the National Cybersecurity Center, the Jordanian governmental authority responsible for protecting the national digital infrastructure, has issued updated guidelines in 2025 to regulate violations of the Cybersecurity Law. The Center is tasked with developing cybersecurity policies and guidelines, monitoring violations, analyzing cyber incidents, and providing technical support to public and private entities to ensure compliance.
The new guidelines categorize violations and penalties based on their severity as follows:
- Minor Violations
Examples: Failure to comply with security policies or concealment of required data.
Penalty: A financial fine ranging from JOD 500 to JOD 1,000. - Major Violations
Examples: Operating unlicensed systems or services, or leaking confidential information.
Penalty: A fine of up to JOD 5,000, with the possibility of license revocation in case of repeated offenses. - Cyber Incidents
Incidents are classified by risk level, and graduated penalties are imposed:
High-risk incidents: Fines ranging from JOD 50,000 to JOD 100,000.
Medium or low-risk incidents: Fines are determined based on the Center’s assessment.
Remediation and Follow-up Mechanism: Violators are granted a specified period to correct their status, with the possibility of extension upon valid justification.
Repeated violations result in doubled fines and stricter actions, including suspension of activity.
Attorney: Joman Al Khatib
Anani & Assoc.
