Jordan: The Cyber Security Law of 2019
The Cyber Security Law of 2019 is a law passed by the Jordanian government to regulate and protect critical information infrastructure in the country. The law mandates that energy, finance, transportation, and telecommunications organizations establish and maintain robust cybersecurity measures to protect their networks and systems from cyber threats.
The law establishes the National Center for Cyber Security as the central Authority responsible for implementing and enforcing the law. The center is tasked with providing technical support and guidance to organizations covered by the law, conducting cybersecurity audits and assessments, and responding to cyber incidents.
The law has been praised for promoting cybersecurity and protecting critical information infrastructure in Jordan. However, some critics have raised concerns about the potential for the law to be used to infringe on civil liberties and for its lack of clarity in some areas. The law has been amended several times since it was first introduced to address some of these concerns and to keep up with technological developments and changes in the cyber threat landscape.
Article 1 – This Law shall be cited as the (Cyber Security Law for the Year 2019) and shall come into force as of the date of its publication in the Official Gazette.
Article 2 – The following words and expressions, wherever they appear in this law, shall have the meanings designated hereunder below unless the context indicates otherwise.
Article 3 – A Council shall be formed in the Kingdom to be called (the National Cyber Security Council) …
Article 4 – The Council shall assume the following duties and have the following authorities …
Article 5 – A center shall be established in the Kingdom under the name of (the National Center for Cyber Security)
Article 6 – The Center aims at building, developing and organizing an effective system for Cyber Security on national level to protect the Kingdom from Cyber Security threats.
Article 7 – A Chief Officer with experience and competence in the field of Cybersecurity shall be appointed for the Center for a term of four years, renewable for one term only;
Article 8 – The Center shall receive complaints and reports relevant to Cyber Security and Cyber Security incidents …
Article 9 – Cyber Security incident that represents a threat to the security and integrity of the Kingdom …
Article 10 – It shall be prohibited for any person or entity to provide any Cyber Security Services without obtaining the required license …
Article 11 – The Council of Ministers may, upon the proposal of the Chairman of the Council, delegate to any regulatory authority, governmental department or official or public entity.
Article 12 – Information, data, documents and their copies that are received by the Center, or related to its work or seen by those who work at the center are considered protected documents.
Article 13 – The Chief Officer of the Center and the employees delegated thereby in writing shall, for the purposes of disposition of their duties …
Article 14 – The financial resources of the Center shall consist of the following …
Article 15 – The monies and the rights of the Center with third parties shall be considered public monies and shall be collected in accordance with the Law of the Collection of Public Monies.
Article 16 – The Center may take one measure or more of those provided below against any person who breaches the provisions of this Law …
Article 17 – The Center shall be subject to the Civil Service Regulations, the Financial Regulations, the Supplies and Works Regulations and the Travel and Transportation Regulation.
Article 18 – The Council of Ministers shall issue the bylaws as needed to execute the provisions of this Law.
Article 19 – The Prime Minister and the Ministers are in charge of executing the provisions of this Law.
