What is AI regulation in Lebanon?
AI regulation: countries and regions
Lebanon has no dedicated AI law or standalone AI statute. Artificial intelligence is governed indirectly through Law 81/2018 on electronic transactions and personal data (overseen by the Ministry of Economy and Trade, with no independent data protection authority), sector rules from the central bank and the Telecommunications Regulatory Authority, and policy documents including a National Digital Transformation and AI Strategy launched in 2025. Enforcement is weak because of Lebanon's prolonged economic and institutional crisis.
Reviewed by Jackie, Head of Learning & Development, Levellers · Last reviewed 8 June 2026
What this means
There is no specific Lebanese law that regulates artificial intelligence as such. Lebanon is not unusual in this; no Arab League state has yet enacted a standalone, comprehensive AI statute. What exists in Lebanon is a patchwork: a 2018 law that covers electronic transactions and personal data, sector rules issued by the central bank and the telecoms regulator, and a set of strategy and policy documents that describe ambitions rather than binding duties.
The single most important instrument for anyone deploying AI in Lebanon is Law 81/2018 on electronic transactions and personal data. It sets out data protection principles such as purpose limitation, lawful processing and security, gives individuals rights of access and correction, and requires those collecting personal data to notify or seek a permit from the Ministry of Economy and Trade. Crucially, it does not create an independent data protection authority, and it does not mention AI, automated decision-making or profiling.
On the strategy side, Lebanon worked with the United Nations Economic and Social Commission for Western Asia (ESCWA) on a national AI strategy guide as early as 2020, and a Minister of State for Technology and Artificial Intelligence launched a National Digital Transformation and AI Strategy in 2025. These are policy directions, not enforceable rules. A draft law to create a full Ministry of Technology and Artificial Intelligence was approved by the Council of Ministers but, on the official record, still awaits parliamentary passage.
Why it matters
For founders, operators, advisers and buyers, the practical message is that you cannot point to a single Lebanese AI rulebook to design your compliance programme. Your legal exposure when you build or deploy AI in Lebanon comes from general instruments: the data protection provisions of Law 81/2018, the Penal Code provisions on electronic forgery and IT system misuse, banking and payment circulars from Banque du Liban, telecoms licensing under the Telecommunications Regulatory Authority, and constitutional privacy protection.
The absence of a dedicated framework cuts both ways. There is no AI-specific licensing burden, conformity assessment or registration regime to satisfy, so the formal entry barrier is low. But the lack of an independent supervisor, the absence of clear rules on automated decision-making, and the documented weakness of state enforcement capacity mean legal certainty is also low. If a dispute, a data breach or a regulatory question arises, the answer is often unsettled. Organisations that handle sensitive personal data, make automated decisions about people, or operate in regulated sectors such as finance should therefore govern themselves to a higher standard than local law strictly demands, because the local floor is thin and may change.
How it works
No dedicated AI law: govern through general instruments
Lebanon has not enacted, and at the time of writing has not tabled an enacted, statute that defines or regulates AI systems by risk, use case or capability. There is no Lebanese equivalent of a risk-based AI regulation. AI is therefore treated like any other software or data processing activity and falls under whatever general law applies to the conduct in question: data protection, consumer protection, criminal law, banking regulation and sector licensing.
Law 81/2018: the core data protection instrument
Law No. 81, relating to electronic transactions and personal data, was enacted on 10 October 2018, published in the Official Gazette and entered into effect three months after publication, in 2019. It recognises electronic documents and signatures, sets rules for e-commerce and e-banking, and contains Lebanon's first general personal data protection regime. Data must be processed lawfully, for specified purposes, kept accurate and secure, and individuals have rights to access and correct their data. Those wishing to collect and process personal data must, in general, inform the Ministry of Economy and Trade, and certain categories require a licence: data touching state security (by joint decision of the Ministers of National Defence and Interior), criminal offences and judicial proceedings (Minister of Justice), and health, genetic or sexual data (Minister of Public Health).
Two features matter for AI. First, the law creates no independent data protection authority; the Ministry of Economy and Trade is the de facto overseer, without a specialised supervisory body of the kind found under the UK GDPR. Second, the law does not address automated decision-making, profiling or AI at all, and it does not formally define valid consent, leaving gaps that an AI deployment built on personal data must navigate by analogy. Penalties exist: collecting or processing data without the required permit or licence, or unlawfully disclosing processed data, can attract fines and imprisonment.
The Telecommunications Regulatory Authority (TRA)
The TRA is an independent public institution established by Law 431/2002 to liberalise, regulate and develop telecommunications. Its mandate covers licensing, spectrum and numbering management, interconnection, technical standards, competition monitoring and consumer protection. It is not an AI regulator and has no AI-specific mandate. After years of effective non-operation caused by political deadlock, a new TRA board was approved by the Council of Ministers in September 2025 and the authority was relaunched in October 2025, ending roughly 13 years of inactivity. As of January 2026 the TRA had taken over telecommunications equipment type approval, with the Ministry of Communications having ceased issuing such certificates in December 2025 by ministerial order, under new approval schemes set by TRA Board Decision No. 9/2025. For AI purposes, the TRA matters mainly as the gatekeeper of connectivity, spectrum and equipment, not as a body that authorises or audits AI systems.
Sector rules: finance and cybersecurity
Banque du Liban, the central bank, regulates banks, payment providers and fintech through circulars covering electronic transactions, e-KYC, customer risk classification and cybersecurity. These bind financial institutions that deploy AI in credit, anti-money-laundering or fraud workflows, even though they are not AI rules. Separately, a National Cyber Security Strategy was published in 2019 under the Presidency of the Council of Ministers, proposing a national cybersecurity agency that has not yet been established.
Strategy and institutions in formation
ESCWA, which is headquartered in Beirut, produced a Developing an Artificial Intelligence Strategy national guide in 2020, after the then Ministry of State for Investment and Technology Affairs requested its assistance to develop a national AI strategy. Separately, the Office of the Minister of State for Administrative Reform (OMSAR) leads a Digital Transformation Strategy for 2020 to 2030, approved in 2022, focused on e-government, digital identity and interoperability. In 2025 the Minister of State for Technology and Artificial Intelligence, Dr Kamal Shehadi (also Minister of the Displaced, a former chairman of the TRA and a former executive at the UAE telecoms group e&), launched the National Digital Transformation and AI Strategy 2025 to 2030 on 7 November 2025 at the Lebanon Tech, AI and Innovation Summit, under the patronage of Prime Minister Nawaf Salam. In September 2025 the Council of Ministers approved a draft law to establish a full Ministry of Technology and Artificial Intelligence, described as Lebanon's first new ministry since 1993, which awaits parliamentary approval. These are governance ambitions and soft-law style direction, sitting on the soft-law end of the hard-law and soft-law spectrum, not enforceable AI duties.
Examples
A fintech deploying an AI credit-scoring model in Beirut is not governed by an AI law, but it must comply with Law 81/2018 data protection principles for the personal data it processes, with Banque du Liban circulars on cybersecurity and customer risk, and with the central bank's data handling expectations. Practically, that means documenting the processing, securing the data, and being able to justify decisions, even though Lebanese law does not yet grant a specific right to explanation of automated decisions.
A health provider using an AI diagnostic tool processes health data, which under Law 81/2018 is a category requiring a licence by decision of the Minister of Public Health. The provider should treat the data as sensitive, apply purpose limitation and security obligations, and recognise that there is no specialised regulator to consult for AI-specific guidance.
A government body piloting AI for public services operates under the policy direction of the digital transformation and AI strategies rather than a binding AI statute. It must still respect data protection rules and, where it touches connectivity or spectrum, coordinate with the TRA. The legal scaffolding for such projects, including digital identity, is still being built, so deployments often run ahead of settled law.
Common misunderstandings
"Lebanon has an AI law." It does not. There is no dedicated AI statute, and no enacted AI bill. AI is governed indirectly through general instruments.
"Law 81/2018 is a GDPR-style data protection law." It is a combined electronic transactions and data protection law that is far less detailed than the UK GDPR, lacks an independent supervisory authority, and does not address profiling or automated decisions.
"There is a data protection regulator you can complain to." There is no independent data protection authority. The Ministry of Economy and Trade is the de facto overseer, and practical enforcement is limited.
"Lebanon's national AI strategy is binding law." The strategy and the planned ministry are policy and institutional direction. They are not enforceable rules and parts remain in draft.
"The TRA regulates AI." The TRA regulates telecommunications under Law 431/2002. It has no AI-specific mandate.
Risks and boundaries
This article describes the architecture of Lebanese governance as it stands and is not legal advice. The legal position is genuinely uncertain in several respects. What is confirmed: there is no dedicated AI law; Law 81/2018 is in force and is the main data protection instrument; the Ministry of Economy and Trade is the de facto overseer with no independent authority; the TRA exists under Law 431/2002, was relaunched in late 2025, and is not an AI regulator.
What is pending or unsettled: the draft law to create a full Ministry of Technology and Artificial Intelligence was approved by the Council of Ministers but, on the official record, awaits parliamentary passage; reported elements such as a National AI Advisory Board and a Digital Authority appear in strategy commentary but could not be confirmed from official statutory sources and should be treated as proposals rather than established institutions; specific economic targets attributed to the 2025 strategy (for example a reported aim to raise AI and digital contribution to around 10 per cent of GDP by 2030) could not be verified from primary government sources and are not relied on here. What could change: a future AI framework, an amended data protection law, or a functioning supervisory authority could all alter the picture. Lebanon's prolonged economic, financial and political crisis, which has weakened state capacity, makes the pace and certainty of any reform hard to predict.
What to do next
Treat Law 81/2018 as your baseline. Map what personal data your AI collects and processes, apply purpose limitation, security and accuracy, and determine whether your processing needs notification or a licence, especially for health, security or judicial data.
Govern to a higher standard than local law requires. Because there is no AI-specific rulebook and no independent supervisor, adopt voluntary controls: an AI impact assessment for higher-risk uses, human-in-the-loop review for decisions affecting people, audit trails and explainability. This also positions you for likely future rules and for cross-border expectations.
If you operate in finance, follow Banque du Liban circulars on cybersecurity and customer risk as binding constraints on AI workflows. If you touch connectivity, spectrum or equipment, engage the TRA.
Watch the legislative pipeline. Track whether the technology and AI ministry law passes parliament, whether a digital sector authority is created, and whether data protection rules are amended. Build governance that can absorb a move toward a risk-based regime without a costly redesign.
Have a question or a suggestion, or want to understand how we research and review these guides? Read about our editorial standards and how to reach us.
FAQs
Does Lebanon have a dedicated AI law?
No. There is no standalone AI statute and no enacted AI bill. AI is governed indirectly through general data protection, criminal, banking and telecoms instruments.
What is the main data protection law?
Law No. 81/2018 on electronic transactions and personal data, enacted on 10 October 2018 and effective from 2019. It sets data protection principles and individual rights but does not address AI.
Is there a data protection authority?
No independent authority exists. The Ministry of Economy and Trade is the de facto overseer through a notification and permit regime, and practical enforcement is limited.
What does the Telecommunications Regulatory Authority do?
The TRA, established by Law 431/2002 and relaunched in late 2025, regulates telecommunications, including licensing, spectrum and consumer protection. It is not an AI regulator.
Does Lebanon have a national AI strategy?
Lebanon worked with ESCWA on an AI strategy national guide in 2020, and a Minister of State for Technology and Artificial Intelligence launched a National Digital Transformation and AI Strategy for 2025 to 2030 on 7 November 2025. These are policy, not binding law.
How does Lebanon fit the Arab regional context?
Lebanon is an ESCWA member, and ESCWA is headquartered in Beirut. Lebanon sits within the Arab Digital Agenda 2023 to 2033 and pan-Arab AI initiatives led through the League of Arab States, but these are regional frameworks, not Lebanese law.
Why is enforcement weak?
Lebanon has faced a severe economic, financial and political crisis since 2019 that has weakened public administration, alongside design gaps in the 2018 law, such as no independent supervisor and no formal consent definition.
What should organisations do now?
Comply with Law 81/2018, follow sector circulars where relevant, and adopt voluntary AI governance such as impact assessments and human oversight to manage risk and prepare for future rules.