..
Get In Touch
. .
Get In Touch
Get In Touch
bahrain-cybersecurity-structures
ASAR Bahrain News

Bahrain formalizes cybersecurity center’s structure and powers

Bahrain establishes central cyber authority: What critical sectors need to know

Cybersecurity oversight in Bahrain is entering a new phase. A recently issued Royal Decree establishes the National Cyber Security Center (NCSC) as the central authority responsible for setting and enforcing cybersecurity rules nationwide. Operating under the Supreme Defence Council, the Center will play a lead role in regulating cyber risk, managing incident response, and overseeing security across critical sectors.

Key Highlights:
The Center’s core responsibilities include:

  • Proposing and reviewing cybersecurity legislation
  • Issuing binding policies, standards, and compliance frameworks
  • Overseeing cybersecurity in critical sectors
  • Coordinating national cyber incident response
  • Conducting national drills and capacity-building programs
  • Certifying cybersecurity tools and software for use in critical sectors

The Center’s CEO, appointed by Royal Decree, holds broad executive authority, including regulatory issuance and organizational oversight. Strategic plans, internal regulations, and international engagements are subject to approval by the Secretary-General of the Supreme Defence Council.

Why it matters:
This development marks a significant evolution in Bahrain’s digital and national security governance. It:

  • Elevates cybersecurity to a national defence priority
  • Establishes a central authority for cyber risk and incident management
  • Aligns Bahrain’s framework with global cybersecurity standards
  • Imposes increased regulatory expectations on both public and private sectors

Who Is Affected:
Entities operating in or serving the following sectors should take note:

  • Government bodies
  • Financial institutions and FinTech
  • Telecommunications and ICT providers
  • Healthcare and transportation
  • Energy, utilities, and industrial operations
  • Any organization designated as part of a ‘Critical Sector’

Next Steps for Impacted Entities:

  • Review and align internal cybersecurity frameworks with Center-issued mandates
  • Prepare for participation in national drills and incident reporting schemes
  • Anticipate compliance audits and regulatory oversight
  • Ensure relevant staff meet forthcoming certification requirements

How ASAR can assist:
Our team is ready to support clients in responding to these regulatory changes. We can help you:

  • Assess your exposure under the new cybersecurity framework
  • Navigate compliance with upcoming regulations and standards
  • Review and revise internal policies and governance documents
  • Prepare for cyber-readiness exercises and regulatory inspections
  • Advise on incident response protocols and data breach handling
  • Represent your interests in engagements with the relevant authorities

For further information or guidance on how these developments may affect your organisation, please contact us at asarbh@asarlegal.com.

Legal Reference: Royal Decree No. 17 of 2025 (Official Gazette Issue No. 3820, 10 July 2025)

Leave a Comment