According to Art. 40 of the Data Protection Act, where a type of processing is likely to result in a high risk to the rights and freedoms of any individual, the data controller shall, prior to the processing, carry out a data protection impact assessment.
An assessment is required when: (i) a systematic and extensive evaluation of personal aspects relating to individuals which are based on automated processing, including profiling, and on which decisions are based that produce legal effects concerning the individual or significantly affect the individual; (ii) processing on a large scale of special categories of data referred to under section 23 (data related to minors); (iii) there is systematic monitoring of a publicly accessible area on a large scale; (iv) there exist any other circumstances as specified by the Commission in the implementation of this Act.
Furthermore, according to Art. 40.3, the data protection impact assessment shall include the following: (i) a general description of the envisaged processing operations, their purpose, and legitimate interest pursued by the data processor; (ii) an assessment of the risks to the rights and freedoms of the data subjects; (iii) the measures envisaged to address those risks; and (iv) safeguards, security measures and mechanisms to ensure the protection of personal data and to demonstrate compliance with this section, taking into account the rights and legitimate interests of the data subjects and other persons concerned.
According to Art. 45.1, the data controller shall designate a data protection officer when (i) the core activities of the data controller or the data processor consist of processing operations which, by virtue of their nature, their scope or their purposes, require regular and systematic monitoring of the data subjects on a large scale; or (ii) the core activities of the data controller or the data processor consist of processing on a large scale of special categories of data under Part IV (sensitive data, data related to minors and data relating to offences and criminal conviction).

A basic legal framework on intermediary liability for copyright infringement is absent in Seychelles's law and jurisprudence.

A basic legal framework on intermediary liability beyond copyright infringement is absent in Seychelles's law and jurisprudence.

According to Section 2. C of the Broadcasting and Telecommunication Act 2021 (amending the Broadcasting and Telecommunication Act), service providers must submit all customer records for activated mobile services before the 5th day of each month. Secondly, they must register and verify customer details before activating mobile services on purchased starter packs or subscriber information module cards. These measures aim to ensure proper record-keeping and verification processes for enhanced regulatory compliance and customer protection.

According to Section 16 of the Broadcasting and Telecommunication Act, where any matter (including an advertisement) intended for broadcasting is, in the opinion of the Minister, of an objectionable nature, the Minister may by order in writing prohibit the broadcasting of the matter unless suitably amended in the manner specified by the Minister in the order, so as to remove the objectionable nature of the matter.

The Customs Management (Prohibited and Restricted Goods) Regulations restrict the importation of Radio Communication equipment HS Code 8525.5010 to 8525.6000 without written prior approval of the Department of Information and Communications Technology.

It is reported that voluntary certification is recommended, and in-country testing is not mandatory. It is further reported that self-certification is allowed, and it is recommended that homologation be made in the Department of Information Communications Technology.

Seychelles has a telecommunications authority: Seychelles Department of Information Communication Technology (DICT). However, it is reported that the DICT's decision-making process, operating under the President's Office, is only partially independent of the government. The DICT is responsible for developing and implementing legislation, regulations, and policies related to telecommunications and associated services.

According to Section 56.1 of the Financial Leasing Act, every financial leasing institution shall maintain in the Seychelles for a period of at least seven years certain records, including customer identification records, during and after termination of the customer relationship; transaction records showing, for each customer, at least on a daily basis, particulars of its transactions with or for the account of that customer, and the balance owing to or by that customer. According to Section 56.2, every record shall be kept in written form or digital format, and it shall be the duty of the financial leasing institution to ensure that adequate data recovery systems and procedures are in place.

Section 47 of the Data Protection Act of Seychelles establishes that personal data may only be transferred outside the country if the recipient jurisdiction ensures a level of protection for data subjects' rights and freedoms that is comparable to domestic standards. Specifically, the processing of special category data belonging to Seychellois citizens is permitted only when a designated data controller is accountable within Seychelles, the transfer occurs within intra-group schemes with headquarters abroad, data subjects are informed of the processing location and relevant details, and the transfer is necessary to protect vital interests. In addition, the Commission may authorise personal data transfers if they are part of a cross-border privacy rules system that enforces legal standards against data controllers and processors, and requires the implementation of proportionate, risk-based security measures. However, the Commission retains the authority to prohibit transfers where necessary in the public interest.

Seychelles is not participating in trade or regional agreements committed to open transfer or cross-border data flows.

The Data Protection Act provides a comprehensive regime of data protection in Seychelles.

Seychelles is a party to the Patent Cooperation Treaty (PCT). However, the country does not consider itself bound by Art. 59 related to disputes.

Seychelles has a clear regime of copyright exceptions that follows the fair dealing model, which enables the lawful use of copyrighted work by others without obtaining permission. According to Sections 9-17 of the Copyright Act, the exceptions include the right to reproduce a work for personal use and purposes privately; the quotation from a work that has lawfully been made available to the public; the reproduction, broadcasting and other communication to the public for informatory purposes; the reproduction in a single copy or the adaptation of a computer programme by the lawful owner of a copy of that computer programme among others.

Seychelles has not signed the World Intellectual Property Organization (WIPO) Copyright Treaty.