Cybersecurity regulation in Tanzania (2026)

The Cybercrimes Act No. 14 of 2015 criminalises a broad range of computer-related offences and requires service providers to notify competent authorities of illegal activities on their platforms and to remove or disable access to unauthorised data upon discovery.

TZ-CERT was established under section 124 of the Electronic and Postal Communications Act 2010 within TCRA. The CERT Regulations 2018 (amended by GN No. 570 of 11 August 2023) mandate licensing of cybersecurity-service providers and TCRA approval for acquisition or distribution of cybersecurity tools; ISPs must comply with TCRA minimum security guidelines.

The Personal Data Protection Act No. 11 of 2022, in force from 1 May 2023, requires data controllers to notify the PDPC 'without undue delay' of any security breach affecting personal data; processors must notify the controller without undue delay. Non-compliance can attract fines up to TZS 100 million.

Tanzania operates under the Government Cybersecurity Strategy 2022–2027 (President's Office – Public Service Management) and a National Cybersecurity Strategy 2023–2028, both emphasising critical-infrastructure protection, multi-agency coordination, and workforce development. Tanzania was ranked ITU Global Cybersecurity Index Tier 1 in 2024.

The PDPC was formally launched in 2024 as the independent authority overseeing PDPA compliance, including investigating breaches and imposing administrative penalties; it operates alongside TCRA, which retains lead cybersecurity regulatory authority in the communications sector.

Tanzania participates in the Council of Europe's Octopus Community on cybercrime cooperation and has been engaged in capacity-building aligned with the Budapest Convention framework, though it has not formally acceded to the Convention.