Do I Need a Cybersecurity License in Jordan? Understanding the 2026 Cybersecurity Licensing Framework

Written By Jamal Hadidi

The cybersecurity sector in Jordan has undergone a significant regulatory transformation. Following the enactment of the Cybersecurity Law No. 16 of 2019 and the subsequent regulations and instructions issued by the National Cyber Security Center, cybersecurity services are now subject to a dedicated licensing regime.

For businesses operating in the cybersecurity sector, one of the most important legal questions is whether the activities they provide require a license under the applicable framework.

The answer depends not on how a company describes itself, but rather on the actual nature of the services it provides.

A New Regulatory Environment

Historically, many technology companies offered cybersecurity-related services under general commercial registrations without considering whether those activities constituted regulated cybersecurity services.

The licensing instructions issued in 2026 have changed that landscape by establishing specific licensing requirements for a broad range of cybersecurity activities.

These activities include:

  • Managed cybersecurity services;

  • Cybersecurity consulting services;

  • Cybersecurity audit services;

  • Penetration testing services;

  • Incident response services;

  • Digital forensic investigation services;

  • Cybersecurity product sales;

  • Cybersecurity training services; and

  • Cybersecurity competitions and related activities.

Organizations involved in any of these activities should assess whether they fall within the scope of the licensing framework and whether regulatory approval is required before commencing operations.

Why Classification Matters

One of the most common regulatory risks arises when companies incorrectly classify their activities.

For example, a company may view itself primarily as an IT consulting business while also providing security assessments and vulnerability testing for clients. Depending on the nature of those activities, the company may be engaging in regulated cybersecurity services requiring a specific license.

Similarly, a company that operates a Security Operations Center (SOC) or provides continuous monitoring services may be considered a provider of managed cybersecurity services, which are subject to separate licensing requirements.

The legal analysis therefore begins with a detailed review of the services being offered rather than the company’s marketing description or trade name.

Beyond Licensing

Obtaining a license is only one aspect of regulatory compliance.

The cybersecurity regulatory framework also addresses operational requirements, professional qualifications, compliance obligations, renewal requirements, and regulatory oversight.

Organizations should therefore view licensing as part of a broader governance and compliance strategy rather than a one-time administrative exercise.

Failure to comply with licensing requirements may expose businesses to regulatory investigations, administrative measures, penalties, and reputational consequences.

Considerations for Foreign Cybersecurity Companies

Foreign cybersecurity companies seeking to enter the Jordanian market should carefully evaluate the applicability of the licensing framework to their proposed business model.

Questions frequently arise regarding:

  • Remote service delivery;

  • Local presence requirements;

  • Partnerships with Jordanian entities;

  • Outsourcing arrangements;

  • Cross-border cybersecurity operations; and

  • Regulatory oversight responsibilities.

A legal assessment at the planning stage can help identify the most appropriate structure and avoid unnecessary delays or compliance challenges.

Jordan's Growing Cybersecurity Market

The introduction of a dedicated licensing framework reflects Jordan's commitment to strengthening its cybersecurity ecosystem and promoting professional standards across the sector.

For cybersecurity companies, compliance should not be viewed solely as a regulatory requirement. A properly licensed and compliant operation can enhance credibility, improve access to enterprise and government opportunities, and strengthen client confidence.

As the regulatory framework continues to evolve, businesses should proactively review their activities and ensure that their operations remain aligned with applicable legal requirements.

How We Can Assist

At Jamal Hadidi & Co. Attorneys and Legal Consultants, we advise local and international organizations on cybersecurity licensing, regulatory compliance, technology transactions, operational structuring, and cybersecurity governance.

Our services include regulatory assessments, licensing strategy, corporate structuring, contractual frameworks, compliance reviews, and ongoing legal support for organizations operating in the cybersecurity sector.

The information contained in this article is intended for general informational purposes only and does not constitute legal advice. Specific legal advice should be obtained based on the circumstances of each case.

Jamal Hadidi
Next

Jordan's New Cybersecurity Licensing Framework: What Cybersecurity Companies Need to Know