• Madagascar plans to publish a new cybersecurity regulatory framework soon after launching a legal overhaul in December 2025.
• The new law will define security incidents, identify Critical Infrastructure Organizations (OIVs), and impose strict sanctions for non-compliance.
• Cybercrime now accounts for 30% of reported offenses in West and East Africa, according to INTERPOL's 2025 Africa cyberthreat report.

The Ministry of Digital Development, Posts and Telecommunications used the first Cybersecurity Symposium, held in Antananarivo on June 22-23, to provide an update on the reform process.

Madagascar still relies on legislation adopted in 2014, which policymakers increasingly consider inadequate in addressing emerging technologies and evolving cyber threats. Authorities launched a comprehensive review of the framework in December 2025 and initially targeted completion within three months.

"The process is nearing completion and the new regulatory framework will be published shortly," said Mahefa Andriamampiadana, Minister of Digital Development, Posts and Telecommunications.

The minister said the upcoming legislation will provide a precise definition of a security incident and establish criteria for identifying Critical Infrastructure Organizations, known locally as Organisations d’Importance Vitale (OIVs).

Authorities said the new framework will strengthen enforcement mechanisms and increase accountability across both public and private sectors.

"This legal framework will not be merely theoretical. It will incorporate a system of strict injunctions. If stakeholders fail to comply with the established rules, authorities will apply severe sanctions, whether they target political decision-makers or technical personnel in the field," said Éric Rakotomaniraka, Director General of the Computer Incident Response Team (CIRT).

Madagascar's legal reform comes as cybercrime continues to expand across the African continent. According to INTERPOL's 2025 Africa Cyberthreat Assessment Report, cyber-related crimes now account for 30% of all reported offenses in West and East Africa. The report also noted a sharp increase in ransomware attacks during 2024. South Africa and Egypt recorded the highest levels of ransomware activity, followed by Nigeria and Kenya.

Moreover, the report found that 90% of surveyed African countries believe they require significant improvements in law-enforcement capabilities or prosecutorial capacity to effectively combat cybercrime.

This article was initially published in French by Adoni Conrad Quenum

Adapted in English by Ange J.A de Berry Quenum