Cybersecurity regulation in Eritrea (2026)

Eritrea has not enacted a standalone national cybersecurity or information-security law. The ITU CyberWellness country profile and DataGuidance both confirm the absence of dedicated cybersecurity legislation, and Eritrea does not appear in the ITU National Cybersecurity Strategies Repository.

The principal in-force instruments are Communications Proclamation No. 102/1998 and Eritrean Telecommunications Services Corporation Proclamation No. 134/2003, both confirmed by the ITU legislation repository and the US Library of Congress. These govern the EriTel state monopoly but impose only minimal security obligations.

Secondary sources reference a Cybercrime Proclamation No. 125/2019 covering hacking, online fraud, data breaches, and malware; however, this instrument does not appear in major intergovernmental databases or official government portals and should be treated with caution pending official confirmation.

Eritrea has enacted no data protection statute; personal data is not legally defined, no supervisory authority exists, and there are no formal breach-notification or incident-reporting requirements on any sector. Data Protection Africa confirms this gap as of its latest fact sheet.

Eritrea has not published a national cybersecurity strategy and has not established a dedicated national cybersecurity authority or CERT. The ITU CyberWellness profile notes the absence of any national governance roadmap for cybersecurity.

Eritrea has not signed or ratified the Council of Europe Budapest Convention on Cybercrime. It has also not ratified the African Union Convention on Cyber Security and Personal Data Protection (Malabo Convention), which entered into force in June 2023 but has been ratified by only a minority of AU member states.