Law 05-20 relative to cybersecurity

The law applies to "infrastructures d’importance vitale" which would cover the energy sector. They must ensure their information systems comply with directives from the national authority, implement security policies, manage risks, audit their systems, classify information assets, designate a security officer, establish incident detection mechanisms, report security incidents, prepare continuity plans, adhere to specific rules for outsourcing sensitive systems (including national hosting and Moroccan law contracts), homologate sensitive systems, undergo security audits, implement audit recommendations, and use security-enhancing services and qualified cybersecurity providers as defined by the national authority.

Want to know more about this policy ? Learn more