Under the Telecommunications Authority (ANRT) decision of 11 February 2014 concerning the identification of mobile subscribers, purchasers of SIM cards must register their names and national identity numbers with telecommunications operators. The ANRT enforces a ban on unregistered SIM cards, reportedly in accordance with Law no. 09-08 on the Protection of Individuals with Regard to the Processing of Personal Data.

The State retains ownership stakes in all three main operators in the telecommunications sector: Maroc Telecom, Orange Maroc and Inwi. Maroc Telecom is 53% owned by Etisalat, with the Moroccan State holding a 22% share. Orange Maroc is 49% owned by the Orange Group, while the remaining 51% is divided equally between the state-owned Caisse de Dépôt et de Gestion (CDG) and O Capital Group (25.5% each). Inwi (Wana Corporate) is majority-owned by Al Mada (formerly Société Nationale d’Investissement), which holds 69% of its capital, with the remaining 31% held by Kuwait’s Zain Group and the Al Ajial Investment Fund. The three operators together account for a market share of approx. 61%, 36% and 3%, respectively.

It is reported that Morocco does not mandate functional separation for operators with significant market power (SMP) in the telecom market. However, there is an obligation of accounting separation.

Morocco has appended the World Trade Organization (WTO) Telecom Reference Paper to its schedule of commitments.

It is reported that the National Agency of Telecommunications Regulation (ANRT), the executive authority for the supervision and administration of services in the telecommunications sector, is independent from the government in the decision-making process.

Art. 11 of the Law on Cybersecurity stipulates that sensitive data processed by entities or operators of infrastructure of critical importance must be stored exclusively within the national territory, and therefore it cannot be hosted on cloud systems. Sensitive data includes information whose compromise in terms of confidentiality, integrity, or availability would adversely affect an entity or infrastructure of critical importance, defined as installations, facilities, and systems essential for maintaining vital societal functions, including health, safety, security, and economic or social well-being. The disruption, unavailability, or destruction of these would result in the failure of these functions.
In addition, Art. 34 of Decree No. 2-21-406, which implements Law No. 05-20, mandates that sensitive data pertaining to cybersecurity services, such as the monitoring, analysis, and management of cybersecurity incidents, must also be stored exclusively within the territory of Morocco.

Art. 16 of ANRT Decision/DG/No.02/2024 stipulates that any entity intending to provide domain name services must operate a secure Domain Name System (DNS) infrastructure comprising at least two servers, one of which must be physically located within Morocco.

According to Art. 43 of Law No. 09-08 on the Protection of Individuals with Regard to the Processing of Personal Data, the transfer of personal data to a foreign country is only allowed if the country offers an adequate level of protection of the privacy and fundamental rights and freedoms of individuals. In the Decision No. 236-2015 of 18 December 2015, the Moroccan data protection authority (CNDP) recognised the following countries as offering an adequate level of data protection: Austria, Belgium, Bulgaria, Canada, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, and the United Kingdom.
The transfer of personal data to a country that does not provide an adequate level of data protection is only allowed subject to certain conditions, including the express consent of the data subject or if the transfer is necessary to safeguard the data subject's life, to safeguard the public interest, to comply with judicial obligations, for the performance of a contract between the controller and the data subject or pre-contractual measures taken at the request of the latter. Personal data may also be transferred if the transfer is carried out pursuant to a bilateral or multilateral agreement to which Morocco is a party, or with the express and reasoned authorisation of the CNDP when the personal data processing guarantees a sufficient level of protection of privacy and the fundamental rights and freedoms of individuals, in particular, because of the contractual clauses or internal rules to which it is subject.

Morocco has not joined any agreement with binding commitments to open transfers of data across borders.

Law No. 09-08 on the Protection of Individuals with Regard to the Processing of Personal Data and its implementation Decree No. 2-09-165 of 21 May 2009 provides a comprehensive regime of data protection in Morocco.

According to Art. 7 of Law No. 43-05 relating to the fight against money laundering, institutions in finance and insurance services are obliged to keep the documents relating to the transactions carried out by their clients, as well as documents relating to the identity of their customers for 10 years.

Morocco lacks a comprehensive regime for the protection of trade secrets.

In accordance with Art. 22bis of Law No. 24-96 on Postal and Telecommunications Services, public telecommunications network operators are required to comply with requests from any other public telecommunications network operator to share their infrastructure, in order to allow the installation and/or operation of telecommunications equipment, provided that such sharing does not interfere with public use. The infrastructure concerned includes engineering structures, ducts and pipelines, high points and telecommunications lines owned by legal persons governed by public law, public service concessionaires and public telecommunications network operators. Decree No. 2-97-1026 on the General Conditions for Operating Public Telecommunications Networks further details the procedures governing such infrastructure sharing.

Circular No. 15/2020 calls for the application of domestic preferences and encourages the sourcing of made-in-Morocco products in public procurement by ministerial departments and public establishments. According to Section 2 of the Circular, the use of imported materials is permitted only where no Moroccan product satisfies the required technical specifications. In such cases, companies awarded the contracts must provide documentation evidencing the origin of the products and materials they intend to use, including invoices, delivery notes and certificates of origin, and also an administrative certificate confirming that there are no national products that meet the required standards.

According to Art. 147 of Decree No. 2-22-431 (which repeals Decrees No. 2-12-349 of 2013 and Decree No. 2-19-69 of May 24, 2019, on government procurement), when competitors not established in Morocco submit bids for works, supply or service contracts, preference is given, when evaluating financial bids to bids submitted by competitors' established in Morocco. For this purpose, the amount of the financial bid submitted by the competitor not established in Morocco shall be:
- reduced by a percentage fixed at 15% when the amount of this bid is the closest by default to the reference price, and there are bids submitted by competitors established in Morocco that are lower than this reference price;
- increase by a percentage fixed at 15% when the amount of this bid is closest by default to the reference price in the absence of bids lower than this reference price;
- will be increased by a percentage fixed at 15% when the amount of this bid is the closest by default to the reference price in the event that the bids submitted by competitors established in Morocco are higher than this reference price.
- for service contracts relating to studies, the amount of the financial bid submitted by the competitor not established in Morocco shall be increased by a percentage fixed at 15%.
The provisions of this article do not apply to a consortium when one or more of its members are established in Morocco, provided that the participation of the member or members of the consortium, as indicated in the contracting act, is equal to or greater than 30%.