Compliancedecision⚡ Immediate

Decision No. 150 of 2024 Regulating Cybersecurity Services Activity

31-03-2024·وزارة الاقتصاد·الاتصالات وتقنية المعلومات

Analysis

Summary

The Ministry of Economy mandates that all companies and individuals providing cybersecurity services in Libya must obtain a practice permit from the National Authority for Information Security and Safety. Commercial licenses cannot be issued or renewed without this permit. Existing providers have six months to comply.

Business Implication

Foreign cybersecurity vendors, IT service providers, and consultancies operating in or selling to Libya face new licensing requirements. This creates a mandatory approval layer controlled by a national security-focused authority, likely involving background checks, technical vetting, and potential local partnership requirements. Companies without existing relationships with Libyan authorities should expect extended market entry timelines. The decision also signals Libya's intent to centralize control over cybersecurity infrastructure and may foreshadow data localization or technology transfer requirements.

Key Provisions

Practice permit from National Authority for Information Security and Safety required before commercial license issuance or renewal

Seven specific cybersecurity service categories regulated: CSOC operations, penetration testing, incident response, digital forensics, compliance consulting, system sales/development, and technical consulting

Six-month compliance window for existing service providers (effective from March 31, 2024)

Commercial register renewal blocked without valid practice permit

View original source ↗

Expert Commentary

No expert commentary yet on this document.

Ask about this document

Ask any question about this document — answered from the full Libyan regulatory corpus

Upgrade to use Q&A →