Morocco: Signed Law on cybersecurity including security measures for critical information infrastructure providers

On 25 July 2020, the King of Morocco endorsed the text for Law No. 05.20 on cybersecurity. The law mandates the identification of critical infrastructure sectors and the classification of sensitive information systems, requiring their security to be validated prior to exploitation. It introduces regular risk assessments, monitoring, and audits by authorised agents or qualified contractors. Entities responsible for critical infrastructure must comply with directives issued by the National Cybersecurity Authority, ensure incident reporting, and adopt measures to address identified vulnerabilities. The law also establishes stringent criteria for outsourcing cybersecurity services and mandates the use of qualified providers to enhance system resilience and mitigate risks.