Papua New Guinea has not joined any agreement with binding commitments to open transfers of data across borders.

Papua New Guinea does not have a comprehensive data protection regime in place.

Section 7 of the SIM Card Registration Regulation provides that subscriber information held in the subscriber information database may be disclosed to a security agency, defined in Section 1 as the Royal Papua New Guinea Constabulary, which is the national police force, other State law enforcement bodies, or the National Intelligence Organisation; however, a licensee, meaning any telecommunications or electronic communications service provider licensed by the National Information and Communications Technology Authority (NICTA), may release such information only upon receiving a prior written request from the relevant security agency. This request must be in the prescribed form, state the rank of the requesting official, specify the purpose and reasons for the request, relate to the statutory functions of the agency, and be endorsed by the Attorney-General, who is a government minister, as well as by the National Intelligence Organisation and NICTA before being submitted to the licensee. Disclosure is prohibited where it would contravene the Constitution or any Act of Parliament, or where it would pose a threat to national security. The legislation does not require that such a request be supported by a judicial investigation, a warrant, or a court order.

A basic legal framework on intermediary liability for copyright infringement is absent in Papua New Guinea's law and jurisprudence.

A basic legal framework on intermediary liability beyond copyright infringement is absent in Papua New Guinea's law and jurisprudence.

The government owns shares in certain telecom companies. In particular, Telikom Limited (Telikom PNG) is wholly owned by the State through Kumul Consolidated Holdings and provides fixed-line services nationwide. Bemobile Limited (bmobile) is likewise a fully state-owned mobile carrier offering mobile voice, SMS and high-speed data services. In addition, PNG DataCo Limited is a state-owned entity mandated to build, own and operate the National Transmission Network (NTN) and to supply wholesale connectivity services to the ICT sector, including wholesale internet capacity for telecommunications operators, internet service providers and government institutions.

Papua New Guinea does not mandate functional or accounting separation for operators with significant market power (SMP) in the telecom market.

Papua New Guinea has appended the World Trade Organization (WTO) Telecom Reference Paper to its schedule of commitments.

The National Information and Communication Technology Authority (NICTA), established in 2010 under the National Information and Communication Technology Act 2009, is the executive authority responsible for supervising and administering services in the telecommunications sector. Pursuant to Art. 40 of the Act, NICTA is required to operate as an independent, autonomous and impartial body and to perform its functions without favour, prejudice or political or commercial interference.

Section 28 of the Digital Government Act mandates that the department responsible for information and communications technology establish and manage the Government’s Central Electronic Data Repository, which shall serve as the official facility for the backup of electronic data maintained by public bodies. This Repository shall comprise a primary physical electronic data repository together with any redundancy repositories established under Section 30, all of which must be synchronised and function collectively as a unified data storage system for compulsory backup and redundant data retention. The Central Electronic Data Repository must include an active operational software and hardware server, a storage software and hardware server, and a system processing software and hardware server. Public bodies that store data electronically are required, as regularly as practicable, to ensure that their electronic data is also backed up within the Central Electronic Data Repository as redundancy, within one year of the Repository’s establishment and publication by the Minister in the National Gazette. Under Section 30, the Department must also maintain one or more additional data centres for electronic data backup and redundancy, each of which must undergo daily synchronisation with the Central Electronic Data Repository, comply with the cybersecurity standards prescribed under the Act, and maintain a transmission system connecting it to the Central Electronic Data Repository.

The Investment Promotion Act governs foreign direct investment in the country. Under Art. 27, certain activities are reserved for national citizens and companies. These reserved activities are specified in the Investment Promotion Regulation 1992 and, following the amendment introduced by the Investment Promotion (Amendment) Regulation 2021, include the repair of consumer electronics goods when this activity is not carried out in conjunction with the manufacture, wholesale or retail sale of such goods.

According to Art. 128 of the Companies Act, at least one director of the company shall be ordinarily resident in the country.

According to Art. 25 of the Investment Promotion Act, the Investment Promotion Authority (IPA) may grant a certificate authorising a foreign enterprise to carry on business in the country, and, subject to Art. 26, a foreign enterprise may not operate without such a certificate. Pursuant to Art. 28, a foreign company applies for an investment certificate by submitting, in the prescribed form, an application to the IPA together with copies of any agreements or documents relating to the management or proposed management of the company. The IPA must verify the accuracy of the information provided, assess whether the proposed activity is likely to contribute to the objectives of the Act, evaluate the applicant’s capacity to finance, establish and operate the enterprise, and review the applicant and any associated owners, directors or partners before granting the certificate on appropriate terms. The IPA must notify the applicant in writing of its decision to grant or refuse the certificate within 35 working days of receiving a complete and correct application.
It is reported that, although the country does not apply a formal minimum investment threshold, the IPA may, pursuant to Section 28(7) of the Investment Promotion Act, require a potential investor to deposit a prescribed amount prior to approval. The screening mechanism is understood to focus on assessing the net economic benefit of the investment and its consistency with the national interest.

According to Art. 54 of the Patents and Industrial Designs Act, where an applicant’s ordinary residence and principal place of business are outside Papua New Guinea, the applicant must be represented by a person who is ordinarily resident in Papua New Guinea.

According to Art. 32 of the Patents and Industrial Designs Act, the Minister may, upon the request of a government agency or any other person, authorise the exploitation of a patented invention without the consent of the patent owner, by notice published in the National Gazette. Such authorisation may be granted where the exploitation is required in the public interest – including for reasons of national security and predominantly to supply the Papua New Guinea market – or where the Minister has determined that the patent’s exploitation is anti-competitive and considers that the authorisation would remedy that anti-competitive practice.