Skip to main content

The Legal Landscape of Information Governance in Libya

General Authority for Telecommunications and Informatics – National Information Security and Safety Authority

Session Overview

This session addressed the legal landscape of informatics governance in Libya, including existing legislation, regulations, policies, and strategic frameworks.

Moderator: Mr. Amin Salih – President of the Libyan Technology Foundation.

Panelists:

  • Tarek Al-Misrati: Director of the Legal Department, General Authority for Communications.
  • Nermin Saadani: Representative of the Internet Society (ISOC).
  • Dr. Mohamed Al-Jadaa: National Authority for Information Security and Safety.
  • Amjad Badr Al-Shuwayhidi: UN Economic Commission for Africa (UNECA).

Key Discussion Topics

  • Communications and Informatics Law No. 28 of 2010: Highlighting the urgent need for updates after more than a decade of technical stagnation.
  • Law No. 8 of 1990: Regarding wired and wireless communications.
  • Decree No. 985 of 2022: Executive regulations for Law No. 22 of 2010, comprising 11 regulations to organize the sector.
  • The 2022 Drafting Committee: Formed to create a new draft law aimed at fostering investment, competition, and digital economic transition.

Panel Discussion Highlights

Communications and Informatics Legislation

Since 2010, Libya has relied on Law No. 28, which was designed by experts to regulate the sector. However, as of 2025, this framework is outdated. In 2022, the Cabinet issued Decree No. 985 to define licensing requirements and procedures through 11 executive regulations. Furthermore, a specialized committee spent two years drafting a new law—now available on the Authority’s official website—to modernize the regulatory framework for both public and private sectors.

Personal Data Protection

Data protection is a fundamental human right. Globally, over 160 countries have specific data protection laws. In Libya, the National Authority for Information Security and Safety is collaborating with the National Council for Civil Liberties and Human Rights to finalize a dedicated Personal Data Protection Law and establish a governing body. In the interim, the Central Bank of Libya has stepped in to regulate financial data protection, adopting international standards to fill the legislative void.

Civil Society and Cybercrime Law

Civil society plays a critical role in ensuring laws empower users rather than just imposing “classic” organizational restrictions. Panelists emphasized that current technical flaws in the sector’s structure require comprehensive regulation to protect privacy and cybersecurity for both individuals and businesses. Civil society organizations (CSOs) are calling for laws that move beyond deterrence toward active protection, digital literacy, and technical infrastructure support.

Regional Challenges in Policy Formation

A primary obstacle in the Arab region is the hesitation to allow civil society and the technical sector to work alongside governments. Over the 20 years since the inception of internet governance, conflicting visions have emerged. Progress requires deep dialogue and the recognition that cybersecurity laws must strike a delicate balance between national security and the rights of stakeholders.

The Reality of Digital Rights

Libya’s neighbors already possess established institutions for data protection and digital identity (the “public key” for electronic authentication). Libya urgently needs laws governing Artificial Intelligence, Child Protection, and E-commerce. A major unresolved issue remains the legal liability of “corporate persons” (entities) regarding compliance with policies and standards.

Future Outlook and Recommendations

The Future of Regulations in the Arab Region

Significant developments are expected over the next three years, focusing on effective cyberspace regulation and stakeholder coordination. For Libya, the ultimate goal is to embed digital rights and freedoms within the Constitution, ensuring permanent protection and legislative sovereignty.

Recommendations

  1. Periodic Legislative Updates: Update the Communications Law regularly to keep pace with rapid technical shifts.
  2. Data Protection Laws: Issue clear data protection laws and establish effective oversight bodies.
  3. Comprehensive Cybercrime Framework: Balance security requirements with user rights by adapting successful global models to the Libyan context.
  4. Constitutional Protection: Enshrine digital rights and freedoms in the Libyan Constitution.
  5. Multistakeholder Engagement: Involve civil society and academia in policy-making from the earliest stages to ensure inclusivity.
  6. Trust and Diplomacy: Build partnerships between public and private sectors through continuous communication and national/regional digital diplomacy.
  7. Capacity Building: Launch specialized training and diplomas that bridge the gap between legal and technical experts.
  8. Digital Sovereignty: Prioritize the protection of Libyan citizens’ data through model laws derived from international best practices.
  9. Emergency Planning: Develop a national contingency plan for natural disasters and large-scale cyber crises.
  10. Organizational Restructuring: Reform the communications sector administratively and financially to ensure equity and prevent the “brain drain” of national talent.