In a significant legislative development reflecting Oman’s commitment to strengthening its legal and regulatory framework for the digital economy, Royal Decree No. 61/2026 introduced a new Cybercrime Law, replacing the previous law issued under Royal Decree No. 12/2011.

This development should not be viewed merely as a routine legislative update. Rather, it represents a broader shift toward enhancing cybersecurity, protecting digital assets, strengthening trust in electronic transactions, and supporting Oman’s Vision 2040 objectives.

Why Was a New Law Necessary?

When the previous law was enacted in 2011, the digital landscape was fundamentally different. Cloud computing, artificial intelligence, digital platforms, electronic payments, and large-scale data processing were still emerging technologies.

Today, organizations rely heavily on digital systems and data-driven operations. At the same time, cyber threats have evolved from isolated incidents into sophisticated attacks targeting businesses, government entities, financial institutions, and critical infrastructure.

As a result, legislators worldwide have been compelled to modernize cybercrime frameworks to address new technological realities and emerging risks.

Key Legislative Developments

The new law is expected to provide a broader framework for addressing cyber risks and digital misconduct. Areas of growing importance include:

• Digital data-related offences.
• Organized cyberattacks.
• Electronic financial fraud.
• Online extortion and blackmail.
• Digital identity theft.
• Misuse of digital platforms.
• Attacks against information systems and digital infrastructure.

What Does This Mean for Businesses?

One of the most common misconceptions within organizations is treating cybersecurity solely as an IT responsibility. International best practices increasingly recognize cybersecurity as a governance and enterprise risk management issue.

Organizations should therefore consider:

1. Reviewing cybersecurity policies and controls.
2. Updating data protection procedures.
3. Conducting periodic cyber risk assessments.
4. Developing incident response and crisis management plans.
5. Training employees on cyber awareness.
6. Maintaining legally defensible digital records and evidence.

Implications for Boards of Directors

Globally, boards are increasingly expected to oversee cyber risks with the same level of attention given to financial, operational, and compliance risks.

Consequently, cybersecurity reporting, digital risk metrics, business continuity planning, cyber incident preparedness, and regulatory compliance are becoming board-level priorities.

Cybersecurity and Corporate Governance

The new law reinforces the growing relationship between cybersecurity and corporate governance. Effective governance frameworks require organizations to maintain accountability, transparency, and oversight regarding digital assets and information systems.

Companies with mature governance structures are generally better positioned to comply with evolving regulatory requirements and manage digital risks effectively.

The ESG Perspective

Cybersecurity and digital governance have become increasingly important components of the Governance pillar within Environmental, Social, and Governance (ESG) frameworks.

Investors, regulators, and financial institutions are paying closer attention to how organizations manage cyber risks, protect sensitive information, and maintain operational resilience.

As ESG reporting continues to evolve, digital governance is likely to become an even more significant indicator of organizational maturity and long-term sustainability.

Impact on Law Firms and Legal Departments

The new law creates significant opportunities and responsibilities for legal professionals.

Areas expected to experience increased demand include:

• Cybersecurity advisory services.
• Digital compliance programs.
• Data protection assessments.
• Digital investigations.
• Privacy-related disputes.
• Internal policy reviews.

Legal professionals will increasingly need a practical understanding of digital evidence, cyber investigations, and technology-related regulatory obligations.

What Should Organizations Do Now?

Rather than waiting for a cyber incident to occur, organizations should proactively:

• Conduct legal and technical reviews of existing systems.
• Evaluate cyber incident readiness.
• Strengthen governance and risk management frameworks.
• Review contractual obligations related to data protection.
• Enhance employee awareness and training programs.

Conclusion

Oman’s new Cybercrime Law represents an important step toward building a more secure and resilient digital environment. Its impact extends beyond criminal enforcement and will likely influence corporate governance, risk management, compliance, sustainability initiatives, and investor confidence.

For companies, boards of directors, and legal practitioners, early preparation and a thorough understanding of the evolving regulatory landscape will be essential to managing risk and maintaining compliance in an increasingly digital economy.

SEO Keywords

Oman Cybercrime Law 2026, Royal Decree 61/2026, Cybercrime Law Oman, Cybersecurity Oman, Data Protection Oman, Digital Evidence, Corporate Governance Oman, ESG Oman, Regulatory Compliance Oman, Cyber Risk Management, Information Technology Crimes.

References

Royal Decree No. 61/2026:
https://qanoon.om/p/2026/rd2026061/

Ministry of Justice and Legal Affairs:
https://www.mjla.gov.om

Official Legal Portal:
https://qanoon.om

State Council of Oman:
https://www.statecouncil.om