⚡ Key Takeaways

CyberSouth+ is a joint EU–Council of Europe programme running January 2024 to December 2026, covering Algeria and seven other southern Mediterranean countries with structured cybercrime law, forensics, and incident-response training. Algeria’s magistrates built a national certified-trainer pool in May 2024 through the programme; the forensics and OSINT tracks remain the highest-priority deliverable for the remaining cycle.

Bottom Line: Algerian public institution security teams and ASSI should submit formal CyberSouth+ participation requests before Q3 2026 to secure forensics and incident-response training before the programme closes in December.

Read Full Analysis ↓

🧭 Decision Radar

Relevance for Algeria
High
CyberSouth+ is a country-specific programme that directly funds Algeria’s cybercrime law, forensics, and incident-response capability building through December 2026 — a direct operational resource, not a general trend to monitor.
Action Timeline
Immediate
The programme window closes December 31 2026 — participation requests must be submitted through ASSI within the next 2-3 months to guarantee scheduling.
Key Stakeholders
ASSI, DZ-CERT, Ministry of Justice, public institution cybersecurity unit heads, magistrates handling digital evidence
Decision Type
Tactical
Engage an existing programme — not a new strategic commitment, but a procurement of structured training and peer networks before a funded window expires.
Priority Level
High
Missing this cycle means paying commercial rates for equivalent content after December 2026 or going without. The direct cost to engage is near-zero; the cost of missing it is measured in future training budgets.

Quick Take: Algerian public institution security teams and magistrates should submit formal participation requests through ASSI before the end of Q2 2026. Prioritise the forensics and OSINT track where institutional gaps are deepest. Designate returning participants as mandatory internal trainers to sustain the investment beyond December when the programme closes.

Advertisement

A 36-Month Capability Window Algerian Teams Can Still Use

The CyberSouth+ programme is a joint EU–Council of Europe initiative running from 1 January 2024 to 31 December 2026. It covers eight countries in the southern Mediterranean neighbourhood — Algeria, Egypt, Jordan, Lebanon, Libya, Morocco, Palestine, and Tunisia — each receiving a mix of regional and country-specific actions tailored to their legal and technical maturity level.

For Algeria, the programme is not theoretical. In May 2024, CyberSouth+ delivered a Training of Trainers in Kolea, building on the magistrate pool established by the predecessor CyberSouth project (2017–2023). The Algerian High School for Magistrates has now embedded basic and advanced cybercrime training modules into its curriculum, and the number of Algerian magistrates able to deliver peer training on cybercrime and electronic evidence has grown significantly. That is a structural result — not a one-off workshop.

The window still open: country-specific actions in forensics, network traffic analysis, and incident coordination are ongoing. Security officers in public institutions, prosecutors handling digital evidence, and private-sector IT teams that engage through ASSI or DZ-CERT before December 2026 can access structured international content at no cost to their organisation.

What CyberSouth+ Actually Delivers

The programme focuses on three capability pillars that map directly onto Algeria’s current cyber governance gaps:

1. Cybercrime law and procedural alignment. The Budapest Convention on Cybercrime provides the reference framework. Algerian law 09-04 on cybercrime already establishes the criminal basis, but procedural rules for cross-border digital evidence requests remain patchy. CyberSouth+ delivers practical workshops on mutual legal assistance (MLA) requests, e-evidence preservation orders, and chain-of-custody requirements for digital artefacts — the procedural layer that determines whether an investigation survives in court.

2. Forensics and technical investigation. Magistrates and law-enforcement investigators receive hands-on training in open-source intelligence (OSINT), network traffic capture, and forensic imaging. The EU Neighbours South portal documented a parallel OSINT course in Tunisia that will be replicated across the partner group. Algerian investigators who complete this track gain skills directly transferable to DZ-CERT’s incident triage workflows.

3. Incident response coordination. Exercises rehearse the handoff between technical CERT teams and the criminal justice system — the point where most incident pipelines currently stall. Getting law enforcement and IT security personnel to train together on the same scenario is the highest-value output of the programme; it compresses the miscommunication that routinely extends breach investigation timelines by weeks.

Advertisement

What Algeria Has Already Built — and What Remains to Complete

The predecessor CyberSouth project (launched 2017) closed in December 2023 after producing a baseline: a national trainer pool inside the magistracy, updated procedural guidance, and Algeria’s formal engagement with the Budapest Convention observer process.

CyberSouth+ builds on that baseline. The May 2024 Training of Trainers in Kolea explicitly tested the sustainability of the previous investment — can Algerian trainers now replicate the curriculum independently? The answer was yes, with caveats: the trainers can deliver foundational cybercrime law modules, but technical forensics content still requires external experts with specialised tooling. That gap is the primary remaining CyberSouth+ deliverable for Algeria, and with seven months remaining in the programme cycle, it is the most urgent action item for ASSI and DZ-CERT to pursue.

The SAMENA Council has noted Algeria’s digital sovereignty ambitions as a structural driver for cybersecurity capacity building. Connecting those ambitions to concrete international frameworks — rather than building parallel national systems from scratch — is precisely the value CyberSouth+ offers.

What Algerian Security Teams Should Do About It

1. Map your institution’s capability gaps against the CyberSouth+ curriculum

CyberSouth+ topics — e-evidence procedures, OSINT, incident response handoffs — map onto Decree 26-07’s requirement for every public institution to operate a certified cybersecurity unit. Before requesting programme access, teams should produce a gap analysis comparing their unit’s current procedures against the programme’s published learning outcomes. This positions the training request as a compliance-driven need, not a discretionary wish, which improves internal budget approval speed.

2. Route participation requests through ASSI formally

Access to CyberSouth+ activities is coordinated at the national level through Algeria’s Information Systems Security Agency (ASSI). Unlike informal workshop attendance, an ASSI-coordinated engagement generates a formal record of participation, creates a follow-up obligation on both sides, and links the training to the institution’s national cyber compliance posture. Teams that have engaged directly through ASSI report faster scheduling and access to pre-sessions not listed publicly on the Council of Europe calendar.

3. Prioritise the forensics track for technical investigators

Of the three CyberSouth+ pillars, the forensics and technical investigation track transfers the highest value to daily operations. The law and procedure modules are important but can be absorbed through written guidance; the OSINT and traffic analysis labs require supervised practice with proper tooling that most Algerian institutions do not currently have. Prioritising the technical track while the programme is still funded avoids having to procure equivalent commercial training (which costs €1,500–€3,000 per attendee for equivalent SANS or EC-Council content) after December 2026.

4. Build an internal train-the-trainer loop now

The CyberSouth+ model — training trainers who then cascade to colleagues — is the programme’s sustainability mechanism. Institutions that send one or two people to a ToT session without a plan to replicate internally will see the knowledge evaporate within 12 months. Best practice: designate the returning participants as mandatory internal trainers with a quarterly session obligation, and require them to document their training materials in a shared drive accessible to all security unit members.

The Structural Lesson

CyberSouth+ is not unique in what it teaches — the Budapest Convention framework, OSINT methods, and CERT coordination procedures are all available in commercial and open-source formats. What is unique is the package: structured delivery, peer networking with eight other southern Mediterranean countries (which means shared threat intelligence and incident case studies from comparable operating environments), and zero direct cost to the participating institution.

The risk for Algeria is not missing the content — it’s missing the network. Magistrates and technical teams who train alongside their Moroccan, Tunisian, and Jordanian counterparts build the informal cross-border relationships that accelerate future MLA requests and regional threat intelligence sharing. Those relationships are not in any curriculum. They emerge from shared training weeks, and they expire if Algeria does not occupy its seat at the table before December 2026.

For public institution IT directors and ASSI coordination officers, the action item is simple: inventory what participation has happened so far, identify the gaps, and submit a formal request for the remaining programme cycle. The infrastructure exists; the funding is allocated; the programme closes in seven months.

Follow AlgeriaTech on LinkedIn for professional tech analysis Follow on LinkedIn
Follow @AlgeriaTechNews on X for daily tech insights Follow on X

Advertisement

Frequently Asked Questions

What countries does CyberSouth+ cover, and how does Algeria compare to its neighbours?

CyberSouth+ covers eight countries: Algeria, Egypt, Jordan, Lebanon, Libya, Morocco, Palestine, and Tunisia. Algeria entered the programme with a relatively stronger baseline than most — the predecessor CyberSouth project (2017–2023) built a certified magistrate trainer pool and embedded cybercrime modules in the national magistracy curriculum. That advantage means Algerian participants are likely to be fast-tracked into the advanced forensics and incident-response tracks rather than repeating foundational law modules.

Is CyberSouth+ only for law enforcement and magistrates, or can private-sector security teams benefit?

The primary beneficiaries are public prosecutors, magistrates, law enforcement investigators, and public institution IT security staff. However, the forensics and OSINT modules produce skills directly applicable to private-sector incident response. Private financial institutions and critical infrastructure operators who coordinate with DZ-CERT can request observer participation in selected exercises — the programme does not prohibit it, and national coordinators have discretion to include relevant private-sector actors where the training scenario benefits from their perspective.

What happens to Algerian cybersecurity capability after CyberSouth+ closes in December 2026?

The programme’s sustainability model is the national trainer pool: participants who complete Training of Trainers modules are expected to cascade content independently. For this to work, institutions must formalise the cascade obligation before the programme ends — not after. If returning trainers have no structured internal delivery mandate, the knowledge depreciates within 12–18 months as staff rotate. Algerian institutions should treat December 2026 as a hard deadline for establishing an internal cybercrime and e-evidence training calendar, not a date after which they can request extensions.

Sources & Further Reading