News & Insight
- Home
- News & Insight
The long-anticipated implementation of Myanmar’s Cybersecurity Law (Law No. 1/2025) has now been confirmed.
31 July 2025
The long-anticipated implementation of Myanmar’s Cybersecurity Law (Law No. 1/2025) has now been
confirmed. On 30 July 2025, the State Administration Council (SAC) issued Notification No. 113/2025,
formally prescribing 30 July 2025 as the effective date of the Cybersecurity Law. This marks the
beginning of a new regulatory landscape for digital businesses, online service providers, and
cybersecurity professionals operating in Myanmar.
Background
Originally enacted on 1 January 2025, the Cybersecurity Law had remained dormant pending a formal notification by the President as required under Section 2 of the law. The recent issuance of Notification No. 113/2025 by SAC clears the path for the law’s enforcement. However, its practical implementation will further depend on the issuance of subsidiary rules, regulations, and procedural guidelines pursuant to Section 88.The law establishes a comprehensive framework for safeguarding critical digital infrastructure, enhancing national cybersecurity, and promoting the responsible use of cyberspace in line with national security and public interest objectives.
Scope and Reach
The Cybersecurity Law applies to:- Individuals or entities operating within Myanmar’s cyberspace;
- Digital platform service providers with more than 100,000 users within Myanmar;
- Myanmar citizens residing abroad who commit offences defined under the law;
- Offences committed via Myanmar-registered vehicles, aircraft, or systems linked to Myanmar’s national cyberspace.
Key Regulatory Obligations
1. Digital Platform Service Providers Entities that offer platforms enabling users to distribute or access digital content must:- Register with the designated department if they exceed the 100,000-user threshold;
- Retain personal data and user activity logs for 3 years;
- Take down or block unlawful content, including hate speech, misinformation, or child exploitation;
- Comply with takedown notices from authorities and have robust internal mechanisms for content moderation.
- Obtain a license from the designated department;
- Implement international cybersecurity standards and rapid response protocols;
- Prevent, detect, and report cyber threats and data breaches;
- Submit regular compliance reports and collaborate with designated government committees.
Enforcement Powers and Penalties
The law grants significant enforcement powers to the Ministry and designated committees, including:- Seizure and analysis of digital equipment;
- Temporary suspension or closure of digital services deemed harmful to public interest;
- Administrative penalties such as warnings, fines, and suspension or cancellation of licenses and certificates;
- In extreme cases, dissolution and nationalization of unauthorized cybersecurity operators.
What Businesses Should Do Now
With the Cybersecurity Law now in effect from 30 July 2025, businesses are strongly advised to:- Assess their exposure under the law, especially if they operate digital platforms or provide IT security services;
- Review and update internal policies on data retention, incident response, and content moderation;
- Evaluate licensing and registration needs, and prepare for future application processes once procedures are published;
- Monitor regulatory developments, including implementing rules and ministerial directives;
- Engage legal counsel to develop a compliance roadmap tailored to the business’s operations and risk profile.
For further information or assistance with compliance strategies under the Cybersecurity Law, our team stands ready to assist.
*This publication is intended for general information purposes only and does not constitute legal advice. For tailored guidance, please contact our office at info@legalhousemm.com.
© 2025 Legal House Myanmar. All rights reserved.