What is AI regulation in Syria?
AI regulation: countries and regions
Syria has no dedicated artificial intelligence law, strategy or regulator. After the fall of the Assad regime in December 2024, the transitional government treats AI as part of a broader digital reconstruction agenda rather than a subject for binding rules. AI is governed indirectly by existing instruments: the 2025 Constitutional Declaration, Law No. 12 of 2024 on electronic personal data, the 2022 cybercrime law, telecommunications regulation and sector rules. International commitments are aspirational, not enforceable.
Reviewed by Jackie, Head of Learning & Development, Levellers · Last reviewed 8 June 2026
What this means
AI regulation in Syria is best described by what is absent. There is no AI Act, no general AI licence, no high-risk AI classification scheme, no statutory transparency duty for automated systems and no AI-specific regulator. Anyone deploying AI in Syria operates under general laws that were not written with AI in mind.
This is a thin-source jurisdiction in significant flux. The Assad regime fell on 8 December 2024. A transitional government led by President Ahmed al-Sharaa took office in early 2025 and issued a Constitutional Declaration on 13 March 2025 to govern a five-year transition. Much pre-2025 institutional and policy material is now obsolete or uncertain, so any account of AI governance in Syria must distinguish carefully between what is confirmed law, what is proposed and what is merely aspirational.
In practice, AI in Syria sits inside a digital-development push: telecommunications rebuilding, fibre projects, e-government plans and a first regional AI conference held in Damascus in 2025. These are policy and investment signals, not a regulatory code.
Why it matters
For founders, operators and advisers, the absence of an AI-specific framework does not mean an absence of legal risk. It means the risk is dispersed and harder to map. An AI deployment in Syria can still trigger data-protection criminal penalties, telecommunications licensing, cybercrime liability, banking rules and constitutional privacy obligations. Because there is no AI regulator to interpret these in an AI context, organisations must reason from first principles about how general law applies to automated systems.
The transitional setting raises the stakes. Laws remain on the books by default, but enforcement capacity, institutional ownership and political direction are all unsettled. A rule that looks dormant today could be activated, amended or repealed during the transition. Equally, Syria's existing data and cybercrime laws carry surveillance and content-control features that create real exposure for anyone handling sensitive personal data or hosting user content. Understanding what currently governs AI, and what could change, is the practical core of operating responsibly in this market.
How it works
No dedicated AI law: what governs AI instead
Syria does not have a comprehensive AI statute, and none has been formally proposed by the transitional government. In the absence of an AI-specific regime, AI systems are governed by whichever general law their use happens to engage. The most relevant instruments are the Constitutional Declaration, data-protection law, the cybercrime law, telecommunications regulation and sector-specific rules such as banking. This is a sectoral and incidental model by default, not a deliberate risk-based design.
The Constitutional Declaration of 13 March 2025
The interim constitution provides the highest-level legal anchor. It protects private life: the State protects the sanctity of private life and treats violations as a punishable crime, and it guarantees freedom of opinion, expression and the press. It also incorporates ratified international human rights treaties as an integral part of the declaration. These provisions create a constitutional baseline relevant to AI uses such as profiling, surveillance and automated content moderation. However, the declaration also permits broad restrictions on rights for national security, public safety and public order, which analysts have criticised as vague and open to expansive interpretation. Critically, the declaration confirms that legislation already in force remains in effect unless amended or repealed, which is why pre-2025 laws still matter.
Data protection: Law No. 12 of 2024
Syria's principal data instrument is Law No. 12 of 2024 on the protection of electronic personal data, issued by President Bashar al-Assad on 28 March 2024 (per SANA). It aims, in the words of the official announcement, "to preserve the privacy of citizens' data" and to regulate the collection, processing, use and transfer of personal information on the network, "through financial penalties that may reach to 12 million SYP and other punishments which may rise to three years imprisonment." The detailed article-level provisions are not publicly available in English, and no specific independent data-protection authority is confirmed in the available sources. Critics have flagged broad national-security exceptions and data-retention features rather than strong individual rights. Under Article 51 of the Constitutional Declaration, the law remains in force by default; there is no evidence the transitional government has amended or repealed it. This law, not any AI rule, is the most direct constraint on AI training data and personal-data-driven systems.
Cybercrime, content and surveillance
The cybercrime Law No. 20 of 2022 sits alongside the data law and is the better-documented surveillance instrument. Per Access Now, Article 5 of the law "obligates applications service providers to save a copy of online content exchanged through the application as well as data that identifies the person who posted or shared the content," and Article 6 provides that internet service providers who refuse face imprisonment and a fine; it also criminalises broadly defined online content. For AI services that host user-generated content, run chatbots or process communications, these retention and disclosure duties are a significant design constraint. The two laws are sometimes conflated in commentary, but the mandatory data-retention architecture is anchored in the 2022 cybercrime law.
Responsible institutions
The lead body for digital and AI policy is the Ministry of Communications and Information Technology, under Minister Abdulsalam Haykal in the transitional government. It hosted the first regional AI conference in Damascus in May 2025 and runs a 2025 ICT strategy focused on infrastructure, fibre, e-government and investment. The Syrian Telecommunications and Post Regulatory Authority (SY-TPRA, formerly SYTRA) regulates the telecommunications sector and equipment, the most likely channel for any future AI-adjacent rules. The Central Bank of Syria governs digital payments and fintech, and has signalled a regulatory-sandbox approach in partnerships with payment networks. The Ministry of Administrative Development has promoted AI in public-administration modernisation. None of these is an AI regulator with binding powers over AI systems as such.
International and regional alignment
Syria is a long-standing UNESCO member state (since 1946) and is therefore within scope of the UNESCO Recommendation on the Ethics of Artificial Intelligence, adopted by acclamation by all 193 UNESCO Member States on 23 November 2021 at UNESCO's 41st General Conference as, in UNESCO's words, "the very first global standard-setting instrument on the subject"; it bans as invasive the use of AI systems for social scoring and mass surveillance. The Recommendation is soft law: it is not binding and depends on national implementation. No published UNESCO Readiness Assessment Methodology report for Syria was found. Regionally, Syria participates in Arab digital initiatives. UN ESCWA work on the Arab Digital Agenda and AI strategy guidance has historically classified Syria among low-to-medium digital-readiness countries. Arab instruments such as the Arab Strategy for Artificial Intelligence and the Arab Charter for the Ethics of Artificial Intelligence (promoted by the Arab ICT Organization, AICTO) are frameworks Syria has engaged with through cooperation agreements, but they are not enforceable law. Separately, Syria joined China's Global AI Governance Initiative on 24 March 2024, announced by the Syrian Ministry of Foreign Affairs and Expatriates under the Assad government; the Initiative was spearheaded by President Xi Jinping at the Third Belt and Road Forum in October 2023 and is a political declaration rather than a binding regime.
Examples
A fintech deploying an AI credit-scoring or fraud-detection model in Syria would not answer to an AI law. It would engage the Central Bank of Syria's licensing and anti-money-laundering supervision, the data-protection duties under Law No. 12 of 2024, and any sandbox arrangements the Central Bank develops with international payment partners.
A platform running an AI chatbot or hosting AI-generated user content would face the cybercrime Law No. 20 of 2022's data-retention and disclosure obligations, alongside the data-protection law. Civil-society commentary has warned that these features make confidential or sensitive AI services risky to operate in Syria, because mandatory government access can undermine user confidentiality.
A public-sector AI project, such as the administrative-modernisation use cases promoted by the Ministry of Administrative Development at regional forums, would be shaped by public-procurement practice, the Constitutional Declaration's privacy provision and the e-government priorities in the Ministry of Communications and Information Technology's 2025 ICT strategy, rather than by any AI-specific public-sector rulebook.
Common misunderstandings
"Syria has an AI law because it hosted an AI conference and joined a global AI initiative." No. The "AI-SYRIA 2025" First Regional Conference on Artificial Intelligence and Entrepreneurship, held 6 to 7 May 2025 at the Seven Gates Hotel in Damascus and organised by the Arab Union for Internet and Telecommunications and the Syrian Computer Society, and the 2024 endorsement of China's Global AI Governance Initiative, are policy and diplomatic signals. Neither creates binding domestic AI rules.
"There is no data protection in Syria, so anything goes." Incorrect. Law No. 12 of 2024 carries criminal penalties for unlawful handling of personal data, and the Constitutional Declaration protects private life. The gap is in AI-specific rules, not in all data law.
"The fall of the Assad regime wiped the legal slate clean." No. The Constitutional Declaration expressly keeps existing legislation in force unless amended or repealed, so Assad-era laws including the data and cybercrime statutes still apply by default.
"Syria's data protection law is a GDPR-style rights regime." Not really. Available analysis emphasises confidentiality duties, criminal penalties, national-security exceptions and data retention, with no confirmed independent regulator and limited individual-rights detail.
"UNESCO or Arab AI charters legally bind Syrian deployments." They do not. These are soft-law and aspirational instruments. They influence direction and may inform a future national framework, but they are not enforceable Syrian law.
Risks and boundaries
This article describes a jurisdiction with no AI-specific statute. The main boundary is durability: the legal status of nearly every institution and instrument is provisional during the five-year transition that began in 2025. Laws can be amended or repealed, ministries reorganised and new instruments introduced with limited notice.
Two specific uncertainties should be stated plainly. First, the article-level content of Law No. 12 of 2024 is not publicly verifiable in English, and whether a dedicated data-protection authority exists or operates is unconfirmed; treat detailed compliance claims with caution. Second, enforcement capacity across all these laws is weak and uneven, which means low visible enforcement should not be read as low legal risk, because dormant provisions can be activated.
What AI regulation in Syria is not: it is not a risk-based regime like the EU model, not a mature sectoral framework, and not an absence of law. It is general law applied incidentally to AI, in a fast-changing political environment. Anyone treating Syria as either fully regulated or fully unregulated will misjudge the position.
What to do next
Map your AI use to existing law, not to an imagined AI Act. Identify which instruments your deployment engages: data protection (Law No. 12 of 2024), cybercrime and content retention (Law No. 20 of 2022), telecommunications licensing (SY-TPRA), banking (Central Bank of Syria) and the Constitutional Declaration's privacy provision.
Treat personal data and user content as the highest-risk areas. Assume mandatory retention and government-access obligations may apply, and design data flows, hosting and confidentiality commitments accordingly. For sensitive use cases, weigh whether operating in-country is appropriate at all.
Monitor the transition actively. Watch the Ministry of Communications and Information Technology for any national AI or digital strategy, the People's Assembly for new data or AI bills, and the Central Bank for sandbox rules. Benchmarks that should change your approach include: publication of a national AI strategy, a UNESCO Readiness Assessment, creation of a data-protection authority, or any amendment to the 2024 data law or 2022 cybercrime law.
Use international soft law as a planning baseline. Aligning internal governance with the UNESCO Recommendation on the Ethics of AI and Arab ethics charters is sensible preparation, even though they are not binding, because they are the most likely templates for future Syrian rules.
Have a question or a suggestion, or want to understand how we research and review these guides? Read about our editorial standards and how to reach us.
FAQs
Does Syria have an AI law?
No. There is no dedicated AI statute, no AI licence, no high-risk classification scheme and no AI regulator. AI is governed by general laws applied incidentally.
What governs AI in Syria in the absence of an AI law?
The 2025 Constitutional Declaration, Law No. 12 of 2024 on electronic personal data, the 2022 cybercrime law, telecommunications regulation, banking rules and sector-specific law.
Is there a data protection law?
Yes. Law No. 12 of 2024 regulates collection, processing, use and transfer of personal data, with fines up to 12 million Syrian pounds and up to three years' imprisonment. It remains in force under the transitional government.
Did the fall of the Assad regime repeal these laws?
No. The Constitutional Declaration keeps existing legislation in force unless it is specifically amended or repealed, so the data and cybercrime laws still apply.
Who is the lead institution for AI policy?
The Ministry of Communications and Information Technology, under Minister Abdulsalam Haykal, leads digital and AI policy. There is no dedicated AI regulator.
Is Syria bound by the UNESCO Recommendation on the Ethics of AI?
Syria is a UNESCO member, but the Recommendation is soft law. It is influential and a likely template for future rules, but it is not enforceable Syrian law.
Has Syria signed any international AI commitments?
Under the Assad government in 2024, Syria joined China's Global AI Governance Initiative, a political declaration. It has also engaged with Arab regional AI ethics frameworks through cooperation agreements.
Is it safe to assume low enforcement means low risk?
No. Enforcement is weak and uneven, but laws remain on the books and dormant provisions, especially on data retention and content, can be activated.