Official Launch of Startup/ Freelancer Registration Platform (Startup Sri Lanka )

Startup Sri Lanka is an initiative by the Ministry of Digital Infrastructure and Information Technology. Our mission is to transform Sri Lanka through technology and entrepreneurship. We are working to support the tech community and accelerate the growth of Sri Lankan startups and freelancers. We believe strong homegrown startups and freelance community is vital to the future growth of Sri Lankan jobs and wealth.

"By professionalizing the startup industry together, we support the entrepreneurial superstars of tomorrow!"

This platform is the single largest online platform for startups and freelancers in Sri Lanka, connecting them to thousands of other startups, as well as other key stakeholders such as investors, mentors and incubators.

Our efforts are focused on trying to get the big picture right for Sri Lankan startups and freelancers – improving the regulatory environment, building a case for the right sort of government support for a fast-growing sector, and increasing public awareness of the impact of tech startups and freelancers across the country. We work with startups, freelancers and investors to help around the country get the settings right to create successful startup ecosystems.

Event name – Official Launch of Startup/ Freelancer Registration Platform

Link - Photos


Data Protection Legislation


Ministry of Digital Infrastructure and Information Technology


Data Protection Legislation finalized by Ministry of Digital Infrastructure and Information Technology

The Personal Data Protection Legislation, defining measures to protect personal data of individuals held by banks, telecom operators, hospitals and other personal data aggregating and processing entities, has now been finalized by the Ministry of Digital Infrastructure and Information Technology. The final draft of the Bill, prepared by the Legal Draftsman Department and the Data Protection Drafting Committee of the Ministry, will be released through the website by the Ministry of Digital Infrastructure and Information Technology this week.

The drafting of the Legislation was initiated by Hon. Ajith P. Perera, Minister of Digital Infrastructure and Information Technology on 5th February 2019. This latest version released, is based on modifications done to the previously released Data Protection Framework, published by the Ministry on 12th June 2019. However, substantial modifications were made to the said Framework, based on consultations held with key stakeholders as well as feedback received from them.

The Legislation will be implemented in stages. The entire Bill will come into operation within a period three (03) years from the date the Speaker certifies the Bill. This would provide sufficient time for Government and private sector to take adequate steps to implement this legislation. The Data Protection authority is required to be established within 18 months.

Several obligations have been imposed by this legislation on those who collect and process personal data (“Controllers” and “Processors”) and whole new set of rights have been given to citizens under this new legislation, which are known as “Rights of data subjects”.

For instance, personal data could be collected only for a specified purpose and not for any other purpose that is incompatible with the said purposes. However, processing data in public interest, scientific or historical research will not be considered incompatible. Personal Data has to be processed in a manner to ensure appropriate security, including protection against accidental loss, destruction or damage.

Data subject (individuals) will have the right to withdraw his or her consent given to Controllers and will also have the right to rectify the data without undue delay. Further, the Data Subjects have been given the right to object to processing of their data. These rights of data subject can be exercised directly by the individuals with the Controller, who are required to respond within a defined time period and is obliged to give reasons for refusing to meet the request or reasons why the Controller would refrain from further processing the said data. The individual has a right of appeal against the decision of Controller to the Data Protection Authority.

Although the original Framework had provisions for the mandatory registration of Controllers, this requirement has been removed in the latest version. Instead, the Drafting Committee has deliberated and introduced specific and comprehensive transparency and accountability obligations on Controllers. The accountability obligations would require the Controllers to implement internal controls and procedures, known as a “Data Protection management Program”, in order to demonstrate how it implements the data protections obligations imposed under the Act.

The Legislation also prohibits Controllers who process personal data from sending unsolicited messages, unless the individuals have given express consent. Provisions have also been included to deal with relationships between controllers and third parties who process personal data on their behalf.

Importantly, administrative penalties have been introduced with a ceiling instead of fines calculated on the global turnover of the controllers.

The drafting Committee had also taken into account international best practices, such as the OECD Privacy Guidelines, APEC Privacy Framework, Council of Europe Data Protection Convention, EU General Data Protection Regulation and laws enacted in other jurisdictions such as United Kingdom, Singapore, Australia and Mauritius, Laws enacted in the State of California as well as the Indian Bill, when formulating the said draft Legislation.

The Ministry of Digital Infrastructure and Information Technology, in partnership with other entities, conducted two rounds of stakeholder discussions. In addition, targeted group discussions were held with other stakeholder communities, including Bank Chief Information Officers, Health Informatics Unit of the Ministry of Health and representatives of the Right to Information Commission. In addition, the proposed legal framework was reviewed by an Independent Review Panel led by Hon. K. T. Chithrasiri, former Justice of the Supreme Court of Sri Lanka and Prof. Savithri Goonesekera.

The Data Protection Drafting Committee was led by Jayantha Fernando (Chair/ Convenor), and comprised Yamuna Ranawana and Thushari Vitharana (Legal Draftsman’s Dept), Kanchana Ambahawita & Niluka Herath (Central Bank of Sri Lanka), Sunali Jayasuriya (ICTA), Sanduni Wickramasinghe (Mobitel), Trinesh Fernando and Shenuka Jayalath (Dialog PLC).

24th September 2019

Data protection Bill 2019-09-20 - FINAL - Click here


Duty Assumption of New Secretary

Mr. Chandana Rodrigo, a special Grade Officer of Sri Lanka Administrative Service(SLAS) has assumed duties as the Secretary to the Ministry of Digital Infrastructure and Information Technology.



Hon. Ajith P Perera, Minister of Digital Infrastructure and Information Technology Visits "Japan IT Week"

Hon Ajith P Perera, Minister of Digital Infrastructure and Information Technology Visits "Japan IT week"

"Japan IT Week" is one of the world’s leading ICT/BPM-focused exhibitions and provides a myriad of opportunities for professionals, vendors, service providers and customers to meet exhibitors from across the world and develop profitable business relationships. Japan has a strong track record of innovation, making Japan IT Week the ideal platform for Sri Lankan companies to showcase their offerings, establish business relations and expand their footprint in the continent.

Hon Ajith P. Perera, Minister of Digital Infrastructure and Information Technology visited Japan from 06th of May - 08th of May. The Hon Minister came along with Sri Lankan IT companies to promote Sri Lankan IT businesses in Japan which this rather unexplored territory for Sri Lankan companies.

During his stay in Japan Hon Minister met with Japanese IT industrial leaders, IT Chambers and Sri Lankan diaspora to promote Sri Lankan IT industry. Hon Minister visited The Digital Business Innovation Center (DBIC), one of the IT disruptive centers in Japan. At DBIC Hon Minister had detail discussions with Mr. Yokotsuka Hiroshi, representative of DBIC on differences in IT situations between Sri Lanka and Japan and the possibility of future cooperation. He also met with Mr. Norio Ogiwara , Chairman of the Computer Software Association in Japan (CSAJ), who has shown a keen interest to explore future bussiness partnerships with Sri Lanka. Hon Minister has also visited the Tokyo International University and had meetings with academics, Sri Lankan Students and Mr Nobuyasu Kurata Chancellor of the University.

Hon Minister has also delivered the opening remarks at a seminar held at the Embassy of Sri Lanka in Tokyo under the title of “Foster Collaboration to Drive Digital innovation in Japan and Sri Lanka”. This event was attended by the cross-section of Sri Lankan diaspora representing Sri Lankan professional, bussiness and academic communities. At the seminar, Mr. Ide Hiroyuki senior consultants of JICA as well as Mr. Morikazu Inoue, representative from DBIC have also delivered a presentation on promoting IT bussiness between Sri Lanka and Japan.

Hon Minister has also grace the occasion of opening day of the IT Week exhibition and interacted with the Sri Lankan companies attended at that exhibition. Hon Minister also undertook a detail tour in the exhibition premises to witness the way other countries promoting their IT industries in Japan.

During his interactions with Japanese parties, he elaborately explained the capabilities of Sri Lankan IT industry and Sri Lanka’s human resources. He emphasized the importance of continuous engagement with Japanese parties to sustainable developments of bussiness between the two countries. Hon Minister extended invitation for all those parties to undertake a visit to Sri Lanka and witness the real potential by them directly.

Hon Minister makes it a point to brief the current security situation in Sri Lanka with all those who he had engaged with. He assured Japanese parties the early revival of normalcy in Sri Lanka and urged them to continue with their current bussiness and explore more bussiness in future.


Cyber Security Bill - 2019_05_22





Invitation for Public Comments 


Cyber Security Week 2019

Cyber Security Week 2019 is the annual National Conference in Cyber Security in Sri Lanka. It is held for the 12th consecutive time this year. CSW 2019 consists of the following events,

✦ 12th Annual National Conference (06-NOV-2019) 

✦ Technical Workshops (TBD) 

✦ Hacking Challenge (TBD) 

✦ Information Security Quiz (TBD)



Draft National Digital Policy

The Draft 'National Digital Policy' outlines Sri Lanka’s digital agenda for 2020 to 2025. It provides a high-level principles and conceptual framework for the country to achieve sustained digital economic development and growth through the creation of an Innovative Economy and an Effective Government.
Comments regarding the Draft Policy are welcome and please forward the to the following e-mail address:

Comments must be received by 20th of September 2019


Hon. Minister of Digital Infrastructure and Information Technology Mr. Ajith P. Perera (M.P.) assumed duties of the office on 24th of December 2018.

Press Release On Data Protection Public-Private Dialogue

Monday, 24th June

Ministry of Digital Infrastructure partners ITC to organize a national public-private dialogue on the proposed data protection bill

The Ministry of Digital Infrastructure and Information Technology (MDIIT) in collaboration with the International Trade Centre (ITC) is organizing a National Public-Private Dialogue (PPD) on the “Legal Framework for the Proposed Data Protection Bill”, on 27 June 2019. The event will be held within the framework of the EU-Sri Lanka Trade-Related Assistance Project, funded by the European Union (EU) of which ITC is the lead implementing agency.

The primary objective of the PPD is to provide an overview of the proposed Data Protection Bill and seek comments and suggestions from diverse stakeholders from Government and Private sector to make improvements to the Draft framework, before it is submitted for approval as a Bill.

In view of the digital transformation taking place in Sri Lanka with government agencies, Banks, Telco’s, ISPs and private sector collecting personal data via the Internet, the subject of Data Protection has become an important public policy consideration. Taking these into consideration Ministry of Digital Infrastructure & Information Technology took the lead initiative to formulate Data Protection Legislation and appointed a Committee led by Chair of CERT & ICTA Legal Advisor with representatives of Legal Draftsman, Central Bank and private sector specialists, to formulate Draft Legislation.

In formulating Draft Legislation, the Drafting Committee examined international best practices, such as the OECD Guidelines, APEC Privacy Framework, Council of Europe Data Protection Convention, the EU General Data Protection Regulations as well as laws enacted in other jurisdictions, such as Australia, Mauritius, Singapore and the Indian Draft Legislation.

The draft bill seeks to provide a regulatory framework for data protection in Sri Lanka and among other vital interventions, the bill will seek to establish provisions for data processing, data retention, and cross border flow of data. With many countries acknowledging the importance of data protection and introducing data protection legislations, the proposed data protection bill for Sri Lanka comes at a good time. It is important for private sector stakeholders and consumer organizations to discuss and deliberate upon a policy framework that would best position the country to benefit from rapid digitization of the domestic and global economy.

The event will see the participation of representatives from various government departments and agencies as well as the private sector. The PPD looks to enhance effective cross-sectoral dialogue to develop an inclusive bill taking into consideration the pragmatic business and societal interests of all concerned stakeholders.