Cybersecurity - Angola

Sectoral rulesLaw No. 7/17 of 16 February 2017 (Computer Security); Law No. 22/11 of 17 June 2011 (Personal Data Protection / LPDP); Law No. 23/11 of 20 June 2011 (Electronic Communications); supervised by Agência de Protecção de Dados (APD) and INACOM; National Cybersecurity Strategy enacted by Presidential Decree No. 256/25 (December 2025); standalone Cybersecurity Bill in parliamentary process since January 2026

Angola's cybersecurity regime currently rests on sector-specific statutes — Law 7/17 on computer and network security, Law 22/11 on personal data protection (with breach-notification duties), and Law 23/11 on electronic communications — rather than a single comprehensive framework. A dedicated Cybersecurity Bill passed its first parliamentary reading on 23 January 2026 and, if enacted, would create a unified National Cybersecurity System anchored by a new National Cybersecurity Centre (CNC) with regulatory, supervisory, and sanctioning powers. In parallel, Presidential Decrees 256/25 and 258/25 (December 2025) formalised a National Cybersecurity Strategy and a National Cybersecurity Council, marking a clear policy shift toward a coherent national regime.

Computer security law

Law No. 7/17 of 16 February 2017 establishes legal protections for networks and computer systems and requires electronic communications operators to implement preventive security measures to ensure network integrity and reliability. It is the primary in-force cybersecurity statute.

source 1 ↗source 2 ↗

Data protection & breach notification

Law No. 22/11 of 17 June 2011 (LPDP), enforced by the Agência de Protecção de Dados (APD), requires data controllers to notify the APD of personal data breaches. A revised draft data-protection law underwent public consultation from March–April 2025 and awaits enactment.

source 1 ↗source 2 ↗source 3 ↗

Critical infrastructure incident reporting

Operators of critical information infrastructure are obliged under existing law to report cyber incidents to the Cybersecurity Incident Alert and Response Center (CARIC). A National Cybersecurity Incident Management Framework introduced by the Ministry of Telecommunications in 2024 formalises coordination among Angola-CSIRT, APD, INACOM, and the CRO.

source 1 ↗source 2 ↗

Comprehensive Cybersecurity Bill (in progress)

On 23 January 2026 the Angolan parliament approved a standalone Cybersecurity Bill in its first reading (105 in favour, 1 against, 75 abstentions). The bill would create a National Cybersecurity Centre (CNC) as the central regulatory and sanctioning authority overseeing the entire national cybersecurity system; further readings are required before final enactment.

source 1 ↗source 2 ↗

National Cybersecurity Strategy & Council (Dec 2025)

Presidential Decree No. 256/25 approved Angola's National Cybersecurity Strategy and Presidential Decree No. 258/25 of 3 December 2025 established the National Cybersecurity Council and its Regulation, providing a strategic coordination framework in advance of the pending comprehensive legislation.

source 1 ↗source 2 ↗

Angola-CSIRT

The Angola Computer Security Incident Response Team (Angola-CSIRT) was informally launched in late 2023 to coordinate national cyber-incident responses, intelligence sharing, and public advisories alongside INACOM and the APD, providing an operational incident-response capability ahead of formal legislative backing.

source 1 ↗source 2 ↗

Machine-assisted translation · verified 5/24/2026 · orientation, not legal advice. English version →