Cybersecurity regulation in Côte d'Ivoire (2026)

The National Assembly voted to ratify Ordinance No. 2024-950, formally embedding ANSSI's full cybersecurity mandate in statute and definitively repealing Article 50 of Law 2013-546 that had assigned those powers to ARTCI. The vote completed the legislative overhaul of Côte d'Ivoire's institutional cybersecurity architecture begun in October 2024.

Côte d'Ivoire was among seven nations participating in INTERPOL's Operation Red Card (November 2024 – February 2025), which resulted in over 300 arrests targeting mobile-banking, investment-app, and messaging-platform fraud syndicates. The operation confirmed operational integration between the PLCC, CI-CERT, and INTERPOL's African Joint Operation against Cybercrime (AFJOC).

Ordinance No. 2024-950 modernised the digital-space security framework, transferring network-security audit, information-system certification, and electronic-certificate issuance from ARTCI to the newly created National Agency for Information Systems Security (ANSSI), established by Decree No. 2024-958. ANSSI is mandated to protect state networks and critical infrastructure, coordinate incident response, and issue security accreditations.

Law No. 2024-352 replaced the 2012 ICT Code, updating licensing, interconnection, and operator security obligations for the modern broadband and mobile ecosystem and reinforcing cybersecurity-compliance duties for electronic communications providers.

Working with Swiss authorities under INTERPOL's AFJOC framework, the Ivorian cyber unit arrested the primary suspect behind an investment-fraud scheme targeting over 260 Swiss victims and yielding USD 1.9 million. The case demonstrated the operational maturity of the PLCC/CI-CERT international-cooperation model.

Law No. 2023-593 amended six articles of the 2013 Cybercrime Law, sharply raising sentences for child sexual abuse material (up to 6 years imprisonment and 40 million FCFA), digital intellectual-property offences, and introducing criminal liability for disseminating hateful or discriminatory content through information systems.

The government adopted the National Cybersecurity Strategy 2021-2025 (budget: 18 billion FCFA) and simultaneously issued Decree No. 2021-916 establishing the General Information Systems Security Reference Framework (RGSSI) and the Critical Infrastructure Protection Plan (PPIC), imposing mandatory baseline security standards on public institutions and operators of vital infrastructure.

Decree No. 2020-128 gave statutory legal status to CI-CERT (operational since 2009) and imposed a binding duty on all operators of public or private networks and information systems to notify CI-CERT of any attack, intrusion, or disruption that could affect other systems — the country's first mandatory cyber-incident reporting obligation.

Law No. 2017-803 established foundational legal and institutional principles for Côte d'Ivoire's information society, declared internet access a fundamental right, and set overarching cybersecurity governance obligations for all public and private actors operating digital infrastructure.

Law No. 2013-451, Côte d'Ivoire's primary cybercrime statute, criminalised unauthorised system access, attacks on data confidentiality, integrity and availability, computer fraud, child sexual exploitation online, and cyberstalking, with custodial penalties of several months to multiple years plus fines; it remains the foundational substantive cybercrime instrument.

A cooperation agreement between the Directorate-General of the National Police and ARTCI created the PLCC — Côte d'Ivoire's dedicated cybercrime enforcement unit combining investigative and technical capabilities for victim assistance, arrests, and content takedowns; in 2023 alone the PLCC removed over 280 videos and 1,600 fake accounts from social networks.