Digital Policy Alert logo

Morocco: Security measures for critical information infrastructure providers in Law No. 05.20 on cybersecurity

Progress

Current status
in force
25 Jul 2020 adopted
17 Jul 2020 adopted
14 Jul 2020 under deliberation
10 Jul 2020 under deliberation

Scope

Implementers
Morocco
Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
infrastructure provider: internet and telecom services
digital payment provider (incl. cryptocurrencies)
other service provider
infrastructure provider: cloud computing, storage and databases
Government Branch
executive
legislature
Government Body
central government
parliament
Implementation Level
national

Timeline of events

25 Jul 2020
adopted

Signed Law on cybersecurity including security measures for critical information infrastructure providers

On 25 July 2020, the King of Morocco endorsed the text for Law No. 05.20 on cybersecurity. The law mandates the identification of critical infrastructure sectors and the classification of sensitive information systems, requiring their security to be…

Source
Event type law
Action type signing
Government branch executive
Government body central government
17 Jul 2020
adopted

Adopted Law on cybersecurity including security measures for critical information infrastructure providers

On 17 July 2020, the House of Councillors adopted the Law on cybersecurity. The law mandates the identification of critical infrastructure sectors and the classification of sensitive information systems, requiring their security to be validated prio…

Source
Event type law
Action type adoption
Government branch legislature
Government body parliament
14 Jul 2020
under deliberation

Passed Law on cybersecurity including security measures for critical information infrastructure providers

On 14 July 2020, the House of Representatives passed the Law on cybersecurity. The draft law mandates the identification of critical infrastructure sectors and the classification of sensitive information systems, requiring their security to be valid…

Source
Event type law
Action type passage
Government branch legislature
Government body parliament
10 Jul 2020
under deliberation

Introduced Law on cybersecurity including security measures for critical information infrastructure providers

On 10 July 2020, the Draft Law on cybersecurity has been introduced to the parliament. The draft law mandates the identification of critical infrastructure sectors and the classification of sensitive information systems, requiring their security to …

Source
Event type law
Action type introduction
Government branch legislature
Government body parliament