Cybersecurity regulation in Togo (2026)

Law No. 2018-026 of 7 December 2018 is the primary instrument governing cybersecurity and the fight against cybercrime; it defines offences and sanctions and established the institutional framework.

The Agence Nationale de la Cybersécurité, created under the 2018 law, is the national authority responsible for defining and implementing cybersecurity policy across Togolese territory; a decree sets its powers, organization and functioning.

Arrêté n°2022-040/PMRT (5 July 2022) adopts national cybersecurity rules (a set of control points) applicable to administrations, companies and SMEs, giving the regime detailed technical obligations.

CERT.tg is Togo's national incident-response center (operated by Cyber Defense Africa as a service delegated by ANCy) and provides an incident-reporting channel ("Signaler un incident"); implementing decrees impose cybersecurity and declaration obligations on designated essential-service operators (OIV) and critical infrastructure.

Law No. 2019-014 of 29 October 2019 protects personal data and created the supervisory authority (IPDCP), which handles complaints and can impose fines up to nearly 100 million FCFA — covering data-protection obligations alongside the cybersecurity law.

Togo has adopted a national cybersecurity strategy and authorized ratification of the African Union Convention on Cybersecurity and Personal Data Protection (Malabo Convention), aligning the domestic regime with continental standards.