This paper includes three detailed annexes that complement its main body: A Proposed Foundational Principles for the Egyptian Data Governance Authority, Open Data Standards, and Proposed List of Entities Mandated to Publish Their Data via the National Open Data Portal

While the paper does not seek to burden its main text with technical and procedural details, referring to these annexes ensures a dual-track approach: a main body that establishes the overarching principles and directions, and annexes that translate them into practical tools for implementation and enforcement.

• Proposed Foundational Principles for the Egyptian Data Governance Authority (EDGA)
• Proposed List of Entities Mandated to Publish Their Data via the National Open Data Portal
• Open Data Standards

---

First: Background

On September 3, the National Council for Artificial Intelligence (NCAI) announced the entry into force of the Open Data Policy as a transitional framework preceding the enactment of the Data Governance Law and its executive regulations. This policy constitutes the first comprehensive national document aimed at regulating the availability of non-sensitive public data held by government entities.

The government formulated this policy within the context of accelerating global shifts toward data-driven governance models, linking it to its declared objectives of enhancing transparency and accountability, building public trust, supporting innovation, stimulating the digital economy, and improving government services. It was also presented as a tool to enable citizens, the private sector, and academic institutions to reuse public data and leverage it in developing new applications and services.

From an institutional perspective, the policy assigned overall oversight to the NCAI, which established a joint committee for data accessibility to review and approve the sets proposed for publication by ministries and agencies. These responsibilities are to be transferred, at a later stage, to the Egyptian Data Governance Authority (EGDGA) once it is established under the new law.

The policy also stipulated the appointment of Open Data Officers within each government entity, tasked with identifying, classifying, and publishing datasets, ensuring their quality, and coordinating with the technical committee. It further mandated the development of a unified national portal (data.gov.eg) to serve as the central platform for providing data in open, machine-readable formats, supported by metadata and unified standards.

Although the policy has been presented in official discourse as part of Egypt’s international commitments and digital agenda, it remains, at its core, a transitional step contingent upon the issuance of the full legislative framework. This raises fundamental questions regarding its practical effectiveness within the current legal and regulatory context.

Second: Introduction

This paper proceeds from the reality that the government has adopted a national open data policy in the absence of a legislative framework that clearly regulates the right to access information and ensures mechanisms for its enforcement. The policy was announced before the issuance of an access to information law and without genuine participation from civil society organizations, professional unions, or academic institutions in its formulation.

As a result, the concept of open data availability has been reduced to an administrative initiative with limited authority, rather than an embodiment of an enforceable constitutional right.

Furthermore, this policy emerges within a legal framework that restricts publication and reuse through legislation on national security, counter-terrorism, media and press regulation, and combating cybercrime. Additionally, broad powers are granted to the Central Agency for Public Mobilization and Statistics (CAPMAS), enabling it to monopolize the publication of official statistics.

By contrast, Article 68 of the 2014 Constitution affirms that information is the property of the people and obliges the state to disclose it and regulate its circulation by law. However, the absence of such a law, together with the broad scope of exceptions and the lack of independent oversight, renders the new policy fragile and strips it of its substance as a tool for achieving transparency and accountability.

Third: Challenges of Open Data in Egypt

The issuance of an open data policy represents a transitional step in the management of public data in Egypt. However, this step cannot be understood in isolation from the deeper challenges surrounding it. Rather than establishing a clear and guaranteed right of access to information, the policy has been encircled by restrictions and conditions that call its effectiveness into question.

These challenges are distributed across four overlapping levels: procedural, revealing the absence of a genuine participatory process; rights-related, linked to the provisions of the policy itself and the loopholes they allow; legislative, reflecting the broader legal environment that restricts publication and reuse; and structural, rooted in the absence of access to information law, which renders all administrative efforts potentially reversible.

1. Absence of Mandatory Consultation

The process of drafting Egypt’s Open Data Policy reveals a fundamental flaw, namely the absence of a declared or mandatory participatory pathway. The NCAI and the Ministry of Communications and Information Technology adopted the policy without being preceded by systematic public consultation with key stakeholders. These stakeholders include civil society organizations, professional syndicates, universities, academics, local communities, specialized industry chambers, journalists, and representatives of the private sector.

Such an absence suggests that a document intended to establish rules in one of the most critical domains of transparency and fundamental rights was formulated within closed bureaucratic circles. This falls short of the necessary openness to stakeholders who will be directly affected by its outcomes.

Open data policies are typically built on participatory mechanisms that include accurate stakeholder mapping, the organization of public consultations with officially recorded minutes, and publishing official reports clarifying how the government responded to feedback and recommendations from various parties. Such practices ensure that the policy reflects the needs and interests of society. Their absence, however, reduces the policy to an administrative text lacking both social legitimacy and the capacity to earn public trust.

This flaw also reveals a broader political tendency that reproduces a top-down, centralized pattern of decision-making, in which issues related to citizens’ fundamental and constitutional rights are treated as internal administrative matters rather than subjects of public debate. In doing so, such practices pre-emptively limit the potential of open data to become a tool for accountability and development, draw narrow boundaries for its use, and prevent it from fulfilling its role as a means of empowering citizens and holding the state accountable.

This pattern may be interpreted as an attempt to manage the state’s external image as one engaged in digital modernization initiatives and transparency commitments, without a genuine corresponding internal commitment to expanding rights or deepening democratic practice. In this context, the Open Data Policy can be read as a public relations tool used to reinforce the official discourse on digital reform, rather than as a genuine step toward enshrining an inherent right of access to information.

2. Exemptions and the Limits of Transparency

The policy excludes from publication all data falling under the umbrella of national security or defense, as well as personal data protected under the Personal Data Protection Law No. 151 of 2020, contractual or agreement-bound information, and data protected by court orders. While some of these exclusions may rest on legitimate grounds, the absence of precise definitions or clear criteria opens the door to an unwarranted expansion of data withholding.

For example, the concept of “national security” remains so broad that it allows a wide spectrum of economic, service-related, or environmental data to be classified as sensitive. This leads to the withholding of information essential for public oversight or developmental planning. Similarly, the policy does not mandate the publication of government procurement contracts and records, creating a vacuum in contracting transparency.

3. Oversight and Institutional Safeguards

One of the main weaknesses of the Open Data Policy lies in the absence of any independent oversight mechanisms or institutional safeguards that hold the state accountable for transparency. Responsibility has been assigned to government committees affiliated with the executive authority, such as the NCAI and its Joint Committee. This structure places the disclosure process entirely at the discretion of the entities that own the data.

Furthermore, the policy failed to explicitly stipulate the implementation of Article 68 of the 2014 Constitution, which guarantees citizens the right to access information and obliges the state to disclose it and regulate its circulation by law. The absence of this constitutional linkage places the policy in a fragile position, turning it into an administrative measure subject to alteration or withdrawal rather than a firm commitment grounded in an enforceable constitutional text.

The situation is further exacerbated by the policy’s failure to establish litigation mechanisms that would enable individuals or institutions to challenge data withholding decisions. This means that any dispute remains confined to administrative circles without recourse to an independent judiciary.

4. Privacy and the Protection of Individual Rights

Although the policy excluded personal data from publication based on the Personal Data Protection Law, it did not specify precise and binding technical standards that would effectively guarantee individual protection. Despite referencing the potential use of tools like differential privacy or the addition of digital noise, these references remained general and non-binding.

Digital noise refers to introducing small, random changes to published data so that the general patterns remain valid while making it impossible to trace information about any specific individual.

Differential privacy is a more advanced framework that applies such modifications according to precise mathematical rules, ensuring that aggregate analytical results remain useful while making it impossible to determine whether a particular person’s data is included in the dataset.

However, the lack of a government mandate to implement these tools leaves the risks intact and opens the door to re-identifying individuals or inferring sensitive information about them.

This flaw is further deepened by the fact that the Personal Data Protection Law itself has not yet been implemented, due to the absence of its executive regulations, which have delayed the establishment of the regulatory authority responsible for its enforcement. This legislative vacuum compounds the risks resulting from the lack of tools such as digital security technologies and verifiable anonymization techniques, differential privacy, or mandatory government Privacy Impact Assessments before publication; all of which keep the possibility of data leakage or misuse open

5. Access, Fees, and the Practical Use of Data

The significance of open data does not lie merely in its publication, but in its capacity to be practically and routinely usable. However, the Egyptian policy lacks genuine guarantees in this regard, rendering disclosure more of a formal declaration than an actual practice.

Regarding dynamic data, the policy did not mandate government entities to provide real-time data or to establish Service Level Agreements (SLAs). These agreements are technical commitments or contracts that define how often the data must be updated, the required level of accuracy and transparency, and the procedures to follow in case of service interruptions or delays in updates.

The policy relying on a vague phrase like “appropriate timing” leaves room for significant inconsistency across different entities, and may result in the publication of outdated or incomplete data. This, in turn, undermines its effectiveness in supporting time-sensitive decision-making or the development of applications that rely on real-time data. 

Furthermore, the policy failed to specify a binding list of what is known as High Value Datasets, datasets that are directly needed by society and the economy. These include, for example, public transport data that citizens rely on daily, weather and environmental data useful to farmers, journalists, and researchers, public finance data that reveal how public funds are spent, as well as official statistics used for planning.

Although the policy referred to these areas as general priorities, merely mentioning them without issuing an official, binding list accompanied by clear timelines for publication and updates makes it difficult to hold entities accountable for failing to disclose information and deprives the policy of its oversight mechanisms.

In the same context, the issue of fees poses an additional challenge. The policy did not adopt the “near-zero marginal cost” principle or set a clear pricing ceiling, allowing the imposition of fees that may hinder researchers, journalists, or civil society organizations.

International experience, by contrast, demonstrates that charging only nominal fees to cover copying or distribution costs is what ensures equitable access and encourages broad public use.

6. Intellectual Property and Monopoly

The Open Data Policy permits the use of intellectual property exceptions in a manner that undermines the core purpose of accessibility. The policy stipulates that certain public data may be exempted from the open licensing system for being protected by third-party intellectual property rights, even in cases where these data were produced with public funding or through state institutions. This approach risks turning publicly funded data and knowledge into a monopolized resource, rather than making them accessible to all.

Furthermore, the policy lacks an explicit provision prohibiting exclusive agreements that government entities may enter into with private companies or other parties to grant privileged access to specific datasets. Such agreements would, if they exist, deprive other stakeholders of their right to equal access and would transform public data into an economic asset reserved for a select group.

Fourth: The Restrictive Legislative Context and Its Direct Impact on Open Data Effectiveness 

The Open Data Policy cannot be assessed in isolation from the broader legislative framework governing the flow of data and information in Egypt, since this context reveals deep-seated constraints that make accessibility more of an exception than a general rule.

• First: Article 68 of the Constitution stipulates that information is the property of the people and obliges the state to disclose it and regulate its circulation by law. However, this provision remains suspended due to the absence of a Freedom of Information Law, rendering the constitutional right practically unenforceable.
• Second: Article 35 of the Anti-Terrorism Law No. 94 of 2015 imposes substantial fines for publishing or broadcasting news about terrorist operations that contradict official statements. The direct impact of this provision is to create a chilling effect that deters researchers and journalists from using open data if it challenges the state’s narrative on security issues.
• Third: The Press and Media Regulation Law No. 180 of 2018, along with its executive regulations, grants the Supreme Council for Media Regulation broad powers, including licensing, blocking, and imposing sanctions on published content — including digital content. Such censorship may limit the ability of investigative media to benefit from open data, for fear of falling under the scope of these penalties.
• Fourth: the Central Agency for Public Mobilization and Statistics (CAPMAS) holds a legal monopoly over the publication of official statistics under Law No. 35 of 1960 and its amendments, as well as Presidential Decree No. 2915 of 1964. This monopoly slows the release of dynamic data and prevents the emergence of alternative sources. It also embodies the political economy of data in Egypt: when the state is the sole producer, owner, and distributor of statistics, it reproduces an exclusionary model that inhibits data-driven innovation and deprives academics, civil society, and the private sector of the opportunity to develop alternative tools for knowledge production.
• Fifth: The Anti-Cyber and Information Technology Crimes Law No. 175 of 2018 introduces an additional layer of restriction, granting authorities broad powers to block websites and imposing criminal penalties for acts that are open to flexible interpretation. In the absence of explicit transparency guarantees or independent judicial oversight, these powers can be used to restrict access to platforms that publish public data or analyses based on open data, thereby reinforcing prior censorship and limiting the freedom of information circulation.

Fifth: Open Data and the Law on Circulation of Information (Freedom of Information)

Article 68 of the Constitution stipulates that information is the property of the people and obliges the state to regulate its circulation by law. However, this law has not yet been enacted. The absence of such legislation leaves the constitutional provision without enforceable power, rendering the right to access information a suspended right that cannot be practically implemented.

In this vacuum, the executive authority shall control what is published through the open data portal according to its own priorities, without being bound by legal procedures for appeal or by mandatory deadlines for responding to requests. Rather than being an enforceable public right, open data here becomes a form of selective and anticipatory disclosure dictated by the data-owning entity.

The repercussions of this absence are manifold, including:

• Politically, it reinforces the state’s monopoly over determining what is made available and what is withheld, thereby undermining trust in the constitutional provision itself.
• Legally, it creates an environment of uncertainty that prevents holding non-disclosing entities accountable before the judiciary. 
• Economically, it undermines the ability of the private sector and researchers to invest in data-based applications due to the lack of guarantees for the stability and continuity of data availability.

To overcome this structural flaw, issuing a merely formal law is insufficient; instead, a comprehensive law is needed, one that sets clear deadlines for responses, establishes an independent information commissioner, grants fee exemptions for researchers and civil society, and imposes deterrent penalties for unjustified withholding or misinformation. Without such measures, the Open Data Policy, or any related law, will remain a fragile administrative framework subject to the discretion of the executive authority, rather than a solid instrument for transparency and accountability.

Sixth: Entities Subject to Data Disclosure through the National Open Data Portal

The policy should have stipulated that the obligation to provide open data extends to all public entities included in the state’s general budget, including local administration units, economic and service entities, holding and subsidiary companies, wholly or partially owned by the state, as well as regulatory bodies and independent agencies.

The policy should also have mandated every institution or entity responsible for managing or providing a public service, or administering a public asset under a public authorization, concession, or public funding, to publish non-sensitive data in open, reusable formats. This should be accompanied by standardized metadata, regular update mechanisms, and application programming interfaces (APIs) that enable integration and interoperability.

In addition, the obligation should extend to encompass contractors, concessionaires, and public–private partnership (PPP) projects in all matters related to the public service or asset under contract. This extension reflects two core principles: first, “public funds generate public data”, and second, “accessibility follows the service”; that is, the public nature of data does not cease merely by delegating its management to a private entity.

Note: Attached to this paper is a preliminary annex listing the entities that should be mandated to disclose their data through the National Open Data Portal.

Seventh: Founding Principles of the Egyptian Data Governance Authority (EDGA)

The National Open Data Policy, as a transitional framework, stipulated the establishment of the Egyptian Data Governance Authority (EDGA) as the body intended to transform availability from general promises into actionable practice. Currently, the National Council for Artificial Intelligence oversees implementation, with tasks to be transferred to the Authority once it is legally established.

However, this transitional positioning remains fraught with practical risks, foremost among which is the possibility that the Authority may evolve into a subordinate bureaucratic extension rather than an independent regulator with clear oversight powers and binding tools.

Accordingly, this paper proposes a foundational vision that positions the Egyptian Data Governance Authority (EDGA) as a lever for upholding the public’s right to information and safeguarding privacy — rather than as an administrative arm managing a top-down data flow.

• First, a data governance authority is meaningless without robust independence. This entails having legal personality and a directly allocated budget, and being subject to parliamentary and judicial accountability rather than executive guardianship. Its binding mandate must also extend to ministries, agencies, state-owned companies, and private entities whenever they produce data of public benefit through public funding or delegation. Only then will decisions on publication, correction, and the lifting of restrictions become enforceable orders rather than deferrable recommendations.
• Second: Transparency is meaningless without measurable operational rules — such as official lists of high-value datasets, mandatory update schedules, service-level agreements (SLAs) for the portal and APIs, and a pricing policy based on the principle of “near-zero marginal cost” so that access does not become a financial privilege. These elements should integrate with the technical standards and open metadata referenced in the policy, but within a binding regulatory framework, rather than merely advisory guidelines.
• Third: Rights cannot be safeguarded without a structured system for challenge, redress, and institutional learning. This structure begins with a facilitated, multi-channel internal grievance pathway, then an independent quasi-judicial appeals committee, followed by administrative judiciary; alongside an automatic “sunset clause” that automatically reviews blocking decisions, a compensation fund for those harmed, and a mandatory mechanism for integrating the lessons from appeals and rulings into regulations and guidelines.

These principles are embodied in a balanced institutional structure comprising an anti-domination board of directors, whose chairmanship is elected from independents and represents civil society, academics, professional unions, and private sector entities that have not recently contracted with the state, with a strict cap on government representation not exceeding one-fifth of the total.

The EDGA should also include a professional executive unit with specialized departments (for access and openness, standards and operations, privacy, legal enforcement, contractual transparency, appeals, innovation and participation, digital infrastructure and security) connected to other entities’ systems through secure integration channels and publishing monthly compliance dashboards.

In addition, independent expert committees—technical, legal/ethical, and civil society/user-focused —should operate under publicly available charters and accessible meeting records, ensuring that any deviation from their recommendations is justified and supported by a reinforced majority. 

This institutional structure makes consultation a mandatory procedural prerequisite for decision-making, followed by transparent voting that is publicly disclosed along with its justifications and decision matrix. This arrangement cannot be separated from the transitional context declared by the government: a policy already in effect pending a comprehensive legislative framework, and a national portal under development to serve as the single access point.

However, the transition from “availability as an announcement” to “availability as a right” will not be completed unless the EDGA is established as an independent body capable of integrating disclosure and protection duties into a single equation encompassing equitable access, verifiable quality, and non-negotiable privacy.

In conclusion,

Attached to this paper are three detailed annexes that complete its content and translate its principles into actionable instruments:

• Proposed Foundational Principles for the Egyptian Data Governance Authority (EDGA)
• Proposed List of Entities Mandated to Publish Their Data via the National Open Data Portal
• Open Data Standards

Separating these annexes serves to keep the main text focused on the general principles and strategic directions, while providing detailed operational references that support practical implementation and ensure enforceability.