What is AI regulation in Libya?
AI regulation: countries and regions
Libya has no dedicated AI law, statute, bill or AI-specific regulator. What exists is policy: a National Artificial Intelligence Policy, a National Charter for Artificial Intelligence Ethics, and a National Artificial Intelligence Strategy (2026 to 2030), launched on 1 June 2026. AI-related duties are read across from general instruments, mainly Law No. 6 of 2022 on Electronic Transactions and Law No. 5 of 2022 on Combating Cybercrime. There is no comprehensive data protection law and no data protection authority.
Reviewed by Jackie, Head of Learning & Development, Levellers · Last reviewed 8 June 2026
What this means
Libya does not regulate artificial intelligence through a specific statute. Instead, it has built a layer of national policy documents and relies on older, general laws to cover the issues AI raises, such as data handling and cybercrime. The headline instruments are the National AI Policy, the National Charter for AI Ethics, and the National AI Strategy covering 2026 to 2030, which Prime Minister Abdul Hamid Dbeibah launched on National Technology Day, 1 June 2026.
These are strategy and ethics documents, not binding law. They set ambitions, principles and quantified targets; they do not create enforceable obligations on companies in the way a statute would. The strategy itself acknowledges the gaps it is trying to close: per the OECD.AI Policy Observatory, it "explicitly seeks to address weaknesses such as the absence of a unified national AI body, legislative fragmentation, limited availability of high-quality data, and shortages in specialised skills."
Libya's wider situation matters here. The country has rival administrations and contested institutions, which limits how reliably any single official source can be treated as authoritative across the whole territory. The bodies driving AI policy are based in Tripoli under the Government of National Unity.
Why it matters
For organisations deploying or governing AI in Libya, the practical reality is that there is no AI compliance regime to certify against, no AI regulator to notify, and no statutory AI risk classes. Obligations that bite come from adjacent law: the data protection provisions inside the Electronic Transactions Law, the criminal provisions of the Cybercrime Law, and sector rules such as banking and telecoms. Because there is no comprehensive data protection statute and no data protection authority, buyers and advisers cannot assume a familiar GDPR-style baseline, even though parts of the Electronic Transactions Law echo GDPR concepts. The safest working assumption is that Libyan rules are thinner and less enforced than in some neighbouring jurisdictions, and that the policy direction is set but the binding detail is still being written.
How it works
No dedicated AI statute, only policy
There is no AI Act, AI bill or AI decree in force in Libya. The governing material is a set of national policy documents prepared since a national path began in 2023: the National AI Policy, the National Charter for AI Ethics, and the National AI Strategy. Per the OECD.AI Policy Observatory, the strategy "is structured around six main pillars: governance and leadership; legislation and ethics; digital infrastructure and data; human capacities and education; innovation and priority sectors; and monitoring, evaluation, and participation." It was published in draft form labelled 2025 to 2030, refined with advisory support, then formally launched as the 2026 to 2030 strategy on 1 June 2026.
What the strategy targets
The strategy is built around quantified goals for 2030. Per the GIA launch announcement of 1 June 2026, these include "enabling 80% of government entities to use artificial intelligence tools, activating the national digital identity for 70% of the population, in addition to training and qualifying 10,000 employees in advanced technology fields, supporting the creation of 100 startups specialized in artificial intelligence, automating 50% of government transactions, alongside converting 70% of paper records into modern digital systems." Per OECD.AI, the named priority sectors are "health, financial services, education, and public services, with pilot projects proposed in these areas before expansion to other sectors such as national security and energy."
The ethics charter
Per the GIA announcement, the National Charter for AI Ethics "stipulates the consolidation of the principles of justice, transparency, and accountability," safeguards individuals' rights and digital freedoms, and protects national data sovereignty. It treats AI systems "as supportive tools for human decision-making and not a substitute for it, especially in sensitive sectors such as health, justice, and security." The charter is described as a national reference for the government, private and academic sectors; it is not a statute with penalties.
The institutions
Two separately named bodies are often confused. The General Authority for Communications and Informatics (GACI) is the telecoms and ICT regulator, established by the Government of National Unity around 2021 to 2022; it handles spectrum, internet governance, cybersecurity and, since the IANA and ICANN transfer reported on 30 October 2025, the .ly country-code domain. The General Information Authority (GIA) is the national information and statistics authority that led and published the National AI Strategy and prepared related reference documents in coordination with GACI. In early 2026 the government created a new Minister of State for Digital Economy and Artificial Intelligence, Ziad Al-Hajjaji, to act as a coordinating umbrella over the area.
A proposed national AI authority
Per OECD.AI, the responsible organisation is recorded as the "General Information Authority, with a proposal to establish a National Artificial Intelligence Authority under the Council of Ministers." As of mid-2026 this authority has not been established; it remains a proposal. In the interim, AI coordination sits with the new minister, GIA and GACI.
Data protection by read-across
Libya has no comprehensive data protection law and no data protection authority. The closest binding provisions are in Law No. 6 of 2022 on Electronic Transactions, which requires explicit consent for collecting personal data, purpose limitation, transparency notices, a right of access and update, and an adequacy-style condition in Article 78 for transferring personal data outside Libya. Law No. 5 of 2022 on Combating Cybercrime adds criminal liability for unauthorised access and interception. The 2011 Constitutional Declaration protects private life and confidentiality of communications. NISSA, the National Information Security and Safety Authority, established by decree in 2013, issued data protection policies, but these bind state entities, not the private sector.
Telecoms law
The sector statute is Law No. 22 of 2010 on communications, with executive regulations issued in 2022. It governs licensing, spectrum and numbering through the competent regulator, now GACI.
Regional context
Libya is an African Union member and an Arab League member. The African Union adopted its Continental Artificial Intelligence Strategy in July 2024, a non-binding framework encouraging member states to build national strategies and data governance. Libya also participated in preparing the Arab Artificial Intelligence Strategy adopted within the Arab Ministers Council of Communications, and received advisory support from ESCWA in developing its national strategy, including a workshop with GIA on 14 October 2025.
Examples
A fintech deploying an AI credit-scoring model for Libyan customers cannot register with an AI regulator because none exists. Its binding duties come from the Electronic Transactions Law: explicit consent to collect personal data, use limited to the stated purpose, and adequacy checks before sending data abroad to a cloud or model provider. Banking rules from the Central Bank of Libya may also apply.
A public-sector body piloting AI in health or public services is operating inside the strategy's named priority sectors. The National Charter for AI Ethics asks it to keep a human in the loop for sensitive decisions in health, justice and security, and to uphold transparency and accountability, but these are policy expectations, not statutory duties with penalties.
A multinational already compliant with GDPR will likely meet the data-handling requirements of the Electronic Transactions Law, since the law's prevention-focused provisions overlap with GDPR concepts. It should not assume an enforcement body will supervise or certify that compliance, because there is no data protection authority.
Common misunderstandings
Misconception: Libya has an AI law. It does not. It has policy and strategy documents, plus general laws that touch AI indirectly.
Misconception: Libya has a GDPR-style data protection law and regulator. It has neither; data duties are embedded in the Electronic Transactions Law and there is no data protection authority.
Misconception: The National AI Strategy is binding regulation. It is a strategy with targets and principles, not enforceable law.
Misconception: There is already a national AI authority. The strategy proposes one under the Council of Ministers, but it is not yet established.
Misconception: GACI and GIA are the same body. They are distinct: GACI is the telecoms and ICT regulator; GIA is the information and statistics authority that published the AI strategy.
Risks and boundaries
This is a fast-moving, policy-led picture, not a settled legal regime. The strategy and charter set direction but do not impose enforceable AI obligations, and executive frameworks to implement them were still being prepared in 2026. Libya's institutional fragmentation means official sources are concentrated in Tripoli under the Government of National Unity and may be limited or contested elsewhere; some announcements cannot be verified against a published primary instrument such as an official gazette text. The documents (policy, charter and strategy) are referenced and described by official bodies, but full English texts are not always publicly available, and the dating shifted from a 2025 to 2030 draft to a 2026 to 2030 launch. Treat the existence of the documents as confirmed, the 1 June 2026 launch as confirmed, and the binding legal detail as pending. The proposed National AI Authority is not yet a real institution.
What to do next
Do not wait for an AI law to govern your AI use; build governance on the duties that already bite, mainly the Electronic Transactions Law's data provisions and the Cybercrime Law. Map personal-data flows and apply consent, purpose limitation and cross-border adequacy checks. Use a GDPR-aligned baseline as a pragmatic reference, since it generally satisfies Libyan requirements and travels well across the region. Run AI impact assessments and keep human oversight for sensitive decisions in health, justice and security, in line with the National Charter for AI Ethics. Track two triggers that would change your obligations: the establishment of the proposed National AI Authority, and the issuance of executive regulations under the strategy. Confirm sector rules with the Central Bank of Libya or GACI where relevant, and verify the current status of any instrument against an official source given the fragmented environment.
Have a question or a suggestion, or want to understand how we research and review these guides? Read about our editorial standards and how to reach us.
FAQs
Does Libya have an AI law?
No. Libya has no dedicated AI statute, bill or AI-specific regulator. It governs AI through national policy documents and general laws.
What documents make up Libya's AI policy?
The National AI Policy, the National Charter for AI Ethics, and the National AI Strategy (2026 to 2030), launched on 1 June 2026 by Prime Minister Abdul Hamid Dbeibah.
Is there a data protection law in Libya?
There is no comprehensive data protection law and no data protection authority. Data duties sit inside Law No. 6 of 2022 on Electronic Transactions, supported by the Cybercrime Law and constitutional privacy provisions.
Who regulates communications and technology?
The General Authority for Communications and Informatics (GACI) is the telecoms and ICT regulator. The General Information Authority (GIA) led the AI strategy. A Minister of State for Digital Economy and AI now coordinates the area.
Is there a national AI authority?
Not yet. The strategy proposes a National Artificial Intelligence Authority under the Council of Ministers, but it has not been established as of mid-2026.
How does the African Union strategy fit in?
The AU adopted its Continental AI Strategy in July 2024 as a non-binding framework encouraging member states, including Libya, to build national strategies and data governance.
Can a GDPR-compliant company operate in Libya?
Generally yes. A GDPR-aligned posture usually satisfies the data-handling requirements in the Electronic Transactions Law, though no Libyan authority will supervise or certify that compliance.
What should organisations watch for next?
The establishment of the proposed National AI Authority and the issuance of executive frameworks and regulations, which would convert policy ambitions into enforceable duties.