Sections 34 and 35 of the Cybercrimes Act allow a police station or a law enforcement officer to collect or record traffic or content data associated with a specified communication during a specified period without a court order. Section 32 states that "(1) Where the disclosure of data is required for the purposes of a criminal investigation, or the prosecution of an offence, a police officer in charge of a police station or a law enforcement officer of a similar rank may issue an order to any person in possession of such data compelling him to disclose such data."

Pursuant to Regulations 4 and 5 of the Electronic and Postal Communications (Investigation) Regulations, any individual's communications may be intercepted by the Director General of the Tanzania Intelligence and Security Service or the Director of Criminal Investigations for purposes including, but not limited to, the preservation or protection of national security, and the safeguarding of public safety, economic well-being, or the interests of the country. In accordance with Regulations 8 and 12, where the Director of Criminal Investigations intends to intercept communications, they are required to apply for a warrant from the Inspector General of Police, but not from a judge.

The Cybercrimes Act (2015) establishes a safe harbour regime for intermediaries for copyright infringements. Pursuant to Sections 39-44 of the Act, service providers are exempt from liability for information stored, transmitted, hyperlinked on their networks, or accessed through their search engines, provided they comply with certain conditions. These conditions require that the service provider neither initiates the transmission nor selects or modifies the information. Furthermore, if a service provider becomes aware of illegal content on their platform through means other than an order from a public authority, they are obligated to promptly notify the relevant authority. Additionally, upon becoming aware of such illicit content or receiving a takedown notice, the provider must take immediate action to remove or restrict access to the information. These provisions aim to protect intermediaries while encouraging the responsible management of illegal content on their platforms.

The Cybercrimes Act (2015) establishes a safe harbour regime for intermediaries beyond copyright infringements. Pursuant to Sections 39-44 of the Act, service providers are exempt from liability for information stored, transmitted, hyperlinked on their networks, or accessed through their search engines, provided they comply with certain conditions. These conditions require that the service provider neither initiates the transmission nor selects or modifies the information. Furthermore, if a service provider becomes aware of illegal content on their platform through means other than an order from a public authority, they are obligated to promptly notify the relevant authority. Additionally, upon becoming aware of such illicit content or receiving a takedown notice, the provider must take immediate action to remove or restrict access to the information. These provisions aim to protect intermediaries while encouraging the responsible management of illegal content on their platforms.

According to Art. 26 of the Electronic and Postal Communications Act 2010, as amended in 2017 by the Finance Act (2017), licensees holding Network Facilities and Network Service licenses are required to offer at least 25% of their shares to the public—both local and foreign—through an Initial Public Offering (IPO) on the Dar es Salaam Stock Exchange (DSE). If a licensee fails to meet the prescribed 25% threshold of issued and paid-up share capital following the IPO, the Capital Markets and Securities Authority, in consultation with the Minister responsible for Capital Markets and considering market conditions, will issue directives to guide the licensee on how to achieve the 25% shareholding requirement. This requirement is also confirmed in Section 22(a) of the Licensing Regulations (2018).
Additionally, the application and initial licensing fees vary depending on the type of license and coverage area—International, National, or Regional. According to the first schedule of the Electronic and Postal Communications (Licensing) Regulations, the fees for Network Services are as follows: International coverage requires an application fee of USD 10,000, an initial license fee of USD 300,000, and a renewal license fee of USD 400,000; National coverage requires an application fee of USD 5,000, an initial license fee of USD 600,000, and a renewal license fee of USD 750,000; Regional coverage requires an application fee of USD 2,000, an initial license fee of USD 23,100, and a renewal license fee of USD 26,500.

Pursuant to Sections 93 and 94 of the Electronic and Postal Communications Act, individuals wishing to acquire and use a mobile telephone with either a detachable or embedded SIM card must provide identity verification documentation before purchase.

Section 20 (b) of the Electronic and Postal Communications (Licensing) Regulations, 2018, establishes that an applicant for the individual license shall submit to the Authority a business plan together with other documents as provided for under the Licensing Regulations.

According to Section 13 of the Online Content Regulations (2020), amending the Electronic and Postal (Online Content) Regulations 2018, internet cafe operators are required to keep a proper service user register and ensure every person using internet service is registered upon showing a recognised identity card; and install surveillance cameras to record and archive activities inside the cafe.

Tanzania has not appended the World Trade Organization (WTO) Telecom Reference Paper to its schedule of commitments.

According to the Electronic and Postal (Online Content) Regulations 2018 (last amended in 2020), the application service licensee holders are required to terminate or suspend the subscriber account within two hours after being reported for sharing prohibited content (Section 11.3). While the previous regulation required online platforms to take down alleged illegal content within 12 hours, the current regulation forces license holders — such as the hosts of discussion forums — to remove prohibited content immediately. When a subscriber to a forum uploads alleged illegal content, the license holder must notify the subscriber within two hours. If the subscriber fails to take down content within two hours of getting the notice, the license holder must revoke the subscriber’s access to the platform.

It is reported that the Tanzania Communications Regulatory Authority (TCRA), the executive authority for the supervision and administration of services in the telecommunications sector, is independent from the government in the decision-making process.

It has been reported that, as of March 2023, Tanzania began restricting access to Grindr, the world's largest social networking application for gay, bisexual, transgender, and queer individuals. Furthermore, there have been widespread accounts of the prohibition of Clubhouse, a widely used social media platform for live audio discussions, since February 2023.

Section 57 of the Finance Act of 2021 stipulates that tax-related data must be stored on a primary server located within the boundaries of Tanzania. The legislation further establishes that storing such data outside the country constitutes an offence. The Act defines a primary data server as a server that stores data generated or collected by a taxable or liable person in the regular conduct of their business activities.

The Electronic and Postal Communications (Online Content) Regulations require providers of online content services to have a license and pay fees periodically. According to Section 9.d, providers are required to use moderating tools to filter prohibited content. Bloggers have condemned the regulations to temper the freedom of expression. For instance, according to the BBC, Jamii Forum (the famous forum for online discussions in the country) was shut down for 21 days in 2018, forced to comply with harsh new online content regulations.

Guideline 10 (g) of the Outsourcing Guidelines for Banks and Financial Institutions stipulates that banks and financial institutions are prohibited from outsourcing their primary data centres to locations outside the country. In addition, Art. 42 of the Payment Systems Licensing and Approval Regulations requires a payment system provider to place its primary data centre in relation to payment system services in Tanzania.