It is reported that social media advertisements directed at Egyptian consumers are required to be presented in Arabic or accompanied by an Arabic translation.

According to Art. 6 of Law 180 of 2018, a license from the Supreme Council for Media Regulation (SCMR) is required to establish and manage a website in Egypt and operate offices or branches for websites. This license requires, inter alia, operating inside a specific media area. If a license is not obtained, the SCMR can cease or block the website. The term "website" is defined in Art. 1 as "the licensed page, link or application through which press, media or advertising content is provided, whether textual, audio, visual, static, animated or multimedia, issued under a specific name, with a specific electronic address and domain and created, hosted or accessed through the International Information Network (Internet)", therefore it also covers any online links and applications through which press, media, or advertising content is provided. According to Art. 60 of the law, websites are required to pay a fee of EGP 50,000 (approx. USD 2,800) to obtain the license and gain legal status. In addition, pursuant to Art. 40 of Law 180 of 2018, any person wishing to issue a newspaper or establish a website is required to notify the Supreme Council and provide a description of the type of content, editorial policy, sources of funding, and other detailed information. Furthermore, Art. 41 adds that it is not permitted to issue a newspaper or establish a website before completing the notification data.
It is reported that, in June 2024, Egyptian authorities escalated enforcement by announcing plans to block all unlicensed platforms within three months and ordering banks to halt financial transfers to platforms operating illegally without licenses, effectively creating a comply-or-exit ultimatum for foreign technology companies.

According to Art. 59 of Law No. 180 of 2018, no media outlet or electronic site may be established, operated, or advertised before obtaining a license from the Supreme Council, which will specify the licensing requirements. Furthermore, Art. 60 requires media outlets to pay a fee of EGP 250,000 (approx. USD 16,000) to obtain a license from the SCMR and gain legal status. It is reported that "the law defines 'media outlet' very broadly, to include any social media account with at least 5,000 subscribers." The report adds that this law and other laws have been used "as grounds to expand website blocking, (which) undermines the value of Internet-based services to their customers and imposes costs on local firms that depend on these services for their business."
In addition, pursuant to Art. 40, any person wishing to establish a media outlet is required to notify the Supreme Council and provide a description of the type of content, editorial policy, sources of funding, and other detailed information. According to Art. 10 of Cabinet Resolution No. 418 of 2020, the Supreme Council shall set the necessary forms for requests to establish or operate media outlets, provided that they include the name, surname, nationality, and place of residence of the owner, the outlet's name and logo, the language in which it broadcasts, type of activity, funding sources, editorial and administrative structure, statement of budget, name and address of its designated "Broadcasting Officer," and their programs' manager.
It is reported that, in June 2024, Egyptian authorities escalated enforcement by announcing plans to block all unlicensed platforms within three months and ordering banks to halt financial transfers to platforms operating illegally without licenses, effectively creating a comply-or-exit ultimatum for foreign technology companies.

Law on the Protection of Personal Data provides a comprehensive regime of data protection in Egypt. The law has similarities with the EU's General Data Protection Regulation (Regulation (EU) 2016/679) and includes data subject rights, data controller and processor obligations, and strict conditions for data transfers to foreign countries.

Art. 2.1 of the Anti-Cybercrime Law requires every telecommunications service to maintain records (i.e. logs) for 180 consecutive days. These logs should include, among others, information sufficient to identify the user and information related to the content of the operating system dealt with.

According to Art. 16 of the Resolution No. 418 of 2020, issuing the executive regulations for the law regulating the press and media and the Supreme Council for Media Regulation promulgated by Law No. 180 of 2018, licensed media and websites must retain all broadcast materials for no less than one year from the broadcast date. They must also deposit a copy of it to the Supreme Council on a monthly basis. The term media is defined as any terrestrial or satellite television channel or wired, wireless or electronic radio station. The term website is defined as the licensed page, link or electronic application through which press, media or advertising content is provided, whether fixed, animated or multimedia, issued under a specific name, with a specific electronic address and domain, and created, hosted or accessed through the international information network (Internet).

Art. 8 of the Law on the Protection of Personal Data stipulates that data controllers and processors must designate a suitably qualified employee to serve as the data protection officer, who is required to be registered with the Data Protection Centre. Pursuant to Art. 9, the data protection officer is obliged to undertake evaluations and periodic reviews of personal data protection systems, ensure their resilience against breaches, document the outcomes of such assessments, and issue appropriate recommendations to safeguard the data.

Art. 3.5 of Resolution No. 151 stipulates that "The Data Protection Centre shall, upon the request of the national security authorities, notify the controller or processor to amend, delete, not display or provide or handle the personal data, within a specified period of time, according to national security considerations, and the controller or processor shall implement the contents of the notification within the period of time specified therein." It is reported that there are no clear or precise rules as to when the national security authorities can request access to the personal data maintained by the controller/processor. The main requirement is that the request made by the national security authorities to access the personal data must be for the purpose of national security.

The interception of telecommunications in Egypt is permitted under the Telecommunication Regulation Law No. 10 of 2003. The law grants the National Telecommunication Regulatory Authority (NTRA) - a body chaired by the ICT minister and composed of government representatives - the authority to regulate ISPs and mobile network operators. Art. 64 of the law requires each operator and provider, at their own expense, to provide within the telecommunication networks licenced to them, all technical possibilities, including equipment, systems, software and communications, to enable the armed forces and national security entities to exercise their powers within the law. This could include capabilities for decrypting encrypted communications. Contravention of this prohibition is a criminal offence punishable by imprisonment and a fine of between EGP 10,000 and 100,000 (approx. 635 and 6350 USD).

Law No. 87 of 2018 Regulating Road Transport Services Using Information Technology, a law passed to regulate ride-sharing apps, requires companies to share user data with authorities “on request” and “according to the law.” Art. 9 states that all land transportation service companies are required to provide the country’s national security agencies with “all their customers’ data”. Requests for data do not need to be accompanied by a warrant, though a decree from the prime minister is required.
Resolution No. 2180 acts as the executive regulation of Law No. 87. According to Art. 10 of the Resolution, ride-sharing companies are to submit to the Ministry of Transportation six months’ worth of “customers’ data” from all rides provided upon request by the Ministry.

Section 3-3 of Egypt’s IoT Framework requires that users of Machine-to-Machine (M2M) devices must neither transfer data outside Egypt nor operate any component of an M2M network that provides services beyond Egyptian territory. This obligation is part of the regulatory pledges imposed on importers and users seeking approval from the National Telecom Regulatory Authority (NTRA) to import, manufacture, or assemble M2M devices. It applies regardless of whether the devices are used for personal or commercial purposes.

Art. 35 of Law No. 180 stipulates that a backup copy of the digital edition of newspapers must be located in a dedicated server within the territory of Egypt. Pursuant to Art. 5 of the Executive Regulations issued under Law No. 180 of 2018, this server must be situated in a secure location, disclosed to the Supreme Council, and may not be altered without the Council’s prior written approval.

Under Art. 16 of the "Executive Regulations for Law No. 180 of 2018 on Press, Media, and the Supreme Council for Media Regulation", media outlets and licensed electronic websites are obliged to retain all broadcast content for a minimum of one year from the date of transmission. They must also submit a copy of this content to the Supreme Council for Media Regulation (SCMR) on a monthly basis. Additionally, a copy of the digital version of the content must be situated in a dedicated server within the Arab Republic of Egypt, in a location designated by the media outlet or website. This location must be secure, disclosed to the Supreme Council, and may not be altered without prior approval from the Council.
According to Art. 1 of Law No. 180, a media outlet is defined as terrestrial and satellite television channels, as well as wired, wireless, and electronic radio stations. A licensed electronic website refers to a page, link, or electronic application that is formally authorised and provides journalistic, media, or advertising content in textual, audio, visual, static, dynamic, or multimedia formats. It must be issued under a specific name, possess a defined electronic address and domain, and be created, hosted, or accessed via the Internet.

Section 7-3 of Egypt’s IoT Framework explicitly requires that satellite operators licensed to provide IoT connectivity services must establish an Earth station within Egypt. This station must be used to transmit IoT service data across the country. Exceptions to this requirement are only permitted with prior approval from the National Telecom Regulatory Authority (NTRA).

Art. 14 of Law No. 151 of 2020 on Personal Data Protection prohibits the transfer of personal data to a foreign country unless the laws of the foreign country guarantee a minimum level of protection that is equal to the level stipulated by Egyptian law. Moreover, the transfer of data abroad requires an authorisation or a license from the Data Protection Centre. Art. 15 enumerates several specific exceptions to the obligation of Art. 14 subject to the express consent of the person concerned with the data or his representative.