This country-specific Q&A provides an overview to technology, media and telecom laws and regulations that may occur in Egypt.
This Q&A is part of the global guide to TMT. For a full list of jurisdictional Q&As visit http://www.inhouselawyer.co.uk/practice-areas/tmt-3rd-edition/
What is the regulatory regime for technology?
Technology is a very broad sector; thus, it is regulated through different legislations, each covering a different aspect of technology.
In 1999, the New Commercial Code was passed by the Egyptian parliament (the “Commercial Code”). The Commercial Code introduced for the first time a complete regulation for transfer of technology.
Following the issuance of the Commercial Code, the Telecommunications Law was passed in 2003 under No. 10 of 2003, which restructured the telecommunications sector in Egypt.
Finally, the Electronic Signature Law No. 15 of 2004 (the “Signature Law”) was passed in 2004. The Signature Law laid the foundation for the establishment of the Information Technology Industry Development Agency (the “ITIDA”).
During the last couple of years, Egypt has been witnessing intensive wave of legislations that have either direct or indirect effect on technology. The most material legislations are:
- Law No. 175 of 2018 for Fighting Cyber and IT Crimes (the "Cyber Crimes Law”); and
- Law No. 180 of 2018 regulating Press and Media (the “Press and Media Law”).
In addition to the above-mentioned legislations, please note that a number of legislations are currently under discussion, which have impact on technology in general; including:
- The Executive Regulations of the Press and Media Law;
- Executive regulations of the Cyber Crimes Law;
- Personal data protection law;
- Electronic transactions law; and
- Law regarding the General Authority for Transfer of Information.
Are communications networks or services regulated?
Telecommunications networks and telecommunications related services are heavily regulated in Egypt through the Telecommunications Law and its executive regulations as well as the decrees and regulations issued by the National Telecommunications Regulatory Authority “NTRA”.
Further, programming, software and electronic signatures are regulated by the E-Signature Law and its executive regulations as well as the decrees and regulations issued by ITIDA.
In addition to that, the Press and Media Law has been recently promulgated requesting the issuance of a license from the Supreme Media Council in connection with the establishment and management in Egypt of websites, or the management of offices or branches of websites established abroad. The Press and Media Law provides for a very broad definition of websites which covers any page, website, link, or authorized electronic application, through which a press content, media content or advertisement whether in text, audio, visual, fixed, mobile or multimedia, is issued by a specific name, electronic address and domain, and which is created, hosted or accessed through the International Information Network (Internet). Further, the Press and Media Law provides for a very broad definition of media content to cover any audio, visual, or electronic content broadcasted to the public or a category thereof with signs, images, voices, drawings, or writings, which cannot be deemed as private correspondence, through any digital or wireless telecommunications means or any advanced technologies, or any radio, television, and electronic broadcasting means or other, produced by private or public natural or juristic. In light of the above-mentioned broad definition of websites and media content, the Supreme Media Council considers that the license requirement applies to all websites.
If so, what activities are covered and what licences or authorisations are required?
As mentioned previously in 1.1, the activities regulated cover mostly telecommunications, programming, software, electronic signatures, websites and mobile applications.
For each activity, there are several types of licenses which are issued either by NTRA (for the telecommunications licenses, e.g Mobile/Cellular Services, Satellite Services, Data/Internet Services and Gateway or Cabling Services), by ITIDA (for programming, software and electronic signatures licenses) or by the Supreme Media Council (for websites, social media and mobile applications licenses).
Is there any specific regulator for the provisions of communications-related services?
Please refer to question no. 1.2 above. The Supreme Media Council may be considered as regulator to the communications-related services.
Are they independent of the government control?
While NTRA, ITIDA and the Supreme Media Council are all considered as governmental entities, NTRA and ITIDA are entities having public juristic personality and are affiliated to the Ministry of Communications and Information Technology. The Supreme Media Council, on the other hand, is an independent entity having a separate juristic personality enjoying technical, financial and administrative independence from the government.
Are platform providers (social media, content sharing, information search engines) regulated?
As mentioned above, the Press and Media Law has provided for a very broad definition of websites. Accordingly, such definition covers social media and may extend to cover search engines as well (if they provide advertisement content).
In addition to the above, the Cyber Crimes Law regulates the operations of content sharing and storage service providers although it does not require obtaining a license.
If so, does the reach of the regulator extend outside your jurisdiction?
While the NTRA and ITDA have jurisdiction on any telecommunication, programming and other licensed activities undertaken in Egypt; the jurisdiction of the Supreme Media Council is debatable. As per general principles of law, the jurisdiction of the Supreme Media Council shall be limited to the Egyptian territory only. We believe Article 6 of the Press and Media Law is a reflection of the general principles of law. However, in practice, the Supreme Media Council gives a broader interpretation to its jurisdiction and extends it to websites established outside of Egypt.
Does a telecoms operator need to be domiciled in the country?
As a general principal, an entity wishing to undertake an activity in Egypt needs to be domiciled in Egypt (i.e having a well-established legal form in Egypt). Accordingly, while there is no explicit provision providing for the requirement of domiciliation in Egypt in the laws mentioned under question no.1, practically speaking, any telecoms operator needs to have a legal presence in Egypt.
Are there any restrictions on foreign ownership of telecoms operators?
There are no restriction on foreign ownership for companies undertaking telecommunication or programming activities in Egypt.
Are there any regulations covering interconnection between operators?
As mentioned above, telecommunications is a heavily regulated sector. As part of that regulation, the Telecommunications Law as well as the NTRA were very keen to ensure the regulation of interconnection between service providers. Article 28 of the Telecommunication Law obliges each telecommunications operator to achieve interconnection with other service providers. This shall take place through either (i) entering into an interconnection agreement; or (ii) joining an existing interconnection agreement.
The NTRA has further issued a general framework governing interconnection agreements between the telecommunications operators and service providers.
If so are these different for operators with market power?
The Telecommunications Law does not provide for a differential treatment to operators with different/weak market powers. However, in practice, the NTRA may intervene to provide more privileges to new entrants to the market. In addition to that, we understand that the NTRA is currently in the process of amending its interconnection policies, rules and regulations in order to formulate a framework based on international principles and methodologies in order to enhance confidence between existing operators and new entrants in the Egyptian telecommunication sector and to prepare the Egyptian market for the unified licensing system. Accordingly, we may expect some amendments in the current regulations regarding a preferential treatment between operators based on their market share and power.
What are the principal consumer protection regulations that apply specifically to telecoms services?
The Telecommunication Law provides for the establishment of a committee for the protection of consumer’s rights within the NTRA. The role of said committee is to advice on the protection of the telecommunication user’s rights. In addition to that, Article (2) of the Telecommunications Law ensures that the rights of the consumers are one of the main pillars for the provision of telecommunications services.
Further, a new Consumer Protection Law has been issued in Egypt under No. 181 of 2018. The new law is very protective of the customers and grants the Consumer Protection Authority very broad authorities. The Consumer Protection Law is of general application and accordingly, covers telecommunications customers.
Further, the Cyber Crimes Law includes a number of obligations on the service providers of IT and telecommunications services which aim at protecting the customers and specifically, the privacy of their data.
What legal protections are offered in relation to the creators of computer software?
Computer software is considered as rights affiliated to copyrights; and accordingly, are protected under the Intellectual Property Law No. 82 of 2002 (“IP Law”).
The IP law provides for a number of safeguards for creators of software that aim at protecting their rights including:
- The ability of the software creator to register its software before the relevant competent authority (i.e ITIDA). Said registration gives the creator protection in the Arab Republic of Egypt against the infringement of its rights related to the registered software;
- The creator and its heirs have an exclusive right to license or restrict any third party from using its software as well as to follow the original version of the software, if disposed and to receive a percentage not exceeding 10% of the profits resulting from said disposal; and
- The financial rights of the creator of the software are protected for the duration of his lifetime and for a period of fifty (50) years thereafter.
Do you recognise specific intellectual property rights in respect of data/databases?
Data/databases are considered as rights affiliated to copyrights; and accordingly, are protected under the IP Law.
Accordingly, the protections and rights mentioned under our answer to question no. 6 are applicable to the data/databases.
Further, databases are also protected by the Cyber Crimes Law providing that any service provider shall keep all information provided by the consumer in strict confidence, and this includes the data and databases related to any users.
Further, all provisions related to the data protection of personal data shall also be applicable to the data/databases (which is mentioned in details in our answer to question no. (8) below).
What key protections exist for personal data?
Please note that Egypt does not currently have a law that regulates protection of personal data, in general. However, a draft law regulating the protection of personal data is now being discussed by the Parliament (“Data Protection Law Draft”). The scope of said law shall apply to any personal data of Egyptian or non-Egyptian natural persons which is electronically processed by any possessor or controller in Egypt.
This said, there are some provisions in connection with data protection governing the collection, use, transferring and processing of personal data in different laws and regulations in Egypt including:
- Constitutional principles concerning individuals’ right to privacy under the Egyptian Constitution;
- Insurance Law No. 10 of 1981;
- the general principles on compensation for unlawful acts under the Egyptian Civil Code;
- Some penal provisions under the Egyptian Penal Code No. 58/1937;
- Labour Law No. 12 of 2003 (“Labour Law”), which protects the confidentiality of certain employee’s information;
- Banking Law No. 88 of 2003, which protects the confidentiality of customer banking information; and
- Telecommunications Law, which provides for the privacy of telecommunications and imposes penalties, which account to imprisonment in some cases on the unauthorized violation of such privacy.
Further, the Cyber Crimes Law provides for a number of protections to the personal data (breach of such protections may be considered as criminal offences); including:
- Any Service Provider (as defined above) is under an obligation to maintain the confidentiality of the stored information unless the prior approval of the relevant customer is granted or by virtue of a court order; and
- Any Service Provider is prohibited from providing any personal information to any other website or company in order for the same to use this information to market products or services.
In addition to the above, please note that the new Consumer Protection Law No. 181 of 2018 prohibits any person from disclosing any information relating to the customer without the customer's prior explicit approval. Breach of such obligation shall be punishable by a fine of no less than EGP 30,000 and no more than EGP 1,000,000.
In addition to the criminal liability, please note that data that is considered pertinent to the person's private life may not be transferred without that person's prior approval. In this regard, please note that (i) definition of data pertinent to the person’s private life is not clear and there is no concrete criteria that can be examined; and (ii) the concept of data pertinent to the person’s life is a constantly evolving concept. Accordingly, this would be subject to the discretion of the court to interpret in the event of a dispute.
Are there restrictions on the transfer of personal data overseas?
There is no explicit statutory provision prohibiting the transfer of data of an Egyptian company out of Egypt. Having said that, Data Protection Law Draft includes provisions restricting the transfer of personal data overseas and requiring obtaining the relevant competent authority’s approval before undertaking any transfer of personal data to any foreign state.
On a related front, please note that, as a general practical rule, the relevant person’s prior written consent to storage of data abroad must be obtained. This is particularity important in the case of Government-affiliated customers or in the case of storing data regarding public utilities, given that it seems that this service is intended to also be offered and provided in respect of public utilities.
What is the maximum fine that can be applied for breach of data protection laws?
Given the fact that the Egypt does not have a law regulating the protection of the personal data, the fines and penalties of breaching any of the provisions and restrictions mentioned above in our answers to questions no. 8 and 9 depend on the relevant applicable provisions and laws. However, it is worth mentioning that the Data Protection Law Draft includes imprisonment penalties as well as fines amounting to two (2) million Egyptian Pounds in case of breach of the provisions of the said law.
What additional protections have been implemented, over and above the GDPR requirements?
Please note that as Egypt is not part of the EU, the GDPR requirements do not apply to Egypt.
Are there any regulatory guidelines or legal restrictions applicable to cloud-based services?
The Cyber Crimes Law, which was recently enacted, provides for certain obligations on the service providers regarding data storage. This may extend to cover cloud-based services.
Further, certain sectors may either prohibit or restrict storage of information through cloud-based services; including, the Central Bank of Egypt which, we understand, requires banks to obtain pre-approval for storing any information outside of Egypt.
Are there specific requirements for the validity of an electronic signature?
Law No. 15 of 2004 concerning e-signature (the “E-signature Law”) provides for the legal framework of the application of e-signatures in Egypt.
In order for the e-signature to be recognized and valid, one of the following requirements must be fulfilled:
- The signature shall be ascertained by an approved and valid digital certificate (also known as a public key certificate) issued by an authorized or accredited certificate service provider entity; or
- The validity of the e-signature shall be ascertained by the examination of the same, which shall be provided by ITIDA. Such examination shall include ascertaining of the following factors: (i) The validity of the digital certificate (“Public key certificate”) and its conformity with the e- signature creation data; (ii) The possibility of determining the content of the signed electronic document accurately; and (iii) The knowledge of the personality of the signer, whether in case of using his original name or an alias or a nickname.
Further, in addition to the above-mentioned legal requirements, ITIDA applies several other practical requirements, which all need to be fulfilled in order to establish and validate the e-signature mechanism.
In the event of an outsourcing of IT services, would any employees, assets or third party contracts transfer automatically to the outsourcing supplier?
In general, there is no automatic transfer of employees, assets or third party contracts. However, in the event the service provider exercises administrative authorities over the employees i.e. supervision, leaves, imposition of penalties, etc…, the employees may argue the existence of an employment relationship with the service provider.
If a software program which purports to be a form of A.I. malfunctions, who is liable?
There are no specific provisions under Egyptian law that deal with A.I.. However, the liability in connection with the malfunctions of A.I. shall be governed by the general principles of contractual or tortious liability, as the case may be. Under both types of liability, the liability shall fall on the party that committed a fault, which lead to the damages i.e. the manufacturer of the A.I. or the operator, as the case may be.
What key laws exist in terms of: (a) obligations as to the maintenance of cybersecurity; (b) and the criminality of hacking/DDOS attacks?
a) There are no general statutory guidelines or legislation providing for the obligation to maintain cybersecurity. However, the Cyber Crimes Law obliges service providers of IT and Telecommunications services to ensure confidentiality of the customers’ data. This shall include maintaining cybersecurity.
b) According to Article 16 of the Cyber Crimes Law, hacking and cyber attaches are punishable by imprisonment for a period of no less than one year and/or a fine of no less than EGP 50,000 and not exceeding EGP 250,000.
What technology development will create the most legal change in your jurisdiction?
Egypt has recently started, during the last couple of years, to use electronic means in government operations. However, the Egyptian law still does not recognize electronic communications in legal proceedings (except for e-signature, which is not widely used). For example, e-mails are still not completely acceptable before courts even if agreed by the parties to a contract.
In addition to that, the rapid development and increase in the usage of A.I. software worldwide is expected to take place in Egypt as well. Although the Egyptian law has general rules that may be adapted to deal with the issues that will result from using the A.I.; however, given the technical and complicated nature of such technology, extensive amendments to the legal regime may be required in order for the legal system in Egypt to be able to effectively deal with such issues.
Which current legal provision/regime creates the greatest impediment to economic development/ commerce?
As mentioned above, electronic communications are still not completely recognized by Egyptian law and thus, Egyptian courts. Accordingly, the enforceability of e-contracts is still to be tested before Egyptian courts. This uncertainty has a negative impact on e-commerce in Egypt.
In addition to that, as mentioned above, the increased use of A.I. in the absence of specialized regulations governing this technology may have a negative effect on its spread in Egypt.
Do you believe your legal system specifically encourages or hinders digital services?
The legal system in Egypt is still in its first steps in terms of regulating digital services. Accordingly, it does not include as many restrictions and prohibitions as other jurisdictions, especially the EU and the USA. This said, with the issuance of the Cyber Crimes Law and the Press and Media Law and the anticipated issuance of the Data Protection Law, this may change and digital services may face some challenges in Egypt. Although such challenges will not be more aggressive than those in other jurisdictions.
To what extent is your legal system ready to deal with the legal issues associated with artificial intelligence?
The Egyptian legal system adopts the latin system. Accordingly, it is based on establishing general rules that can flexibly apply to new developments and can accordingly, apply to A.I.. However, given the complexity of the A.I. and of the technology on which it is based as well as the broad application of the same, depending on the general principles of law may only suffice for a short period of time; but soon, specialized regulations will be required.