Cybersecurity · Algeria
Cybersecurity regulation in Algeria (2026)
Algeria shaded by its cybersecurity status
Algeria has built a layered cybersecurity regime across multiple instruments rather than a single comprehensive statute: a 2009 cybercrime law governs offences and ISP obligations; a 2020 presidential decree created the national governance bodies CNSSI and ANSSI; and a July 2025 amendment to the data-protection law introduced mandatory breach notification. In December 2025–January 2026, Algeria further tightened the framework by approving a five-year national cybersecurity strategy and mandating dedicated cybersecurity units inside all public institutions.
Key points
Law No. 09-04 of 5 August 2009, amended by Law No. 16-02 of 19 June 2016, defines ICT-related offences, authorises electronic-communications surveillance, obliges service providers to cooperate with authorities and retain data, and created a national committee for preventing and fighting cybercrime.
Presidential Decree No. 20-05 of 20 January 2020 (amended by Decree 25-298 of 10 November 2025) established the National Council for IS Security (CNSSI) as the strategic body and the National Agency for IS Security (ANSSI) as the technical/operational arm, mandating a CISO in all state information systems.
Law No. 25-11 of 24 July 2025 amended the data-protection Law 18-07 to introduce mandatory breach notification: organisations must notify the national data-protection authority (ANPDP) and affected individuals within five days of discovering a personal data breach.
Presidential Decree No. 25-321 of 30 December 2025 formally approved the five-pillar National Cybersecurity Strategy 2025-2029, covering protection of state digital infrastructure, mandatory security audits for critical sectors (banking, healthcare, energy), capacity building, and sector-specific cybersecurity regulations.
Presidential Decree No. 26-07 of 7 January 2026 requires all public administrations and state-linked organisations to establish internal cybersecurity units, defining their missions, organisational structure, and responsibilities for anticipating and managing cyber risks.
Algeria's national CERT (DZ-CERT), hosted by CERIST, coordinates incident response and exchanges threat intelligence with international CERTs. ANSSI oversees vulnerability disclosure and certification of cybersecurity products; critical infrastructure operators face enhanced incident-reporting obligations to ANSSI.
Timeline - major decisions & events
Presidential Decree No. 26-07 requires every Algerian public institution to establish a dedicated cybersecurity unit reporting directly to the head of the organisation; units must map threats, deploy remediation plans, and coordinate incident response with ASSI. Driven by Algeria recording over 70 million cyberattacks in 2024, ranking 17th globally among most-targeted nations.
Ecofin Agency ↗Presidential Decree No. 25-321 signed by President Tebboune formally approves Algeria's five-year national cybersecurity strategy, targeting critical infrastructure defence, digital sovereignty, and public-sector capacity-building as the overarching policy framework.
AlgeriaTech News ↗Presidential Decree No. 25-298 updates the foundational decree creating CNSSI and ASSI, refining inter-institutional mandates and coordination rules in preparation for the 2025–2029 strategy rollout.
CMS Expert Guide ↗Parliament adopted Law No. 11-25 amending the 2018 data protection law to mandate appointment of Data Protection Officers (DPOs), maintenance of detailed processing records, and Data Protection Impact Assessments (DPIAs), substantially increasing cybersecurity-linked compliance obligations.
Digital Policy Alert ↗Moroccan hacktivist groups 'Phantom Atlas' and 'Moroccan Cyber Forces' breached Algeria's Social Security Fund for postal and telecoms workers (MGPTT), leaking 13–20 GB of sensitive records including national ID numbers and administrative documents, highlighting state-adjacent cyber-conflict risks.
Yabiladi ↗Algeria's 2018 data-protection law, dormant pending the ANPDP's installation, became fully binding; all public and private entities processing data of persons in Algeria must now make prior declarations or obtain authorisation from the ANPDP, with direct cybersecurity-safeguarding obligations attached.
Digital Policy Alert ↗The National Authority for the Protection of Personal Data (ANPDP), whose 16 members were appointed by Presidential Decree No. 22-187 on 18 May 2022, was formally installed on 11 August 2022, starting the one-year countdown to Law 18-07 entering into force.
Gide Law Firm ↗Algeria adopted a comprehensive data protection statute establishing consent requirements, data subject rights, and the independent ANPDP supervisory authority; enforcement was deferred pending the authority's installation, creating a compliance obligation with a delayed trigger.
Digital Policy Alert ↗This foundational telecoms law (Article 10) formally defined 'cybersecurity' in Algerian statute and imposed binding network security, data confidentiality, and anti-interception obligations on all electronic communications operators, with criminal penalties under Article 165 for non-compliance.
Digital Policy Alert ↗Algeria's principal cybercrime law defined ICT-related offences, authorised lawful electronic surveillance and digital search-and-seizure, established a national body to coordinate cybercrime prevention and forensic assistance, and provided a framework for international judicial cooperation.
WIPO Lex ↗Algeria inserted Section 7 bis into the Penal Code, criminalising unauthorised access to automated data-processing systems, data integrity violations, and digital fraud — establishing the first criminal-law basis for prosecuting computer intrusions and laying the foundation for all subsequent cybersecurity legislation.
Council of Europe – Octopus Cybercrime Community ↗Algeria - other topics
Last verified 5/24/2026 · Orientation, not legal advice - verify against the primary sources linked above. Explore the full world map →