Rwanda: Regulation Governing Cybersecurity entered into force

On 29 May 2020, the Cybersecurity Regulation for Infrastructure Providers (Regulation No. 010/R/CRCSI/RURA/020) entered into force. The regulation stipulates that infrastructure providers must implement security measures. It mandates the establishment of security controls to protect networks and systems, ensuring confidentiality, integrity, and availability of data. In particular, licensees are obligated to implement an Information Security Management System (ISMS) and conduct regular security assessments to ensure compliance with the regulation. Furthermore, the outsourcing of critical infrastructure operations necessitates prior approval, accompanied by the implementation of security policies extended to third-party providers. Failure to comply with these security requirements can result in administrative fines, enforcement actions, or even license revocation, all of which are crucial measures to ensure the safeguarding of national digital infrastructure.