Cybersecurity Obligations — Law on Prevention and Punishment of Cybercrime 2018 (NCSA)?

Rwanda's Law on Prevention and Punishment of Cybercrime (Law No. 60/2018) and the Personal Data and Privacy Protection Law (Law No. 058/2021) impose cybersecurity and data protection obligations on connected device importers and distributors in Rwanda. No mandatory product-level IoT cybersecurity certification currently exists, but this area is expected to evolve under NCSA oversight given Rwanda's Vision 2050 digital ambitions. Chinese GB/T cybersecurity certifications carry no legal standing in Rwanda. Importers should document firmware update policies, secure default credentials, and vulnerability disclosure procedures as a baseline for due diligence under the cybercrime law.

Electrical Safety — 230V / 50Hz, Type C / Type J (Swiss-style) Plug Environment?

Electrical safety compliance against RBS RS / IEC 62368-1 (or IEC 60950-1) at 230V / 50Hz is required as part of the RURA type approval technical file. Rwanda uses Type C and Type J (Swiss-standard) sockets — Type J does not accept the Chinese Type A plug, and products must ship with a compatible plug. Chinese GB safety reports at 220V / Type A configuration are not automatically recognised by RBS or RURA. Verify current applicable RS safety standards and plug/socket requirements with RBS before submitting the type approval dossier.

EMC Emissions — RBS RS Standards (CISPR-based)?

EMC emission compliance against RBS RS (CISPR-based) standards is required as part of the RURA type approval technical file. Chinese GB emission test reports are not automatically recognised by RURA or RBS. The 5 GHz Wi-Fi band is subject to RURA indoor-only restrictions above 5.15–5.35 GHz; outdoor 5 GHz deployment requires separate authorisation. Verify current RURA spectrum assignments and RBS applicable RS standards before submission.

EMC Immunity — RBS RS Standards (IEC 61000-based)?

EMC immunity compliance against RBS RS (IEC 61000-4-based) standards is required as part of the RURA type approval technical file. Chinese GB/T immunity reports are not automatically recognised by RURA or RBS. Rwanda's tropical climate and grid conditions may affect applicable test severity levels. Confirm current applicable RS standards with RBS before testing.

Authorised Local Importer / Agent Requirement (RURA)?

An authorised local importer or agent legally incorporated in Rwanda and registered with RURA is required before or alongside the type approval application for wireless and ICT devices. There is no direct equivalent obligation in China's domestic regulatory framework. The local representative bears legal responsibility for RURA compliance, product labelling, after-sales support, and recall obligations in the Rwanda market. Foreign manufacturers without a Rwandan entity must establish or appoint this representative as a prerequisite for market entry.

RURA Type Approval — Radio and Telecommunications Terminal Equipment?

RURA type approval is mandatory for all radio and telecommunications terminal equipment imported or sold in Rwanda under Law No. 02/2016. Chinese SRRC, NAL, and CCC approvals are not recognised by RURA. CE and FCC authorisations are likewise not accepted. A separate RURA type approval process must be completed and the RURA certificate and label must accompany the product before customs clearance. EAC harmonisation does not currently waive this national requirement.

CROSS-STANDARD public interest · Wireless / IoT device

China-to-Rwanda Wireless / IoT Device Compliance Gap Matrix (RURA / RBS)

Name: China-to-Rwanda Wireless / IoT Device Compliance Gap Matrix (RURA / RBS)
Creator: Cross-Standard
License: https://creativecommons.org/licenses/by/4.0/

AI-compiled from official public sources — cross-checked by multiple AI models, not human-verified. Informational only; see disclaimer. Public-interest, source-linked comparison of common China Wi-Fi, Bluetooth, and IoT device documentation against Rwanda Utilities Regulatory Authority (RURA) mandatory type approval under the Law Governing Telecommunications in Rwanda 2016 (Law No. 02/2016), Rwanda Bureau of Standards (RBS) RS standards for EMC emissions and immunity, electrical safety requirements for Rwanda's 230V/50Hz Type C/J environment, local authorised importer requirements, and cybersecurity obligations under the Law on Prevention and Punishment of Cybercrime 2018 and the National Cyber Security Authority (NCSA).

Dataset 2026-06-11 Last verified 2026-06-17 6 rows

Short answer

The main Rwanda gaps for a China-made Wi-Fi, Bluetooth, or IoT device are: mandatory RURA type approval under the Law Governing Telecommunications in Rwanda 2016 (CE, FCC, and CCC are not recognised by RURA), RBS RS standards for EMC emissions and immunity (IEC/CISPR-based; 5 GHz Wi-Fi is restricted to indoor use), electrical safety compliance for Rwanda's 230V/50Hz Type C/J environment (Rwanda is one of the few African countries using the Swiss-style Type J plug alongside Type C), appointment of an authorised local importer registered with RURA, and awareness of cybersecurity obligations under the Law on Prevention and Punishment of Cybercrime 2018 enforced by the National Cyber Security Authority (NCSA). EAC radio harmonisation is developing but wireless device type approval remains nationally enforced by RURA.

GAP MATRIX

Compliance Gap Matrix

Gap matrix
Compliance item	Common China baseline	Rwanda (RURA / RBS)	Gap / action	Source + verification date
Cybersecurity Obligations — Law on Prevention and Punishment of Cybercrime 2018 (NCSA)	China's Cybersecurity Law 2017, Data Security Law 2021, and Personal Information Protection Law (PIPL) 2021 govern cybersecurity and data protection for devices operating in China. MIIT IoT device security standards (e.g. GB/T 36951 on IoT security) and the MIIT Smart Device Security standard apply domestically. Chinese cybersecurity certifications and GB/T IoT security documentation have no direct legal standing under Rwanda's cybercrime law or NCSA guidelines; however, documentation practices aligned with international IoT security baselines (firmware updates, credential management, vulnerability disclosure) may support demonstration of due diligence in the Rwanda market.Cybersecurity Law of the People's Republic of China 2017 (China) Data Security Law of the People's Republic of China 2021 (China) Personal Information Protection Law (PIPL) 2021 (China) GB/T 36951 — IoT Security Requirements (China)	Rwanda enacted the Law on Prevention and Punishment of Cybercrime (Law No. 60/2018 of 22/08/2018), which establishes obligations relating to data security and cybercrime prevention. The National Cyber Security Authority (NCSA) oversees cybersecurity policy and enforcement. There is currently no Rwanda-specific mandatory product-level IoT cybersecurity certification scheme equivalent to ETSI EN 303 645 or NIST IR 8259; however, devices that process or transmit personal data, connect to critical infrastructure, or are used in regulated sectors must comply with data protection principles under the Law Relating to the Protection of Personal Data and Privacy (Law No. 058/2021) and NCSA guidelines. Rwanda's Vision 2050 positions Kigali as an African technology hub, and IoT/connected device cybersecurity regulation is expected to evolve. Importers and distributors of connected devices are advised to maintain documentation of firmware update mechanisms, default credential policies, and vulnerability disclosure procedures to demonstrate due diligence under the cybercrime law.Law on Prevention and Punishment of Cybercrime, Law No. 60/2018 of 22/08/2018 (Rwanda) Law Relating to the Protection of Personal Data and Privacy, Law No. 058/2021 (Rwanda) National Cyber Security Authority (NCSA) Guidelines (Rwanda)	Rwanda's Law on Prevention and Punishment of Cybercrime 2018 and data protection obligations under Law No. 058/2021 apply to connected devices in Rwanda. Chinese cybersecurity certifications and GB/T IoT security documentation carry no legal standing under Rwanda law. No mandatory product-level IoT cybersecurity certification currently exists in Rwanda, but devices handling personal data or connecting to critical infrastructure must comply with data protection principles. Regulatory evolution under NCSA is anticipated; importers should maintain firmware update, default credential, and vulnerability disclosure documentation as a due-diligence baseline.[INFORMATIONAL] Rwanda's Law on Prevention and Punishment of Cybercrime (Law No. 60/2018) and the Personal Data and Privacy Protection Law (Law No. 058/2021) impose cybersecurity and data protection obligations on connected device importers and distributors in Rwanda. No mandatory product-level IoT cybersecurity certification currently exists, but this area is expected to evolve under NCSA oversight given Rwanda's Vision 2050 digital ambitions. Chinese GB/T cybersecurity certifications carry no legal standing in Rwanda. Importers should document firmware update policies, secure default credentials, and vulnerability disclosure procedures as a baseline for due diligence under the cybercrime law.	National Cyber Security Authority (NCSA), Rwanda2026-06-17 · reference
Electrical Safety — 230V / 50Hz, Type C / Type J (Swiss-style) Plug Environment	GB 4943.1 (IT equipment safety, equivalent to IEC 60950-1) and GB 62368.1 (AV/IT/communications equipment safety, equivalent to IEC 62368-1) apply in China at 220V / 50Hz with Type A (two-flat-pin) plugs. CCC certification covers electrical safety for applicable product categories. Chinese devices rated 220V may be compatible with Rwanda's 230V supply in practice but the nominal mains voltage and plug type differ. GB safety test reports at 220V are not automatically accepted by RBS; IEC-based reports may be reusable subject to RURA/RBS review.GB 4943.1 — Safety of IT equipment (equivalent to IEC 60950-1, China) GB 62368.1 — AV/IT/communications equipment safety (equivalent to IEC 62368-1, China) China Compulsory Certification (CCC) — electrical safety for applicable product categories (China)	Rwanda's mains supply is 230V / 50Hz. Rwanda uses Type C (two-round-pin Europlug) and Type J (three-round-pin Swiss-standard) plugs and sockets. Type J is uncommon in Africa and makes Rwanda distinctive: the Type J socket accepts Type C plugs but not Type A, B, or G plugs. Electrical safety requirements for plugged devices are assessed under RBS RS standards based on IEC 62368-1 (or legacy IEC 60950-1 for older product families) for audio/video, IT, and communications equipment. Devices with mains connections must be rated for 230V / 50Hz operation and carry applicable RBS-recognised safety documentation. Adapters and chargers with Type A (China standard) plugs cannot be used directly and require a compatible plug configuration for Rwanda sockets.RBS RS standards based on IEC 62368-1 — Audio/video, IT and communications equipment safety (Rwanda) RBS RS standards based on IEC 60950-1 — IT equipment safety (legacy, Rwanda) RURA Type Approval Regulations — electrical safety documentation requirement (Rwanda)	Rwanda's 230V / 50Hz supply with Type C / Type J (Swiss-style) sockets requires plug configuration incompatible with China's standard Type A plug. Devices must be rated for 230V / 50Hz. Electrical safety documentation under RBS RS / IEC 62368-1 (or IEC 60950-1) is required for the RURA type approval dossier. Chinese GB safety reports at 220V / Type A plug are not automatically accepted. Type J sockets do not accept Type A (Chinese), Type B (US), or Type G (British) plugs — products must ship with a compatible Type C or Type J plug for Rwanda.[INFORMATIONAL] Electrical safety compliance against RBS RS / IEC 62368-1 (or IEC 60950-1) at 230V / 50Hz is required as part of the RURA type approval technical file. Rwanda uses Type C and Type J (Swiss-standard) sockets — Type J does not accept the Chinese Type A plug, and products must ship with a compatible plug. Chinese GB safety reports at 220V / Type A configuration are not automatically recognised by RBS or RURA. Verify current applicable RS safety standards and plug/socket requirements with RBS before submitting the type approval dossier.	Rwanda Bureau of Standards (RBS)2026-06-17 · reference
EMC Emissions — RBS RS Standards (CISPR-based)	GB 9254 (radiated and conducted emissions for IT equipment, equivalent to CISPR 22/32) and GB 17743 (radio disturbance limits for household equipment, equivalent to CISPR 14-1) apply in China. SRRC type approval covers radio frequency spectrum usage. Chinese GB emissions test reports are not automatically accepted by RBS or RURA; new tests against applicable RS/CISPR limits or re-use under mutual recognition (not yet established with Rwanda) may be required.GB 9254 — Limits and methods of measurement of radio disturbance characteristics of IT equipment (China) GB 17743 — Radio disturbance limits and measurement methods for household electrical appliances (China) MIIT SRRC Radio Type Approval covering spectrum usage (China)	Rwanda Bureau of Standards (RBS) adopts RS standards based on IEC and CISPR international standards for electromagnetic emissions from information technology equipment, radio devices, and IoT devices. Radiated and conducted emissions must comply with the applicable RS standard limits (mirroring CISPR 32 / CISPR 22 for IT and multimedia equipment). Test reports from accredited laboratories are required as part of the RURA type approval technical file. Radio frequency channel plans and 5 GHz Wi-Fi usage are subject to RURA spectrum management: 5 GHz operation above 5.15–5.35 GHz indoors is restricted; outdoor use requires additional RURA authorisation.RBS RS standards (IEC/CISPR-based EMC emissions, Rwanda) RURA Radio Frequency Spectrum Management Regulations (Rwanda) CISPR 32 / CISPR 22 (adopted by reference via RBS RS)	RBS RS emission standards must be met and documented via test reports from accredited laboratories as part of the RURA type approval dossier. Chinese GB emission test reports are not automatically accepted; re-testing or specific mutual-recognition arrangements (not currently in place with Rwanda) may be required. The 5 GHz band above 5.15–5.35 GHz is restricted to indoor use; outdoor 5 GHz requires additional RURA authorisation.[INFORMATIONAL] EMC emission compliance against RBS RS (CISPR-based) standards is required as part of the RURA type approval technical file. Chinese GB emission test reports are not automatically recognised by RURA or RBS. The 5 GHz Wi-Fi band is subject to RURA indoor-only restrictions above 5.15–5.35 GHz; outdoor 5 GHz deployment requires separate authorisation. Verify current RURA spectrum assignments and RBS applicable RS standards before submission.	Rwanda Utilities Regulatory Authority (RURA)2026-06-17 · reference
EMC Immunity — RBS RS Standards (IEC 61000-based)	GB/T 17618 and related GB/T standards (equivalent to IEC 61000-4 series) cover immunity for IT equipment in China. Chinese GB/T immunity test reports may share the same underlying IEC 61000-4 test methodology, but are not automatically recognised by RBS or RURA. Rwanda's tropical and grid conditions may require assessment of test-level adequacy beyond what was tested for the Chinese market.GB/T 17618 — Limits and methods of measurement of immunity for IT equipment (China) GB/T 17626 series — IEC 61000-4 equivalent immunity standards (China)	Rwanda Bureau of Standards (RBS) RS standards adopt IEC 61000-series immunity requirements for electronic and ICT equipment sold in Rwanda. Devices must demonstrate adequate immunity to electrostatic discharge (ESD), radiated electromagnetic fields, electrical fast transients, surges, and conducted disturbances. Immunity test reports from accredited laboratories must be included in the technical file submitted for RURA type approval. Rwanda's tropical climate and developing power grid environment may present elevated surge and transient conditions that heighten practical importance of immunity compliance.RBS RS standards (IEC 61000-series EMC immunity, Rwanda) IEC 61000-4-2 (ESD immunity, adopted by reference) IEC 61000-4-3 (Radiated immunity, adopted by reference) IEC 61000-4-4 (EFT/Burst immunity, adopted by reference) IEC 61000-4-5 (Surge immunity, adopted by reference)	Immunity test reports must be provided against applicable RBS RS / IEC 61000-4 series requirements as part of the RURA type approval dossier. Chinese GB/T immunity test reports are not automatically recognised. Test levels appropriate for Rwanda's tropical climate and developing power-grid environment should be considered. Verify with RBS which specific RS immunity standards are currently applicable before initiating testing.[INFORMATIONAL] EMC immunity compliance against RBS RS (IEC 61000-4-based) standards is required as part of the RURA type approval technical file. Chinese GB/T immunity reports are not automatically recognised by RURA or RBS. Rwanda's tropical climate and grid conditions may affect applicable test severity levels. Confirm current applicable RS standards with RBS before testing.	Rwanda Bureau of Standards (RBS)2026-06-17 · reference
Authorised Local Importer / Agent Requirement (RURA)	China's domestic market does not require an authorised importer or local agent for Chinese-manufactured devices sold domestically. For export, the Chinese manufacturer or exporter is the responsible party under Chinese export customs declarations. There is no direct equivalent obligation in China's domestic regulatory framework that mirrors the Rwanda requirement for a locally incorporated, RURA-registered importer or agent.PRC Customs Law and export declaration requirements (China) No direct local-agent equivalent in Chinese domestic device regulations (China)	RURA regulations require that telecommunications and ICT equipment imported into Rwanda be handled through an authorised local importer or agent registered with RURA. The local importer or agent is responsible for ensuring that devices bear a valid RURA type approval certificate before customs clearance and sale in Rwanda. The importer or agent must be a legally incorporated entity in Rwanda and must be capable of providing after-sale technical support and handling compliance or recall obligations. Foreign manufacturers without a local presence must appoint a RURA-recognised local representative before or alongside the type approval application.Law Governing Telecommunications in Rwanda, Law No. 02/2016 (Rwanda) RURA Regulations on Type Approval of Telecommunications and ICT Equipment — importer obligations (Rwanda)	Chinese manufacturers exporting wireless or IoT devices to Rwanda must appoint a legally incorporated, RURA-registered local importer or agent before or alongside the type approval application. There is no equivalent requirement in China's domestic regulatory framework. The local agent bears legal responsibility for ensuring RURA type approval compliance, product labelling, after-sales support, and recall obligations in Rwanda.[INFORMATIONAL] An authorised local importer or agent legally incorporated in Rwanda and registered with RURA is required before or alongside the type approval application for wireless and ICT devices. There is no direct equivalent obligation in China's domestic regulatory framework. The local representative bears legal responsibility for RURA compliance, product labelling, after-sales support, and recall obligations in the Rwanda market. Foreign manufacturers without a Rwandan entity must establish or appoint this representative as a prerequisite for market entry.	Rwanda Utilities Regulatory Authority (RURA)2026-06-17 · reference
RURA Type Approval — Radio and Telecommunications Terminal Equipment	China MIIT SRRC radio type approval for radio frequency equipment; MIIT network access licence (NAL) for telecommunications terminal equipment; CCC certification for RF equipment within CCC scope. GB standards (e.g. GB 9254, GB 17625 for EMC; GB 4943 for safety) apply domestically. SRRC, NAL, and CCC approvals are China-domestic only and carry no legal standing with the Rwanda Utilities Regulatory Authority.MIIT SRRC Radio Type Approval (China) MIIT Network Access Licence (NAL) — Telecommunications Terminal Equipment (China) China Compulsory Certification (CCC) — RF equipment in scope (China)	All radio transmitters and telecommunications terminal equipment must obtain a RURA type approval certificate from the Rwanda Utilities Regulatory Authority before importation or sale in Rwanda, under the Law Governing Telecommunications in Rwanda (Law No. 02/2016) and associated RURA regulations on ICT equipment. The type approval process requires the applicant to submit a technical file and test reports from accredited laboratories. CE marking, FCC authorisation, and CCC certification are not recognised as equivalents by RURA. EAC harmonised type approval is developing but wireless device type approval remains nationally enforced by RURA. The RURA approval certificate and corresponding label must accompany the product before customs clearance.Law Governing Telecommunications in Rwanda, Law No. 02/2016 (Rwanda) RURA Regulations on Type Approval of Telecommunications and ICT Equipment (Rwanda) RURA Type Approval Guidelines (Rwanda)	Mandatory separate RURA type approval certificate required from the Rwanda Utilities Regulatory Authority under Law No. 02/2016. CE, FCC, and CCC approvals are not accepted by RURA. SRRC and NAL have no legal standing in Rwanda. EAC harmonisation does not yet remove the RURA national type approval requirement for wireless devices. The RURA type approval certificate and label must accompany the product before customs clearance.[INFORMATIONAL] RURA type approval is mandatory for all radio and telecommunications terminal equipment imported or sold in Rwanda under Law No. 02/2016. Chinese SRRC, NAL, and CCC approvals are not recognised by RURA. CE and FCC authorisations are likewise not accepted. A separate RURA type approval process must be completed and the RURA certificate and label must accompany the product before customs clearance. EAC harmonisation does not currently waive this national requirement.	Rwanda Utilities Regulatory Authority (RURA)2026-06-17 · reference

INFORMATIONAL ONLY

Informational only / not a certification conclusion

AI-compiled, not human-verified. This comparison is generated and cross-checked by multiple AI models from public official sources; it has not been reviewed by a named human expert and may contain errors or out-of-date items. Confirm every requirement directly with the official regulator or standards body and a qualified professional before relying on it. Nothing here is legal, certification, customs, or market-access advice.

This page is an informational comparison aid, not a certification decision, RURA type approval, legal opinion, customs determination, or market-access approval. Exporters, importers, and device manufacturers should verify current RURA regulations, applicable RBS/RS standards, and Rwanda market entry obligations with qualified regulatory professionals before importation or sale in Rwanda.

E-E-A-T

Named editorial review

Pending named reviewer

Official regulator, standards body, notified body, customs, or primary legal source preferred. Local PDFs are not accepted.

Editorial controls

Rows must include publisher, official URL, access date, verification flag, and last_verified before human_reviewed can be true.

SOURCES

Official-source register.

National Cyber Security Authority (NCSA), Rwanda · accessed 2026-06-17 · reference · used in 1 rows
Rwanda Bureau of Standards (RBS) · accessed 2026-06-17 · reference · used in 2 rows
Rwanda Utilities Regulatory Authority (RURA) · accessed 2026-06-17 · reference · used in 1 rows
Rwanda Utilities Regulatory Authority (RURA) · accessed 2026-06-17 · reference · used in 2 rows