Status regarding Budapest ConventionStatus : NA Declarations and reservations : n/a See legal profile
In 2005, the then-Ministry of Information and Communications Technology (now the Ministry of Transport and Communications) established the Qatar Computer Emergency Response Team (Q-CERT) in conjunction with Carnegie Mellon University in the United States.
The ministry’s Cyber Security Division works through Q-CERT and its sister Critical Information Infrastructure Protection unit to monitor and contain online threats and risks.
In 2013, Qatar published Anti-Spam Guidelines.
In 2014, the Ministry of Transport and Communications (MOTC) issued a National Information Assurance Framework that includes cyber security legislation and ancillary documents.
National Information Assurance Framework, http://www.qcert.org/library/36
Qatar also issued the “National ICT Plan 2015: Advancing the Digital Agenda” with the aim of protecting the national critical information infrastructure and providing a secure online environment for different sectors.
Pursuant to the Prime Minister’s Decision No. 18 of 2013 and its objective of providing a governance structure for cyber security collaboration at the highest levels of the government, the MOTC chaired a National Cyber Security Committee to develop the Qatar National Cyber Security Strategy. The NCSS was issued in 2014 and sets out five main objectives: 1) safeguard the national critical information infrastructure; 2) respond to, resolve, and recover from cyber incidents and attacks through timely information sharing, collaboration, and action; 3) establish a legal and regulatory framework to enable a safe and vibrant cyberspace; 4) foster a culture or cyber security that promotes safe and appropriate use of cyberspace, and 5) develop and cultivate national cyber security capabilities. The NCSS includes an Action Plan with projects organised by objective.
To fulfill objective three, Qatar intends to increase capabilities to combat cyber crime; develop and implement laws, regulations, and national policies to address cyber security and cyber crime; monitor and enforce compliance with cyber security and cyber crime laws, regulations, and national policies; and build and maintain strong international relationships to establish cyber security norms and standards.
State of cybercrime legislation
Qatari Law No. 14 of 2014 On Combating Cybercrime provides a basis for prosecuting cybercrime. It also criminalises acts that constitute offences under any other law committed using the means of an information network, an information system, a website, or any information technology (Article 45).
Other relevant laws
Qatari Law No 13 of 2016 addresses protection of electronic personal data. The law includes provisions on direct marketing messages; basic data protection responsibilities in the handling of data and prevention of loss, damage, modification, disclosure or illegal access; consent from individuals in some cases; and provisions relating to the personal information of children.
Qatari Law No. 14, mentioned above, criminalises the following substantive crimes. Some are not criminalised to the extent required by the Budapest Convention:
Illegal access (Arts. 2 and 3)
Illegal interception of content (Art. 4)
Data interference (Art. 3)
System interference (Art. 3)
Computer-related forgery (Art. 10)
Computer-related fraud (Art. 11)
Offences related to child pornography (Art. 7)
Copyright and related rights (Art. 13)
Attempt and aiding or abetting (Arts. 49 and 50)
Corporate liability (Art. 48)
For more-detailed information on Qatar’s substantive law, see the Country Profile for Qatar.
Qatari Law No. 14, mentioned above, provides for the following procedural measures. Some may not meet all elements required by the Budapest Convention:
Expedited preservation (Arts. 21 and 46)
Expedited preservation and partial disclosure (Arts. 17 and 21, possibly)
Production order (Arts. 18 and 21)
Search and seizure (Arts. 14 and 21)
Real-time collection of traffic data (Arts. 17, 20-21, and 46)
Interception of content data (Arts. 17 and 46)
For more-detailed information on Qatar’s procedural law, see the Country Profile for Qatar.
Qatar is a Party to the International Covenant on Civil and Political Rights, the International Covenant on Economic, Social and Cultural Rights, the Arab Charter on Human Rights, the Convention on the Rights of the Child, and the Optional Protocol to the Convention on the Rights of the Child on the sale of children, child prostitution and child pornography, several of which offer some protection for free expression. Qatar’s Constitution protects free expression within “the conditions and circumstances set forth in the law.” However, Law No. 14 has been criticised for the general breadth of its drafting and for its inclusion of provisions that broadly criminalise some forms of expression. Relatedly, Qatar has been criticised for its use of the law to restrain free expression. See, for example:
Related laws and regulations
The Constitution of Qatar
Within the Ministry of the Interior, a Cyber Crimes Investigation Center and Information Security Center have been established.
The MOI is the “competent authority” for Law 14 (Art. 1) and implements the provisions of Law 14, including compliance with the law by Internet service providers (Arts. 2 and 3). It is mentioned in numerous provisions of the law – for example, it is assigned responsibility for maintaining the integrity of seized data (Art. 19) and has authority to obtain assistance from service providers (Art. 21).
Qatari Law No. 14, mentioned above, provides for the following international cooperation measures. Some may not meet all elements required by the Budapest Convention:
General principles relating to international co-operation (Art. 23)
Extradition (Arts. 23-24, 39, and 42)
General principles relating to mutual legal assistance (Arts. 23-26 and 30-32)
Spontaneous information (Art. 38)
Procedures pertaining to mutual assistance request in the absence of applicable international agreements (Arts. 24, 28-29, and 31-33)
Confidentiality and limitation on use (Art. 28)
Mutual assistance regarding accessing of stored computer data (Art. 30)
Mutual assistance in the real-time collection of traffic data (Art. 30)
For more-detailed information on Qatar’s mutual assistance law, see the Country Profile for Qatar.
Competent authorities and channels
According to Law No. 14, the competent authorities and channels may vary depending on the purpose for which assistance is sought. Articles 23 and 37 indicate that the Ministry of the Interior may have competence for mutual legal assistance and extradition and may conclude bi- or multilateral agreements to establish joint investigation teams. Other articles supply additional detail about the MOI’s competencies. Article 24 indicates that the Public Prosecutor also has competence for mutual legal assistance requests and extradition. Other articles supply additional detail about the Public Prosecutor’s competencies.
Since Qatar is not a Party to the Budapest Convention, it is not part of the 24/7 network established by the convention.
Sources and links
- National Information Assurance Framework, http://www.qcert.org/library/36
- Anti- Spam Guidelines, http://www.motc.gov.qa/en/documents/document/anti-spam-guidelines
- National ICT Plan 2015: Advancing the Digital Agenda, http://www.motc.gov.qa/en/documents/document/qatar-s-national-ict-plan-2015-advancing-digital-agenda
- Qatar National Cyber Security Strategy, http://www.motc.gov.qa/sites/default/files/national_cyber_security_strategy.pdf
- Ministry of Transport and Communications (general information on its approach to cyber security), http://www.motc.gov.qa/en/cyber-security