Somalia enacts new cybersecurity law to secure digital systems, critical infrastructure

MOGADISHU — Somalia’s lower house of parliament on Saturday approved a sweeping Cybersecurity Law designed to protect the country’s digital infrastructure, safeguard information systems and strengthen defenses against cyber threats amid rapid growth in online services.

The legislation creates a national framework for preventing, reporting and responding to cyber incidents. It assigns policy leadership to the Ministry of Communications and Technology, gives the National Communications Authority a technical oversight role, and sets legal obligations for operators of critical infrastructure to harden systems and cooperate during incidents.

A centerpiece of the law is the establishment of the Somalia Computer Incident Response Team, or SOM-CIRT, which will coordinate national responses to cyberattacks and other digital security incidents and serve as a central node for threat intelligence and emergency support.

Officials cast the move as a significant step for a country that has embraced mobile banking, e-government and digital ID systems while remaining exposed to cybercrime, data breaches and service disruptions targeting both public and private networks.

Mustafa Yasin Sheikh, director general of the National Communications Authority, said the approval marks “an important step toward building a coordinated national cybersecurity system” and improving Somalia’s readiness to detect and respond to digital threats.

State Minister of Communications and Technology Ahmed Osman Dirie thanked lawmakers for backing the legislation, calling it a critical pillar for safeguarding national security and protecting citizens in an increasingly digital environment. He said the law brings Somalia closer to international standards and best practices in cybersecurity governance.

The Cybersecurity Law is expected to bolster trust in digital services, support growth in the digital economy and improve coordination among government institutions, private companies and international partners. It provides common procedures for handling incidents and clarifies who leads, who investigates and who must report, aiming to reduce confusion during fast-moving attacks.

Key provisions include:

• Creation of SOM-CIRT to coordinate national incident response and share threat information.
• Policy authority designated to the Ministry of Communications and Technology.
• Technical oversight and sector guidance assigned to the National Communications Authority.
• Compliance and reporting obligations for operators of critical infrastructure.

The measure arrives as Somalia scales up digital public services, expands mobile money usage and deploys digital identification systems—developments that increase the urgency of protecting networks, personal data and essential services from disruption. Officials say the framework will help standardize how ministries, regulators and service providers prepare for and manage cyber incidents, from initial detection to recovery.

By clarifying institutional roles and requiring cooperation across sectors, the law is intended to reduce fragmentation and accelerate response times during emergencies. It also sets the stage for deeper engagement with regional and international partners on information sharing, training and capacity building.

For a country emerging from decades of conflict and institutional fragility, the law offers a foundation for securing the digital systems that now support everyday life, commerce and public administration, officials said.

By Ali Musa

Axadle Times international–Monitoring.