speed. The records must be kept for a period of at least five years after the termination of the business relationship or the execution of the incidental transaction, whichever is longer. The article also stipulates that records and data relating to domestic and international transactions, whether executed or attempted, should be kept for at least five years after the transaction, and such records shall be detailed enough to allow the steps of each transaction to be tracked separately.

Art. 74 of the Telecommunications and Postal Regulation Law authorises the interception, surveillance, and eavesdropping of communications. Such actions may be mandated by a prosecutor or a specialised judge. Additionally, interception may be authorised by the General National Intelligence Service, Military Intelligence, or the Federal Police. Art. 25 of the Law imposes an obligation on telecommunications operators to grant the Telecommunication and Postal Regulation Authority access to their facilities, networks, and equipment, and to allow the installation of devices necessary for performance measurement and monitoring. Reports indicate that, under this legislation, telecommunications companies are required to provide customer data to authorities upon request.