Technology and data in Jordan are governed by the Personal Data Protection Law No. 24 of 2023 (in force since March 2024), the Cybercrime Law No. 17 of 2023, and the Electronic Transactions Law No. 15 of 2015. We advise on data-protection compliance, fintech licensing with the Central Bank of Jordan, and technology contracts.

Jordan's technology sector has grown faster than its regulatory frameworks, and the last two years have brought a decisive shift. The Cybercrime Law No. 17 of 2023 and the Personal Data Protection Law No. 24 of 2023 together set the ground rules for how data is collected, processed, stored, and defended in the Kingdom. Abdullah & Partners advises software companies, fintechs, payment providers, cloud vendors, and enterprise customers on the legal framework that now governs digital business in Jordan.

Scope of Work

A Modern Technology Law Practice

Our technology and cybersecurity team covers both contentious and advisory work, with a particular focus on the new statutory regime and its interaction with international standards. Typical mandates include:

Data protection compliance

implementation of the Personal Data Protection Law No. 24 of 2023, including lawful bases for processing, data subject rights, cross-border transfer mechanisms, and data protection officer appointments.

Cybercrime Law advice

advising businesses and individuals on obligations and exposure under the Cybercrime Law No. 17 of 2023, including content offences, unauthorised access, and electronic fraud.

Fintech and payments licensing

Central Bank of Jordan authorisations for electronic payment and money transfer companies, and structuring of regulatory sandbox participation.

Software, SaaS, and cloud agreements

drafting and negotiating licensing, subscription, professional services, and cloud hosting contracts.

IT outsourcing and managed services

inbound and outbound outsourcing, including data residency and subcontracting controls.

E-commerce and consumer protection

online terms, distance selling, and advertising compliance.

Our Method

How We Work With Technology Clients

Technology companies operate at speed, and legal advice has to keep up. Our team is structured to give fast, pragmatic answers without cutting corners on the underlying analysis. Our approach is built on three commitments:

1. Build-ready compliance programmes.

For data protection and security, we deliver policies, records of processing, and DPIA templates that engineering and product teams can actually use.

2. Negotiation that protects margin.

Technology contracts live or die on warranty scope, liability caps, SLA credits, and indemnities. We negotiate each of these with a clear view of the client's commercial model.

3. Incident response on call.

When something goes wrong, a breach, a ransomware event, a regulatory inquiry, we mobilise within hours, coordinate with technical responders, and manage notifications to regulators and data subjects.

International

GDPR, Cross-Border Data, and Serving EU Clients

A large share of Jordan's technology exports, software development, BPO, and digital services, is sold into the European Union. That makes GDPR compliance a commercial necessity, not a theoretical exercise. We help Jordan-based businesses meet the GDPR where it applies extraterritorially, negotiate Standard Contractual Clauses and data processing addenda with European customers, and align their internal controls with both the Jordanian Data Protection Law and EU expectations.

In technology, legal risk is product risk. Our job is to take it off the roadmap before it gets there, and to respond decisively when the unexpected happens.
Why Us

Why Clients Choose Our Technology Team

Regulatory currency.

We track the implementing regulations and guidance under the 2023 statutes as they are issued, and we feed the changes straight into client programmes.

Commercial drafting.

Our contracts are negotiated to close, not to impress, we know what a Jordanian court and a foreign customer will each accept.

Incident experience.

We have handled live data breach and cybercrime matters, not just tabletop exercises.

Cross-border fluency.

We work seamlessly with EU, UK, and US counsel on global compliance and litigation.

Connected Practices

Related Practice Areas

Technology work often crosses into these adjacent practices.

Legal Basis

The Laws Behind Digital Business in Jordan

Digital business in Jordan now sits on a clear statutory base. The Personal Data Protection Law No. 24 of 2023, in force since 17 March 2024 and supervised by the Personal Data Protection Unit at the Ministry of Digital Economy and Entrepreneurship, sets the rules for collecting, processing and transferring personal data. The Cybercrime Law No. 17 of 2023 governs unauthorised access, electronic fraud and online content offences. The Electronic Transactions Law No. 15 of 2015 gives legal effect to electronic signatures, records and contracts, which underpins e-commerce and digital onboarding. Financial technology adds a further layer, with electronic payment and money transfer companies licensed by the Central Bank of Jordan. We map these frameworks onto a client’s actual product and data flows, so that compliance is built into the system rather than bolted on afterwards. Source: Ministry of Digital Economy and Entrepreneurship, Personal Data Protection Unit.

Questions

Frequently Asked Questions

What laws govern data protection in Jordan?

Data protection in Jordan is governed by the Personal Data Protection Law No. 24 of 2023, which has been in force since 17 March 2024 and is supervised by the Personal Data Protection Unit at the Ministry of Digital Economy and Entrepreneurship. It sets out lawful bases for processing, the rights of data subjects, rules on cross-border transfers, and obligations that can include appointing a data protection officer.

When did Jordan's Personal Data Protection Law take effect?

The Personal Data Protection Law No. 24 of 2023 was enacted on 17 September 2023 and came into force on 17 March 2024, after a transitional period. Implementing regulations and the supervisory unit have developed since then, so organisations operating in Jordan are now expected to comply in practice.

What does the Cybercrime Law No. 17 of 2023 cover?

The Cybercrime Law No. 17 of 2023 addresses unauthorised access to systems and data, electronic fraud, and a range of online content offences. It applies to both businesses and individuals, and breaches can carry fines and imprisonment, which is why technology businesses review their platforms and internal conduct against it.

Are electronic signatures and contracts valid in Jordan?

Yes. Under the Electronic Transactions Law No. 15 of 2015, electronic signatures, records and contracts have legal effect, subject to the conditions in the law. This is what allows e-commerce, digital onboarding and electronic record-keeping to operate on a sound legal footing in Jordan.

Maintained by the Technology and Cybersecurity Department of Abdullah & Partners, admitted to the Jordanian Bar Association. Last reviewed: June 2026. Next scheduled review: December 2026.

Abdullah & Partners

Abdullah & Partners is a law firm in Jordan, based in Amman, providing legal services in accordance with the laws of Jordan, the Jordanian Bar Association Law, and international conventions in force.

Established in Amman · Member of the Jordanian Bar Association

Contact Us