Sri Lanka Digital Economy Strategy

“Sri Lanka has the choice of being a future player or sitting on the bench of Asia’s growing digital economy boom. Being left on the bench is clearly not a desirable option for Sri Lanka’s vibrant youthful population.”
- “Is Sri Lanka sitting on the bench of Asia’s booming digital economy”, Lakshman Kadirgamar Institute of International Relations and Strategic Studies
Technology has reshaped businesses, industries, and economies. It has opened up greater access to the economy for small and medium enterprises, and empowered individuals to become content creators and service providers. The already rapid pace of change we have seen in the past decade is expected to further accelerate in the decade ahead.
Against this backdrop, Sri Lanka must prepare our businesses, workers and people for the digital economy that is upon us. The digital economy will bring new possibilities and opportunities as it transforms businesses, industries, jobs and lifestyles.


Official Launch of Startup/ Freelancer Registration Platform (Startup Sri Lanka )

Startup Sri Lanka is an initiative by the Ministry of Digital Infrastructure and Information Technology. Our mission is to transform Sri Lanka through technology and entrepreneurship. We are working to support the tech community and accelerate the growth of Sri Lankan startups and freelancers. We believe strong homegrown startups and freelance community is vital to the future growth of Sri Lankan jobs and wealth.

"By professionalizing the startup industry together, we support the entrepreneurial superstars of tomorrow!"

This platform is the single largest online platform for startups and freelancers in Sri Lanka, connecting them to thousands of other startups, as well as other key stakeholders such as investors, mentors and incubators.

Our efforts are focused on trying to get the big picture right for Sri Lankan startups and freelancers – improving the regulatory environment, building a case for the right sort of government support for a fast-growing sector, and increasing public awareness of the impact of tech startups and freelancers across the country. We work with startups, freelancers and investors to help around the country get the settings right to create successful startup ecosystems.

Event name – Official Launch of Startup/ Freelancer Registration Platform

Link - Photos


Data Protection Legislation


Ministry of Digital Infrastructure and Information Technology


Data Protection Legislation finalized by Ministry of Digital Infrastructure and Information Technology

The Personal Data Protection Legislation, defining measures to protect personal data of individuals held by banks, telecom operators, hospitals and other personal data aggregating and processing entities, has now been finalized by the Ministry of Digital Infrastructure and Information Technology. The final draft of the Bill, prepared by the Legal Draftsman Department and the Data Protection Drafting Committee of the Ministry, will be released through the website by the Ministry of Digital Infrastructure and Information Technology this week.

The drafting of the Legislation was initiated by Hon. Ajith P. Perera, Minister of Digital Infrastructure and Information Technology on 5th February 2019. This latest version released, is based on modifications done to the previously released Data Protection Framework, published by the Ministry on 12th June 2019. However, substantial modifications were made to the said Framework, based on consultations held with key stakeholders as well as feedback received from them.

The Legislation will be implemented in stages. The entire Bill will come into operation within a period three (03) years from the date the Speaker certifies the Bill. This would provide sufficient time for Government and private sector to take adequate steps to implement this legislation. The Data Protection authority is required to be established within 18 months.

Several obligations have been imposed by this legislation on those who collect and process personal data (“Controllers” and “Processors”) and whole new set of rights have been given to citizens under this new legislation, which are known as “Rights of data subjects”.

For instance, personal data could be collected only for a specified purpose and not for any other purpose that is incompatible with the said purposes. However, processing data in public interest, scientific or historical research will not be considered incompatible. Personal Data has to be processed in a manner to ensure appropriate security, including protection against accidental loss, destruction or damage.

Data subject (individuals) will have the right to withdraw his or her consent given to Controllers and will also have the right to rectify the data without undue delay. Further, the Data Subjects have been given the right to object to processing of their data. These rights of data subject can be exercised directly by the individuals with the Controller, who are required to respond within a defined time period and is obliged to give reasons for refusing to meet the request or reasons why the Controller would refrain from further processing the said data. The individual has a right of appeal against the decision of Controller to the Data Protection Authority.

Although the original Framework had provisions for the mandatory registration of Controllers, this requirement has been removed in the latest version. Instead, the Drafting Committee has deliberated and introduced specific and comprehensive transparency and accountability obligations on Controllers. The accountability obligations would require the Controllers to implement internal controls and procedures, known as a “Data Protection management Program”, in order to demonstrate how it implements the data protections obligations imposed under the Act.

The Legislation also prohibits Controllers who process personal data from sending unsolicited messages, unless the individuals have given express consent. Provisions have also been included to deal with relationships between controllers and third parties who process personal data on their behalf.

Importantly, administrative penalties have been introduced with a ceiling instead of fines calculated on the global turnover of the controllers.

The drafting Committee had also taken into account international best practices, such as the OECD Privacy Guidelines, APEC Privacy Framework, Council of Europe Data Protection Convention, EU General Data Protection Regulation and laws enacted in other jurisdictions such as United Kingdom, Singapore, Australia and Mauritius, Laws enacted in the State of California as well as the Indian Bill, when formulating the said draft Legislation.

The Ministry of Digital Infrastructure and Information Technology, in partnership with other entities, conducted two rounds of stakeholder discussions. In addition, targeted group discussions were held with other stakeholder communities, including Bank Chief Information Officers, Health Informatics Unit of the Ministry of Health and representatives of the Right to Information Commission. In addition, the proposed legal framework was reviewed by an Independent Review Panel led by Hon. K. T. Chithrasiri, former Justice of the Supreme Court of Sri Lanka and Prof. Savithri Goonesekera.

The Data Protection Drafting Committee was led by Jayantha Fernando (Chair/ Convenor), and comprised Yamuna Ranawana and Thushari Vitharana (Legal Draftsman’s Dept), Kanchana Ambahawita & Niluka Herath (Central Bank of Sri Lanka), Sunali Jayasuriya (ICTA), Sanduni Wickramasinghe (Mobitel), Trinesh Fernando and Shenuka Jayalath (Dialog PLC).

24th September 2019

Data protection Bill 2019-09-20 - FINAL - Click here


Duty Assumption of New Secretary

Mr. Chulananda Perera, a special Grade Officer of Sri Lanka Administrative Service(SLAS) has assumed duties as the Secretary to the Ministry of Information and Communication Technology.


Sec new


Cyber Security Bill - 2019_05_22





Invitation for Public Comments 


Cyber Security Week 2019

Cyber Security Week 2019 is the annual National Conference in Cyber Security in Sri Lanka. It is held for the 12th consecutive time this year. CSW 2019 consists of the following events,

✦ 12th Annual National Conference (06-NOV-2019) 

✦ Technical Workshops (TBD) 

✦ Hacking Challenge (TBD) 

✦ Information Security Quiz (TBD)



National Digital Policy- Final

'National Digital Policy' outlines Sri Lanka’s digital agenda for 2020 to 2025. It provides a high-level principles and conceptual framework for the country to achieve sustained digital economic development and growth through the creation of an Innovative Economy and an Effective Government.


Hon. Minister of Information and Communication Technology Dr. Bandula Gunawardana (M.P.) assumed duties of the office on 25th of November 2019.

Press Release On Data Protection Public-Private Dialogue

Monday, 24th June

Ministry of Digital Infrastructure partners ITC to organize a national public-private dialogue on the proposed data protection bill

The Ministry of Digital Infrastructure and Information Technology (MDIIT) in collaboration with the International Trade Centre (ITC) is organizing a National Public-Private Dialogue (PPD) on the “Legal Framework for the Proposed Data Protection Bill”, on 27 June 2019. The event will be held within the framework of the EU-Sri Lanka Trade-Related Assistance Project, funded by the European Union (EU) of which ITC is the lead implementing agency.

The primary objective of the PPD is to provide an overview of the proposed Data Protection Bill and seek comments and suggestions from diverse stakeholders from Government and Private sector to make improvements to the Draft framework, before it is submitted for approval as a Bill.

In view of the digital transformation taking place in Sri Lanka with government agencies, Banks, Telco’s, ISPs and private sector collecting personal data via the Internet, the subject of Data Protection has become an important public policy consideration. Taking these into consideration Ministry of Digital Infrastructure & Information Technology took the lead initiative to formulate Data Protection Legislation and appointed a Committee led by Chair of CERT & ICTA Legal Advisor with representatives of Legal Draftsman, Central Bank and private sector specialists, to formulate Draft Legislation.

In formulating Draft Legislation, the Drafting Committee examined international best practices, such as the OECD Guidelines, APEC Privacy Framework, Council of Europe Data Protection Convention, the EU General Data Protection Regulations as well as laws enacted in other jurisdictions, such as Australia, Mauritius, Singapore and the Indian Draft Legislation.

The draft bill seeks to provide a regulatory framework for data protection in Sri Lanka and among other vital interventions, the bill will seek to establish provisions for data processing, data retention, and cross border flow of data. With many countries acknowledging the importance of data protection and introducing data protection legislations, the proposed data protection bill for Sri Lanka comes at a good time. It is important for private sector stakeholders and consumer organizations to discuss and deliberate upon a policy framework that would best position the country to benefit from rapid digitization of the domestic and global economy.

The event will see the participation of representatives from various government departments and agencies as well as the private sector. The PPD looks to enhance effective cross-sectoral dialogue to develop an inclusive bill taking into consideration the pragmatic business and societal interests of all concerned stakeholders.