According to the Law on Cryptology in Senegal, the private use of cryptographic software by a natural person is restricted to software with a key length of 128 bits or less. If the cryptographic key length exceeds this limit, the private use of such cryptography becomes subject to a declaration regime.

According to Art. 14 of Law No. 2008-41 of 20 August 2008 on cryptology, the supply and importation of cryptology mean that do not exclusively ensure authentication and integrity control functions requires a prior declaration to the National Cryptology Commission and the submission of a description of technical characteristics.

It is reported that the de minimis threshold, that is the minimum value of goods below which customs do not charge duties, is USD 30, below the 200 USD threshold recommended by the International Chamber of Commerce (ICC).

According to Art. 10 of the ".sn" domain name Charter, applicants domiciled abroad are required to designate an agent established in Senegal or, in default, to provide a letter of accreditation to the service provider for the registration and management of their ".sn" domain name.

The Law on Electronic Transactions, the Law on Cybercrime, the Decree on Electronic Commerce, and Decree No. 2014-770 of June 14, 2014, specifying certain obligations of operators regarding consumers' right to information, provide a comprehensive consumer protection framework that applies to online transactions. While the law on Electronic Transactions and the Decree on Electronic Commerce lay down provisions for the protection of the consumer online, the law on Cybercrime specifies the criminal sanctions to be applied in case of violation of these standards.

Senegal has signed but not ratified the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

Senegal has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.

Senegal has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

The indicator "7.2.4 - Government Internet shut down in practice" of the V-Dem Dataset, which measures whether the government has the technical capacity to actively make internet service cease, thus interrupting domestic access to the internet or whether the government has decided to do so, has a score of 3 in Senegal for the year 2024. This corresponds to "Rarely but there have been a few occasions throughout the year when the government shut down domestic access to Internet."
In 2024, the Senegalese government reportedly implemented at least three internet shutdowns. One of the most notable occurred in February, when the government abruptly postponed the presidential elections originally scheduled for 25 February. In response to widespread protests, the Ministry of Communication, Telecommunication, and Digital Economy ordered the suspension of mobile data access, citing concerns over the spread of “hateful and subversive messages” on social media. This practice continued a pattern observed in 2023, when authorities shut down mobile internet in specific areas during periods of unrest, including in June and following the arrest of opposition leader Ousmane Sonko. Since August 2023, mobile data has reportedly been cut daily, typically from 8 a.m. to 2 a.m., indicating a sustained use of internet disruptions to manage political tensions.

According to Art. 14 of Law No. 2008-41 of 20 August 2008 on cryptology, the supply and importation of cryptology mean that do not exclusively ensure authentication and integrity control functions requires a prior declaration to the National Cryptology Commission and the submission of a description of technical characteristics.

The ARTP (Telecommunications and Postal Regulation Agency) has the exclusive mandate to examine ICT products. It is reported that foreign companies cannot participate in standards setting.

The ARTP (Telecommunications and Postal Regulation Agency) is the only body authorised to approve and certify radio equipment imported into the country. This procedure is expressly required, and the certification is carried out according to the standards defined by the ARTP in accordance with the Decree on frequencies and frequency bands, radioelectric equipment and the operators of such equipment.

Art. 4 of Law No. 2008-12 provides that legally entitled public authorities, in the context of a particular task or the exercise of a right of communication, may request the controller to communicate personal data to them. It is not clear whether a court order is required.

The Intelligence Services Law provides that in the event of a threat to national interests and the absence of any other means, the intelligence services may use intrusive technical surveillance and location procedures to collect information useful for neutralising the threat (Art. 10). To this end, the entities holding the data are obliged to provide the necessary assistance to the intelligence services without delay.

Law No. 2008-8 of 25 January 2008 on Electronic Transactions establishes a safe harbour regime for intermediaries for copyright infringements. According to Art. 3.2 of the Law on Electronic Transactions, intermediaries may not be held civilly liable for activities or information stored at the request of a recipient of such services if they did not have actual knowledge of their unlawful nature or of facts or circumstances indicating such a nature, or if, as soon as they became aware of such knowledge, they acted promptly to remove such data or to prevent access to them.