Egypt: National Telecommunications Regulatory Authority's Regulatory Framework for Providing Cybersecurity Services entered into force with grace period

On 6 August 2024, the National Telecommunications Regulatory Authority's Regulatory Framework for Providing Cybersecurity Services entered into force with a grace period. Individuals or legal entities providing cybersecurity services, along with their beneficiaries, must comply with the necessary adjustments within one year, following the specified procedures. The framework defines regulatory requirements for entities providing or using cybersecurity services. It specifies terms such as cybersecurity services, critical infrastructure, and service providers, and mandates adherence to technical and organisational standards. The framework establishes obligations for service providers, including compliance with cybersecurity laws, protection of confidential data, and prompt reporting of cybersecurity incidents. Beneficiaries of these services must use certified providers and notify the relevant authorities of any cybersecurity incidents. It also sets out procedures for registering and certifying companies and individuals as cybersecurity service providers, which include requirements for technical expertise, recognised certifications, and compliance with national laws such as the Telecommunications Regulation Law and the Cybercrime Law. Additionally, the framework identifies critical infrastructure sectors and lists accepted international certifications for cybersecurity professionals.