What is AI regulation in Algeria?
AI regulation: countries and regions
Algeria has no dedicated, binding artificial intelligence law. AI is governed indirectly, mainly through personal data protection rules in Law 18-07 of 10 June 2018, as amended by Law 25-11 of 24 July 2025, enforced by the Autorite nationale de protection des donnees a caractere personnel (ANPDP). A National Artificial Intelligence Strategy was adopted in December 2024, but it is a policy roadmap, not enforceable AI legislation. Sector rules and the African Union context shape the picture.
Reviewed by Jackie, Head of Learning & Development, Levellers · Last reviewed 8 June 2026
What this means
There is no single AI statute in Algeria. When people ask about AI regulation in Algeria, the honest answer is that AI is currently caught by general laws, above all the personal data protection regime, rather than by a purpose-built AI Act of the kind the European Union has adopted. If your AI system processes personal data of people in Algeria, the data protection law applies; if it does not, very little AI-specific law touches it today.
The backbone is Law 18-07 of 10 June 2018 on the protection of natural persons in the processing of personal data, published in the Journal Officiel and significantly modernised by Law 25-11 of 24 July 2025. The supervisory body is the ANPDP, an independent administrative authority installed in August 2022 and enforcing the law since August 2023.
Alongside this, Algeria has a National Artificial Intelligence Strategy adopted in December 2024, steered by a Scientific Council for Artificial Intelligence under two ministries. This is a development and investment roadmap rather than a binding rulebook. Algeria is also an African Union member, so the AU Continental Artificial Intelligence Strategy of July 2024 frames its direction without imposing hard obligations.
Why it matters
For organisations building or buying AI in Algeria, the practical point is that compliance risk today flows through data protection law, not a standalone AI regime. Most useful AI systems ingest personal data: customer records, biometric identifiers, employee files, health information. The moment they do, Law 18-07 as amended by Law 25-11 applies, with real teeth: a declaration or prior authorisation regime, strict limits on transferring data abroad, mandatory appointment of a data protection officer, processing registers, impact assessments for high-risk processing, and a short breach notification window. Penalties include criminal fines and imprisonment.
The absence of a dedicated AI law is not the same as a free pass. Automated decision-making, profiling and biometric processing are addressed through the amended data protection framework, and the State has signalled strong interest in data sovereignty, meaning data localisation expectations. Leaders who treat AI governance as a data protection problem first, and who watch the strategy and any forthcoming AI legislation, will be best placed as the rules harden.
How it works
The data protection law is the operative framework
Law 18-07 of 10 June 2018 fixes the rules for processing personal data by public and private entities. It codifies familiar principles: lawful and fair processing, collection for specified and legitimate purposes, data minimisation, accuracy, storage limitation and security. It grants individuals rights of information, access, rectification and objection. It applies to controllers established in Algeria and to controllers outside Algeria that use means of processing located on Algerian territory. Law 25-11 of 24 July 2025 amended and completed this text, adding stronger accountability and risk-based duties.
The ANPDP and its powers
The Autorite nationale de protection des donnees a caractere personnel is an independent administrative authority established under the President of the Republic. Its members and president were appointed by Presidential Decree No. 22-187 of 18 May 2022 for a five-year term, and the authority was installed on 11 August 2022. Under Article 75 of Law 18-07, the law became enforceable within one year of installation, so it has applied since August 2023. The ANPDP receives declarations, grants authorisations, handles complaints, authorises cross-border transfers, orders corrective measures and imposes administrative sanctions.
Declaration, authorisation and transfers
The law uses a declaratory system: any processing must first be declared to the ANPDP. Where processing presents an obvious risk to privacy and fundamental rights, such as sensitive data, international transfers, or interconnection of public-service files, a stricter prior authorisation regime applies. Transfers of personal data outside Algeria are restricted and generally require that the destination ensures an adequate level of protection or that the ANPDP grants authorisation.
What Law 25-11 added
The 2025 amendment introduced precise definitions for biometric data, profiling, pseudonymisation and data breaches; made the appointment of a data protection officer mandatory; required processing registers and automated processing logbooks; imposed a five-day breach notification deadline (more generous than the EU GDPR 72-hour standard); tightened international transfer conditions; and reinforced the ANPDP, including regional control and audit structures. It also extended the regime to certain previously excluded processing, such as that for judicial and security purposes, while explicitly excluding national defence and security data. These accountability, risk-based and governance features are the levers most relevant to AI systems handling personal data.
The National AI Strategy is policy, not law
Algeria adopted a National Artificial Intelligence Strategy on Saturday 7 December 2024, at the close of the third African Startup Conference at the Centre International de Conferences Abdelatif Rahal in Algiers, in the presence of Knowledge Economy Minister Noureddine Ouadah. It is steered by the Scientific Council for Artificial Intelligence, a consultative scientific body chaired by Professor Merouane Debbah, a French-Algerian researcher and founding director of the 6G Research Center at Khalifa University in Abu Dhabi, placed under the Ministry of Higher Education and Scientific Research and the Ministry of Knowledge Economy, Startups and Micro-enterprises. According to Algerie Presse Service, the strategy is organised around six primary pillars: supporting scientific research, cultivating an environment that enables AI, developing local capacities, supporting startups, attracting investment, and targeting priority sectors such as agriculture, health and industry. It is a roadmap with budget commitments, not a binding regulatory instrument, and Digital Policy Alert classifies it as an announcement under deliberation rather than enacted law. For context on the gap between ambition and capacity, Algeria ranked 120th globally for public-sector AI readiness, with a score of 35.99 out of 100, in Oxford Insights' Government AI Readiness Index 2023.
Sector regulators and the wider digital agenda
The telecoms regulator, the Autorite de regulation de la poste et des communications electroniques (ARPCE), governs electronic communications, equipment approval and certification, and requires cloud hosting and storage of customer data to take place in Algeria. The AI strategy sits within a broader National Digital Transformation agenda and a centralised public services portal. None of these instruments is a dedicated AI law.
Examples
A company deploying an AI-driven customer service or marketing tool that processes Algerian residents' data must declare the processing to the ANPDP, obtain prior authorisation where the processing is high risk, appoint a data protection officer under the 2025 amendment, keep a processing register, and document the legal basis for any transfer of data to a foreign cloud provider. If the tool relies on a foreign-hosted API, the cross-border transfer rules and localisation expectations bite from the outset.
A health or fintech provider using AI on biometric or health data faces the stricter regime for sensitive data: such processing is generally subject to prior authorisation, explicit consent or a specific legal basis, an impact assessment for high-risk processing, and the five-day breach notification deadline introduced by Law 25-11. The newly defined categories of biometric data and profiling are directly relevant here.
A public administration adopting AI within Algeria's digital services programme works inside the same data protection rules, plus cybersecurity testing arrangements, while the National AI Strategy supplies funding and direction rather than binding compliance obligations.
Common misunderstandings
"Algeria has an AI Act." It does not. There is no dedicated, binding AI statute. AI is regulated indirectly, mainly through the data protection law.
"The National AI Strategy is a law you must comply with." The strategy is a policy roadmap with investment and research goals, not an enforceable rulebook. It creates no direct obligations on private deployers.
"If my AI does not store data in Algeria, the law does not apply." The law can reach controllers outside Algeria that use means of processing located on Algerian territory, and transfers abroad are restricted, with data localisation expectations reinforced by the 2025 amendment.
"The data protection authority is not really operational." The ANPDP has been installed since 2022, the law has applied since 2023, and the authority issues guidance and has expanded powers under Law 25-11.
"AI regulation in Algeria is the same as the EU AI Act." Algeria's regime is data-protection-led and inspired by the GDPR tradition, not a risk-tiered AI-specific law like the EU model.
Risks and boundaries
The central limit is that Algeria has no enforceable AI-specific legislation. Anyone claiming a binding Algerian AI law, AI regulator, or AI licensing regime today is mistaken. What exists is a data protection statute that captures AI when personal data is involved, plus a non-binding national strategy and continental policy context.
Several things are uncertain or pending. The National AI Strategy points towards a future legal framework to govern AI and to extend data privacy rules to AI-specific concerns, but this is aspirational and not yet enacted. Reports that the strategy expands the ANPDP's role to enforce AI rules come from secondary interpretation rather than a confirmed official strategy text, so treat that specific claim with caution. The strategy itself has been described in different forms and timeframes: a further draft, built around three core pillars of data, digital infrastructure and human capital, was reviewed in a June 2026 government meeting chaired by Prime Minister Sifi Ghrieb, and officials indicated that once the Council of Ministers approves it, it will be implemented through action plans. That signals the strategy is still evolving. None of this is law yet, and timelines could change.
This article explains the framework; it is not legal advice. Organisations with specific processing should verify current obligations directly with the ANPDP and the primary texts.
What to do next
Treat AI governance as a data protection problem first. Map where your AI systems touch personal data of people in Algeria, and bring each use within Law 18-07 as amended by Law 25-11: declare or seek authorisation as required, appoint a data protection officer, maintain processing registers and logbooks, and run impact assessments for high-risk processing.
Lock down cross-border data flows. Document the legal basis for any transfer abroad, check whether foreign-hosted AI services trigger authorisation requirements, and plan for data localisation expectations, including the ARPCE rule that cloud hosting take place in Algeria.
Build a short breach response runbook to meet the five-day notification deadline, and keep audit trails of AI-processed decisions. Monitor the National AI Strategy and any draft AI legislation, and watch ANPDP guidance, because the regulatory direction is towards a dedicated AI framework over time. Re-assess your posture if a binding AI law or decree is published, if the ANPDP issues AI-specific guidance, or if cross-border transfer rules tighten further.
Have a question or a suggestion, or want to understand how we research and review these guides? Read about our editorial standards and how to reach us.
FAQs
Does Algeria have a dedicated AI law?
No. There is no binding, AI-specific statute. AI is governed indirectly, mainly through the personal data protection law, Law 18-07 as amended by Law 25-11.
Which law actually applies to AI in Algeria?
Law 18-07 of 10 June 2018 on the protection of natural persons in the processing of personal data, as amended by Law 25-11 of 24 July 2025, applies whenever an AI system processes personal data.
Who is the regulator?
The Autorite nationale de protection des donnees a caractere personnel (ANPDP), an independent administrative authority installed in August 2022 and enforcing the law since August 2023.
What is the National AI Strategy?
A policy roadmap adopted in December 2024, steered by a Scientific Council for Artificial Intelligence under two ministries. It guides research, skills, infrastructure and investment, but it is not enforceable AI legislation.
Are there penalties for non-compliance?
Yes, under the data protection law. Sanctions include administrative measures and criminal penalties, with fines and possible imprisonment for serious breaches.
Does the law apply to companies outside Algeria?
It can. The law reaches controllers that use means of processing located on Algerian territory, and it restricts transfers of personal data abroad.
How does the African Union fit in?
Algeria is an AU member. The AU Continental Artificial Intelligence Strategy of July 2024 provides development-focused, non-binding guidance that frames national approaches.
What should we do now?
Govern AI through data protection compliance: declarations or authorisations, a data protection officer, registers, impact assessments, controlled transfers, and a breach response plan, while monitoring for a future AI law.