On 25 February 2026, the National Data Protection Commission of Portugal and the Moroccan National Commission for the Control of the Protection of Personal Datasigned a Memorandum of Understanding (MoU) in the field of personal data protection. The aim of the partnership is to strengthen cooperation between the two authorities through the sharing of information and technical expertise, specifically addressing challenges in artificial intelligence (AI), image manipulation, and cyber violence. The cooperation also covers educational projects, training programmes, and the exchange of best practices regarding the monitoring and enforcement of the regulatory framework.
On 29 September 2025, the Competition Council closes the consultation on the investigation into Delivery Hero’s acquisition of 94.49% of Glovoapp23 and its voting rights. The acquisition gives Delivery Hero, a German company active under brands including Foodpanda and Talabat exclusive control of Glovo. Glovo is a Spanish company operating an app-based platform for online ordering and home delivery in more than 20 countries, including Morocco.
On 18 September 2025, the Competition Council opened an investigation into Delivery Hero’s acquisition of 94.49% of Glovoapp23 and its voting rights. The acquisition gives Delivery Hero, a German company active under brands including Foodpanda and Talabat exclusive control of Glovo. Glove is a Spanish company operating an app-based platform for online ordering and home delivery in more than 20 countries, including Morocco. The Council noted that the information was provided by the parties. The Council also opened a public consultation until 29 September 2025 to submit observations.
On 23 July 2025, the General Directorate of Information Systems Security (DGSSI) adopted the Guide on Data Classification, developed under Law No. 05-20 on cybersecurity and its implementing decree 2.21.406. The Guide is addressed to entities and infrastructures of vital importance and establishes a structured methodology for classifying data as an information asset, with sensitivity levels determined according to risks across confidentiality, integrity and availability dimensions. It sets out the principles of data classification, including lifecycle management, risk assessment, proportionality, governance frameworks and technological neutrality, and specifies the roles and responsibilities of stakeholders such as data owners, custodians, classification specialists, auditors and users. The document also outlines the overall data management process from identification to classification, protection, re-evaluation and deletion, and provides technical and organisational measures for safeguarding sensitive information. It introduces a multi-level impact scale, aligned with Decree No. 2-21-406, to determine classification classes from “no impact” to “very serious impact”, with data placed within Classes I and II considered sensitive and subject to reinforced protection measures, including mandatory residency within national territory.
Last updated: 25/02/2026