Imagine a basketball game where one team writes the rules, owns the court, and controls the referee. The crowd is silenced before tip-off, and the opposing players are warned that every play could end the match. That is not a free and fair game, it is a performance of control. The new wave of social media regulations in the Middle East and North Africa (MENA) region works just like that.
Two decades after MENA governments responded to the rise of social media with a first wave of cybercrime legislations, they are once again seeking to expand their power over what people say and do online. Over the past three years, a number of governments have increased their control over social media platforms by widening the scope of their cybercrime laws or introducing dedicated social media laws. These draft laws are purportedly inspired by the EU’s Digital Services Act (DSA), but open up risks that have no parallel in European democracies. As we will explain, transplanting DSA-inspired regulations can turn a framework meant to protect people’s rights into a sophisticated instrument for state censorship and control. It also poses new challenges for social media companies operating in authoritarian contexts — making it all the more important that they meet their responsibilities to respect human rights.
The new regulatory wave: what’s actually being proposed
In June 2023, the League of Arab States announced a unified social media regulation strategy inspired by the DSA and various European national laws such as the Network Enforcement Act (NetzDG) in Germany.
The strategy rests on four pillars: mandatory legal representation at the national level, the removal of content deemed non-compliant with national laws, the redistribution of advertising revenue to media outlets, and a dual commitment to combating Islamophobia and promoting the Arabic language. Social media companies failing to comply would face a range of sanctions, including throttling, blocking, and fines.
Several months later, Jordan enacted its 2023 Cybercrime Law, replacing an older law from 2015 and incorporating measures similar to those announced in the unified Arab strategy.
Since then, several states, including Egypt, Morocco, Algeria, and Saudi Arabia, have begun drafting their own social media laws, often claiming inspiration from European legislation, with some explicitly citing the DSA. While the details vary, these laws share a common architecture that departs significantly from the DSA’s core approach. Rather than focusing on processes, transparency, and accountability, they emphasize content control: social media companies are required to establish a legal presence in the country, comply swiftly with takedown orders issued by regulators or courts, and proactively moderate content based on broad definitions of criminalized speech. In other words, to return to our basketball metaphor, the states not only write the rules of the game, they also own the court.
The Egyptian new draft law offers the clearest example of this architecture in action. It was introduced in April 2026 by a member of parliament seeking to regulate social media companies operating in the country under the pretext of protecting social values and national security, limiting cybercrime, and reinforcing national digital sovereignty. Under Article 8, for instance, social media companies are required to comply with national legislation, with particular emphasis on laws governing national security and cybercrime. Articles 9, 13, and 14 further require companies to cooperate with judicial authorities, remove accounts operating under pseudonyms or belonging to users under the age of 16, and appoint a local legal representative within six months of the law’s entry into force. Companies are additionally obliged to remove content deemed contrary to public morality or Egyptian cultural traditions upon notification from the relevant administrative authorities. Non-compliance may result in the Ministry of ICT temporarily or permanently blocking the platform, or imposing a fine of up to 100,000 USD per violation.
Why context is everything: the four missing preconditions
Context matters. Before drafting or adopting laws to regulate social media platforms, legislators and policymakers must ensure that key rule-of-law safeguards are in place. Effective and rights-respecting regulation of social media platforms depends on a legal framework that protects freedom of expression and personal data, a regulator independent from all forms of subordination, an independent and impartial judiciary, and a free and safe civic space. Otherwise, the regulations will lack the oversight, accountability, and effective remedies necessary to protect people’s rights.
Many MENA governments already wield extensive control of free expression through draconian penal, anti-terrorism and media laws criminalising legitimate speech, and have worked over the past several years to extend that control in digital spaces, including by applying economic pressure on social media companies, such as by banning ads and blocking platforms.
This context is important because these governments often define the concept of “illegal content” far more broadly than permitted under international freedom of expression standards. So if DSA-style regulations obligate platforms to remove illegal content when notified, or to assess and mitigate risks linked to its dissemination, the regulations could then become vehicles for enforcing vague or over-broad laws that restrict protected speech.
For example, in the EU the DSA allows entities with expertise in identifying certain types of illegal content to obtain “trusted flagger” status, and requires platforms to prioritise their notices. Like a referee who signals a potential foul, trusted flaggers identify content they consider illegal, prompting platforms to give their notices priority.
This has spurred European civil society groups to warn governments that strong safeguards are necessary to prevent the flagging system from becoming a “vehicle for specific interest groups or governments to obtain an outsized or even illegitimate influence by means of over- or under-blocking”.
In the MENA region, the risks are far greater. DSA-inspired regulations largely disregard the DSA’s emphasis on processes, transparency, and accountability, focusing instead on swift content removal, through orders issued by media regulators or courts, with short timeframes for compliance. Incorporating a trusted flagger system in social media regulation without strong safeguards to prevent governments from granting this status to state bodies, government-affiliated organizations, or other actors aligned with official interests, is an invitation for state censorship and biased enforcement that suppresses speech.
That is especially dangerous in a region where journalists, human rights defenders, and political dissidents often face relentless national and even transnational repression, for their criticism of the government. Rather than protecting a platform’s users from illegal content, in this case trusted flaggers could suppress the very voices this kind of system was designed to protect.
What platforms owe people they can’t protect
Regardless of a government’s willingness to comply with its human rights obligations under international law, all companies — including communications platforms — have a responsibility to respect human rights. Under the UN Guiding Principles on Business and Human Rights, they must identify, prevent, mitigate, and remediate adverse human rights impacts of their products, services, and policies.
When companies offer communications services in restrictive or authoritarian environments, their human rights responsibilities increase, not decrease. If they fall short of their responsibilities, they risk active complicity in targeted repression of people or human rights violations by states, including those perpetrated against journalists, human rights defenders, and political dissidents. Accordingly, they should publish detailed transparency reports on government takedown requests, engage substantively with rights holders, impacted communities, and independent civil society and media organisations, conduct rigorous human rights due diligence, resist broad or vague takedown orders, and share any legal challenges publicly.
Yet following the U.S. and Israeli strikes on Iran that began in February 2026, several social media platforms geoblocked accounts belonging to human rights organizations, academics, and dissidents at the request of Saudi Arabia and the UAE. While the companies involved disclosed the existence of government takedown orders, they failed to publish the human rights due diligence assessments that purportedly informed their compliance decisions, raising concerns about transparency and accountability.
The stakes are clear: unless companies engage in principled resistance to government demands in order to meet their human rights obligations, governments across the region are likely to escalate the pressure to restrict content they do not like. The new draft regulations and the penalties they introduce can create significant risks for companies’ business viability and staff security. However, if a company prioritises market access or avoiding hefty fines over protecting human rights, it is not a neutral business decision; it is a deliberate choice with consequences beyond violating users’ rights. Reputational damage, regulatory backlash, and the erosion of people’s trust are not abstract risks; they are the predictable cost of complicity — a stain that can ultimately threaten a company’s business model and long-term sustainability.
Governments adopting DSA-like laws: proceed with caution
For a regulatory framework to protect free expression in the digital era, it has to do more than a rigged basketball game — that is, give the appearance of legitimacy while masking the consolidation of control. If MENA governments use the DSA as inspiration for social media regulations, it is crucial that they focus first on creating the rule-of-law preconditions that make the protection of user rights and accountability possible. At the same time, it is imperative that social media companies operating in the region strengthen their practices and policies to ensure respect for human rights and avoid complicity in human rights violations.
Finally, when democracies create content moderation frameworks like the DSA that could be adopted by other countries, they should anticipate the possible “spillover effects,” and engage in efforts to avoid such frameworks becoming vehicles for censorship and other forms of digital repression. This could include supporting efforts to enable civil society both within and beyond their borders to engage in regional and global discussions on rights-respecting regulation, to seek a rough consensus guided by our universal, interdependent human rights, in addition to domestic priorities. That way, when frameworks like the DSA are transplanted, we can all work together to ensure they function as intended.