Cybersecurity ยท Algeria
Cybersecurity law & regulation in Algeria (2026)
Algeria shaded by its cybersecurity status
Cybersecurity in Algeria: sectoral rules, anchored by Presidential Decree No. 20-05 (2020, amended 2025) establishing CNSSI/ANSSI; Law No. 09-04 (2009, amended 2016) on cybercrime; Law No. 18-07 (2018, amended by Law 25-11, 2025) on personal data protection; Presidential Decree No. 26-07 (2026) on cybersecurity units; National Cybersecurity Strategy 2025-2029 (Decree 25-321).
Algeria has built a layered cybersecurity regime across multiple instruments rather than a single comprehensive statute: a 2009 cybercrime law governs offences and ISP obligations; a 2020 presidential decree created the national governance bodies CNSSI and ANSSI; and a July 2025 amendment to the data-protection law introduced mandatory breach notification. In December 2025-January 2026, Algeria further tightened the framework by approving a five-year national cybersecurity strategy and mandating dedicated cybersecurity units inside all public institutions.
Key points
Law No. 09-04 of 5 August 2009, amended by Law No. 16-02 of 19 June 2016, defines ICT-related offences, authorises electronic-communications surveillance, obliges service providers to cooperate with authorities and retain data, and created a national committee for preventing and fighting cybercrime.
Presidential Decree No. 20-05 of 20 January 2020 (amended by Decree 25-298 of 10 November 2025) established the National Council for IS Security (CNSSI) as the strategic body and the National Agency for IS Security (ANSSI) as the technical/operational arm, mandating a CISO in all state information systems.
Law No. 25-11 of 24 July 2025 amended the data-protection Law 18-07 to introduce mandatory breach notification: organisations must notify the national data-protection authority (ANPDP) and affected individuals within five days of discovering a personal data breach.
Presidential Decree No. 25-321 of 30 December 2025 formally approved the five-pillar National Cybersecurity Strategy 2025-2029, covering protection of state digital infrastructure, mandatory security audits for critical sectors (banking, healthcare, energy), capacity building, and sector-specific cybersecurity regulations.
Presidential Decree No. 26-07 of 7 January 2026 requires all public administrations and state-linked organisations to establish internal cybersecurity units, defining their missions, organisational structure, and responsibilities for anticipating and managing cyber risks.
Algeria's national CERT (DZ-CERT), hosted by CERIST, coordinates incident response and exchanges threat intelligence with international CERTs. ANSSI oversees vulnerability disclosure and certification of cybersecurity products; critical infrastructure operators face enhanced incident-reporting obligations to ANSSI.
Timeline - major decisions & events
Presidential Decree No. 26-07 requires every Algerian public institution to establish a dedicated cybersecurity unit reporting directly to the head of the organisation; units must map threats, deploy remediation plans, and coordinate incident response with ASSI. Driven by Algeria recording over 70 million cyberattacks in 2024, ranking 17th globally among most-targeted nations.
Ecofin Agency โPresidential Decree No. 25-321 signed by President Tebboune formally approves Algeria's five-year national cybersecurity strategy, targeting critical infrastructure defence, digital sovereignty, and public-sector capacity-building as the overarching policy framework.
AlgeriaTech News โPresidential Decree No. 25-298 updates the foundational decree creating CNSSI and ASSI, refining inter-institutional mandates and coordination rules in preparation for the 2025-2029 strategy rollout.
CMS Expert Guide โParliament adopted Law No. 11-25 amending the 2018 data protection law to mandate appointment of Data Protection Officers (DPOs), maintenance of detailed processing records, and Data Protection Impact Assessments (DPIAs), substantially increasing cybersecurity-linked compliance obligations.
Digital Policy Alert โMoroccan hacktivist groups 'Phantom Atlas' and 'Moroccan Cyber Forces' breached Algeria's Social Security Fund for postal and telecoms workers (MGPTT), leaking 13-20 GB of sensitive records including national ID numbers and administrative documents, highlighting state-adjacent cyber-conflict risks.
Yabiladi โAlgeria's 2018 data-protection law, dormant pending the ANPDP's installation, became fully binding; all public and private entities processing data of persons in Algeria must now make prior declarations or obtain authorisation from the ANPDP, with direct cybersecurity-safeguarding obligations attached.
Digital Policy Alert โThe National Authority for the Protection of Personal Data (ANPDP), whose 16 members were appointed by Presidential Decree No. 22-187 on 18 May 2022, was formally installed on 11 August 2022, starting the one-year countdown to Law 18-07 entering into force.
Gide Law Firm โAlgeria adopted a comprehensive data protection statute establishing consent requirements, data subject rights, and the independent ANPDP supervisory authority; enforcement was deferred pending the authority's installation, creating a compliance obligation with a delayed trigger.
Digital Policy Alert โThis foundational telecoms law (Article 10) formally defined 'cybersecurity' in Algerian statute and imposed binding network security, data confidentiality, and anti-interception obligations on all electronic communications operators, with criminal penalties under Article 165 for non-compliance.
Digital Policy Alert โAlgeria's principal cybercrime law defined ICT-related offences, authorised lawful electronic surveillance and digital search-and-seizure, established a national body to coordinate cybercrime prevention and forensic assistance, and provided a framework for international judicial cooperation.
WIPO Lex โAlgeria inserted Section 7 bis into the Penal Code, criminalising unauthorised access to automated data-processing systems, data integrity violations, and digital fraud, establishing the first criminal-law basis for prosecuting computer intrusions and laying the foundation for all subsequent cybersecurity legislation.
Council of Europe โ Octopus Cybercrime Community โAlgeria - other topics
Cybersecurity in other countries
Last verified 5/24/2026 ยท Orientation, not legal advice - verify against the primary sources linked above. Methodology & how to cite ยท Explore the full world map โ