World map of encryption laws and policies

Encryption is a crucial enabler of the rights to privacy and freedom of expression. But around the world, its legal situation varies. Some countries guarantee a general right to encryption; in others, it is severely restricted. To help human rights defenders navigate this complicated landscape, GPD has created this easy-to-use interactive world map of national encryption laws and policies.

  • Looking for a birds’ eye view? By clicking the filters at the top of the map, you can see at a glance all the countries which have, for example, a general right to encryption guaranteed in law; or find out which countries place controls on the import and export of encryption technologies. (tip: hovering over the information symbol will give you more detail on what each filter means)
  • Want details on the situation in a specific country? Just click it on the map (or use the drop down in the bottom left corner) and you’ll find a full rundown of all the relevant policies and laws.

While we seek to make this map accurate and up to date, if you spot any inaccuracies (or have additional information), let us know by emailing richard{at}gp-digital.org.​

This map accompanies GPD’s Travel Guide to Encryption Policy for human rights defenders – a comprehensive, accessible guide to the technology behind encryption, the key debates, why it relates to human rights, and where – and how – you can engage.

List of Countries

Afghanistan

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Albania

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Algeria

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

While ICT providers are not required to turn over source codes or encryption keys, all hardware and software imported to Algeria must be approved by the Agency for Regulation of Post and Telecommunication, under the Ministry of Post, Information Technology and Communication.

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Andorra

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Angola

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Antigua and Barbuda

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Argentina

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Armenia

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Australia

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

Crimes Act 1914: Section 3LA (inserted by the Cybercrimes Act 2001) allows a law enforcement officer, subject to obtaining a warrant from a magistrate, to require a person to "provide any information or assistance that is reasonable and necessary to allow a constable to": (a) access data held in, or accessible from, a computer or data storage device that (i) is on warrant premises; or (ii) is at a place for examination or processing; or (iii) has been seized under the Act, (b) copy data held in, or accessible from, such a computer, or data storage device to another data storage device, (c) convert into documentary form or another form intelligible to a constable: (i) data held in, or accessible from, such a computer, or data storage device or (ii) data held in a data storage device to which the data was copied as described in paragraph (b); or (iii) data held in a data storage device removed from warrant. Failure to comply is punishable with up to two years' imprisonment.

Austria

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation. Specifically, neither the E-Commerce Act (BGBl. I Nr. 152/2001) nor the Telecommunication Act (BGBl. I Nr. 70/2003) restrict the use of encryption.

Powers to intercept/decrypt encrypted communications

No known legislation

Azerbaijan

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Bahamas

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

Computer Misuse Act 2003 (Chapter 107A): Section 16(1) allows a police officer or other person authorised in writing by the Commissioner of Police, pursuant to a warrant obtained by a magistrate (under section 70 of the Criminal Procedure Code), to access "any information, code or technology which has the capability of retransforming or unscrambling encrypted data contained or available to such computer into readable and comprehensible format or text for the purpose of investigating any offence" or "to require any person in possession of decryption information to grant him access to such decryption information necessary to decrypt data required for the purpose of investigating any such offence". Failure to comply is punishable with up to three years' imprisonment or a fine of up to BSD 10,000.

Bahrain

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

Law No. (60) of 2014 On Information Technology Crimes: Article 9 criminalises the use of encryption in order to commit or to conceal any criminal offences, punishable by imprisonment and a fine not exceeding BHD 100,000.

Bangladesh

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Barbados

General right to encryption

Electronic Transactions Act, 2001 (CAP 308B): Section 21(2) makes clear that, subject to any regulations made under section 21(1), a person can use any encryption programme or product of any bit size or other of measure of strength that they lawfully possess.

Min/max standards

Electronic Transactions Act, 2001 (CAP 308B): Section 21(1) permits the government to make regulations (a) respecting the use, import and export of encryption programmes or other encryption products, and (b) prohibiting the export of encryption programmes or other encryption products from Barbados generally, or subject to such restrictions as may be prescribed. However, section 21(2) makes clear that, subject to any regulations made under section 21(1), a person can use any encryption programme or product of any bit size or other measure of strength that they lawfully possess.

No regulations so far appear to have been made under section 21(1)."

Licensing/registration requirements

Electronic Transactions Act, 2001 (CAP 308B): Section 21(1) permits the government to make regulations (a) respecting the use, import and export of encryption programmes or other encryption products, and (b) prohibiting the export of encryption programmes or other encryption products from Barbados generally, or subject to such restrictions as may be prescribed. However, section 21(2) makes clear that, subject to any regulations made under section 21(1), a person can use any encryption programme or product of any bit size or other measure of strength that they lawfully possess.

No regulations so far appear to have been made under section 21(1).

Import/export controls

Electronic Transactions Act, 2001 (CAP 308B): Section 21(1) permits the government to make regulations (a) respecting the use, import and export of encryption programmes or other encryption products, and (b) prohibiting the export of encryption programmes or other encryption products from Barbados generally, or subject to such restrictions as may be prescribed. However, section 21(2) makes clear that, subject to any regulations made under section 21(1), a person can use any encryption programme or product of any bit size or other measure of strength that they lawfully possess.

No regulations so far appear to have been made under section 21(1).

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

Computer Misuse Act 2005: Section 15(2) allows a police officer, subject to obtaining a warrant from a magistrate, to ""have access to any information, code or technology which has the capability of transforming or converting an encrypted programme or data held in or available to the computer into readable and comprehensible format or text, for the purpose of investigating any offence under this Act"" and ""convert an encrypted programme or data held in another computer system at the place specified in the warrant, where there are reasonable grounds for believing that computer data connected with the commission of the offence may be stored in that other system"". The magistrate needs to be satisfied that there are reasonable grounds for suspecting that an offence under the Act has been or is about to be committed in any place and that evidence that such an offence has been or is about to be committed is in that place (s. 15(1)). Failure to comply is punishable by imprisonment for up to 18 months or a fine of up to BBD 15,000 (s. 15(4)).

Section 16(1) also allows that police officer to require ""access to decryption information necessary to decrypt computer data required for the purpose of investigating the commission of [an] offence"" from any person ""in possession or control of a computer data storage medium or computer system"". Again, failure to comply is punishable by imprisonment for up to 18 months or a fine of up to BBD 15,000.

Belarus

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

Resolution of the Council of Ministers of the Republic of Belarus No. 218 of 18 March 1997: The import and export of cryptography is restricted and requires a license from the Ministry of Foreign Affairs or the State Center for Information Security of the Security Council.

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Belgium

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

Code of Criminal Investigation: Article 88 (fourth), inserted by the Loi du 28 novembre 2000 relative à la criminalité informatique, allows an investigating judge or police officer to order a person to decrypt decrypted data where he knows how to do so. Failure to comply is punishable by imprisonment of between six months and one year and/or a fine.

Belize

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Benin

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Bhutan

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Bolivia

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Bosnia and Herzegovina

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Botswana

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Brazil

General right to encryption

Marco Civil da Internet (Law No. 12.965): Article 7(III) guarantees the inviolability and secrecy of user communications online, permitting exceptions only by court order.

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Brunei

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

Computer Misuse Act 2007 (Chapter 194): Section 18(1) allows a police officer or other person authorised by the Commissioner of Police, and with the consent of the Public Prosecutor, to (a) be entitled at any time to (iii) "have access to any information, code or technology which has the capability of retransforming or unscrambling encrypted data contained or available to such computer into readable and comprehensible format or text for the purpose of investigating any offence under this Act or any other offence which has been disclosed in the course of the lawful exercise of the powers under this section" and (b) be entitled to require (c) "any person in possession of decryption information to grant him access to such decryption information necessary to decrypt data required for the purpose of investigating any such offence". Failure to comply is punishable by up to three years' imprisonment and/or a fine of up to BND 10,000 (s. 18(4)).

Bulgaria

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Burkina Faso

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Burundi

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Cambodia

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Cameroon

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Canada

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

Criminal Code of Canada: Section 487.012(1) provides that "[a] peace officer or public officer may make a demand to a person in Form 5.001 requiring them to preserve computer data that is in their possession or control when the demand is made." Some have argued that conditions attached to this demand could include a requirement that encrypted data be decrypted.

Cape Verde

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Central African Republic

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Chad

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Chile

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

China

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

State Council Order No. 273, "Commercial Use Password Management Regulations" (1999): Officially designated manufacturers must obtain approval from the State Encryption Management Commission / State Cryptography Administration (OSCCA) for the type and model (including key length) of their crypto products.

Import/export controls

State Council Order No. 273, "Commercial Use Password Management Regulations" (1999): The import and export of encryption products requires a license by the State Encryption Management Commission.

Other restrictions

State Council Order No. 273, "Commercial Use Password Management Regulations" (1999): Organisations and individuals may not distribute encryption products produced abroad. People may only use encryption products approved by the Commission, and they may not use commercial encryption products developed by themselves or produced abroad. For this use, they must have approval by the Commission. Only foreign diplomatic missions and consulates are exempted from this approval.

Powers to intercept/decrypt encrypted communications

Counter-Terrorism Law: Technology firms are required to help decrypt information, but not to install security "backdoors", as had originally been planned.

Colombia

General right to encryption

There is no general right to encryption, however Law No. 1621 of 2013, which regulates intelligence activities, provides at Article 44, paragraph 2, that telecommunications services providers must offer encrypted voice call service to high government and intelligence officials.

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

Law 104 of 1997: Article 103, paragraph 4 prohibits subscribers, licensees and other persons authorised to use certain radiocommunications systems (including pagers and mobile phones) from sending messages which are encrypted or in an "unintelligible language". It is not clear if this prohibition extends to encrypted communications on the internet.

Powers to intercept/decrypt encrypted communications

No known legislation

Comoros

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Costa Rica

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Cote d’Ivoire

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Croatia

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

Criminal Procedure Act

Article 257(1) provides that the search of a movable object includes the search of a computer and connected devices, as well as devices which collect, store and transmit data. Where the person or body undertaking the search so requests, "the person who uses a computer or has access to a computer, other device or computer-data storage medium, and the provider of telecommunication services shall be obliged to enable access to a computer, device or a computer-data storage medium and to provide necessary information for unhindered use and the realization of the aims of the search." It is not entirely clear whether this would include a requirement to decrypt encrypted data.

Cuba

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

The law requires regulatory authorisation for those using encryption.

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Cyprus

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Czech Republic

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

Code of Criminal Procedure

Section 8 provides that persons (including public authorities, legal entities and natural persons) are obliged to comply with requests of authorities involved in criminal proceedings in the performance of their tasks. This could include the provision of decrypted data or encryption keys.

Act on Electronic Communications (Act No. 127/2005)

This Act requires service providers to provide data, upon the request of law enforcement agencies, in a readable decrypted way if they are able to do so."

Democratic Republic of the Congo

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Denmark

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

Administration of Justice Act: Section 804 provides that persons other than suspects and accused persons who are in possession of information relevant to an investigation can be required to hand over information, which would include decryption keys.

Act on Electronic Communications Networks and Services: Section 10 requires providers of electronic communications networks and services for end-users to enable police interceptions of communications, and to organise their switching centres, equipment and technical systems in such a way that data can be made available to police investigations. However, there is no equivalent requirement for providers on the wholesale market, such as owners of fibre-optic networks.

Djibouti

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Dominic

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Dominic Republic

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Ecuador

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Egypt

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

Telecommunication Regulation Law: Article 64 provides that "Telecommunication Services Operators, Providers, their employees and Users of such services shall not use any Telecommunication Services encryption equipment except after obtaining a written consent from each of the NTRA, the Armed Forces and National Security Entities, and this shall not apply to encryption equipment of radio and television broadcasting."

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

El Salvador

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Equatorial Guinea

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Eritrea

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Estonia

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

Criminal Procedure Code: Article 215 allows investigative authorities and prosecutors' offices to order the production of data from any person. However, there is no requirement that such persons disclose encryption keys or passwords. Nor are there any requirements on service providers to decrypt encrypted information.

Ethiopia

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

Proclamation on Telecom Fraud Offences (Proclamation No. 761/2012): Article 3(1) of the Proclamation criminalises the manufacture, assembly or import of any telecommunications equipment without a permit, punishable by "rigorous imprisonment" for between 10 and 15 years and a fine of between ETB 100,000 and ETB 150,000.

Import/export controls

Proclamation on Telecom Fraud Offences (Proclamation No. 761/2012): Article 3(1) of the Proclamation criminalises the manufacture, assembly or import of any telecommunications equipment without a permit, punishable by "rigorous imprisonment" for between 10 and 15 years and a fine of between ETB 100,000 and ETB 150,000.

Other restrictions

Proclamation on Telecom Fraud Offences (Proclamation No. 761/2012): Article 3(1) of the Proclamation criminalises the manufacture, assembly or import of any telecommunications equipment without a permit, punishable by "rigorous imprisonment" for between 10 and 15 years and a fine of between ETB 100,000 and ETB 150,000.

Powers to intercept/decrypt encrypted communications

Fiji

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Finland

General right to encryption

Act on the Protection of Privacy in Electronic Communications: Section 5 provides that "a user and a subscriber has the right to protect its telecommunications in the desired manner by using for this purpose the available technical possibilities".

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

Coercive Measures Act: Section 23 provides that persons (including persons who maintain information systems) other than suspects/accused persons can be required to hand over passwords and decryption keys if it is necessary to conduct a search of data contained in a device.

France

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

Criminal Procedure Code: Article 230, modified by Law No. 2001-1062 and Law No. 2014-1353 requires the disclosure of encryption keys upon the authorisation of a judge.

Gabon

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Gambia

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Georgia

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Germany

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

Criminal Procedure Law: There is no specific obligation with respect to providing encryption keys. However, Section 48 requires witnesses to disclose encryption keys as far as they have knowledge of them when questioned by a judge or prosecutor, and section 94 requires witnesses to provide documents or devices which contain such encryption keys when ordered to by a judge or, in certain circumstances, the police. Section 100 places a similar obligation upon service providers to provide passwords or access codes if they have them, but again only if ordered to by a judge or, in certain circumstances, the police.

Ghana

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Greece

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Grenada

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Guatemala

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Guinea

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Guinea-Bissau

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Guyana

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Honduras

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Hungary

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Iceland

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

India

General right to encryption

No known legislation

Min/max standards

Information Technology Act 2000: Section 84A allows the government to set nationally permitted methods and modes for encryption.

The Government of India, Ministry of Communications and IT, Licence Agreement for Provision of Internet Services (2007) stipulates that service providers may not deploy “bulk encryption” on their networks, while the law has also restricted individuals from using encryption greater than an easily breakable 40-bit key length without prior permission and required anyone using stronger encryption to provide the government with a copy of the encryption keys.

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

Information Technology Act 2000: Section 69, as amended by the Information Technology (Amendment) Act 2008, requires persons to decrypt encrypted data if called upon. Failure to do so is punishable by up to seven years' imprisonment and/or a fine.

Indonesia

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Iran

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

Computer Crime Law: Article 10 criminalises “concealing data, changing passwords, and/or encoding data that could deny access of authorised individuals to data, computer and telecommunication systems.” The offence is punishable by imprisonment of between 91 days and one year or a fine of between between IRR 5,000,000 and IRR 20,000,000.

Powers to intercept/decrypt encrypted communications

No known legislation.

Iraq

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Ireland

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

Electronic Commerce Act, 2000: Section 27(1) allows a District Court to issue a search warrant. Section 27(2) provides that such warrants authorise named officers to "seize anything found there, or anything found in the possession of a person present there at the time of the search, which that officer or member reasonably believes to be evidence of or relating to an offence under this Act and, where the thing seized is or contains information or an electronic communication that cannot readily be accessed or put into intelligible form, to require the disclosure of the information or electronic communication in intelligible form." However, section 28 provides that this cannot be construed so as to require "the disclosure or enabling the seizure of unique data, such as codes, passwords, algorithms, private cryptographic keys, or other data, that may be necessary to render information or an electronic communication intelligible." Failure to comply with a requirement under section 27(1) is punishable by imprisonment of up to 12 months and/or a fine.

Israel

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

Order Governing the Control of Commodities and Services (Engagement in Encryption Items) - 1974: The Ministry of Defense has instituted a system of control and licensing for items of encryption.

Import/export controls

Order Governing the Control of Commodities and Services (Engagement in Encryption Items) - 1974: The Ministry of Defense has instituted a system of control and licensing for items of encryption.

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Italy

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

There is no legal obligation for individuals to provide encryption keys. However, internet services providers are legally obliged to provide any available information regarding customers who are under investigation, following a court order.

Jamaica

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

Interception of Communications Act: Sections 12 and 13 allow for the police, after obtaining a "disclosure order" from a magistrate, to require persons who are in possession of a key to decrypt data, to provide the decrypted data in an intelligible form or to provide the key. Failure to comply with a disclosure order is punishable with up to six months' imprisonment and/or a fine of JMD 500,000.

Japan

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Jordan

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Kazakhstan

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

Law on Communications: Regulations made under new provisions in the Law on Communications require every internet user in the country to install a backdoor, allowing the government to conduct surveillance. KazakhTelecom, the country's largest telecommunications company, has said that citizens are "obliged" to install a "national security certificate" on every device, including desktops and mobile devices. This allows the government to conduct a so-called "man-in-the-middle" attack, which allows the government to intercept every secure connection in the country and see web browsing history, usernames and passwords, and even secure and HTTPS-encrypted traffic.

Kenya

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Kiribati

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Kuwait

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Kyrgyzstan

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Laos

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Latvia

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Lebanon

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Lesotho

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Liberia

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Libya

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Liechtenstein

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Lithuania

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Luxembourg

General right to encryption

Law of 14 August 2000 on Electronic Commerce: Article 3 provides that "The use of cryptographic techniques is free."

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

Code of Criminal Procedure: Article 66(4) provides that an investigating judge may require a person - other than the subject of the person to whom a direction relates - who has knowledge of encryption mechanisms to provide understanding of the seized protected or encrypted data.

Macedonia

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Madagascar

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Malawi

General right to encryption

Electronic Transactions and Cyber Security Act, 2016: Section 52(4) provides that, subject to any regulations made under subregulation (1), it is lawful for any person to use encryption programme or product provided that it has lawfully come into possession of that person.

Min/max standards

No known legislation

Licensing/registration requirements

Electronic Transactions and Cyber Security Act, 2016: Section 54(1) prohibits the provision of cryptography services or products without registration. Applications must be made to the Malawi Communications Regulatory Authority (s.54(2)). The government must issue regulations (a) in respect of use, importation and exportation of encryption programmes and encryption products; and (b) prohibiting the exportation of encryption programmes or other encryption products from Malawi generally or subject to such restrictions as may be prescribed (s.54(3)).

Section 67(1) further requires a person who provides encryption services to declare to the Malawi Communications Regulatory Authority "the technical characteristics of the encryption means as well as the source code of the software used". The government must issue regulations defining the conditions for such declarations and "may define encryption services whose technical characteristics or conditions of supply are such that, with regard to national defence or internal security interests, their provision shall not require any prior formality" (s. 67(2)).

Violation of either of these provisions is punishable by up to seven years' imprisonment and a fine of MWK 5,000,000.

Import/export controls

Electronic Transactions and Cyber Security Act, 2016: Section 54(1) prohibits the provision of cryptography services or products without registration. Applications must be made to the Malawi Communications Regulatory Authority (s.54(2)). The government must issue regulations (a) in respect of use, importation and exportation of encryption programmes and encryption products; and (b) prohibiting the exportation of encryption programmes or other encryption products from Malawi generally or subject to such restrictions as may be prescribed.

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Malaysia

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

Criminal Procedure Code (Act 593): Section 116B(1) requires a police officer conducting a search under the Code to be given access to computerised data whether stored in a computer or otherwise. "Access" includes "being provided with the necessary password, encryption code, decryption code, software or hardware and any other means required to enable comprehension of the computerized data" (s. 116B(3)).

Computer Crimes Act 1997 (Act 563): Section 10(1)(c) allows a police officer, upon obtaining a warrant from a magistrate, to require any information contained in a computer and accessible from the premises to be produced in a form in which it can be taken away and in which it is visible and legible. Section 11 provides that failure to comply is punishable by up to three years' imprisonment and/or a fine of up to MYR 25,000.

Digital Signature Act 1997 (Act 562): Section 79(1) requires that a police officer conducting a search under section 77 or 78 of the Act, or an authorised officer conducting a search under section 77 of the Act, be given access to computerised data whether stored in a computer or otherwise. "Access" includes "being provided with the necessary password, encryption code, decryption code, software or hardware and any other means required to enable comprehension of computerized data (s.79(2))". Failure to comply is punishable by imprisonment for up to four years and/or a fine of up to MYR 200,000 (s. 83(1)).

Communications and Multimedia Act 1998 (Act 588): Section 249(1) requires that a police officer conducting a search under section 247 or 248 of the Act, or an authorised officer conducting a search under section 247 of the Act, be given access to computerised data whether stored in a computer or otherwise. "Access" includes "being provided with the necessary password, encryption code, decryption code, software or hardware and any other means required to enable comprehension of computerized data" (s.79(2)). Failure to comply is punishable by imprisonment for up to six months years and/or a fine of up to MYR 20,000 (s. 253).

Anti-Trafficking in Persons and Anti-Smuggling of Migrants Act 2007 (Act 670): Section 32(1) requires that an enforcement officer conducting a search under the Act be given access to computerised data whether stored in a computer or otherwise. "Access" includes "being provided with the necessary password, encryption code, decryption code, software or hardware and any other means required to enable comprehension of computerized data" (s.32(2)). Failure to comply is punishable by imprisonment for up to three years and/or a fine of up to MYR 150,000 (s. 63(1)).

Maldives

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Mali

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Malta

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

Electronic Commerce Act: Section 23(7) provides that no person shall use cryptographic or other similar techniques for any illegal purpose. Doing so is an offence punishable by imprisonment of up to six months and/or a fine of up to EUR 232,935 (s. 24).

Powers to intercept/decrypt encrypted communications

Criminal Code: Section 355Q provides that the police may, in addition to the power of seizing a computer machine, require any information which is contained in a computer to be delivered in a form in which it can be taken away and in which it is visible and legible.

Marshall Islands

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Mauritania

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Mauritius

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Mexico

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Micronesia

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Moldova

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Monaco

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Mongolia

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Montenegro

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Morocco

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

Law No. 53-05: Article 13 requires prior approval from the authorities in order to use cryptography (including to import or export encryption services). Use of cryptography in breach of Article 13 is punishable by up to one year's imprisonment and a fine of MAD 100,000. Article 13 also allows the government to provide a simplified system of reporting or authorisation or exemption of the declaration or authorisation for certain types of means or cryptographic services or for certain categories of users.

Import/export controls

Law No. 53-05: Article 13 requires prior approval from the authorities in order to use cryptography (including to import or export encryption services). Use of cryptography in breach of Article 13 is punishable by up to one year's imprisonment and a fine of MAD 100,000. Article 13 also allows the government to provide a simplified system of reporting or authorisation or exemption of the declaration or authorisation for certain types of means or cryptographic services or for certain categories of users.

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Mozambique

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Myanmar

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

Telecommunications Law: Section 69 suggests that decryption of encrypted data can only be required for a telecommunications-related matter prosecution and only when authorised by a court order.

Namibia

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Nauru

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Nepal

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

New Zealand

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Nicaragua

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Niger

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Nigeria

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

Cybercrimes (Prohibition, Prevention, etc) Act 2015: Section 45 allow a law enforcement officer, after obtaining a warrant from a judge, to "use any technology to decode or decrypt any coded or encrypted data contained in a computer into readable text or comprehensible format". While there is no compulsion on individuals to assist by providing a key or otherwise decrypting any data, section 46 provides that wilfully obstructing any law enforcement officer in the exercise of any powers conferred by the Act or failing to comply with any lawful inquiry or resists made by any law enforcement agency in accordance with provisions of the Act is a criminal offence, punishable by imprisonment for up to two years and/or a fine of up to NGN 500,000.

North Korea

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Norway

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Oman

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

No known legislation

Pakistan

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

The Pakistan Telecommunication Authority requires prior approval for the use of VPNs and encryption.

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

Prevention of Electronic Crimes Ordinance, 2007 (Ordinance LXXII of 2007): Section 26 provides that an investigation officer, after obtaining a search warrant, shall be entitled to require any person who is in possession of decryption information of under investigation electronic system, device or data to grant him access to such decryption information necessary to decrypt data required for the purpose of investigating any such offence. Failure to do so is punishable by up to one year's imprisonment and/or a fine of up to PKR 100,000.

Palau

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Palestine

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Panama

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Papua New Guinea

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Paraguay

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Peru

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Philippines

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Poland

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Portugal

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Qatar

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Republic of the Congo

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Romania

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Russia

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

Federal Law No. 128-FZ "On Licensing Specific Types of Activity": Article 17 provides that a licence is required for distributing encryption facilities, maintaining encryption facilities, providing encryption services, and developing and manufacturing encryption facilities protected by means of encryption.

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

Federal Law No. 149-FZ “On Information, Information Technologies and Protection of Information”: Article 10-1, paragraph 4-1 requires “organisers of information distribution” that add “additional coding” to transmitted electronic messages to provide the Federal Security Service with any information necessary to decrypt those messages.

Rwanda

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Saint Kitts and Nevis

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Saint Lucia

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

Interception of Communications Act (Cap 3.12)

Section 21 enables the making of disclosure orders. Either the Attorney General or the Director of Public Prosecutions may apply to a judge for such a disclosure order. Where a disclosure order is made, the subject must either disclose the key or the information which is encrypted in an intelligible format. Failure to comply with a disclosure order commits is an offence punishable by up to one year's imprisonment and/or a fine of up to XCD 5,000 (s. 22(7)).

Saint Vincent and the Grenadines

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

Electronic Communications Act 2007: Section 34 establishes a register of all cryptography providers. Unless they are registered, a cryptography provide cannot provide cryptography products.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Samoa

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

San Marino

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

São Tomé and Príncipe

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Saudi Arabia

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Senegal

General right to encryption

Law on Cryptography (Law No. 2008-41): Article 12 provides that the use of encryption services and methods is free.

Min/max standards

Law on Cryptography (Law No. 2008-41): Article 13 allows the National Cryptology Commission (NCC) to set down rules on the maximum size of encryption keys, and the NCC has set the maximum size at 128 bits (Article 13 of Decree No. 2010-1209, as amended by Decree No. 2012-1508).

Licensing/registration requirements

Law on Cryptography (Law No. 2008-41): Article 16 provides that bodies exercising cryptology services must be licenced by the National Cryptology Commission.

Import/export controls

Law on Cryptography (Law No. 2008-41): Article 12 provides that the supply, import and export of means of cryptology ensuring exclusively the functions of authentication and integrity control are free. However, Article 14 provides that the supply or importation of a means of cryptology which does not solely perform functions of authentication and integrity control requires approval from the National Cryptology Commission.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Serbia

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Seychelles

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Sierra Leone

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Singapore

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

Criminal Procedure Code: Section 40 allows the Public Prosecutor, by order, to authorise a police officer or an authorised person to exercise the power to (a) access any information, code or technology which has the capability of retransforming or unscrambling encrypted data into readable and comprehensible format or text for the purposes of investigating the arrestable offence; (b) require (i) any person whom he reasonably suspects of using a computer in connection with an arrestable offence or of having used it in this way; or (ii) any person having charge of, or otherwise concerned with the operation of, such computer, to provide him with such reasonable technical and other assistance as he may require for the purposes of paragraph (a); and (c) require any person whom he reasonably suspects to be in possession of any decryption information to grant him access to such decryption information as may be necessary to decrypt any data required for the purposes of investigating the arrestable offence. Failure to do so is punishable by up to three years’ imprisonment and/or a fine of up to SGD 10,000.

Slovakia

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Slovenia

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Solomon Islands

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Somalia

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

South Africa

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

Electronic Communications and Transactions Act 25 of 2002: Section 29 establishes a register of all cryptography providers. Unless they are registered, a cryptography provide cannot provide cryptography products.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

Regulation of Interception of Communications and Provision of Communication-Related Information Act 2002: Section 21 allows for application to be made to a judge for a "decryption order" which would compel a person who has a decryption key to provide it. Failure to do is punishable with up to ten years' imprisonment or a fine of up to ZAR 2,000,000(and, for a legal entity, a fine of up to ZAR 5,000,000).

South Korea

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

South Sudan

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Spain

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

Law on Telecommunications 25/2007: The law requires the disclosure of encryption keys.

Sri Lanka

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Sudan

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Suriname

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Swaziland

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Sweden

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Switzerland

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Syria

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Taiwan

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Tajikistan

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Tanzania

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Thailand

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

Computer Crime Act: Section 18 allows a police officer, if they have received a warrant under section 19, to decode any person's computer data or instruct any person related to the encryption of computer data to decode the computer data or cooperate with a relevant competent official in such decoding. Failure to comply with such an order is punishable with a fine of up to THB 200,000 and a further daily fine of up to THB 5,000 until they have so complied. In 2017, the Computer Crime Act was amended by the Computer Crime (No. 2) Act but sections 18 and 19 were not materially amended as they relate to encryption.

The Netherlands

General right to encryption

No known legislation

Min/max standards

No known legislation

Licensing/registration requirements

No known legislation

Import/export controls

No known legislation

Other restrictions

No known legislation

Powers to intercept/decrypt encrypted communications

Criminal Procedure Code: Article 126nh allows an investigating judge to order someone (although not a suspect) to decrypt any encrypted data.

Timor-Leste

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Togo

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Tonga

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

Computer Crimes Act, 2003: Section 10(1) provides that a person who is in possession or control of a computer, computer system, computer data or data storage medium that is the subject of a search under section 9 shall permit, and assist if required, the person making the search to (...) (d) obtain an intelligible output from a computer system in a format that can be read. Failure to do so is punishable by up to two years' imprisonment and/or a fine of up to 10,000 TOP.

Trinidad and Tobago

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

Interception of Communications Act: Section 15 allows for application to be made to a judge for a ""disclosure order"". Where a disclosure order is made, the subject must either disclose the key or the information which is encrypted in an intelligible format. Failure to comply with a disclosure order commits is an offence punishable by up to one year's imprisonment and a fine of up to TTD 5,000 (s. 16(7)).

Computer Misuse Act: Section 16 applies in relation to offences committee under the Computer Misuse Act or about to be so committed. Section 16(2) allows a magistrate to issue a search warrant to a police officer. Section 16(5)(a)(iii) provides that a police officer executing a search warrant shall have access to “any information, code or technology which has the capability of retransforming or unscrambling encrypted program or data held in or available to such computer into readable and comprehensible format or text for the purpose of investigating any offence under this Act or any other offence which has been disclosed in the course of the lawful exercise of the powers under this section.” Section 16(5)(c) provides that the police officer is also “entitled to require any person in possession of decryption information to grant him or the authorised person access to such decryption information necessary to decrypt data required for the purpose of investigating an offence.” Failure to comply with such a request is an offence punishable with up to two years’ imprisonment and a fine of TTD 15,000 (s. 16(6)).

Tunisia

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

Telecommunications Code: Article 9 allows the government to set down by decree permissible conditions and procedures for the use of encryption means or services through the public telecommunications networks and the exercise of the related activities. The use, manufacturer, importation, exportation, holding for sale, distribution for free or sale of cryptological methods or services contrary to any such decree is punishable by between six months' and five years' imprisonment and/or a fine of between TND 1,000 and TND 5,000 (Article 87).

Decree No. 97-501 of 14 March 1997: Article 11 prohibits the provision of encryption technologies without prior approval from the relevant minister.

Decree No. 2001-2727 of 20 November 2001: This Decree sets out the permissible conditions and procedures for the use of encryption means or services through the public telecommunications networks.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Turkey

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Turkmenistan

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Tuvalu

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Uganda

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

Regulation of Interception of Communications Act, 2010: Section 10(1) allows an authorised person, where they believe that a key to protected information is in the possession of any person and that a requirement that they get access to that information is necessary for a specified reason, they may impose a "disclosure requirement" in respect of that information. A disclosure requirement requires that person to use the key to get access to the information and provide it in an intelligible form (s. 10(3)). Failure to comply is punishable with up to five years' imprisonment and/or a fine.

Ukraine

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

United Arab Emirates

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

United Kingdom

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

Regulation of Investigatory Powers Act 2000: Part III regulates the investigation of electronic data protected by encryption. It allows for certain law enforcement agencies, normally with judicial authorisation, to require a person holding encrypted information to produce the data in an intelligible format or to provide the key for its disclosure. Failure to so is a criminal offence (punishable by up to five years' imprisonment in cases involving national security or child indecency, and by up to two years' imprisonment in all other cases).

Investigatory Powers Act 2016 (not yet in force): Sections 254 to 259 regulate "technical capability notices". They will allow the Secretary of State, where they consider it to be "necessary" and "proportionate", and with the authorisation of a Judicial Commissioner, to impose a "technical capability notice" on a service provider imposing certain obligations. Such an obligation could include that they to remove encryption that they have applied on communications (but not encryption that those communicating have applied).

United States of America

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Uruguay

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Uzbekistan

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Vanuatu

General right to encryption

Electronic Transactions Act: Section 24(2) provides that, subject to any regulations made under section 24(1), it is lawful for a person to use any encryption program or other encryption product if it has lawfully come into the possession of that person.

Min/max standards

No known legislation.

Licensing/registration requirements

Electronic Transactions Act: Section 24(1) allows the Minister to make regulations in relation to the use, import and export of encryption programmes and products, and to prohibit the export of encryption programmes and products. None, however, appear to have been made.

Import/export controls

Electronic Transactions Act: Section 24(1) allows the Minister to make regulations in relation to the use, import and export of encryption programmes and products, and to prohibit the export of encryption programmes and products. None, however, appear to have been made.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Vatican City

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Venezuela

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Vietnam

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

Law on Network Information Security: Article 31 requires businesses trading in encryption products to obtain a licence to do so from the Government Cipher Committee. Articles 31 and 32 set out the requirements and the process for doing so.

Import/export controls

Law on Network Information Security: Article 34 provides that the importation or exportation of cryptographic products requires a licence.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Yemen

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

No known legislation.

Zambia

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

Electronic Communications and Transactions Act, 2009: Sections 22 and 23 establish a register of all cryptography providers. Unless they are registered with the Communications Authority, a cryptography provide cannot provide cryptography products.

Import/export controls

No known legislation.

Other restrictions

Electronic Communications and Transactions Act, 2009: Sections 85 to 92 regulate the use of encryption but place no limitations on its use, save that a person cannot release decrypted data belonging to another person without their consent or if there is a court order so requiring.

Powers to intercept/decrypt encrypted communications

No known legislation.

Zimbabwe

General right to encryption

No known legislation.

Min/max standards

No known legislation.

Licensing/registration requirements

No known legislation.

Import/export controls

No known legislation.

Other restrictions

No known legislation.

Powers to intercept/decrypt encrypted communications

Interception of Communications Act: Part III regulates the investigation of electronic data protected by encryption. It allows for certain law enforcement agencies, upon permission from the Minister of Transport and Communications, to require a person holding encrypted information to provide the keys for its disclosure or the data itself in an intelligible format. Failure to provide the key is a criminal offence punishable by up to five years' imprisonment and/or a fine.