Cybersecurity ยท Laos
Cybersecurity law & regulation in Laos (2026)
Laos shaded by its cybersecurity status
Cybersecurity in Laos: comprehensive law, anchored by Law on Cybersecurity (published Lao Official Gazette 20 March 2026); supplemented by Law on Prevention and Combating Cyber Crime (2015) and Law on Electronic Data Protection No. 25/NA (2017); primary regulator: Ministry of Technology and Communications (MTC) with LaoCERT as national CSIRT.
Laos enacted a standalone Law on Cybersecurity, published in the Lao Official Gazette on 20 March 2026 after National Assembly review in June 2025, creating a comprehensive legal framework governing cybersecurity obligations across all sectors. The law complements the 2015 cybercrime law and 2017 electronic data protection law, mandating incident reporting, annual compliance filings, and critical infrastructure protection across five designated sectors. Enforcement authority rests with the MTC, supported by LaoCERT.
Key points
Laos published a standalone Law on Cybersecurity in the Lao Official Gazette on 20 March 2026, following National Assembly review on 23 June 2025. It introduces a comprehensive framework covering risk management, access control, encryption, network security, incident response, and registration requirements for online service providers.
The 2026 law designates five critical national information infrastructure sectors: national defence and public security; technology and communications; finance and banking; energy; and commerce, transport and logistics. Operators of these sectors face heightened security obligations including physical protection, access control, and third-party service provider oversight.
All covered entities must immediately report cybersecurity incidents to the MTC/LaoCERT. In addition, organisations must submit annual cybersecurity reports to the MTC every January, maintain data backups across multiple locations, and establish documented incident response procedures.
The 2026 law establishes a National Cybersecurity Operations System, a 24/7 central monitoring and response structure integrating big data analytics and AI. LaoCERT, operating as a division of the MTC's Department of Cyber Security, serves as the national CSIRT and front-line receiver of security breach reports from individuals and legal entities.
The Law on Prevention and Combating Cyber Crime (15 July 2015) criminalises cyber offences and established LaoCERT; the Law on Electronic Data Protection No. 25/NA (12 May 2017) requires data controllers to implement technical and organisational security measures, data backup and recovery systems, and imposes fines of up to LAK 15 million for violations.
Violations of the 2026 Law on Cybersecurity may result in warnings, fines, civil liability, or criminal penalties. The MTC is the primary supervisory authority; LaoCERT handles operational incident coordination. The 2017 data protection law additionally provides criminal sanctions for serious breaches.
Timeline - major decisions & events
Laos formally enacted its first dedicated Law on Cybersecurity, published in the Official Gazette. The law defines critical national information infrastructure across five sectors (defence, technology and communications, finance and banking, energy, commerce/transport), mandates immediate incident reporting and annual cybersecurity returns to the Ministry of Technology and Communications, and introduces a 24/7 National Cybersecurity Operations System using AI and big-data analytics. Violations may attract warnings, fines, civil liability, or criminal penalties.
Asia IP Law โDuring the 9th Ordinary Session of the 9th National Assembly, Laos reviewed the draft Law on Cybersecurity presented by Minister of Technology and Communications Boviengkham Vongdala, marking the final legislative stage before enactment of the country's first standalone cybersecurity statute.
Khao San Pathet Lao (KPL) โ Official Lao State News Agency โThe Ministry of Finance of Laos suffered a data breach attributed to the cybercriminal group Funksec, exposing government financial data and underscoring the state's vulnerability to ransomware and extortion-oriented threat actors ahead of the new cybersecurity law's passage.
BreachSense โThe Ministry of Technology and Communications approved the National Cyber Security Development Strategic Plan through 2035, establishing a long-term roadmap for building cyber resilience and supporting Laos's transition to a digital economy.
U.S. International Trade Administration โVietnam's Ministry of Public Security agreed to assist Laos in deploying a national information-security monitoring and management system, issuing cyber-attack alerts to government agencies, and training Lao National Cyber Security Centre staff, significantly boosting Laos's operational cyber capacity as it assumed the ASEAN Chairmanship for 2024.
OpenGov Asia โThe Lao People's Democratic Republic Police Force inaugurated the country's first Digital Forensics Laboratory, providing dedicated capacity to analyse digital evidence from cybercrime investigations and strengthening law-enforcement's ability to prosecute offences under the 2015 Cybercrime Law.
Council of Europe โ Octopus Cybercrime Community โThe National Assembly enacted the Law on Electronic Data Protection, establishing consent requirements, data-minimisation obligations, security safeguards, and cross-border transfer restrictions for electronic data. MOTC and LaoCERT were designated co-enforcement authorities, creating Laos's first personal-data protection regime.
Lao Services Portal โ Ministry of Industry and Commerce โPrime Minister Decree No. 171/PM separated LaoCERT from the Lao National Internet Center, making it the independent national Computer Emergency Response Team under the Ministry of Posts and Telecommunications, with dedicated divisions for incident handling, network monitoring, research and development, and international cooperation.
LaoCERT โ Official Website โLaos's first dedicated cybercrime statute criminalised unauthorised access, data interference, and online fraud, mandated the creation of LaoCERT as the national CSIRT, and provided substantive, procedural, and international-cooperation provisions, forming the cornerstone of the cybersecurity legal framework that governed the country for the next decade.
Khao San Pathet Lao (KPL) โ Official Lao State News Agency โLaos - other topics
Cybersecurity in other countries
Last verified 5/24/2026 ยท Orientation, not legal advice - verify against the primary sources linked above. Methodology & how to cite ยท Explore the full world map โ