Morocco: Introduced Law on cybersecurity including security measures for critical information infrastructure providers

On 10 July 2020, the Draft Law on cybersecurity has been introduced to the parliament. The draft law mandates the identification of critical infrastructure sectors and the classification of sensitive information systems, requiring their security to be validated prior to exploitation. It introduces regular risk assessments, monitoring, and audits by authorised agents or qualified contractors. Entities responsible for critical infrastructure must comply with directives issued by the National Cybersecurity Authority, ensure incident reporting, and adopt measures to address identified vulnerabilities. The draft law also establishes criteria for outsourcing cybersecurity services and mandates the use of qualified providers to enhance system resilience and mitigate risks.