Algeria’s digital regulatory environment has undergone more change in the past 18 months than in the previous decade. For founders, CTOs, and legal teams, understanding the actual text of the laws — not secondhand summaries — matters more than ever. The framework now includes e-commerce law (18-05), data protection law (18-07) plus its 2025 amendment, electronic signature law (15-04), a new fintech PSP regulation, a total cryptocurrency ban, and a January 2026 presidential decree adding cybersecurity obligations for every public institution.
This article walks through each instrument, what it actually says, and what it means for startups and tech companies operating in Algeria.
E-Commerce Law 18-05: What It Actually Says
Law 18-05 (May 10, 2018) establishes mandatory information obligations for e-commerce providers: contract terms, returns processes, complaint handling, and transaction formation rules. Two critical points that are frequently misrepresented:
- The “7-day return” rule is not universal: Law 18-05 does not establish a blanket 7-day right of withdrawal for all e-commerce purchases. The 7-day withdrawal applies specifically to credit contracts and door-to-door sales (Article 14). For non-conforming products ordered online, the return window is 4 working days from effective delivery, with refund within 15 days. Any e-commerce operator claiming general 7-day returns as a statutory right is misreading the text.
- Payments must use regulated rails: Electronic payment must be conducted through platforms operated exclusively by banks licensed by the Bank of Algeria and by Algeria Post, subject to central-bank security and interoperability controls. This is why international gateways like Stripe and PayPal remain legally complex to integrate without explicit authorization — not a technical limitation, but a legal architecture decision.
- Domain and hosting requirements: E-commerce sites must be hosted in Algeria with a `.com.dz` extension. This creates data residency obligations from the outset and affects infrastructure choices for any startup operating an online marketplace.
Algeria’s e-commerce market has reached approximately $1.5 billion (2025), growing at 15-20% annually, with user penetration at 16.3% projected to reach 19.4% by 2029. Online retail’s share of total retail remains under 5% — an enormous growth runway, but one that requires navigating this regulatory framework carefully.
Fintech: Algeria’s First PSP Regulation (August 2025)
Bank of Algeria Instruction No. 06-2025 (published August 17, 2025) represents Algeria’s first formal framework for Payment Service Providers — a landmark regulation for fintech startups. Key provisions:
- Three-tier digital wallet system:
- Tier 1: up to DZD 100,000 balance (~$750)
- Tier 2: up to DZD 500,000 balance (~$3,750)
- Tier 3: up to DZD 1,000,000 balance (~$7,500)
- Minimum capital: DZD 160 million (~$1.2 million) to establish a PSP
- Currency restriction: All operations must be in Algerian dinars only
- Territorial requirement: Head office and payment platform must be on Algerian national territory
- Agent network rules: PSPs can operate through agents (retailers, telecom shops) under defined compliance standards
- AML/KYC compliance: Full anti-money laundering and know-your-customer obligations
This regulation creates a clear playbook for fintech startups like ALPAY and SofizPay — but the DZD 160 million minimum capital requirement is a significant barrier to entry that will limit the field to well-funded players.
The Cryptocurrency Ban: Law 25-10 (July 2025)
Algeria enacted one of the world’s strictest cryptocurrency bans with Law No. 25-10 (effective July 24, 2025), criminalizing all crypto activities including:
- Ownership, purchase, and sale of any cryptocurrency
- Mining and promotion of cryptocurrencies
- Use of cryptocurrency for payments
Penalties: 2-12 months imprisonment and/or fines of DZD 200,000 to 1,000,000 (~$1,500-$7,700).
For startups, this is unambiguous: any blockchain-based token, NFT marketplace, or crypto payment integration is illegal under Algerian law. Web3 startups serving the Algerian market must structure their operations accordingly — or operate exclusively in foreign jurisdictions.
Data Protection: Law 18-07 and the 2025 Amendment
Law 18-07 (June 2018) is Algeria’s primary data protection framework. Its cross-border transfer rules are explicit and strict: personal data cannot be transferred to a foreign state without authorization from the ANPDP (National Authority for Personal Data Protection), and only where the recipient state ensures an adequate level of protection. Transfers that could harm public security or vital interests are prohibited regardless of authorization.
The July 2025 amendment — Law 11-25 — significantly strengthened the framework:
- Mandatory DPO appointment for all data controllers
- Data Protection Impact Assessments (DPIAs) for high-risk processing
- 5-day breach notification to the ANPDP
- Expanded definitions covering biometric data, profiling, pseudonymisation, and data breaches
- Processing log requirements applicable to third-party processors
- Regional audit and control poles for expanded ANPDP oversight
For startups using any foreign-hosted SaaS tool — CRMs, analytics platforms, customer support tools, cloud storage — these obligations are not theoretical. Every third-party processor that touches Algerian personal data must be assessed against this framework.
An important caveat: Despite the comprehensive legal framework, there are no publicly reported enforcement actions by the ANPDP as of early 2026. The authority has published compliance procedures but has not disclosed any specific penalties or investigations. This enforcement gap may narrow as the agency scales operations and the new DPO obligations create internal compliance pressure within organizations.
Advertisement
Electronic Signature: Law 15-04
Law 15-04 (February 1, 2015) establishes that a qualified electronic signature meeting the law’s security and reliability standards has the same legal value as a handwritten signature. No electronic signature can be denied legal effect solely because it is in electronic form.
The law creates a three-tier certification structure:
- ANCE (National Electronic Certification Authority) — reports to the Prime Minister’s Office, oversees the entire framework
- AGCE (Government Electronic Certification Authority) — under the Minister of Post and Telecommunications, handles government sector certification
- ARPCE — designated as the Economic Electronic Certification Authority, supervising private-sector certification service providers
Update — November 2025: The Council of Ministers approved a draft law on digital identification and electronic trust services that will modernize and supersede Law 15-04. The new law covers digital signatures, digital seals, time stamps, electronic seals, web authentication, and links to Algeria’s biometric national ID card system. It is currently proceeding through Parliament.
Cybersecurity: Decree 26-07 (January 2026)
Presidential Decree No. 26-07 (January 7, 2026) requires every public institution, administration, and public body to establish a dedicated cybersecurity structure — independent from IT operations, reporting directly to the entity’s top leader. This decree is layered on top of the National Information Systems Security Strategy 2025-2029 (Presidential Decree No. 25-321, December 30, 2025).
For startups selling to the public sector (B2G), this means:
- Your government clients now have dedicated cybersecurity reviewers who will assess your product’s security posture
- Cybersecurity clauses must be integrated into outsourcing contracts
- Incident reporting obligations flow through to vendors
- Compliance with data protection legislation is explicitly required
The Startup Label and Fiscal Architecture
Algeria’s Startup Label system, administered by the Ministry of Knowledge Economy, is the primary gateway to state support. Labeling criteria include: R&D spending above 15% of revenue, founders with doctoral qualifications (50%+), IP/patent ownership, or prototype presentation. Approximately 7,800 companies have registered on startup.dz, with about 2,300 holding the formal label.
Labeled startups receive:
- Tax exemptions: IRG (income tax) or IBS (corporate tax) exemption for 4 years from the date of obtaining the label, renewable for 2 additional years (up to 6 years total). R&D deductions of up to 30% of taxable profit, capped at DZD 200 million.
- Access to the Algeria Startup Fund (ASF): Backed by 6 public banks with DZD 2.4 billion in capital, plus a DZD 58 billion ($411 million) facility across 58 regional funds (one per province). Maximum DZD 150 million (~$1 million) per project.
- Algerie Telecom AI Fund: A separate 1.5 billion DZD ($11 million) vehicle specifically for AI, cybersecurity, and robotics startups.
- Stock exchange incentives: Complete fee waiver on the Algiers Stock Exchange for 2026-2028 (COSOB visa fees, SGBV admission fees, Algeria Clearing custody fees) for fundraising up to DZD 500 million via the Growth segment.
- Procurement preference: Favored status in public tenders under the revised procurement law.
The first startup IPO (Moustachir, early 2025) and the first ASF exit (VOLZ, December 2025 at 3.35x return) demonstrate that these mechanisms are producing results — not just policy announcements.
What’s Coming: SNTN-2030 and the Digital Law
The SNTN-2030 strategy (“Digital Algeria 2030”) plans 500+ projects for 2025-2026, with 75% focused on modernizing public services. Two national data centers are under construction (Mohammadia at 80% completion, Blida at 50%). The broader legislative agenda includes the draft digital ID and trust services law (approved by cabinet November 2025) and potential frameworks for algorithmic transparency and platform regulation.
Startups that are already compliant with existing obligations — data protection, payment regulation, cybersecurity assessments — will have a structural advantage when the next wave of regulation arrives.
Frequently Asked Questions
What does Algeria’s Digital Economy Law require from tech companies?
The law establishes frameworks for e-commerce licensing, digital payment regulation, data localization requirements, and consumer protection for online transactions. Tech companies must register with relevant authorities and comply with data residency provisions.
How does this law affect Algerian startups specifically?
Startups benefit from clearer legal frameworks for e-commerce and digital payments, but face new compliance costs. The law creates opportunities in regtech and compliance-as-a-service, while the data localization requirements may increase infrastructure costs for cloud-first companies.
How does Algeria’s digital law compare to similar frameworks in the region?
Algeria’s approach is more prescriptive than Tunisia’s but less comprehensive than Morocco’s. The data localization requirements are stricter than most North African peers, reflecting Algeria’s sovereignty-focused approach to digital regulation.
Sources & Further Reading
- Journal Officiel — Law 18-05 (E-Commerce, May 2018)
- Journal Officiel — Law 18-07 (Data Protection, June 2018)
- Journal Officiel — Law 15-04 (Electronic Signature, 2015)
- CMS Expert Guide — Algeria Data Protection Law 11-25
- LaunchBase Africa — Algeria Fintech PSP Rules
- Decrypt — Algeria Bans All Crypto Activities
- ARPCE — Presidential Decree No. 26-07 (Cybersecurity)
- Ecofin Agency — Algeria Opens Stock Market Access to Startups
- Global Trade Alert — ASF DZD 58 Billion Funding Capacity
- Biometric Update — Algeria Digital ID and Trust Services Law
