Cybersecurity regulation in Mauritania (2026)

Law No. 007-2016 criminalises unauthorised access to information systems, data tampering, identity theft, and cyber harassment, and provides the primary legal basis for prosecuting cybercrime in Mauritania.

Law No. 2018-014 regulates the processing of personal data and sets out controller/processor obligations, but has been largely inactive due to the absence of implementing decrees; no robust mandatory breach-notification regime is in force.

Adopted in February 2022 by the Ministry of Digital Transformation (MTNIMA), the strategy sets six objectives: governance, critical infrastructure protection, cybercrime prevention, capacity building, awareness, and international cooperation.

The National Agency for Cybersecurity and Electronic Certification was created by government decree in April 2024 to serve as the national cybersecurity authority, but remained non-operational through mid-2025 pending budget and staffing.

A tender (Cahier des charges) for establishing the national CSIRT and Security Operations Centre (SOC-RIAD) was issued in April 2025, indicating the incident-response infrastructure is still being built out rather than operational.

Mauritania ratified the African Union Convention on Cyber Security and Personal Data Protection (Malabo Convention) in May 2023, which entered into force in June 2023, adding an international layer of cyber and data-protection obligations.