Libya - Octopus Cybercrime Community

Back Libya

Status regarding Budapest Convention

Status : NA See legal profile

Cybercrime policies/strategies

Libya has not yet adopted a cybercrime strategy.

By a decree signed in 2013 by the Ministerial Council of the State of Libya it was established the National Information Security and Safety Authority (NISSA), whose mission statement is to promote and sustain secure use of ICTs as well as prevent, detect and respond effectively to the associated risks.

NISSA has released the NISSA Policy Manual that includes: Data Protection Policy, Acceptable Use Policy, User Policies, Anti-Virus Policy, Network Security Policies, Third Party Policy, Data Backup Policy, and Physical Security Policy.

Libya doesn’t have a cybersecurity strategy, however NISSA is mandated and currently developing a national cyber security strategy, which will be implemented together with the Ministry of Communications and Informatics.

According to an ITU country report, Libya maintains a division especially tasked to investigate cybercrimes, called the Anti-IT Crimes Administration, which falls under the administration of the Ministry of Interior.

The National Incident Response Team, Libya-CERT (Libyan Computer Emergency Response Team) is hosted under NISSA. It was established with the support of ITU and has national-level responsibilities and is responsible with prevention, detection and mitigation of cyber threats.

Libya doesn’t have any certified government and public sector agencies under internationally recognized standards in cybersecurity.

The Libyan government has an established national cyber security awareness raising campaign run by NISSA and in collaboration with a number of private ITC sector companies. Currently, the awareness campaign targets the ITC sector, but every available effort is being made to reach out to a wider audience. The Libyan government also works with NGOs to help educate and raise awareness about known cyber risks. At the moment, most of the academic institutions have mandatory classes of various information security related subjects in all IT related degrees. While the Government of Libya has not yet established cyber security education centers, NISSA is currently working with Tripoli University on introducing a new degree dedicated solely to cyber security.

Cybercrime legislation

State of cybercrime legislation

Libya has not yet passed specific cybercrime legislation, but several new legislations on cyber-activities are worked in progress e.g. Cybercrime Law, Data Protection Law, Cyber-IPR Law, e-Transactions Law, e-Commerce Law.

Substantive law

Specific legislation on child online protection has been enacted through the following instruments:

The Criminal Code (Article 421)

Indecent Acts or Items

Anyone who commits an indecent act in an open public place or a place accessible to the public shall be punished by detention for a period not exceeding one year or a fine not exceeding LYD50.

The same penalty shall apply to anyone who violates decency by distributing indecent letters, pictures, or other articles, or who exposes the same to the public or offers the same for sale.

Artistic or scientific productions shall not be considered indecent items unless they are provided for other than educational purposes to a person under the age of eighteen years for sale to him or if they are offered for sale to him or if he is facilitated in the obtaining thereof by any means.

Safeguards

Libya has in place the Constitutional Declaration, whose purpose is to be an intermediary Constitution and the supreme law of Libya, until a new permanent Constitution will be drafted. An assembly of drafting a new Constitution was formed in 2014 and finalised the 2017 draft Libyan constitution, approved by a majority of two thirds, yet to be in place.

Chapter II of the interim Constitutional Declaration refers to fundamental rights and freedoms. This chapter includes articles that refer to extradition procedure, regulation of evidence collection, right to privacy, regulation of evidence collection, inalienable rights, right to privacy and telecommunications.