Cybersecurity - Côte d'Ivoire

Law No. 2013-451 of June 19, 2013 criminalises unauthorised system access, data interception, cyberfraud, and dissemination of illicit content; Articles 17, 33, 58, 60, 62, and 66 were tightened by Law No. 2023-593 of June 7, 2023, raising penalties.

Ordonnance No. 2024-950 of October 30, 2024, ratified by the National Assembly on April 24, 2025, modernises the electronic-transactions framework and transfers network security, information-system audit and certification, and electronic-certificate issuance from ARTCI to ANSSI-CI.

Created by Decree No. 2024-958 of October 30, 2024, ANSSI-CI designs national information-system security strategies, protects public and private critical digital infrastructure, operates the national CI-CERT, and coordinates cybersecurity crisis management; it also oversees approval of cybersecurity service providers (PASSI accreditation).

ANSSI-CI operates a public incident-reporting portal (Menaces & Incidents / Procédures en cas d'incident); any citizen, company, or public body can submit a report triggering CI-CERT analysis and, where warranted, coordinated technical response or national alerts. Mandatory reporting obligations for operators of critical infrastructure are embedded in the PPIC framework.

Adopted December 22, 2021 with an 18-billion CFA franc budget (~USD 31 million), the strategy mandates a national SOC for real-time incident surveillance, a General Information Systems Security Framework (RGSSI), and a Critical Infrastructure Protection Plan (PPIC) covering transport, energy, health, and financial sectors.

Law No. 2013-450 of June 19, 2013 establishes personal data protection obligations enforced by ARTCI as independent data-protection authority; Law No. 2013-546 on electronic transactions (amended by Ordonnance 2024-950) governs electronic contracts, signatures, and cryptology, forming a complementary digital-trust layer alongside the cybersecurity regime.