The cloud first policy of Egypt (2024)

The Cloud First Policy of Egypt (2024), issued by the Supreme Council of Digital Society, lays the foundation for a national shift toward cloud computing as a default solution for digital services across government sectors. This policy is part of Egypt’s broader digital transformation efforts under the Egypt Vision 2030 strategy, aiming to enhance public service delivery, improve efficiency, and stimulate the local digital economy.

The policy mandates that civilian government entities prioritise cloud computing over traditional IT infrastructures when planning new services or investments. Institutions handling classified or national security data, such as the Presidency, Ministry of Defence, and Central Bank, may be partially exempt but are encouraged to review the policy and align future projects accordingly. A key requirement is that new IT infrastructure purchases must be justified and approved by the Supreme Council of Digital Society if not cloud-based.

The policy promotes a multi-model cloud environment, including public, private, government, shared (multi-tenant), and hybrid clouds. Public cloud services are encouraged, particularly when certified by the state, and the regulatory framework requires cloud service providers (CSPs) to be licensed (Tier-3) under the guidelines set by the National Telecom Regulatory Authority (NTRA). The Supreme Cybersecurity Council oversees data protection requirements, and the Ministry of Communications and Information Technology (MCIT) coordinates provider registration, procurement, and staff training.

A cornerstone of the policy is data classification, which governs cloud deployment. Data is categorised into four levels, Public, Confidential, Secret, and Top Secret, and must be hosted accordingly, with higher classifications requiring local storage and stricter controls. The policy also lays out technical, cybersecurity, and economic conditions for migrating services to the cloud. This includes a phased decision-making model where cloud options are assessed in order (public, government, private), and only fallback solutions are approved upon failure to meet compliance criteria.

The government emphasises the development of local cloud capabilities, encouraging CSPs to establish infrastructure in Egypt and align with environmental and sustainability goals. To address the skills gap, the policy includes initiatives for training public sector employees and integrating cloud computing curricula into educational programs, potentially through a national center of excellence.

Finally, the document provides procedural guidelines for contracting with CSPs, stressing compliance with Egyptian cybersecurity laws, data localisation requirements, encryption standards, and standardised service agreements. It also encourages dialogue on legislative updates and incentive schemes to support the growth of the cloud computing sector in Egypt.