Cybersecurity · Cameroon
Cybersecurity regulation in Cameroon (2026)
Cameroon shaded by its cybersecurity status
Cameroon enacted a dedicated Cybersecurity and Cybercriminality Law in 2010 (Law No. 2010/012), establishing a comprehensive legal regime covering electronic security, cybercrime offences, cryptography, and electronic certification, administered by ANTIC. In 2022 Cameroon acceded to the Budapest Convention on Cybercrime, aligning its procedural framework with international standards. A Personal Data Protection Law (No. 2024/017, December 2024) added mandatory breach-notification duties, with a compliance deadline of June 2026.
Key points
Law No. 2010/012 of 21 December 2010 criminalises unauthorised access, data/system interference, digital fraud, identity theft, and child sexual abuse material; it also establishes the legal regime for electronic evidence, cryptography, and certification. Penalties apply to both individuals and corporate entities.
ANTIC regulates electronic security activities, operates Cameroon's Public Key Infrastructure, and runs a Computer Incident Response Team (CIRT) that processes approximately 200 GB of threat data and handles around 200 urgent cyber-related judicial requisitions daily.
Law No. 2022/002 of 27 April 2022 authorised accession to the Budapest Convention on Cybercrime; Decree No. 2022/169 of 23 May 2022 proclaimed accession, bringing Cameroon's procedural and international-cooperation provisions into alignment with the Convention.
Law No. 2024/017 of 23 December 2024 requires data controllers and processors to notify the data protection authority and affected data subjects 'immediately' upon becoming aware of any breach (all breaches, not only serious ones). Controllers and processors are jointly and severally liable for unlawful disclosure. An 18-month compliance grace period runs until 23 June 2026.
Under Law No. 2010/012, network operators and electronic service providers must submit to mandatory security audits overseen by ANTIC. Since January 2024, ANTIC's audits of public administrations and private companies identified 8,502 vulnerabilities, illustrating active enforcement of these obligations.
The Council of Europe's Octopus Country Wiki notes that Cameroon has not yet adopted a dedicated national cybersecurity strategy document, a gap also identified in academic assessments of its cybersecurity resilience, even though operational capacities (CIRT, ANTIC) are in place.
Timeline - major decisions & events
ANTIC processed 32,500 judicial requisitions in 2025 — a 30% increase over 2024, equating to roughly 200 per day — and identified 8,502 vulnerabilities and 8,499 fake accounts impersonating senior officials since January 2024. The figures mark the most acute threat environment Cameroon has recorded and reflect growing digitisation of crime.
Digital Business Africa / ANTIC ↗Cameroon adopted its first comprehensive data-protection statute, creating a new Personal Data Protection Authority, mandating opt-in consent, data-impact assessments, and records of processing, with extraterritorial reach to any controller processing data of persons in Cameroon. An 18-month grace period runs to 23 June 2026, after which enforcement applies.
Presidency of the Republic of Cameroon (prc.cm) ↗Under the World Bank-financed Project for the Acceleration of Digital Transformation of Cameroon (PATNUC), MINPOSTEL equipped ANTIC's CIRT with five high-performance servers, three digital-investigation platforms, twenty storage consoles, thirty specialised workstations, and penetration-testing tools — the largest single upgrade to Cameroon's national cyber-incident response capacity.
Business in Cameroon ↗President Biya signed Decree No. 2022/169 proclaiming Cameroon's accession to the Council of Europe's Budapest Convention on Cybercrime, the world's pre-eminent cybercrime treaty, binding Cameroon to harmonised substantive offences, electronic-evidence procedures, and mutual legal assistance across its 60-plus state parties.
Council of Europe Octopus Cybercrime Community ↗President Biya signed Decree No. 2019/150 updating the organisation and functioning of ANTIC, explicitly granting it powers of injunction over operators and affirming its mandate to regulate, control, and monitor information-system security, electronic certifications, and ICT ethical use across public and private entities.
Council of Europe Octopus Cybercrime Community ↗Cameroonian authorities cut internet access entirely in the English-speaking North West and South West regions on 17 January 2017; the blackout lasted 93 days and cost the economy at least USD 38 million, exposing how centralised state control of the CAMTEL fibre backbone can be weaponised and triggering lasting digital-rights and cybersecurity debates.
CNN ↗The Prime Minister signed Decree No. 2012/1643/PM fixing the terms and modalities of compulsory security audits for all electronic communications networks and information systems, requiring operators to notify ANTIC of intrusions and to bear audit costs — the key implementing regulation that operationalised the audit mandate in the 2010 Cybersecurity Law.
Ministry of Posts and Telecommunications (minpostel.gov.cm) ↗Cameroon's National Assembly adopted its landmark Cybersecurity and Cybercriminality Law — one of Africa's earliest dedicated cybercrime statutes — criminalising unauthorised access, data fraud, identity theft, child pornography, and online hate speech; mandating security audits for ISPs and operators; granting legal validity to electronic signatures; and designating ANTIC as Root Certification Authority and primary national cybersecurity regulator.
Ministry of Posts and Telecommunications (minpostel.gov.cm) ↗Enacted alongside the Cybersecurity Law, Law No. 2010/013 established the comprehensive regulatory framework for electronic communications in Cameroon, setting sector governance and the obligations for operators and access providers within which all cybersecurity duties apply.
Ministry of Posts and Telecommunications (minpostel.gov.cm) ↗Cameroon - other topics
Last verified 5/24/2026 · Orientation, not legal advice - verify against the primary sources linked above. Explore the full world map →