EGYPT Trends and Developments Contributed by: Mohamed Hashish, Heba El Abd and Mariam Rabie, Soliman, Hashish & Partners
improving regulatory practices in support of sustain - able and inclusive financial growth. Furthermore, in 2024, the FRA issued Decree No 57 of 2024, which established rules regulating the opera - tion of the “Robo-Advisers for Investment” framework. A robo-adviser is an electronic system that provides financial advice to clients for the purpose of creating, managing and rebalancing an investment portfolio using AI algorithms. The FRA highlighted that portfolio management companies are now authorised to pro - vide automated investment advice via robo-advisers. It is also worth noting that in 2024, the FRA issued Decree No 140 of 2024 establishing Special Purpose Acquisition Companies (SPAC) in Egypt and has recently approved the first application for a SPAC, which is defined as a company licensed by the FRA solely to raise cash funds, through an initial public offering, for the sole purpose of acquiring or merg - ing with an operating business within a specific time - frame. The FRA also issued Decree No 227 of 2025, which sets out requirements for companies and entities licensed to conduct non-banking financial activities to strengthen their technological infrastructure and cybersecurity. These entities must submit policies and governance frameworks for information technol - ogy, cybersecurity and risk management to the FRA, and conduct annual tests with the reports submitted to FRA. Lastly, the FRA issued Decree No 279 of 2025 estab - lishing a registry for companies that provide tech - nological systems for risk assessment in the NBFS sector. It requires that only companies listed in the registry can offer risk assessment services to licensed NBFS entities, sets the requirements and conditions for registration in the registry and imposes ongoing compliance obligations and obligations to report to the FRA, thereby enhancing oversight and standardi - sation of technology-driven risk evaluation in Egypt’s non-banking financial sector. Data Protection In 2020, Egypt introduced Law No 151 of 2020 on the Protection of Personal Data (the “Data Protec -
tion Law”), which regulates personal data that is pro - cessed electronically. Prior to the issuance of the Data Protection Law, data protection was only governed by the Constitution, the Penal Code (Law No 58 of 1937) and Law No 175 of 2018 on Anti-Cyber and Informa - tion Technology Crimes (the “Cybersecurity Law”). The Data Protection Law is a reflection of the Euro - pean General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR), as it aims to establish various standards and rules that safeguard data protection and the rights of individuals in Egypt. There are cer - tain types of personal data that are not subject to the Data Protection Law, including, inter alia, data held by the CBE. It is worth noting that the Data Protection Law applies to any controller, processor or handler (natural or juris - tic) of personal data. It also applies to any of the afore - mentioned persons who breach the Data Protection Law if they are: • an Egyptian national inside or outside Egypt; • a non-Egyptian residing within Egypt; or • a non-Egyptian outside Egypt if the act is punish - able in any form in the country where it occurred and the data subject who is affected by the breach is an Egyptian national or a non-Egyptian residing in Egypt. The Data Protection Law sets out the requirements governing the processing, handling and control of any personal data. As a general principle, such pro - cessing or controlling is contingent upon obtaining the consent of the data subject and licensing from the Data Protection Centre. Furthermore, practising certain activities requires obtaining a second supple - mentary licensing from the Data Protection Centre, including for the cross-border transfer of personal data, electronic direct marketing, and the use of visual surveillance equipment in public places. Moreover, the Data Protection Law prescribes certain conditions and standards that must be satisfied for the lawful practis - ing of any of the aforementioned activities. It is note - worthy that the Data Protection Centre is designated as the regulatory authority responsible for overseeing the application and enforceability of the Data Protec - tion Law.
466 CHAMBERS.COM
Powered by FlippingBook