In Tunisia, the cybersecurity decree-law of March 11, 2023, came into effect on September 11, 2023, broadening the authority of the national computer security agency (ANSI). To underline this transformation, the institution’s name changed to the national agency for cybersecurity (ANSC)
The ANSC remains under the supervision of the Ministry of Communication Technology and retains its three main missions:
- to draw up and update security governance policies for Tunisian cyberspace;
- to develop and promote cybersecurity training programs;
- to implement and publish cyberprotection and digital hygiene reference documents and guides
Moreover, the ANSC will be in charge of granting two new labels guaranteeing cloud provider safety and sovereignty. The first will certify government agency providers (G-cloud) and the second, State essential organizations (N-cloud).
The agency will also have to steer the new electronic device and service labeling policy in Tunisia. In particular, it will grant the “secure” certification for high-level protection. Essential Tunisian organizations will only be able to use hardware with this label. Their infrastructure backups will be done with a G-cloud or N-cloud certified cloud provider.
More generally, critical organizations will guarantee computer system cyber-resilience and continuity of service in the event of a national crisis. The decree-law also provides for fines in cases of non-compliance with cybersecurity requirements. Finally, the ANSC will have to develop and implement the future “national cyber emergency response plan”, in partnership with public and private sector CSIRTs.