On 14 March 2026, the National Council for Artificial Intelligence, Quantum Computing, and Emerging Technologies (NCAI) released Egypt's National Generative AI Guidelines. Developed under the leadership of the Ministry of Communications and Information Technology (MCIT), with contributions from the Egyptian Center for Responsible AI (ECRAI). The guidelines establish a principles-based framework to support the safe, responsible, and trustworthy development, deployment, and use of Generative Artificial Intelligence (Generative AI) across the public sector, private sector, academia, and society at large. The guidelines adopt a human-centered and risk-proportionate approach, aligned with internationally recognised frameworks from the Organisation for Economic Co-operation and Development (OECD), the United Nations Educational, Scientific and Cultural Organization (UNESCO), the G7 through the Hiroshima Process on Advanced AI, and the Council of Europe. They address distinct governance challenges raised by Generative AI, including hallucinations and inaccurate outputs, large-scale misinformation and deepfakes, bias and discrimination, privacy and data protection risks, intellectual property concerns, and unclear accountability. The guidelines define scope and applicability across five user categories: Developers and Model Providers, Deployers and Service Providers, Institutional and Organizational Users, Individual Users and Content Creators, and High-Impact or Sensitive Use Contexts. Specific guidance covers Agentic AI Guidelines, DeepFake Guidelines, Generative AI in Education and Scientific Research, and Disclosure requirements. Annex 1 provides guidance on Effective Prompting for Generative AI. The guidelines are designed as a living framework subject to periodic review.
On 14 March 2026, the National Council for Artificial Intelligence, Quantum Computing, and Emerging Technologies (NCAI) released the Guide to Egypt’s National AI Governance Framework, prepared by the Egyptian Center for Responsible Artificial Intelligence (ECRAI), which serves as the implementation and technical body of the NCAI. The guide serves as the central strategic document of the framework and defines its scope by introducing risk tiers, a “Dual-Check” compliance logic, and an institutional structure organised across five layers. These include the legislative heritage, the strategic evolution of the framework, the governance philosophy built around the “State as Orchestrator” and “Strategic Hybrid” model, the scope and applicability, and the future regulatory architecture. The guide establishes five core ethical principles that function as governance mandates for all AI actors, namely human-centeredness, fairness, accountability, security and safety, and transparency and explainability. These principles are grounded in the Egyptian Charter for Responsible AI adopted in 2023, and are aligned with the UNESCO Recommendation on the Ethics of AI and the OECD AI Principles. It also introduces a risk-based regulatory approach that classifies AI systems into four categories, ranging from prohibited systems presenting unacceptable risk to high-risk systems subject to mandatory “Dual-Check” compliance, as well as limited risk systems subject to transparency requirements and minimal or no risk systems that remain unregulated or voluntary. General-purpose AI models receive specific treatment, with those presenting systemic risk classified as high-risk systems and standard models falling under the limited risk category.
On 14 March 2026, the National Council for Artificial Intelligence, Quantum Computing, and Emerging Technologies (NCAI) released the National Guidelines for Trustworthy and Responsible AI. Prepared by the Egyptian Center for Responsible Artificial Intelligence (ECRAI), the Guidelines provide a national reference for the development, deployment, and oversight of AI systems across the public and private sectors, in line with Egypt’s Vision 2030 and the National Artificial Intelligence Strategy (2025–2030). The Guidelines form part of the National AI Governance Framework and serve as an operational document for implementing AI practices. They apply to all AI actors in Egypt, including government entities, private-sector developers, and individuals, across the full AI lifecycle from design and data preparation to deployment, monitoring, and retirement. They are structured around four pillars: institutional governance, AI lifecycle governance, stakeholder engagement, and society and sustainability.
In January 2026, the Cabinet approved expanding the mandate of the National Council for Artificial Intelligence (NCAI) to include quantum computing and emerging technologies. Following this decision, the body was renamed the National Council for Artificial Intelligence, Quantum Computing, and Emerging Technologies. The expansion reflects a broader remit for the council beyond its original focus on artificial intelligence.
On 2 November 2025, the Executive Regulations of the Personal Data Protection Law issued by Law No. 151 of 2020 entered into force on the day following their publication in the Official Gazette, as issued by Minister of Communications and Information Technology Decision No. 816 of 2025. The Executive Regulations require conducting periodic selection and evaluation operations to ensure the correctness and safety of personal data as collected. These operations must be carried out in accordance with the mechanisms periodically issued by the Personal Data Protection Center (PDPC).
On 1 November 2025, the Minister of Communications and Information Technology adopted the Executive Regulations of the Personal Data Protection Law issued by Law No. 151 of 2020 through Ministerial Decision No. 816 of 2025. The Executive Regulations require conducting periodic selection and evaluation operations to ensure the correctness and safety of personal data as collected. These operations must be carried out in accordance with the mechanisms periodically issued by the Personal Data Protection Center (PDPC).
On 1 October 2025, the National Telecommunications Regulatory Authority (NTRA) implemented its order terminating type approval procedures for devices exclusively utilising third-generation (3G) technology in Egypt. The measure also prohibits approvals for shipments containing such 3G-only equipment, promoting the adoption of devices compatible with advanced technologies such as fourth-generation (4G) and fifth-generation (5G).
On 11 September 2025, the National Telecommunications Regulatory Authority (NTRA) of Egypt adopted an order that, effective 1 October 2025, type approval procedures will no longer be applied to telecommunications devices that operate exclusively on third-generation (3G) technology and do not support higher-generation technologies such as fourth-generation (4G) or fifth-generation (5G). The adopted order further stipulates that the NTRA will not grant approval for the release of any shipments containing such 3G-only devices, thereby suspending both the type approval process and the market entry of telecommunications equipment restricted to 3G functionality.
On 1 September 2025, Labour Law No. 14 of 2025 enters into force, establishing remote work as an employment model within the national labour framework. Remote work is formally categorised alongside part-time work, flexible work, and job-sharing, with all models subject to the general provisions of employment law. The Law affirms that remote workers hold the same rights and duties as those in traditional employment, including social protection, social insurance, minimum wage entitlement, access to training and skill development, and the exercise of collective bargaining and freedom of association under Law No. 213 of 2017. It further requires the conclusion of written contracts for remote work, either in paper or electronic form, and assigns responsibility to ministerial authorities for issuing implementing measures to regulate its practical application.
On 7 August 2025, the National Telecommunications Regulatory Authority's Regulatory Framework for Providing Cybersecurity Services entered into force. The framework defines regulatory requirements for entities providing or using cybersecurity services. It specifies terms such as cybersecurity services, critical infrastructure, and service providers, and mandates adherence to technical and organisational standards. The framework establishes obligations for service providers, including compliance with cybersecurity laws, protection of confidential data, and prompt reporting of cybersecurity incidents. Beneficiaries of these services must use certified providers and notify the relevant authorities of any cybersecurity incidents. It also sets out procedures for registering and certifying companies and individuals as cybersecurity service providers, which include requirements for technical expertise, recognised certifications, and compliance with national laws such as the Telecommunications Regulation Law and the Cybercrime Law. Additionally, the framework identifies critical infrastructure sectors and lists accepted international certifications for cybersecurity professionals.
Last updated: 14/03/2026