Jordan's New Cybersecurity Licensing Framework: What Cybersecurity Companies Need to Know

Cybersecurity has become a critical component of modern business operations, particularly as organizations increasingly rely on digital infrastructure, cloud services, and interconnected systems. In response to evolving cyber risks and the growing importance of cybersecurity services, Jordan has introduced a comprehensive regulatory framework governing cybersecurity activities.

The framework is built upon the Cybersecurity Law No. 16 of 2019 and the regulations and instructions issued by the National Cyber Security Center. Recent developments, including the 2025 instructions relating to cybersecurity violations and the 2026 licensing instructions for cybersecurity services, have significantly expanded the regulatory landscape applicable to cybersecurity service providers operating in Jordan.

The new framework introduces licensing requirements for a number of cybersecurity activities, including managed cybersecurity services, cybersecurity consulting, penetration testing, cybersecurity auditing, incident response services, digital forensics, cybersecurity training, cybersecurity competitions, and the sale of cybersecurity products.

For cybersecurity companies, compliance is no longer merely a matter of technical capability. It now requires careful consideration of licensing obligations, operational requirements, governance structures, and ongoing regulatory compliance.

The introduction of activity-specific licenses is intended to ensure that cybersecurity services are delivered by qualified entities operating in accordance with recognized professional and technical standards. Companies that provide cybersecurity services should therefore assess whether their activities fall within the scope of the licensing framework and determine the specific approvals required before commencing operations.

The regulatory framework also establishes mechanisms for monitoring compliance and addressing violations. Companies operating in the cybersecurity sector should ensure that they maintain appropriate documentation, qualified personnel, internal policies, and governance procedures in order to minimize regulatory risk.

For foreign cybersecurity companies considering expansion into Jordan, the new framework provides both opportunities and responsibilities. Jordan continues to develop as a regional technology and cybersecurity hub, supported by a skilled workforce and an increasingly mature regulatory environment. However, market entry should be accompanied by a comprehensive legal assessment to ensure compliance with licensing and operational requirements.

As the cybersecurity regulatory framework continues to evolve, companies should remain attentive to new instructions, compliance obligations, and regulatory expectations issued by the National Cyber Security Center.

The legal regulation of cybersecurity is expected to become an increasingly important area of corporate governance, risk management, and regulatory compliance. Organizations that proactively address these requirements will be better positioned to operate confidently and sustainably in Jordan's growing cybersecurity sector.

At Jamal Hadidi & Co. Attorneys and Legal Consultants, we advise local and international companies on cybersecurity licensing, regulatory compliance, technology transactions, data governance, and the legal structuring of cybersecurity operations in Jordan.