Malki Opatha Courtesy The Strategist

Starlink is great for developing countries, offering connectivity without costly infrastructure. But it’s a challenge for their national security, since authorities can’t monitor the traffic it carries.

This policy conflict arose in Sri Lanka in early May, when the government paused rollout of the satellite communications service, blocking one of the few ways to ensure affordable connectivity to remote and vulnerable areas.

Satellite internet can help close significant connectivity gaps across Sri Lanka, especially in remote, underserved and disaster-prone regions where fibre and mobile networks are limited. For a country recovering from conflict and economic crises, affordable and resilient connectivity is essential. But the government’s inability to monitor or intercept traffic through Starlink’s infrastructure has triggered alarm bells. Authorities say the service can’t proceed until security and regulatory frameworks are in place.

While regulatory hurdles for Starlink are increasing, Sri Lanka’s case is distinct. Some countries, including Lesotho and Cambodia, have approved Starlink as part of broader trade negotiations with the United States. In contrast, Sri Lanka independently initiated licensing reforms and has since paused rollout to address legal and security concerns. It’s one of the few small states asserting regulatory sovereignty, rather than accommodating external pressure.

Sri Lanka isn’t alone. India required Starlink to suspend preorders in 2021 until it secured proper licencing. Indonesia approved Starlink in 2024 only after obtaining regulatory assurances. And France revoked Starlink’s licence in 2022 after a court ruled regulators failed to conduct mandatory public consultation.

The licencing delay reflects broader shifts in Sri Lanka’s approach to digital governance. The current administration has placed greater emphasis on regulatory control, particularly when it comes to foreign-operated digital infrastructure. The Online Safety Act, passed in early 2024, created the Online Safety Commission with powers to regulate content and digital platforms. Online service providers, including foreign platforms, must comply with requirements on matters such as disinformation, incitement and national security.

While Starlink isn’t a social media platform, its architecture enables encrypted, high-speed internet access that bypasses local routing and oversight. That conflicts with Sri Lanka’s digital governance agenda, which emphasises legal accountability, interoperability with domestic regulation and alignment with security priorities.

In that sense, the Starlink pause reflects a bigger reckoning over who controls Sri Lanka’s digital infrastructure, and under what rules.

Starlink’s technical promise is clear: with over 6,000 satellites in low Earth orbit, the network can deliver fast, reliable internet to areas often left behind. That makes it attractive to countries such as Sri Lanka, where coverage gaps persist. The satellite internet market is also expanding rapidly with competitors including Amazon’s Project Kuiper and OneWeb preparing to enter the satellite broadband space.

Recognising the potential of satellite networks, former president Ranil Wickremesinghe’s administration met Elon Musk and fast-tracked approvals in 2024. This followed the passage of an updated Telecommunications Bill—the first amendment to the law in 28 years—which introduced new licence categories and explicitly enabled Starlink Lanka to operate as a licensed service provider, pending regulatory approval.

That momentum has stalled under the new government. President Anura Kumara Dissanayake’s administration has raised concerns about Starlink’s limited integration with national infrastructure, restricting lawful government and regulatory oversight.

That lack of oversight is a dealbreaker under current policy settings. As with many countries, Sri Lanka’s regulatory posture is still evolving, but with heightened concerns about extraterritorial digital services, it’s unlikely to make exceptions.

This echoes Sri Lanka’s caution with Huawei’s 5G rollout. Although not banned, Huawei was sidelined after key partners raised espionage concerns. Starlink presents a different risk, as it’s less about foreign surveillance and more about domestic blind spots. But the underlying issue is similar: what happens when critical digital infrastructure lies beyond the reach of the state?

Sri Lanka’s hardline stance comes at a cost. Blocking Starlink might slow digital inclusion, especially in hard-to-reach areas. And while the government has signalled interest in developing its own telecommunications capabilities, infrastructure rollouts take time, and the country is still navigating the tail end of an economic crisis that makes this more aspirational than practical.

A more strategic approach might involve conditional approvals. That could include mandating Starlink to partner with a licensed domestic telecommunications provider, such as Dialog or SLT-Mobitel, to establish in-country gateways or route traffic through national internet exchanges. These measures would comply with Sri Lanka’s regulatory requirements and enable oversight.

The Starlink case should prompt Sri Lanka to clarify its digital infrastructure policy. It will face similar questions over foreign cloud services, cross-border data flows and AI platforms. Setting clear, predictable rules now would help manage future risks and reinforce the country’s ability to safeguard its digital sovereignty.

That may be difficult, but it’s not impossible. Sri Lanka’s Starlink pause is a reminder that political will can ensure foreign digital services—from satellites in orbit or platforms online—adhere to local rules.