Cybersecurity regulation in Jordan (2026)

Law No. 16 of 2019 established the NCSC, granted it authority to develop the national cybersecurity strategy and issue binding policies, and set the overall governance structure for Jordan's cybersecurity regime. Article 6(B)(1) specifically mandates the NCSC to formulate strategy and related regulations.

The NCSC's National Cybersecurity Framework (NCF) became mandatory after an initial grace period; it requires public-sector institutions and critical infrastructure operators to implement prescribed technical controls covering risk management, incident response, and ICT supply-chain security. 90 national institutions had been integrated into government network monitoring systems as of 2024.

The NCF requires entities to notify the NCSC within two hours of confirming a cyber incident. Separately, the Central Bank of Jordan's Instructions for Handling Cyber Risks (No. 26/1/1/1984, 2018) require financial institutions to notify the Central Bank within 72 hours of discovering a cyber event.

Law No. 17 of 2023 (in force since September 13, 2023) repealed the 2015 cybercrime law and criminalises unauthorised network access (6 months–3 years imprisonment; JOD 2,500–25,000 fines), fraud, and data-related offences across 41 articles. It also contains provisions that have drawn criticism for being used against online expression.

The Personal Data Protection Law No. 24 of 2023 (Article 17) requires data controllers to immediately notify affected data subjects of any security breach or abuse of their personal data, creating a parallel breach-notification duty alongside the NCF incident reporting rules.

The Cabinet approved the Cyber Security Service Providers Licensing System in December 2024, requiring all cybersecurity service companies operating in Jordan to obtain an NCSC licence and meet specified quality and security standards. The NCSC will supervise, monitor, and audit licensed providers.

Approved by the NCSC in early 2025 and reviewed at the Royal Hashemite Court level, the strategy sets four strategic objectives and 14 sub-goals implemented through 42 programmes and 51 projects, targeting a secure, resilient, and trusted Jordanian cyberspace aligned with the Economic Modernisation Vision.