Cybersecurity · Angola
Cybersecurity regulation in Angola (2026)
Angola shaded by its cybersecurity status
Angola's cybersecurity regime currently rests on sector-specific statutes — Law 7/17 on computer and network security, Law 22/11 on personal data protection (with breach-notification duties), and Law 23/11 on electronic communications — rather than a single comprehensive framework. A dedicated Cybersecurity Bill passed its first parliamentary reading on 23 January 2026 and, if enacted, would create a unified National Cybersecurity System anchored by a new National Cybersecurity Centre (CNC) with regulatory, supervisory, and sanctioning powers. In parallel, Presidential Decrees 256/25 and 258/25 (December 2025) formalised a National Cybersecurity Strategy and a National Cybersecurity Council, marking a clear policy shift toward a coherent national regime.
Key points
Law No. 7/17 of 16 February 2017 establishes legal protections for networks and computer systems and requires electronic communications operators to implement preventive security measures to ensure network integrity and reliability. It is the primary in-force cybersecurity statute.
Law No. 22/11 of 17 June 2011 (LPDP), enforced by the Agência de Protecção de Dados (APD), requires data controllers to notify the APD of personal data breaches. A revised draft data-protection law underwent public consultation from March–April 2025 and awaits enactment.
Operators of critical information infrastructure are obliged under existing law to report cyber incidents to the Cybersecurity Incident Alert and Response Center (CARIC). A National Cybersecurity Incident Management Framework introduced by the Ministry of Telecommunications in 2024 formalises coordination among Angola-CSIRT, APD, INACOM, and the CRO.
On 23 January 2026 the Angolan parliament approved a standalone Cybersecurity Bill in its first reading (105 in favour, 1 against, 75 abstentions). The bill would create a National Cybersecurity Centre (CNC) as the central regulatory and sanctioning authority overseeing the entire national cybersecurity system; further readings are required before final enactment.
Presidential Decree No. 256/25 approved Angola's National Cybersecurity Strategy and Presidential Decree No. 258/25 of 3 December 2025 established the National Cybersecurity Council and its Regulation, providing a strategic coordination framework in advance of the pending comprehensive legislation.
The Angola Computer Security Incident Response Team (Angola-CSIRT) was informally launched in late 2023 to coordinate national cyber-incident responses, intelligence sharing, and public advisories alongside INACOM and the APD, providing an operational incident-response capability ahead of formal legislative backing.
Timeline - major decisions & events
Angola's parliament passed the draft Cybersecurity Law with 105 votes in favour (MPLA, PHA, FNLA), 1 against, and 75 abstentions (UNITA, PRS). The law creates a National Cybersecurity System, a National Cybersecurity Council, and a National Cybersecurity Centre (CNC) with coordination, supervisory, inspection and sanctions powers.
AMAN / Lusa ↗President João Lourenço signed Decreto Presidencial 258/25 creating the National Cybersecurity Council and approved the National Cybersecurity Strategy 2024-2028, published in the Official Gazette Series I No. 227, establishing Angola's first comprehensive, multi-year cybersecurity roadmap.
INACOM ↗The Angolan Council of Ministers formally reviewed and approved the Cybersecurity Bill, clearing it for submission to the National Assembly and signalling a shift from Angola's fragmented sectoral approach to a unified national cybersecurity governance model.
INACOM ↗The Agência de Protecção de Dados (APD) issued Circular No. 02/APD/2024 requiring public and private entities to notify the APD immediately upon any personal data breach, specifying the nature of the breach, its consequences, and remedial measures taken.
CMS Expert Guide ↗Lei 38/20 (Penal Code) introduced substantive cybercrime offences — illicit access, data manipulation, system sabotage, digital fraud, and illicit interception — aligned with all Budapest Convention articles; Lei 39/20 (Criminal Procedure Code) added expedited data-preservation and lawful-interception procedures, completing Angola's cybercrime legal framework.
Council of Europe Octopus ↗Angola deposited its instrument of ratification for the African Union Convention on Cyber Security and Personal Data Protection (Malabo Convention, 2014), committing to harmonised continental standards on electronic transactions, personal data protection, cybercrime, and cybersecurity governance.
African Union ↗Angola - other topics
Last verified 5/24/2026 · Orientation, not legal advice - verify against the primary sources linked above. Explore the full world map →