Data protection & privacy laws in Chad (2026)

Act No. 007/PR/2015, signed 10 February 2015, governs the collection, processing, storage, transmission and dissemination of personal data in Chad. It is supplemented by Decree No. 075/PR/2019 of 21 January 2019, which provides implementing detail.

The Agence Nationale de Sécurité Informatique et de Certification Électronique (ANSICE), created by Act No. 006/PR/2015, is Chad's data protection and cybersecurity authority. It became fully operational in 2020 and holds powers to investigate, warn, impose formal notices, block data processing, and refer violations for criminal sanction.

Controllers must process data lawfully, fairly and transparently; collect only for explicit and legitimate purposes; ensure data minimisation and accuracy; and implement appropriate security measures. Prior notification to or authorisation from ANSICE is required for certain processing activities.

Data subjects hold rights of access to information about processing, rectification of inaccurate data, erasure, and a qualified right to object to processing on legitimate grounds. These rights mirror the core set common across African Union Convention-influenced frameworks.

ANSICE may issue warnings, formal notices, processing suspensions of up to three years, or data blocks of up to three months. Courts may impose fines of XAF 1 million to XAF 10 million (approx. USD 1,700–17,300) and imprisonment of three months to one year for criminal violations.

Despite the law dating to 2015, ANSICE only became fully operational in 2020. As of 2024–2025, ANSICE joined the Global Forum on Cyber Expertise (GFCE) and participated in ITU child online protection discussions, signalling growing institutional capacity, though published enforcement actions remain limited.