Skip to content
World Watch/Laos/Cybersecurity

Cybersecurity ยท Laos

Cybersecurity law & regulation in Laos (2026)

Comprehensive lawLaw on Cybersecurity (published Lao Official Gazette 20 March 2026); supplemented by Law on Prevention and Combating Cyber Crime (2015) and Law on Electronic Data Protection No. 25/NA (2017); primary regulator: Ministry of Technology and Communications (MTC) with LaoCERT as national CSIRTCountry index 75 ยท B+

Laos shaded by its cybersecurity status

Cybersecurity in Laos: comprehensive law, anchored by Law on Cybersecurity (published Lao Official Gazette 20 March 2026); supplemented by Law on Prevention and Combating Cyber Crime (2015) and Law on Electronic Data Protection No. 25/NA (2017); primary regulator: Ministry of Technology and Communications (MTC) with LaoCERT as national CSIRT.

Laos enacted a standalone Law on Cybersecurity, published in the Lao Official Gazette on 20 March 2026 after National Assembly review in June 2025, creating a comprehensive legal framework governing cybersecurity obligations across all sectors. The law complements the 2015 cybercrime law and 2017 electronic data protection law, mandating incident reporting, annual compliance filings, and critical infrastructure protection across five designated sectors. Enforcement authority rests with the MTC, supported by LaoCERT.

Key points

Law on Cybersecurity (2026)

Laos published a standalone Law on Cybersecurity in the Lao Official Gazette on 20 March 2026, following National Assembly review on 23 June 2025. It introduces a comprehensive framework covering risk management, access control, encryption, network security, incident response, and registration requirements for online service providers.

Critical Infrastructure Sectors

The 2026 law designates five critical national information infrastructure sectors: national defence and public security; technology and communications; finance and banking; energy; and commerce, transport and logistics. Operators of these sectors face heightened security obligations including physical protection, access control, and third-party service provider oversight.

Incident Reporting & Breach Notification

All covered entities must immediately report cybersecurity incidents to the MTC/LaoCERT. In addition, organisations must submit annual cybersecurity reports to the MTC every January, maintain data backups across multiple locations, and establish documented incident response procedures.

National Cybersecurity Operations System & LaoCERT

The 2026 law establishes a National Cybersecurity Operations System, a 24/7 central monitoring and response structure integrating big data analytics and AI. LaoCERT, operating as a division of the MTC's Department of Cyber Security, serves as the national CSIRT and front-line receiver of security breach reports from individuals and legal entities.

Predecessor Laws Still In Force

The Law on Prevention and Combating Cyber Crime (15 July 2015) criminalises cyber offences and established LaoCERT; the Law on Electronic Data Protection No. 25/NA (12 May 2017) requires data controllers to implement technical and organisational security measures, data backup and recovery systems, and imposes fines of up to LAK 15 million for violations.

Enforcement & Penalties

Violations of the 2026 Law on Cybersecurity may result in warnings, fines, civil liability, or criminal penalties. The MTC is the primary supervisory authority; LaoCERT handles operational incident coordination. The 2017 data protection law additionally provides criminal sanctions for serious breaches.

Timeline - major decisions & events

Mar 20, 2026law
Law on Cybersecurity Published in Official Gazette

Laos formally enacted its first dedicated Law on Cybersecurity, published in the Official Gazette. The law defines critical national information infrastructure across five sectors (defence, technology and communications, finance and banking, energy, commerce/transport), mandates immediate incident reporting and annual cybersecurity returns to the Ministry of Technology and Communications, and introduces a 24/7 National Cybersecurity Operations System using AI and big-data analytics. Violations may attract warnings, fines, civil liability, or criminal penalties.

Asia IP Law โ†—
Jun 23, 2025lawofficial
National Assembly Reviews Draft Law on Cybersecurity

During the 9th Ordinary Session of the 9th National Assembly, Laos reviewed the draft Law on Cybersecurity presented by Minister of Technology and Communications Boviengkham Vongdala, marking the final legislative stage before enactment of the country's first standalone cybersecurity statute.

Khao San Pathet Lao (KPL) โ€” Official Lao State News Agency โ†—
Jan 2, 2025incident
Ministry of Finance Data Breach (Funksec)

The Ministry of Finance of Laos suffered a data breach attributed to the cybercriminal group Funksec, exposing government financial data and underscoring the state's vulnerability to ransomware and extortion-oriented threat actors ahead of the new cybersecurity law's passage.

BreachSense โ†—
Aug 1, 2024decisionofficial
National Cyber Security Development Strategic Plan 2035 Adopted

The Ministry of Technology and Communications approved the National Cyber Security Development Strategic Plan through 2035, establishing a long-term roadmap for building cyber resilience and supporting Laos's transition to a digital economy.

U.S. International Trade Administration โ†—
Jan 15, 2024decision
Vietnam-Laos Cybersecurity Capacity-Building Agreement

Vietnam's Ministry of Public Security agreed to assist Laos in deploying a national information-security monitoring and management system, issuing cyber-attack alerts to government agencies, and training Lao National Cyber Security Centre staff, significantly boosting Laos's operational cyber capacity as it assumed the ASEAN Chairmanship for 2024.

OpenGov Asia โ†—
Aug 1, 2019decisionofficial
First Digital Forensics Laboratory Opened

The Lao People's Democratic Republic Police Force inaugurated the country's first Digital Forensics Laboratory, providing dedicated capacity to analyse digital evidence from cybercrime investigations and strengthening law-enforcement's ability to prosecute offences under the 2015 Cybercrime Law.

Council of Europe โ€” Octopus Cybercrime Community โ†—
May 12, 2017lawofficial
Law on Electronic Data Protection (No. 25/NA) Enacted

The National Assembly enacted the Law on Electronic Data Protection, establishing consent requirements, data-minimisation obligations, security safeguards, and cross-border transfer restrictions for electronic data. MOTC and LaoCERT were designated co-enforcement authorities, creating Laos's first personal-data protection regime.

Lao Services Portal โ€” Ministry of Industry and Commerce โ†—
Jun 21, 2016decisionofficial
LaoCERT Formally Established as Independent National CERT

Prime Minister Decree No. 171/PM separated LaoCERT from the Lao National Internet Center, making it the independent national Computer Emergency Response Team under the Ministry of Posts and Telecommunications, with dedicated divisions for incident handling, network monitoring, research and development, and international cooperation.

LaoCERT โ€” Official Website โ†—
Jul 15, 2015lawofficial
Law on Prevention and Combating Cyber Crime (No. 61/NA) Enacted

Laos's first dedicated cybercrime statute criminalised unauthorised access, data interference, and online fraud, mandated the creation of LaoCERT as the national CSIRT, and provided substantive, procedural, and international-cooperation provisions, forming the cornerstone of the cybersecurity legal framework that governed the country for the next decade.

Khao San Pathet Lao (KPL) โ€” Official Lao State News Agency โ†—

Laos - other topics

Cybersecurity in other countries

Last verified 5/24/2026 ยท Orientation, not legal advice - verify against the primary sources linked above. Methodology & how to cite ยท Explore the full world map โ†’