Composite Score
34.1
out of 100
Iran places in Tier 3 of the ITU Global Cybersecurity Index 2024 — an establishing posture with measurable progress and identified gaps. A data-protection statute is in active preparation, but not yet in force, and no designated supervisory authority is publicly identified in the IAPP Global Privacy Directory at this Edition. On the question of artificial intelligence policy, a national AI policy is registered in the OECD AI Policy Observatory; on the question of open-government practice, Iran is not currently an Open Government Partnership member. Domestic data-center capacity is substantial — the country sits within the top tier of physically-installed compute observed in the public datasets, and foundational digital identity coverage is not yet captured at a measurable level by the World Bank ID4D dataset.
With a composite of 34.1 out of 100, Iran sits at rank 134th out of the 194 States surveyed in Edition 0. The country's strongest pillar at this Edition is Universal Identifier & Agent Provenance, scoring 4.4 out of 10; its thinnest is Constitutional & Legal Foundation, at 2.5 out of 10. Within the MENA region, Iran sits below the regional average composite of 44.3. The pillar pattern is the substantive material the Charter invites the State to engage with — neither a leaderboard position, nor a final verdict, but a structured picture of where the open-source record is full and where it remains to be built.
On the side of what helps: a national AI policy registered in the OECD AI Policy Observatory provides a published baseline against which Article 6 of the Charter can be tested. On the side of what has not yet been done: the data-protection statute remains in draft, so the statutory floor is not yet operative; no designated supervisory authority is publicly identified at this Edition, leaving the institutional channel for enforcement underdeveloped; the capital-crime exception is not as narrowly framed as Article 4.3 of the Charter contemplates, so compulsory access to encrypted data is not yet bounded in a way the Charter would recognize; there is no public registry of access requests under the capital-crime exception, leaving the question of compulsory access opaque to citizens and to international observers.
The complete IDSI Edition 0 (2026) report — methodology, sources, sub-indicators for all 194 States.
Get the full IDSI Edition 0 (2026) reportStates, civil-society organizations, and individuals may request a re-evaluation of any entry. The Custodian commits to a written response within thirty days.
Request a re-evaluation of Iran's entryWhat Iran is currently doing on data sovereignty. The links below lead to government databases, international legal trackers, and contemporaneous news. They are the public record from which the Custodian’s scoring is drawn — and the starting point for any reader seeking to understand the country’s posture in depth.
All links open in a new tab. The Custodian does not control these third-party sites and is not responsible for their content. If you find a more authoritative government source for any item above, please let us know via the re-evaluation form below — we will update the page within thirty days.
Submissions are received under the standing Correction Notice protocol. Provide as much public-source detail as you can — the Custodian re-scores from open-source evidence, not from claim alone.
Standing Correction Notice — the State of Iran may request, in writing, the publication of a corrected entry within thirty days of any factual error. Edition 0 entries are derived from the open-source record only; nothing on this page is offered as a verdict, and the Initiative welcomes engagement that improves accuracy.