Cybersecurity regulation in Yemen (2026)

Yemen lacks a dedicated, standalone cybersecurity or cybercrime statute; there is no NIS2-style comprehensive regime and no specific digital data-protection law currently in effect.

In 2026 the internationally recognized government's Minister of Legal Affairs, Judge Ishraq al-Maqtari, announced (during a meeting in Taiz) intensive work on an integrated cybercrime framework — addressing blackmail, privacy violations and disinformation — intended to align national law with international standards. It is reported as nearing approval but not yet enacted.

In the absence of cyber-specific legislation, authorities apply the Penal Code (1994) and the Press and Publications Law (1990) to online conduct, while Article 52 of the 1991 Constitution protects the privacy of correspondence and electronic communications absent a lawful warrant.

Telecommunications Law No. 38 of 1991 (as amended by Law No. 33 of 1996) is the principal sector statute; the Ministry of Telecommunications and Information Technology licenses operators and providers are expected to keep customer data and communications confidential, though there is no codified cyber-incident reporting duty.

An Electronic Transactions Law (2006) governs electronic signatures, digital contracts and the validity of electronic data, providing the closest existing statutory touchpoint to digital security but not a cybersecurity-obligations framework.

There is no statutory data-breach notification or cyber-incident reporting obligation and no data-protection authority; enforcement is minimal and jurisdictionally fragmented due to the civil conflict and competing de facto authorities.