The National Information and Communication Technology Act 2009 establishes an operator licensing framework that comprises three types of licences, including application licences (Art. 4). According to Schedule 1 of the National Information and Communication Technology (Operator Licensing) Regulation, the scope of application licences includes, inter alia, the provision of IP telephony services. Under Art. 48, only “eligible corporations” and individuals who are citizens of Papua New Guinea may apply for, and hold, these operator licences. For this purpose, an “eligible corporation” is defined in Art. 4 as a foreign or domestic body corporate that (a) is incorporated in Papua New Guinea and (b) holds a certificate under Sections 29 or 36E of the Investment Promotion Act 1992.

It is reported that, in December 2025, Papua New Guinea’s National Information and Communications Technology Authority (NICTA) formally instructed SpaceX (the parent company of Starlink Internet Services PNG Limited) to cease the provision of Starlink satellite services in Papua New Guinea, citing its statutory obligations under the National Information and Communications Technology Act 2009. Starlink is reportedly not licensed to operate in Papua New Guinea. Accordingly, NICTA has stated that the importation, supply, installation, operation, or use of Starlink terminals and related services in Papua New Guinea is strictly prohibited pending completion of the licensing process and the resolution of the relevant legal constraints.

According to Art. 180 of the National Information and Communication Technology Act 2009, engaging in “regulated conduct” – including dealing in (importing), letting on hire or loan, or repairing or adjusting any apparatus identified in the Radio Spectrum Regulations that is used to transmit radiocommunications – is subject to a radiocommunications licence.
This is also confirmed in Sections 1 and 3 of the Guidelines for Radio Dealers Licence, which states that, under the National ICT (Radio Spectrum) Regulation 2010, a Radio Dealers Licence should be granted by the National Information and Communication Technology Authority (NICTA).

Papua New Guinea permits self-certification of ICT equipment compliance, including, where relevant, radio transmission requirements and electromagnetic compatibility/interference (EMC/EMI), through a Supplier’s Declaration of Conformity (SDoC) submitted under NICTA’s type approval/registration framework. Under NICTA’s Type Approval Guideline (TA100 G), the SDoC is a written undertaking by the registered dealer that the apparatus complies with specified requirements and standards, and expressly indicates that the dealer has performed its own conformity assessment on the basis of independent test data or certification from the manufacturer or an accredited or internationally recognised test laboratory, applying standards recognised by NICTA.
The Guideline requires that type approval/registration applications be accompanied by an SDoC, together with any Declaration of Conformity (DoC) and supporting test reports or certificates (including EMC and EMR reports, where applicable). However, the detailed supporting documentation underpinning the SDoC is generally retained by the supplier and needs only to be provided to NICTA upon request.

According to Art. 21.4 of the Customs Regulation 1951, the de minimis threshold, that is the minimum value of goods below which customs do not charge duties, is PGK 250 (approx. USD 60). This threshold remains below the USD 200 threshold recommended by the International Chamber of Commerce (ICC).

The ".pg" registry (administered by the Papua New Guinea University of Technology, PNGUoT) regulates registrations through registry instruments, including the ".pg" Acceptable Use Policy (AUP) and the Registrant Agreement. According to Section 4 of the Agreement, registrants must provide a set of information to PNGUoT or its registrar, including a valid address. It is reported that applicants must have a local representative or local presence in the country.

The National Information and Communication Technology Authority (NICTA), established in 2010 under the National Information and Communication Technology Act 2009, is the executive authority responsible for supervising and administering telecommunications services. Pursuant to Art. 40 of the Act, NICTA is required to operate as an independent, autonomous and impartial body and to perform its functions without favour, prejudice or political or commercial interference.

Section 28 of the Digital Government Act mandates that the department responsible for information and communications technology establish and manage the Government’s Central Electronic Data Repository, which shall serve as the official facility for the backup of electronic data maintained by public bodies. This Repository shall comprise a primary physical electronic data repository together with any redundancy repositories established under Section 30, all of which must be synchronised and function collectively as a unified data storage system for compulsory backup and redundant data retention. The Central Electronic Data Repository must include an active operational software and hardware server, a storage software and hardware server, and a system processing software and hardware server. Public bodies that store data electronically are required, as regularly as practicable, to ensure that their electronic data is also backed up within the Central Electronic Data Repository as redundancy, within one year of the Repository’s establishment and publication by the Minister in the National Gazette. Under Section 30, the Department must also maintain one or more additional data centres for electronic data backup and redundancy, each of which must undergo daily synchronisation with the Central Electronic Data Repository, comply with the cybersecurity standards prescribed under the Act, and maintain a transmission system connecting it to the Central Electronic Data Repository.

Sections 22 to 27 of the Digital Government Act establish a centralised government network, cloud, and data infrastructure under the authority of the department responsible for information and communications technology. All public bodies are required to use the Government Private Network, which integrates the Central Electronic Data Repository, approved physical, virtual or cloud connectivity, and shared digital services, unless written approval is obtained to use an alternative network. The Act mandates the creation of a Government Leased Cloud Infrastructure, requiring public bodies to migrate all virtual private networks and digital services operating on external cloud infrastructure within one year, subject to limited, time-bound exemptions approved in writing, with unauthorised operation constituting an offence. The Department may further establish a Government Private Cloud Infrastructure, to be physically located in Papua New Guinea, into which public-sector electronic data must be migrated within a prescribed period, while offshore storage is permitted only on efficiency grounds, in compliance with standards, and with written approval following advice from the ICT Steering Committee. The framework is completed by establishing the National Electronic Data Bank, which will host the Central Electronic Data Repository, the National Cyber Security Centre, the Government Private Cloud Infrastructure (if established), other public-sector data servers, and all associated core infrastructure.

Papua New Guinea has not joined any agreement with binding commitments to open transfers of data across borders.

Papua New Guinea does not have a comprehensive data protection regime in place.

Section 7 of the SIM Card Registration Regulation provides that subscriber information held in the subscriber information database may be disclosed to a security agency, defined in Section 1 as the Royal Papua New Guinea Constabulary, which is the national police force, other State law enforcement bodies, or the National Intelligence Organisation; however, a licensee, meaning any telecommunications or electronic communications service provider licensed by the National Information and Communications Technology Authority (NICTA), may release such information only upon receiving a prior written request from the relevant security agency. This request must be in the prescribed form, state the rank of the requesting official, specify the purpose and reasons for the request, relate to the statutory functions of the agency, and be endorsed by the Attorney-General, who is a government minister, as well as by the National Intelligence Organisation and NICTA, before being submitted to the licensee. Disclosure is prohibited where it would contravene the Constitution or any Act of Parliament, or where it would pose a threat to national security. The legislation does not require that such a request be supported by a judicial investigation, a warrant, or a court order.

A basic legal framework on intermediary liability for copyright infringement is absent in Papua New Guinea's law and jurisprudence.

A basic legal framework on intermediary liability beyond copyright infringement is absent in Papua New Guinea's law and jurisprudence.

The SIM Card Registration Regulation 2016 mandates telecom and electronic communications service licensees to establish and maintain a Subscriber Information Database for SIM registration purposes (Art. 4).
According to Art. 9 of Regulation, telecom and electronic communications service licensees must register, capture and transmit to their subscriber information database (a) the identification number of any SIM card to be activated at the request of an individual subscriber, and (b) the subscriber’s biometric and other personal data. The collection of such personal information must follow the prescribed form. An individual subscriber may not be registered unless they present a valid identification document and are physically present at the registration location.