Cybersecurity · Lebanon

Cybersecurity regulation in Lebanon (2026)

Sectoral rulesLaw No. 81/2018 on Electronic Transactions and Personal Data; 2019 National Cybersecurity Strategy; Telecommunications Regulatory Authority (TRA); National Cybersecurity Committee (Resolution 173)Country index 64 · C+

Lebanon shaded by its cybersecurity status

Lebanon lacks a comprehensive standalone cybersecurity law. Its regime rests on the 2018 Electronic Transactions and Personal Data Law (Law 81/2018), a 2019 National Cybersecurity Strategy that has been only partially implemented, and sector-level oversight by the Telecommunications Regulatory Authority (TRA). Enforcement is severely hampered by the country's prolonged political and economic crisis, and a proposed National Cyber Security and Information System Agency (NCISA) has not yet been formally established.

Key points

Law 81/2018 – E-Transactions & Data Protection

Enacted October 2018, Law No. 81 combines electronic-transactions recognition with data-protection principles (purpose limitation, lawfulness, security) and requires data controllers to notify authorities of breaches. The Ministry of Economy and Trade is the designated enforcement authority, but practical enforcement remains minimal.

source 1 ↗source 2 ↗

Cybercrime Bureau & Law

Lebanon criminalises hacking, unauthorised access, fraud, identity theft, and dissemination of malicious software. The Cybercrime and Intellectual Property Rights Bureau (est. 2006 under the Internal Security Forces) handles enforcement, though its legal basis — a memorandum of service rather than a formal law or decree — is contested.

source 1 ↗source 2 ↗

2019 National Cybersecurity Strategy

Adopted by the Council of Ministers on 30 August 2019, the strategy set objectives through 2022 and proposed a National Cyber Security and Information System Agency (NCISA) under the Higher Council of Defense. As of 2025–2026 the NCISA has not been formally created and core strategy targets remain unimplemented.

source 1 ↗source 2 ↗

TRA Sector-Level Cybersecurity Oversight

The Telecommunications Regulatory Authority (TRA) acts as the principal cybersecurity body for the telecom sector, publishing guidance and coordinating incident response for licensed operators. The TRA maintains a dedicated cybersecurity portal but no general cross-sector mandatory incident-reporting framework is in force.

source 1 ↗

Lebanon CERT & National Committee

A voluntary Lebanon CERT was launched in 2019 by private-sector security experts and coordinates with ISPs, law enforcement, and international bodies. A National Cybersecurity Committee was formalised by Resolution 173 under the Prime Minister's authority, with a National Cybersecurity Coordinator appointed under Resolution 172.

source 1 ↗source 2 ↗

International Alignment & Gaps

Lebanon is a participant in the Council of Europe's Octopus/CyberSouth programme working toward Budapest Convention alignment, and is a signatory to the Paris Call. The 2024 ISOC Country Report scored Lebanon only 30.44/100 on cybersecurity readiness, reflecting absent cross-sector breach-notification duties, weak enforcement, and no NIS2-equivalent critical-infrastructure regime.

source 1 ↗source 2 ↗

Lebanon - other topics

Crypto & Digital Assets Artificial Intelligence Data & Privacy Digital Payments & Fintech Digital Nomad & Residency Internet & Online Safety Starting a Business

Read in:Spanish French German Portuguese Hindi

Last verified 5/24/2026 · Orientation, not legal advice - verify against the primary sources linked above. Explore the full world map →