MOGADISHU — The National Communications Authority (NCA) has convened a national consultation to formulate Somalia’s Cybersecurity Risk Management and Compliance Framework, bringing together key government agencies, private sector representatives, educational institutions, civil society organizations, and technical experts .
The consultation sought to collect perspectives and enhance cooperation in creating a comprehensive framework to improve the nation’s cybersecurity defenses, protect essential digital infrastructure, and guarantee effective risk management and adherence across different sectors .
NCA Director General Calls for Stakeholder Engagement
Addressing participants, the Director General of the National Communications Authority, Mustafa Yasin Sheikh, stressed the significance of comprehensive involvement with the draft framework .
“We urge all stakeholders to thoroughly examine the document, consider each aspect carefully, and offer valuable feedback on every section,” Mustafa Yasin Sheikh stated .
State Minister Highlights Growing Cyber Threats
The State Minister of Communications and Technology, MP Ahmed Osman Dirie, who opened the meeting, underscored the increasing significance of cybersecurity in a rapidly digitizing society .
“The use of technology continues to grow and influences numerous aspects of life, including education and commerce. Without appropriate protections, these developments can create vulnerabilities. Creating a strong cybersecurity risk management and compliance framework is crucial, and the National Communications Authority is tasked with spearheading this initiative for the government,” Dirie said .
Critical Need for Cybersecurity Following E-Visa Breach
The push for a comprehensive cybersecurity framework comes after significant security incidents exposed vulnerabilities in Somalia’s digital infrastructure. In late 2025, Somalia’s electronic visa website was found to lack adequate security measures, potentially enabling malicious actors to download thousands of e-visas containing sensitive personal information such as passport details, full names, and dates of birth Somalia’s E-Visa System Security Flaw Puts Thousands at Risk.
“Breach incidents involving sensitive personal data pose significant risks, including potential identity theft, fraud, and intelligence gathering by malicious actors,” stated Bridget Andere, senior policy analyst at digital rights group Access Now .
The security weakness emerged just one month after federal authorities acknowledged that the country’s e-visa data system had been compromised, reversing earlier assurances from senior officials who had dismissed reports of a breach Somalia Confirms E-Visa Breach After Earlier Denials. The admission marked a significant shift after days in which top officials insisted the platform was secure .
The US and United Kingdom governments issued a warning about a data breach that exposed the information of more than 35,000 individuals who had applied for a Somali e-visa. “The leaked data from the breach included visa applicants’ names, photos, dates and places of birth, email addresses, marital status, and home addresses,” stated the US Embassy in Somalia .
Somalia Reaffirms Digital Commitment at WSIS+20 Roundtable
The cybersecurity initiative aligns with Somalia’s broader digital transformation commitments. Minister of Telecommunications and Technology Mohamed Adam Mo’alim Ali has reaffirmed Somalia’s commitment to data protection and cybersecurity legislation as key pillars of the country’s digital transformation strategy Somalia Reaffirms Digital Commitment at WSIS+20 Roundtable.
The government has implemented data protection legislation and established frameworks for cybersecurity systems, aligning with Somalia’s broader Vision 2025 strategy for digital transformation. Speaking at the WSIS+20 Ministerial Roundtable in Geneva, the minister emphasized that Somalia is “deeply committed to accelerating its digital transformation in partnership with international organizations” .
Third National Cybersecurity Forum
The consultation follows the successful convening of the Third National Cybersecurity Forum of Somalia in December 2025, a high-level platform dedicated to strengthening national digital security, safeguarding modern information systems, and addressing the growing threats within cyberspace The Third National Cybersecurity Forum of Somalia. The forum brought together senior government officials, cybersecurity experts, representatives from telecommunications companies, private sector stakeholders, academics, and international partners supporting Somalia’s digital security agenda .
In his keynote address, Minister Mohamed Adam Macallim (Soomaali) emphasized that cybersecurity is a cornerstone of modern statehood, effective e-government service delivery, and public trust in digital technologies. He highlighted that robust digital security frameworks are essential for protecting national infrastructure, ensuring data integrity, and enabling sustainable digital transformation .
National Cybersecurity Law and Institutional Framework
Under the National Cybersecurity Law (2025), the National Communications Authority is designated as the highest government authority responsible for the governance and management of the country’s cybersecurity and operational activities Cybersecurity. The Cybersecurity Department of the NCA leads and coordinates national cybersecurity efforts in the Federal Republic of Somalia .
Key responsibilities of the department include:
– Development of cybersecurity regulatory frameworks, standards, and guidelines
– Critical Information Infrastructure Protection, identifying and designating assets essential to national security, economic stability, and public services
– Oversight of the Somalia Computer Emergency Response Team (SOMCIRT), which operates as the national cyber incident response center
– Licensing of cybersecurity service providers and certification of cybersecurity professionals
– National cybersecurity awareness campaigns and training programs
– Stakeholder engagement and coordination with international partners including OIC-CERT, AfricaCERT, FIRST, and ITU
Collaborative Approach to Cyber Threats
The meeting highlighted the vital importance of collaborative approaches to tackle evolving cyber threats and establish a secure digital environment in Somalia. Attendees examined risk identification, regulatory compliance procedures, and institutional obligations .
Telecom companies, including Hormuud, Somtel, Telesom, Golis, SomLink, and Amtel, have previously implemented interconnection agreements under the NCA’s oversight, demonstrating the sector’s capacity for coordinated action Somalia Welcomes Decision by Telecom Firms to Implement Interconnection Agreement.
Outcome and Next Steps
The consultation’s findings will guide the completion of the Cybersecurity Risk Management and Compliance Framework, which will function as a primary tool for enhancing national cybersecurity governance .
The NCA says feedback from the consultation will now be used to complete the framework, which is expected to become a cornerstone of Somalia’s national cybersecurity governance, helping build a more resilient digital ecosystem .
In his closing remarks, the Minister reaffirmed the Ministry’s strong commitment to prioritizing the development of comprehensive policies, legal frameworks, and capable institutions that can effectively protect national data and critical digital assets, calling for enhanced cooperation among government entities, the private sector, technical experts, and international partners to build a secure, resilient, and trusted digital environment that aligns with Somalia’s long-term development aspirations .
