⚡ Key Takeaways

Algeria’s ASSI agency is now the central coordinator for national cybersecurity under the 2025-2029 strategy, backed by Presidential Decree 26-07 mandating dedicated cybersecurity units in every public institution. The push follows 70 million recorded cyberattacks in 2024, with 13 million phishing attempts and 750,000 malicious email attachments blocked by Kaspersky alone.

Bottom Line: Public institution IT directors should verify their cybersecurity unit is formally established with direct reporting to institutional leadership, as Decree 26-07 compliance is already in effect.

Read Full Analysis ↓

Advertisement

🧭 Decision Radar

Relevance for Algeria
High
With 70 million cyberattacks recorded in 2024 and mandatory cybersecurity units now required in every public institution under Decree 26-07, this directly affects every government agency, public enterprise, and the private sector firms that contract with them.
Action Timeline
Immediate
Decree 26-07 was published January 21, 2026, and public institutions are already standing up cybersecurity units; the compliance clock is running now.
Key Stakeholders
Public institution heads, CISOs, IT directors, procurement officers, cybersecurity professionals, vocational training graduates, private sector security vendors
Decision Type
Tactical
Organizations must take concrete compliance steps — establishing units, appointing leads, integrating cybersecurity into procurement — within defined regulatory timelines.
Priority Level
Critical
The decree carries presidential authority, the threat landscape is severe (13 million phishing attempts blocked in 2024 alone), and non-compliance exposes institutions to both regulatory and operational risk.

Quick Take: Every Algerian public institution should have already begun standing up its dedicated cybersecurity unit as required by Decree 26-07. IT leaders must ensure these units report directly to institutional heads, not buried under IT departments. Private sector security firms should prepare service offerings aligned with the decree’s risk mapping, auditing, and procurement review requirements.

A New Architecture for Cyber Defense

When Algeria recorded more than 70 million cyberattacks in 2024 — ranking 17th globally among the most targeted nations, according to Kaspersky — the scale of the threat made one thing clear: isolated, institution-by-institution defenses were no longer sufficient. The country needed a centralized coordination body with real authority.

That body is ASSI — the Agence de Securite des Systemes d’Information (Information Systems Security Agency), operating under the Ministry of National Defence. Over the past four months, a series of presidential decrees and a formal national strategy have positioned ASSI as the hub of Algeria’s cybersecurity apparatus, with a mandate that extends from strategic planning to real-time incident coordination across every public institution in the country.

The Regulatory Foundation: Two Decrees, One Vision

The current framework rests on two presidential decrees issued in quick succession.

Presidential Decree No. 25-321 (December 30, 2025) formally adopted the National Cybersecurity Strategy for 2025-2029, establishing a five-year roadmap for defending public administrations and critical digital infrastructure. Approved by President Abdelmadjid Tebboune, the strategy articulates a clear overarching vision: to guarantee Algeria’s cyber resilience by strengthening prevention, detection, and incident response capabilities.

Presidential Decree No. 26-07 (January 7, 2026), published in the Official Gazette on January 21, went operational. It defines the organization and functioning of cybersecurity structures within public institutions, administrations, and agencies — and it introduces a structural requirement that fundamentally changes how Algerian organizations approach cyber risk.

Under Decree 26-07, every public entity must establish a dedicated cybersecurity unit. These units are not subordinate to IT departments. They report directly to the head of the institution and are responsible for designing cybersecurity policy, conducting risk mapping exercises, deploying remediation plans, ensuring continuous monitoring, performing regular audits, and coordinating with ASSI on incident response.

The reporting line is deliberate. By elevating cybersecurity out of technical IT management and placing it under institutional leadership, the decree ensures that cyber risk is treated as an organizational priority — not an afterthought buried inside a server room.

ASSI at the Center: Strategy, Operations, Coordination

ASSI is not new. Established under the Ministry of National Defence through earlier legislation (including Presidential Decree No. 20-05 of January 2020, which also mandated the appointment of Chief Information Security Officers across all state information systems), the agency has steadily expanded its operational footprint.

What the 2025-2029 strategy does is formalize ASSI’s central coordination role and give it sharper teeth. General Abdeslam Belghoul, Director General of ASSI, stated at the strategy’s public unveiling in Algiers on March 3, 2026, that the framework was developed with guiding principles aimed at “strengthening digital sovereignty, supporting the digital transformation undertaken by the State, preserving existing achievements, promoting inclusiveness, encouraging resource pooling, and setting measurable and achievable objectives.”

The strategy is organized around four strategic objectives:

  1. Reinforcing the resilience of national information systems to ensure operational continuity even under active attack conditions.
  2. Developing a supportive national cybersecurity ecosystem capable of fostering innovation and coordinated response mechanisms.
  3. Cultivating qualified human resources through structured training, education, and research initiatives.
  4. Consolidating national and international cooperation in recognition of the transboundary nature of cyber threats.

ASSI operates alongside two other key institutional nodes: the CNSSI (Conseil National de la Securite des Systemes d’Information), which serves as the strategic policy body reporting to the President, and DZ-CERT, Algeria’s national computer emergency response team hosted by CERIST and recognized as a member of FIRST and AfricaCERT.

Together, these three entities form a layered architecture: CNSSI sets policy direction, ASSI coordinates implementation and operations, and DZ-CERT handles frontline incident response and threat intelligence sharing.

Advertisement

What Cybersecurity Units Must Actually Do

Decree 26-07 is notable for its operational specificity. The dedicated cybersecurity units required in every public institution are not advisory boards. They carry concrete responsibilities:

  • Policy design and oversight: Each unit must develop its institution’s cybersecurity policy and oversee implementation across all departments, including supervised agencies.
  • Risk mapping: Units must identify and catalog threats through dedicated risk mapping exercises — creating a live picture of their attack surface.
  • Remediation planning: Based on identified risks, units design and deploy targeted remediation plans.
  • Continuous monitoring and auditing: Ongoing surveillance and periodic audits ensure that defenses remain current.
  • Data protection compliance: Units must ensure compliance with personal data protection legislation, coordinating with the national supervisory authority.
  • Procurement integration: The decree mandates coordination with procurement and internal security bodies to integrate cybersecurity clauses into outsourcing contracts.

This last requirement is particularly significant. Supply chain attacks represent one of the fastest-growing threat vectors globally. By requiring cybersecurity review of procurement and outsourcing agreements, Algeria is addressing a vulnerability that many countries have been slow to regulate.

Building the Workforce Pipeline

A national cybersecurity infrastructure is only as strong as the people who operate it. Algeria is addressing this through a parallel investment in workforce development.

The Ministry of Vocational Training and Education announced 285,000 new vocational training places starting February 2026, with dedicated tracks in cybersecurity, cloud computing, and AI. The program includes workplace-based apprenticeships for more than 57,000 participants and over 32,000 residential training places in specialized centers.

The cybersecurity curriculum includes certification programs aligned with international standards — ISO 27001, CISSP, and CEH — alongside Capture the Flag (CTF) competitions designed to identify and develop security talent. Beginning in September 2026, a partnership with Huawei will provide vocational trainees with cloud computing and cybersecurity instruction, culminating in a jointly issued diploma.

The strategy also mandates sector-specific cybersecurity regulations for banking, healthcare, and energy — sectors that manage critical infrastructure and sensitive data requiring specialized defensive capabilities.

The Threat Landscape Driving Urgency

The numbers behind Algeria’s cybersecurity push are stark. Beyond the 70 million overall cyberattacks recorded in 2024, Kaspersky data reveals that more than 13 million phishing attempts were blocked and nearly 750,000 malicious email attachments were detected and stopped during the same period.

These figures reflect a global pattern — cybercriminals increasingly target rapidly digitizing nations — but they also underscore Algeria’s specific exposure as it accelerates e-government services, digital payments, and online public administration.

The strategy makes digital sovereignty a core principle, defined as the State’s capacity to control its data, networks, software, and information systems. This is positioned not merely as a technical objective but as a fundamental pillar of national security — a recognition that in an interconnected world, cyber resilience and sovereignty are inseparable.

What Comes Next

The strategy document, publicly available for download from the Ministry of National Defence website (mdn.dz), covers the period through 2029. Implementation is already underway: public institutions are standing up their cybersecurity units, CISOs are being appointed, and ASSI is building the coordination channels that will connect hundreds of institutional security teams into a coherent national network.

Algeria’s approach — centralized strategic coordination through ASSI, decentralized execution through mandatory institutional units, and a parallel workforce pipeline — mirrors frameworks deployed by leading cybersecurity nations. The combination of presidential-level authority behind the decrees and the operational specificity of the requirements positions the country to make measurable progress on cyber resilience within the strategy’s five-year horizon.

For Algerian technology professionals, the message is clear: cybersecurity is now a career track with institutional backing, regulatory demand, and growing resources. For organizations, the compliance clock on Decree 26-07 is ticking.

Follow AlgeriaTech on LinkedIn for professional tech analysis Follow on LinkedIn
Follow @AlgeriaTechNews on X for daily tech insights Follow on X

Advertisement

Frequently Asked Questions

What is ASSI and what authority does it have?

ASSI (Agence de Securite des Systemes d’Information) operates under the Ministry of National Defence and serves as the central coordination body for Algeria’s cybersecurity apparatus. Under the 2025-2029 National Cybersecurity Strategy, ASSI coordinates implementation and operations across all public institutions, while CNSSI sets strategic policy and DZ-CERT handles frontline incident response.

Which organizations must comply with Decree 26-07?

Presidential Decree 26-07 applies to every public institution, administration, and agency in Algeria. Each must establish a dedicated cybersecurity unit that reports directly to institutional leadership — not to IT departments. These units handle risk mapping, remediation planning, continuous monitoring, regular audits, data protection compliance, and procurement security review.

How is Algeria addressing the cybersecurity workforce shortage?

The Ministry of Vocational Training has announced 285,000 new training places starting February 2026, with dedicated tracks in cybersecurity, cloud computing, and AI. Programs include ISO 27001, CISSP, and CEH certification paths, Capture the Flag competitions, and a Huawei partnership launching in September 2026 for cloud and cybersecurity diplomas.

Sources & Further Reading