Cambodia Connectivity Unpacked: Your Expert Guide to Internet, Mobile, & Public WiFi

Navigating Cambodia's Digital Landscape: Internet Speeds, Mobile Networks, and Practical Connectivity Tips

Cambodia has undergone a remarkable digital transformation over the past decade, evolving from a nascent internet market to one with increasingly robust infrastructure, particularly in urban centers. This section provides an in-depth look at the internet landscape, key service providers, 5G availability, and essential tips for staying connected, whether you're a long-term resident or a short-term visitor.

Understanding Cambodia's Internet Infrastructure

Cambodia's internet backbone primarily relies on a mix of submarine cable systems and terrestrial fiber optic networks. The country is connected to major international submarine cables such as the Asia-Africa-Europe 1 (AAE-1) and the South East Asia-Middle East-Western Europe 5 (SMW5), providing diversified routes for international bandwidth. Domestically, fiber optic deployment has rapidly expanded, especially in cities like Phnom Penh, Siem Reap, Sihanoukville, and Battambang, significantly improving internet speeds and reliability.

Major Internet Service Providers (ISPs)

Several key players dominate Cambodia's fixed-line internet market, offering a range of fiber-to-the-home (FTTH) and business solutions. While competition helps drive pricing down and improve service, coverage can still vary between urban and rural areas.

• SINET: Renowned for its enterprise-grade services and extensive fiber network, SINET offers highly reliable and fast internet, particularly favored by businesses and discerning residential users. Their network coverage is strong in major cities and industrial zones.
• Ezecom: A long-standing provider, Ezecom offers a variety of fiber internet packages for both residential and business customers. They are known for competitive pricing and a relatively stable network.
• Opennet: Often positioned as a budget-friendly option, Opennet provides widespread fiber internet services, particularly popular among residential users seeking cost-effective connectivity. Performance can be variable depending on location and network congestion.
• Metfone (Viettel Cambodia): While primarily a mobile operator, Metfone also offers fixed-line fiber internet services, leveraging its extensive national infrastructure. They have a significant presence, especially in rural areas where other providers might be less established.
• Cellcard & Smart Axiata: These mobile network operators (MNOs) primarily focus on mobile broadband but also offer some fixed wireless access (FWA) or hybrid fiber solutions, particularly for business clients or in areas where fiber is still expanding.

Internet Speeds: In major cities, fiber optic plans commonly offer speeds ranging from 10 Mbps to 100 Mbps for residential users, with business plans extending into gigabit speeds. Real-world speeds on fiber are generally good. For mobile data, 4G speeds typically range from 10-50 Mbps, while 5G, where available, can exceed 100 Mbps, sometimes reaching several hundred Mbps in optimal conditions.

Mobile Networks and 5G Availability

Cambodia boasts a highly competitive mobile telecommunications market with several major operators vying for subscribers. This competition has led to affordable data plans and widespread 4G coverage, with 5G rollout gathering pace.

• Smart Axiata: A dominant player, Smart offers extensive 4G LTE coverage across the country and has been at the forefront of 5G deployment. Their 5G network is available in key areas of Phnom Penh, Siem Reap, and other provincial capitals. Smart is known for its strong marketing and digital services.
• Cellcard: A Cambodian-owned company, Cellcard provides robust 4G LTE services and has also initiated 5G deployment. They are recognized for their customer loyalty programs and network reliability in many regions.
• Metfone (Viettel Cambodia): As a subsidiary of Vietnam's Viettel, Metfone has the largest network footprint, particularly strong in rural and remote areas. They offer comprehensive 2G, 3G, and 4G services and are expanding their 5G network.
• Seatel (Cootel): A newer entrant, Seatel focuses on a 4G LTE-Advanced network. While its coverage might be less extensive than the top three, it offers competitive data-centric plans, especially for users within its coverage zones.

5G Availability: 5G connectivity is primarily concentrated in the central business districts and densely populated areas of Phnom Penh, Siem Reap, and a few other major cities. Both Smart Axiata and Cellcard are actively expanding their 5G networks, offering significantly faster speeds and lower latency for compatible devices.

Practical Connectivity Tips for Travelers and Residents

Staying connected in Cambodia is generally straightforward and affordable, but a few strategic choices can optimize your experience:

1. Get a Local SIM Card: This is highly recommended for mobile data and local calls. SIM cards are cheap (often free with a small top-up) and widely available at airports, convenience stores, and official operator outlets. You will need your passport for registration, which is a mandatory requirement by the Telecommunication Regulator of Cambodia (TRC).
   • Operators to Consider: Smart Axiata, Cellcard, or Metfone. Check their current tourist packages or promotional data plans. All offer excellent 4G coverage; Smart and Cellcard lead in 5G expansion.
2. Prepaid vs. Postpaid: For most travelers and many residents, prepaid plans offer flexibility and cost control. Top-ups are easy via scratch cards, electronic kiosks, or mobile banking apps.
3. eSIMs: If your device supports it, consider an eSIM from a global provider like Airalo or Holafly for immediate connectivity upon arrival, though local SIMs often offer better value for longer stays.
4. Portable WiFi (MiFi) Devices: For groups or those with multiple devices, a MiFi device from a local operator (e.g., Smart MiFi) can be a cost-effective solution, providing a private WiFi hotspot using a local SIM card.
5. Leverage Hotel/Cafe WiFi (with Caution): Most hotels, guesthouses, restaurants, and cafes offer free WiFi. While convenient, exercise caution due to potential security risks (see 'Consumer Considerations' section). Speeds can vary greatly.
6. Monitor Data Usage: Keep an eye on your data consumption, especially if streaming or downloading large files. Mobile apps from operators provide real-time usage tracking.
7. Power Bank & Adapters: Essential for travelers. Power outages can occur, and staying charged is crucial. Cambodia uses Type A, C, and G sockets, with a voltage of 230V.
8. Offline Maps and Resources: Download offline maps (Google Maps, MAPS.ME) and other essential information before venturing into areas with potentially spotty reception.
9. Consider a Dual-SIM Phone: If you need to keep your home number active while using a local Cambodian SIM for data, a dual-SIM phone is invaluable.

By understanding the local infrastructure and employing these practical tips, you can ensure a seamless and efficient connectivity experience throughout Cambodia.

Unpacking Cambodia's Digital Legal Framework: Data Protection, Privacy, and Censorship

Cambodia's legal landscape concerning telecommunications, data privacy, and online content is evolving, often shaped by a blend of economic development goals, national security concerns, and international influence. Unlike many Western nations, Cambodia does not yet have a single, overarching data protection law akin to GDPR. Instead, relevant provisions are scattered across various legislative instruments, creating a complex and sometimes ambiguous environment for data handling and digital rights.

Data Protection and Privacy Regulations

As of recent updates, Cambodia is still in the process of developing a comprehensive national data protection law. While a Draft Law on Personal Data Protection has been under consideration for several years, its full enactment and implementation framework are yet to be finalized. This proposed law aims to establish general principles for personal data processing, data subject rights, and obligations for data controllers and processors, mirroring aspects of international best practices.

In the absence of a dedicated, comprehensive law, several existing statutes contain provisions related to data and privacy:

• Telecommunications Law (2009): This law provides the regulatory framework for telecommunications services, administered by the Ministry of Post and Telecommunications (MPTC) and the Telecommunication Regulator of Cambodia (TRC). It includes clauses related to lawful interception and the obligation of service providers to cooperate with law enforcement, often requiring data retention and disclosure upon request.
• Cybercrime Law (2020): While primarily focused on prosecuting cybercrimes (e.g., hacking, fraud, child pornography), this law also implicitly touches on data security and unauthorized access to data. It grants significant powers to authorities for investigation and data seizure in cases of alleged cybercrime.
• Law on Electronic Commerce (2019): This law aims to facilitate e-commerce and digital transactions but also includes provisions for consumer protection in online dealings, including some aspects of data integrity and the security of electronic transactions. It encourages, but does not strictly mandate, robust data security measures for online businesses.
• Criminal Code: General provisions within the Criminal Code can be invoked against individuals or entities that unlawfully access, alter, or destroy personal data, or infringe upon privacy through illicit means.

Data Retention Obligations

Service providers (ISPs and mobile operators) in Cambodia are generally understood to have an obligation to retain certain user data (metadata, traffic data, subscriber information) for a specified period, as mandated by the TRC and MPTC. This data is accessible by law enforcement and national security agencies under legal warrant or official request, often with limited public oversight mechanisms. The precise duration and scope of data retention are typically outlined in sub-decrees or ministerial proclamations rather than a single, transparent law.

Surveillance, Monitoring, and Censorship

Cambodia's government maintains a degree of control and oversight over the digital sphere, influenced by national security imperatives and a desire to manage information flows.

• National Internet Gateway (NIG): The most significant and controversial development is the Sub-Decree on the Establishment of the National Internet Gateway (NIG), promulgated in February 2021. This sub-decree mandates that all internet traffic in Cambodia must be routed through a single, government-controlled gateway. Proponents argue it enhances national security, facilitates tax collection, and promotes digital development. Critics, however, warn that the NIG could enable extensive state surveillance, data interception without warrants, increased censorship, and potentially stifle free expression and economic competitiveness due to a single point of failure and control. While the initial implementation deadline was February 2022, its full operationalization has faced delays and international scrutiny. Should it be fully implemented, it would significantly alter the landscape of internet freedom and privacy in Cambodia.
• Online Content Restrictions and Censorship: The government monitors online content, particularly on social media platforms. There have been instances of websites being blocked and individuals facing legal action for online speech deemed critical of the government, promoting

Venue Obligations: Offering Public WiFi in Cambodia – Legal, Technical, and Best Practices

For businesses such as hotels, cafes, restaurants, shopping malls, and co-working spaces in Cambodia, offering public WiFi is not just a customer amenity; it comes with a set of legal, technical, and practical considerations. While Cambodia's legal framework for data protection is still evolving, businesses must navigate existing regulations and implement robust technical solutions to ensure compliance, security, and a positive user experience.

Legal and Regulatory Landscape

Unlike jurisdictions with strict data protection laws like GDPR, Cambodia does not yet have specific, comprehensive regulations explicitly governing the provision of public WiFi and the collection of user data by commercial venues. However, businesses are still subject to general telecommunications laws, business licensing requirements, and emerging principles of data security and privacy. The Ministry of Post and Telecommunications (MPTC) and the Telecommunication Regulator of Cambodia (TRC) are the primary bodies overseeing telecom services.

1. Telecommunications Licensing: While venues are not typically considered full-fledged ISPs, providing public WiFi, especially to a large number of users or as a core part of their service offering, might require some form of registration or acknowledgment from the TRC. It's crucial for businesses to clarify if their public WiFi service falls under any specific telecommunications service category that requires a license or declaration, particularly if they are reselling internet access rather than just offering it as a free amenity.
2. Data Collection and Privacy: Although a dedicated data protection law is pending, the general principles of privacy and consent from existing laws (e.g., Civil Code, proposed data protection law) suggest that if a venue collects personal data (e.g., names, email addresses, phone numbers for WiFi access), it should:
   • Be Transparent: Clearly inform users what data is being collected, why it is being collected, and how it will be used (e.g., via a privacy policy or terms of service on a captive portal).
   • Obtain Consent: Implied or explicit consent should be obtained for data collection and processing. For example, agreeing to terms and conditions before accessing WiFi.
   • Ensure Security: Protect collected data from unauthorized access, loss, or disclosure.
   • Purpose Limitation: Use collected data only for the stated purposes.
3. Data Retention: While not explicitly mandated for public WiFi providers, ISPs and mobile operators are required to retain certain user data. If a venue logs user activity (e.g., MAC addresses, connection times, browsing history), it's prudent to understand potential obligations for data retention and disclosure to authorities if requested under legal process, especially under the Cybercrime Law (2020).
4. Liability for Illegal Activities: Venues offering public WiFi could potentially face legal scrutiny if illegal activities are conducted over their network. While direct liability is often hard to prove without direct involvement, maintaining logs (IP addresses, MAC addresses, connection times) can help demonstrate due diligence and aid law enforcement investigations.

Technical Considerations and Implementation

Effective public WiFi deployment requires robust technical infrastructure and security measures to ensure reliability, performance, and user safety.

1. Network Architecture:
   • Separate Networks (VLANs): Crucial to segregate the public WiFi network from the internal business network (POS systems, back-office computers, security cameras). This prevents guests from accessing sensitive business data and isolates potential threats.
   • Dedicated Bandwidth: Allocate sufficient and dedicated bandwidth for public WiFi to ensure a reasonable user experience without impacting critical business operations.
2. Captive Portals:
   • Mandatory Use: Captive portals are highly recommended for public WiFi services in Cambodia. They serve multiple functions:
     • Terms of Service (ToS) and Acceptable Use Policy (AUP): Users must agree to these before gaining access, limiting the venue's liability for user actions.
     • Authentication: Methods like simple click-through, email registration, SMS OTP (One-Time Password) verification, social media login, or voucher codes can be used. SMS authentication (using a local number) is effective for verifying real users and can aid in traceability.
     • Branding and Marketing: Portals can be customized with the venue's branding, display promotions, or collect opt-in marketing consents.
     • Data Collection (Optional): If collecting user data (e.g., email for newsletters), clearly state the purpose and obtain explicit consent through the portal.
3. Network Security:
   • Firewalls: Implement robust firewalls to protect the network from external threats and control traffic flow.
   • Intrusion Detection/Prevention Systems (IDPS): Consider IDPS to monitor for malicious activities and prevent attacks.
   • Guest Isolation: Configure the WiFi network to prevent devices connected to the public network from communicating with each other (client isolation). This protects individual users from potential peer-to-peer attacks.
   • Encryption: While open public WiFi networks often don't use WPA2/WPA3 for the primary connection, the back-end infrastructure should be secured. For guest networks, consider WPA3-Enterprise if possible for enhanced security, though WPA2-Personal is more common for simple guest access.
4. Bandwidth Management and Quality of Service (QoS):
   • Fair Usage Policy: Implement QoS rules to ensure fair allocation of bandwidth among users, preventing a single user from hogging all resources.
   • Throttling/Blocking: Consider throttling bandwidth for specific applications (e.g., torrents) or blocking access to known malicious sites or illegal content, as per local regulations.
5. Monitoring and Logging:
   • Access Logs: Log user connection data (MAC address, IP address assigned, connection time, duration, bandwidth used). This is vital for troubleshooting, security investigations, and demonstrating compliance.
   • Retention: Establish a clear policy for how long these logs are retained, aligning with any potential legal requirements.
6. Physical Security: Secure all networking equipment (routers, switches, access points) in locked cabinets or inaccessible areas to prevent tampering.

Best Practices for Public WiFi Provision

• Clear Signage: Inform users about the availability of WiFi, how to connect, and any basic terms of use.
• Regular Updates: Keep all network hardware firmware and software up to date to patch security vulnerabilities.
• Staff Training: Educate staff on basic WiFi troubleshooting, security protocols, and how to handle customer inquiries about connectivity or privacy.
• Guest Feedback: Encourage feedback on WiFi performance to continuously improve the service.
• Professional Installation: Engage professional IT services for initial setup and ongoing maintenance to ensure optimal performance and security.
• Review Legal Advice: Regularly consult with legal counsel regarding the evolving data protection landscape in Cambodia to ensure ongoing compliance.

By carefully considering these legal and technical obligations, businesses in Cambodia can offer a secure, reliable, and compliant public WiFi service that enhances customer experience while mitigating potential risks.

Digital Self-Defense: Cybersecurity Advice for End-Users in Cambodia

As internet connectivity in Cambodia becomes increasingly pervasive, so do the associated cybersecurity risks. While the convenience of public WiFi and mobile data is undeniable, end-users must adopt proactive measures to protect their personal data, financial information, and online privacy. This section provides critical cybersecurity advice, focusing on the unique challenges and recommendations for users in Cambodia.

The Inherent Risks of Public and Open WiFi Hotspots

Public WiFi, common in cafes, hotels, airports, and malls across Cambodia, offers convenience but comes with significant security vulnerabilities:

1. Man-in-the-Middle (MITM) Attacks: On an unencrypted or poorly secured public WiFi network, attackers can easily intercept data flowing between your device and the internet. This allows them to eavesdrop on your communications, steal login credentials, credit card details, and other sensitive information.
2. Malware Distribution: Cybercriminals can set up rogue WiFi hotspots (known as