Cybersecurity regulation in Liberia (2026)

Both chambers of the Liberian Legislature passed the Cybercrime Act 2025 (House first, Senate on 4 November 2025 with amendments, concurrence cleared in January 2026). As of the latest available reporting the bill was transmitted to President Joseph Nyuma Boakai for signature; enactment had not yet been confirmed.

The Act criminalises unauthorised computer access, online fraud, identity theft, illegal data interception, and electronic harassment. Section 9A requires LCERT to publish mandatory technical standards including AES-256 encryption, TLS 1.2+, and compliance with ISO/IEC 27001 or NIST frameworks, plus regular security audits and penetration testing.

The Cybercrime Act includes provisions making breach reporting mandatory and time-bound, with LCERT as the designated reporting body. Specific notification timelines are to be defined in implementing regulations; no standalone, granular breach-notification regime is yet in force.

The Act establishes the Liberia National Cybersecurity Council (LNCC) to coordinate national policy and advise the government on emerging threats, and the Liberia Cybersecurity Emergency Response Team (LCERT) as the technical operational body. The Liberia Telecommunications Authority (LTA) retains its existing sector-level cybersecurity mandate.

The Ministry of Posts and Telecommunications published the National Cybersecurity Strategy 2025–2029 in February 2026, covering five strategic pillars including legal and regulatory frameworks, critical infrastructure protection, capacity building, and international cooperation. A mid-term review is scheduled for 2027.

The Cybercrime Act commits Liberia to acceding to the Budapest Convention on Cybercrime (Council of Europe) and the African Union Malabo Convention to enable cross-border investigations, evidence sharing, and mutual legal assistance. Liberia is also an ECOWAS member subject to the ECOWAS Directive on Cybercrime.