Is crypto legal and how is it regulated here? · click a country
205 countries · 5061 events tracked
Austria - Crypto & Digital Assets: Regulated. Markets in Crypto-Assets Regulation (Regulation (EU) 2023/1114, 'MiCA') — CASP authorisation regime, supervised by national competent authorities with convergence coordinated by ESMA/EBA
Belgium - Crypto & Digital Assets: Regulated. Markets in Crypto-Assets Regulation (Regulation (EU) 2023/1114, 'MiCA') — CASP authorisation regime, supervised by national competent authorities with convergence coordinated by ESMA/EBA
Bulgaria - Crypto & Digital Assets: Regulated. Markets in Crypto-Assets Regulation (Regulation (EU) 2023/1114, 'MiCA') — CASP authorisation regime, supervised by national competent authorities with convergence coordinated by ESMA/EBA
Croatia - Crypto & Digital Assets: Regulated. Markets in Crypto-Assets Regulation (Regulation (EU) 2023/1114, 'MiCA') — CASP authorisation regime, supervised by national competent authorities with convergence coordinated by ESMA/EBA
Cyprus - Crypto & Digital Assets: Regulated. Markets in Crypto-Assets Regulation (Regulation (EU) 2023/1114, 'MiCA') — CASP authorisation regime, supervised by national competent authorities with convergence coordinated by ESMA/EBA
Czechia - Crypto & Digital Assets: Regulated. Markets in Crypto-Assets Regulation (Regulation (EU) 2023/1114, 'MiCA') — CASP authorisation regime, supervised by national competent authorities with convergence coordinated by ESMA/EBA
Denmark - Crypto & Digital Assets: Regulated. Markets in Crypto-Assets Regulation (Regulation (EU) 2023/1114, 'MiCA') — CASP authorisation regime, supervised by national competent authorities with convergence coordinated by ESMA/EBA
Estonia - Crypto & Digital Assets: Regulated. Markets in Crypto-Assets Regulation (Regulation (EU) 2023/1114, 'MiCA') — CASP authorisation regime, supervised by national competent authorities with convergence coordinated by ESMA/EBA
Finland - Crypto & Digital Assets: Regulated. Markets in Crypto-Assets Regulation (Regulation (EU) 2023/1114, 'MiCA') — CASP authorisation regime, supervised by national competent authorities with convergence coordinated by ESMA/EBA
France - Crypto & Digital Assets: Regulated. Markets in Crypto-Assets Regulation (Regulation (EU) 2023/1114, 'MiCA') — CASP authorisation regime, supervised by national competent authorities with convergence coordinated by ESMA/EBA
Germany - Crypto & Digital Assets: Regulated. Markets in Crypto-Assets Regulation (Regulation (EU) 2023/1114, 'MiCA') — CASP authorisation regime, supervised by national competent authorities with convergence coordinated by ESMA/EBA
Greece - Crypto & Digital Assets: Regulated. Markets in Crypto-Assets Regulation (Regulation (EU) 2023/1114, 'MiCA') — CASP authorisation regime, supervised by national competent authorities with convergence coordinated by ESMA/EBA
Hungary - Crypto & Digital Assets: Regulated. Markets in Crypto-Assets Regulation (Regulation (EU) 2023/1114, 'MiCA') — CASP authorisation regime, supervised by national competent authorities with convergence coordinated by ESMA/EBA
Ireland - Crypto & Digital Assets: Regulated. Markets in Crypto-Assets Regulation (Regulation (EU) 2023/1114, 'MiCA') — CASP authorisation regime, supervised by national competent authorities with convergence coordinated by ESMA/EBA
Italy - Crypto & Digital Assets: Regulated. Markets in Crypto-Assets Regulation (Regulation (EU) 2023/1114, 'MiCA') — CASP authorisation regime, supervised by national competent authorities with convergence coordinated by ESMA/EBA
Latvia - Crypto & Digital Assets: Regulated. Markets in Crypto-Assets Regulation (Regulation (EU) 2023/1114, 'MiCA') — CASP authorisation regime, supervised by national competent authorities with convergence coordinated by ESMA/EBA
Lithuania - Crypto & Digital Assets: Regulated. Markets in Crypto-Assets Regulation (Regulation (EU) 2023/1114, 'MiCA') — CASP authorisation regime, supervised by national competent authorities with convergence coordinated by ESMA/EBA
Luxembourg - Crypto & Digital Assets: Regulated. Markets in Crypto-Assets Regulation (Regulation (EU) 2023/1114, 'MiCA') — CASP authorisation regime, supervised by national competent authorities with convergence coordinated by ESMA/EBA
Malta - Crypto & Digital Assets: Regulated. Markets in Crypto-Assets Regulation (Regulation (EU) 2023/1114, 'MiCA') — CASP authorisation regime, supervised by national competent authorities with convergence coordinated by ESMA/EBA
Netherlands - Crypto & Digital Assets: Regulated. Markets in Crypto-Assets Regulation (Regulation (EU) 2023/1114, 'MiCA') — CASP authorisation regime, supervised by national competent authorities with convergence coordinated by ESMA/EBA
Poland - Crypto & Digital Assets: Regulated. Markets in Crypto-Assets Regulation (Regulation (EU) 2023/1114, 'MiCA') — CASP authorisation regime, supervised by national competent authorities with convergence coordinated by ESMA/EBA
Portugal - Crypto & Digital Assets: Regulated. Markets in Crypto-Assets Regulation (Regulation (EU) 2023/1114, 'MiCA') — CASP authorisation regime, supervised by national competent authorities with convergence coordinated by ESMA/EBA
Romania - Crypto & Digital Assets: Regulated. Markets in Crypto-Assets Regulation (Regulation (EU) 2023/1114, 'MiCA') — CASP authorisation regime, supervised by national competent authorities with convergence coordinated by ESMA/EBA
Slovakia - Crypto & Digital Assets: Regulated. Markets in Crypto-Assets Regulation (Regulation (EU) 2023/1114, 'MiCA') — CASP authorisation regime, supervised by national competent authorities with convergence coordinated by ESMA/EBA
Slovenia - Crypto & Digital Assets: Regulated. Markets in Crypto-Assets Regulation (Regulation (EU) 2023/1114, 'MiCA') — CASP authorisation regime, supervised by national competent authorities with convergence coordinated by ESMA/EBA
Spain - Crypto & Digital Assets: Regulated. Markets in Crypto-Assets Regulation (Regulation (EU) 2023/1114, 'MiCA') — CASP authorisation regime, supervised by national competent authorities with convergence coordinated by ESMA/EBA
Sweden - Crypto & Digital Assets: Regulated. Markets in Crypto-Assets Regulation (Regulation (EU) 2023/1114, 'MiCA') — CASP authorisation regime, supervised by national competent authorities with convergence coordinated by ESMA/EBA
United States - Crypto & Digital Assets: Developing. No single federal license; a two-tier system: federal AML registration with FinCEN as a Money Services Business (Bank Secrecy Act, 31 CFR 1010/1022) plus state-by-state money transmitter licensing (with specialized regimes in NY (BitLicense) and CA (DFAL)). Securities/commodities oversight is split between the SEC and CFTC; comprehensive federal market-structure legislation (CLARITY Act) is still pending as of May 2026.
United Kingdom - Crypto & Digital Assets: Developing. Today: FCA registration under the Money Laundering Regulations 2017 (AML/CTF only). Incoming: full conduct regime under the Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2025 + FCA Handbook rules (made under FSMA 2000 as amended by FSMA 2023).
Singapore - Crypto & Digital Assets: Regulated. Two complementary regimes administered by the Monetary Authority of Singapore (MAS): the Payment Services Act 2019 (PS Act), which licenses Digital Payment Token (DPT) services provided to customers in Singapore, and the Digital Token Service Provider (DTSP) regime under Part 9 of the Financial Services and Markets Act 2022 (FSM Act), in force since 30 June 2025, which licenses Singapore-based providers serving only customers outside Singapore. Securities-like tokens fall under the Securities and Futures Act 2001.
UAE - Crypto & Digital Assets: Regulated. Dubai Law No. (4) of 2022 on the Regulation of Virtual Assets, administered by the Virtual Assets Regulatory Authority (VARA), supported by the Virtual Assets and Related Activities Regulations 2023 and seven binding Rulebooks (four compulsory + activity-specific). VARA exercises powers delegated from the federal Securities and Commodities Authority (SCA) under Cabinet Resolution No. 111/112 of 2022.
Japan - Crypto & Digital Assets: Regulated. Payment Services Act (PSA) — Crypto-Asset Exchange Service Provider (CAESP) registration with the Financial Services Agency (FSA), supplemented by the Cabinet Office Order on Crypto-asset Exchange Service Providers and self-regulation by the JVCEA. A 2026 amendment package and a proposed shift to the Financial Instruments and Exchange Act (FIEA) are pending.
Hong Kong - Crypto & Digital Assets: Regulated. Dual-regime under the Securities and Futures Ordinance (SFO) and Part 5B of the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (AMLO), administered by the Securities and Futures Commission (SFC); the AMLO VATP licensing regime has been mandatory since 1 June 2023.
Liechtenstein - Crypto & Digital Assets: Regulated. Markets in Crypto-Assets Regulation (MiCAR, Regulation (EU) 2023/1114), incorporated into the EEA Agreement and applicable in Liechtenstein, implemented domestically via the EEA MiCA Implementation Act (EWR-MiCA-DG); the domestic Token and TT Service Provider Act (TVTG) continues for a transitional period and for non-MiCAR token services. Supervised by the Financial Market Authority (FMA Liechtenstein).
Switzerland - Crypto & Digital Assets: Regulated. Technology-neutral application of existing financial market law: Anti-Money Laundering Act (AMLA, SR 955.0) with FINMA-recognized SRO membership for intermediary activities; Banking Act / FinTech licence and Financial Market Infrastructure Act (FMIA, incl. the 2021 DLT package) for deposit-taking, custody and trading. Supervised by FINMA. A FinIA reform creating dedicated 'Crypto-Institution' and 'Payment Instrument Institution' licences was in consultation (closed 6 Feb 2026) with expected entry into force in 2027.
Norway - Crypto & Digital Assets: Regulated. EU Markets in Crypto-Assets Regulation (MiCA), incorporated into Norwegian law via the Crypto-Assets Act (Lov om kryptoeiendeler / 'kryptoeiendelsloven') under the EEA Agreement; Finanstilsynet (Norwegian FSA) is the competent authority. The legacy AML-Act VASP registration regime is being phased out.
Gibraltar - Crypto & Digital Assets: Developing. Financial Services (Distributed Ledger Technology Providers) Regulations, made under the Financial Services Act 2019 (FSA), administered by the Gibraltar Financial Services Commission (GFSC). As of 27 October 2025, 'Virtual Asset Arrangements' (exchange services) are also expressly regulated activities under Part 16 of Schedule 2 to the FSA requiring Part 7 permission.
Turkey - Crypto & Digital Assets: Developing. Capital Markets Law (No. 6362) as amended by Law No. 7518 (effective 2 July 2024), implemented through CMB Communiqués III-35/B.1 and III-35/B.2 (13 March 2025); AML/transfer rules administered by MASAK. Primary regulator: Capital Markets Board (Sermaye Piyasası Kurulu / CMB-SPK).
Ukraine - Crypto & Digital Assets: Developing. Draft Law No. 10225-d 'On Amendments to the Tax Code and Certain Other Legislative Acts Regarding the Regulation of the Virtual Asset Market' (MiCA-aligned), with the National Securities and Stock Market Commission (NSSMC) designated as regulator. The earlier Law 'On Virtual Assets' No. 2074-IX (2022) was passed but never entered into force.
Russia - Crypto & Digital Assets: Developing. Bank of Russia (Central Bank) is the lead regulator. Two distinct regimes: (1) Federal Law No. 259-FZ 'On Digital Financial Assets' (in force since Jan 2021) governs tokenized DFAs and their licensed exchange/issuance operators; (2) 'digital currency' (cryptocurrency such as Bitcoin) is recognized as property/monetary asset but trading is currently allowed only under an Experimental Legal Regime (ELR) — a broad licensing framework for crypto intermediaries was unveiled by the Bank of Russia in Dec 2025 and is slated for adoption by July 1, 2026.
Canada - Crypto & Digital Assets: Regulated. Dual federal-provincial regime: provincial/territorial securities regulators coordinated through the Canadian Securities Administrators (CSA) plus self-regulatory oversight by the Canadian Investment Regulatory Organization (CIRO) for the securities/conduct side; FINTRAC (under the PCMLTFA) for AML registration as a Money Services Business dealing in virtual currency.
Brazil - Crypto & Digital Assets: Regulated. Law No. 14.478/2022 (Brazilian Virtual Assets Law) implemented by Banco Central do Brasil (BCB) Resolutions Nos. 519, 520 and 521 of 10 November 2025; BCB is the designated regulator and licensing authority for VASPs (locally 'SPSAVs').
Mexico - Crypto & Digital Assets: Developing. No dedicated VASP licensing regime. Two overlapping bodies of law: (1) the Fintech Law (Ley para Regular las Instituciones de Tecnología Financiera, 2018) regulating regulated financial entities' contact with virtual assets via Banxico; and (2) the Federal Anti-Money Laundering Law (LFPIORPI), as reformed in July 2025, which treats virtual-asset exchange as an AML 'vulnerable activity' supervised by SHCP/UIF. CNBV and Banxico are the financial regulators.
Argentina - Crypto & Digital Assets: Developing. Comisión Nacional de Valores (CNV) — RG 1058/2025 (consolidating RG 994/2024), under Law No. 27,739 (AML reform) which created the PSAV regime and designated VASPs as 'sujetos obligados' before the UIF (FIU)
El Salvador - Crypto & Digital Assets: Regulated. Digital Assets Issuance Law (Ley de Emisión de Activos Digitales, Legislative Decree No. 643 of 2023), administered by the National Commission of Digital Assets (Comisión Nacional de Activos Digitales / CNAD)
Bahamas - Crypto & Digital Assets: Regulated. Digital Assets and Registered Exchanges Act, 2024 (DARE Act 2024), administered by the Securities Commission of The Bahamas (SCB)
Cayman Islands - Crypto & Digital Assets: Regulated. Virtual Asset (Service Providers) Act (as amended, 2024/2025) administered by the Cayman Islands Monetary Authority (CIMA), supported by the VASP Regulations, CIMA's Regulatory Policy on Registration or Licensing of VASPs (gazetted 23 May 2025) and the Rule & Statement of Guidance on Market Conduct for VASPs (Feb 2026).
Bermuda - Crypto & Digital Assets: Regulated. Digital Asset Business Act 2018 (DABA), administered by the Bermuda Monetary Authority (BMA), supplemented by the DABA Code of Practice, the Digital Asset Business (Custody of Client Assets) Rules 2025, and the Digital Asset Issuance Act 2020 (DAIA) for token offerings.
Saudi Arabia - Crypto & Digital Assets: Developing. No dedicated VASP/exchange licensing regime. Governed by the 2018 Standing Committee position (CMA + SAMA + ministries) that virtual currencies are unregulated/unauthorized; tokenized-securities activity is handled case-by-case through the CMA FinTech Lab sandbox under the Capital Market Law. A comprehensive digital-asset framework is reportedly under development by the CMA.
Bahrain - Crypto & Digital Assets: Regulated. Central Bank of Bahrain (CBB) Rulebook Volume 6 (Capital Markets), Crypto-Asset (CRA) Module; complemented by the Stablecoin Issuance and Offering (SIO) Module effective July 2025
Qatar - Crypto & Digital Assets: Restricted. QFC Digital Assets Framework 2024 (QFC Digital Assets Regulations 2024, Investment Token Rules 2024, Token Service Provider Guidelines), administered by the Qatar Financial Centre Authority (QFCA) and Qatar Financial Centre Regulatory Authority (QFCRA); cryptocurrency activity remains separately prohibited under Qatar Central Bank Circular No. 6 of 2018 and the 2019 QFCRA alert.
Israel - Crypto & Digital Assets: Developing. Supervision of Financial Services (Regulated Financial Services) Law, 5776-2016, administered by the Capital Market, Insurance and Savings Authority (CMA/CMISA), supplemented by the AML Order 5778-2018 — with proposed Securities Law amendments and stablecoin rules pending.
South Africa - Crypto & Digital Assets: Developing. FSCA licensing of Crypto Asset Service Providers (CASPs) under the Financial Advisory and Intermediary Services Act 37 of 2002 (FAIS), following the October 2022 declaration of crypto assets as a financial product (General Notice 1350), plus AML obligations under the Financial Intelligence Centre Act (FICA).
Nigeria - Crypto & Digital Assets: Regulated. Investments and Securities Act (ISA) 2025 + SEC Rules on Issuance, Offering Platforms and Custody of Digital Assets (as amended), administered by the Securities and Exchange Commission (SEC)
Kenya - Crypto & Digital Assets: Developing. Virtual Asset Service Providers Act, 2025 (in force 4 Nov 2025), operationalised by the draft Virtual Asset Service Providers Regulations, 2026; jointly administered by the Central Bank of Kenya (CBK) and Capital Markets Authority (CMA).
Mauritius - Crypto & Digital Assets: Developing. Virtual Asset and Initial Token Offering Services (VAITOS) Act 2021, administered by the Financial Services Commission (FSC) Mauritius, supplemented by FSC Rules (capital, client disclosure, custody, cybersecurity, Travel Rule) and licensing criteria for each VASP class.
South Korea - Crypto & Digital Assets: Developing. Two operative laws administered by the Financial Services Commission (FSC) and its Korea Financial Intelligence Unit (KoFIU): the Act on Reporting and Use of Specified Financial Transaction Information ("Specified Financial Information Act"/AML registration regime, in force since Mar 2021) and the Act on the Protection of Virtual Asset Users (VAUPA, in force 19 Jul 2024). A comprehensive "second-phase" Digital Asset Basic Act (covering issuance, stablecoins, etc.) is proposed but not yet enacted.
China - Crypto & Digital Assets: Banned. No licensing regime exists in mainland China. Crypto exchange/VASP activity is prohibited under the PBOC-led joint Notice on Further Preventing and Disposing of the Risks of Speculation in Virtual Currency Trading (24 September 2021), reinforced by a joint PBOC notice of 6 February 2026 extending the ban to RWA tokenization and unapproved yuan-pegged stablecoins.
Taiwan - Crypto & Digital Assets: Developing. Two-tier regime: (1) in-force mandatory AML registration for VASPs under the Money Laundering Control Act (amended July 2024) and the FSC's VASP AML Registration Regulations (effective 30 Nov 2024), administered by the Financial Supervisory Commission (FSC); and (2) a comprehensive Virtual Asset Service Act (VASP Act) approved by the Executive Yuan on 2 Apr 2026 and pending Legislative Yuan passage, which will move the sector from registration to full licensing.
India - Crypto & Digital Assets: Developing. No dedicated crypto-exchange licensing law. The binding regime is the Prevention of Money Laundering Act, 2002 (PMLA), under which a March 2023 Ministry of Finance notification brought Virtual Digital Asset (VDA) activities into scope, requiring registration with the Financial Intelligence Unit-India (FIU-IND) as a 'Reporting Entity'. Taxation runs through the Income-tax Act (s.115BBH, s.194S); securities-like tokens fall to SEBI; a comprehensive VDA bill/discussion paper remains unfinalized.
Indonesia - Crypto & Digital Assets: Developing. OJK Regulation No. 27 of 2024 (POJK 27/2024), as amended by POJK 23/2025, issued under Law No. 4 of 2023 (P2SK / Financial Sector Development and Strengthening Law); supervised by Otoritas Jasa Keuangan (OJK), which assumed authority from Bappebti on 10 January 2025.
Thailand - Crypto & Digital Assets: Regulated. Emergency Decree on Digital Asset Businesses B.E. 2561 (2018), as amended by the Royal Decree on Digital Asset Business Operation (No. 2) B.E. 2568 (2025); licenses granted by the Ministry of Finance on recommendation of the SEC, which supervises and enforces.
Vietnam - Crypto & Digital Assets: Developing. Law on Digital Technology Industry 2025 (effective 1 Jan 2026) + Government Resolution 05/2025/NQ-CP (9 Sep 2025) establishing a 5-year crypto-asset market pilot, operationalized by Ministry of Finance Decision 96/QĐ-BTC (20 Jan 2026); licensing administered by the State Securities Commission under the Ministry of Finance.
Philippines - Crypto & Digital Assets: Developing. Dual regime: Bangko Sentral ng Pilipinas (BSP) Circular No. 1108 (2021) licenses Virtual Asset Service Providers as money service businesses; SEC Memorandum Circular Nos. 4 & 5, Series of 2025 (CASP Rules and Guidelines, effective July 2025) regulate Crypto-Asset Service Providers, focusing on issuance, marketing, trading and investor protection.
Malaysia - Crypto & Digital Assets: Regulated. Securities Commission Malaysia (SC) under the Capital Markets and Services Act 2007 (CMSA) and the Capital Markets and Services (Prescription of Securities) (Digital Currency and Digital Token) Order 2019, operationalized through the SC's Guidelines on Recognized Markets (RMO-DAX) and Guidelines on Digital Assets
Kazakhstan - Crypto & Digital Assets: Regulated. Dual regime: (1) Law No. 193-VII 'On Digital Assets in the Republic of Kazakhstan' (6 Feb 2023, in force 1 Apr 2023) plus the AIFC Rules on Digital Asset Activities supervised by the Astana Financial Services Authority (AFSA) within the Astana International Financial Centre (AIFC); and (2) a nationwide regime created by Nov 2025 amendments (Law No. 231-VIII) extending unsecured-digital-asset circulation across Kazakhstan under the National Bank of Kazakhstan (NBK), with NBK licensing of exchange operators commencing 1 May 2026.
Australia - Crypto & Digital Assets: Developing. Dual-regulator model: AUSTRAC registration under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (in force), plus ASIC licensing under the Corporations Act 2001 as amended by the Corporations Amendment (Digital Assets Framework) Act 2026 (enacted, commences 9 April 2027).
New Zealand - Crypto & Digital Assets: Developing. No bespoke VASP licensing regime. Crypto exchanges/VASPs are regulated by applying existing general law: the AML/CFT Act 2009 (supervised mainly by the Department of Internal Affairs), the Financial Service Providers (Registration and Dispute Resolution) Act 2008 (FSPR registration), and the Financial Markets Conduct Act 2013 (FMA — applies where a crypto asset is a 'financial product'). The OECD Crypto-Asset Reporting Framework (CARF) applies from 1 April 2026 (administered by Inland Revenue).
Egypt - Crypto & Digital Assets: Restricted. Central Bank of Egypt and Banking System Law No. 194 of 2020 (notably Art. 206), enforced by the Central Bank of Egypt (CBE)
Albania - Crypto & Digital Assets: Regulated. Law No. 66/2020 'On Financial Markets Based on Distributed Ledger Technology' (in force 1 Sept 2020), supervised by the Albanian Financial Supervisory Authority (AFSA/AMF) jointly with the National Agency for Information Society (AKSHI); tax under Law No. 29/2023 'On Income Tax' (effective 1 Jan 2024).
Algeria - Crypto & Digital Assets: Banned. Law No. 25-10 of 24 July 2025 (Journal Officiel/JORADP No. 48), amending Law No. 05-01 on anti-money-laundering & counter-terrorist-financing — inserting Article 6 bis (total prohibition of virtual assets) and Article 31 bis (criminal penalties); builds on Article 117 of the 2018 Finance Law. Enforced by the Bank of Algeria, the Banking Commission and judicial authorities.
Andorra - Crypto & Digital Assets: Regulated. Law 24/2022 of 30 June on the digital representation of assets through cryptography, distributed ledger technology and blockchain (in force since 20 October 2022), supervised by the Andorran Financial Authority (AFA); AML/CFT under Law 14/2017 as amended by Law 37/2021.
Angola - Crypto & Digital Assets: Unclear. Lei n.º 3/24 de 10 de abril (Legal Regime on the Prohibition of Mining of Cryptocurrencies and Other Virtual Assets); Banco Nacional de Angola (BNA) as sole monetary authority; Comissão do Mercado de Capitais (CMC) for any securities-like tokens. No comprehensive VASP licensing framework yet in force.
Armenia - Crypto & Digital Assets: Regulated. Law of the Republic of Armenia 'On Crypto-Assets' (adopted 29 May 2025, in force 4 July 2025), with implementing by-laws of the Central Bank of Armenia (CBA) in force from 31 January 2026; supervised and licensed by the Central Bank of Armenia. Crypto-assets are also defined for tax purposes in the Tax Code and treated as a distinct asset class under the Civil Code.
Azerbaijan - Crypto & Digital Assets: Developing. No comprehensive crypto statute in force yet. A draft law 'On the activity of virtual assets and virtual asset service providers' is being prepared by the Central Bank of the Republic of Azerbaijan (CBAR) under the Financial Sector Development Strategy 2024-2026; meanwhile crypto activity is unregulated-but-permitted and taxed under general tax law, with AML/KYC obligations applied via the Financial Monitoring Service.
Bangladesh - Crypto & Digital Assets: Banned. No dedicated crypto statute. Use/trading is prohibited by Bangladesh Bank under the Foreign Exchange Regulation Act 1947 (FER Act), the Money Laundering Prevention Act 2012, and the Anti-Terrorism Act 2009, communicated through central-bank public notices. A nascent regulatory perimeter is set out in the National Blockchain Policy of Bangladesh 2026 (ICT Division), which assigns Virtual Asset Service Provider (VASP) oversight to Bangladesh Bank's AML/CFT framework and tokenised-securities oversight to the Bangladesh Securities and Exchange Commission (BSEC).
Belarus - Crypto & Digital Assets: Developing. Presidential Decree No. 8 'On Development of Digital Economy' (2017, in force 28 Mar 2018) as the foundational regime, now supplemented by Decree No. 19 'On Crypto Banks and Some Issues of Regulation of Digital Tokens' (signed 16 Jan 2026); supervised by the High-Technology Park (HTP) and the National Bank of the Republic of Belarus.
Bolivia - Crypto & Digital Assets: Developing. BCB Resolución de Directorio N°082/2024 (lifted the crypto ban, authorizing virtual-asset operations via electronic payment channels) + ASFI Reglamento para Empresas de Tecnología Financiera (Resolución ASFI/540/2025), which defines Virtual Asset Service Providers (PSAV) and a regulatory sandbox. Oversight is shared by Banco Central de Bolivia (BCB), the financial supervisor ASFI, and the financial-intelligence unit (UIF).
Botswana - Crypto & Digital Assets: Developing. Virtual Assets Act, 2022 and Virtual Assets Regulations, 2022, administered by the Non-Bank Financial Institutions Regulatory Authority (NBFIRA); AML/CFT under the Financial Intelligence Act, 2012. Crypto is legal but not legal tender (Bank of Botswana).
Brunei - Crypto & Digital Assets: Developing. No dedicated crypto statute. Brunei Darussalam Central Bank (BDCB) — formerly AMBD — supervises the financial system under the Brunei Darussalam Central Bank Order 2010; BDCB has publicly stated it is developing a legal and regulatory framework for the licensing and supervision of cryptocurrencies and related activities. AML/CFT guidelines for financial institutions took effect 1 April 2024.
Cambodia - Crypto & Digital Assets: Developing. National Bank of Cambodia (NBC) Prakas B7-024-735 on Transactions Related to Cryptoassets (26 Dec 2024) for banks/payment institutions; and Securities and Exchange Regulator of Cambodia (SERC, under the Non-Bank Financial Services Authority) Prakas No. 093 on the Licensing and Management of Digital Asset Businesses (30 Dec 2025) for investment-purpose digital asset service providers. Builds on the 2018 NBC/SERC/National Police joint warning.
Cameroon - Crypto & Digital Assets: Developing. CEMAC Financial Market Regulation (COSUMAF, December 2022); COBAC Directive prohibiting bank/financial-institution crypto activity (May 2022); BEAC monetary oversight; no standalone national Cameroon crypto law enacted
Chile - Crypto & Digital Assets: Developing. Law No. 21.521 (Fintech Law, 2023) — regulated by the Comisión para el Mercado Financiero (CMF); secondary rules under NCG 502; tax administered by Servicio de Impuestos Internos (SII)
Colombia - Crypto & Digital Assets: Developing. Proyecto de Ley 510/2025 (PSAV bill, pending Congress); DIAN Resolution 000240 of 24 Dec 2025; SFC regulatory guidance and closed sandbox
Costa Rica - Crypto & Digital Assets: Developing. Law No. 7786 (AML/CFT Act, as proposed to be amended by Bill 22.837 to encompass VASPs under SUGEF); general commercial law; SUGEVAL Securities Market Law for token offerings with securities characteristics; Ministerio de Hacienda private letter ruling on crypto taxation (2023, ongoing applicability)
Côte d'Ivoire - Crypto & Digital Assets: Unclear. BCEAO (Banque Centrale des États de l'Afrique de l'Ouest) regional authority; UEMOA/WAEMU monetary union framework; no crypto-specific regulation enacted as of May 2026
Cuba - Crypto & Digital Assets: Developing. Banco Central de Cuba (BCC) Resolution 215/2021 (amended 2024); Resolution 4/2026 (Gaceta Oficial Extraordinaria No. 46, March 23, 2026)
Dominican Republic - Crypto & Digital Assets: Developing. Ley Monetaria y Financiera No. 183-02 (Monetary and Financial Law) and Constitutional Arts. 228-230 govern monetary policy; Ley No. 155-17 (AML/CFT) applies to virtual-asset transactions; Banco Central de la República Dominicana (BCRD) and Junta Monetaria are the principal authorities. No dedicated virtual-asset law exists.
Ecuador - Crypto & Digital Assets: Developing. Código Orgánico Monetario y Financiero (COMF) Arts. 94 & 98; Ley de Prevención de Lavado de Activos (Oct 2025 revision); JPRFM Resolution JPRFM-2025-004-F (FinTech by-laws); supervised by Banco Central del Ecuador (BCE), UAFE, Superintendencia de Bancos (SB), and SCVS
Ethiopia - Crypto & Digital Assets: Developing. National Bank of Ethiopia (NBE) — Proclamation No. 1359/2024 (Payment Systems); National Payment System (Amendment) Proclamation No. 1282/2023; NBE Public Notice on Birr-Paired P2P Crypto Transactions (February 2026)
Fiji - Crypto & Digital Assets: Unclear. Reserve Bank of Fiji Act 1983, Section 22(2), as amended by the Reserve Bank of Fiji Budget Amendment Act 2025; administered by the Reserve Bank of Fiji (RBF) and the National Anti-Money Laundering Council (NAMLC)
Georgia - Crypto & Digital Assets: Developing. Georgia AML/CFT Law (amended Jan 2023) + NBG Rule on VASP Registration (Aug 2023) + proposed amendments to Organic Law of NBG (submitted Sept 2025, subordinate acts due Sept 2026); supervised by the National Bank of Georgia (NBG)
Ghana - Crypto & Digital Assets: Developing. Virtual Asset Service Providers Act, 2025 (Act 1154); dual regulators — Bank of Ghana (primary VASP licensor, Virtual Assets Regulatory Office) and Securities and Exchange Commission Ghana (exchanges, token issuance, investment-related services); Financial Intelligence Centre (AML/CFT)
Guatemala - Crypto & Digital Assets: Developing. No dedicated crypto law in force. The quetzal is the sole legal tender under Monetary Law (Decreto 17-2002); the Superintendencia de Bancos (SIB) regulates the financial sector. Legislative Initiative No. 6538 ('Ley de Criptomonedas en Guatemala'), introduced May 12 2025, would create the first dedicated crypto framework under SIB supervision — not yet enacted as of mid-2026.
Honduras - Crypto & Digital Assets: Developing. CNBS Resolution 069/09-02-2024 (Circular 003/2024); Banco Central de Honduras (BCH); no dedicated crypto legislation enacted
Iceland - Crypto & Digital Assets: Regulated. EU Markets in Crypto-Assets Regulation (MiCA, Regulation (EU) 2023/1114) incorporated into the EEA Agreement; Act No. 140/2018 on Measures against Money Laundering and Terrorist Financing; Rules No. 152/2023 on Virtual Asset Service Providers. National competent authority: Central Bank of Iceland (Seðlabanki Íslands, which absorbed the former FME).
Iran - Crypto & Digital Assets: Developing. Central Bank of Iran (CBI) Policy and Regulatory Framework for Cryptocurrencies (approved December 2024); Presidential Directive designating CBI as sole regulator (January 2025); Ministry of Industry, Mine and Trade licensing for mining
Iraq - Crypto & Digital Assets: Unclear. Central Bank of Iraq Circular No. 125/5/9 (22 November 2021); CBI follow-up directive (26 March 2022); Anti-Money Laundering and Countering Terrorism Financing Law No. 39/2015 (Art. 36); Kurdistan Regional Government Interior Ministry Directive (2025–2026)
Jamaica - Crypto & Digital Assets: Developing. No dedicated virtual-asset law yet in force; FSC Jamaica and Bank of Jamaica Act govern the space; Virtual Assets Service Providers (VASP) Bill programmed for 2025/26 parliamentary session
Jordan - Crypto & Digital Assets: Developing. Law Regulating Dealings in Virtual Assets No. 14 of 2025 (Official Gazette No. 5996, 16 June 2025; effective 14 September 2025); VASP Licensing Regulation No. 94 of 2025; Jordan Securities Commission (JSC) as primary licensing authority
Kuwait - Crypto & Digital Assets: Unclear. Coordinated circulars of 17 July 2023 issued by the Central Bank of Kuwait, Capital Markets Authority (CMA Circular No. 10/2023), and Insurance Regulatory Unit (Circular No. 6/2023); reinforced by Ministry of Interior enforcement action of April 2025
Laos - Crypto & Digital Assets: Developing. Decision on Digital Asset Transactions No. 888/MOTC (9 Nov 2021, Ministry of Technology and Communications); Bank of Lao PDR (BOL) as primary licensor and supervisor of crypto trading platforms; three-year pilot licensing regime for VASPs
Lebanon - Crypto & Digital Assets: Developing. Banque du Liban (BDL) 2013 warning circular to banks; Capital Markets Authority (CMA) Official Gazette Announcement 30 (12 Feb 2018); Electronic Transactions and Personal Data Law; inter-ministerial committee drafting a digital-asset regulatory framework (active as of early 2026)
Moldova - Crypto & Digital Assets: Developing. No dedicated crypto law in force; Ministry of Finance MiCA-aligned draft bill (co-developed with the National Bank of Moldova, National Commission for Financial Markets, and Office for Prevention and Combating Money Laundering) awaiting government approval and parliamentary adoption; target: in force by end-2026
Monaco - Crypto & Digital Assets: Developing. Law No. 1.528 of 7 July 2022 on digital and crypto-asset service providers; dual-authority supervision by the Commission de Contrôle des Activités Financières (CCAF) and the State Minister
Mongolia - Crypto & Digital Assets: Developing. Law on Virtual Asset Service Providers (adopted December 17, 2021; in force March 1, 2022), enforced by the Financial Regulatory Commission (FRC); supplemented by the Law on Securities Market and Payment System Law overseen by the Bank of Mongolia
Morocco - Crypto & Digital Assets: Restricted. Draft Bill 42.25 (avant-projet de loi n° 42-25) on crypto-assets, published November 2025 for public consultation; joint oversight by Bank Al-Maghrib and AMMC. Current operative restriction: 2017 joint warning by Bank Al-Maghrib, Office des Changes, AMMC, and ACAPS declaring crypto use unauthorized under Morocco's foreign-exchange regime.
Mozambique - Crypto & Digital Assets: Developing. No dedicated crypto/digital-asset law; Banco de Moçambique (central bank) exercises general financial oversight; general income-tax (IRPS/IRPC) and capital-markets legislation apply by default in the absence of crypto-specific rules
Myanmar - Crypto & Digital Assets: Unclear. Central Bank of Myanmar Directive 9/2020; CBM Law; Financial Institutions Law 2016; Anti-Money Laundering Law
Namibia - Crypto & Digital Assets: Developing. Virtual Assets Act 10 of 2023; Bank of Namibia designated as primary regulator under Section 5; NAMFISA as licensing/supervisory authority
Nepal - Crypto & Digital Assets: Banned. Foreign Exchange (Regulation) Act, 1962 (amended 2019); Act Restricting Investment Abroad, 1964; Nepal Rastra Bank Act, 2002 (2058 BS); enforced via NRB Official Notices (2017, Sep 2021, Apr 2023) and Nepal Police Cyber Bureau
North Macedonia - Crypto & Digital Assets: Developing. Law on Prevention of Money Laundering and Financing of Terrorism (July 2022 amendments, VASP obligations in force April 2023); supervised by Financial Intelligence Office (FIO) and National Bank of the Republic of North Macedonia (NBRM); no dedicated digital-assets law in force as of mid-2025
Oman - Crypto & Digital Assets: Developing. Financial Services Authority (FSA) Decision No. E/35/2023 – Instructions on VASP Registration and AML/CFT Compliance; proposed comprehensive Virtual Assets Regulatory Framework (consultation stage, not yet enacted)
Pakistan - Crypto & Digital Assets: Regulated. Virtual Assets Act 2026 (enacted March 2026, in force upon Gazette publication); Pakistan Virtual Assets Regulatory Authority (PVARA), established July 8 2025 under Virtual Assets Ordinance 2025; SBP BPRD Circular Letter No. 10 of 2026
Panama - Crypto & Digital Assets: Developing. No dedicated crypto law in force; Law 23 of 2015 (AML/CFT) via UAF applies to virtual-asset businesses; Bill 247 (March 2025) pending in National Assembly subcommittee
Papua New Guinea - Crypto & Digital Assets: Developing. No dedicated crypto/digital-asset legislation; Bank of Papua New Guinea Act, Capital Market Act 2015, and Securities Commission Act 2015 provide partial coverage; Income Tax Act 2025 (in force 1 January 2026) introduces limited capital-gains tax regime; FATF Mutual Evaluation 2024 (APG) identifies AML/CFT deficiencies including gaps in VASP oversight
Paraguay - Crypto & Digital Assets: Developing. Law No. 7572/2025 (Securities & Products Market – SIV supervision of tokenized assets); SEPRELAD VASP AML/CFT registration regime (since 2020); DNIT General Resolution 47/2026 (crypto transaction reporting); BCP communiqués (no legal-tender status)
Peru - Crypto & Digital Assets: Developing. Supreme Decree 006-2023-JUS (VASP AML registration); SBS Resolution 02648-2024 (SPLAFT for PSAVs); pending Bill 1204/2021-CR (Framework Law for Commercialization of Cryptoassets); supervised by SBS/UIF-Perú for AML and SMV for securities
Rwanda - Crypto & Digital Assets: Developing. Virtual Asset Business Law (unanimously passed by Chamber of Deputies 5 May 2026, awaiting presidential assent and Official Gazette publication); Capital Markets Authority Rwanda (CMA) as primary regulator; National Bank of Rwanda (NBR) as co-ordinating monetary/payment authority
San Marino - Crypto & Digital Assets: Regulated. Republic of San Marino Delegated Decrees on Distributed Ledger Technologies and Crypto-Assets (DD 37/2019, DD 87/2021, DD 111/2021, DD 150/2023, DD 2/2024, DD 50/2024, DD 138/2024); supervised by Banca Centrale della Repubblica di San Marino (BCSM), San Marino Innovation, and AIF (Agenzia di Informazione Finanziaria)
Senegal - Crypto & Digital Assets: Developing. BCEAO Instruction No. 008-05-2015 (e-money issuers, WAEMU-wide); Senegal Law No. 2018-03 (AML/CFT); CENTIF-Senegal (FIU); BCEAO regional crypto framework under active development
Serbia - Crypto & Digital Assets: Regulated. Law on Digital Assets (RS Official Gazette, No 153/2020, in force 29 June 2021); dual supervision by National Bank of Serbia (NBS) for virtual currencies and Securities Commission of Serbia (SECC) for digital tokens/financial-instrument tokens
Sri Lanka - Crypto & Digital Assets: Developing. No dedicated crypto legislation in force; framework under development by the AML/CFT National Coordinating Committee Sub-Committee on VASPs, the Financial Intelligence Unit (FIU Sri Lanka), and the Ministry of Digital Economy — driven by FATF Recommendation 15 compliance obligations ahead of the 2026 mutual evaluation
Tanzania - Crypto & Digital Assets: Developing. No dedicated crypto statute; partial governance through Finance Act 2024 (digital-asset withholding tax, effective 1 July 2024), Anti-Money Laundering Act Cap. 423 (as amended through 2025) covering VASPs, Bank of Tanzania 2019 public caution notice, and High Court Commercial Case No. 12171 of 2024 (Yellow Card precedent). Primary oversight bodies: Bank of Tanzania (BoT) and Capital Markets and Securities Authority (CMSA).
Trinidad and Tobago - Crypto & Digital Assets: Developing. Virtual Assets and Virtual Asset Service Providers Act 2025 (Presidential assent 23 December 2025), administered by the Trinidad and Tobago Securities and Exchange Commission (TTSEC)
Tunisia - Crypto & Digital Assets: Unclear. Central Bank of Tunisia (BCT) January 2018 directive prohibiting unauthorized virtual-currency activities; Exchange Control Act (Law No. 76-18 of 21 January 1976, as amended); draft new Foreign Exchange Code in final parliamentary passage (expected Q1 2026)
Uganda - Crypto & Digital Assets: Developing. Anti-Money Laundering Act 2013 (amended December 2020) — VASPs register with Financial Intelligence Authority; Bank of Uganda Circular NPSD 306 (2022) banning crypto-to-mobile-money conversions; National Payment Systems Act 2020; Capital Markets Authority regulatory sandbox; no comprehensive dedicated virtual-assets law in force
Uruguay - Crypto & Digital Assets: Developing. Law No. 20,345 of 19 September 2024 (Virtual Assets Act); BCU/SSF PSAV Regulatory Project (August 2025, revised March 2026); administered by Banco Central del Uruguay (BCU) — Superintendencia de Servicios Financieros (SSF)
Uzbekistan - Crypto & Digital Assets: Developing. Presidential Decree No. 3832 (2018) and subsequent presidential decrees; NAPP (National Agency for Perspective Projects) as primary licensing and supervisory authority; Law ZRU-899 (Jan 2024) introducing criminal/administrative liability for illegal crypto activity
Venezuela - Crypto & Digital Assets: Developing. Constitutional Decree on Cryptoassets (CDCA, April 2019); Decree 3196 (December 2017); Superintendencia Nacional de Criptoactivos y Actividades Conexas (SUNACRIP)
Zambia - Crypto & Digital Assets: Developing. No dedicated virtual-asset law in force; Bank of Zambia Act (Cap 360), Securities Act No. 41 of 2016 (as amended by Act No. 21 of 2022), Anti-Money Laundering Act, and Financial Intelligence Centre Act applied on an ad-hoc basis; BoZ 2024-2027 Strategic Plan commits to a purpose-built crypto and stablecoin regulatory framework
Zimbabwe - Crypto & Digital Assets: Developing. Finance Act No. 7 of 2025 (amends Money Laundering and Proceeds of Crime Act to define virtual assets and classify VASPs as AML/CFT reporting entities); Securities and Exchange Commission of Zimbabwe (SECZ) for securities-type tokens; Reserve Bank of Zimbabwe (RBZ) for payment/exchange oversight and Fintech Regulatory Sandbox; Zimbabwe Revenue Authority (ZIMRA) for tax; Financial Intelligence Unit (FIU) for AML/CFT enforcement
Afghanistan - Crypto & Digital Assets: Unclear. Taliban government religious edicts (crypto declared 'haram' under Sharia law, 2022); Da Afghanistan Bank (DAB) as central bank authority; no formal statutory crypto legislation
Barbados - Crypto & Digital Assets: Developing. No dedicated digital-assets statute in force; sector governed under general financial-services and AML/CFT laws supervised by the Central Bank of Barbados (CBB) and the Financial Services Commission (FSC); VASP-specific legislation under active public consultation (FSC deadline: 23 February 2026)
Belize - Crypto & Digital Assets: Developing. Financial Services Commission Act 2023 (Act No. 8 of 2023); Financial Services Commission (Digital Asset Services Licensing) Regulations, 2025 (SI No. 162, effective 30 December 2025); Financial Services Commission (Amendment) Act, 2026 — regulator: Financial Services Commission (FSC) of Belize
Benin - Crypto & Digital Assets: Developing. WAEMU AML/CFT Uniform Law (31 March 2023) transposed by Benin Law No. 2024-01 of 20 February 2024; BCEAO as regional monetary authority; no standalone crypto licensing law in force
Bhutan - Crypto & Digital Assets: Developing. Gelephu Mindfulness City (GMC) / Gelephu Financial Services Office (GFSO) special-administrative-zone licensing regime; Royal Monetary Authority of Bhutan (RMA) for mainland financial oversight
Bosnia & Herzegovina - Crypto & Digital Assets: Developing. State-level AML/CFT Law (February 2024) defining VASPs; Republika Srpska Securities Market Law (amended 2022) recognizing virtual assets; RS Securities Commission as primary licensing authority
British Virgin Islands - Crypto & Digital Assets: Developing. Virtual Assets Service Providers Act 2022 (effective 1 February 2023), supervised by the BVI Financial Services Commission (FSC); complemented by the Securities and Investment Business Act (SIBA) and Proceeds of Criminal Conduct Act
Burkina Faso - Crypto & Digital Assets: Unclear. BCEAO (Central Bank of West African States) regional monetary oversight via UEMOA membership; no Burkina Faso-specific crypto law; BCEAO C-CRYPTO committee developing UEMOA-wide digital-asset framework; BCEAO Instruction N°001-01-2024 on payment services
Burundi - Crypto & Digital Assets: Unclear. Banque de la République du Burundi (BRB) prohibition on all virtual currency transactions, announced September 2019; no enabling legislation or licensing regime exists
Central African Republic - Crypto & Digital Assets: Unclear. COBAC Decision D-2022/071 (CEMAC banking prohibition); CAR Loi No. 22.004 as amended March 2023 (voluntary-use only); BEAC/COBAC supranational oversight
Chad - Crypto & Digital Assets: Developing. COBAC Decision D-2022/071 (May 6, 2022); BEAC monetary policy; CEMAC Financial Market Regulation (as amended); no Chad-specific national crypto law
Congo - Crypto & Digital Assets: Developing. Democratic Republic of Congo: Banque Centrale du Congo (BCC); Ordonnance-Loi No. 23/010 of 13 March 2023 (Digital Code); draft Digital-Asset Law (2025, under inter-ministerial review). Republic of Congo (Brazzaville): CEMAC zone — COBAC Decision D-2022/071 of 6 May 2022; BEAC monetary authority.
Djibouti - Crypto & Digital Assets: Unclear. No dedicated crypto/digital-asset law. Primary financial authority is the Banque Centrale de Djibouti (BCD), operating under the Law on Banking Activity and the National Payment System Law. AML/CFT oversight is conducted under MENAFATF enhanced monitoring following the 2024 Mutual Evaluation Report.
DR Congo - Crypto & Digital Assets: Developing. No enacted crypto-specific law; Banque Centrale du Congo (BCC) is primary monetary regulator; Code du Numérique (Ordonnance-Loi No. 23/010, 13 March 2023) covers digital transactions broadly; draft Digital Asset Service Provider (DASP) law under inter-ministerial review as of 2025; AML/CFT overseen by CENAREF under Law No. 22/068 (December 2022)
Equatorial Guinea - Crypto & Digital Assets: Developing. CEMAC regional architecture: COBAC (banking supervisor) prohibition on crypto facilitation by financial institutions (May 2022); COSUMAF (financial markets regulator) Regulation on Virtual Assets and VASPs (December 2022); BEAC (Bank of Central African States) monetary oversight — no Equatorial Guinea-specific national crypto statute
Eritrea - Crypto & Digital Assets: Unclear. No crypto-specific legal framework exists. The Bank of Eritrea (BoE) governs all financial activity under general banking law; no virtual-asset or digital-asset legislation has been enacted.
eSwatini - Crypto & Digital Assets: Developing. No dedicated digital-asset statute. Oversight shared between the Central Bank of Eswatini (CBE) and the Financial Services Regulatory Authority (FSRA), with AML/CFT coverage extended to VASPs via the Anti-Money Laundering, Counter Financing of Terrorism and Proliferation Financing (Miscellaneous Amendments) Act, 2024. The Eswatini Financial Intelligence Unit (EFIU) handles financial-crime reporting.
Gabon - Crypto & Digital Assets: Developing. CEMAC supra-national regulation: COBAC Decision D-2022/071 (6 May 2022) prohibiting financial institutions from handling crypto-assets; CEMAC Regulation No. 01/22/CEMAC/UMAC/COSUMAF (July 2022) introducing VASP/ICO provisions; overseen by BEAC (central bank), COBAC (banking supervisor), and COSUMAF (capital-markets regulator). Gabon has no standalone domestic crypto statute.
Gambia - Crypto & Digital Assets: Unclear. No dedicated crypto or digital-asset framework exists; general financial supervision by the Central Bank of The Gambia (CBG) under the Financial Institutions Act; AML/CFT obligations under Gambia's Anti-Money Laundering Act administered by the Financial Intelligence Unit (FIU); FATF standards assessed by GIABA in 2022 Mutual Evaluation
Greenland - Crypto & Digital Assets: Unclear. Greenland Self-Government Act 2009 (Lov om Grønlands Selvstyre); Naalakkersuisut Department of Finance and Taxation as primary domestic authority; Danish Finanstilsynet in a supplementary North Atlantic oversight role for certain financial matters. EU MiCA does not apply — Greenland is an EU Overseas Country and Territory (OCT) outside the EU single market and not subject to EU law.
Guinea - Crypto & Digital Assets: Developing. No dedicated crypto or digital-asset legislation exists. The BCRG (Banque Centrale de la République de Guinée) supervises the financial sector under general banking law. Guinea participates in GIABA (Intergovernmental Action Group Against Money Laundering in West Africa), the FATF-style regional body that obliges member states to implement FATF Recommendation 15 on virtual assets.
Guinea-Bissau - Crypto & Digital Assets: Developing. WAEMU/BCEAO regional monetary framework; WAEMU Uniform AML/CFT Law (March 2023, Rec. 15 VASP provisions); no domestic Guinea-Bissau crypto-specific legislation
Guyana - Crypto & Digital Assets: Developing. AML/CFT Act as amended by Act No. 15 of 2023; FIU National Risk Assessment on Virtual Assets and VASPs (January 2024); draft Guyana Compliance Commission Bill — oversight roles assigned to the Financial Intelligence Unit (FIU), Bank of Guyana, and Guyana Securities Council
Haiti - Crypto & Digital Assets: Unclear. No dedicated crypto legislation; general monetary and financial law administered by the Banque de la République d'Haïti (BRH). Haiti is on the FATF increased-monitoring (grey) list with an active AML/CFT action plan.
Isle of Man - Crypto & Digital Assets: Developing. Designated Business (Registration and Oversight) Act 2015 (DBROA); Financial Services Act 2008; AML/CFT Code 2019; Travel Rule (Transfer of Virtual Assets) Code 2024; regulated by the Isle of Man Financial Services Authority (IOMFSA)
Jersey - Crypto & Digital Assets: Regulated. No dedicated comprehensive crypto statute. Crypto is treated as an asset class within Jersey's existing financial services laws and AML/CFT/CPF regime: VASP registration under the Proceeds of Crime (Supervisory Bodies) (Jersey) Law 2008 and Proceeds of Crime (Jersey) Law 1999 (supervised by the Jersey Financial Services Commission), token offerings under the Control of Borrowing (Jersey) Order 1958, and the JFSC's 2024 Tokenisation of Real World Assets guidance. Tax follows gov.je income-tax guidelines.
Kyrgyzstan - Crypto & Digital Assets: Developing. Law of the Kyrgyz Republic 'On Virtual Assets' No. 12 (adopted 22 Dec 2021, signed 21 Jan 2022, in force Aug 2022; amended Jul 2025, Sep 2025, Dec 2025, Feb 2026); supervised by the State Service for Regulation and Supervision of Financial Markets (FinSupervision); National Bank of the Kyrgyz Republic oversees CBDC and bank-related VASP activity
Lesotho - Crypto & Digital Assets: Developing. Central Bank of Lesotho Act 2000; Capital Market Regulations 2014 (Sections 27-28); Money Laundering and Proceeds of Crime Act 2008; Exchange Control Regulations
Liberia - Crypto & Digital Assets: Developing. Financial Institutions Act (1999, as amended); AML/CFT Act (2021); supervised by the Central Bank of Liberia (CBL)
Libya - Crypto & Digital Assets: Unclear. Central Bank of Libya (CBL) 2018 circular prohibiting virtual currencies; no subsequent dedicated crypto legislation enacted
Madagascar - Crypto & Digital Assets: Unclear. No dedicated crypto legislation. Overarching AML/CFT Law No. 2018-043 and implementing Decree No. 2024-1352 (SAMIFIN); BFM (Banky Foiben'i Madagasikara) public notices; CBDC eAriary pilot in progress.
Malawi - Crypto & Digital Assets: Unclear. No dedicated crypto/virtual-asset statute. The Reserve Bank of Malawi (RBM) has issued cautionary advisories; general AML/CFT oversight falls under the Financial Crimes Act 2022 and Financial Services Act 2010, administered by the Financial Intelligence Authority (FIA) and RBM.
Maldives - Crypto & Digital Assets: Developing. CMDA Securities Virtual Asset Service Providers Regulation (under Securities Act 2/2006); Maldives International Financial Services Authority (MIFSA) / MIFC framework (announced 2025); Maldives Monetary Authority Act 1981
Mali - Crypto & Digital Assets: Developing. BCEAO (Central Bank of West African States) / WAEMU regional instruments — principally the WAEMU Uniform AML/CFT Law (31 March 2023) introducing virtual-asset and VASP definitions; BCEAO C-CRYPTO committee tasked with a harmonised crypto-asset regulatory framework; BCEAO Instruction No. 001-01-2024 governing payment-service providers (in force 1 May 2025)
Mauritania - Crypto & Digital Assets: Unclear. Banque Centrale de Mauritanie (BCM); no dedicated virtual-asset or crypto-asset legislation enacted as of May 2026
Montenegro - Crypto & Digital Assets: Developing. Law on the Prevention of Money Laundering and Terrorist Financing (amended 28 February 2025); CMA Rulebook on CASP Registration (25 December 2025); overseen by the Capital Market Authority (Komisija za tržište kapitala)
New Caledonia - Crypto & Digital Assets: Developing. French Monetary and Financial Code (Code monétaire et financier) as partially extended to New Caledonia; Ordonnance n°2024-936 of 15 October 2024 (partial application to New Caledonia); AMF/ACPR supervision for AML in banking and financial matters; IEOM as central bank issuing the CFP franc (XPF)
Nicaragua - Crypto & Digital Assets: Developing. Law No. 1072 (2021) amending Law No. 977 (AML/CFT); BCN Resolution CD-BCN-XXV-1-22 (April 2022) as amended by CD-BCN-XLIX-3-23 (August 2023); Administrative Resolution GG-08-MAYO-2025-LASMF-DO (May 2025); supervised by Banco Central de Nicaragua (BCN)
Niger - Crypto & Digital Assets: Developing. WAEMU/BCEAO regional framework: WAEMU AML/CFT Uniform Law (March 2023) defining VASPs; BCEAO Instruction N°008-05-2015 on electronic money; no Niger-specific national crypto legislation
North Korea - Crypto & Digital Assets: Unclear. No published domestic crypto-specific legislation; effective prohibition enforced through DPRK's command economy and total state information control; externally governed by UN Security Council Sanctions Regime (UNSCR 1718/2006 and successors 2270/2321/2371/2375/2397) and U.S. OFAC North Korea Sanctions Regulations (31 C.F.R. Part 510)
Palestine - Crypto & Digital Assets: Unclear. Palestinian Monetary Authority (PMA); no dedicated crypto/digital-asset law. Broader financial governance: Decree-Law No. 39 of 2022 (AML/CFT), Decree-Law No. 41 of 2022 (National Payments), Decree-Law No. 4 of 2026 (Cash Reduction). Paris Protocol (1994) constrains monetary sovereignty.
Puerto Rico - Crypto & Digital Assets: Developing. US federal law (SEC, FinCEN/BSA, IRS) applies territory-wide; Puerto Rico adds Act 273-2012 (International Financial Center Regulatory Act, as amended by Act 44-2024), Act 60-2019 (Incentives Code), and OCIF Regulation 9680 (eff. Aug 21 2025) administered by the Office of the Commissioner of Financial Institutions (OCIF)
Seychelles - Crypto & Digital Assets: Regulated. Virtual Asset Service Providers Act, 2024 (VASP Act), in force 1 September 2024; VASP (Licensing and Ongoing Requirements) Regulations 2024 (SI 73/2024); Financial Services Authority (FSA) as competent regulator
Sierra Leone - Crypto & Digital Assets: Developing. No dedicated crypto law; overlapping instruments include Banking Act 2019, Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) Act 2012, National Payment Systems Act 2022, and the Bank of Sierra Leone (BSL) Fintech Regulatory Sandbox
Solomon Islands - Crypto & Digital Assets: Unclear. Central Bank of Solomon Islands Act 2012 (No. 6 of 2012); Financial Institutions Act; Income Tax Act Cap. 123 — no dedicated digital-asset statute exists. CBSI is the primary monetary authority; SIFIU administers AML/CFT.
Somalia - Crypto & Digital Assets: Developing. No dedicated crypto legislation; Central Bank of Somalia (CBS) holds monetary authority under Provisional Constitution (2012) and Financial Institutions Law; Mobile Money Regulations (2023) are the only enacted digital-finance instrument
South Sudan - Crypto & Digital Assets: Unclear. No crypto-specific law exists. The Bank of South Sudan Act, 2011 governs financial activity broadly; the Financial Act, 2024/2025 covers general taxation. No virtual-asset or VASP legislation has been enacted or formally proposed.
Sudan - Crypto & Digital Assets: Unclear. Electronic Transactions Act 2007; Central Bank of Sudan (CBOS) AML circulars and March 2022 public warning; no dedicated virtual-asset or VASP legislation enacted
Suriname - Crypto & Digital Assets: Developing. AML/CFT Law (Wet ter Voorkoming en Bestrijding van Money Laundering en Terrorisme Financiering — WMTF), O.G. 2022 No. 138, November 2022; supervised by the Centrale Bank van Suriname (CBvS); no dedicated crypto/digital-asset statute in force
Syria - Crypto & Digital Assets: Developing. No formal crypto-specific legislation enacted; Central Bank of Syria (CBS) holds general monetary oversight; post-conflict transitional government; post-sanctions environment shaped by OFAC Executive Order 14312 (June 2025)
Tajikistan - Crypto & Digital Assets: Developing. Presidential Decree No. 798 (27 March 2024) establishing the Agency for Innovation and Digital Technologies; IT Park of Tajikistan licensing regime; Criminal Code Article 253(2) (December 2024)
Timor-Leste - Crypto & Digital Assets: Unclear. No dedicated crypto or digital-asset law; general financial regulation under BCTL Organic Law (Law 5/2011) and Banking Law (UNTAET Regulation 2000/8); FATF/APG Mutual Evaluation Report (2024); BCTL–Montran CBDC (eCentavos) strategy announced July 2025
Togo - Crypto & Digital Assets: Developing. Togo AML/CFT Law (adopted 27 February 2026, transposing UEMOA Uniform AML/CFT Directive of 31 March 2023); BCEAO/WAEMU regional oversight
Turkmenistan - Crypto & Digital Assets: Developing. Law of the Republic of Turkmenistan on Virtual Assets (signed 22 November 2025, in force 1 January 2026); supervised by the Central Bank of Turkmenistan and Cabinet of Ministers
Vanuatu - Crypto & Digital Assets: Regulated. Virtual Asset Service Providers Act No. 3 of 2025 (VASP Act), administered by the Vanuatu Financial Services Commission (VFSC); supplemented by the Stablecoins Act passed November 2025
Yemen - Crypto & Digital Assets: Developing. No dedicated crypto legislation. CBY-Aden Circular (June 2024) prohibits licensed banks and exchange outlets from dealing with unlicensed electronic payment entities, wallets, and payment services. Yemen's financial system is fragmented between two competing central banks: CBY-Aden (internationally recognized government) and CBY-Sana'a (Houthi-controlled).
Antigua and Barbuda - Crypto & Digital Assets: Regulated. Digital Assets Business Act, 2020 (No. 16 of 2020) and Digital Assets Business Amendment Act, 2020 (No. 29 of 2020), supplemented by the Digital Assets Business Regulations, 2021 (S.I. No. 38 of 2021); administered by the Financial Services Regulatory Commission (FSRC)
Cape Verde - Crypto & Digital Assets: Developing. Law No. 30/X/2023 of 21 June 2023 (virtual-asset services & digital banks); Banco de Cabo Verde (BCV) as supervisory authority; 2024 BCV draft Aviso on PSAV registration
Comoros - Crypto & Digital Assets: Unclear. Banque Centrale des Comores (BCC) holds sole legitimate regulatory authority under Union law; no enacted Union-level crypto or digital-asset law exists. Autonomous islands Anjouan (AOFA) and Mwali (MISA) sell offshore crypto licenses that the Union government and international bodies do not recognise.
Dominica - Crypto & Digital Assets: Developing. Virtual Asset Business Act No. 1 of 2022 (Commonwealth of Dominica), supervised by the Financial Services Unit (FSU) under the Ministry of Finance
Grenada - Crypto & Digital Assets: Developing. Virtual Asset Business Act No. 7 of 2021; Virtual Asset Business Regulations 2024 (S.R.O. 9 of 2024); supervised by the Grenada Authority for the Regulation of Financial Institutions (GARFIN)
Kiribati - Crypto & Digital Assets: Unclear. Kiribati Financial Supervisory Authority Act (2021) and Financial Institutions Act (2021) — general financial-sector laws; no crypto-specific legislation exists
Marshall Islands - Crypto & Digital Assets: Developing. Banking Act 1987 (as amended, governs VASPs); DAO LLC Act 2022 (amended 2023); Sovereign Currency Act 2018 (SOV, largely inactive); no standalone comprehensive digital-asset law
Micronesia - Crypto & Digital Assets: Developing. FSM Banking Act (Title 29 FSM Code), administered by the Banking Board of the Federated States of Micronesia; no digital-asset-specific legislation exists
Nauru - Crypto & Digital Assets: Regulated. Command Ridge Virtual Asset Authority Act 2025 (in force 17 June 2025), administered by the Command Ridge Virtual Asset Authority (CRVAA)
Palau - Crypto & Digital Assets: Developing. FIC Resolution 01-2019-03 (moratorium on new crypto/VASP licenses); Ministry of Finance Palau Stablecoin (PSC) Pilot Programme; Digital Residency Program Cyber-Security Regulation
Saint Kitts and Nevis - Crypto & Digital Assets: Developing. Virtual Asset Act, 2020 (Act No. 1 of 2020), as amended by Act 8 of 2021, Virtual Asset (Forms) Regulations No. 25 of 2022, and Virtual Asset (Amendment) Act 2024; administered by the Financial Services Regulatory Commission (FSRC)
Saint Lucia - Crypto & Digital Assets: Developing. Virtual Asset Business Act, 2022 (Act No. 24 of 2022); Financial Services Regulatory Authority (FSRA); Virtual Asset Business Regulations (January 2025)
Saint Vincent and the Grenadines - Crypto & Digital Assets: Developing. Virtual Asset Business Act 2022 (VABA), in force 31 May 2025; administered by the Financial Services Authority (FSA) with AML/CFT co-supervision by the SVG Financial Intelligence Unit (SVGFIU)
Samoa - Crypto & Digital Assets: Developing. Money Laundering Prevention Act 2007 (MLPA), as amended by the Money Laundering Prevention Amendment Act 2018 (No. 13), administered by the Central Bank of Samoa (CBS)
Sao Tome and Principe - Crypto & Digital Assets: Developing. No dedicated crypto/digital-asset law exists. General financial supervision rests with the Banco Central de São Tomé e Príncipe (BCSTP). The country is a member of GIABA (Inter-Governmental Action Group against Money Laundering in West Africa), a FATF-style regional body, but has not enacted FATF Recommendation 15 VASP requirements.
Tonga - Crypto & Digital Assets: Developing. National Reserve Bank of Tonga (NRBT) Act; Financial Institutions Act (non-bank financial institution licensing); FinTech Regulatory Sandbox Framework (June 2025); Income Tax Act 2007
Tuvalu - Crypto & Digital Assets: Unclear. No dedicated crypto/digital-asset legislation. General financial oversight rests with the Banking Commission Act, the Financial Institutions Act 2006, the Proceeds of Crime Act 2002, and the Counter-Terrorism and Transnational Organised Crime Act 2009, supervised by the National Bank of Tuvalu (NBT).
Argentina - Artificial Intelligence: Guidelines only. No binding AI statute. Governance rests on voluntary/soft-law instruments: the National AI Plan (ArgenIA, 2019), Jefatura de Gabinete Disposición 2/2023 'Recomendaciones para una IA Fiable' (public sector), and the data-protection authority (AAIP) Resolution 161/2023 program plus its responsible-AI guide. Personal-data aspects are covered by Law 25.326. Several comprehensive bills are pending in Congress.
Australia - Artificial Intelligence: Guidelines only. Voluntary, principles-based regime: the National AI Plan (Dec 2025), the National AI Centre's 'Guidance for AI Adoption' (Oct 2025, replacing the 2024 Voluntary AI Safety Standard) and the 2019 AI Ethics Principles, applied on top of existing technology-neutral laws (Privacy Act 1988, Australian Consumer Law, Online Safety Act). Administered by the Department of Industry, Science and Resources / National AI Centre, with a new Australian AI Safety Institute.
Austria - Artificial Intelligence: Comprehensive law. EU Artificial Intelligence Act (Regulation (EU) 2024/1689), directly applicable in Austria; national implementation coordinated via RTR's KI-Servicestelle (AI Service Office), legal basis §20c KommAustria-Gesetz and §194a TKG 2021. National strategy: AIM AT 2030.
Bahrain - Artificial Intelligence: Proposed. Draft standalone AI Regulation Law (38 articles, Shura Council–approved Apr 2024, pending in the Council of Representatives), complemented by the binding public-sector General Policy for the Use of AI (May 2025) and the adopted GCC AI Ethics Guiding Manual.
Belgium - Artificial Intelligence: Comprehensive law. EU Artificial Intelligence Act (Regulation (EU) 2024/1689), directly applicable in Belgium, with national implementation led by BIPT/IBPT (designated lead market surveillance authority) and the FPS Economy coordinating; complemented by the National Convergence Plan for AI and GDPR enforcement via the Belgian Data Protection Authority (APD/GBA).
Bermuda - Artificial Intelligence: Guidelines only. No binding AI-specific statute. Bermuda relies on a Government AI Policy governing internal public-sector use, plus an emerging principles/outcomes-based supervisory framework for financial services being developed by the Bermuda Monetary Authority (BMA). Existing PIPA (data protection) and PATI (access to information) laws apply to AI processing.
Brazil - Artificial Intelligence: Proposed. Bill No. 2338/2023 (Marco Legal da Inteligência Artificial) — a proposed comprehensive, risk-based AI law approved by the Federal Senate (Dec 2024) and currently under review in the Chamber of Deputies. No AI-specific statute is yet in force; AI is governed in the interim by the data-protection law (LGPD, Law 13.709/2018) enforced by the ANPD, alongside the non-binding national strategy PBIA 2024–2028.
Canada - Artificial Intelligence: Guidelines only. No comprehensive AI statute in force. Canada relies on a voluntary industry code (ISED's Voluntary Code of Conduct on Advanced Generative AI), the binding-but-public-sector-only Treasury Board Directive on Automated Decision-Making, and existing laws of general application; a successor to the defunct AIDA bill is planned but not yet tabled.
Cayman Islands - Artificial Intelligence: Proposed. No dedicated AI statute in force. AI is currently addressed through existing laws (notably the Data Protection Act (2021 Revision), enforced by the Office of the Ombudsman) and internal government policy, while a government taskforce develops recommendations toward a draft AI legislative framework targeted for around Q2 2027.
China - Artificial Intelligence: Sectoral rules. Cyberspace Administration of China (CAC)-led patchwork of binding administrative regulations targeting specific AI uses — algorithmic recommendation, deep synthesis, generative AI, and AI-content labeling — pending a planned comprehensive AI law
Denmark - Artificial Intelligence: Comprehensive law. EU Artificial Intelligence Act (Regulation (EU) 2024/1689) as the directly-applicable baseline, supplemented nationally by Denmark's Act No. 467 of 14 May 2025 ('Lov om supplerende bestemmelser til forordningen om kunstig intelligens'). The Agency for Digital Government (Digitaliseringsstyrelsen) is the notifying authority and single national point of contact.
Egypt - Artificial Intelligence: Guidelines only. Egyptian Charter for Responsible AI (2023, voluntary) and National AI Strategy 2025–2030, overseen by the National Council for Artificial Intelligence (NCAI) and the Ministry of Communications and Information Technology (MCIT); a binding AI law is still in draft.
Finland - Artificial Intelligence: Comprehensive law. EU Artificial Intelligence Act (Regulation (EU) 2024/1689), directly applicable in Finland, supplemented by national implementing legislation (Government Proposal HE 46/2025) designating supervisory authorities; coordinated by the Finnish Transport and Communications Agency (Traficom).
France - Artificial Intelligence: Comprehensive law. EU Artificial Intelligence Act (Regulation (EU) 2024/1689), directly applicable in France, with national implementation via the DDADUE 'volet numérique' bill; CNIL designated as the lead reference authority alongside ~15 sectoral regulators.
Germany - Artificial Intelligence: Comprehensive law. EU Artificial Intelligence Act (Regulation (EU) 2024/1689), directly applicable in Germany, with national implementation via the draft 'KI-Marktüberwachungs- und Innovationsförderungsgesetz' (KI-MIG); Bundesnetzagentur designated as central market surveillance authority.
Gibraltar - Artificial Intelligence: Proposed. No AI-specific statute in force. The Government of Gibraltar has publicly committed to a 'wide consultation' on whether and how to regulate AI; in the interim, AI is governed by existing general laws — chiefly the Gibraltar GDPR and Data Protection Act 2004 (enforced by the Gibraltar Regulatory Authority as Information Commissioner) and the Gibraltar Financial Services Commission's principles-based regime.
Hong Kong - Artificial Intelligence: Guidelines only. No dedicated AI statute. Light-touch governance via non-binding government and regulator guidance: the Digital Policy Office's Ethical AI Framework and Generative AI Technical and Application Guideline, the Privacy Commissioner's Model Personal Data Protection Framework, and the FSTB financial-market policy statement, all operating atop existing laws (notably the Personal Data (Privacy) Ordinance).
India - Artificial Intelligence: Guidelines only. India AI Governance Guidelines (MeitY, Nov 2025) under the IndiaAI Mission — a non-statutory, principle-driven framework; AI-specific binding rules exist only in narrow areas (IT Rules amendments on synthetic content) and via existing laws (DPDP Act 2023, IT Act 2000).
Indonesia - Artificial Intelligence: Guidelines only. Non-binding governance: Kominfo Ministerial Circular No. 9/2023 on AI Ethics + National AI Strategy (Stranas AI 2020–2045), coordinated by the Ministry of Communication and Digital Affairs (Komdigi); no comprehensive AI statute in force as of mid-2026.
Ireland - Artificial Intelligence: Comprehensive law. EU Artificial Intelligence Act (Regulation (EU) 2024/1689), directly applicable in Ireland, with national implementation via the General Scheme of the Regulation of Artificial Intelligence Bill 2026 and a distributed model of sectoral competent authorities coordinated by a new AI Office of Ireland (Department of Enterprise, Tourism and Employment).
Israel - Artificial Intelligence: Guidelines only. Government 'Policy on Artificial Intelligence Regulation and Ethics' (Dec 2023), led by the Ministry of Innovation, Science and Technology with the Ministry of Justice — a non-binding 'Responsible Innovation' framework favoring sectoral, soft-law regulation rather than a single horizontal AI statute.
Italy - Artificial Intelligence: Comprehensive law. EU AI Act (Regulation (EU) 2024/1689) as the directly-applicable baseline, plus Italy's national framework Law No. 132/2025 of 23 September 2025; competent authorities are AgID (notification/promotion) and the National Cybersecurity Agency ACN (market surveillance, sanctions).
Japan - Artificial Intelligence: Comprehensive law. Act on Promotion of Research and Development and Utilization of AI-Related Technologies ('AI Promotion Act', 2025), administered by the AI Strategy Headquarters within the Cabinet, complemented by the non-binding METI/MIC AI Guidelines for Business.
Kenya - Artificial Intelligence: Proposed. National AI Strategy 2025–2030 (in force, Ministry of ICT) plus the proposed Artificial Intelligence Bill, 2026 (a comprehensive, risk-based regulatory framework); the Data Protection Act, 2019 currently governs AI-related automated decision-making.
Liechtenstein - Artificial Intelligence: Proposed. EU AI Act (Regulation (EU) 2024/1689) pending incorporation into the EEA Agreement; complemented by a non-binding national AI Strategy for the public administration adopted by the Government on 14 April 2026
Luxembourg - Artificial Intelligence: Comprehensive law. EU Artificial Intelligence Act (Regulation (EU) 2024/1689), directly applicable in Luxembourg, supplemented by national implementing Bill of Law No. 8476 (designating competent authorities and penalties; still pending adoption). National AI Strategy (2025) provides the policy framework.
Malaysia - Artificial Intelligence: Guidelines only. National Guidelines on AI Governance & Ethics (AIGE), issued by the Ministry of Science, Technology and Innovation (MOSTI); coordinated by the National AI Office (NAIO) under the Ministry of Digital. No binding AI-specific law is yet in force.
Mexico - Artificial Intelligence: Sectoral rules. No comprehensive AI statute. Binding AI-specific rules exist in particular sectors — chiefly the reforms to the Federal Labor Law (Ley Federal del Trabajo) and Federal Copyright Law (Ley Federal del Derecho de Autor) on performers' voice/image (published in the DOF on 14 May 2026) — alongside existing data-protection law. A comprehensive 'Ley Nacional para Regular el Uso de la Inteligencia Artificial' and a constitutional amendment to empower Congress on AI are only proposed.
Netherlands - Artificial Intelligence: Comprehensive law. EU Artificial Intelligence Act (Regulation (EU) 2024/1689), applied nationally via the draft Uitvoeringswet AI-verordening (AI Act Implementation Act); decentralised supervision coordinated by the Autoriteit Persoonsgegevens (AP) and the Rijksinspectie Digitale Infrastructuur (RDI)
New Zealand - Artificial Intelligence: Guidelines only. No AI-specific legislation. Governance rests on a non-binding national strategy (MBIE's 'New Zealand's Strategy for Artificial Intelligence: Investing with Confidence', July 2025), voluntary guidance built on the OECD AI Principles, and existing technology-neutral laws (notably the Privacy Act 2020 and consumer/competition law).
Nigeria - Artificial Intelligence: Proposed. National Artificial Intelligence Strategy (NAIS, 2024) led by the Federal Ministry of Communications, Innovation & Digital Economy (FMCIDE) and NITDA/NCAIR; no AI-specific statute yet in force, with several comprehensive AI bills advancing in the National Assembly. Personal-data aspects of AI are governed by the binding Nigeria Data Protection Act 2023 (enforced by the NDPC).
Norway - Artificial Intelligence: Proposed. Proposed Norwegian Artificial Intelligence Act incorporating the EU AI Act (Regulation (EU) 2024/1689) into Norwegian law via the EEA Agreement; underpinned by the 2020 National Strategy for Artificial Intelligence. Lead ministry: Digitalisation and Public Governance (Digitaliserings- og forvaltningsdepartementet); proposed coordinating authority: Nkom.
Philippines - Artificial Intelligence: Guidelines only. National AI Strategy for the Philippines (NAIS-PH / National AI Strategy Roadmap 2.0), led by the Department of Science and Technology (DOST) and DTI; no binding cross-cutting AI law in force, with comprehensive bills pending in Congress.
Poland - Artificial Intelligence: Comprehensive law. EU AI Act (Regulation (EU) 2024/1689), directly applicable in Poland, with a national implementing 'Act on Artificial Intelligence Systems' (Ustawa o systemach sztucznej inteligencji) adopted by the Council of Ministers on 31 March 2026 and pending in Parliament; designated authority to be the Commission for the Development and Safety of AI (KRiBSI).
Portugal - Artificial Intelligence: Comprehensive law. EU Artificial Intelligence Act (Regulation (EU) 2024/1689), directly applicable in Portugal, with ANACOM (Autoridade Nacional de Comunicações) designated as the national market surveillance authority and single point of contact; complemented by the AI Portugal 2030 national strategy.
Qatar - Artificial Intelligence: Sectoral rules. No comprehensive horizontal AI law. Qatar combines a National AI Strategy (2019) and voluntary national ethics/cybersecurity guidelines (MCIT, NCSA) with binding sector-specific rules — most notably the Qatar Central Bank's Artificial Intelligence Guideline for licensed financial entities (2024) and a 2026 judicial practice direction in the Qatar Financial Centre.
Russia - Artificial Intelligence: Guidelines only. National Strategy for AI Development to 2030 (Presidential Decree No. 490, 2019; updated by Decree No. 124, Feb 2024) plus the voluntary AI Code of Ethics (2021); no binding comprehensive AI statute yet in force, though a draft federal law was published in March 2026.
Saudi Arabia - Artificial Intelligence: Guidelines only. Saudi Data & Artificial Intelligence Authority (SDAIA) — non-binding AI Ethics Principles and Generative AI Guidelines, underpinned by the Personal Data Protection Law (PDPL); no comprehensive AI-specific statute in force.
Singapore - Artificial Intelligence: Guidelines only. Voluntary, non-binding governance frameworks led by IMDA/PDPC (Model AI Governance Framework family) and the AI Verify testing toolkit, underpinned by the National AI Strategy. No comprehensive horizontal AI statute.
South Africa - Artificial Intelligence: Proposed. Draft National Artificial Intelligence Policy (DCDT, published 10 April 2026, withdrawn 26/27 April 2026); no AI-specific statute. AI activity currently governed by general laws, chiefly POPIA, administered by the Information Regulator.
South Korea - Artificial Intelligence: Comprehensive law. Framework Act on the Development of Artificial Intelligence and Establishment of Trust (AI Basic Act / 인공지능 발전과 신뢰 기반 조성 등에 관한 기본법), administered by the Ministry of Science and ICT (MSIT)
Spain - Artificial Intelligence: Comprehensive law. EU AI Act (Regulation (EU) 2024/1689), directly applicable in Spain, with AESIA as national supervisory authority; national implementing bill (Anteproyecto de Ley para el buen uso y la gobernanza de la IA) still in the legislative pipeline.
Sweden - Artificial Intelligence: Comprehensive law. EU AI Act (Regulation 2024/1689), directly applicable in Sweden; national implementation via SOU 2025:101 inquiry; lead market surveillance authority proposed as PTS (Swedish Post and Telecom Authority), with IMY and Finansinspektionen (FI) as co-authorities; DIGG and IMY provide public-sector guidelines
Switzerland - Artificial Intelligence: Proposed. Sector-specific laws (FADP, FINMA Guidance 08/2024); Council of Europe Framework Convention on AI (signed March 2025, ratification pending); targeted legislative amendments under preparation (consultation draft by end-2026)
Taiwan - Artificial Intelligence: Comprehensive law. Artificial Intelligence Basic Act (人工智慧基本法), promulgated 14 January 2026; National Science and Technology Council (NSTC) as central competent authority; AI Strategy Special Committee under the Executive Yuan
Thailand - Artificial Intelligence: Proposed. Draft Principles for AI Legislation (ETDA, 2025); National AI Strategy and Action Plan 2022–2027; AI Governance Center (AIGC) under ETDA
Turkey - Artificial Intelligence: Proposed. National AI Strategy 2021–2025 (updated 2024–2025 Action Plan); AI-specific bills pending in the Grand National Assembly (Kanun Teklifi 2/3358, Nov 2025); existing coverage via Law No. 6698 (KVKK/Personal Data Protection Law) and Law No. 5651 (Internet Regulation); enforcement by KVKK and BTK
UAE - Artificial Intelligence: Sectoral rules. UAE National AI Strategy 2031; DIFC Data Protection Law Regulation 10 (Sept 2023); Federal Decree-Law No. 44 of 2021 (PDPL); UAE Charter for the Development and Use of AI (June 2024); Ministry of AI and UAE Council for AI
United Kingdom - Artificial Intelligence: Sectoral rules. Pro-Innovation Sectoral Approach: DSIT AI Regulatory Principles (2024) applied by existing sectoral regulators (ICO, FCA, CMA, Ofcom, MHRA); AI Security Institute under DSIT; Regulating for Growth Bill (proposed, May 2026 King's Speech)
United States - Artificial Intelligence: Sectoral rules. No comprehensive federal AI law; sector-specific rules enforced by existing agencies (FTC, FCC, sector regulators), supplemented by Executive Orders and a March 2026 White House National Policy Framework with legislative recommendations to Congress
Vietnam - Artificial Intelligence: Comprehensive law. Law on Artificial Intelligence No. 134/2025/QH15 (passed 10 December 2025, in force 1 March 2026), administered by the Ministry of Science and Technology; underpinned by National AI Strategy Decision No. 127/QĐ-TTg (2021)
Albania - Artificial Intelligence: Guidelines only. Council of Ministers Decision No. 479/2024 (Methodology and Technical Standards for AI Use); Digital Agenda 2022–2026; Draft National AI Strategy — all non-binding and limited to the public sector. Law No. 124/2024 on Personal Data Protection (GDPR-aligned) is the primary binding instrument with indirect AI relevance.
Algeria - Artificial Intelligence: Guidelines only. National Artificial Intelligence Strategy (2024–2030), adopted by the AI Council on 8 December 2024; supported by amended personal data protection Law No. 25-11 (2025) and the National Cybersecurity Strategy 2025–2029
Andorra - Artificial Intelligence: Guidelines only. Andorran Code of Ethics for Artificial Intelligence (Government of Andorra, February 2024); Council of Europe Framework Convention on Artificial Intelligence and Human Rights, Democracy, and the Rule of Law (signed 5 September 2024); Digital Transformation Programme (PdTDA) 2024–2027
Angola - Artificial Intelligence: Proposed. Draft Law on Artificial Intelligence (proposed by MINTTICS / Ministry of Telecommunications and Information Technologies), operating alongside a proposed amendment to the Personal Data Protection Law and the 2023-2027 ICT Strategic Framework (LBTIC)
Armenia - Artificial Intelligence: Guidelines only. No comprehensive domestic AI law in force; policy guided by the Ministry of High-Tech Industry's AI priority agenda, the Digital Transformation Strategy 2021–2025, and Armenia's January 2026 signing (not yet ratified) of the Council of Europe Framework Convention on Artificial Intelligence (CETS No. 225)
Azerbaijan - Artificial Intelligence: Sectoral rules. Artificial Intelligence Strategy of the Republic of Azerbaijan for 2025–2028 (Presidential Decree No. 530, 19 March 2025); Ministry of Digital Development and Transport; AZS ISO/IEC 42001:2025 national AI management standard; Criminal Code amendments on AI-generated deepfakes (2026)
Bahamas - Artificial Intelligence: Proposed. Data Protection Bill 2025 (pending enactment, includes AI provisions); URCA Draft Annual Plan 2025 (sectoral telecom AI requirements); national AI white paper under development
Bangladesh - Artificial Intelligence: Proposed. Draft National AI Policy 2026-2030 (ICT Division, under finalization); supported by enacted Personal Data Protection Ordinance 2025 and National Data Governance Ordinance 2025
Belarus - Artificial Intelligence: Proposed. No AI-specific law in force; AI bill formally queued for 2026 legislative drafting; CIS Model Law on Artificial Intelligence Technologies (adopted April 2025, drafted by Belarus's United Institute of Informatics Problems) serves as the intended basis
Bolivia - Artificial Intelligence: Proposed. Proyecto de Ley N° 178/2024-2025 (Senate-approved, pending Chamber of Deputies); AGETIC (Agencia de Gobierno Electrónico y Tecnologías de la Información y Comunicación) as interim digital governance authority
Botswana - Artificial Intelligence: Proposed. National AI Policy (in final drafting stage, Ministry of Communications and Innovation); interim governance via Data Protection Act 2024, Digital Services Act 2025, and Cybersecurity Act 2025
Brunei - Artificial Intelligence: Guidelines only. Guide on Artificial Intelligence (AI) Governance and Ethics for Brunei Darussalam (AITI, April 2025) — voluntary, principles-based; supported by the Personal Data Protection Order 2025 (binding, private-sector data protection)
Bulgaria - Artificial Intelligence: Comprehensive law. EU AI Act (Regulation (EU) 2024/1689, directly applicable); national coordinator: Ministry of Electronic Governance (MoEG); foundational national document: Concept for the Development of AI in Bulgaria until 2030 (2020)
Cambodia - Artificial Intelligence: Proposed. Draft National Artificial Intelligence Strategy 2025–2030 (Ministry of Post and Telecommunications); no enacted AI-specific law
Cameroon - Artificial Intelligence: Guidelines only. National Artificial Intelligence Strategy (SNIA) unveiled July 2025; Ministry of Posts and Telecommunications (MINPOSTEL); Personal Data Protection Law No. 2024/017 (December 2024)
Chile - Artificial Intelligence: Proposed. AI Bill No. 16821-19 (pending Senate approval) + National Artificial Intelligence Policy 2021–2030 (updated 2024 via Decree No. 12), led by the Ministry of Science, Technology, Knowledge and Innovation (MinCiencia)
Colombia - Artificial Intelligence: Proposed. Proyecto de Ley 043 de 2025 (pending Senate approval); CONPES 4144 (National AI Policy, February 2025); Joint Directive 007 (2025) on algorithmic transparency; Law 2502 of 2025 (AI-aggravated identity fraud)
Costa Rica - Artificial Intelligence: Proposed. National AI Strategy (ENIA 2024-2027) led by MICITT; no enacted AI law — multiple bills pending in the Legislative Assembly
Côte d'Ivoire - Artificial Intelligence: Guidelines only. Stratégie Nationale de l'Intelligence Artificielle à l'horizon 2030 (SNIA 2030), supervised by the Ministère de la Transition Numérique et de la Digitalisation; data protection underpinned by Loi n° 2013-450 du 19 juin 2013, enforced by ARTCI
Croatia - Artificial Intelligence: Comprehensive law. EU AI Act (Regulation (EU) 2024/1689), directly applicable; AZOP (Agencija za zaštitu osobnih podataka / Personal Data Protection Agency) designated as key national competent authority; Ministry of Justice, Administration and Digital Transformation (MPUDT) leads inter-ministerial AI Act implementation working group
Cuba - Artificial Intelligence: Guidelines only. Strategy for the Development of Artificial Intelligence (Estrategia para el Desarrollo de la Inteligencia Artificial), adopted May 2024 by the Council of Ministers, led by the Ministry of Communications (MINCOM)
Cyprus - Artificial Intelligence: Comprehensive law. EU AI Act (Regulation (EU) 2024/1689) directly applicable; Commissioner of Communications designated as Market Surveillance Authority, Notifying Authority, and Single Point of Contact; Deputy Ministry of Research, Innovation and Digital Policy as coordinating body
Czechia - Artificial Intelligence: Proposed. EU AI Act (Regulation 2024/1689, directly applicable); national implementing Act on Artificial Intelligence (draft approved by Czech Government 28 May 2025, pending Parliament); coordinated by Ministry of Industry and Trade (MPO); Czech Telecommunications Office (CTU) proposed as primary market surveillance authority
Dominican Republic - Artificial Intelligence: Proposed. National AI Strategy (ENIA) via Executive Decree 498-23 (October 2023); multiple AI bills under congressional review as of 2025–2026, none enacted
Ecuador - Artificial Intelligence: Proposed. Proposed: Proyecto de Ley Orgánica de Regulación y Promoción de la Inteligencia Artificial (Asamblea Nacional, filed 2024, in committee 2025). In force: EFIA-EC National AI Strategy (Ministerial Agreement MINTEL-MINTEL-2025-0030, Jan 2026) and SPDP Resolution SPDP-SPD-2026-0009-R on personal data in AI systems (Feb 2026). Regulator: Ministerio de Telecomunicaciones y de la Sociedad de la Información (MINTEL); Superintendencia de Protección de Datos Personales (SPDP).
El Salvador - Artificial Intelligence: Comprehensive law. Law for the Promotion of Artificial Intelligence and Technologies (Decreto No. 234), enacted 26 February 2025, effective 11 March 2025; administered by the National Artificial Intelligence Agency (ANIA), a decentralized body under the Presidency of the Republic
Estonia - Artificial Intelligence: Comprehensive law. EU AI Act (Regulation (EU) 2024/1689) — directly applicable; national implementation led by Ministry of Economic Affairs and Communications (MKM); market surveillance authority: Consumer Protection and Technical Regulatory Authority (TTJA)
Ethiopia - Artificial Intelligence: Guidelines only. National Artificial Intelligence Policy (Council of Ministers, 27 June 2024); Personal Data Protection Proclamation No. 1321/2024; Ethiopian Artificial Intelligence Institute (EAII, established under Regulation No. 510/2022)
Fiji - Artificial Intelligence: Proposed. Fiji National Digital Strategy 2025–2030 (Ministry of Communications, Trade, Co-operatives, Small and Medium Enterprises); National AI Framework targeted for 2027; National AI Policy in development
Georgia - Artificial Intelligence: Guidelines only. Council of Europe Framework Convention on Artificial Intelligence (signed September 2024); fragmented multi-agency oversight across Ministry of Economy and Sustainable Development, Innovation and Technology Agency, and Digital Governance Agency; UNESCO AI Readiness Assessment in progress (2025–2026); no dedicated domestic AI law or regulator
Ghana - Artificial Intelligence: Guidelines only. National AI Strategy 2025–2035 (launched April 2026) and Ghana AI Practitioners' Guide (December 2025), with the Data Protection Act 2012 (Act 843) providing incidental AI-relevant rules; no binding AI-specific law yet in force
Greece - Artificial Intelligence: Comprehensive law. EU AI Act (Regulation (EU) 2024/1689, directly applicable in all EU member states); Greek Law 4961/2022 on Emerging Technologies; Ministry of Digital Governance and Artificial Intelligence / Special Secretariat for Artificial Intelligence and Data Governance
Guatemala - Artificial Intelligence: Proposed. No AI law in force; National AI Strategy (ENIA) under co-creation led by the Comisión Presidencial de Gobierno Abierto y Electrónico (GAE) with UNDP support; legislative bill pending in Congress
Honduras - Artificial Intelligence: No framework. No AI-specific law, strategy, or designated regulator; general digital governance falls under CONATEL (telecommunications regulator) and IAIP (public information/transparency authority)
Hungary - Artificial Intelligence: Comprehensive law. EU AI Act (Regulation 2024/1689) as primary directly-applicable law; Hungary Act LXXV of 2025 as national implementation statute designating competent authorities and enforcement procedures; National AI Strategy 2025–2030
Iceland - Artificial Intelligence: Guidelines only. AI Action Plan 2025–2027 (Ministry of Culture, Innovation and Higher Education); Persónuvernd (DPA) oversight under Act No. 90/2018 (GDPR implementation); EU AI Act pending EEA incorporation
Iran - Artificial Intelligence: Sectoral rules. National Artificial Intelligence Document (Supreme Council of the Cultural Revolution, June 2024); National AI Plan (Majlis, May 2025); National Artificial Intelligence Organization Act (Majlis, October 2025); Supreme Council of Cyberspace as apex digital-policy body
Iraq - Artificial Intelligence: Guidelines only. Iraqi National Strategy for Artificial Intelligence (INSAIN) 2024–2030, overseen by the Supreme Committee for Artificial Intelligence chaired by the Prime Minister
Jamaica - Artificial Intelligence: Proposed. National AI Policy under drafting (National AI Task Force recommendations, Feb 2025); Data Protection Act 2020; Supreme Court Practice Direction No. 1 of 2025
Jordan - Artificial Intelligence: Guidelines only. Jordanian AI Strategy and Implementation Plan 2023–2027 (MoDEE) + National AI Code of Ethics 2022; no binding AI-specific law in force
Kazakhstan - Artificial Intelligence: Comprehensive law. Law No. 230-VIII of the Republic of Kazakhstan 'On Artificial Intelligence' (signed 17 November 2025, in force 18 January 2026), supported by the Concept for AI Development 2024–2029 and the Ministry of Artificial Intelligence and Digital Development
Kuwait - Artificial Intelligence: Proposed. Draft Kuwait National AI Strategy (2025–2028); CITRA Law No. 37 of 2014; CITRA Resolution No. 26 of 2024 (Data Privacy Protection); Central Agency for Information Technology (CAIT)
Laos - Artificial Intelligence: Proposed. National AI Strategy under development (announced January 2026), informed by UNESCO AI Ethics Readiness Assessment; interim basis is the National Digital Economy Strategy 2021–2030 and Law on Electronic Data Protection
Latvia - Artificial Intelligence: Comprehensive law. EU AI Act (Regulation 2024/1689, directly applicable); national supplementary laws: Law on the Development of Artificial Intelligence (Mākslīgā intelekta attīstības likums, 2025) and Law on the Latvian Artificial Intelligence Centre (Mākslīgā intelekta centra likums, in force 20 March 2025); lead authority: Ministry of Smart Administration and Regional Development (VARAM)
Lebanon - Artificial Intelligence: Proposed. Ministry of Technology & Artificial Intelligence (MITAI) — draft law approved by Council of Ministers September 2025, pending parliamentary ratification; National Digital Transformation and AI Strategy 2025–2030 launched November 2025
Lithuania - Artificial Intelligence: Comprehensive law. EU AI Act (Regulation (EU) 2024/1689), directly applicable; national implementation via amendments to the Law on Technology and Innovation and the Law on Information Society Services (January 2025); market surveillance authority: Communications Regulatory Authority (RRT); notifying authority: Innovation Agency
Malta - Artificial Intelligence: Comprehensive law. EU AI Act (Regulation (EU) 2024/1689, directly applicable) + Malta Legal Notice 226 of 2025 (Artificial Intelligence Regulations, S.L. 591.05); lead authority: Malta Digital Innovation Authority (MDIA)
Mauritius - Artificial Intelligence: Guidelines only. National AI Strategy 2025–2029 ('AI for Mauritius'/AIM) and FAIR Guidelines, supported by FSC Fintech Series Guidance Notes No. 4 (September 2025) and the Data Protection Act 2017
Moldova - Artificial Intelligence: Proposed. White Paper on AI and Data Governance (Ministry of Economic Development and Digitalization, October 2024); Council of Europe Framework Convention on AI signed September 2024; draft Law on AI in Public Services (planned entry into force January 1, 2027); National AI Program 2026–2030 (decree under development as of May 2026)
Monaco - Artificial Intelligence: Guidelines only. Extended Monaco National Digital Strategy (2019–) with AI component; Autorité de Protection des Données Personnelles (APDP) under Law No. 1.565 (2024)
Mongolia - Artificial Intelligence: Guidelines only. National Strategy for Big Data and Artificial Intelligence (Government Resolution, September 2025); Ministry of Digital Development, Innovation and Communications (MDDIC); Law on Personal Data Protection
Morocco - Artificial Intelligence: Proposed. Draft Digital X.0 Framework Law (2025, under government review); Maroc Digital 2030 national strategy (Ministry of Digital Transition and Administrative Reform); CNDP oversight under Law 09-08 on personal data protection
Mozambique - Artificial Intelligence: Proposed. National Commission for Artificial Intelligence (CNIA) — Council of Ministers Decree (March 2025); National AI Strategy under development by INTIC with UNESCO technical support
Myanmar - Artificial Intelligence: Proposed. No AI-specific law in force; National AI Strategy and National AI Policy under active drafting by the Ministry of Science and Technology (State Administration Council/military junta). Cybersecurity Law No. 1/2025 provides the only enacted digital governance framework, touching AI indirectly.
Namibia - Artificial Intelligence: Proposed. Draft Artificial Intelligence Bill (in preparation); National AI Strategy (2025); Ministry of Information and Communication Technology (MICT) as lead authority; National Commission on Research, Science and Technology (NCRST) as research/assessment body
Nepal - Artificial Intelligence: Guidelines only. National Artificial Intelligence Policy 2082 (2025), approved by Cabinet on 11 August 2025; Ministry of Communication and Information Technology
North Macedonia - Artificial Intelligence: Guidelines only. SMART/MK 2030 Digital Transformation Strategy; Council of Europe Framework Convention on AI (signed May 2026); GDPR-aligned Law on Personal Data Protection (automated decision-making provisions)
Oman - Artificial Intelligence: Guidelines only. Ministry of Transport, Communications and Information Technology (MTCIT) / Information Technology Authority (ITA) — National Artificial Intelligence Policy (August 2024) and General Policy for the Safe and Ethical Use of Artificial Intelligence Systems (2025), under the National Program for AI and Advanced Digital Technologies 2024–2026
Pakistan - Artificial Intelligence: Guidelines only. National Artificial Intelligence Policy 2025 (Ministry of IT & Telecom, approved by Federal Cabinet July 2025); Regulation of Artificial Intelligence Act 2024 (Senate bill, pending)
Panama - Artificial Intelligence: Proposed. No comprehensive AI law in force. Proyecto de Ley 588 (adaptive AI governance) passed first legislative debate (primer debate) in the National Assembly in April 2026 and is pending further debates and promulgation. Sectoral data protection covered by Law 81 of 2019. National AI Strategy under development by SENACYT and AIG.
Papua New Guinea - Artificial Intelligence: Proposed. Draft Government AI Adoption Framework (February 2026) and Draft National Sovereign Digital Transformation and AI Strategy (March 2026), overseen by the Department of Information and Communications Technology (DICT). A proposed National Artificial Intelligence Act is planned but not yet enacted.
Paraguay - Artificial Intelligence: Proposed. No comprehensive AI law in force; AI bill passed Senate (October 2025) pending Chamber of Deputies; limited sectoral rules via Supreme Court Resolution 12,677 (judiciary) and DINAVISA Resolution 047/2026 (health regulation)
Peru - Artificial Intelligence: Comprehensive law. Law No. 31814 (Ley que promueve el uso de la inteligencia artificial en favor del desarrollo económico y social del país, 2023) and its implementing regulation Supreme Decree No. 115-2025-PCM (published 9 September 2025, in force 22 January 2026); overseen by the Secretariat of Government and Digital Transformation (SGTD) of the Presidency of the Council of Ministers (PCM).
Romania - Artificial Intelligence: Comprehensive law. EU AI Act (Regulation (EU) 2024/1689, directly applicable); National AI Strategy 2024–2027 (Government Decision HG 832/2024); Romanian Committee for Artificial Intelligence (CRIA); Authority for the Digitalisation of Romania (ADR) — proposed NCA
Rwanda - Artificial Intelligence: Guidelines only. National AI Policy (Cabinet-approved April 2023), administered by the Ministry of ICT and Innovation (MINICT) and Rwanda Information Society Authority (RISA); Responsible AI Office (RAI Office) established within MINICT for coordination
San Marino - Artificial Intelligence: Guidelines only. No binding domestic AI statute. Governance rests on San Marino's signature of the Council of Europe Framework Convention on AI, Human Rights, Democracy and the Rule of Law (CETS 225, signed 5 Sep 2024) plus an emerging government AI/digital-transition strategy. Domestic AI legislation exists only at the political-proposal stage.
Senegal - Artificial Intelligence: Guidelines only. Stratégie Nationale pour le Développement de l'Intelligence Artificielle (SNDIA, 2023); Commission de Protection des Données Personnelles (CDP) under Law n° 2008-12 of 25 January 2008
Serbia - Artificial Intelligence: Proposed. Draft AI Law (in preparation, modeled on EU AI Act); AI Development Strategy 2025–2030; Ethical Guidelines for Trustworthy AI (2023, non-binding); Council for Artificial Intelligence (est. July 2024)
Slovakia - Artificial Intelligence: Comprehensive law. EU AI Act (Regulation (EU) 2024/1689), directly applicable; national implementation via Act No. 318/2025 Z.z. (amending conformity assessment law, in force 1 Jan 2026); Draft Act LP/2025/401 on Organisation of Public Administration in the Field of AI (pending); MIRRI SR as national coordinator and Single Contact Point
Slovenia - Artificial Intelligence: Comprehensive law. EU AI Act (Regulation (EU) 2024/1689) — directly applicable; national implementing act ZIUDHPUI (Zakon o izvajanju Uredbe (EU) o določitvi harmoniziranih pravil o umetni inteligenci) in force from 21 November 2025; primary national competent authority: AKOS (Agency for Communication Networks and Services)
Sri Lanka - Artificial Intelligence: Guidelines only. National AI Strategy 2028 (Ministry of Digital Economy / CFSAI) + Personal Data Protection Act No. 9 of 2022 (Data Protection Authority of Sri Lanka)
Tanzania - Artificial Intelligence: Guidelines only. MICIT Guidelines for AI Ethical Use (2025); Tanzania Digital Economy Strategic Framework 2024–2034; National AI Readiness Assessment (UNESCO/MICIT, 2025)
Trinidad and Tobago - Artificial Intelligence: Proposed. Ministry of Public Administration and Artificial Intelligence (MPAAI), established May 2025; National AI Assessment Initiative (UNESCO RAM + UNDP AILA), launched November 2025; AI Bill under development as of 2026
Tunisia - Artificial Intelligence: Guidelines only. National AI Strategy and Roadmap (2021–2025); Organic Law No. 2004-63 on Personal Data Protection administered by INPDP; draft Organic Law on Personal Data Protection (2025, under parliamentary review)
Uganda - Artificial Intelligence: Proposed. National AI and Emerging Technologies Strategy (in development, 2025–2026), led by the Ministry of ICT & National Guidance; Data Protection and Privacy Act No. 9 of 2019 as primary applicable law; NITA-U as IT regulatory authority
Ukraine - Artificial Intelligence: Guidelines only. Cabinet of Ministers Concept for AI Development (Decree No. 1556-r, 2 December 2020); Ministry of Digital Transformation White Paper on AI Regulation (2023); Action Plan for AI Concept Implementation 2025–2026
Uruguay - Artificial Intelligence: Proposed. National AI Strategy 2024–2030 (AGESIC); draft AI regulation bill in development; Council of Europe AI Framework Convention (CETS No. 225) signed September 2025
Uzbekistan - Artificial Intelligence: Comprehensive law. Law No. ZRU-1115 (amending the Law 'On Informatization', signed 21 January 2026); National AI Strategy until 2030 (Presidential Resolution No. PP-358, 14 October 2024); Ministry of Digital Technologies as primary supervisory authority
Venezuela - Artificial Intelligence: Proposed. Proyecto de Ley de Inteligencia Artificial (AI Bill, first reading November 2024, second reading ongoing) and Código de Ética para el Desarrollo y Aplicación Responsable de la Inteligencia Artificial (February 2026, non-binding)
Zambia - Artificial Intelligence: Guidelines only. National Artificial Intelligence Strategy 2025–2027 (Ministry of Technology and Science); Data Protection Act No. 3 of 2021 (enforcement from March 2025); Zambia Information and Communications Technology Authority (ZICTA)
Zimbabwe - Artificial Intelligence: Guidelines only. Zimbabwe National Artificial Intelligence Strategy 2026–2030 (Cabinet-approved October 2025, officially launched 13 March 2026); underpinned by the Cyber and Data Protection Act [Chapter 11:12] No. 5/2021, administered by POTRAZ
Afghanistan - Artificial Intelligence: No framework. No AI-specific law, strategy, or regulatory body exists; the Ministry of Communications and Information Technology (MCIT) under the Taliban Islamic Emirate oversees general ICT but has issued no AI governance instrument
Barbados - Artificial Intelligence: Guidelines only. Data Protection Act 2019-29 (GDPR-modelled, fully in force); Central Bank of Barbados AI policy analyses; GovTech Barbados public-sector AI initiatives; announced but unenacted legislative overhaul covering AI, telecommunications, and electronic transactions
Belize - Artificial Intelligence: Sectoral rules. Data Protection Act 2021 (Act No. 45 of 2021); Senior Courts Practice Direction No. 18 of 2025 on Ethical Use of Generative Artificial Intelligence; National Digital Agenda 2022–2025
Benin - Artificial Intelligence: Guidelines only. Stratégie Nationale d'Intelligence Artificielle et des Mégadonnées (SNIAM) 2023–2027, Ministry of Digitalisation; underpinned by Code du Numérique (Law N°2017-20, 2018)
Bhutan - Artificial Intelligence: Guidelines only. Bhutan National AI Strategy 2025 (NAIS 2025) and GovTech Guideline for Generative AI Usage in the Civil Service (2024), both issued by the Government Technology Agency (GovTech) under the Royal Government of Bhutan
Bosnia & Herzegovina - Artificial Intelligence: Guidelines only. No dedicated AI law or national AI strategy; AI-adjacent provisions exist under the Personal Data Protection Law (Official Gazette, 28 Feb 2025, in application from 4 Oct 2025, GDPR-aligned); Federation BiH Development Strategy 2021–2027 names AI a priority; governance engagement driven primarily by UNDP and EU accession obligations
British Virgin Islands - Artificial Intelligence: No framework. No AI-specific legislation or formal AI governance framework; Data Protection Act 2021 provides partial coverage of AI-adjacent data-processing obligations
Burkina Faso - Artificial Intelligence: Proposed. No dedicated AI law in force; National AI Action Plan 2026-2028 under development by the Ministry of Digital Transition, Postal and Electronic Communications; data protection governed by Law No. 001-2021/AN administered by the Commission de l'Informatique et des Libertés (CIL)
Burundi - Artificial Intelligence: Guidelines only. Stratégie Nationale de l'Intelligence Artificielle 2026–2030 (validated April 2026), developed by the Ministère des Finances, Budget et Économie Numérique with UNDP support; no binding AI law in force
Central African Republic - Artificial Intelligence: No framework. No AI-specific law, strategy, or guidelines exist; general ICT regulation under ARCEP (Law 17.020/2017) and a data protection law (Loi 24/001, 2024) form the only relevant digital legal infrastructure.
Chad - Artificial Intelligence: Proposed. No dedicated AI law exists; AI governance is being addressed through a broader digital legal reform process led by the Ministry of Telecommunications, Digital Economy, and Digitalization of Administration (ARCEP as sectoral regulator)
Congo - Artificial Intelligence: Guidelines only. Vision Congo Digital 2025 national digital strategy; African Research Centre for Artificial Intelligence (ARCAI) established with UNECA support; no AI-specific binding legislation in force; telecoms regulator ARPCE developing AI governance roadmap
Djibouti - Artificial Intelligence: Proposed. Draft National AI Strategy (under development with UNESCWA support, 2025); Digital Code of Djibouti (Loi n° portant Code Numérique, enacted June 30, 2025); Ministry of Digital Economy and Innovation (MDENI)
DR Congo - Artificial Intelligence: Guidelines only. National AI Strategy 2025–2030 (launched October 2025); National Digital Plan 2026–2030 (PNN2); Digital Code Ordonnance-loi N°23-010 of 13 March 2023 (broad digital framework, no AI-specific provisions); UNESCO AI Readiness Assessment (validated April 2025)
Equatorial Guinea - Artificial Intelligence: No framework. No dedicated national AI law, AI strategy, or AI regulatory guidelines exist at the national level. The applicable overarching data framework is Law No. 1/2016 on the Protection of Personal Data. At the continental level, Equatorial Guinea, as an African Union member state, is encompassed by the AU Continental AI Strategy (adopted July 2024).
Eritrea - Artificial Intelligence: No framework. No AI-specific law, strategy, or regulatory framework; digital governance limited to the 1998 Communications Proclamation and the 2003 Eritrean Telecommunications Services Corporation (EriTel) Proclamation
eSwatini - Artificial Intelligence: No framework. No AI-specific law or strategy; general digital governance provided by the Data Protection Act, 2022 (ESCCOM/EDPA as regulators) and the eSwatini Digital Transformation Strategy 2024–2028
Gabon - Artificial Intelligence: Sectoral rules. Ordonnance n°0011/PR/2026 du 26 février 2026 (AI-generated content & deepfakes); National Technical Committee for AI (CTN-IA) under the Ministry of New Technologies, Information and Communication
Gambia - Artificial Intelligence: No framework. No dedicated AI law or strategy; AI-adjacent governance provided by the Personal Data Protection and Privacy Act 2025 and the National Digital Economy Master Plan 2024–2034, under the Ministry of Communications and Digital Economy (MOCDE) and the Public Utilities Regulatory Authority (PURA)
Greenland - Artificial Intelligence: No framework. No AI-specific law, regulation, or dedicated guidelines. Greenland (an autonomous Danish territory and EU Overseas Country/Territory) is explicitly excluded from the EU AI Act and from Denmark's national implementing law; governance touches AI only indirectly via the general National Digitalisation Strategy 2023-2026 (Naalakkersuisut) and a separate Greenlandic data-protection decree.
Guinea - Artificial Intelligence: Guidelines only. National AI Roadmap 2026–2035 (validated December 2025); DouIA2 initiative; Ministry of Posts, Telecommunications and the Digital Economy (MPTEN)
Guinea-Bissau - Artificial Intelligence: No framework. No AI-specific law, regulation, or published guidelines exist; AI is mentioned within the broader National Digital Transformation Strategy 2025–2030 (ENTD.GW) but no standalone AI governance instrument has been adopted or formally proposed.
Guyana - Artificial Intelligence: No framework. No dedicated AI law, national AI strategy, or AI bill in force or formally introduced. AI-relevant governance rests only on the general Data Protection Act 18 of 2023 plus non-binding regional guidance (UNESCO/CARICOM Caribbean AI Policy Roadmap) and stated government intent to develop a framework.
Haiti - Artificial Intelligence: No framework. No AI-specific law, strategy, or binding guidelines exist; the closest adjacent instrument is Law No. 172-13 on Comprehensive Protection of Personal Data (2013), which applies incidentally to data-driven systems.
Isle of Man - Artificial Intelligence: Guidelines only. National AI Office (NAIO), Digital Isle of Man; Foundations (Amendment) Act 2025 (Data Asset Foundations); Data Protection Act 2018 (GDPR-equivalent)
Jersey - Artificial Intelligence: Guidelines only. AI Playbook for Jersey (Digital Jersey, 2024) + Jersey AI Council (est. November 2025) + Data Protection (Jersey) Law 2018 applied to AI activities
Kyrgyzstan - Artificial Intelligence: Sectoral rules. Digital Code of the Kyrgyz Republic (Chapter 23 on AI), National Council for AI Development (Cabinet of Ministers Resolution, January 2025), self-regulatory organisations (SROs)
Lesotho - Artificial Intelligence: Proposed. Draft Artificial Intelligence Policy v0.1, Ministry of Information, Communications, Science, Technology and Innovation (MICSTI); National Digital Transformation Strategy 2024–2030
Liberia - Artificial Intelligence: No framework. No AI-specific legal framework exists. The Ministry of Posts and Telecommunications and the Liberia Telecommunications Authority (LTA) govern ICT broadly under the National ICT Policy 2019–2024, which does not address artificial intelligence.
Libya - Artificial Intelligence: Guidelines only. National Artificial Intelligence Strategy of Libya 2025–2030 (General Information Authority / GIA), accompanied by a National AI Policy and National Charter for AI Ethics
Madagascar - Artificial Intelligence: No framework. No dedicated AI framework; Law No. 2014-038 on Personal Data Protection (2015) and the Plan Stratégique du Numérique 2023–2028 provide general digital governance context without AI-specific provisions
Malawi - Artificial Intelligence: Proposed. Draft National AI Strategy (under validation, 2026); Data Protection Act 2024 (MACRA as regulator); UNESCO Recommendation on Ethics of AI (implementation underway)
Maldives - Artificial Intelligence: Proposed. AI Masterplan 2025–2035 (in development) led by the National Centre for Information Technology (NCIT) under the Ministry of Homeland Security and Technology; standalone AI legislation announced but not yet enacted
Mali - Artificial Intelligence: No framework. No dedicated AI law or regulation; relevant instruments are Loi n°2013-015 on personal data protection (APDP), Ordinance N°2023-022/PT-RM establishing CIAR-Mali (2023), and the National Cybersecurity Strategy 2026–2030
Mauritania - Artificial Intelligence: Guidelines only. National Artificial Intelligence Strategy of Mauritania 2024–2029, led by the Ministry of Digital Transformation, Innovation and Modernization of Administration (MTNIMA), governed under a sub-committee of the Supreme Council for Digitalization
Montenegro - Artificial Intelligence: Proposed. No dedicated AI law in force; National AI Strategy 2026–2030 under active drafting (Ministry of Public Administration, UNDP); Council of Europe Framework Convention on AI signed November 2024; EU AI Act alignment anticipated upon accession
New Caledonia - Artificial Intelligence: No framework. No AI-specific framework; New Caledonia's sui generis collectivity status excludes it from the EU AI Act and French national AI legislation does not automatically extend to the territory
Nicaragua - Artificial Intelligence: Guidelines only. No dedicated AI law or regulator. The only AI-specific official instruments are voluntary 'Cartillas para el Uso Responsable y Ético de la Inteligencia Artificial' (ethical-use guides) issued by the education authorities (MINED/INATEC/SETEC) in March 2026; general laws such as Ley 787 (Personal Data Protection) and Ley 1042 (Special Cybercrimes Law) apply indirectly.
Niger - Artificial Intelligence: Proposed. No AI-specific law in force. The government (via the Ministry in charge of the digital economy and the Agence Nationale pour la Société de l'Information, ANSI) has publicly announced its intent to develop a National Strategy for Artificial Intelligence and Data Management; general data processing is governed by the personal-data protection law enforced by the Haute Autorité de Protection des Données à caractère Personnel (HAPDP).
North Korea - Artificial Intelligence: No framework. No public AI-specific law, regulator, or published governance framework. AI is addressed only as a state development priority — anchored in the 'informatization' clause added to Article 26 of the Socialist Constitution (2019) and pursued through the Ministry of Information Industry and the Artificial Intelligence Research Institute (est. 2013) — not through any transparent regulatory regime.
Palestine - Artificial Intelligence: Guidelines only. Palestinian National Strategy for Artificial Intelligence (2023), led by the Ministry of Telecommunications and Digital Economy; non-binding strategy and responsible-AI principles rather than enacted AI legislation.
Puerto Rico - Artificial Intelligence: Proposed. No comprehensive AI law in force. The principal vehicle is Senate Bill 68 ("Ley de Inteligencia Artificial del Gobierno de Puerto Rico"), which passed the Puerto Rico Senate in 2025 but not the House; the Puerto Rico Innovation and Technology Service (PRITS) is the designated lead agency in pending proposals. As a U.S. territory, Puerto Rico is also subject to U.S. federal AI policy.
Seychelles - Artificial Intelligence: Proposed. No comprehensive or sectoral AI law in force. AI-specific governance exists only as a private member's proposal — the 'Pro-Human Technology Bill' (introduced early 2024) — under review by a National Assembly working group. The general Data Protection Act 2023 governs automated processing of personal data but is not AI-specific.
Sierra Leone - Artificial Intelligence: No framework. No AI-specific law, regulation, or adopted national AI strategy. AI is touched on only obliquely by the National Innovation & Digital Strategy (2019–2029) and the Cyber Security and Crime Act, 2021; a dedicated National AI Strategy is under development by the Ministry of Communication, Technology and Innovation (MoCTI) following a World Bank–supported AI Readiness Assessment launched in 2025.
Solomon Islands - Artificial Intelligence: No framework. No AI-specific law, regulator, or national AI strategy. AI use falls under general/adjacent instruments only — the 2017 National ICT Policy and the August 2024 National Cybersecurity Policy — with the Ministry of Communication and Aviation the lead ICT authority.
Somalia - Artificial Intelligence: No framework. No AI-specific law, regulation, or published national AI strategy. Institutional activity sits with the Somali National AI Center (SNAIC) under the Ministry of Communications and Technology; the closest binding instrument is the data-adjacent Data Protection Act (Law No. 005 of 2023).
South Sudan - Artificial Intelligence: No framework. No AI-specific law, regulator, or national AI strategy. South Sudan has not initiated AI policy; only adjacent digital laws (Cybercrime and Computer Misuse Act 2026) exist, with a Data Protection Bill proposed for 2026.
Sudan - Artificial Intelligence: No framework. No AI-specific law, national AI strategy, or binding guidelines in force. A Sudanese Data and Artificial Intelligence Authority was created by prime-ministerial decree on 5 November 2025, but it has not yet issued any AI regulation; Sudan is also an African Union member expected to domesticate the AU Continental AI Strategy.
Suriname - Artificial Intelligence: No framework. No AI-specific law, regulation, or standalone strategy. AI is addressed only as an enabling technology within the broader National Digital Strategy 2023-2030 (Presidential Working Group on e-Government, with UNDP support).
Syria - Artificial Intelligence: No framework. No AI-specific law or formal national AI strategy. AI is referenced as a pillar within the broader National Digital Transformation Strategy (to 2030) led by the Ministry of Communications and Information Technology; data is touched only indirectly via the Electronic Personal Data Protection Law (Law No. 12 of 2024).
Tajikistan - Artificial Intelligence: Guidelines only. National Strategy for the Development of Artificial Intelligence in the Republic of Tajikistan for the Period up to 2040 (adopted September 2022; signed by President Emomali Rahmon). Coordinated by the Agency for Innovation and Digital Technologies under the President, with an Interdepartmental Commission for the Regulation of AI. A binding Law 'On Artificial Intelligence' is in development but not yet enacted.
Timor-Leste - Artificial Intelligence: No framework. No dedicated AI law, regulation, or adopted national AI strategy. AI is being addressed through a UNESCO-supported AI Readiness Assessment (RAM) and the broader Timor Digital 2032 digital strategy (TIC Timor), neither of which constitutes binding AI governance. Timor-Leste endorsed the non-binding UNESCO Recommendation on the Ethics of AI (2021).
Togo - Artificial Intelligence: Proposed. National AI strategy under development (led by the Ministry of Justice & Human Rights and the Ministry of Digital Economy/MENTD); no AI-specific law in force. Existing Law No. 2019-014 on personal data protection applies to AI-related data processing.
Turkmenistan - Artificial Intelligence: Proposed. No AI-specific law in force. A National AI Strategy is under development (draft stage as of May 2026), led by the Ministry of Communications with UNDP support, as part of the Concept/State Programme for the Development of the Digital Economy for 2026–2028.
Vanuatu - Artificial Intelligence: Guidelines only. No AI-specific law. AI is addressed only at a high level through Vanuatu's National ICT Policy (ethical principles) and broader digital-governance instruments such as the Digital Transformation Act 2025, administered by the Department of Communications and Digital Transformation.
Yemen - Artificial Intelligence: No framework. No dedicated AI law, national AI strategy, or official AI guidelines. Yemen has no comprehensive data-protection statute either, and state institutions are fragmented by the ongoing armed conflict, leaving no functioning AI governance regime.
Antigua and Barbuda - Artificial Intelligence: Proposed. No enacted AI law; draft AI legislation in preparation by Ministry of Legal Affairs; existing baseline from Data Protection Act 2013 and Electronic Crimes Act
Cape Verde - Artificial Intelligence: Proposed. National AI Strategy (in development, formally launched April–May 2026); data protection governed by CNPD under Law 133/V/2001 as amended by Law 121/IX/2021
Comoros - Artificial Intelligence: No framework. No dedicated AI law or AI-specific framework; general digital governance falls under ANRTIC (Decree 065/2009) and the 'Comores Numérique 2028' national digital strategy (2019). Comoros is an AU member state subject to the non-binding Continental AI Strategy (July 2024).
Dominica - Artificial Intelligence: No framework. No dedicated AI law or national AI strategy; general framework rests on the Data Protection Act 2011, the National Digital Transformation Strategy 2022–2026, and participation in regional CARICOM/OECS/CTU AI governance processes
Grenada - Artificial Intelligence: Guidelines only. No national AI law; participates in regional voluntary frameworks: UNESCO Caribbean AI Policy Roadmap (2022) and CTU Caribbean AI Task Force (2025); Data Protection Act No. 1 of 2023 provides tangential personal-data governance
Kiribati - Artificial Intelligence: No framework. No AI-specific law, strategy, or guidelines; general digital governance under the National ICT Policy 2019 and the Kiribati Digital Government Master Plan, administered by the Ministry of Information, Communications and Transport (MICT) Digital Transformation Office
Marshall Islands - Artificial Intelligence: No framework. No AI-specific law, strategy, or formal guidelines exist; the Marshall Islands' governance context is shaped by general digital-transformation legislation (Digital Transformation and Identity Verification Act 2025, Personal Data Protection Act 2025, Cybersecurity Act 2025) and the World Bank-supported Digital Republic of the Marshall Islands project.
Micronesia - Artificial Intelligence: No framework. No AI-specific law, strategy, or regulatory authority exists. Foundational digital governance (cybersecurity, data protection, cybercrime) is still under development via the FSM Cybersecurity Roadmap (2021) and the planned Digital Government legal framework (target 2026).
Nauru - Artificial Intelligence: No framework. No AI-specific law, strategy, or regulatory framework exists. The closest instrument is the Nauru National Digital Transformation Strategy 2025–2030 (NNDTS), which addresses broad digital governance but does not cover AI governance.
Palau - Artificial Intelligence: No framework. No AI-specific law, strategy, or guidelines in force; digital governance addressed through the National Cybersecurity Strategy 2026–2030 and a newly established Office of Applied Technology and Strategy
Saint Kitts and Nevis - Artificial Intelligence: No framework. No AI-specific law, regulation, or national strategy; AI governed incidentally by the Electronic Crimes Act 2009, Electronic Transactions Act 2011, Data Protection Act 2018 (passed but not yet commenced), and Consumer Protection Act 2023
Saint Lucia - Artificial Intelligence: No framework. No dedicated AI law, strategy, or national guidelines in force. AI-relevant governance is limited to the partially-proclaimed Data Protection Act (2011) and endorsement of the non-binding regional Santiago Declaration on ethical AI (2023).
Saint Vincent and the Grenadines - Artificial Intelligence: No framework. No dedicated AI law or national AI strategy; adjacent governance via Data Protection Act 2021 and participation in the CTU Caribbean AI Task Force and UNESCO Caribbean AI Policy Roadmap
Samoa - Artificial Intelligence: Proposed. Draft National ICT Policy 2025–2030 (Ministry of Communications & Information Technology); no dedicated AI law in force
Sao Tome and Principe - Artificial Intelligence: No framework. No AI-specific law, strategy, or regulatory authority exists. Broader digital governance is nascent, anchored by the National Cybersecurity Strategy 2024-2028 and an ongoing UNU-assisted Digital Governance Strategy. At the continental level, Sao Tome and Principe is an African Union member state bound by the AU Continental AI Strategy (July 2024), but this is a non-binding framework document, not domestic regulation.
Tonga - Artificial Intelligence: No framework. No AI-specific law, strategy, or formal guidelines exist; digital governance is covered by the Tonga Digital Government Strategic Framework (2019–2024) and emerging cybersecurity/data-protection legislation
Tuvalu - Artificial Intelligence: No framework. No dedicated AI law, strategy, or guidelines exist; AI is referenced only aspirationally in the Tuvalu National ICT Policy (2024) under the Ministry of Communications and the Department of ICT
Argentina - Data & Privacy: Comprehensive law. Personal Data Protection Act No. 25.326 (Ley de Protección de los Datos Personales, 2000) and its regulatory decree, enforced by the Agency for Access to Public Information (AAIP) through its National Directorate for Personal Data Protection (DNPDP).
Australia - Data & Privacy: Comprehensive law. Privacy Act 1988 (Cth), incorporating the 13 Australian Privacy Principles (APPs), administered by the Office of the Australian Information Commissioner (OAIC), as amended by the Privacy and Other Legislation Amendment Act 2024
Austria - Data & Privacy: Comprehensive law. EU General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) as the directly-applicable baseline, supplemented nationally by the Austrian Data Protection Act (Datenschutzgesetz – DSG), enforced by the Datenschutzbehörde (DSB).
Bahrain - Data & Privacy: Comprehensive law. Personal Data Protection Law, Law No. (30) of 2018 (PDPL), supervised by the Personal Data Protection Authority (PDPA) under the Ministry of Justice, Islamic Affairs and Waqf
Belgium - Data & Privacy: Comprehensive law. EU General Data Protection Regulation (Regulation (EU) 2016/679, GDPR) as the directly-applicable baseline, implemented nationally by the Act of 30 July 2018 on the protection of natural persons with regard to the processing of personal data; supervised by the Belgian Data Protection Authority (Autorité de protection des données / Gegevensbeschermingsautoriteit, APD/GBA), established by the Act of 3 December 2017.
Bermuda - Data & Privacy: Comprehensive law. Personal Information Protection Act 2016 (PIPA), supervised by the Office of the Privacy Commissioner for Bermuda (PrivCom)
Brazil - Data & Privacy: Comprehensive law. Lei Geral de Proteção de Dados Pessoais (LGPD) — Federal Law No. 13.709/2018, in force since September 2020, enforced by the Autoridade Nacional de Proteção de Dados (ANPD).
Canada - Data & Privacy: Comprehensive law. Personal Information Protection and Electronic Documents Act (PIPEDA), S.C. 2000, c. 5, enforced by the Office of the Privacy Commissioner of Canada (OPC); complemented by the federal Privacy Act for the public sector and 'substantially similar' provincial laws in Quebec, British Columbia and Alberta.
Cayman Islands - Data & Privacy: Comprehensive law. Data Protection Act (2021 Revision), enforced by the Office of the Ombudsman
China - Data & Privacy: Comprehensive law. Personal Information Protection Law (PIPL, effective 1 Nov 2021), reinforced by the Data Security Law (2021) and the Cybersecurity Law (amended, effective 1 Jan 2026); supervised by the Cyberspace Administration of China (CAC).
Denmark - Data & Privacy: Comprehensive law. EU General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) as directly applicable EU law, supplemented nationally by the Danish Data Protection Act (Databeskyttelsesloven, Act No. 502 of 23 May 2018). Supervisory authority: Datatilsynet (Danish Data Protection Agency).
Egypt - Data & Privacy: Comprehensive law. Personal Data Protection Law No. 151 of 2020 (PDPL), with Executive Regulations issued by Minister of Communications and Information Technology Decree No. 816 of 2025; supervised and enforced by the Personal Data Protection Center (PDPC) under the Ministry of Communications and Information Technology (MCIT).
Finland - Data & Privacy: Comprehensive law. EU General Data Protection Regulation (2016/679) as the directly applicable baseline, supplemented nationally by Finland's Data Protection Act (Tietosuojalaki 1050/2018), enforced by the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto).
France - Data & Privacy: Comprehensive law. EU General Data Protection Regulation (Regulation (EU) 2016/679, GDPR) as implemented nationally by the Loi n° 78-17 du 6 janvier 1978 'Informatique et Libertés' (as recast by Ordonnance 2018-1125 and amended through Loi 2024-449), supervised by the Commission Nationale de l'Informatique et des Libertés (CNIL).
Germany - Data & Privacy: Comprehensive law. EU General Data Protection Regulation (GDPR, Reg. (EU) 2016/679), directly applicable, supplemented nationally by the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG); sector rules in the Telecommunications-Digital Services Data Protection Act (TDDDG). Supervised federally by the BfDI alongside state authorities.
Gibraltar - Data & Privacy: Comprehensive law. Gibraltar General Data Protection Regulation ("Gibraltar GDPR") together with the Data Protection Act 2004, supervised by the Gibraltar Regulatory Authority (GRA) acting as Information Commissioner
Hong Kong - Data & Privacy: Comprehensive law. Personal Data (Privacy) Ordinance (Cap. 486) ('PDPO'), enforced by the Office of the Privacy Commissioner for Personal Data ('PCPD')
India - Data & Privacy: Comprehensive law. Digital Personal Data Protection Act, 2023 (DPDP Act), with the Digital Personal Data Protection Rules, 2025 notified by the Ministry of Electronics and Information Technology (MeitY); supervised by the Data Protection Board of India (DPBI).
Indonesia - Data & Privacy: Comprehensive law. Law No. 27 of 2022 on Personal Data Protection (Undang-Undang Pelindungan Data Pribadi / UU PDP). Interim oversight rests with the Ministry of Communication and Digital Affairs (Komdigi); a dedicated Data Protection Authority is mandated but not yet established.
Ireland - Data & Privacy: Comprehensive law. EU General Data Protection Regulation (GDPR) as given further effect by the Data Protection Act 2018; supervised and enforced by the Data Protection Commission (DPC)
Israel - Data & Privacy: Comprehensive law. Protection of Privacy Law, 5741-1981 (PPL), substantially modernized by Amendment No. 13 (in force 14 August 2025); enforced by the Privacy Protection Authority (PPA) within the Ministry of Justice
Italy - Data & Privacy: Comprehensive law. EU General Data Protection Regulation (Regulation (EU) 2016/679 – GDPR), as implemented nationally by the Personal Data Protection Code (Legislative Decree No. 196/2003) as amended by Legislative Decree No. 101/2018; supervised by the Garante per la protezione dei dati personali.
Japan - Data & Privacy: Comprehensive law. Act on the Protection of Personal Information (APPI), Act No. 57 of 2003, as amended (notably 2015, 2020 and 2022); enforced by the Personal Information Protection Commission (PPC).
Kenya - Data & Privacy: Comprehensive law. Data Protection Act, No. 24 of 2019, enforced by the Office of the Data Protection Commissioner (ODPC), giving effect to Article 31 of the Constitution of Kenya (right to privacy).
Liechtenstein - Data & Privacy: Comprehensive law. EU General Data Protection Regulation (Regulation (EU) 2016/679), incorporated into the EEA Agreement and applicable in Liechtenstein, together with the national Data Protection Act (Datenschutzgesetz, DSG) of 4 October 2018 (LR 235.1); supervised by the Data Protection Authority (Datenschutzstelle, DSS) in Vaduz.
Luxembourg - Data & Privacy: Comprehensive law. EU General Data Protection Regulation (Regulation (EU) 2016/679, GDPR), implemented nationally by the Law of 1 August 2018 organising the Commission nationale pour la protection des données (CNPD) and the general data-protection framework; supervised by the CNPD.
Malaysia - Data & Privacy: Comprehensive law. Personal Data Protection Act 2010 (Act 709), as amended by the Personal Data Protection (Amendment) Act 2024 (Act A1727); enforced by the Personal Data Protection Commissioner (Jabatan Perlindungan Data Peribadi, JPDP) under the Ministry of Digital.
Mexico - Data & Privacy: Comprehensive law. Federal Law on the Protection of Personal Data Held by Private Parties (Ley Federal de Protección de Datos Personales en Posesión de los Particulares, LFPDPPP), published in the Diario Oficial de la Federación on 20 March 2025; complemented by the General Law on Protection of Personal Data Held by Obligated Subjects (LGPDPPSO) for the public sector. Supervisory authority: Secretariat of Anti-Corruption and Good Governance (Secretaría Anticorrupción y Buen Gobierno).
Netherlands - Data & Privacy: Comprehensive law. EU General Data Protection Regulation (GDPR / 'AVG', Regulation 2016/679), directly applicable since 25 May 2018, supplemented nationally by the Dutch GDPR Implementation Act (Uitvoeringswet Algemene verordening gegevensbescherming, UAVG). Supervised and enforced by the Autoriteit Persoonsgegevens (AP).
New Zealand - Data & Privacy: Comprehensive law. Privacy Act 2020 (as amended by the Privacy Amendment Act 2025), administered by the Office of the Privacy Commissioner (Te Mana Mātāpono Matatapu).
Nigeria - Data & Privacy: Comprehensive law. Nigeria Data Protection Act (NDPA) 2023, supervised by the Nigeria Data Protection Commission (NDPC), operationalized by the General Application and Implementation Directive (GAID) 2025.
Norway - Data & Privacy: Comprehensive law. Personal Data Act 2018 (personopplysningsloven), which incorporates the EU GDPR into Norwegian law via the EEA Agreement; supervised by Datatilsynet (the Norwegian Data Protection Authority).
Philippines - Data & Privacy: Comprehensive law. Republic Act No. 10173, the Data Privacy Act of 2012 (DPA), with its 2016 Implementing Rules and Regulations, enforced by the National Privacy Commission (NPC).
Poland - Data & Privacy: Comprehensive law. EU GDPR (Regulation 2016/679) as directly applicable law, implemented nationally by the Personal Data Protection Act of 10 May 2018 (Ustawa o ochronie danych osobowych); supervised by the President of the Personal Data Protection Office (Prezes UODO).
Portugal - Data & Privacy: Comprehensive law. EU General Data Protection Regulation (Regulation (EU) 2016/679, GDPR) as the directly-applicable baseline, executed nationally by Lei n.º 58/2019 of 8 August; supervised by the Comissão Nacional de Proteção de Dados (CNPD)
Qatar - Data & Privacy: Comprehensive law. Law No. 13 of 2016 on Personal Data Privacy Protection (PDPPL), supervised by the National Cyber Governance and Assurance Affairs (NCGAA) within the National Cyber Security Agency (NCSA); the Qatar Financial Centre operates a separate GDPR-aligned regime (QFC Data Protection Regulations and Rules 2021).
Russia - Data & Privacy: Comprehensive law. Federal Law No. 152-FZ 'On Personal Data' (2006, as amended), enforced by Roskomnadzor (Federal Service for Supervision of Communications, Information Technology and Mass Media), supplemented by the data-localization rule introduced by Federal Law No. 242-FZ (2014).
Saudi Arabia - Data & Privacy: Comprehensive law. Personal Data Protection Law (PDPL), issued by Royal Decree No. M/19 (2021), amended by Royal Decree No. M/148 (2023); enforced by the Saudi Data and Artificial Intelligence Authority (SDAIA). Supplemented by the Implementing Regulations and the Regulation on Personal Data Transfer Outside the Kingdom.
Singapore - Data & Privacy: Comprehensive law. Personal Data Protection Act 2012 (PDPA), administered by the Personal Data Protection Commission (PDPC); amended by the Personal Data Protection (Amendment) Act 2020.
South Africa - Data & Privacy: Comprehensive law. Protection of Personal Information Act 4 of 2013 (POPIA), enforced by the Information Regulator (South Africa)
South Korea - Data & Privacy: Comprehensive law. Personal Information Protection Act (PIPA), enforced by the Personal Information Protection Commission (PIPC), South Korea's independent national data protection authority.
Spain - Data & Privacy: Comprehensive law. EU GDPR (Regulation 2016/679) as implemented nationally by Organic Law 3/2018 (LOPDGDD) on the Protection of Personal Data and Guarantee of Digital Rights; supervised by the Spanish Data Protection Agency (AEPD).
Sweden - Data & Privacy: Comprehensive law. EU General Data Protection Regulation (GDPR, Regulation (EU) 2016/679), implemented nationally by the Act (2018:218) with supplementary provisions to the EU GDPR (Dataskyddslagen) and Ordinance (2018:219); supervised by Integritetsskyddsmyndigheten (IMY, Swedish Authority for Privacy Protection).
Switzerland - Data & Privacy: Comprehensive law. Federal Act on Data Protection (FADP / nFADP) of 25 September 2020, in force since 1 September 2023, with its implementing Ordinance (DPO); supervised by the Federal Data Protection and Information Commissioner (FDPIC / EDÖB).
Taiwan - Data & Privacy: Comprehensive law. Personal Data Protection Act (PDPA) — an omnibus, GDPR-style data protection law applying to both government and non-government agencies across all sectors. Major amendments promulgated 11 November 2025 establish the Personal Data Protection Commission (PDPC) as Taiwan's first dedicated independent supervisory authority; a Preparatory Office (pdpc.gov.tw) currently operates pending the Commission's formal establishment.
Thailand - Data & Privacy: Comprehensive law. Personal Data Protection Act B.E. 2562 (2019) ("PDPA"), supervised by the Personal Data Protection Committee / Office of the PDPC
Turkey - Data & Privacy: Comprehensive law. Law No. 6698 on the Protection of Personal Data (KVKK), enforced by the Personal Data Protection Authority (Kişisel Verileri Koruma Kurumu) and its Personal Data Protection Board, Ankara
UAE - Data & Privacy: Comprehensive law. Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL), administered by the Emirates Data Office (established under Federal Decree-Law No. 44 of 2021); DIFC and ADGM financial free zones maintain parallel, independent GDPR-aligned regimes
United Kingdom - Data & Privacy: Comprehensive law. UK GDPR (retained EU law), Data Protection Act 2018 (DPA 2018), and Data (Use and Access) Act 2025 (DUAA 2025); supervised by the Information Commissioner's Office (ICO), which is being restructured into the 'Information Commission' under DUAA 2025
United States - Data & Privacy: Sectoral rules. Patchwork of federal sector-specific laws (HIPAA, GLBA, COPPA, FERPA, FCRA) enforced by the FTC and sector regulators, plus 20+ state comprehensive privacy laws led by California's CCPA/CPRA. No omnibus federal law is in force as of May 2026.
Vietnam - Data & Privacy: Comprehensive law. Law No. 91/2025/QH15 on Personal Data Protection (effective 1 January 2026), implemented by Decree No. 356/2025/ND-CP; supervised by the Ministry of Public Security (Department of Cybersecurity and Prevention of Cybercrimes)
Albania - Data & Privacy: Comprehensive law. Law No. 124/2024 'On Personal Data Protection' (in force 31 January 2025), supervised by the Commissioner for the Right to Information and Protection of Personal Data (IDP – idp.al)
Algeria - Data & Privacy: Comprehensive law. Law No. 18-07 of 10 June 2018 on the Protection of Individuals in Personal Data Processing (as amended by Law No. 25-11 of 24 July 2025), enforced by the National Authority for the Protection of Personal Data (ANPDP – Autorité Nationale de Protection des Données à Caractère Personnel)
Andorra - Data & Privacy: Comprehensive law. Llei 29/2021, del 28 d'octubre, qualificada de protecció de dades personals (LQPD), in force since 17 May 2022; supervised by the Agència Andorrana de Protecció de Dades (APDA)
Angola - Data & Privacy: Comprehensive law. Lei n.º 22/11 de 17 de Junho (Lei de Proteção de Dados Pessoais — LPDP), enforced by the Agência de Proteção de Dados (APD)
Armenia - Data & Privacy: Comprehensive law. Law of the Republic of Armenia on Personal Data Protection (ՀՕ-49-Ն, adopted 18 May 2015, as amended); supervised by the Personal Data Protection Agency (PDPA) under the Ministry of Justice
Azerbaijan - Data & Privacy: Comprehensive law. Law of the Republic of Azerbaijan on Personal Data No. 998-IIIQ (adopted 11 May 2010, as amended), supervised by the Ministry of Digital Development and Transport; supplemented by the Law on Information, Informatisation and Protection of Information, the Civil Code and the Code of Administrative Offences.
Bahamas - Data & Privacy: Comprehensive law. Data Protection Act, 2025 (assented 9 December 2025; replaces the Data Protection (Privacy of Personal Information) Act, 2003). Supervisory authority: Office of the Data Protection Commissioner.
Bangladesh - Data & Privacy: Comprehensive law. Personal Data Protection Ordinance, 2025 (Ordinance No. 61/2025), gazetted 6 November 2025; enforced by the National Data Governance Authority (NDGA) established under the companion National Data Governance Ordinance, 2025
Belarus - Data & Privacy: Comprehensive law. Law of the Republic of Belarus No. 99-Z 'On Personal Data Protection' of 7 May 2021 (in force 15 November 2021), supervised by the National Personal Data Protection Center (NPDPC / cpd.by)
Bolivia - Data & Privacy: Proposed. No comprehensive data-protection law enacted; constitutional habeas data (Art. 130, 2009 Political Constitution); sector-specific obligations under Law 164 (2011) and Supreme Decree 1793 (2013) for telecoms; AGETIC 2024 anteproyecto under legislative review; no dedicated supervisory authority
Botswana - Data & Privacy: Comprehensive law. Data Protection Act 18 of 2024 (in force 14 January 2025), supervised by the Information and Data Protection Commission (IDPC)
Brunei - Data & Privacy: Comprehensive law. Personal Data Protection Order 2025 (S 1/2025), supervised by the Authority for Info-Communications Technology Industry of Brunei Darussalam (AITI)
Bulgaria - Data & Privacy: Comprehensive law. EU GDPR (Regulation (EU) 2016/679) directly applicable, supplemented by Bulgaria's Personal Data Protection Act (PDPA, State Gazette No. 17/26.02.2019, in force 2 March 2019); supervised by the Commission for Personal Data Protection (CPDP)
Cambodia - Data & Privacy: Proposed. Draft Law on Personal Data Protection (LPDP, July 2025) — not yet enacted; existing regime relies on Sub-Decree No. 252 (2021), the E-Commerce Law, and general constitutional/civil/criminal-code privacy provisions. Designated supervisory authority (under draft): Ministry of Post and Telecommunications (MPTC).
Cameroon - Data & Privacy: Comprehensive law. Law No. 2024/017 of 23 December 2024 relating to personal data protection in Cameroon; supplemented by Law No. 2010/012 of 21 December 2010 on Cybersecurity and Cybercriminality. Supervisory authority: Personal Data Protection Authority (Autorité de protection des données à caractère personnel) — mandated by the 2024 law but not yet operationally established as of mid-2026.
Chile - Data & Privacy: Comprehensive law. Currently Law No. 19.628 (1999, 'sobre protección de la vida privada'), grounded in Constitution Art. 19 No. 4; comprehensively overhauled by GDPR-style Law No. 21.719 (published 13 Dec 2024), which enters into force 1 December 2026 and creates the Agencia de Protección de Datos Personales (APDP).
Colombia - Data & Privacy: Comprehensive law. Statutory Law 1581 of 2012 (Ley Estatutaria 1581 de 2012), supplemented by Law 1266 of 2008 for financial/credit data, with the Superintendencia de Industria y Comercio (SIC) as the supervisory authority
Costa Rica - Data & Privacy: Comprehensive law. Law No. 8968 — Ley de Protección de la Persona frente al Tratamiento de sus Datos Personales (2011), with implementing Regulation (Executive Decree No. 37554-JP), enforced by the Agencia de Protección de Datos de los Habitantes (PRODHAB) under the Ministry of Justice and Peace.
Côte d'Ivoire - Data & Privacy: Comprehensive law. Law No. 2013-450 of 19 June 2013 on the Protection of Personal Data; supervised by ARTCI (Autorité de Régulation des Télécommunications/TIC de Côte d'Ivoire) via its dedicated DPA portal autoritedeprotection.ci
Croatia - Data & Privacy: Comprehensive law. EU General Data Protection Regulation (GDPR, Regulation 2016/679) directly applicable; national implementation via Act on the Implementation of the General Data Protection Regulation (Zakon o provedbi Opće uredbe o zaštiti podataka, Official Gazette No. 42/2018); supervisory authority: Agencija za zaštitu osobnih podataka (AZOP)
Cuba - Data & Privacy: Comprehensive law. Ley No. 149/2022 'De Protección de Datos Personales' (Law on the Protection of Personal Data), supervised by the Ministry of Communications
Cyprus - Data & Privacy: Comprehensive law. GDPR (Regulation 2016/679) directly applicable; national supplementing legislation: Law 125(I)/2018 (Protection of Physical Persons Against the Processing of Personal Data and Free Movement of Such Data); Law 44(I)/2019 for law-enforcement processing (Directive 2016/680). Supervisory authority: Office of the Commissioner for Personal Data Protection (Nicosia).
Czechia - Data & Privacy: Comprehensive law. GDPR (Regulation (EU) 2016/679) directly applicable, supplemented by Act No. 110/2019 Coll. on Personal Data Processing (national adaptation law); supervised by the Office for Personal Data Protection (Úřad pro ochranu osobních údajů — UOOU)
Dominican Republic - Data & Privacy: Comprehensive law. Law No. 172-13 on the Comprehensive Protection of Personal Data (Ley No. 172-13 sobre Protección Integral de los Datos Personales), enacted 13 December 2013. No dedicated, independent data-protection authority exists; the Superintendency of Banks (Superintendencia de Bancos) supervises credit bureaus.
Ecuador - Data & Privacy: Comprehensive law. Ley Orgánica de Protección de Datos Personales (LOPDP), Official Gazette Supplement 459, 26 May 2021; supervised by the Superintendencia de Protección de Datos Personales (SPDP, spdp.gob.ec)
El Salvador - Data & Privacy: Comprehensive law. Ley de Protección de Datos Personales, Decreto Legislativo No. 144 (November 12, 2024; in force November 23, 2024), enforced by the Agencia de Ciberseguridad del Estado (ACE), established by the companion Ley de Ciberseguridad y Seguridad de la Información, Decreto Legislativo No. 143
Estonia - Data & Privacy: Comprehensive law. GDPR (EU 2016/679) directly applicable since 25 May 2018; supplemented by Estonia's Personal Data Protection Act (Isikuandmete kaitse seadus, in force 15 January 2019) and the Personal Data Protection Act Implementation Act (PDPAIA). National supervisory authority: Andmekaitse Inspektsioon (AKI) / Data Protection Inspectorate.
Ethiopia - Data & Privacy: Comprehensive law. Personal Data Protection Proclamation No. 1321/2024; supervised by the Ethiopian Communications Authority (ECA)
Fiji - Data & Privacy: Sectoral rules. No comprehensive data protection law. Privacy grounded in Section 24 of the 2013 Constitution, with sector-specific provisions in the Information Act 2018, Cybercrime Act 2021, and industry-specific laws (banking, medical, legal). No dedicated data protection supervisory authority exists.
Georgia - Data & Privacy: Comprehensive law. Law of Georgia on Personal Data Protection (No. 3144/2023); supervisory authority: Personal Data Protection Service (PDPS / pdps.ge)
Ghana - Data & Privacy: Comprehensive law. Data Protection Act, 2012 (Act 843); supervised by the Data Protection Commission (DPC); Data Protection Bill 2025 pending parliamentary enactment to replace Act 843
Greece - Data & Privacy: Comprehensive law. EU GDPR (Regulation 2016/679) directly applicable + Greek Law 4624/2019 (national supplement, in force 29 August 2019) + Law 3471/2006 (ePrivacy Directive implementation); supervised by the Hellenic Data Protection Authority (HDPA)
Guatemala - Data & Privacy: Proposed. Law on Access to Public Information, Decree 57-2008 (LAIP); no dedicated data protection law — multiple bills (Initiatives 6103, 6572, and a 2025 GDPR-modelled bill) pending in Congress
Honduras - Data & Privacy: Sectoral rules. Constitutional Habeas Data (Article 182, 1982 Constitution rev. 2013) + Law on Transparency and Access to Public Information (LTAIP, Decree 170-2006), supervised by the Instituto de Acceso a la Información Pública (IAIP)
Hungary - Data & Privacy: Comprehensive law. GDPR (Regulation (EU) 2016/679) directly applicable; Act CXII of 2011 on the Right of Informational Self-Determination and the Freedom of Information (Infotv), as substantially amended in July 2018 to align with GDPR; supervisory authority: Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH — National Authority for Data Protection and Freedom of Information)
Iceland - Data & Privacy: Comprehensive law. Act No. 90/2018 on Data Protection and Processing of Personal Data (implementing EU GDPR via EEA Agreement); supervised by Persónuvernd (Icelandic Data Protection Authority)
Iran - Data & Privacy: Sectoral rules. No comprehensive data-protection statute in force. Privacy/data is governed by scattered provisions: the Electronic Commerce Law (2004, Chapter on Protection of Personal Data), the Computer Crimes Law (2009), Constitution Art. 25, and the non-binding Citizens' Rights Charter (2016). A comprehensive 'Personal Data Protection and Safeguarding Draft Act' has been pending/stalled since 2018.
Iraq - Data & Privacy: Proposed. Draft Personal Data Protection Law (2021, not enacted); Communications and Media Commission (CMC) sector directives; 2005 Constitution Articles 17 & 40; E-Commerce Regulation No. 4/2025
Jamaica - Data & Privacy: Comprehensive law. Data Protection Act, 2020 (No. 7 of 2020), supervised by the Office of the Information Commissioner (OIC)
Jordan - Data & Privacy: Comprehensive law. Personal Data Protection Law No. 24 of 2023 (PDPL); supervised by the Data Protection Council and Data Protection Unit within the Ministry of Digital Economy and Entrepreneurship
Kazakhstan - Data & Privacy: Comprehensive law. Law of the Republic of Kazakhstan No. 94-V of 21 May 2013 'On Personal Data and Its Protection' (as amended through Law No. 211-VIII of 16 July 2025); supervised by the Ministry of Digital Development, Innovations and Aerospace Industry
Kuwait - Data & Privacy: Sectoral rules. CITRA Data Privacy Protection Regulation (Decision No. 26/2024); Electronic Transactions Law No. 20/2014; Cybercrime Law No. 63/2015. Supervisory authority: Communications and Information Technology Regulatory Authority (CITRA) — jurisdiction limited to licensed telecom/IT service providers.
Laos - Data & Privacy: Comprehensive law. Law on Electronic Data Protection No. 25/NA (12 May 2017), supervised by the Ministry of Technology and Communications (MTC)
Latvia - Data & Privacy: Comprehensive law. GDPR (EU Regulation 2016/679) directly applicable; supplemented by Latvia's Personal Data Processing Law (Fizisko personu datu apstrādes likums, in force 5 July 2018); supervised by the Data State Inspectorate (Datu valsts inspekcija – DVI)
Lebanon - Data & Privacy: Comprehensive law. Law No. 81 of 10 October 2018 on Electronic Transactions and Personal Data (Title/provisions on Personal Data); supervised in practice by the Ministry of Economy and Trade (MoET)
Lithuania - Data & Privacy: Comprehensive law. EU GDPR (Regulation 2016/679) directly applicable, supplemented by the Republic of Lithuania Law on Legal Protection of Personal Data (in force 16 July 2018); supervised by the State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija — VDAI)
Malta - Data & Privacy: Comprehensive law. GDPR (EU) 2016/679 directly applicable; Malta Data Protection Act 2018 (Chapter 586, Laws of Malta); supervised by the Information and Data Protection Commissioner (IDPC)
Mauritius - Data & Privacy: Comprehensive law. Data Protection Act 2017 (Act 20/2017), supervised by the Data Protection Office under the Data Protection Commissioner
Moldova - Data & Privacy: Comprehensive law. Law No. 133/2011 on Personal Data Protection (currently in force); superseded by Law No. 195/2024 on Personal Data Protection (applicable from 23 August 2026). Supervisory authority: National Centre for Personal Data Protection (NCPDP).
Monaco - Data & Privacy: Comprehensive law. Law No. 1.565 of 3 December 2024 on the Protection of Personal Data; supervisory authority: Autorité de Protection des Données Personnelles (APDP)
Mongolia - Data & Privacy: Comprehensive law. Law of Mongolia on Personal Data Protection (adopted 17 December 2021, in force 1 May 2022); oversight shared between the National Human Rights Commission and the Ministry of Digital Development, Innovation and Communications
Morocco - Data & Privacy: Comprehensive law. Law No. 09-08 of 18 February 2009 on the protection of individuals with regard to the processing of personal data (promulgated by Dahir 1-09-15); Implementing Decree No. 2-09-165 of 21 May 2009; supervised by the Commission Nationale de contrôle de la protection des Données à caractère Personnel (CNDP)
Mozambique - Data & Privacy: Proposed. No comprehensive data protection law in force as of May 2026. Fragmented privacy obligations exist under Law No. 3/2017 (Electronic Transactions Law), the Constitution, Civil Code, Penal Code, Labour Law, and Consumer Law. A standalone Personal Data Protection Bill (Proposta de Lei) was approved by the Council of Ministers in March 2026 and submitted to the Assembly of the Republic for final vote.
Myanmar - Data & Privacy: Sectoral rules. Sectoral patchwork: Electronic Transactions Law 2004 (amended 2021), Law Protecting the Privacy and Security of Citizens 2017 (amended 2021), Cybersecurity Law 2025, and Telecommunications Law 2013. No independent data protection authority.
Namibia - Data & Privacy: Proposed. Draft Data Protection Bill (tabled in National Assembly, September/October 2025); constitutional right to privacy under Article 13 of the Namibian Constitution; sector-specific rules under the Financial Intelligence Act 13 of 2012 and the Communications Act
Nepal - Data & Privacy: Comprehensive law. Individual Privacy Act, 2075 (2018) and the Privacy Regulation, 2077 (2020), founded on Article 28 of the Constitution of Nepal (2015), supplemented by the Electronic Transactions Act 2008 and the National Penal Code 2017
North Macedonia - Data & Privacy: Comprehensive law. Law on Personal Data Protection (LPDP) — Official Gazette of the Republic of North Macedonia Nos. 42/20, 294/21, and 101/25 — enforced by the Agency for Personal Data Protection (AZLP)
Oman - Data & Privacy: Comprehensive law. Personal Data Protection Law (Royal Decree No. 6/2022) and its Executive Regulations (Ministerial Decision No. 34/2024); supervised and enforced by the Ministry of Transport, Communications and Information Technology (MTCIT)
Pakistan - Data & Privacy: Proposed. No comprehensive data protection law in force; Personal Data Protection Bill (2023 draft, revised 2025) pending parliamentary enactment; interim sectoral coverage via Prevention of Electronic Crimes Act 2016 (as amended 2025), State Bank of Pakistan (SBP) frameworks, and Pakistan Telecommunication Authority (PTA) regulations
Panama - Data & Privacy: Comprehensive law. Law No. 81 of 26 March 2019 on Personal Data Protection (Ley 81 de Protección de Datos Personales), implemented by Executive Decree No. 285 of 28 May 2021; supervised by the Autoridad Nacional de Transparencia y Acceso a la Información (ANTAI) through its Directorate of Personal Data Protection
Papua New Guinea - Data & Privacy: Proposed. National Data Governance & Data Protection Policy 2024 (policy, not yet enacted law); supplemented by Cybercrime Code Act 2016 and Protection of Private Communications Act 1973; overseen by Department of Information and Communications Technology (DICT) and National ICT Authority (NICTA)
Paraguay - Data & Privacy: Comprehensive law. Law No. 7593/2025 'De Protección de Datos Personales en la República del Paraguay', promulgated 27 November 2025; supervised by the Agencia Nacional de Protección de Datos Personales (ANPDP) under the Ministerio de Tecnologías de la Información y Comunicación (MITIC)
Peru - Data & Privacy: Comprehensive law. Ley N° 29733 – Ley de Protección de Datos Personales (2011), as re-regulated by Supreme Decree N° 016-2024-JUS (in force 30 March 2025); supervised by the Autoridad Nacional de Protección de Datos Personales (ANPDP), under the Ministry of Justice and Human Rights
Romania - Data & Privacy: Comprehensive law. EU GDPR (Regulation 2016/679) directly applicable; national implementation via Law no. 190/2018; ePrivacy via Law no. 506/2004; supervised by ANSPDCP (Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal)
Rwanda - Data & Privacy: Comprehensive law. Law No. 058/2021 of 13/10/2021 Relating to the Protection of Personal Data and Privacy, enforced by the National Cyber Security Authority (NCSA) / Data Protection & Privacy Office (DPO)
San Marino - Data & Privacy: Comprehensive law. Law No. 171 of 21 December 2018 on the Protection of Individuals with Regard to the Processing of Personal Data; supervised by the Autorità Garante per la Protezione dei Dati Personali (Garante Privacy)
Senegal - Data & Privacy: Comprehensive law. Act No. 2008-12 of 25 January 2008 on Personal Data Protection (implemented by Decree No. 2008-721 of 30 June 2008); supervised by the Commission de Protection des Données Personnelles (CDP)
Serbia - Data & Privacy: Comprehensive law. Law on Personal Data Protection (Official Gazette of the Republic of Serbia No. 87/2018), effective 21 August 2019; supervised by the Commissioner for Information of Public Importance and Personal Data Protection (Poverenik)
Slovakia - Data & Privacy: Comprehensive law. EU GDPR (Regulation 2016/679) directly applicable; national implementation via Act No. 18/2018 Coll. on the Protection of Personal Data; supervised by the Office for Personal Data Protection of the Slovak Republic (Úrad na ochranu osobných údajov SR — UOOU)
Slovenia - Data & Privacy: Comprehensive law. EU GDPR (Regulation 2016/679) + national Personal Data Protection Act ZVOP-2 (Official Gazette of the Republic of Slovenia No. 163/22, in force 26 January 2023); supervisory authority: Information Commissioner of the Republic of Slovenia (Informacijski pooblaščenec, IP-RS)
Sri Lanka - Data & Privacy: Comprehensive law. Personal Data Protection Act, No. 9 of 2022 (as amended by Act No. 22 of 2025); supervised by the Data Protection Authority of Sri Lanka (dpa.gov.lk)
Tanzania - Data & Privacy: Comprehensive law. Personal Data Protection Act No. 11 of 2022 (PDPA), enforced by the Personal Data Protection Commission (PDPC), with subsidiary regulations issued in 2023
Trinidad and Tobago - Data & Privacy: Comprehensive law. Data Protection Act, 2011 (Chapter 22:04); supervisory authority: Office of the Information Commissioner (OIC), under the Ministry of Public Administration and Artificial Intelligence
Tunisia - Data & Privacy: Comprehensive law. Organic Law No. 2004-63 of 27 July 2004 on the Protection of Personal Data; supervised by the Instance Nationale de Protection des Données Personnelles (INPDP)
Uganda - Data & Privacy: Comprehensive law. Data Protection and Privacy Act, 2019 (Act No. 9 of 2019) and Data Protection and Privacy Regulations, 2021 (SI No. 21 of 2021); supervised by the Personal Data Protection Office (PDPO) operating under the National Information Technology Authority – Uganda (NITA-U)
Ukraine - Data & Privacy: Comprehensive law. Law of Ukraine No. 2297-VI "On Personal Data Protection" (adopted 1 June 2010, in force since 1 January 2011), supervised by the Ukrainian Parliament Commissioner for Human Rights (Ombudsman). A GDPR-aligned overhaul (Draft Law No. 8153) passed first reading on 20 Nov 2024 but is not yet enacted.
Uruguay - Data & Privacy: Comprehensive law. Ley N° 18.331 (Protección de Datos Personales y Acción de Habeas Data, 2008), as amended by Ley N° 19.670 (2018) and regulated by Decreto N° 64/020 (2020); supervised by the Unidad Reguladora y de Control de Datos Personales (URCDP), within AGESIC.
Uzbekistan - Data & Privacy: Comprehensive law. Law No. ZRU-547 'On Personal Data' (2019, as amended 2021 and March 2026); supervised by the Personalization Agency under the Ministry of Justice and Uzkomnazorat (State Inspectorate for Control in the Field of Informatization and Telecommunications)
Venezuela - Data & Privacy: Sectoral rules. No comprehensive data protection law; constitutional rights (Articles 28 & 60 CRBV) supplemented by scattered sector-specific statutes including the Special Law against Computer Crimes (2001) and the Law on Privacy Protection of Communications. No dedicated supervisory authority.
Zambia - Data & Privacy: Comprehensive law. Data Protection Act, No. 3 of 2021; supervised by the Office of the Data Protection Commissioner (ODPC) under the Ministry of Communications
Zimbabwe - Data & Privacy: Comprehensive law. Cyber and Data Protection Act, 2021 (Act No. 5 of 2021, Chapter 12:07); enforced by the Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ) as designated Data Protection Authority
Afghanistan - Data & Privacy: Sectoral rules. No comprehensive data protection law; limited sector-specific provisions in the Telecommunications Services Law (Official Gazette No. 863, 2005), the Banking Law, and the Penal Code (amended 2017); no dedicated data protection supervisory authority; Afghanistan Telecom Regulatory Authority (ATRA) handles telecom-sector complaints only
Barbados - Data & Privacy: Comprehensive law. Data Protection Act, 2019-29, enforced by the Data Protection Commission under the Ministry of Industry, Innovation, Science & Technology
Belize - Data & Privacy: Comprehensive law. Data Protection Act, 2021 (Act No. 45 of 2021), supervised by the Data Protection Commissioner (Office of the Data Protection Commissioner) with a Data Protection Tribunal for appeals
Benin - Data & Privacy: Comprehensive law. Law No. 2017-20 of 20 April 2018 (Digital Code of Benin, Book 5), as amended by Law No. 2020-35 of 6 January 2021; supervised by the Autorité de Protection des Données Personnelles (APDP)
Bhutan - Data & Privacy: Sectoral rules. Information, Communications and Media Act (ICMA) 2018 administered by Bhutan InfoComm and Media Authority (BICMA); supplemented by Royal Monetary Authority (RMA) Guidelines on Data Privacy and Data Protection 2021 (financial sector) and National Digital Identity Act 2023
Bosnia & Herzegovina - Data & Privacy: Comprehensive law. Law on Personal Data Protection of Bosnia and Herzegovina (Official Gazette of BiH, No. 12/25, 28 February 2025), supervised by the Agency for Personal Data Protection (Agencija za zaštitu ličnih/osobnih podataka — AZLP)
British Virgin Islands - Data & Privacy: Comprehensive law. Data Protection Act, 2021 (Act No. 3 of 2021), in force 9 July 2021; supervised by the Office of the Information Commissioner (appointed by the Governor of the BVI)
Burkina Faso - Data & Privacy: Comprehensive law. Law No. 001-2021/AN of 30 March 2021 on the Protection of Individuals with Regard to the Processing of Personal Data; supervised by the Commission de l'Informatique et des Libertés (CIL)
Burundi - Data & Privacy: Comprehensive law. Law No. 1/03 of 10 March 2026 on the Protection of Personal Data (Loi N°1/03 du 10 mars 2026 portant protection des données à caractère personnel), with oversight by an independent administrative authority placed under the Ministry of Digital Economy
Central African Republic - Data & Privacy: Comprehensive law. Loi No. 24.001 du janvier 2024 relative à la Protection des Données à Caractère Personnel (Law No. 24.001 on the Protection of Personal Data, January 2024); supervisory authority pending establishment under the Ministry of Digital Economy, Posts, and Telecommunications
Chad - Data & Privacy: Comprehensive law. Act No. 007/PR/2015 on the Protection of Personal Data (10 February 2015), implemented by Decree No. 075/PR/2019 (21 January 2019); supervised by the Agence Nationale de Sécurité Informatique et de Certification Électronique (ANSICE)
Congo - Data & Privacy: Comprehensive law. Loi n° 29-2019 du 10 octobre 2019 portant protection des données à caractère personnel; supervisory authority: Commission Nationale de Protection des Données à Caractère Personnel (CNPD)
Djibouti - Data & Privacy: Comprehensive law. Digital Code (Code Numérique), adopted 30 June 2025 by the National Assembly; personal data supervised by the Commission Nationale de Protection des Données Personnelles (CNDP)
DR Congo - Data & Privacy: Comprehensive law. Ordonnance-loi n° 23/010 du 13 mars 2023 portant Code du Numérique (Digital Code); supervisory functions temporarily held by ARPTIC pending formal establishment of the dedicated Autorité de Protection des Données (APD)
Equatorial Guinea - Data & Privacy: Comprehensive law. Law No. 1/2016 on the Protection of Personal Data (Ley No. 1/2016 de Protección de Datos Personales), enacted 22 July 2016; supervisory authority: Órgano Rector de Protección de Datos Personales (established by law but not yet operational as of 2026)
Eritrea - Data & Privacy: No framework. No data protection law exists; the sole relevant protection is Article 18 of the 1997 Constitution (general right to privacy). No dedicated supervisory authority.
eSwatini - Data & Privacy: Comprehensive law. Data Protection Act No. 5 of 2022 (gazetted 4 March 2022); supervisory authority: Eswatini Communications Commission (ESCCOM), operating as the Eswatini Data Protection Authority (EDPA)
Gabon - Data & Privacy: Comprehensive law. Law No. 001/2011 on the Protection of Personal Data (as amended by Law No. 025/2023 of 9 July 2023); supervisory authority: Autorité pour la Protection des Données Personnelles et de la Vie Privée (APDPVP)
Gambia - Data & Privacy: Comprehensive law. Personal Data Protection and Privacy Act, 2025 (PDPP); supervised by the Information Commission (established under the Access to Information Act, 2021)
Greenland - Data & Privacy: Comprehensive law. Greenland Personal Data Act (Inatsisartutlov om behandling af personoplysninger), in force 1 December 2016; no dedicated supervisory authority — Danish Data Protection Agency (Datatilsynet) plays an oversight role for matters under Danish jurisdiction
Guinea - Data & Privacy: Comprehensive law. Law No. L/2016/037/AN on Cybersecurity and Protection of Personal Data (28 July 2016); ARPT (Autorité de Régulation des Postes et Télécommunications) as interim regulator; APDP (Autorité de Protection des Données Personnelles) under legislative creation
Guinea-Bissau - Data & Privacy: Proposed. No enacted national data protection law; constitutional privacy provisions (Articles 34 and 38 of the Constitution); ECOWAS Supplementary Act A/SA.1/01/10 on Personal Data Protection (2010) applies regionally; draft national data protection law under preparation; no dedicated supervisory authority established
Guyana - Data & Privacy: Comprehensive law. Data Protection Act 18 of 2023 (Act No. 18 of 2023), supervised by the Data Protection Commissioner under the Data Protection Office
Haiti - Data & Privacy: Sectoral rules. Scattered criminal-law provisions in the 2020 Haitian Penal Code (Articles 437–442 and 981–984) and a 2018 executive Arrêté on personal-data rules; no standalone comprehensive data-protection statute; no dedicated supervisory authority
Isle of Man - Data & Privacy: Comprehensive law. Data Protection Act 2018 (Isle of Man) + GDPR and LED Implementing Regulations 2018, supervised by the Isle of Man Information Commissioner
Jersey - Data & Privacy: Comprehensive law. Data Protection (Jersey) Law 2018 & Data Protection Authority (Jersey) Law 2018, supervised by the Jersey Office of the Information Commissioner (JOIC)
Kyrgyzstan - Data & Privacy: Comprehensive law. Law of the Kyrgyz Republic 'On Personal Information' (No. 58, 2008, as amended 2021/2022); supplemented by the Digital Code (signed 2025, in force ~December 2025). Supervised by the State Agency for Personal Data Protection under the Cabinet of Ministers (dpa.gov.kg), established January 2022.
Lesotho - Data & Privacy: Comprehensive law. Data Protection Act, 2012 (Act No. 5 of 2012) — Data Protection Commission (established by the Act but not yet appointed)
Liberia - Data & Privacy: Proposed. No dedicated data protection law in force; bill titled 'An Act for the Collection, Processing, Transmission, Storage, Protection, and Use of Personal Information in Liberia' under legislative committee review since June 2025; limited privacy provisions exist in the Constitution (Art. 16), the Electronic Transactions Law (2002), and telecoms regulation by the Liberia Telecommunications Authority
Libya - Data & Privacy: Sectoral rules. No dedicated data-protection law or supervisory authority; personal-data obligations derive from Law No. 6/2022 on Electronic Transactions, Law No. 5/2022 on Combating Cybercrimes, the 2011 Constitutional Declaration (Arts. 12–13), the Penal Code (1953), and NISSA (cybersecurity regulator).
Madagascar - Data & Privacy: Comprehensive law. Law No. 2014-038 of 9 January 2015 on the Protection of Personal Data; supervised by the Commission Malagasy de l'Informatique et des Libertés (CMIL), established by Decree No. 2023-1541 of 6 December 2023
Malawi - Data & Privacy: Comprehensive law. Data Protection Act 2024 (in force 3 June 2024); supervised by the Data Protection Authority (DPA), established under the Act and supported by MACRA
Maldives - Data & Privacy: Comprehensive law. Personal Data Protection Act (enacted ~2025), superseding the limited Data Protection Act 2017; Data Protection Authority (DPA) established under the National Centre for Information Technology (NCIT)
Mali - Data & Privacy: Comprehensive law. Law No. 2013-015 of 21 May 2013 on the Protection of Personal Data (as amended by Law No. 2017-070 of 18 December 2017), supervised by the Autorité de Protection des Données à caractère Personnel (APDP)
Mauritania - Data & Privacy: Comprehensive law. Law No. 2017-020 of 22 July 2017 on the Protection of Personal Data, enforced by the Autorité de Protection des Données à Caractère Personnel (APD)
Montenegro - Data & Privacy: Comprehensive law. Law on Personal Data Protection (Official Gazette of Montenegro No. 13/2023, amended No. 77/2024), supervised by the Agency for Personal Data Protection and Free Access to Information (AZLP)
New Caledonia - Data & Privacy: Comprehensive law. French Loi Informatique et Libertés (as extended to New Caledonia by Ordonnance n°2018-1125 of 12 December 2018, in force from 1 June 2019), incorporating GDPR standards; supervised by the CNIL (Commission Nationale de l'Informatique et des Libertés)
Nicaragua - Data & Privacy: Comprehensive law. Law No. 787 – Personal Data Protection Law (2012) and its implementing Decree No. 36-2012; supervisory authority: Directorate for the Protection of Personal Data (DIPRODAP) under the Ministry of Finance and Public Credit (not yet operationally constituted)
Niger - Data & Privacy: Comprehensive law. Law No. 2022-59 of 16 December 2022 on the Protection of Personal Data (as amended by Law No. 2023-31 of 4 July 2023 and Ordinances 2024-16 and 2024-29), enforced by the Haute Autorité de Protection des Données à Caractère Personnel (HAPDP)
North Korea - Data & Privacy: No framework. No comprehensive or sectoral personal-data protection law. The DPRK Constitution nominally guarantees privacy of correspondence (Art. 17 'inviolability of the person and the home and privacy of correspondence'), but there is no data-protection statute, no data-subject rights regime, and no independent supervisory authority. State practice is governed instead by control/surveillance laws (Law on Protection of State Secrets; the 2020 Law on Rejecting Reactionary Ideology and Culture) enforced by the Ministry of State Security.
Palestine - Data & Privacy: Proposed. No comprehensive personal-data-protection law in force. A 'Personal Data Protection Law by Decree' has been in draft since a committee was formed in 2016; the version under review (third reading) is dated 15 June 2022 and has not been enacted. In the interim, privacy is protected constitutionally by Article 32 of the 2003 Amended Basic Law and partially via the 2018 Cybercrime Law by Decree (No. 10 of 2018).
Puerto Rico - Data & Privacy: Sectoral rules. Sectoral regime anchored by Act No. 111 of 2005 (Citizen Information on Data Banks Security Act, 10 LPRA §§ 4051-4055), enforced by the Puerto Rico Department of Consumer Affairs (DACO), layered on the constitutional right to privacy (Art. II, §8) and sector-specific statutes; a comprehensive GDPR/CCPA-style bill has been proposed but is not in force.
Seychelles - Data & Privacy: Comprehensive law. Data Protection Act, 2023 (Act 24 of 2023), enforced by the Information Commission (Seychelles)
Sierra Leone - Data & Privacy: Proposed. No comprehensive personal-data protection law is in force. The Data Protection and Right to Access Information Bill, 2025 (which would create a single independent regulator for both data protection and access to information) completed national validation in November 2025 and is progressing toward Cabinet and Parliament. Only fragmentary sectoral provisions (Telecommunications Act 2006; Cyber Security and Crime Act 2021) currently touch on personal data.
Solomon Islands - Data & Privacy: Sectoral rules. No comprehensive data-protection statute. Personal data is governed only by sector-specific provisions — chiefly the confidentiality/consent obligations on telecom providers in the Telecommunications Act 2009 (ss.72-74) — while a comprehensive Data Protection and Privacy bill is being drafted by the Ministry of Communication and Aviation with UNCTAD/UNCDF support.
Somalia - Data & Privacy: Comprehensive law. Data Protection Act, 2023 (Law No. 005 of 2023), enforced by the Somali Data Protection Authority (DPA)
South Sudan - Data & Privacy: No framework. No comprehensive personal-data protection law. Privacy rests on Article 22 of the Transitional Constitution (2011); related rules appear in the Right of Access to Information Act (2013) and the Cybercrime and Computer Misuse Act (signed 2026). No data-protection supervisory authority exists; a dedicated Data Protection Bill is announced for 2026.
Sudan - Data & Privacy: Sectoral rules. No comprehensive personal-data protection law. Privacy is protected at a high level by Article 54 of the 2019 Constitutional Charter, with data-adjacent provisions scattered across sectoral statutes (Electronic Transactions Act 2007, Cybercrime/Information Technology Crime Act 2007, and the 2020 Cybercrime amendment). A draft Data Protection Bill (c. 2018) was never enacted, and there is no dedicated data-protection authority.
Suriname - Data & Privacy: Proposed. No comprehensive data-protection statute is in force. Personal-data protection currently rests only on the general constitutional right to privacy (Article 17 of the 1987 Constitution). A draft 'Wet Bescherming Privacy en Persoonsgegevens' (Ontwerpwet Bescherming Privacy en Persoonsgegevens) is pending before the National Assembly (De Nationale Assemblée, DNA).
Syria - Data & Privacy: Comprehensive law. Electronic Personal Data Protection Law, Law No. 12 of 2024 (issued June 2024, in effect January 2025); remains in force under the post-Assad transitional government.
Tajikistan - Data & Privacy: Comprehensive law. Law of the Republic of Tajikistan No. 1537 of 3 August 2018 "On Personal Data Protection," supplemented by subsidiary acts of the Communication Service (Aloqa) under the Government of the Republic of Tajikistan, which acts as the state authorized body.
Timor-Leste - Data & Privacy: No framework. No dedicated personal-data protection law. Privacy rests on constitutional guarantees — Articles 36, 37 and 38 of the 2002 Constitution of the Democratic Republic of Timor-Leste — supplemented by scattered statutory provisions. No data protection authority exists.
Togo - Data & Privacy: Comprehensive law. Loi n° 2019-014 du 29 octobre 2019 relative à la protection des données à caractère personnel, supervised by the Instance de Protection des Données à Caractère Personnel (IPDCP)
Turkmenistan - Data & Privacy: Comprehensive law. Law of Turkmenistan No. 519-V 'On Information about Private Life and its Protection' (adopted 20 March 2017, in force 1 July 2017), supplemented by Article 38 of the Constitution
Vanuatu - Data & Privacy: Comprehensive law. Data Protection and Privacy Act No. 13 of 2024 (in force 2 January 2025), supervised by the Commissioner/Deputy Commissioner of Data Protection and Privacy under the Digital Safety Authority Act No. 15 of 2024.
Yemen - Data & Privacy: No framework. No comprehensive personal-data protection law and no data-protection authority. Privacy is addressed only incidentally via the Constitution (confidentiality of correspondence/communications), the Telecommunications Law, the 2010 Electronic Transactions Law, and a single clause in Law No. 13 of 2012 on the Right of Access to Information.
Antigua and Barbuda - Data & Privacy: Comprehensive law. Data Protection Act, 2013 (No. 10 of 2013), enforced by the Information Commissioner of Antigua and Barbuda
Cape Verde - Data & Privacy: Comprehensive law. Law 133/V/2001 (Data Protection Act, as amended by Law 41/VIII/2013 and Law 121/IX/2021); supervisory authority: Comissão Nacional de Proteção de Dados (CNPD)
Comoros - Data & Privacy: Comprehensive law. Law of 26 June 2014 on the Protection of Personal Data (Loi du 26 juin 2014 portant protection des données à caractère personnel); supplemented by Electronic Communications Law No. 14-031/AU (2014, amended 2024) and Cybersecurity Law 21-012/AU (2021). Supervisory body: National Authority for the Protection of Personal Data (ANPDP) — established in law but not yet operational.
Dominica - Data & Privacy: No framework. No comprehensive or sector-specific data protection law; privacy grounded in Section 9 of the Constitution of Dominica and the Electronic Evidence Act 2010. No dedicated supervisory authority exists.
Grenada - Data & Privacy: Comprehensive law. Data Protection Act, No. 1 of 2023; supervised by the Information Commission
Kiribati - Data & Privacy: Comprehensive law. Data Protection Act 2025; enforced by the Digital Transformation Office (DTO) under the Ministry of Information, Communications and Transport (MICT)
Marshall Islands - Data & Privacy: Sectoral rules. Personal Data Protection Act 2025 (P.L. 2025-43), enacted by the Nitijela (RMI Parliament); applies only to core Government ministries and agencies and is administered by a designated 'competent authority'. No comprehensive private-sector data protection law exists.
Micronesia - Data & Privacy: Sectoral rules. FSM Code Title 21, §§349–350 (Telecommunications Confidentiality); no dedicated data-protection authority; Personal Data Protection Act of 2025 pending before FSM Congress
Nauru - Data & Privacy: Sectoral rules. No comprehensive data-protection law. Sector-specific provisions exist under the Communications and Broadcasting Act 2018 (subscriber-data confidentiality) and the Cybercrime Act 2015 (data-interference offences). No dedicated data-protection supervisory authority.
Palau - Data & Privacy: unclear.
Saint Kitts and Nevis - Data & Privacy: Proposed. Data Protection Act 2018 (passed but not yet in force); Electronic Crimes Act 2009 (operative, limited scope); no active supervisory authority established
Saint Lucia - Data & Privacy: Comprehensive law. Data Protection Act, Cap. 8.18 (enacted 2011, amended 2015, partially in force January 2023, fully in force 1 January 2025) — supervised by the Data Protection Commissioner, Saint Lucia
Saint Vincent and the Grenadines - Data & Privacy: Proposed. Privacy Act No. 17 of 2003 (enacted but never commenced); Cybercrime Act 2016 (in force, tangential protections); no active supervisory authority
Samoa - Data & Privacy: Sectoral rules. No comprehensive data-protection law; sector-specific provisions under the National Digital Identification Act 2024, the Information and Communications Technology Act 2008, and the Crimes Act 2013; no dedicated data-protection supervisory authority confirmed
Sao Tome and Principe - Data & Privacy: Comprehensive law. Law No. 03/2016 on the Protection of Personal Data (Lei de Protecção de Dados Pessoais), supervised by the Agência Nacional de Protecção de Dados Pessoais (ANPDP), established by Law No. 07/2017
Tonga - Data & Privacy: Comprehensive law. Privacy Act 2025 (Act 34 of 2025), supervised by the Privacy Commission; complemented by the Personal Health Information Protection Act 2025
Tuvalu - Data & Privacy: No framework. No dedicated data protection or privacy law enacted; general privacy commitment stated on official legislation website; aspirational data protection goals outlined in the National ICT Policy 2024
Argentina - Digital Payments & Fintech: Licensing regime. Banco Central de la República Argentina (BCRA) is the lead regulator. Payment Service Providers (PSPs) must register in the BCRA's 'Registro de Proveedores de Servicios de Pago' (introduced by Comunicaciones 'A' 6859/6885, 2020, ordered text 't-snp-psp'). Open Finance was created by Decree 353/2025 with the BCRA as implementing authority.
Australia - Digital Payments & Fintech: Licensing regime. Corporations Act 2001 (AFS licensing via ASIC) and Payment Systems (Regulation) Act 1998 (RBA oversight), with APRA prudential supervision of stored-value facilities, AUSTRAC AML/CTF registration, and the National Consumer Credit Protection Act for BNPL. Currently being modernised by the Treasury Laws Amendment (Payments System Modernisation) Act 2025 and a forthcoming activity-based PSP licensing regime.
Austria - Digital Payments & Fintech: Licensing regime. Payment Services Act 2018 (ZaDiG 2018, transposing PSD2), E-Money Act 2010 (E-Geldgesetz 2010) and the Banking Act (BWG); crypto under EU MiCA. Supervised by the Financial Market Authority (FMA), with the Oesterreichische Nationalbank (OeNB) handling payment-system oversight.
Bahrain - Digital Payments & Fintech: Licensing regime. Central Bank of Bahrain (CBB) under the Central Bank of Bahrain and Financial Institutions Law 2006, implemented via the CBB Rulebook — notably the Payment Service Provider (PSP) framework and Volume 5 (Specialised Licensees / Ancillary Service Providers), plus the Bahrain Open Banking Framework.
Belgium - Digital Payments & Fintech: Licensing regime. EU PSD2 (Directive 2015/2366) and the e-Money Directive (2009/110/EC), transposed by the Belgian Act of 11 March 2018 and codified in Book VII of the Code of Economic Law; supervised principally by the National Bank of Belgium (NBB, prudential) and the FSMA (conduct). Crypto-asset services fall under EU MiCA (Reg. 2023/1114), implemented by the Act of 11 December 2025.
Bermuda - Digital Payments & Fintech: Licensing regime. Bermuda Monetary Authority (BMA) under the Money Service Business Act 2016 (payments/remittance/e-money-type services) and the Digital Asset Business Act 2018 plus Digital Asset Issuance Act 2020 (crypto/fintech); a modernising Payment Services Act is proposed.
Brazil - Digital Payments & Fintech: Licensing regime. Law No. 12,865/2013 (which authorizes the Banco Central do Brasil to regulate retail payments), implemented through CMN/BCB resolutions and circulars. The Banco Central do Brasil (BCB), under the National Monetary Council (CMN), licenses and supervises payment institutions, runs the Pix instant-payment rail, and governs Open Finance.
Canada - Digital Payments & Fintech: Licensing regime. Retail Payment Activities Act (RPAA), supervised by the Bank of Canada (PSP registration in force since 8 Sept 2025); plus FINTRAC registration under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) for money services businesses, and the new Consumer-Driven Banking Act for open banking.
Cayman Islands - Digital Payments & Fintech: Licensing regime. Money Services Act (2024 Revision), administered and supervised by the Cayman Islands Monetary Authority (CIMA); virtual-asset payment activity additionally falls under the Virtual Asset (Service Providers) Act (2024 Revision).
China - Digital Payments & Fintech: Licensing regime. Regulations on the Supervision and Administration of Non-bank Payment Institutions (State Council Decree, effective 1 May 2024) plus PBOC implementing rules; the People's Bank of China (PBOC) is the licensing and supervisory authority, issuing Payment Services Permits.
Denmark - Digital Payments & Fintech: Licensing regime. Danish Payments Act ('Lov om betalinger') implementing PSD2 and the E-Money Directive (EMD2), supervised by Finanstilsynet (Danish FSA); EU MiCA applies to crypto-asset services. BNPL/consumer credit governed by the Consumer Loan Undertakings Act and Credit Agreements Act.
Egypt - Digital Payments & Fintech: Licensing regime. Central Bank & Banking System Law No. 194 of 2020 (CBE) for payments/e-money, with detailed PSO/PSP licensing rules issued June 2025; plus Non-Banking Financial Technology Law No. 5 of 2022 (Financial Regulatory Authority) for consumer-finance/BNPL fintech.
Finland - Digital Payments & Fintech: Licensing regime. Finnish Payment Institutions Act (Act on Payment Institutions 297/2010) and Payment Services Act, implementing EU PSD2/EMD2; supervised and licensed by Finanssivalvonta (FIN-FSA / Financial Supervisory Authority). Crypto-asset services under EU MiCA via the national CASP and Crypto-Asset Market Act.
France - Digital Payments & Fintech: Licensing regime. EU baseline (PSD2 / e-money Directive, MiCA, SEPA Instant Payments Regulation 2024/886, Consumer Credit Directive 2023/2225) implemented in the French Code monétaire et financier. The ACPR (part of Banque de France) authorises and supervises payment institutions (établissements de paiement) and e-money institutions (établissements de monnaie électronique); the AMF licenses crypto-asset service providers (CASPs) under MiCA, with ACPR competent for asset-referenced/e-money token issuers.
Germany - Digital Payments & Fintech: Licensing regime. Payment Services Supervision Act (Zahlungsdiensteaufsichtsgesetz, ZAG) implementing PSD2, supervised by BaFin with the Deutsche Bundesbank; supplemented by the EU MiCA framework (transposed via FinmadiG/KMAG) for crypto-assets and the directly-applicable EU Instant Payments Regulation (2024/886).
Gibraltar - Digital Payments & Fintech: Licensing regime. Financial Services Act 2019, with the Financial Services (Payment Services) Regulations 2020 and the Financial Services (Electronic Money) Regulations 2020, supervised by the Gibraltar Financial Services Commission (GFSC).
Hong Kong - Digital Payments & Fintech: Licensing regime. Payment Systems and Stored Value Facilities Ordinance (Cap. 584, PSSVFO), administered by the Hong Kong Monetary Authority (HKMA); supplemented by the Stablecoins Ordinance (in force 1 Aug 2025) and the HKMA Open API Framework.
India - Digital Payments & Fintech: Licensing regime. Payment and Settlement Systems Act, 2007 (PSS Act), administered by the Reserve Bank of India (RBI); from 9 May 2025 authorisation/regulation sits with the new Payments Regulatory Board (PRB) under Section 3. NPCI operates UPI/retail rails; AA open-banking is governed by RBI's NBFC-Account Aggregator Directions.
Indonesia - Digital Payments & Fintech: Licensing regime. Dual-regulator regime: Bank Indonesia (BI) licenses payment service providers and e-money under the Payment System Law (UU 4/2023) and PBI No. 23/6/PBI/2021; the Financial Services Authority (OJK) licenses fintech lending and BNPL under POJK No. 40/2024 and POJK No. 32/2025, plus the ITSK innovation regime under POJK No. 3/2024.
Ireland - Digital Payments & Fintech: Licensing regime. Central Bank of Ireland is the national competent authority. Payment Institutions are authorised under the European Communities (Payment Services) Regulations 2018 (transposing PSD2); E-Money Institutions under the European Communities (Electronic Money) Regulations 2011 (EMD2). Crypto-asset firms are authorised under the EU Markets in Crypto-Assets Regulation (MiCAR); BNPL/retail credit under the Consumer Protection (Regulation of Retail Credit and Credit Servicing Firms) Act 2022.
Israel - Digital Payments & Fintech: Licensing regime. Regulation of Payment Services and Payment Initiation Law (enacted 2023, in force 6 June 2024), supervised by the Israel Securities Authority (ISA) for most payment/initiation service providers, with the Bank of Israel retaining authority over systemically important payment service providers; complemented by the Financial Information Services Law (2021) for open banking.
Italy - Digital Payments & Fintech: Licensing regime. PSD2 transposed by Legislative Decree 218/2017 (amending the Consolidated Banking Act, TUB); Banca d'Italia is the competent authority for authorising and supervising payment institutions (IP) and e-money institutions (IMEL). EU baselines (PSD2, Instant Payments Regulation (EU) 2024/886, MiCA via D.Lgs. 129/2024, CCD2 via the 2025 implementing decree) apply on top of national rules.
Japan - Digital Payments & Fintech: Licensing regime. Payment Services Act (PSA, 資金決済法) administered by the Financial Services Agency (FSA), with deferred-payment/BNPL credit governed by the Installment Sales Act (METI) and bank-API access under the Banking Act.
Kenya - Digital Payments & Fintech: Licensing regime. National Payment System Act, 2011 and the National Payment System Regulations, 2014, administered by the Central Bank of Kenya (CBK); complemented by the E-Money Regulations 2013 and the Central Bank of Kenya (Digital Credit Providers) Regulations 2022.
Liechtenstein - Digital Payments & Fintech: Licensing regime. EEA-harmonised regime supervised by the Financial Market Authority (FMA). Payment services and e-money under the Payment Services Act (Zahlungsdienstegesetz, implementing PSD2 (EU) 2015/2366) and the E-Money Act (implementing 2009/110/EC); crypto-assets under the EEA-MiCA Implementation Act (EWR-MiCA-DG, in force 1 Feb 2025) alongside the Token and TT Service Provider Act (TVTG / 'Blockchain Act'); consumer credit/BNPL under the Konsumkreditgesetz (KKG).
Luxembourg - Digital Payments & Fintech: Licensing regime. Law of 10 November 2009 on payment services (transposing PSD2 / EMD2), supervised by the Commission de Surveillance du Secteur Financier (CSSF); complemented by EU Regulations MiCA (crypto-assets, with CSSF designated as competent authority by the Law of 6 February 2025) and the Instant Payments Regulation (EU) 2024/886.
Malaysia - Digital Payments & Fintech: Licensing regime. Financial Services Act 2013 (FSA) and Islamic Financial Services Act 2013 (IFSA), administered by Bank Negara Malaysia (BNM); Consumer Credit Act 2025 (BNPL) under the Consumer Credit Oversight Board (CCOB)
Mexico - Digital Payments & Fintech: Licensing regime. Ley para Regular las Instituciones de Tecnología Financiera ('Ley Fintech', published 9 March 2018), implemented via secondary regulations issued by the CNBV, Banco de México (Banxico) and SHCP. The CNBV authorizes Financial Technology Institutions (ITF), with Banxico operating the payment rails.
Netherlands - Digital Payments & Fintech: Licensing regime. EU PSD2 (Directive 2015/2366) transposed into the Wet op het financieel toezicht (Wft), supervised by De Nederlandsche Bank (DNB); MiCA (Regulation (EU) 2023/1114) for crypto-assets supervised mainly by the Autoriteit Financiële Markten (AFM); plus the EU Instant Payments Regulation and CCD II for BNPL.
New Zealand - Digital Payments & Fintech: Partial. No dedicated payments/e-money licence. Payment & fintech firms fall under general financial-services law — the Financial Markets Conduct Act 2013 and Non-bank Deposit Takers Act 2013 (FMA conduct + Reserve Bank of New Zealand prudential 'twin peaks'), the AML/CFT Act, the Credit Contracts and Consumer Finance Act (BNPL), and the Customer and Product Data Act 2025 (open banking accreditation via MBIE).
Nigeria - Digital Payments & Fintech: Licensing regime. Central Bank of Nigeria (CBN) under the CBN Act 2007 and BOFIA 2020, operationalized through the 2020 'Circular on New License Categorizations for the Nigerian Payments System' and supporting guidelines; digital consumer lending/BNPL additionally regulated by the Federal Competition and Consumer Protection Commission (FCCPC).
Norway - Digital Payments & Fintech: Licensing regime. Financial Institutions Act (Finansforetaksloven, Act of 10 April 2015 No. 17) and accompanying Payment Services regulations implementing EU PSD2, supervised by Finanstilsynet (Financial Supervisory Authority of Norway), with the private-law side governed by the Financial Contracts Act (finansavtaleloven).
Philippines - Digital Payments & Fintech: Licensing regime. Bangko Sentral ng Pilipinas (BSP) is the lead regulator under the National Payment Systems Act (Republic Act No. 11127, 2018) and BSP Circular No. 1049, with Electronic Money Issuer rules in the Manual of Regulations (Sec. 702 / Circular No. 1166, 2023) and the Open Finance Framework (Circular No. 1122, 2021); consumer lending/BNPL falls under the SEC via the Lending Company Regulation Act (RA 9474) and Financing Company Act (RA 8556).
Poland - Digital Payments & Fintech: Licensing regime. Polish Act of 19 August 2011 on Payment Services (implementing PSD2 and EMD2), supervised by the Polish Financial Supervision Authority (KNF), with NBP overseeing payment-system infrastructure. EU baseline: PSD2, plus MiCA for crypto-assets (national implementing law still pending as of May 2026).
Portugal - Digital Payments & Fintech: Licensing regime. EU PSD2 transposed by Decree-Law No. 91/2018 (the RJSPME — Legal Framework for Payment Services and Electronic Money), supervised by Banco de Portugal; MiCA Regulation (EU) 2023/1114 implemented nationally (in force July 2026) with Banco de Portugal and CMVM as joint national competent authorities.
Qatar - Digital Payments & Fintech: Licensing regime. Qatar Central Bank (QCB) Payment Services Regulation (Circular No. 23 of 2021, in force 15 Sept 2021), supplemented by QCB's BNPL Regulations (2023), Digital Banks framework (2024) and Information & Cyber Security Regulation for PSPs; the Qatar Financial Centre Regulatory Authority (QFCRA) runs a parallel regime in the QFC free zone.
Russia - Digital Payments & Fintech: Licensing regime. Federal Law No. 161-FZ 'On the National Payment System' (2011), administered and supervised by the Bank of Russia (Central Bank of the Russian Federation), supplemented by the 2025 installment-services (BNPL) law and the digital-ruble legislation.
Saudi Arabia - Digital Payments & Fintech: Licensing regime. Law of Payments and Payment Services (Royal Decree No. M/26, 1443H) and its Implementing Regulations (in force 13 June 2023), administered by the Saudi Central Bank (SAMA), which is the sole licensing and supervisory authority for payment systems and payment service providers.
Singapore - Digital Payments & Fintech: Licensing regime. Payment Services Act 2019 (PS Act), administered by the Monetary Authority of Singapore (MAS); digital token services additionally regulated under the Financial Services and Markets Act 2022 (DTSP regime, effective 30 June 2025).
South Africa - Digital Payments & Fintech: Partial. National Payment System Act 78 of 1998 (SARB as overseer/regulator of the National Payment System); crypto asset service providers licensed by the FSCA under the Financial Advisory and Intermediary Services (FAIS) Act. A dedicated activity-based licensing regime for non-bank payment institutions / e-money issuers is in draft (Exemption Notice + Directive, March 2025) and not yet in force.
South Korea - Digital Payments & Fintech: unclear. Electronic Financial Transactions Act (EFTA, 2006/eff. 2007, as amended) administered by the Financial Services Commission (FSC) with supervision by the Financial Supervisory Service (FSS); retail/instant-payment rails operated by the Korea Financial Telecommunications & Clearings Institute (KFTC); the Bank of Korea oversees payment & settlement systems.
Spain - Digital Payments & Fintech: Licensing regime. Royal Decree-Law 19/2018 (PSD2 transposition) and Royal Decree 736/2019 for payment institutions; Law 21/2011 + RD 778/2012 for electronic money institutions; supervised by Banco de España. EU MiCA (Reg. 2023/1114) for crypto-assets, with CNMV as lead competent authority and Banco de España for EMT/ART issuers.
Sweden - Digital Payments & Fintech: Licensing regime. Payment Services Act (SFS 2010:751, last amended SFS 2025:253), Electronic Money Act (SFS 2011:755), Consumer Credit Act (2010:1846) implementing EU PSD2/EMD2; competent authority: Finansinspektionen (FI); Riksbank oversees payments infrastructure and statistics
Switzerland - Digital Payments & Fintech: Licensing regime. Banking Act (BankG) / Banking Ordinance (BankV) — FinTech licence issued by FINMA; Financial Institutions Act (FinIA/FINIG) reform (consultation 2025–2026); SIC instant-payment rail operated by SIX under Swiss National Bank oversight
Taiwan - Digital Payments & Fintech: Licensing regime. Act Governing Electronic Payment Institutions (amended effective 1 July 2021); Banking Bureau of the Financial Supervisory Commission (FSC) as regulator
Thailand - Digital Payments & Fintech: Licensing regime. Payment Systems Act B.E. 2560 (2017), administered by the Bank of Thailand (BOT); Ministry of Finance issues designated payment service licenses on BOT recommendation
Turkey - Digital Payments & Fintech: Licensing regime. Law No. 6493 on Payment and Securities Settlement Systems, Payment Services and Electronic Money Institutions (2013, as amended); supervised by the Central Bank of the Republic of Türkiye (CBRT/TCMB) for payment/e-money, and the Capital Markets Board (SPK/CMB) for crypto assets
UAE - Digital Payments & Fintech: Licensing regime. Federal Decree-Law No. 6 of 2025 on the Central Bank (effective 16 September 2025), consolidated with the Retail Payment Services and Card Schemes Regulation (RPSCS, 2021); regulated by the Central Bank of the UAE (CBUAE) on mainland, with the DFSA (DIFC) and FSRA (ADGM) governing free-zone fintech.
United Kingdom - Digital Payments & Fintech: Licensing regime. Payment Services Regulations 2017 (SI 2017/752) and Electronic Money Regulations 2011 (SI 2011/99), administered by the Financial Conduct Authority (FCA); payment systems oversight by the Payment Systems Regulator (PSR), pending absorption into FCA
United States - Digital Payments & Fintech: Licensing regime. State-level Money Transmitter Licenses (MTLs) + Federal FinCEN MSB Registration; OCC national/special-purpose bank charters; Bank Secrecy Act (BSA); Dodd-Frank Act §1033 (open banking, under revision)
Vietnam - Digital Payments & Fintech: Licensing regime. State Bank of Vietnam (SBV) under the Law on Credit Institutions 2024 and Decree No. 52/2024/ND-CP on non-cash payments (in force 1 July 2024), implemented by Circular 40/2024/TT-NHNN as amended by Circular 41/2025/TT-NHNN; Decree 94/2025/ND-CP establishes a fintech regulatory sandbox.
Albania - Digital Payments & Fintech: Licensing regime. Law 'On Payment Services' (PSD2-aligned); Regulation 59/2021 on licensing of Payment Institutions and Electronic Money Institutions; supervised by the Bank of Albania
Algeria - Digital Payments & Fintech: Licensing regime. Bank of Algeria (Banque d'Algérie) under Monetary & Banking Law No. 23-09 (21 June 2023), with Règlement n° 25-02 (14 April 2025) and Instruction n° 06-2025 (17 August 2025) for Payment Service Providers, and Règlement n° 24-04 (13 October 2024) for digital banks
Andorra - Digital Payments & Fintech: Licensing regime. Law 8/2018 of 17 May on payment services and electronic money (the Andorran transposition of EU PSD2 and the E-Money Directive), supervised and licensed by the Andorran Financial Authority (Autoritat Financera Andorrana, AFA), under the EU–Andorra Monetary Agreement.
Angola - Digital Payments & Fintech: Licensing regime. Law no. 40/20 of 16 December — Payment System of Angola (Lei do Sistema de Pagamentos de Angola, LSPA), supervised by the Banco Nacional de Angola (BNA), supplemented by the Financial Institutions Basic Law and BNA notices (Aviso 07/2017 on payment services and Aviso 07/2018 on authorisation of non-banking financial institutions).
Armenia - Digital Payments & Fintech: Licensing regime. Law of the Republic of Armenia on Payment Systems and Payment Organizations (HO-150, 21 Dec 2004, as amended); CBA Regulations 17/01–17/03 (payment org licensing), 16/1–16/2 (e-money); supervised by the Central Bank of Armenia (CBA)
Azerbaijan - Digital Payments & Fintech: Licensing regime. Law No. 987-VIQ 'On Payment Services and Payment Systems' (adopted 14 July 2023, in force 9 November 2023), administered and supervised by the Central Bank of the Republic of Azerbaijan (CBAR)
Bahamas - Digital Payments & Fintech: Licensing regime. Payment Systems Act 2012 & Payment Instruments (Oversight) Regulations 2017 (Central Bank of The Bahamas); Digital Assets and Registered Exchanges Act 2024 (Securities Commission of The Bahamas)
Bangladesh - Digital Payments & Fintech: Licensing regime. Bangladesh Bank (central bank), Payment Systems Department — Payment and Settlement Systems Act, 2024; Bangladesh Payment and Settlement Systems Regulations, 2014 (BPSSR-2014); and the Bangladesh Mobile Financial Services (MFS) Regulations, 2022.
Belarus - Digital Payments & Fintech: Licensing regime. Law of the Republic of Belarus No. 164-Z of 19 April 2022 "On Payment Systems and Payment Services" (in force from August 2022), administered by the National Bank of the Republic of Belarus (NBRB), which maintains the Registry of Payment Service Providers; e-money issuance is governed by separate NBRB banking regulation.
Bolivia - Digital Payments & Fintech: Licensing regime. Ley N° 393 de Servicios Financieros + Decreto Supremo N° 5384 (7 May 2025) and ASFI Resolution ASFI/540/2025 (Reglamento para Empresas de Tecnología Financiera), with BCB's Reglamento de Servicios de Pago e Instrumentos Electrónicos de Pago; supervised by ASFI and the Banco Central de Bolivia (BCB).
Botswana - Digital Payments & Fintech: Licensing regime. Electronic Payment Services Regulations, 2019 (issued under the National Clearance and Settlement Systems Act, Cap 46:06, 2003), supplemented by the Bank of Botswana Electronic Payment Services Licensing Guidelines (2022); administered by the Bank of Botswana, with NBFIRA and BOCRA covering adjacent non-bank lending and telecom/mobile-money enablers.
Brunei - Digital Payments & Fintech: Licensing regime. Brunei Darussalam Central Bank (BDCB) under the BDCB Order, 2010 (s.54(1)); Notice No. PSO/N-1/2020/1 on Requirements for Payment Systems; plus money services licensing and the National QR Code Standard notice.
Bulgaria - Digital Payments & Fintech: Licensing regime. Payment Services and Payment Systems Act (PSPSA, in force 2018, transposing EU PSD2), supplemented by BNB Ordinance No 16 on licensing of payment institutions and e-money institutions; supervised by the Bulgarian National Bank (BNB). EU regulations (MiCA, GDPR) and CCD2 apply as baseline.
Cambodia - Digital Payments & Fintech: Licensing regime. National Bank of Cambodia (NBC) Prakas on Payment Service Institutions (2017, as amended), issued under the Law on the Organization and Conduct of the NBC and the Law on Banking and Financial Institutions (now the Law on Credit Institutions 2024); NBC operates the Bakong national instant-payment system
Cameroon - Digital Payments & Fintech: Licensing regime. CEMAC Regulation No. 04/18/CEMAC/UMAC/COBAC on Payment Services (21 December 2018, in force 1 January 2019); Cameroon Ministry of Finance Decision No. 00000337/MINFI (28 February 2024); supervised by BEAC (central bank), COBAC (regional banking commission), and MINFI
Chile - Digital Payments & Fintech: Licensing regime. Ley Fintec (Law No. 21.521, in force since 2023) and CMF General Rule NCG 502/493, supervised by the Comisión para el Mercado Financiero (CMF), with the Central Bank of Chile (BCCh) regulating payment-card/PSP rails
Colombia - Digital Payments & Fintech: Licensing regime. Superintendencia Financiera de Colombia (SFC) and Banco de la República; SEDPE regime (Law 1735 of 2014), low-value payment systems & acquiring (Decree 1692 of 2020), open finance (Decree 1297 of 2022, now mandatory under Decree 0368 of 2026), and the Bre-B instant payment rail.
Costa Rica - Digital Payments & Fintech: Partial. Ley Orgánica del Banco Central de Costa Rica (Law 7558, incl. 2020 reform / Article 15 Bis); BCCR Reglamento del Sistema de Pagos; BCCR Reglamento del Sistema de Tarjetas de Pago (December 2025); supervised by BCCR, SUGEF, and CONASSIF
Côte d'Ivoire - Digital Payments & Fintech: Licensing regime. Regional WAEMU/UMOA regime administered by the BCEAO (Central Bank of West African States): e-money issuers under BCEAO Instruction No. 008-05-2015, and payment service providers/payment institutions under BCEAO Instruction No. 001-01-2024.
Croatia - Digital Payments & Fintech: Licensing regime. Payment System Act (transposing PSD2, Directive 2015/2366/EU); Electronic Money Act (transposing EMD2); MiCA Implementation Act (Zakon o provedbi Uredbe (EU) 2023/1114, July 2024); supervised by Croatian National Bank (HNB) and Croatian Financial Services Supervisory Agency (HANFA)
Cuba - Digital Payments & Fintech: Partial. Banco Central de Cuba (BCC) — Resolution 215/2021 (virtual asset service providers), Decree-Law 113/2025 (foreign currency transactions), Resolution 134/2025 (first VASP license); state-operated platforms Transfermóvil and EnZona under BCC oversight
Cyprus - Digital Payments & Fintech: Licensing regime. Provision and Use of Payment Services and Access to Payment Systems Laws of 2018–2025 (PSD2 transposition); Electronic Money Laws of 2012 & 2018; supervised by the Central Bank of Cyprus (CBC)
Czechia - Digital Payments & Fintech: Licensing regime. Act No. 370/2017 Coll. on Payment Systems (implementing PSD2/EMD2), supervised by the Czech National Bank (CNB); supplemented by Decree No. 1/2022 Coll. (as amended by Decree No. 197/2025 Coll.) on licensing applications
Dominican Republic - Digital Payments & Fintech: Partial. Ley Monetaria y Financiera No. 183-02; Reglamento del Sistema de Pagos y Liquidación de Valores (SIPARD, updated May & August 2025) — dual oversight by Banco Central de la República Dominicana (BCRD) and Superintendencia de Bancos (SB)
Ecuador - Digital Payments & Fintech: Licensing regime. Organic Law for the Development, Regulation and Control of Technological Financial Services (Ley Fintech), in force 22 Dec 2022, implemented by Executive Decree 903 (2023) and Monetary & Financial Policy and Regulation Board (JPRM) resolutions; supervised by the Central Bank of Ecuador (BCE), Superintendency of Banks (SB) and Superintendency of Companies, Securities and Insurance (SCVS).
El Salvador - Digital Payments & Fintech: Licensing regime. Ley de Emisión de Activos Digitales (LEAD, 2023) administered by the Comisión Nacional de Activos Digitales (CNAD); BCR/SSF oversight of traditional payment systems; Investment Banking Law (August 2025); draft Ley para el Fomento de Entidades Fintech y Regulación de Servicios Financieros Digitales (submitted to Legislative Assembly August 2024, not yet enacted)
Estonia - Digital Payments & Fintech: Licensing regime. Payment Institutions and E-money Institutions Act (MERAS / Makseasutuste ja e-raha asutuste seadus); EU PSD2 Directive (2015/2366); EU Instant Payments Regulation (2024/886); supervised by Finantsinspektsioon (Estonian Financial Supervision and Resolution Authority)
Ethiopia - Digital Payments & Fintech: Licensing regime. National Payment System Proclamation No. 718/2011 (as amended by Proclamation No. 1282/2023), administered by the National Bank of Ethiopia (NBE), implemented through the Licensing and Authorization of Payment Instrument Issuer Directive (originally ONPS/01/2020, amended by Directive No. NPS/10/2025) and the Payment System Operators Directive.
Fiji - Digital Payments & Fintech: Licensing regime. National Payment System Act 2021 (Act No. 4 of 2021) and National Payment System Regulations 2022, administered by the Reserve Bank of Fiji (RBF)
Georgia - Digital Payments & Fintech: Licensing regime. Law of Georgia on Payment Systems and Payment Services (as amended), administered by the National Bank of Georgia (NBG)
Ghana - Digital Payments & Fintech: Licensing regime. Payment Systems and Services Act, 2019 (Act 987), administered by the Bank of Ghana (BoG) through its Fintech and Innovation Office
Greece - Digital Payments & Fintech: Licensing regime. Law 4537/2018 (PSD2 transposition); Bank of Greece Executive Committee Acts 164/2019, 178/2020, 189/2021; supervised by the Bank of Greece (BoG)
Guatemala - Digital Payments & Fintech: Partial. Ley de Bancos y Grupos Financieros (Decreto 19-2002); Ley Orgánica del Banco de Guatemala (Decreto 16-2002); supervised by Superintendencia de Bancos (SIB) and Junta Monetaria / Banco de Guatemala
Honduras - Digital Payments & Fintech: Licensing regime. Legislative Decree 83-2021 (regulatory framework for electronic payment and transfer services), implemented by Banco Central de Honduras (BCH) regulations — Acuerdo 01-2024 for INDEL (electronic-money institutions, replacing Acuerdo 12-2022) and Acuerdo 13-2022 for EPSPE (electronic payment service providers); supervised by BCH with a favorable opinion (dictamen) from the Comisión Nacional de Bancos y Seguros (CNBS).
Hungary - Digital Payments & Fintech: Licensing regime. Payment Services and Electronic Money Act (PSPA, implementing EU PSD2/EMD2); supervised and licensed by Magyar Nemzeti Bank (MNB); mandatory Instant Payment System (AFR) since March 2020
Iceland - Digital Payments & Fintech: Licensing regime. Icelandic law transposing EU PSD2 (Payment Services) and EMD2 (Electronic Money), plus Act on Financial Undertakings No. 161/2002; supervised by the Central Bank of Iceland (CBI/Seðlabanki) following absorption of the FME in 2020
Iran - Digital Payments & Fintech: Partial. Central Bank of Iran (Bank Markazi) via Payment and Settlement Systems Regulations; SHAPARAK (Electronic Payment Network Company) as PSP supervisor; Law on Non-Governmental Banks and Credit Institutions
Iraq - Digital Payments & Fintech: Licensing regime. Electronic Payment Services Regulation No. (2) of 2024, administered by the Central Bank of Iraq (CBI); supplemented by CBI mobile-wallet instructions (2025) and the 2015 Anti-Money Laundering & Counter-Terrorism Financing Law.
Jamaica - Digital Payments & Fintech: Partial. Payment Clearing and Settlement Act (PCSA) 2010 + Bank of Jamaica Guidelines for Electronic Retail Payment Services (ERPS 2, 2019); formal PSP licensing via proposed PCSA amendment (draft circulated January 2026, not yet enacted)
Jordan - Digital Payments & Fintech: Licensing regime. Electronic Payment and Money Transfer Bylaw No. (111) of 2017, issued under the Electronic Transactions Law No. (15) of 2015 — administered and supervised by the Central Bank of Jordan (CBJ).
Kazakhstan - Digital Payments & Fintech: Licensing regime. Law No. 11-VI 'On Payments and Payment Systems' (26 July 2016, as amended); Law 'On Banks and Banking Activities' (adopted 25 December 2025, pending presidential signature); regulator: National Bank of Kazakhstan (NBK) for the national market; Astana Financial Services Authority (AFSA) within the Astana International Financial Centre (AIFC)
Kuwait - Digital Payments & Fintech: Licensing regime. Central Bank of Kuwait (CBK) — Instructions for Regulating the Electronic Payment of Funds, issued by Resolution No. 45/471/2023 (May 2023), which repealed the earlier 2018 regime (Resolution No. 44/430 of 2018). Statutory basis is CBK Law No. 32 of 1968 (as amended).
Laos - Digital Payments & Fintech: Licensing regime. Law on Payment Systems (2017) implemented by BOL Decision on the Payment Service System No. 511/BOL (19 June 2025), which replaced Decision No. 288/BOL (2020) and Decision No. 1058/BOL (2016); regulator is the Bank of the Lao PDR (BOL), via its Payment Systems / Payment System Management Department.
Latvia - Digital Payments & Fintech: Licensing regime. Law on Payment Services and Electronic Money (Maksājumu pakalpojumu un elektroniskās naudas likums; likumi.lv id 206634), implementing EU PSD2 Directive 2015/2366/EU; supervised by Latvijas Banka as single competent authority since 1 January 2023 (following FKTK/FCMC merger)
Lebanon - Digital Payments & Fintech: Partial. Banque du Liban (BDL) — Basic Circular No. 1 / Basic Decision No. 13790 (January 2026) for Electronic Payment Service Providers; BDL Basic Circular No. 69/2000 on Electronic Banking and Financial Transactions; Law No. 81/2018 on Electronic Transactions and Personal Data
Lithuania - Digital Payments & Fintech: Licensing regime. Law on Payments (Mokėjimų įstatymas), Law on Electronic Money Institutions (Elektroninių pinigų įstaigų įstatymas); Bank of Lithuania (Lietuvos bankas) as competent authority; PSD2 (Directive 2015/2366) fully transposed; EU PSD3/Payment Services Regulation provisionally agreed November 2025, national applicability targeted Q2–Q3 2028
Malta - Digital Payments & Fintech: Licensing regime. Financial Institutions Act (Cap. 376 of the Laws of Malta) implementing PSD2 (Directive 2015/2366), supervised by the Malta Financial Services Authority (MFSA); EU Instant Payments Regulation (EU) 2024/886 and MiCA (EU) 2023/1114 also in force
Mauritius - Digital Payments & Fintech: Licensing regime. National Payment Systems Act 2018 and the National Payment Systems (Authorisation and Licensing) Regulations 2021, administered by the Bank of Mauritius (BoM)
Moldova - Digital Payments & Fintech: Licensing regime. Law on Payment Services and Electronic Money No. 114 of 18 May 2012 (as amended by Law No. 209/2022 transposing EU PSD2), administered and supervised by the National Bank of Moldova (NBM).
Monaco - Digital Payments & Fintech: Partial. Monaco–EU Monetary Agreement (2011, updated) transposing EU payment directives via French law; French-Monaco Banking Treaty (1945/2010) delegating prudential licensing to France's ACPR; Law No. 1.528 of 7 July 2022 for digital-asset service providers; CCAF (Commission de Contrôle des Activités Financières) as domestic financial supervisor
Mongolia - Digital Payments & Fintech: Partial. Law on National Payment System (enacted 31 May 2017, in force 1 January 2018); Bank of Mongolia (Mongolbank) Resolution No. A-45 on Electronic Money (2018); regulated by the Bank of Mongolia for payment services and e-money, and the Financial Regulatory Commission (FRC) for virtual asset service providers
Morocco - Digital Payments & Fintech: Licensing regime. Law No. 103-12 on credit institutions and similar bodies (Dahir No. 1-14-193 of Dec. 24, 2014) and Bank Al-Maghrib (BAM) implementing circulars; BAM is the sole licensing/supervisory authority for payment institutions and e-money
Mozambique - Digital Payments & Fintech: Partial. Law No. 20/2020 (Credit Institutions and Financial Companies Law) + Decree No. 50/2024; supervised by Banco de Moçambique
Myanmar - Digital Payments & Fintech: Partial. Financial Institutions Law 2016 (Sections 132 & 184); Mobile Financial Services Regulation 2016; National Payments System Strategy 2020–2025 — all administered by the Central Bank of Myanmar (CBM)
Namibia - Digital Payments & Fintech: Licensing regime. Payment System Management Act 14 of 2023, administered by the Bank of Namibia (BoN); supplemented by BoN determinations including PSD-3 on the issuing of electronic money.
Nepal - Digital Payments & Fintech: Licensing regime. Payment and Settlement Act, 2075 (2019) + NRB Act 2002, implemented via Nepal Rastra Bank's Licensing Policy for Institutions that Perform Payment-Related Work 2079 (2023); regulator: Nepal Rastra Bank (NRB), Payment Systems Department
North Macedonia - Digital Payments & Fintech: Licensing regime. Law on Payment Services and Payment Systems (Official Gazette No. 90, 12 April 2022, in force 1 January 2023); supervised by the National Bank of the Republic of North Macedonia (NBRM)
Oman - Digital Payments & Fintech: Licensing regime. National Payment Systems Law (Royal Decree 8/2018) & Executive Regulation (CBO Decision 1/2019); Banking Law (Royal Decree 2/2025); supervised by the Central Bank of Oman (CBO)
Pakistan - Digital Payments & Fintech: Licensing regime. Payment Systems and Electronic Fund Transfers Act 2007 (PS&EFT Act); administered by the State Bank of Pakistan (SBP) via PSO/PSP Rules 2014, EMI Regulations 2023, and Digital Bank Licensing Framework 2022
Panama - Digital Payments & Fintech: Partial. SBP Acuerdo 001-2018 (e-money/payment instrument issuers); Law 48 of 2003 (money remittance, MICI); Law 23 of 2015 (AML supervision of payment entities); SBP Agreement 1-2026 (AML/digital ID); Draft Law No. 314 pending — Superintendencia de Bancos de Panamá (SBP)
Papua New Guinea - Digital Payments & Fintech: Partial. National Payments System Act 2013 (No. 10 of 2013); Bank of Papua New Guinea (BPNG) as sole payments regulator; supplemented by Directive on Electronic Funds Transfers 02/2019 and BPNG Regulatory Sandbox (est. 2021)
Paraguay - Digital Payments & Fintech: Licensing regime. Law 7503/2025 (Ley del Sistema Nacional de Pagos, SNP) and BCP Electronic Payment Media Regulation (Reglamento de Medios de Pagos Electrónicos, MEP); supervised by Banco Central del Paraguay (BCP)
Peru - Digital Payments & Fintech: Licensing regime. Law No. 29985 (Electronic Money Law, 2013) and its regulation (Supreme Decree 090-2013-EF), plus SBS Resolution 6284-2013 governing Electronic Money Issuing Companies (EEDE), supervised by the Superintendencia de Banca, Seguros y AFP (SBS); payment systems and immediate-payment rails are regulated by the Banco Central de Reserva del Perú (BCRP) under the National Payment System Regulation.
Romania - Digital Payments & Fintech: Licensing regime. Law 209/2019 (PSD2 transposition, payment services), Law 210/2019 (e-money/EMD2 transposition), BNR Regulation No. 4/2019; supervised by Banca Națională a României (BNR/NBR)
Rwanda - Digital Payments & Fintech: Licensing regime. National Payment System Law (2010); Regulation n° 74/2023 Governing Payment Service Providers; Regulation n° 54/2022 on Electronic Money Issuers — all overseen by the National Bank of Rwanda (BNR)
San Marino - Digital Payments & Fintech: Licensing regime. Central Bank of the Republic of San Marino (BCSM) under its Statute (Law No. 96/2005); Regulation No. 2014-04 on payment and electronic money issuing services (payment institutions and EMIs), aligned with EU Directives 2007/64/EC (PSD) and 2009/110/EC (EMD)
Senegal - Digital Payments & Fintech: Licensing regime. BCEAO (Central Bank of West African States) regional framework for WAEMU/UMOA: Instruction No. 001-01-2024 (23 Jan 2024) on payment services and payment institutions, plus Instruction No. 008-05-2015 on electronic money issuance (EMIs). Senegal applies the uniform regional regime; BCEAO is the licensing/supervisory authority.
Serbia - Digital Payments & Fintech: Licensing regime. Law on Payment Services (Zakon o platnim uslugama, in force since 1 Oct 2015; amended 31 Jul 2024, applying from 6 May 2025), supervised and licensed by the National Bank of Serbia (NBS).
Slovakia - Digital Payments & Fintech: Licensing regime. Act on Payment Services (transposing PSD2 Directive 2015/2366 and EMD2 Directive 2009/110/EC); regulated and supervised by Národná banka Slovenska (NBS)
Slovenia - Digital Payments & Fintech: Licensing regime. Payment Services, Services for Issuing Electronic Money and Payment Systems Act (ZPlaSSIED), transposing EU PSD2 (Directive 2015/2366/EU) and EMD2 (Directive 2009/110/EC); competent authority: Banka Slovenije (Bank of Slovenia)
Sri Lanka - Digital Payments & Fintech: Licensing regime. Payment and Settlement Systems Act No. 28 of 2005 (PSS Act); administered by the Central Bank of Sri Lanka (CBSL) Payments and Settlements Department
Tanzania - Digital Payments & Fintech: Licensing regime. National Payment Systems Act, 2015 — administered by the Bank of Tanzania (BoT), supported by the Payment Systems (Licensing and Approval) Regulations and the Payment Systems (Electronic Money) Regulations, 2015
Trinidad and Tobago - Digital Payments & Fintech: Partial. E-Money Issuer Order 2020 (amended December 2023) and Central Bank Act (Chap. 79:02) s.36(cc) — overseen by the Central Bank of Trinidad and Tobago (CBTT); draft Payment Systems and Services (PSS) Bill in public consultation as of May 2026
Tunisia - Digital Payments & Fintech: Licensing regime. Law No. 2016-48 of 11 July 2016 on Banks and Financial Institutions (Art. 20 delegates payment institution rules to BCT circulars); BCT Circular 2018-16 governing payment institution activity and operations; BCT as sole licensing authority
Uganda - Digital Payments & Fintech: Licensing regime. National Payment Systems Act 2020 (Act No. 15 of 2020) and National Payment Systems Regulations 2021, regulated by the Bank of Uganda (BoU)
Ukraine - Digital Payments & Fintech: Licensing regime. Law of Ukraine 'On Payment Services' (No. 1591-IX, adopted 30 June 2021, in force 1 August 2022); administered by the National Bank of Ukraine (NBU)
Uruguay - Digital Payments & Fintech: Licensing regime. Ley 19.210 de Inclusión Financiera (2014) and BCU Recopilación de Normas de Sistema de Pagos (RNSP); supervised by Banco Central del Uruguay (BCU) / Superintendencia de Servicios Financieros (SSF)
Uzbekistan - Digital Payments & Fintech: Licensing regime. Law of the Republic of Uzbekistan "On Payments and Payment Systems" (in force 3 February 2023), administered by the Central Bank of the Republic of Uzbekistan (CBU), with licensing under CBU Resolution No. 3431 (5 May 2023).
Venezuela - Digital Payments & Fintech: Partial. SUDEBAN Resolution No. 001.21 (2021) for ITFB fintech licensing; BCV legal mandate over national payment systems; Decree 3,196/2018 establishing SUNACRIP for crypto-assets
Zambia - Digital Payments & Fintech: Licensing regime. National Payment Systems Act No. 1 of 2007 (with the modernising National Payment System Act, 2026 recently passed to replace it), administered by the Bank of Zambia, supplemented by BoZ directives including the Electronic Money Issuance directives (2018, revised 2023) and a Banking and Financial Services Act No. 7 of 2017 backdrop.
Zimbabwe - Digital Payments & Fintech: Licensing regime. National Payment Systems Act [Chapter 24:23] (Act 21/2001), administered by the Reserve Bank of Zimbabwe (RBZ), supplemented by the Banking (Money Transmission, Mobile Banking and Mobile Money Interoperability) Regulations (SI 80/2020, amended by SI 17/2025) and the RBZ's 2016 Framework for the Recognition of Payment Systems.
Afghanistan - Digital Payments & Fintech: Partial. Da Afghanistan Bank (DAB) — Regulation on Licensing and Oversight of Payment and Settlement Systems (2016); Electronic Money Institutions (EMI) Regulation (2016); Regulation on Domestic Payment Operations
Barbados - Digital Payments & Fintech: Licensing regime. National Payment System Act (NPSA), 2021, administered by the Central Bank of Barbados (CBB); supported by the National Payment System (Payment Services and Electronic Money) Regulations, S.I. 2026 No. 46, and the CBB's 2025 Framework for Licensing & Authorising Payment Service Providers. Fintech innovation is also handled via the joint CBB/FSC Regulatory Sandbox.
Belize - Digital Payments & Fintech: Licensing regime. National Payment System Act, Chapter 266:01 (enacted 2017, revised 2020) + National Payment System Regulations, 2024 (SI No. 29 of 2024), regulated by the Central Bank of Belize
Benin - Digital Payments & Fintech: Licensing regime. BCEAO Instruction No. 001-01-2024 (23 January 2024) on payment services in UMOA member states; regulator is the Banque Centrale des États de l'Afrique de l'Ouest (BCEAO), the supranational central bank for all eight WAEMU/UMOA states including Benin
Bhutan - Digital Payments & Fintech: Licensing regime. Payment and Settlement Systems Rules and Regulations 2018, issued by the Royal Monetary Authority (RMA) of Bhutan under the RMA Act 2010 and the Financial Services Act of Bhutan 2011.
Bosnia & Herzegovina - Digital Payments & Fintech: Partial. Republika Srpska: Law on Electronic Money (Official Gazette RS No. 1/24, in force July 2024), supervised by Banking Agency of RS (ABRS). Federation of BiH: no equivalent e-money or payment services law; Banking Agency of FBiH (FBA) supervises banks only. State-level payment infrastructure operated by Central Bank of Bosnia and Herzegovina (CBBH).
British Virgin Islands - Digital Payments & Fintech: Partial. Financing and Money Services Act 2009 (as amended); Virtual Assets Service Providers Act 2022; Banks and Trust Companies Act (Revised 2020); Financial Services Commission Act — all supervised by the BVI Financial Services Commission (FSC)
Burkina Faso - Digital Payments & Fintech: Licensing regime. BCEAO (Central Bank of West African States) under the WAEMU/UMOA Uniform Banking Law; Instruction n°001-01-2024 of 23 January 2024 on payment services governs payment institutions, e-money establishments and payment service providers across all member states including Burkina Faso.
Burundi - Digital Payments & Fintech: Licensing regime. Bank of the Republic of Burundi (BRB), under Law No. 01/07 of 11 May 2018 on the National Payment System, Regulation No. 002 of 2024 on payment services and payment-institution activities (replacing Reg. No. 001/2017), and Circular No. 001 of 2024 on electronic-money-issuing payment institutions.
Central African Republic - Digital Payments & Fintech: Partial. CEMAC Regulation No. 04/18/CEMAC/UMAC/COBAC on Payment Services (in force 1 January 2019); supervised by COBAC (Banking Commission of Central Africa) and BEAC (Bank of Central African States)
Chad - Digital Payments & Fintech: Licensing regime. Regional CEMAC framework: Regulation No. 04/18/CEMAC/UMAC/COBAC (21 Dec 2018) on payment services, plus COBAC Regulations R-2019/01 (licensing) and R-2019/02 (prudential standards). Supervised by the Bank of Central African States (BEAC) as monetary authority and the Central African Banking Commission (COBAC) as prudential supervisor. Chad applies this directly as a CEMAC member state.
Congo - Digital Payments & Fintech: Partial. Banque Centrale du Congo (BCC) under Loi n°18/027 on monetary and financial organisation; BCC Instructions on electronic money (No. 24), PSP licensing (No. 53), and payment-system interoperability (No. 58, September 2024); ARPTC digital-services authorisation framework enacted March 2026
Djibouti - Digital Payments & Fintech: Partial. National Payment System Law (Law No. 118/AN/15/7ème L, 2016); supervised by Banque Centrale de Djibouti (BCD)
DR Congo - Digital Payments & Fintech: Licensing regime. BCC Instruction No. 24 (e-money issuers), Instruction No. 42 (monetique/electronic payment instruments), Instruction No. 58/2024 (payment interoperability & National Monetary Switch); primary statute: Law No. 003/2002 as amended by Law No. 22-069 of 27 December 2022 on credit institutions; regulator: Banque Centrale du Congo (BCC)
Equatorial Guinea - Digital Payments & Fintech: Partial. CEMAC/COBAC Regulation No. 04/18/CEMAC/UMAC/COBAC on Payment Services (2018); supervised by BEAC and COBAC at regional level
Eritrea - Digital Payments & Fintech: Partial. Bank of Eritrea Proclamation No. 93/1997; ad-hoc payment operator authorization by Bank of Eritrea; no dedicated Payment Services or EMI Act
eSwatini - Digital Payments & Fintech: Licensing regime. National Payment Systems Act, 2023 — administered by the Central Bank of Eswatini (CBE), which licenses payment service providers (PSPs), e-money/mobile money issuers and operators of payment systems.
Gabon - Digital Payments & Fintech: Licensing regime. CEMAC/COBAC Regulation No. 04/18/CEMAC/UMAC/COBAC on Payment Services (in force 1 January 2019); overseen by COBAC (Banking Commission of Central Africa) and BEAC (Bank of Central African States)
Gambia - Digital Payments & Fintech: Licensing regime. Electronic Payments System Act 2013; Mobile Money Regulation 2011; Central Bank Act 2018 — regulated by the Central Bank of The Gambia (CBG)
Greenland - Digital Payments & Fintech: Partial. Greenland Self-Government Act 2009 (Act No. 473); Danish Financial Supervisory Authority (Finanstilsynet) oversight of GrønlandsBANKEN A/S; Danish Payments Act explicitly not enacted in Greenland
Guinea - Digital Payments & Fintech: Partial. Banque Centrale de la République de Guinée (BCRG) under Law on Inclusive Financial Institutions (2017) and BCRG regulatory instructions; Electronic Money Establishment (EME) licensing regime in force
Guinea-Bissau - Digital Payments & Fintech: Licensing regime. BCEAO Instruction No. 001-01-2024 on Payment Services in WAEMU Member States; supervised by the Banque Centrale des États de l'Afrique de l'Ouest (BCEAO) at the supranational level
Guyana - Digital Payments & Fintech: Licensing regime. National Payments System Act No. 13 of 2018 (in force June 2019), administered by the Bank of Guyana
Haiti - Digital Payments & Fintech: Partial. BRH Circular 121 (6 December 2021) — Electronic Payment Service Provider (FSP) Authorization; Banque de la République d'Haïti (BRH) as sole regulator
Isle of Man - Digital Payments & Fintech: Licensing regime. Financial Services Act 2008 (FSA08) and the Regulated Activities Order 2011 — 'Class 8: Money Transmission Services' licence covering payment services and e-money issuance, administered by the Isle of Man Financial Services Authority (IOMFSA).
Jersey - Digital Payments & Fintech: Licensing regime. Financial Services (Jersey) Law 1998 — Money Service Business (MSB) class, supervised by the Jersey Financial Services Commission (JFSC); virtual-asset and lending businesses register for AML under the Proceeds of Crime (Supervisory Bodies) (Jersey) Law 2008.
Kyrgyzstan - Digital Payments & Fintech: Licensing regime. Law on Payment Systems and Law on Electronic Money (Kyrgyz Republic); NBKR Board Resolutions on licensing of payment organizations, payment system operators, and e-money issuers; supervised exclusively by the National Bank of the Kyrgyz Republic (NBKR)
Lesotho - Digital Payments & Fintech: Licensing regime. National Payment Systems Act No. 8 of 2014 and the Payment Systems (Issuers of Electronic Payment Instruments) Regulations 2017, administered by the Central Bank of Lesotho (CBL).
Liberia - Digital Payments & Fintech: Licensing regime. Payment Systems Act (2014) and CBL Regulations Concerning Licensing and Operations of Electronic Payment (E-Payment) Services; overseen by the Central Bank of Liberia (CBL)
Libya - Digital Payments & Fintech: Partial. Central Bank of Libya (CBL) via Banking Law and National Payments Council regulations on electronic payment services; no comprehensive standalone Payment Services Act
Madagascar - Digital Payments & Fintech: Partial. Loi n°2016-056 du 2 février 2017 sur la Monnaie Électronique et les Établissements de Monnaie Électronique; CSBF Instruction n°002/2017-CSBF (EMI licensing); supervised by Banky Foiben'i Madagasikara (BFM) and Commission de Supervision Bancaire et Financière (CSBF)
Malawi - Digital Payments & Fintech: Licensing regime. Payment Systems Act, 2016 (No. 15 of 2016) and the Payment Systems (E-money) Regulations, administered by the Reserve Bank of Malawi (RBM)
Maldives - Digital Payments & Fintech: Licensing regime. National Payment System Act (Law No. 8/2021) and the Regulation on Payment Services (gazetted 13 March 2022), administered and supervised by the Maldives Monetary Authority (MMA).
Mali - Digital Payments & Fintech: Licensing regime. Regional WAEMU/UMOA framework administered by the BCEAO (Central Bank of West African States): Instruction n°008-05-2015 on electronic money issuers (EME) and Instruction n°001-01-2024 on payment services (payment institutions / EDP). Mali, as a UMOA member, applies these directly; licenses are granted per-country by the BCEAO.
Mauritania - Digital Payments & Fintech: Licensing regime. Law No. 2021-14 on Electronic Payment Services and Means (Loi relative aux services et moyens de paiement électronique), adopted June/July 2021, supervised by the Banque Centrale de Mauritanie (BCM)
Montenegro - Digital Payments & Fintech: Licensing regime. Payment System Law (Law on Payment Transactions), as amended Sept 2022 / in force 8 October 2023, harmonized with EU PSD2; supervised by the Central Bank of Montenegro (CBCG)
New Caledonia - Digital Payments & Fintech: Licensing regime. French Code monétaire et financier (transposing EU PSD2 via Ordonnance n°2017-1252) extended to New Caledonia through Book VII (Arts. L712-1 et seq.). Licensing is granted by the Autorité de contrôle prudentiel et de résolution (ACPR, after Banque de France opinion); the Institut d'émission d'outre-mer (IEOM) is the local central-bank relay and oversees payment systems and the security of payment means.
Nicaragua - Digital Payments & Fintech: Licensing regime. Central Bank of Nicaragua (BCN) regulations for Financial Technology Payment Service Providers (PSP) and Virtual Asset Service Providers (PSAV) — current framework adopted by Resolution CDMF-XIII-2-251 (23 May 2025), which repealed the original 2022 Resolution CD-BCN-XXV-1-22; instant-payment rails (SINPE/TEF) also operated by the BCN.
Niger - Digital Payments & Fintech: Licensing regime. BCEAO (Central Bank of West African States) under the WAEMU/UEMOA monetary union — Instruction N°001-01-2024 of 23 January 2024 on payment services, plus the e-money issuer (EMI) framework. Niger does not have a separate national regime; payments and fintech are licensed regionally by the BCEAO.
North Korea - Digital Payments & Fintech: Partial. Electronic Payment Law (전자결제법, adopted by the SPA Standing Committee in late October 2021 and subsequently revised), administered by the Central Bank of the DPRK, which approves and supervises electronic payment networks. No conventional payment-institution/e-money licensing taxonomy, open banking, cross-border instant rails, or BNPL rules exist.
Palestine - Digital Payments & Fintech: Licensing regime. Palestine Monetary Authority (PMA) under Decree-Law No. 41 of 2022 on National Payments, complemented by PMA e-payment/e-money instructions (since 2020), the RTGS 'Buraq' and instant-payment 'iBuraq' systems, and a regulatory sandbox.
Puerto Rico - Digital Payments & Fintech: Licensing regime. Money services (incl. money transmission and virtual-currency transfer) are licensed by the Puerto Rico Office of the Commissioner of Financial Institutions (OCIF) under the Money Services Business Regulatory Act (codified at 10 L.P.R.A. ch. 303B, originating in Act 136-2010); international/offshore fintech and crypto activities are licensed under Act 273-2012 (International Financial Center Regulatory Act). As a U.S. territory, Puerto Rico also sits under the federal overlay of FinCEN (BSA), the CFPB, and the Federal Reserve payment system.
Seychelles - Digital Payments & Fintech: Licensing regime. National Payment System Act 2014 (as amended) and the National Payment System (Licensing and Authorisation) Regulations 2014, administered by the Central Bank of Seychelles (CBS); virtual-asset/fintech activities licensed separately under the Virtual Asset Service Providers Act 2024 by the Financial Services Authority (FSA).
Sierra Leone - Digital Payments & Fintech: Licensing regime. National Payment Systems Act, 2022 (in force 23 June 2022) and the National Payment Systems Oversight Regulations, 2022, administered by the Bank of Sierra Leone (BSL) as licensing and oversight authority.
Solomon Islands - Digital Payments & Fintech: Partial. Payment Systems Act 2022 (a.k.a. National Payment System Act 2022) administered by the Central Bank of Solomon Islands (CBSI); supported by amendments to the CBSI Act 2012 and, for deposit-taking institutions, the Financial Institutions Act 1998.
Somalia - Digital Payments & Fintech: Partial. Central Bank of Somalia (CBS) Mobile Money Regulations 2020 (amended 2021), issued under the Financial Institutions Law; National Payment System (NPS) launched 2021 with an NPS Act adopted by the CBS Board as an interim measure (not yet enacted by Parliament).
South Sudan - Digital Payments & Fintech: Licensing regime. Electronic Money Regulation, 2017, issued by the Bank of South Sudan (BoSS) under the Bank of South Sudan Act, 2011; mobile-money agent/telecom side co-regulated by the National Communications Authority.
Sudan - Digital Payments & Fintech: Partial. Central Bank of Sudan (CBoS) under the Bank of Sudan Act and its E-Money/Mobile Payment Regulations; CBoS is the sole licensor and supervisor of e-money issuers, payment service providers and the retail payment system.
Suriname - Digital Payments & Fintech: Partial. Centrale Bank van Suriname (CBvS) supervises the financial sector under sector-specific laws — primarily the Banking and Credit System Supervision Act (Wet Toezicht Bank- en Kredietwezen) for banks and the Money Transaction Offices Supervision Act 2012 (Wet Toezicht Geldtransactiekantoren 2012, S.B. 2012 No. 170) for money-transfer/exchange operators. There is no dedicated payment-institution or e-money (EMI) licensing regime; fintech-specific rules are still at the strategy/consultation stage.
Syria - Digital Payments & Fintech: Licensing regime. Central Bank of Syria (CBS) — Payment Systems Directorate licenses 'electronic payment and collection services companies' under CBS regulations, supported by sectoral laws (Banking Secrecy Law, AML/CFT Law, Electronic Transactions Law, Electronic Signature Law, Electronic Crime Law).
Tajikistan - Digital Payments & Fintech: Licensing regime. Law of the Republic of Tajikistan 'On Payment Services and the Payment System' (adopted 2017), administered by the National Bank of Tajikistan (NBT) alongside the Laws 'On the National Bank of Tajikistan' and 'On Banking Activities'.
Timor-Leste - Digital Payments & Fintech: Partial. Banco Central de Timor-Leste (BCTL) is the sole regulator/licensor under the UNTAET-era banking regulations (Reg. 2000/8) and a series of BCTL Instructions (e.g. Instruction 1/2013 on money transfer operators; Instruction 25/2023 on finance companies). There is no dedicated, comprehensive payment-institution / e-money (EMI) licensing law; payment and e-wallet providers are authorised on a case basis under BCTL's general financial-supervision powers.
Togo - Digital Payments & Fintech: Licensing regime. Regional BCEAO (Central Bank of West African States) framework applicable in Togo as a WAEMU/UMOA member: Instruction No. 001-01-2024 of 23 January 2024 on payment services (Payment Institution licensing) and Instruction No. 008-05-2015 on electronic money issuers (EMI licensing), supervised by the BCEAO and the WAEMU Banking Commission.
Turkmenistan - Digital Payments & Fintech: Partial. Central Bank of Turkmenistan, under the Law 'On the Central Bank of Turkmenistan' and the Law 'On Credit Institutions and Banking Activity' — payments run through the bank-licensing regime and the state-operated 'Altyn Asyr' national card system; no dedicated payment-institution / e-money / open-banking / BNPL regime exists.
Vanuatu - Digital Payments & Fintech: Licensing regime. National Payment System Act No. 8 of 2021, administered by the Reserve Bank of Vanuatu (RBV), which licenses and supervises payment system operators, payment service providers, e-money issuers and mobile money service providers.
Yemen - Digital Payments & Fintech: Licensing regime. Central Bank of Yemen (CBY) mobile banking / e-money regulations — Circular No. 11 of 2014 (Mobile Banking Regulations), administered under the Central Bank Law; enforcement and licensing currently led by the internationally recognized CBY-Aden, with a parallel, divergent regime operated by CBY-Sana'a.
Antigua and Barbuda - Digital Payments & Fintech: Licensing regime. Payment Systems and Services Act, No. 13 of 2025 (administered by the Eastern Caribbean Central Bank, ECCB), complemented by the Digital Assets Business Act 2020 (supervised by the Financial Services Regulatory Commission, FSRC) and the Money Services Business Act 2011
Cape Verde - Digital Payments & Fintech: Licensing regime. Banco de Cabo Verde (BCV) supervises payments under Decreto-Legislativo n.º 8/2018 (provision of payment services / issuance, distribution and redemption of electronic money) and Decreto-Legislativo n.º 9/2018 (legal regime for access to and activity of payment institutions and electronic money institutions), with the authorisation process, minimum capital, own funds and safeguarding rules detailed in BCV Aviso n.º 6/2019.
Comoros - Digital Payments & Fintech: Partial. Law No. 20-005 AU on Payment Services and Payment Service Providers; Regulation 01/2017 on Electronic Money Issuers; supervised by Banque Centrale des Comores (BCC)
Dominica - Digital Payments & Fintech: Licensing regime. Eastern Caribbean Central Bank (ECCB) is the regional regulator. A payment-system oversight regime is in force under the Payment Systems Act, Chapter 23:62 (enacted 2009), with banks licensed under the Banking Act. A modernised Payment System and Services Bill/Act 2026 — drafted by the ECCB for uniform adoption across the Eastern Caribbean Currency Union (ECCU) — was passed by Dominica's Parliament on 23 February 2026 to establish comprehensive licensing of payment service providers and e-money.
Grenada - Digital Payments & Fintech: Licensing regime. Payment System and Services Act, 2025 (enacted in Grenada), administered with the Eastern Caribbean Central Bank (ECCB) as the regional payment-system overseer/licensor; bank licensing under the Banking Act; non-bank money services and virtual-asset businesses licensed/registered by the Grenada Authority for the Regulation of Financial Institutions (GARFIN) under the Money Services Business Act (Cap 198A) and the Virtual Asset Business Act, 2021.
Kiribati - Digital Payments & Fintech: Partial. Kiribati Financial Institutions Act 2021 and Financial Supervisory Authority of Kiribati Act 2021, overseen by the Kiribati Financial Supervisory Authority (KFSA) under the Ministry of Finance and Economic Development (MFED)
Marshall Islands - Digital Payments & Fintech: Partial. Banking Act 1987 (as amended 2019, 2020) administered by Office of the Banking Commission; Marshall Islands Monetary Authority Act 2025 (establishing MIMA with payment-systems oversight)
Micronesia - Digital Payments & Fintech: No framework. FSM Banking Board under Title 29 FSM Code (deposit-taking banks only); no dedicated payment institution, e-money, or fintech licensing law exists
Nauru - Digital Payments & Fintech: Partial. Banking Act 1975 (bank licensing, Minister for Finance); AML-TFS Act 2023 (VASP/AML compliance, FIU oversight); Command Ridge Virtual Asset Authority Act 2025 (dedicated virtual asset regulator); no dedicated payment institution or e-money licensing law
Palau - Digital Payments & Fintech: Partial. Financial Institutions Act 2001 (as amended 2007), administered by the Financial Institutions Commission (FIC); Draft Digital Payment System Bill (SB 12-35, 2025) pending in Olbiil Era Kelulau
Saint Kitts and Nevis - Digital Payments & Fintech: Partial. Payment System Act 2008 (No. 17 of 2008); Money Services Business Act 2008 (No. 26 of 2008); Virtual Asset Act 2020 (Act No. 1 of 2020) — overseen domestically by the Financial Services Regulatory Commission (FSRC) and regionally by the Eastern Caribbean Central Bank (ECCB)
Saint Lucia - Digital Payments & Fintech: Licensing regime. Eastern Caribbean Central Bank (ECCB) regional oversight under the Payment System Act 2008 and the new Payment System and Services Act 2025 (passed into law in Saint Lucia), plus national licensing by the Financial Services Regulatory Authority (FSRA) under the Money Services Business Act No. 11 of 2010 and the Virtual Asset Business Act.
Saint Vincent and the Grenadines - Digital Payments & Fintech: Partial. Financial Services Authority Act (2012); Money Services Business Act; Virtual Asset Business Act 2022 (in force 31 May 2025); Eastern Caribbean Central Bank (ECCB) monetary oversight; ECCB model Payment System and Services Bill (2025, not yet enacted in SVG)
Samoa - Digital Payments & Fintech: Partial. National Payment System Act 2014 (consolidated December 2023); Central Bank of Samoa Act 2015; supervised by the Central Bank of Samoa (CBS) Financial Supervision and Regulation Department (FSRD)
Sao Tome and Principe - Digital Payments & Fintech: Partial. Banco Central de São Tomé e Príncipe (BCSTP) under National Financial Inclusion Strategy 2021–2025; standalone payment institution/e-money licensing legislation still being enacted
Tonga - Digital Payments & Fintech: Proposed. Payment Systems and Services Bill 2025 (draft, submitted April 2025); National Reserve Bank of Tonga Act (as amended 2014); NRBT FinTech Regulatory Sandbox Framework (June 2025) — Regulator: National Reserve Bank of Tonga (NRBT)
Tuvalu - Digital Payments & Fintech: Partial. Banking Commission Act (Tuvalu Ministry of Finance); National Bank of Tuvalu Act 1980; overseen by Tuvalu Banking Commission
Argentina - Digital Nomad & Residency: Dedicated visa. Dirección Nacional de Migraciones (DNM); Ley de Migraciones No. 25.871 art. 24(h) and Decree 616/2010, with the Digital Nomad regime created by DNM Disposición No. 758/2022.
Australia - Digital Nomad & Residency: Via other route. Migration Act 1958 (Cth) and Migration Regulations 1994, administered by the Department of Home Affairs; there is no dedicated digital-nomad or remote-work visa subclass.
Austria - Digital Nomad & Residency: Via other route. Settlement and Residence Act (Niederlassungs- und Aufenthaltsgesetz, NAG); administered by BMI/BMEIA, residence authorities and the Public Employment Service (AMS); information at migration.gv.at
Bahrain - Digital Nomad & Residency: Via other route. No dedicated digital-nomad visa. Remote workers and relocators use existing routes: the LMRA Flexible Work ('Flexi') Permit / self-sponsorship, the NPRA Self-Sponsorship Residence Permit, and the Golden Residency Visa. Administered by the Labour Market Regulatory Authority (LMRA), the Nationality, Passports & Residence Affairs (NPRA) and the Golden Residency programme.
Belgium - Digital Nomad & Residency: Via other route. No dedicated digital-nomad/remote-work visa. Self-employed third-country nationals use the 'professional card' (carte professionnelle / beroepskaart) — a regional economic-migration authorization (issued via the Flanders, Brussels-Capital or Wallonia economic-migration department) combined with a Type D national long-stay visa and residence permit, administered by the Federal Immigration Office (Office des Étrangers / Dienst Vreemdelingenzaken, IBZ). EU/EEA and Swiss nationals need neither.
Bermuda - Digital Nomad & Residency: Via other route. Bermuda Department of Immigration under the Bermuda Immigration and Protection Act 1956; 'Permission to Reside on an Annual Basis' policy and the Economic Investment and Residential Certificate (EIRC) policy administered by the Ministry of Economy and Labour / Department of Immigration
Brazil - Digital Nomad & Residency: Dedicated visa. Temporary Visa for Digital Nomads (VITEM XIV) and corresponding residence permit, regulated by Normative Resolution No. 45 of the National Immigration Council (CNIg/MJSP), in force since 24 January 2022; administered by the Ministry of Foreign Affairs (MRE) consulates and the Ministry of Justice and Public Security (MJSP).
Canada - Digital Nomad & Residency: Via other route. Immigration, Refugees and Citizenship Canada (IRCC) — Immigration and Refugee Protection Act/Regulations; visitor (temporary resident) status under the 2023 Tech Talent Strategy 'digital nomad' provision, plus PR economic-immigration programs.
Cayman Islands - Digital Nomad & Residency: Dedicated visa. Immigration (Transition) Act (2022 Revision) and Immigration (Transition) (Global Citizen Exemption) Regulations (2023 Revision), administered by Workforce Opportunities & Residency Cayman (WORC)
China - Digital Nomad & Residency: No pathway. Exit and Entry Administration Law of the PRC and the Regulations on the Administration of the Entry and Exit of Foreigners (2025 Revision, State Council Order No. 814), administered by the National Immigration Administration and the Ministry of Foreign Affairs
Denmark - Digital Nomad & Residency: Via other route. Danish Aliens (Immigration) Act administered by SIRI (Danish Agency for International Recruitment and Integration) via nyidanmark.dk; EU free-movement rules for EU/EEA/Swiss citizens; no dedicated digital-nomad visa exists.
Egypt - Digital Nomad & Residency: Via other route. Egypt has no dedicated remote-work/digital-nomad visa. Entry and stay of foreigners are governed by Law No. 89 of 1960 on Entry and Residence of Foreigners (administered by the Ministry of Interior's Passports, Immigration & Nationality Administration), the e-Visa system run by the Ministry of Foreign Affairs, and investor-residency rules under Minister of Interior Decree No. 977 of 2023.
Finland - Digital Nomad & Residency: Via other route. Finnish Aliens Act administered by the Finnish Immigration Service (Migri); residence-permit categories for entrepreneurs and start-up entrepreneurs (Business Finland eligibility statement). No dedicated digital-nomad or remote-work visa exists.
France - Digital Nomad & Residency: Via other route. Code de l'entrée et du séjour des étrangers et du droit d'asile (CESEDA); long-stay visas/residence permits administered via France-Visas (Ministry of the Interior & Ministry for Europe and Foreign Affairs). No dedicated digital-nomad visa exists.
Germany - Digital Nomad & Residency: Via other route. Residence Act (Aufenthaltsgesetz, AufenthG) — Section 21 (self-employment/freelance residence permit) administered by local immigration offices (Ausländerbehörden) and BAMF; Section 20a (Opportunity Card) for skilled job-seekers. No dedicated digital-nomad visa exists.
Gibraltar - Digital Nomad & Residency: Via other route. Residence permits issued by the Civil Status and Registration Office / Department of Immigration & Home Affairs under Gibraltar immigration law; relocation by relatively wealthy individuals governed by the Category 2 and HEPSS tax-residence regimes under the Income Tax Act 2010. No bespoke remote-work visa exists.
Hong Kong - Digital Nomad & Residency: Via other route. Hong Kong Immigration Ordinance (Cap. 115) and the talent/capital admission schemes administered by the Immigration Department (immd.gov.hk) and InvestHK; there is no dedicated remote-work visa.
India - Digital Nomad & Residency: No pathway. India's visa regime under the Ministry of Home Affairs (MHA) / Bureau of Immigration (BOI); the Foreigners Act, 1946 and the e-Visa scheme administered via indianvisaonline.gov.in. No statute or scheme provides for remote-work, digital-nomad, freelance, or self-employment residence.
Indonesia - Digital Nomad & Residency: Dedicated visa. Directorate General of Immigration (Ditjen Imigrasi), Ministry of Law/Immigration; Minister Regulation (Permenkumham) No. 22 of 2023 on Visas and Stay Permits (as amended by No. 11 of 2024), administered via the official eVisa portal evisa.imigrasi.go.id
Ireland - Digital Nomad & Residency: Via other route. Immigration Act 2004 / Immigration Service Delivery (ISD) administrative immigration permissions; EU freedom-of-movement law for EEA/Swiss nationals
Israel - Digital Nomad & Residency: No pathway. Entry into Israel Law, 5712-1952 and its regulations, administered by the Population and Immigration Authority (PIBA) under the Ministry of Interior; visa categories A (immigrant/student/clergy) and B (B/1 work, B/2 visitor, B/4 volunteer, B/5 investor).
Italy - Digital Nomad & Residency: Dedicated visa. Dedicated digital nomad/remote worker visa under Art. 27-quater of Legislative Decree 286/1998 (introduced by Law 28/2022), implemented by the Ministry of the Interior decree of 29 February 2024 (published in the Gazzetta Ufficiale on 4 April 2024); competent authorities are Italian consulates (visa) and the Questura/police headquarters (residence permit).
Japan - Digital Nomad & Residency: Dedicated visa. Immigration Control and Refugee Recognition Act — status of residence "Designated Activities (Notification No. 53/54)", administered by the Immigration Services Agency (ISA) and Ministry of Foreign Affairs (MOFA)
Kenya - Digital Nomad & Residency: Dedicated visa. Class N (Digital Nomad) Work Permit under the Kenya Citizenship and Immigration (Amendment) Regulations, 2024, administered by the Directorate of Immigration Services (eFNS portal)
Liechtenstein - Digital Nomad & Residency: Via other route. Liechtenstein Foreigners Act / Persons of Free Movement Act, administered by the Migration and Passport Office (Ausländer- und Passamt); EEA mobility governed by Liechtenstein's special EEA quota arrangement (Annex VIII EEA Agreement / 1995 protocol)
Luxembourg - Digital Nomad & Residency: Via other route. Luxembourg Law of 29 August 2008 on free movement of persons and immigration (as amended); administered by the Immigration Directorate of the Ministry of Home Affairs. EU/EEA/Swiss nationals enjoy free movement; third-country nationals use category-specific residence permits via Guichet.lu. No dedicated digital-nomad visa exists.
Malaysia - Digital Nomad & Residency: Dedicated visa. DE Rantau Nomad Pass, administered by the Malaysia Digital Economy Corporation (MDEC) under Malaysia's Ministry of Digital; immigration passes governed by the Malaysian Immigration Department (Jabatan Imigresen Malaysia).
Mexico - Digital Nomad & Residency: Via other route. Ley de Migración (2011) and its Reglamento, administered by the Instituto Nacional de Migración (INM) and Mexican consulates under the Secretaría de Relaciones Exteriores (SRE). No dedicated digital-nomad statute exists; remote workers use the standard Temporary Resident Visa (Residente Temporal).
Netherlands - Digital Nomad & Residency: Via other route. Dutch Aliens Act 2000 (Vreemdelingenwet) administered by the Immigration and Naturalisation Service (IND), with economic assessment by the Netherlands Enterprise Agency (RVO); EU/EEA/Swiss nationals require no permit
New Zealand - Digital Nomad & Residency: Via other route. Immigration New Zealand (Immigration Act 2009 / Immigration Instructions) — visitor visa and NZeTA conditions, updated 27 January 2025
Nigeria - Digital Nomad & Residency: Via other route. Nigeria Visa Policy 2025 (NVP 2025) administered by the Nigeria Immigration Service (NIS) under the Immigration Act 2015; residence governed by CERPAC and the new Temporary/Permanent Residence Visa categories.
Norway - Digital Nomad & Residency: No pathway. Immigration Act (Utlendingsloven) and Immigration Regulations, administered by the Norwegian Directorate of Immigration (UDI). EU/EEA nationals fall under EEA free-movement rules.
Philippines - Digital Nomad & Residency: Dedicated visa. Executive Order No. 86, s. 2025 (signed 24 April 2025), establishing the Digital Nomad Visa (DNV); issued by the Department of Foreign Affairs (DFA) with support from the Bureau of Immigration, and complemented by long-standing residency routes administered by the Philippine Retirement Authority (SRRV) and Board of Investments (SIRV).
Poland - Digital Nomad & Residency: Via other route. Act of 12 December 2013 on Foreigners (Ustawa o cudzoziemcach), administered by the voivodeship offices (voivode) and the Office for Foreigners; applications via the MOS portal (mos.cudzoziemcy.gov.pl). No dedicated digital-nomad visa exists.
Portugal - Digital Nomad & Residency: Dedicated visa. Portuguese Immigration Act (Lei n.º 23/2007, as amended); residence/temporary-stay visas issued by consulates via the MNE portal (vistos.mne.gov.pt), residence permits administered by AIMA. Golden Visa (ARI) under Art. 90.º-A, amended by Lei n.º 56/2023 (Mais Habitação).
Qatar - Digital Nomad & Residency: Via other route. Qatar's sponsorship-based residency regime administered by the Ministry of Interior (Law No. 21 of 2015 on entry/exit/residency of expatriates), the Permanent Residency Law (Law No. 10 of 2018) and real-estate residency under Law No. 16 of 2018, plus the five-year 'Mustaqel' residence permit (administered by the government-owned Jusoor) for talented individuals and entrepreneurs.
Russia - Digital Nomad & Residency: Via other route. Federal Law No. 115-FZ 'On the Legal Status of Foreign Citizens', administered by the Ministry of Internal Affairs (MVD); supplemented by Presidential Decree No. 702 (19 Aug 2024) 'shared values' TRP, Government Decree No. 2573 (2022) golden visa, and the Highly Qualified Specialist (HQS) regime.
Saudi Arabia - Digital Nomad & Residency: Via other route. Tourist eVisa under the Saudi Tourism Authority (visitsaudi.com); Premium Residency Law (Royal Decree of 15 May 2019), administered by the Premium Residency Center
Singapore - Digital Nomad & Residency: Via other route. Singapore Ministry of Manpower (MOM) work-pass regime (Employment Pass, EntrePass, ONE Pass, Tech.Pass, Work Holiday Pass) plus the EDB-administered Global Investor Programme for residency-by-investment; there is no dedicated digital-nomad/remote-work visa.
South Africa - Digital Nomad & Residency: Dedicated visa. Immigration Act 13 of 2002 and the Immigration Regulations (Third Amendment, Government Gazette No. 51416, in force 9 October 2024), administered by the Department of Home Affairs (DHA). The Remote Work Visa sits within the visitor's-visa category under section 11 of the Act.
South Korea - Digital Nomad & Residency: Dedicated visa. F-1-D Workation (Digital Nomad) Visa — Ministry of Justice / Korea Immigration Service (immigration.go.kr), launched 1 January 2024; governed by the Immigration Act of the Republic of Korea
Spain - Digital Nomad & Residency: Dedicated visa. Ley 28/2022, de 21 de diciembre, de fomento del ecosistema de las empresas emergentes (Startup Law), amending Ley 14/2013; administered by Unidad de Grandes Empresas y Colectivos Estratégicos (UGE-CE), Ministry of Inclusion, Social Security and Migration
Sweden - Digital Nomad & Residency: Via other route. Swedish Aliens Act (Utlänningslagen 2005:716) administered by Migrationsverket (Swedish Migration Agency); EU free-movement rules apply to EU/EEA/Swiss nationals
Switzerland - Digital Nomad & Residency: Via other route. Federal Act on Foreign Nationals and Integration (AIG/FNIA, SR 142.20); Agreement on the Free Movement of Persons (AFMP) for EU/EFTA nationals; administered by the State Secretariat for Migration (SEM)
Taiwan - Digital Nomad & Residency: Dedicated visa. Act for the Recruitment and Employment of Foreign Professionals (外國專業人才延攬及僱用法), amended to add the Digital Nomad Visitor Visa category effective January 2025; further revised version in force January 1, 2026. Administered jointly by the National Development Council (NDC), Ministry of Foreign Affairs / Bureau of Consular Affairs (BOCA), and National Immigration Agency (NIA).
Thailand - Digital Nomad & Residency: Dedicated visa. Destination Thailand Visa (DTV) issued by Ministry of Foreign Affairs / Immigration Bureau; Long-Term Resident (LTR) Visa administered by Board of Investment (BOI); both updated 2024–2025
Turkey - Digital Nomad & Residency: Dedicated visa. Turkish Ministry of Culture and Tourism / GoTürkiye Digital Nomad Visa Programme (launched April 2024); Presidency of Migration Management (Law No. 6458 on Foreigners and International Protection) for short-term residence permits; Ministry of Environment and Urbanisation for citizenship-by-investment
UAE - Digital Nomad & Residency: Dedicated visa. UAE Virtual Working Programme (Remote Work Visa), administered federally by the Federal Authority for Identity, Citizenship, Customs & Port Security (ICP) and by Dubai's General Directorate of Residency and Foreigners Affairs (GDRFA); supplemented by the 10-year Golden Visa and 5-year Green Visa regimes under Cabinet Resolution No. 65 of 2020 and subsequent ministerial decisions
United Kingdom - Digital Nomad & Residency: Via other route. UK Immigration Rules (Appendix V: Visitor; Appendix Skilled Worker; Appendix Global Talent; Appendix Innovator Founder) administered by the Home Office / UK Visas and Immigration (UKVI)
United States - Digital Nomad & Residency: No pathway. Immigration and Nationality Act (INA), administered by USCIS and the Department of State; no remote-work/digital-nomad visa category exists
Vietnam - Digital Nomad & Residency: Via other route. Law No. 47/2014/QH13 on Entry, Exit, Transit and Residence of Foreigners in Vietnam (amended by Law No. 51/2019/QH14); Decree No. 221/2025/ND-CP on Limited-Term Visa Exemption for Socio-Economic Development Contributors (in force 15 Aug 2025 – 14 Aug 2028); administered by the Immigration Department, Ministry of Public Security
Albania - Digital Nomad & Residency: Dedicated visa. Law No. 79/2021 'On Aliens' (Ligji Nr. 79/2021 'Për të Huajt'), administered by the Albanian Migration Authority (Drejtoria e Përgjithshme e Policisë së Shtetit); procedures updated by Joint Instruction No. 196/2024 (in force 22 October 2024)
Algeria - Digital Nomad & Residency: No pathway. Algerian Ministry of Foreign Affairs visa regime (mfa.gov.dz); Ordinance on Foreigners' Movement and Stay (DGSN); Work permit system administered by the Ministry of Labour and AAPI (Agence Algérienne de Promotion de l'Investissement)
Andorra - Digital Nomad & Residency: Dedicated visa. Llei 42/2022 del 1 de desembre, de l'economia digital, l'emprenedoria i la innovació (Law on Digital Economy, Entrepreneurship and Innovation), implemented by Decret 212/2023 (10 May 2023, in force 17 June 2023); annual quota governed by Decret 124/2025 (2 April 2025); immigration base law Llei 9/2012 as amended
Angola - Digital Nomad & Residency: No pathway. Lei n.º 2/07 de 31 de agosto (Lei do Estrangeiro); Decreto Presidencial n.º 52/22 de 17 de fevereiro de 2022 (Regime de Teletrabalho); administered by Serviço de Migração e Estrangeiros (SME) under the Ministry of the Interior
Armenia - Digital Nomad & Residency: Via other route. Law on the Legal Status of Foreign Citizens in the Republic of Armenia (1994, as amended); Temporary and Permanent Residence administered by the Ministry of Internal Affairs Migration and Passport Department via migration.e-gov.am; IE registration via Agency for State Register of Legal Entities, Ministry of Justice (e-register.am)
Azerbaijan - Digital Nomad & Residency: Via other route. Law of the Republic of Azerbaijan on the Legal Status of Foreigners and Stateless Persons; State Migration Service (migration.gov.az); ASAN eVisa system (evisa.gov.az); Action Plan for Accelerating Digital Development 2026–2028 (Presidential Decree, February 2026)
Bahamas - Digital Nomad & Residency: Via other route. Immigration Act (Chapter 191), administered by the Bahamas Department of Immigration; Economic Permanent Residence program under the Bahamas Investment Authority
Bangladesh - Digital Nomad & Residency: No pathway. Immigration Act 1952 (as amended); Foreigners Act 1946; Bangladesh Investment Development Authority (BIDA) Act 2016; Department of Immigration & Passports, Ministry of Home Affairs — governing all foreign-national visa and work-permit issuance
Belarus - Digital Nomad & Residency: Via other route. Law of the Republic of Belarus on the Legal Status of Foreign Citizens and Stateless Persons; Presidential Decree No. 8 of 2017 (High-Tech Park 2.0 regime); Law on External Labour Migration
Bolivia - Digital Nomad & Residency: Via other route. Ley de Migración No. 370 (8 May 2013) and implementing Decreto Supremo No. 1923 (13 March 2014), administered by the Dirección General de Migración under the Ministry of Government
Botswana - Digital Nomad & Residency: Via other route. Immigration Act No. 3 of 2011, administered by the Ministry of Nationality, Immigration and Gender Affairs (MNIGA); work authorisation governed by the Ministry of Employment, Labour Productivity and Skills Development
Brunei - Digital Nomad & Residency: No pathway. Immigration Act (Cap. 17), administered by the Department of Immigration and National Registration (JIPK) under the Ministry of Home Affairs, Brunei Darussalam
Bulgaria - Digital Nomad & Residency: Dedicated visa. Article 24p, Foreigners in the Republic of Bulgaria Act (national assembly amendment adopted 18 June 2025); implementing Council of Ministers regulations in force 11 December 2025; administered by the Migration Directorate (Ministry of Interior) and consular network (Ministry of Foreign Affairs)
Cambodia - Digital Nomad & Residency: Via other route. Cambodia Immigration Law (Kram NS/RKM/0894/03, 26 August 1994); Sub-Decree on Procedure to Allow Non-Immigrant Foreigners to Enter, Leave, and Reside in the Kingdom of Cambodia (2016); work permits governed by Ministry of Labour and Vocational Training (MLVT) via Foreign Workers Centralized Management System (FWCMS)
Cameroon - Digital Nomad & Residency: Via other route. Decree No. 2007/255 of 4 September 2007 on conditions of entry, stay, and exit of foreigners in Cameroon; administered by the General Delegation for National Security (DGSN) under the Ministry of External Relations; visa applications processed via the official eVisa portal evisacam.cm
Chile - Digital Nomad & Residency: Via other route. Ley 21.325 de Migración y Extranjería (2021), administered by the Servicio Nacional de Migraciones (SERMIG); implementing Decree 177/2022
Colombia - Digital Nomad & Residency: Dedicated visa. Resolución 5477 de 2022 (Ministerio de Relaciones Exteriores / Cancillería), Artículo 46 — Visa V Nómadas Digitales; supplemented by Resolución 5488 de 2022
Costa Rica - Digital Nomad & Residency: Dedicated visa. Law 10008 — 'Ley para atraer trabajadores y prestadores remotos de servicios de carácter internacional' (enacted 2021, regulated July 2022), administered by the Dirección General de Migración y Extranjería (DGME); supplemented by Law 9996 for longer-term investor/rentista/pensionado residency
Côte d'Ivoire - Digital Nomad & Residency: Via other route. Law No. 2002-03 of 3 January 2002 on identification and stay of foreigners; Law No. 90-437 of 29 May 1990 on entry and residence of foreigners; Code du Travail (Labour Code); visas administered by SNEDAI; biometric resident cards issued by ONECI under the Ministry of Interior
Croatia - Digital Nomad & Residency: Dedicated visa. Croatian Law on Foreigners (Zakon o strancima), Part IV – Temporary Stay of Digital Nomads; administered by the Ministry of Interior (Ministarstvo unutarnjih poslova – MUP); official portal: digitalnomadscroatia.mup.hr
Cuba - Digital Nomad & Residency: Via other route. Cuba's immigration system is governed by DIMEC (Dirección de Identificación, Migración, Extranjería y Ciudadanía) under the Ministry of Interior (MININT). The legislative framework is being overhauled by Laws 171 (Migration), 172 (Citizenship), and 173 (Foreigners), approved by the National Assembly on 19 July 2024, published in Official Gazette No. 39 of 5 May 2026, and entering into force approximately November 2026.
Cyprus - Digital Nomad & Residency: Dedicated visa. Cyprus Digital Nomad Visa Scheme — administered by the Deputy Ministry of Migration and International Protection (Migration Department), under the Aliens and Immigration Law (Cap. 105, as amended). EU/EEA nationals rely on EU freedom of movement. Residency-by-investment governed by Regulation 6(2) of the Aliens and Immigration Regulations.
Czechia - Digital Nomad & Residency: Dedicated visa. Government Resolution No. 475 of 28 June 2023 (Digital Nomad Program); Act No. 326/1999 Coll. on the Residence of Foreign Nationals; implemented by Ministry of Industry and Trade (MPO) / CzechInvest agency
Dominican Republic - Digital Nomad & Residency: Via other route. Immigration Law No. 285-04 and Immigration Regulation No. 631-11 (administered by Dirección General de Migración), supplemented by Law 171-07 on Special Incentives for Foreign Retirees and Passive Investors
Ecuador - Digital Nomad & Residency: Dedicated visa. Ley Orgánica de Movilidad Humana (2017); Acuerdo Ministerial No. 0000070 (June 2024), issued by the Ministerio de Relaciones Exteriores y Movilidad Humana (Cancillería del Ecuador)
El Salvador - Digital Nomad & Residency: Dedicated visa. Ley Especial de Migración y Extranjería (LEME), administered by the Dirección General de Migración y Extranjería (DGME); substantively reformed by Decreto Legislativo No. 531 (published Diario Oficial No. 57, Tomo 450, 23 March 2024, in force 31 March 2024)
Estonia - Digital Nomad & Residency: Dedicated visa. Aliens Act (Välismaalaste seadus), amended August 2020 to introduce the teleworking-purpose visa — administered by the Police and Border Guard Board (Politsei- ja Piirivalveamet) and the Ministry of Foreign Affairs (Välisministeerium)
Ethiopia - Digital Nomad & Residency: Via other route. Immigration Proclamation No. 354/2003 (as amended); Council of Ministers Regulation No. 432/2018; administered by the Immigration, Nationality and Vital Events Agency (INVEA) and Ministry of Labour and Social Affairs (MoLSA)
Fiji - Digital Nomad & Residency: Via other route. Immigration Act 2003 (Fiji), administered by the Ministry of Immigration — immigration.gov.fj
Georgia - Digital Nomad & Residency: Dedicated visa. Law of Georgia on Labour Migration; Law of Georgia on the Legal Status of Foreigners and Stateless Persons; June 26 2025 parliamentary amendments introducing mandatory work permits (effective March 1 2026, transition until January 1 2027); administered by the Ministry of Internally Displaced Persons, Labour, Health and Social Affairs
Ghana - Digital Nomad & Residency: Via other route. Ghana Immigration Act, 2000 (Act 573) and Ghana Citizenship Act, 2000 (Act 591), administered by the Ghana Immigration Service (GIS); Ghana Investment Promotion Centre Act, 2013 (Act 865) for investor pathways
Greece - Digital Nomad & Residency: Dedicated visa. Law 4825/2021 (amendment to Greek Immigration Code, Article 18B) — administered by the Hellenic Republic Ministry of Foreign Affairs (visa issuance) and Ministry of Migration and Asylum (residence permit); official portal: workfromgreece.gr
Guatemala - Digital Nomad & Residency: Dedicated visa. Código de Migración (Decreto 44-2016, Congress of Guatemala), implemented via Acuerdo IGM-016-2025 (Reglamento de Residencias Guatemaltecas) and Acuerdo IGM-017-2025, administered by the Instituto Guatemalteco de Migración (IGM)
Honduras - Digital Nomad & Residency: Via other route. Ley de Migración y Extranjería (Migration and Aliens Law), administered by the Instituto Nacional de Migración (INM) under the Secretaría de Gobernación, Justicia y Descentralización; supplemented by Ministerial Agreement No. 374-2025 (in force 29 July 2025)
Hungary - Digital Nomad & Residency: Dedicated visa. Act XC of 2023 on the Entry and Residence of Third-Country Nationals; White Card administered by the National Directorate-General for Aliens Policing (NDGAP) / Office of Immigration and Nationality (OIF); amended by Decree 88/2025 (effective July 15, 2025)
Iceland - Digital Nomad & Residency: Dedicated visa. Directorate of Immigration (Útlendingastofnun) under the Aliens Act (Lög um útlendinga); the dedicated instrument is the Long-Term Visa for Remote Workers administered via island.is and work.iceland.is
Iran - Digital Nomad & Residency: No pathway. Foreigners Entry and Exit Law (1931, as amended); Iranian Labor Law (1990), Article 121; Iran Ministry of Foreign Affairs eVisaTraveller portal (evisatraveller.mfa.ir); work permits issued by Ministry of Cooperatives, Labour and Social Welfare
Iraq - Digital Nomad & Residency: No pathway. Foreigners Residence Law No. 118 of 1978 (federal Iraq); Kurdistan Region of Iraq investor visa regime administered by Kurdistan Region Ministry of Interior and Kurdistan Region Board of Investment (2025)
Jamaica - Digital Nomad & Residency: Via other route. Aliens Act and Immigration Restriction (Commonwealth Citizens) Act, administered by the Passport, Immigration and Citizenship Agency (PICA) and Ministry of Labour and Social Security (MLSS)
Jordan - Digital Nomad & Residency: Via other route. Foreigners Residence and Affairs Law No. 24 of 1973 (as amended), administered by the Ministry of Interior / Public Security Directorate; Labour Law No. 8 of 1996 governs work permits through the Ministry of Labour
Kazakhstan - Digital Nomad & Residency: Dedicated visa. Kazakhstan Ministry of Foreign Affairs / Ministry of Digital Development — amended Visa Classification under the Law on Migration of Population; programs administered via egov.kz and Astana Hub portal (2025)
Kuwait - Digital Nomad & Residency: Via other route. Aliens' Residency Law No. 17 of 1959, as substantially reformed by Ministerial Resolution No. 2249 of 2025 (in force 23 December 2025), supplemented by kafala (employer-sponsorship) rules administered by the Ministry of Interior
Laos - Digital Nomad & Residency: Via other route. Lao PDR Immigration Law, administered by the Department of Immigration (Ministry of Public Security); Investment Promotion Law No. 62/NA (2024) for investor residency
Latvia - Digital Nomad & Residency: Dedicated visa. Latvia Immigration Law (Imigrācijas likums) as amended 29 June 2022; Cabinet of Ministers Regulation on remote-work visas; administered by the Office of Citizenship and Migration Affairs (OCMA/PMLP) and Ministry of Foreign Affairs
Lebanon - Digital Nomad & Residency: Via other route. General Directorate of General Security (immigration authority under Decree-Law No. 10188/1962 and amendments); Ministry of Labor (work permit authority). Residency issuance governed by General Security; work authorisations governed by the Labour Code.
Lithuania - Digital Nomad & Residency: Via other route. Law on the Legal Status of Aliens (Įstatymas dėl užsieniečių teisinės padėties), as amended effective 1 July 2024; administered by the Migration Department (Migracijos departamentas, migracija.lt). EU freedom-of-movement rules apply for EU/EEA/Swiss nationals.
Malta - Digital Nomad & Residency: Dedicated visa. Malta Nomad Residence Permit (administered by Residency Malta Agency under the Immigration Act, Cap. 217); supplemented by Malta Permanent Residence Programme (MPRP, S.L. 217.26) and Global Residence Programme (GRP, administered by the Malta Commissioner for Revenue)
Mauritius - Digital Nomad & Residency: Dedicated visa. Mauritius Premium Visa (Economic Development Board Act / Immigration Act), administered by the Economic Development Board (EDB) and the Passport and Immigration Office (Ministry of Foreign Affairs, Regional Integration and International Trade)
Moldova - Digital Nomad & Residency: Dedicated visa. Foreigners' Regime Law (Law No. 200/2010, as amended), with dedicated digital nomad residence permit provisions in force from 20 September 2025; administered by the General Inspectorate for Migration (IGM), Ministry of Internal Affairs
Monaco - Digital Nomad & Residency: Via other route. Ordonnance Souveraine n° 3.153 (1964, as amended) governing residence permits; administered by the Direction de la Sûreté Publique (DSP); official portal: monservicepublic.gouv.mc
Mongolia - Digital Nomad & Residency: Via other route. Law of Mongolia on the Legal Status of Foreign Nationals (as amended; administered by the Immigration Agency of Mongolia — immigration.gov.mn); annual work-permit quotas set by Government Resolution
Morocco - Digital Nomad & Residency: Via other route. Law No. 02-03 (Dahir No. 1-03-196 of 16 Ramadan 1424 / 11 November 2003) on the entry and residence of foreigners in Morocco, supplemented by Implementing Decree No. 2-09-607 of 1 April 2010; administered by the General Directorate of National Security (DGSN)
Mozambique - Digital Nomad & Residency: Via other route. Mozambique Foreign Labour Law (Lei do Trabalho), administered by the National Migration Service (SENAMI — Serviço Nacional de Migração) and the Ministry of Labour (MITESS); residence formalised through the DIRE (Documento de Identificação e Residência para Estrangeiros)
Myanmar - Digital Nomad & Residency: No pathway. Myanmar Immigration and Population Act, administered by the Ministry of Immigration and Population (MOIP) under the State Administration Council (military junta, in power since February 2021 coup); eVisa system operated at evisa.moip.gov.mm
Namibia - Digital Nomad & Residency: Dedicated visa. Namibia Digital Nomad Visa, jointly administered by the Namibia Investment Promotion and Development Board (NIPDB) and the Ministry of Home Affairs, Immigration, Safety and Security (MHAISS) under the Immigration Control Act (No. 7 of 1993) and its regulations.
Nepal - Digital Nomad & Residency: Dedicated visa. Economic Reform Implementing Work Plan 2025 (Office of the Prime Minister and Council of Ministers); Department of Immigration Act; Visa Law of Nepal; immigration.gov.np regulations
North Macedonia - Digital Nomad & Residency: Via other route. Law on Movement and Residence of Foreigners; Law on Employment and Work of Foreigners (as amended September 2025); administered by the Ministry of Internal Affairs (MVR) and Employment Service Agency (AV)
Oman - Digital Nomad & Residency: Via other route. Foreigners' Residence and Affairs Law (Royal Oman Police); Labour Law Royal Decree No. 53/2021 (Ministry of Labour); Golden Residency Programme (Royal Decree, launched 31 August 2025, administered via omanresidence.gov.om / Invest Oman)
Pakistan - Digital Nomad & Residency: Via other route. Foreigners Act 1946, administered through the Directorate General of Immigration & Passports (DGIP) and the Pakistan Online Visa System (NADRA); work permits governed by the Board of Investment under the Investment Policy framework
Panama - Digital Nomad & Residency: Dedicated visa. Executive Decree No. 198 of May 7, 2021 (Servicio Nacional de Migración — SNM); supplemented by the Friendly Nations Visa and Qualified Investor Visa residency programs
Papua New Guinea - Digital Nomad & Residency: No pathway. Migration Act 1978 (Papua New Guinea), administered by the Immigration and Citizenship Authority (ICA) under the Department of Foreign Affairs & Immigration
Paraguay - Digital Nomad & Residency: Via other route. Ley N° 6984/2022 de Migraciones, administered by the Dirección General de Migraciones (DGM)
Peru - Digital Nomad & Residency: Unclear. Decreto Legislativo N° 1582 (14 Nov 2023), amending Decreto Legislativo N° 1350 (Ley de Migraciones, 2017); administered by Superintendencia Nacional de Migraciones (Migraciones)
Romania - Digital Nomad & Residency: Dedicated visa. Law 22/2022 amending Government Emergency Ordinance no. 194/2002 on the regime of foreigners in Romania; administered by the Ministry of Foreign Affairs (MAE) and the General Inspectorate for Immigration (IGI/MAI)
Rwanda - Digital Nomad & Residency: Via other route. Law N°57/2018 of 13/08/2018 on Immigration and Emigration in Rwanda; administered by the Directorate General of Immigration and Emigration (DGIE) under the Ministry of Internal Affairs
San Marino - Digital Nomad & Residency: Via other route. Republic of San Marino Law on Stay Permits, Residence and Citizenship (administered by the Secretariat of State for Foreign and Political Affairs); Atypical Residency (Residenza Atipica) regime with 7% facilitated tax on foreign income
Senegal - Digital Nomad & Residency: Via other route. Law No. 71-10 of 25 January 1971 on conditions of entry and stay of foreigners; Senegal Labour Code (Code du Travail); administered by the Direction de la Police des Étrangers et des Titres de Voyage (DPETV) under the Ministry of Interior
Serbia - Digital Nomad & Residency: Via other route. Law on Foreigners (Official Gazette RS No. 24/2018, amended August 2023, operational February 2024); Law on Employment of Foreigners; Law on Personal Income Tax (freelancer amendments in force January 2023); administered by Ministry of Interior (Foreigners' Department) and Tax Administration of Serbia
Slovakia - Digital Nomad & Residency: Via other route. Act No. 404/2011 Coll. on the Residence of Foreigners (as amended, major changes in force from 1 July 2025), administered by the Foreign Police (Cudzinecká polícia) under the Ministry of Interior, with Slovak diplomatic missions processing initial applications under annual quotas set by government regulation.
Slovenia - Digital Nomad & Residency: Dedicated visa. Zakon o tujcih (Foreigners Act) ZTuj-2I, as amended by ZTuj-2I (Amendment I) adopted 25 April 2025, in force 21 November 2025; administered by the Ministry of the Interior of the Republic of Slovenia
Sri Lanka - Digital Nomad & Residency: Dedicated visa. Department of Immigration and Emigration (Sri Lanka) — Digital Nomad Visa Category, launched February 2026 under the Immigration and Emigration Act; Ministry of Digital Economy coordination; Golden Paradise Residence Visa for investors administered by the same department
Tanzania - Digital Nomad & Residency: Via other route. Immigration Act (Cap. 54), administered by the Tanzania Immigration Department (immigration.go.tz) and work permits via the Prime Minister's Office e-permit portal (epermit.kazi.go.tz)
Trinidad and Tobago - Digital Nomad & Residency: Via other route. Immigration Act Chapter 18:01, administered by the Immigration Division, Ministry of Homeland Security (nationalsecurity.gov.tt)
Tunisia - Digital Nomad & Residency: Via other route. Loi n°68-7 du 8 mars 1968 fixant la condition des étrangers en Tunisie (Law on the Condition of Foreigners in Tunisia), administered by the Ministry of Interior; work authorisations governed by the Labour Code and Ministry of Employment regulations
Uganda - Digital Nomad & Residency: Via other route. Uganda Citizenship and Immigration Control Act (Cap. 66), administered by the Directorate of Citizenship and Immigration Control (DCIC) under the Ministry of Internal Affairs
Ukraine - Digital Nomad & Residency: Via other route. Law of Ukraine 'On the Legal Status of Foreigners and Stateless Persons'; State Migration Service of Ukraine (DMSU) administers temporary and permanent residence permits; State Employment Service of Ukraine issues work permits
Uruguay - Digital Nomad & Residency: Dedicated visa. Decreto 238/022; Ley de Migración No. 19.254 (2014); administered by Dirección Nacional de Migración, Ministerio del Interior
Uzbekistan - Digital Nomad & Residency: Via other route. Presidential Decree on IT Park / Technopark (outsource.gov.uz) for the IT Visa; Cabinet of Ministers resolution for the 'Uzbekistan – My Second Home' long-stay visa; Ministry of Foreign Affairs (mfa.uz / e-visa.gov.uz) for standard visa categories
Venezuela - Digital Nomad & Residency: Via other route. Ley de Extranjería y Migración (Official Gazette No. 37,944, 1 July 2004), administered by SAIME (Servicio Administrativo de Identificación, Migración y Extranjería) under the Ministry of Interior, Justice and Peace
Zambia - Digital Nomad & Residency: Via other route. Immigration and Deportation Act (Cap. 123 of the Laws of Zambia), administered by the Zambia Department of Immigration under the Ministry of Home Affairs and Internal Security
Zimbabwe - Digital Nomad & Residency: No pathway. Immigration Act [Chapter 4:02], administered by the Department of Immigration Zimbabwe; investment route facilitated via Zimbabwe Investment Development Agency (ZIDA)
Afghanistan - Digital Nomad & Residency: No pathway. Islamic Emirate of Afghanistan — Ministry of Foreign Affairs visa regime; Economic Commission residency-by-investment proposal (February 2026, unenacted)
Barbados - Digital Nomad & Residency: Dedicated visa. Barbados Welcome Stamp Programme, administered by the Ministry of Foreign Affairs and Foreign Trade; complemented by the Special Entry and Residence Permit (SERP) under the Immigration Act (Cap. 190)
Belize - Digital Nomad & Residency: Dedicated visa. Belize Tourism Board 'Work Where You Vacation' digital-nomad program (administered with the Belize Immigration Department); complemented by the Qualified Retired Persons (QRP) Incentive Programme under the Retired Persons (Incentives) Act and standard permanent-residence rules under the Immigration Act.
Benin - Digital Nomad & Residency: Via other route. Law No. 2025-15 of 2 July 2025 on the entry, stay, residence and departure of foreigners in Benin; administered by the Direction de l'Émigration et de l'Immigration (DEI) under the Ministry of Interior
Bhutan - Digital Nomad & Residency: Dedicated visa. Gelephu Mindfulness City Authority (GMCA) Digital Nomad Residence Programme, operated in partnership with NomadClub; national immigration governed by Department of Immigration, Ministry of Home Affairs (doi.gov.bt)
Bosnia & Herzegovina - Digital Nomad & Residency: Via other route. Law on Foreigners of Bosnia and Herzegovina (2015, as amended); Rulebook on Entry and Stay of Aliens; administered by the Service for Foreigners' Affairs (SPS) under the Ministry of Security
British Virgin Islands - Digital Nomad & Residency: Dedicated visa. Immigration and Passport Act (Cap. 130); Work In Paradise Programme administered by the BVI Department of Immigration
Burkina Faso - Digital Nomad & Residency: Via other route. Entry, stay and exit of foreigners governed by national immigration law (amended by parliament February 2024); administered by the Direction Générale de la Police Nationale (DGPN) and Ministry of Public Service, Labour and Social Security; e-visa portal at visaburkina.bf
Burundi - Digital Nomad & Residency: No pathway. Law No. 1/25 of 5 November 2021 on the Regulation of Migration in Burundi, administered by the Commissariat Général des Migrations (CGM) under the National Police of Burundi
Central African Republic - Digital Nomad & Residency: No pathway. Central African Republic Labour Code and immigration regulations administered by the Ministry of Public Security and Immigration/Emigration; Ministry of Foreign Affairs oversight of work-related entry (reinforced by February 2024 policy directive)
Chad - Digital Nomad & Residency: No pathway. Chadian Labour Code (Code du Travail) and National Office for Employment Promotion (ONAPE) employer-sponsorship regime; Ministry of Interior for residence permits
Congo - Digital Nomad & Residency: Via other route. Republic of the Congo (Brazzaville) general immigration law administered by the Direction Générale de Surveillance du Territoire / immigration services and Ministry of Interior; no domain-specific remote-work statute.
Djibouti - Digital Nomad & Residency: No pathway. Djiboutian Labour Code (Code du Travail); immigration administered by the National Immigration Authority and Djibouti Ports & Free Zones Authority (DPFZA) for free-zone entities
DR Congo - Digital Nomad & Residency: No pathway. Direction Générale de Migration (DGM), established by Decree-Law No. 002/2003 under the Ministry of the Interior, Security, Decentralization and Customary Affairs; governs all immigration, visa issuance, and foreigner settlement in the DRC
Equatorial Guinea - Digital Nomad & Residency: Via other route. Decree 49/2019 (four visa categories); Ministerial Order 1/2018 of the Ministry of Labour, Employment Promotion and Social Security (work permit issuance, renewal, cancellation); administered jointly by the Ministry of National Security and the Ministry of Labour, Employment Promotion and Social Security
Eritrea - Digital Nomad & Residency: No pathway. Eritrean immigration administered by Eritrean diplomatic missions (embassies/consulates) under government authority; visa categories include tourist, business, and work (employer-sponsored); no dedicated remote-work or long-stay self-employment category exists. Nationality governed by the Eritrean Nationality Proclamation.
eSwatini - Digital Nomad & Residency: No pathway. Immigration Act No. 17 of 1982 (as amended) and Immigration Regulations, 1987, administered by the Department of Immigration under the Ministry of Home Affairs
Gabon - Digital Nomad & Residency: No pathway. Direction Générale de la Documentation et de l'Immigration (DGDI) — governs all visa issuance, work permits, and Carte de Séjour (residence permits) under Gabon's dual-authorization system requiring Ministry of Labour and DGDI approvals
Gambia - Digital Nomad & Residency: Via other route. Gambia Immigration Act, administered by the Department of Immigration (Gambia Immigration Department, gid.gov.gm) under the Ministry of Interior
Greenland - Digital Nomad & Residency: No pathway. Greenland Residence and Work Permit system, administered by SIRI (Danish Agency for International Recruitment and Integration) with approval from Naalakkersuisut (Government of Greenland); governed separately from Denmark, the EU, and the Schengen Area
Guinea - Digital Nomad & Residency: Via other route. Law N°L/9194/019/CTRN of 1994 and implementing Decree N° D/94/059 of 1994 (the 'Immigration Law'), administered by Guinea's Ministry of Territorial Administration and Decentralisation
Guinea-Bissau - Digital Nomad & Residency: No pathway. Decree Law No. 1/92 (entry and residence conditions for foreigners); ECOWAS Protocol A/P.1/5/79 on Free Movement of Persons, Residence and Establishment (for regional citizens); General Directorate of Migration and Borders (Direcção Geral de Migração e Fronteiras) as the competent authority
Guyana - Digital Nomad & Residency: Via other route. Immigration Act (Cap. 14:02), administered by the Immigration Support Services (ISS), Ministry of Home Affairs
Haiti - Digital Nomad & Residency: Via other route. Direction de l'Immigration et de l'Émigration (DIE) under Haiti's general immigration regulations; no dedicated digital-nomad or remote-work visa category exists
Isle of Man - Digital Nomad & Residency: Via other route. Isle of Man Immigration Act 1971 (as applied and extended), Work Permits Act 1975, administered by the Isle of Man Cabinet Office (Immigration) and Department for Enterprise; separate from UK immigration law
Jersey - Digital Nomad & Residency: Via other route. Control of Housing and Work (Jersey) Law 2012; Jersey Immigration Rules (last updated 14 February 2025); High Value Residency scheme administered by the Chief Minister's Department
Kyrgyzstan - Digital Nomad & Residency: Dedicated visa. Cabinet of Ministers Resolution No. 241 (April 30, 2025), establishing a permanent Digital Nomad status procedure, administered by the Ministry of Labor, Social Security and Migration via the e-gov.kg portal
Lesotho - Digital Nomad & Residency: Via other route. Immigration Act (administered by the Department of Immigration and Passport Services, Ministry of Home Affairs) — no remote-work-specific visa exists; relocation runs through general work, residence, business and self-employed permits.
Liberia - Digital Nomad & Residency: Via other route. Liberia Immigration Service (LIS) under the Aliens and Nationality Law of Liberia; Ministry of Labour Employment Permit Regulation No. 17
Libya - Digital Nomad & Residency: No pathway. Law No. 6 of 1987 on Organising the Entry, Residence and Exit of Foreigners in Libya (as amended by Law No. 2 of 2004), administered by the Libyan Passport, Immigration and Foreigners Affairs Authority (lpa.gov.ly)
Madagascar - Digital Nomad & Residency: Via other route. Madagascar's immigration framework is administered by the Ministry of Interior (Immigration and Emigration Service), with EDBM (Economic Development Board of Madagascar) operating as a one-stop shop to coordinate long-stay visa and residence card applications for foreign nationals.
Malawi - Digital Nomad & Residency: Via other route. Immigration Act of Malawi, administered by the Department of Immigration and Citizenship Services (immigration.gov.mw); e-Permit portal (epermit.gov.mw) for permit applications; e-Visa portal (evisa.gov.mw) for visa applications
Maldives - Digital Nomad & Residency: Via other route. Maldives Department of Immigration and Emigration; tourist visa on-arrival under the Maldives Immigration Act; work permits administered by the Ministry of Economic Development and Trade
Mali - Digital Nomad & Residency: Via other route. Loi No. 04-058/AN-RM du 25 novembre 2004 relative aux conditions d'entrée, de séjour et d'établissement des étrangers au Mali; Décret No. 05-322/P-RM du 19 juillet 2005 (implementing decree); administered by the Direction de la Police et des Frontières
Mauritania - Digital Nomad & Residency: No pathway. Mauritanian immigration law administered by the National Agency for the Population Register and Secure Titles (ANRPTS) and the Directorate General of National Security (DGSN); e-Visa system operational since January 2025 via anrpts.gov.mr
Montenegro - Digital Nomad & Residency: Dedicated visa. Law on Foreigners (Official Gazette of Montenegro nos. 12/18, 3/19, 86/22, introducing the digital-nomad category in Aug 2022) plus the Ministry of Interior 'Rulebook on detailed conditions and method of issuing a residence permit for digital nomads' (Nov 2022) and the Government's 'Programme for Attracting Digital Nomads in Montenegro'. Administered by the Ministry of Interior; official portal digitalnomads.gov.me.
New Caledonia - Digital Nomad & Residency: Via other route. French immigration law (CESEDA) as applied in New Caledonia, administered by the Haut-commissariat de la République en Nouvelle-Calédonie for residence permits and by the New Caledonian government's Direction du travail et de l'emploi (DTENC) for work authorizations. New Caledonia is a French sui generis collectivity and is outside the Schengen area.
Nicaragua - Digital Nomad & Residency: Via other route. Ley No. 761 (Ley General de Migración y Extranjería) administered by the Dirección General de Migración y Extranjería (DGME); residency-by-income via Ley No. 694 (Ley de Promoción de Ingreso de Residentes Pensionados y Residentes Rentistas).
Niger - Digital Nomad & Residency: Via other route. Niger's general immigration regime administered by the immigration authority (SENAMI / Direction de la Surveillance du Territoire et des Migrations) and Ministry of Foreign Affairs; work authorization via the Ministry of Labour. No remote-work-specific statute exists.
North Korea - Digital Nomad & Residency: No pathway. DPRK State General Bureau of Tourist Guidance / Korea International Travel Company (KITC) control all foreign entry; immigration is administered by the state with no published civilian residency or remote-work regime. The U.S. imposes a passport travel ban (22 CFR via Secretary of State validation).
Palestine - Digital Nomad & Residency: No pathway. No Palestinian Authority visa regime; foreigner entry/residence to the West Bank is governed by the Israeli military's COGAT 'Procedure for Entry and Residence of Foreigners in the Judea and Samaria Area' (in force as a pilot from 2022). Gaza access is separately controlled by Israel/Egypt.
Puerto Rico - Digital Nomad & Residency: Via other route. U.S. federal immigration law (Immigration and Nationality Act; administered by USCIS/CBP/DOS) governs entry and residency — Puerto Rico has no immigration power of its own. Local relocation incentives are set by Puerto Rico's Incentives Code (Act 60-2019), administered by the Department of Economic Development and Commerce (DDEC).
Seychelles - Digital Nomad & Residency: Dedicated visa. Workcation Retreat Programme (Visitor Workcation Permit), administered by the Department of Immigration via the Seychelles Electronic Border System; broader stays governed by the Immigration Decree / Immigration & Civil Status (ICS) permits.
Sierra Leone - Digital Nomad & Residency: Via other route. Immigration Act and Work Permit Act 2023, administered by the Sierra Leone Immigration Department (residence/visas) and the Work Permit Bureau at the Ministry of Labour and Social Security (work permits). No remote-work or digital-nomad-specific statute exists.
Solomon Islands - Digital Nomad & Residency: Via other route. Immigration Act 2012 and Immigration Regulations, administered by the Solomon Islands Immigration Division (Ministry of Commerce, Industry, Labour and Immigration)
Somalia - Digital Nomad & Residency: No pathway. Immigration and Citizenship Agency (ICA Somalia) under the Federal Government of Somalia; visas, work permits and residence permits administered via the ICA e-Visa portal. No remote-work/digital-nomad regime exists.
South Sudan - Digital Nomad & Residency: No pathway. Passports and Immigration Act, 2011, administered by the Directorate of Nationality, Passports and Immigration (DNPI); visa issuance overseen by the Ministry of Foreign Affairs and International Cooperation (MOFAIC) via the e-Visa system
Sudan - Digital Nomad & Residency: No pathway. Sudan's Passports and Immigration Act and visa policy administered by the General Directorate of Passports and Immigration / Ministry of Interior; entry visas issued by Sudanese diplomatic missions and the e-visa system. No remote-work or nomad-specific regime exists.
Suriname - Digital Nomad & Residency: Via other route. Authorization for Temporary Stay ("MKV" – Machtiging Kort Verblijf) and residence permit (verblijfsvergunning) administered by the Ministry of Justice and Police (Department for Registration of Foreigners / Vreemdelingenpolitie), with work authorization granted separately by the Ministry of Labour. There is no dedicated digital-nomad or remote-work statute.
Syria - Digital Nomad & Residency: No pathway. Immigration and Passports Directorate (إدارة الهجرة والجوازات) under the Ministry of Interior governs entry visas and residence permits; work authorization is separately handled by the Ministry of Social Affairs and Labor. No remote-work or digital-nomad visa category exists in Syrian law.
Tajikistan - Digital Nomad & Residency: No pathway. Law on the Legal Status of Foreign Citizens and Stateless Persons; visa categories set by the Ministry of Foreign Affairs (MFA) and work permits issued by the Migration Service of the Ministry of Internal Affairs
Timor-Leste - Digital Nomad & Residency: Via other route. Migration and Asylum Law No. 11/2017, administered by the Serviço de Migração (Immigration Service of Timor-Leste); the 30-day visa-on-arrival is also widely used by short-term visitors.
Togo - Digital Nomad & Residency: Via other route. Togolese immigration law administered by the Direction Générale de la Documentation Nationale (DGDN); visas issued via the e-visa portal and at posts abroad, residence permits issued domestically. Work permits fall under the Ministry of Employment.
Turkmenistan - Digital Nomad & Residency: No pathway. Law of Turkmenistan 'On the Legal Status of Foreign Citizens' and the Law 'On Migration', administered by the State Migration Service of Turkmenistan (migration.gov.tm)
Vanuatu - Digital Nomad & Residency: Via other route. Immigration Act [CAP 66] / Vanuatu Department of Immigration and Passport Services — Residence Visa categories (incl. Self-Funded Resident) and Residence on Assured Income Permit
Yemen - Digital Nomad & Residency: No pathway. Yemeni Immigration, Passports and Nationality Authority under the Ministry of Interior; entry governed by Yemen's visa regime administered through diplomatic missions. No remote-work or digital-nomad statute exists.
Antigua and Barbuda - Digital Nomad & Residency: Via other route. Immigration Act (Antigua and Barbuda), administered by the Department of Immigration; Citizenship by Investment Act (2013, as amended), administered by the Citizenship by Investment Unit (cip.gov.ag)
Cape Verde - Digital Nomad & Residency: Dedicated visa. Remote Working Cape Verde Program (launched December 2020, operational 2021), administered by the Agência de Desenvolvimento do Turismo de Cabo Verde (ADTCV) and the Direção de Estrangeiros e Fronteiras (DEF); tax exemption regime under Law No. 76/VIII/2021 and Decree-Law No. 11/2022; Green Card residency-by-investment under Law No. 30/IX/2018
Comoros - Digital Nomad & Residency: Via other route. General Comorian immigration law administered by the Direction Générale de la Sûreté du Territoire / immigration authorities: visa-on-arrival (45 days), long-stay visas, and temporary/long-term residence permits. No remote-work-specific statute.
Dominica - Digital Nomad & Residency: Dedicated visa. Work in Nature (WIN) Extended Stay Visa programme, administered by the Government of Dominica (windominica.gov.dm); Citizenship by Investment programme administered by the Citizenship by Investment Unit (CBIU) under the Commonwealth of Dominica
Grenada - Digital Nomad & Residency: Dedicated visa. Remote Employment Act 2021 (Grenada Parliament); Citizenship by Investment Act No. 15 of 2013 (Investment Migration Agency, IMA)
Kiribati - Digital Nomad & Residency: Via other route. Kiribati Immigration Act 2019 and Immigration Procedure 2020, administered by the Immigration Division of the Ministry of Foreign Affairs & Immigration
Marshall Islands - Digital Nomad & Residency: Via other route. RMI Division of Immigration (Ministry of Justice, Immigration & Labor); Compact of Free Association (COFA), as renewed by the Compact of Free Association Amendments Act of 2024 (covering 2024–2044); RMI Non-Citizen Registration and Immigration Law
Micronesia - Digital Nomad & Residency: No pathway. FSM Immigration & Nationality Act (Title 51, FSM Code); Compact of Free Association (COFA) with the United States; FSM Immigration Regulations (revised 2022)
Nauru - Digital Nomad & Residency: Unclear. Immigration Act (Nauru), administered by the Immigration Division of the Department of Justice & Border Control; Immigration (Long Term Stay Visa) Regulations 2025 (Official Gazette No. 58-25)
Palau - Digital Nomad & Residency: Via other route. Republic of Palau Immigration Act (administered by Bureau of Customs and Border Protection, BCBP); Digital Residency Program Act (administered by Digital Residency Office, Ministry of Finance)
Saint Kitts and Nevis - Digital Nomad & Residency: Via other route. Immigration Act CAP. 6.02 (rev. 2020); Ministry of Foreign Affairs / Ministry of the Prime Minister administers residence permits; Citizenship by Investment Unit (CIU) governs the CBI Programme (established 1984, governed by Citizenship Act CAP. 1.05)
Saint Lucia - Digital Nomad & Residency: Dedicated visa. Saint Lucia Immigration Act (Cap. 3.13); 'Don't Just Visit, Live It' Programme administered jointly by the Immigration Department (Royal Saint Lucia Police Force) and the Saint Lucia Tourism Authority; Citizenship by Investment Unit under the Saint Lucia Citizenship by Investment Act No. 14 of 2015
Saint Vincent and the Grenadines - Digital Nomad & Residency: Via other route. Immigration Act (Cap. 91), administered by the Immigration Unit, Ministry of National Security, Air and Sea Port Development; work permits processed through the Office of the Prime Minister
Samoa - Digital Nomad & Residency: No pathway. Immigration Act 2020 (Samoa), administered by the Immigration Division, Ministry of the Prime Minister and Cabinet (MPMC)
Sao Tome and Principe - Digital Nomad & Residency: Via other route. Law No. 5/2008 on the Legal Status of Foreign Citizens in São Tomé and Príncipe, administered by the Serviço de Migração e Fronteiras (SMF)
Tonga - Digital Nomad & Residency: No pathway. Tonga Immigration Act; administered by the Immigration Division under the Ministry of Revenue and Customs (revenue.gov.to)
Tuvalu - Digital Nomad & Residency: Via other route. Immigration Act (CAP 24.15, originally 1968, 2022 Revised Edition) and Immigration Regulations 2014, administered by the Principal Immigration Officer; no dedicated remote-work or digital-nomad visa exists.
Argentina - Internet & Online Safety: Partial. No single online-safety/content-moderation statute. The regime is a patchwork: constitutional/statutory free-expression protection for internet (Law 26.032), Supreme Court intermediary-liability doctrine (Rodríguez v. Google, 2014), criminal-law provisions on grooming and child sexual content (Laws 26.388, 26.904, 27.590), and data protection under Law 25.326 enforced by the AAIP. Several comprehensive/age-verification bills are pending but not yet enacted.
Australia - Internet & Online Safety: Comprehensive law. Online Safety Act 2021 (Cth), administered by the eSafety Commissioner, as amended by the Online Safety Amendment (Social Media Minimum Age) Act 2024
Austria - Internet & Online Safety: Comprehensive law. EU Digital Services Act (Regulation 2022/2065) as the binding baseline, implemented nationally by Austria's Digital Services Coordinator Act (Koordinator-für-digitale-Dienste-Gesetz, KDD-G, BGBl. I 182/2023) with KommAustria/RTR as the national Digital Services Coordinator; the earlier national Communication Platforms Act (KoPl-G, 2021) is now largely overtaken by the DSA.
Bahrain - Internet & Online Safety: Heavy restriction. Press and Electronic Media Law No. 41 of 2025 (amending Decree-Law 47/2002) administered by the Ministry of Information; centralized website-blocking under the Telecommunications Regulatory Authority (TRA Decision 12/2016); plus the Penal Code and 2014 Cybercrime Law
Belgium - Internet & Online Safety: Comprehensive law. EU Digital Services Act (Regulation 2022/2065), implemented nationally by the Act of 21 April 2024 and a Federal–Community cooperation agreement of 3 May 2024, with BIPT as Digital Services Coordinator; complemented by the EU Terrorist Content Online (TCO) Regulation 2021/784 and GDPR.
Bermuda - Internet & Online Safety: Partial. No dedicated online-safety/content-moderation statute (no DSA/UK-OSA equivalent). Online content and safety are governed by a patchwork: the Electronic Communications Act 2011 (telecom-harassment/cyberbullying), provisions of the Criminal Code (online child protection), the Personal Information Protection Act 2016 (data privacy), and the Cybersecurity Act 2024 / Computer Misuse Act 2024 (cybercrime and critical-infrastructure protection). Telecoms/internet services are overseen by the Regulatory Authority of Bermuda.
Brazil - Internet & Online Safety: Comprehensive law. Marco Civil da Internet (Law 12.965/2014) as modified by the STF's June 2025 ruling on platform liability, plus the Digital ECA (Law 15.211/2025) for child online safety; data aspects governed by the LGPD (Law 13.709/2018) and enforced by the ANPD.
Canada - Internet & Online Safety: Partial. No comprehensive online-safety platform regime in force. Patchwork of Criminal Code provisions plus the 2011 Mandatory Reporting Act (CSAM), while a dedicated regime (the former Online Harms Act, Bill C-63) died in January 2025 and is being redrafted; multiple online-safety bills are now in progress in the 45th Parliament.
Cayman Islands - Internet & Online Safety: Partial. No dedicated online-safety/content-moderation statute. Online harms are addressed through general and sectoral laws: the Information and Communications Technology Act (s.90 misuse-of-network offence), the Computer Misuse Act, the Penal Code (harassment provisions), and the Data Protection Act, with OfReg/ICTA as the ICT-sector regulator.
China - Internet & Online Safety: Heavy restriction. Layered state-control regime led by the Cyberspace Administration of China (CAC), built on the Cybersecurity Law (2017, amended effective 1 Jan 2026), the Provisions on Governance of the Online Information Content Ecosystem (2020), real-name registration rules, and the technical 'Great Firewall' that blocks foreign platforms and restricts VPNs.
Denmark - Internet & Online Safety: Comprehensive law. EU Digital Services Act (Regulation (EU) 2022/2065), nationally enforced via the Danish Act on enforcement of the DSA (in force 17 Feb 2024); Digital Services Coordinator is the Agency for Digital Government (Digitaliseringsstyrelsen). GDPR and the EU AI Act apply alongside.
Egypt - Internet & Online Safety: Heavy restriction. Anti-Cyber and Information Technology Crimes Law No. 175 of 2018 and Press, Media & Supreme Council for Media Regulation Law No. 180 of 2018, administered by investigating authorities and the Supreme Council for Media Regulation (SCMR); Personal Data Protection Law No. 151 of 2020 covers data.
Finland - Internet & Online Safety: Comprehensive law. EU Digital Services Act (Regulation 2022/2065), implemented nationally by the Act on the Supervision of Online Intermediary Services (18/2024); the Finnish Transport and Communications Agency (Traficom) is the national Digital Services Coordinator.
France - Internet & Online Safety: Comprehensive law. EU Digital Services Act (Regulation (EU) 2022/2065, DSA) as baseline + France's national Law No. 2024-449 of 21 May 2024 'visant à sécuriser et à réguler l'espace numérique' (SREN); ARCOM is the Digital Services Coordinator, with CNIL and DGCCRF as co-competent authorities.
Germany - Internet & Online Safety: Comprehensive law. EU Digital Services Act (Regulation (EU) 2022/2065) implemented nationally by the Digitale-Dienste-Gesetz (DDG, in force 14 May 2024), with the Bundesnetzagentur as Digital Services Coordinator; youth/online-safety governed by the Interstate Treaty on the Protection of Minors in the Media (JMStV) enforced by state media authorities and the KJM.
Gibraltar - Internet & Online Safety: Partial. Crimes and Communications (Online Safety) Act 2023 (criminal online-harm offences + GRA media-literacy duty), alongside the Communications Act 2006 and Broadcasting Act 2012, all overseen by the Gibraltar Regulatory Authority (GRA). No EU DSA / UK OSA-style platform duty-of-care or mandatory age-verification regime.
Hong Kong - Internet & Online Safety: Partial. No single comprehensive online-safety statute. Online content is governed by a patchwork: the Personal Data (Privacy) Ordinance anti-doxxing regime (2021), the Control of Obscene and Indecent Articles Ordinance (Cap. 390), and — most consequentially — national-security content controls under the Hong Kong National Security Law (2020) and the Safeguarding National Security Ordinance (Article 23, 2024).
India - Internet & Online Safety: Comprehensive law. Information Technology Act, 2000 (esp. ss. 69A, 79) read with the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (amended 2022, 2023, 2025 and Feb 2026), administered by MeitY and the Ministry of Information & Broadcasting; complemented by the Digital Personal Data Protection Act, 2023 / DPDP Rules, 2025 for minors.
Indonesia - Internet & Online Safety: Comprehensive law. Electronic Information and Transactions Law (UU ITE, Law 11/2008 as amended by Law 19/2016 and Law 1/2024); MR5/2020 (MoCI Reg. 5/2020 on Private Electronic System Operators) requiring platform registration and content takedown; Government Regulation 17/2025 'PP Tunas' on child protection in electronic systems; enforced by the Ministry of Communication and Digital Affairs (Komdigi, formerly Kominfo).
Ireland - Internet & Online Safety: Comprehensive law. Online Safety and Media Regulation Act 2022 (OSMR Act) and the binding Online Safety Code (2024), enforced by Coimisiún na Meán (Media Commission), which also acts as Ireland's EU Digital Services Coordinator under the Digital Services Act (implemented nationally by the Digital Services Act 2024).
Israel - Internet & Online Safety: Partial. No comprehensive online-safety statute. Core binding tool is the 'Powers to Prevent the Commission of Offenses by Means of an Internet Website Law, 5777-2017' (court-ordered website blocking). The GDPR-aligned Protection of Privacy Law (Amendment 13, in force 14 Aug 2025) governs platform data practices. Several broader content-moderation/social-media bills remain proposed.
Italy - Internet & Online Safety: Comprehensive law. EU Digital Services Act (Regulation (EU) 2022/2065), applied nationally with AGCOM (Autorità per le Garanzie nelle Comunicazioni) as Italy's Digital Services Coordinator under Decree-Law No. 123/2023 (converted by Law No. 159/2023, the 'Caivano Decree'); supplemented by AGCOM's age-verification Resolution No. 96/25/CONS (2025).
Japan - Internet & Online Safety: Partial. Act on Measures Against Rights Infringement Arising from Distribution of Information by Specified Telecommunications ('Information Distribution Platform Act'/IDPA, Act No. 137 of 2001 as amended 2024), administered by the Ministry of Internal Affairs and Communications (MIC); supplemented by the Act on Development of an Internet Environment for Young People (2008).
Kenya - Internet & Online Safety: Partial. No single comprehensive online-safety statute. The regime is a patchwork: the Computer Misuse and Cybercrimes Act, 2018 (amended 2025) governs online offences and site-blocking; the Kenya Information and Communications Act (KICA, Cap. 411A) and the Communications Authority of Kenya (CA) license and oversee ICT/online services; the CA's 2025 Industry Guidelines for Child Online Protection address age-verification and platform safety; and the Kenya Information and Communications (Amendment) Bill, 2025 proposes binding social-media platform-accountability rules.
Liechtenstein - Internet & Online Safety: Partial. EU E-Commerce Directive 2000/31/EC transposed via the E-Commerce Act (ECG, 2003) and the Audiovisual Media Services regime under the Media Act (Mediengesetz, 2005) / Communications Act (KomG, 2006), supervised by the Office for Communications (Amt für Kommunikation, AK); the comprehensive EU Digital Services Act (Reg (EU) 2022/2065) is EEA-relevant but not yet incorporated into the EEA Agreement, so not yet in force for Liechtenstein.
Luxembourg - Internet & Online Safety: Comprehensive law. EU Digital Services Act (Regulation (EU) 2022/2065), implemented nationally by the Law of 4 April 2025; the Autorité de la concurrence (Competition Authority) is the national Digital Services Coordinator. Hosting/illegal-content liability also rests on the amended e-commerce law of 14 August 2000.
Malaysia - Internet & Online Safety: Comprehensive law. Online Safety Act 2024 (Act 866, in force 1 Jan 2026) plus social-media/messaging class-licensing under the Communications and Multimedia Act 1998 (CMA 1998), enforced by the Malaysian Communications and Multimedia Commission (MCMC).
Mexico - Internet & Online Safety: Partial. No single comprehensive online-safety statute. The regime is a patchwork: the new Ley en Materia de Telecomunicaciones y Radiodifusión (published in the Diario Oficial de la Federación on 16 July 2025, in force 17 July 2025); intermediary/platform liability via USMCA-driven 'notice-and-takedown' safe harbors in the Ley Federal del Derecho de Autor (2020); and child-protection provisions in the Ley General de los Derechos de Niñas, Niños y Adolescentes (LGDNNA).
Netherlands - Internet & Online Safety: Comprehensive law. EU Digital Services Act (Regulation (EU) 2022/2065) as implemented nationally by the Uitvoeringswet digitaledienstenverordening (DSA Implementation Act, in force 4 Feb 2025); enforced by the Netherlands Authority for Consumers and Markets (ACM) as Digital Services Coordinator, with the Dutch Data Protection Authority (AP) for profiling/data, plus the ATKM authority for CSAM and terrorist content online.
New Zealand - Internet & Online Safety: Partial. Harmful Digital Communications Act 2015 (Netsafe as Approved Agency; District Court remedies) plus Films, Videos, and Publications Classification Act 1993 (Chief Censor / DIA take-down powers); no comprehensive online-platform safety statute, with proposals pending.
Nigeria - Internet & Online Safety: Partial. No single omnibus online-safety statute. Online content/safety is governed by a layered, co-regulatory regime: the NCC Internet Code of Practice 2026 (Nigerian Communications Commission), the NITDA Code of Practice for Interactive Computer Service Platforms/Internet Intermediaries 2022 (National Information Technology Development Agency), and the criminal Cybercrimes (Prohibition, Prevention, etc.) (Amendment) Act 2024.
Norway - Internet & Online Safety: Proposed. Proposed Act on Digital Services ('lov om digitale tjenester') implementing the EU Digital Services Act into Norwegian/EEA law, plus a separate proposed social-media age-limit bill; Nkom designated as national coordinator. Existing partial rules: e-Commerce Act intermediary liability and the Media Liability Act (medieansvarsloven).
Philippines - Internet & Online Safety: Partial. No single comprehensive online-safety statute. A patchwork of sector-specific laws governs the space: the Cybercrime Prevention Act of 2012 (RA 10175), the Anti-OSAEC and Anti-CSAEM Act of 2022 (RA 11930), the Internet Transactions Act of 2023 (RA 11967, fully effective 20 June 2025), and the SIM Registration Act of 2022 (RA 11934). Several comprehensive social-media-regulation bills are pending in the 20th Congress.
Poland - Internet & Online Safety: Comprehensive law. EU Digital Services Act (Regulation 2022/2065), directly applicable in Poland since 17 Feb 2024; national implementing law (amendment to the Act on Providing Services by Electronic Means) NOT yet in force — vetoed by the President in January 2026. Designated/temporary authorities: President of UKE (Office of Electronic Communications) as Digital Services Coordinator, with UOKiK (consumer/marketplace) and KRRiT (audiovisual) holding sectoral roles.
Portugal - Internet & Online Safety: Comprehensive law. EU Digital Services Act (Regulation (EU) 2022/2065), implemented nationally by Law No. 12-A/2026 of 15 April 2026; ANACOM is the competent authority and Digital Services Coordinator.
Qatar - Internet & Online Safety: Heavy restriction. Cybercrime Prevention Law No. 14 of 2014 (as amended by Law No. 11 of 2025), enforced alongside content filtering by the Communications Regulatory Authority (CRA) and state-controlled ISPs; no DSA/OSA-style online-safety statute exists.
Russia - Internet & Online Safety: Heavy restriction. Layered state-control regime centered on Roskomnadzor: the 2019 'Sovereign Internet' Law (No. 90-FZ), the 2021 social-media 'self-censorship' law and 'landing law' (No. 236-FZ) on foreign internet companies, the broad 'extremist'/'undesirable' content blocking framework, and the July 2025 amendments penalizing searches for 'extremist' content and VPN promotion.
Saudi Arabia - Internet & Online Safety: Heavy restriction. Communications, Space & Technology Commission (CST, ex-CITC) operates extensive state filtering; Anti-Cyber Crime Law (Royal Decree M/17, 2007); CST Regulations for Providing Digital Content Platform Services (2024); GAMR media/content-creator licensing under the Audiovisual Media Law (Royal Decree M/33, 2017)
Singapore - Internet & Online Safety: Comprehensive law. Multi-statute regime led by IMDA under the Broadcasting Act 1994 (Online Safety provisions + Codes of Practice), the Online Criminal Harms Act 2023, POFMA 2019, and the Online Safety (Relief and Accountability) Act 2025 (Online Safety Commission, from 29 June 2026)
South Africa - Internet & Online Safety: Partial. No single comprehensive online-safety statute. A patchwork of sector laws governs online content: the Films and Publications Amendment Act 11 of 2019 (administered by the Film and Publication Board), the Cybercrimes Act 19 of 2020, intermediary-liability provisions in the Electronic Communications and Transactions Act 25 of 2002, and the Protection of Personal Information Act (POPIA).
South Korea - Internet & Online Safety: Comprehensive law. Multi-instrument regime: Act on Promotion of Information and Communications Network Utilization and Information Protection (Network Act); Telecommunications Business Act (content-moderation duties); Juvenile Protection Act (age/identity verification); enforced by the Korea Communications Commission (KCC) and the Korea Communications Standards Commission (KCSC).
Spain - Internet & Online Safety: Comprehensive law. EU Digital Services Act (Regulation (EU) 2022/2065, directly applicable since 17 Feb 2024) as the baseline online-safety/content-moderation regime, complemented nationally by the Audiovisual Communication Law (Ley 13/2022) and the LSSI-CE; the CNMC is the designated Digital Services Coordinator. National DSA implementing legislation and a dedicated minors-protection organic law remain pending.
Sweden - Internet & Online Safety: Comprehensive law. EU Digital Services Act (Regulation 2022/2065, directly applicable) supplemented by Swedish Act Supplementing the Digital Services Act (SFS 2024:954) and Swedish Regulation Supplementing the Digital Services Act (SFS 2024:958), both in force 1 December 2024; supervised by Post- och telestyrelsen (PTS) as Digital Services Coordinator
Switzerland - Internet & Online Safety: Proposed. Draft Federal Act on Communication Platforms and Search Engines (KoPSG, consultation open until 16 Feb 2026); Federal Act on the Protection of Minors in Films and Video Games (JSFVG, in force 2024); Federal Act on Data Protection (nFADP, in force Sep 2023); Federal Act on the Surveillance of Post and Telecommunications Traffic (BÜPF, revision proposed 2025); OFCOM / DETEC as primary supervisory authorities
Taiwan - Internet & Online Safety: Partial. Sector-specific laws (Fraud Crime Hazard Prevention Act; NCC oversight) with no comprehensive platform safety statute; draft Digital Intermediary Services Act shelved since 2022
Thailand - Internet & Online Safety: Partial. Computer Crimes Act B.E. 2550 (2007, amended 2017); Emergency Decree on Technology Crime B.E. 2566 (2023, amended April 2025); Royal Decree on Digital Platform Services B.E. 2565 (2022); ETDA Notification on Social Media Measures (July 2025) — enforced by MDES and ETDA
Turkey - Internet & Online Safety: Heavy restriction. Law No. 5651 on Regulation of Publications on the Internet (as amended 2020, 2022, 2025, 2026); Cybersecurity Law No. 7545 (2025); regulated by the Information Technologies and Communication Authority (BTK)
UAE - Internet & Online Safety: Partial. Multiple federal instruments: Federal Decree-Law No. 34/2021 (Combating Rumours and Cybercrimes), Federal Decree-Law No. 26/2025 (Child Digital Safety, in force January 2026), Federal Decree-Law No. 55/2023 (Media Regulation); TDRA mandatory ISP content filtering; UAE Media Council advertiser-permit regime
United Kingdom - Internet & Online Safety: Comprehensive law. Online Safety Act 2023 (Royal Assent 26 October 2023), enforced by Ofcom as the designated online safety regulator
United States - Internet & Online Safety: Partial. Patchwork of federal statutes (TAKE IT DOWN Act 2025, COPPA/FTC Rule, CDA Section 230) plus rapidly expanding state-level age-verification and children's design codes; no single comprehensive online safety statute equivalent to the EU DSA or UK OSA
Vietnam - Internet & Online Safety: Heavy restriction. Law on Cybersecurity No. 116/2025/QH15 (effective 1 Jul 2026, consolidating Laws 86/2015 and 24/2018); Decree 147/2024/ND-CP on Internet Services and Online Information (effective 25 Dec 2024); Law on Personal Data Protection (effective 1 Jan 2026); Ministry of Information and Communications / Ministry of Public Security as co-regulators
Albania - Internet & Online Safety: Partial. Audiovisual Media Act (as amended 2023 to cover video-sharing platforms), Law on Electronic Commerce, and Law on Electronic Communications (No. 54/2024), supervised by the Audiovisual Media Authority (AMA)
Algeria - Internet & Online Safety: Heavy restriction. Law No. 09-04 (2009) on ICT Crimes; Organic Law on Information (2023); Law on Audiovisual Activity (2024); Law on Written and Electronic Press (2024); ARPT (Telecommunications Regulatory Authority); National Authority for Prevention and Combating ICT Crimes (Decree 21-439/2021)
Andorra - Internet & Online Safety: Partial. Llei 29/2021 (LQPD – GDPR-aligned data protection); Llei 42/2022 (Digital Economy, Entrepreneurship and Innovation); 2026 bill amending the Qualified Law on Rights of Children and Adolescents (social media/minors); Agència Andorrana de Protecció de Dades (APDA)
Angola - Internet & Online Safety: Partial. Law No. 38/20 (Penal Code, cybercrime chapter), Law No. 7/17 (Protection of Networks and Information Systems), National Security Law (August 2024), ERCA media regulator; Draft Cybersecurity Law and Draft Law on Dissemination of False Information on the Internet advancing through parliament (2025–2026)
Armenia - Internet & Online Safety: Partial. Law of the Republic of Armenia 'On Cybersecurity' (in force 4 January 2026); Law on Mass Communication; Criminal Code hate-speech provisions; Information Systems Regulatory Body (established under December 2025 legislative package); supervised by Ministry of High-Tech Industry
Azerbaijan - Internet & Online Safety: Heavy restriction. Law on Information, Informatization and Protection of Information; Media Law (2022); Law on Telecommunications; Presidential Decree on MİRAS Centralized Information and Digital Analytics System (November 2025); Presidential Decree on Children's Online Safety (February 2026) — enforced by the Media Development Agency and the State Security Service
Bahamas - Internet & Online Safety: Partial. Computer Misuse Act 2003; Data Protection (Privacy of Personal Information) Act 2003; URCA Code of Practice for Content Regulation (revised 2024); Data Protection Bill 2025 (pending enactment)
Bangladesh - Internet & Online Safety: Heavy restriction. Cyber Security Ordinance 2025 (promulgated 21 May 2025, replacing Cyber Security Act 2023 and Digital Security Act 2018); Bangladesh Telecommunication Regulatory Commission (BTRC) under the Telecommunications Act 2001 and Telecommunications (Amendment) Ordinance 2025 (December 2025)
Belarus - Internet & Online Safety: Heavy restriction. Law on Mass Media (2008, as amended 2021+); Law on Counteracting Extremism; Operations and Analytical Center (OAC) under the President; Ministry of Information blocking authority; Government Resolution No. 476 (September 2025); Criminal Procedure Code amendments (February 2025)
Bolivia - Internet & Online Safety: Partial. Ley General de Telecomunicaciones, Tecnologías de Información y Comunicación (Law No. 164, 2011); Autoridad de Regulación y Fiscalización de Telecomunicaciones y Transportes (ATT); Agencia de Gobierno Electrónico y Tecnologías de Información y Comunicación (AGETIC)
Botswana - Internet & Online Safety: Partial. Multi-law patchwork: Cybercrime and Computer Related Crimes Act 2018, Electronic Communications and Transactions Act 2014, Digital Services Act 2025, Cybersecurity Act 2025 (Act 21 of 2025), Data Protection Act 2024 — all overseen by the Botswana Communications Regulatory Authority (BOCRA)
Brunei - Internet & Online Safety: Heavy restriction. Multiple overlapping instruments: Computer Misuse Act (Cap. 194, 2007), Telecommunications Order 2001, Broadcasting (Class Licence) Notification 2001 (Internet Code of Practice), Cybersecurity Act (Cap. 272, enacted 2023, revised 2024); overseen by AITI and a multi-agency Content Advisory Council (CAC)
Bulgaria - Internet & Online Safety: Comprehensive law. EU Digital Services Act (Regulation (EU) 2022/2065), implemented nationally via amendments to the Electronic Communications Act designating the Communications Regulation Commission (CRC) as Digital Services Coordinator; plus EU GDPR and the Audiovisual Media Services framework (Council for Electronic Media)
Cambodia - Internet & Online Safety: Heavy restriction. Sub-Decree No. 23 on National Internet Gateway (2021); Law on Anti-Technology Fraud (April 2026); Ministry of Information (content blocking); Ministry of Post and Telecommunications (MPTC); draft Law on Cybercrime and draft Law on Cybersecurity (pending)
Cameroon - Internet & Online Safety: Heavy restriction. Law No. 2010/012 of 21 December 2010 on Cybersecurity and Cybercrime; ANTIC (National Agency for Information and Communication Technologies); ART (Telecommunications Regulatory Board); Law No. 2024/017 on Personal Data Protection; Ministerial Decision of 04 April 2025 on the National Electronic Communications Aggregation Platform (NECAP)
Chile - Internet & Online Safety: Partial. No comprehensive online-safety act in force; existing rules derive from conditional intermediary-liability doctrine (Law 19.733 / civil-code jurisprudence), the Framework Cybersecurity Law (Ley 21.663, in force January 2025), and the new Data Protection Law (Ley 21.719, enacted December 2024). Multiple bills — including a broad digital-platforms bill (Boletín 14.561-19) and two minors-online-protection bills — are advancing through Congress as of mid-2026.
Colombia - Internet & Online Safety: Partial. Ley 2489 de 2025 (Digital Safe Environments for Children and Adolescents); Law 679 of 2001 (Internet Protection Law); MinTIC (Ministry of ICT) and CRC (Communications Regulatory Commission) as primary regulators
Costa Rica - Internet & Online Safety: Partial. Digital Services and E-Commerce Governance Law (Law 23,184, approved April 2026, not yet in force); Data Protection Law No. 8968 (2011); Cybercrime Law; SUTEL (telecom regulator) and MICITT (Ministry of Science, Innovation, Technology and Telecommunications)
Côte d'Ivoire - Internet & Online Safety: Partial. Law n° 2013-451 on Cybercrime (as amended 2023), Law n° 2024-352 on Electronic Communications, Ordinance n° 2024-950 on Securing the Digital Space; regulated by ARTCI and ANSSI
Croatia - Internet & Online Safety: Comprehensive law. EU Digital Services Act (Regulation (EU) 2022/2065), directly applicable; Croatia's national Law on the Implementation of the DSA (in force 17 April 2025); Digital Services Coordinator: HAKOM (Hrvatska regulatorna agencija za mrežne djelatnosti)
Cuba - Internet & Online Safety: Heavy restriction. Decree Law 35 on Telecommunications/ICT (2021); Law 162/2023 on Social Communication (in force October 2024); Decree 370; ETECSA state monopoly on connectivity
Cyprus - Internet & Online Safety: Comprehensive law. EU Digital Services Act (Regulation (EU) 2022/2065) + Cyprus Law of 2025 on DSA Implementation (CYDSA); Digital Services Coordinator: Radio Television and Digital Services Authority (RTDSA); co-competent authorities: OCECPR and Commissioner for Personal Data Protection
Czechia - Internet & Online Safety: Partial. EU Digital Services Act (Regulation 2022/2065) — directly applicable; Czech Telecommunications Office (CTU) designated as Digital Services Coordinator; Draft Digital Economy Act (Bill 776) pending in Czech Chamber of Deputies
Dominican Republic - Internet & Online Safety: Partial. Law No. 53-07 on High Technology Crimes and Offenses (2007); Law No. 172-13 on Personal Data Protection (2013); Law No. 153-98 General Telecommunications Law; Organic Law on Freedom of Expression, Audiovisual Media and Digital Platforms (proposed, submitted to Congress May 2025)
Ecuador - Internet & Online Safety: Partial. Ley Orgánica de Comunicación (2013, reformed 2019); Ley Orgánica de Protección de Datos Personales (LOPDP, 2021); Ley Orgánica para el Fortalecimiento de la Ciberseguridad (in force 22 May 2026); supervised by the Superintendencia de Protección de Datos Personales and the Agencia de Regulación y Control de las Telecomunicaciones (ARCOTEL)
El Salvador - Internet & Online Safety: Partial. Special Law Against Cybercrime (Ley Especial Contra Delitos Informáticos y Conexos, 2016, reformed 2025); Cybersecurity and Information Security Law (Decree, effective 23 Nov 2024); Personal Data Protection Law (Nov 2024); State Cybersecurity Agency (Agencia de Ciberseguridad del Estado, ACE)
Estonia - Internet & Online Safety: Comprehensive law. EU Digital Services Act (Regulation (EU) 2022/2065) directly applicable; national transposition via Information Society Services Act (as amended, in force 14 July 2024); Digital Services Coordinator: Consumer Protection and Technical Regulatory Authority (TTJA)
Ethiopia - Internet & Online Safety: Heavy restriction. Computer Crime Proclamation No. 958/2016; Hate Speech and Disinformation Prevention and Suppression Proclamation No. 1185/2020; Media Proclamation No. 1238/2021; Personal Data Protection Proclamation No. 1321/2024 — overseen by the Ethiopian Media Authority (EMA), Ethiopian Communications Authority (ECA), and Information Network Security Agency (INSA)
Fiji - Internet & Online Safety: Partial. Online Safety Act 2018 (administered by the Online Safety Commission); Cybercrime Act 2021; Online Safety Regulations 2019
Georgia - Internet & Online Safety: Partial. No comprehensive online safety law; partial regime comprising the Law on the Protection of Family Values and Minors (2024), the Law on Transparency of Foreign Influence (2024/2025), and the Law on Personal Data Protection (2023, in force March 2024), overseen by the Personal Data Protection Service (PDPS)
Ghana - Internet & Online Safety: Partial. Cybersecurity Act, 2020 (Act 1038) + Electronic Transactions Act, 2008 (Act 772) + Electronic Communications Act, 2008 (Act 775); regulated by the Cyber Security Authority (CSA) and National Communications Authority (NCA)
Greece - Internet & Online Safety: Comprehensive law. EU Digital Services Act (Regulation (EU) 2022/2065, directly applicable) + Greek Law 5099/2024 (supplementary national implementation measures); Digital Services Coordinator: Hellenic Telecommunications and Post Commission (EETT)
Guatemala - Internet & Online Safety: Partial. Fragmented provisions: Penal Code cybercrime articles (since 2000), Ley de Protección Integral de la Niñez y Adolescencia (LPINA), Ley General de Telecomunicaciones (Decree 94-96); no dedicated online safety or platform-liability law; Cybersecurity Bill (Initiative 6347) pending in Congress as of 2025
Honduras - Internet & Online Safety: Partial. Penal Code cybercrime provisions (Decree 130-2017, effective 2019); CONATEL expanded digital-media mandate; proposed National Cybersecurity Law (not yet enacted)
Hungary - Internet & Online Safety: Comprehensive law. EU Digital Services Act (Regulation (EU) 2022/2065) applied directly; national implementation via DSA Executive Act (Act XCIX of 2023); Digital Services Coordinator: National Media and Infocommunications Authority (NMHH); supplemented by Act XLIX of 2024 (child protection/online pornography) and Act LXXVIII of 2024 (Suppression of Internet Aggression, in force 1 January 2025)
Iceland - Internet & Online Safety: Partial. Media Act (No. 38/2011, amended), Act on Data Protection and Processing of Personal Data (No. 90/2018, GDPR-equivalent), domain-closure powers (2021 amendment to Electronic Communications Act); EU Digital Services Act (Regulation 2022/2065) pending EEA Agreement incorporation
Iran - Internet & Online Safety: Heavy restriction. Computer Crimes Law (Law No. 71063, 2009); Supreme Council of Cyberspace; National Filtering Committee; FATA (Cyber Police, est. 2011); 'Combating the Spread of Untrue News Content' Law (2025); Supreme Council of Cyberspace 32-Article Tiered Internet Decree (December 2024)
Iraq - Internet & Online Safety: Partial. CMC Law No. 65 of 2004; CMC Framework Regulations for Digital Platforms and Services (issued 17 February 2025); 1969 Penal Code (Article 438) as fallback
Jamaica - Internet & Online Safety: Partial. Cybercrimes Act 2015 (as amended 2026); Data Protection Act 2020 / Office of the Information Commissioner; Broadcasting Commission of Jamaica (broadcast/VOD content)
Jordan - Internet & Online Safety: Partial. Cybercrime Law No. 17 of 2023; Press and Publications Law No. 8 of 1998 (as amended); Audiovisual Media Law — enforced by the Media Commission and Telecommunications Regulatory Commission (TRC)
Kazakhstan - Internet & Online Safety: Heavy restriction. Law on Online Platforms and Online Advertising (No. 18-VIII, 2023); Law on Communications; Ministry of Digital Development and Ministry of Culture and Information as primary regulators
Kuwait - Internet & Online Safety: Partial. Law No. 63/2015 on Combating Information Technology Crimes; Law No. 8/2016 on Electronic Media; CITRA (Communications and Information Technology Regulatory Authority) content-blocking and data-privacy regulations
Laos - Internet & Online Safety: Heavy restriction. Law on Prevention and Combating Cyber Crime (2015); Decree No. 327 on Internet Information Management (2014); mandatory social media registration directives (2019, 2020, 2024); draft Law on Cybersecurity under National Assembly review (June 2025) — Ministry of Technology and Communications
Latvia - Internet & Online Safety: Comprehensive law. EU Digital Services Act (Regulation (EU) 2022/2065) directly applicable; national implementation via amendments to the Law on Information Society Services (Informācijas sabiedrības pakalpojumu likums) in force 21 June 2024; Consumer Rights Protection Centre (PTAC) designated as Digital Services Coordinator; National Electronic Mass Media Council (NEPLP) retains complementary powers over audiovisual/broadcast and national-security website blocking
Lebanon - Internet & Online Safety: Partial. Law No. 81/2018 on Electronic Transactions and Personal Data; Penal Code (social media speech); ISF Cybercrime and Intellectual Property Rights Bureau; Telecommunications Regulatory Authority (TRA)
Lithuania - Internet & Online Safety: Comprehensive law. EU Digital Services Act (Regulation (EU) 2022/2065, in force 17 Feb 2024) implemented nationally via amendments to Lithuania's Law on Information Society Services (adopted by Seimas 13 June 2024); supplemented by the Law on the Protection of Minors Against the Detrimental Effect of Public Information. Competent authorities: RRT (Communications Regulatory Authority) as Digital Services Coordinator; Office of the Inspector of Journalist Ethics (ŽEIT) for minors' protection; State Data Protection Inspectorate for profiling rules; State Consumer Rights Protection Authority for product safety/consumer-deception on platforms.
Malta - Internet & Online Safety: Comprehensive law. EU Digital Services Act (Regulation (EU) 2022/2065) as directly applicable law; implemented nationally by the Digital Services (Designation and Enforcement) Order (Subsidiary Legislation 418.05, in force 12 March 2024); enforced by the Malta Communications Authority (MCA) as Malta's designated Digital Services Coordinator (DSC).
Mauritius - Internet & Online Safety: Partial. Information and Communication Technologies Act 2001 (as amended); Cybersecurity and Cybercrime Act 2021; ICTA (Information and Communication Technologies Authority)
Moldova - Internet & Online Safety: Partial. Audiovisual Media Services Code (as amended July 2025) administered by the Audiovisual Council; draft Digital Services Law (DSA-aligned, public consultation launched April 2025); Law No. 252 of 2026 on digital/technology-facilitated violence
Monaco - Internet & Online Safety: Partial. Law No. 1.565 of 3 December 2024 (data protection / information society services); Law No. 1.578 of 1 July 2025 (digital amendments including content-dissemination obligations); Autorité de Protection des Données Personnelles (APDP)
Mongolia - Internet & Online Safety: Partial. Communications Regulatory Commission (CRC) under the Communications Act 2001; Law on Cyber Security 2021; Law on Personal Data Protection 2021; CRC digital content regulations
Morocco - Internet & Online Safety: Partial. Law No. 88.13 (Press Code, 2016), Penal Code provisions for online speech, Law No. 07-03 on cybercrime, Budapest Convention on Cybercrime (ratified 2018); HACA (Haute Autorité de la Communication Audiovisuelle) as audiovisual regulator; DSA-inspired platform regulation draft law under preparation (2025)
Mozambique - Internet & Online Safety: Partial. Electronic Transactions Law (Law 3/2017); Cybersecurity Law and Cybercrime Law (passed by Assembly of the Republic, April 2026); Decree 59/2023 on Registration and Licensing of Intermediary Electronic Service Providers and Operators of Digital Platforms (amended by Decree 44/2025); Telecommunications Traffic Control Regulation (Decree 48/2025); Personal Data Protection Bill under legislative process
Myanmar - Internet & Online Safety: Heavy restriction. Cybersecurity Law (1 Jan 2025, State Administration Council); Telecommunications Law (Art. 66d); Electronic Transactions Law (amended, S.38c); administered by the military State Administration Council (SAC)
Namibia - Internet & Online Safety: Partial. Electronic Transactions Act 4 of 2019; Communications Act 8 of 2009 (CRAN); Cybercrime Bill 2026 (pending parliament)
Nepal - Internet & Online Safety: Partial. Electronic Transactions Act 2063 (2008) + Directives for Managing the Use of Social Media 2080 (2023), enforced by Ministry of Communication and Information Technology (MoCIT); Social Network Bill 2081 pending in National Assembly
North Macedonia - Internet & Online Safety: Partial. Law on Audio and Audiovisual Media Services (as amended); Agency for Audio and Audiovisual Media Services (AVMU); Law on Media (amended 2025 to introduce online media register)
Oman - Internet & Online Safety: Partial. Cybercrime Combat Law (Royal Decree 12/2011); Media Law (Royal Decree 58/2024); Personal Data Protection Law (Royal Decree 6/2022); Telecommunications Regulatory Authority (TRA) content-filtering regime; Ministry of Information licensing
Pakistan - Internet & Online Safety: Partial. Prevention of Electronic Crimes Act 2016 (PECA) as amended by the Prevention of Electronic Crimes (Amendment) Act 2025; Pakistan Telecommunication Authority (PTA); Social Media Protection and Regulatory Authority (SMPRA, est. 2026)
Panama - Internet & Online Safety: Partial. Partial framework: Law No. 81/2019 (Personal Data Protection), October 2024 Cybercrime Amendments (Budapest Convention alignment), Law No. 51/2008 (Electronic Commerce), enforced by ANTAI and the Public Ministry; no comprehensive online-safety or platform-liability law
Papua New Guinea - Internet & Online Safety: Partial. Cybercrime Code Act 2016 (No. 35 of 2016); National Information and Communications Technology Authority (NICTA); NEC Decision (September 2023) on harmful-website blocking; proposed Social Media Policy 2025
Paraguay - Internet & Online Safety: Partial. Law 4868/2013 (Electronic Commerce, intermediary liability); Criminal Code cybercrime provisions (Arts. 146b–d, 174–175); Budapest Convention on Cybercrime (ratified 2017); CONATEL (National Telecommunications Commission) as internet regulator; Law 7593/2025 (Personal Data Protection, not yet in force)
Peru - Internet & Online Safety: Partial. Ministry of Transport and Communications (MTC) and OSIPTEL (telecom regulator) exercise principal authority; no comprehensive online-safety statute exists. Key instruments: Supreme Decree No. 035-2019-MTC (executive platform-blocking); Law No. 29733 / Supreme Decree No. 016-2024-JUS (personal data protection); ISP child-safety obligations under CSEA-related law; Proyecto de Ley No. 10880/2024-CR (proposed children's digital-wellbeing law, in legislative process as of 2025).
Romania - Internet & Online Safety: Comprehensive law. EU Digital Services Act (Regulation 2022/2065) directly applicable since 17 February 2024; national implementation via Romania Law No. 50/2024 (Official Journal No. 232, 19 March 2024); Digital Services Coordinator: ANCOM (National Authority for Management and Regulation in Communications)
Rwanda - Internet & Online Safety: Partial. Law No. 60/2018 on Prevention and Punishment of Cyber Crimes; Law No. 058/2021 on Protection of Personal Data and Privacy; Ministerial Instruction on Child Online Protection (January 2024); Rwanda Utilities Regulatory Authority (RURA) oversight
San Marino - Internet & Online Safety: Partial. Law No. 171 of 21 December 2018 (GDPR-equivalent data protection), enforced by the Autorità Garante per la Protezione dei Dati Personali (Garante Privacy di San Marino)
Senegal - Internet & Online Safety: Partial. Law 2008-11 on Cybercrime; Law 2008-10 on the Information Society; Law 2008-08 on Electronic Transactions (intermediary liability); Telecommunications Code 2018-28; supervised by ARTP (Autorité de Régulation des Télécommunications et des Postes) and CDP (Commission de Protection des Données Personnelles)
Serbia - Internet & Online Safety: Partial. Law on Electronic Media (2023, amended 2025), Law on Electronic Trade (E-Commerce Law), Law on Public Information and Media — enforced by the Regulatory Authority for Electronic Media (REM); no single comprehensive online-safety statute equivalent to the EU DSA or UK OSA
Slovakia - Internet & Online Safety: Comprehensive law. EU Digital Services Act (Regulation (EU) 2022/2065) directly applicable; nationally implemented via Act No. 264/2022 on Media Services as amended by Act No. 203/2024 Coll.; Digital Services Coordinator: Council for Media Services (Rada pre mediálne služby, RpMS)
Slovenia - Internet & Online Safety: Comprehensive law. EU Digital Services Act (Regulation (EU) 2022/2065, directly applicable); national implementation Act on the Implementation of the EU Regulation on the Single Market for Digital Services (in force 13 April 2024); supervised by AKOS (Agencija za komunikacijska omrežja in storitve) as Digital Services Coordinator
Sri Lanka - Internet & Online Safety: Partial. Online Safety Act, No. 9 of 2024; Online Safety Commission (presidentially appointed); Personal Data Protection Act No. 9 of 2022 (complementary)
Tanzania - Internet & Online Safety: Heavy restriction. Electronic and Postal Communications Act 2010 (Cap 306) + Electronic and Postal Communications (Online Content) Regulations 2020 (as amended 2025) + Cybercrimes Act 2015 — enforced by the Tanzania Communications Regulatory Authority (TCRA)
Trinidad and Tobago - Internet & Online Safety: Partial. Cybercrime Act 2018 (Ch. 11:17A); Data Protection Act 2011; Telecommunications Act Ch. 47:31 (TATT regulator)
Tunisia - Internet & Online Safety: Heavy restriction. Decree-Law No. 2022-54 on Combating Crimes Related to Information and Communication Systems; Agence Tunisienne d'Internet (ATI) for state-level filtering; Organic Law No. 2004-63 on personal data (under reform)
Uganda - Internet & Online Safety: Heavy restriction. Uganda Communications Commission (UCC) under the Uganda Communications Act; Computer Misuse Act 2011 (amended 2022); Data Protection and Privacy Act 2019
Ukraine - Internet & Online Safety: Partial. Law of Ukraine 'On Media' (March 2023); National Council on Television and Radio Broadcasting (NRADA); NCON website-blocking powers under martial law; Draft Law No. 11115 on information-sharing platforms (pending)
Uruguay - Internet & Online Safety: Partial. Law No. 20.327 (Cybercrime, 2024); Law No. 18.331 (Data Protection, 2008/updated 2019); no comprehensive online-safety or platform-liability law in force
Uzbekistan - Internet & Online Safety: Heavy restriction. Law on Telecommunications (1999, revised December 2024); Ministerial Order No. 216 (2004); Ministry of Digital Technologies; Draft Law 'On the Protection of User Rights on Online Platforms and Websites' (proposed May 2025)
Venezuela - Internet & Online Safety: Heavy restriction. Ley Resorte-ME (Social Responsibility in Radio, Television and Electronic Media, 2010 as amended); Ley Contra el Odio (Law Against Hatred, 2017); Ley Orgánica del Libertador Simón Bolívar (2024); enforced by CONATEL (Comisión Nacional de Telecomunicaciones)
Zambia - Internet & Online Safety: Partial. Cyber Security Act No. 3 of 2025 and Cyber Crimes Act No. 4 of 2025, enforced by ZICTA (Zambia Information and Communications Technology Authority) and the newly created Zambia Cyber Security Agency
Zimbabwe - Internet & Online Safety: Partial. Cyber and Data Protection Act [Chapter 12:07] (2021, operative 2022), administered by POTRAZ; proposed dedicated social media legislation as of 2025
Afghanistan - Internet & Online Safety: Heavy restriction. Taliban supreme-leader decrees enforced via the Afghanistan Telecommunications Regulatory Authority (ATRA) and Ministry of Communications & IT; no formal online-safety statute exists
Barbados - Internet & Online Safety: Partial. Computer Misuse Act 2005; Data Protection Act 2019 (fully in force January 2025); Cybercrime Bill 2024 (passed House of Assembly, pending Senate)
Belize - Internet & Online Safety: Partial. Cybercrime Act 2020 (Act No. 32 of 2020) and Data Protection Act 2021 (Act No. 45 of 2021), administered by the Data Protection Commissioner; no dedicated online safety or platform-regulation law
Benin - Internet & Online Safety: Partial. Loi n° 2017-20 portant Code du Numérique (in force April 2018), amended by Loi n° 2020-35 (2021); enforced by CRIET (specialized court), OCRC (cybercrime unit), APDP (data-protection authority), and ARCEP (telecoms regulator)
Bhutan - Internet & Online Safety: Partial. Information, Communications and Media Act 2018 (ICMA 2018); Bhutan InfoComm and Media Authority (BICMA); Rules and Regulations on Content 2019
Bosnia & Herzegovina - Internet & Online Safety: Partial. Communications Regulatory Agency (CRA); Law on Personal Data Protection (2025); self-regulatory Press Council — no dedicated online safety or platform-liability law
British Virgin Islands - Internet & Online Safety: Partial. Computer Misuse and Cybercrime Act 2014 (amended 2019); Data Protection Act 2021; Telecommunications Act 2006; overseen by the Telecommunications Regulatory Commission (TRC)
Burkina Faso - Internet & Online Safety: Heavy restriction. Law n°014-2024 on Information Systems Security (ANSSI); Law n°040-2017/AN on cybercrime suppression; Law n°010-2004 on Personal Data Protection (CIL); Superior Council for Communication (CSC) as media regulator
Burundi - Internet & Online Safety: Partial. Law No. 1/10 of 16 March 2022 on the Prevention and Repression of Cybercriminality; National Communication Council (CNC) media oversight; ARCT telecommunications regulation (Decree-Law No. 100/112, 2012)
Central African Republic - Internet & Online Safety: Partial. Loi No. 24/001 on Personal Data Protection (2024); Penal Code provisions on electronic fraud and child pornography; AU Malabo Convention (ratified 2023); CEMAC electronic-communications harmonisation directives
Chad - Internet & Online Safety: Partial. Law No. 009/PR/2015 on Cybersecurity and Cybercrime; National Agency for Computer Security and eCertification (ANSICE); ARCEP (telecoms regulator)
Congo - Internet & Online Safety: Partial. Ordonnance-Loi No. 23/010 of 13 March 2023 (Digital Code), administered by the Autorité de régulation du numérique (ARN) and the Agence nationale de cybersécurité (ANC) — Democratic Republic of Congo (DRC)
Djibouti - Internet & Online Safety: Partial. Digital Code of Djibouti (adopted 30 June 2025, Loi approuvant le Code Numérique); supplemented by Djibouti Telecom state monopoly and a newly established National Cyber Security Authority (December 2025)
DR Congo - Internet & Online Safety: Partial. Ordonnance-Loi No. 23/010 of 13 March 2023 (Code du Numérique / Digital Code); Law No. 20/017 of 25 November 2020 on Telecommunications and ICT; supervised by ARPTIC (replacing ARPTC per Decree No. 23/13 of 3 March 2023)
Equatorial Guinea - Internet & Online Safety: Heavy restriction. Penal Code and Telecommunications Law (existing); draft Cybercrime and Cybersecurity Law under parliamentary process as of April 2024; internet access controlled through executive/administrative orders
Eritrea - Internet & Online Safety: Heavy restriction. State telecommunications monopoly via Eritrean Telecommunication Services Corporation (EriTel) under Proclamation No. 134/2003; content oversight by Ministry of Information under Press Proclamation and executive decree; no independent regulator exists
eSwatini - Internet & Online Safety: Partial. Computer Crime and Cybercrime Act 2022; Electronic Communications and Transactions Act 2022; Data Protection Act 2022; regulated by the Eswatini Communications Commission (ESCCOM); National Cybersecurity Strategy 2022–2027
Gabon - Internet & Online Safety: Partial. Law No. 027/2023 on Cybersecurity and Cybercrime; Ordinance No. 0011/PR/2026 on Social Networks and Digital Platforms; ARCEP (telecommunications regulator); HAC (Haute Autorité de la Communication, content/media regulator)
Gambia - Internet & Online Safety: Partial. Information and Communications Act 2009 (amended 2013); Cybercrime Bill 2023 (pending enactment); Personal Data Protection and Privacy Act 2025; National Cybersecurity Policy 2022–2026; regulator: Public Utilities Regulatory Authority (PURA)
Greenland - Internet & Online Safety: Partial. Inatsisartut Law No. 31 of 23 November 2017 (Telecommunications & Internet Services); Greenland Personal Data Act (in force 1 December 2016); no dedicated online-safety or platform-liability law
Guinea - Internet & Online Safety: Heavy restriction. Law L/2016/037/AN on Cybersecurity and Personal Data Protection (2016); ANSSI (Agence Nationale de la Sécurité des Systèmes d'Information); military transitional government (CNRD, in power since September 2021)
Guinea-Bissau - Internet & Online Safety: No framework. Law No. 5/2010 (Basic ICT Law); ARN — Autoridade Reguladora Nacional das Tecnologias de Informação e Comunicação
Guyana - Internet & Online Safety: Partial. Cybercrime Act 2018 (Act No. 16 of 2018); Telecommunications Act 2016; Broadcasting Act 2011 — no comprehensive online safety or platform-regulation law yet in force
Haiti - Internet & Online Safety: Partial. CONATEL (Conseil National des Télécommunications) under 1969/1987 decrees; December 2025 Decree on Freedom of Expression; no dedicated online-safety or cybercrime law
Isle of Man - Internet & Online Safety: Partial. Data Protection Act 2018 (GDPR-aligned), overseen by Isle of Man Information Commissioner; UK Online Safety Act 2023 extension under consideration via Permissive Extent Clause (s.239 OSA 2023); no standalone online safety law in force
Jersey - Internet & Online Safety: Proposed. No comprehensive online safety law in force; draft Online Harms (Content Removal and Online Privacy) Law under development following public consultation closed March 2026; existing patchwork of criminal law and data-protection rules (Data Protection (Jersey) Law 2018)
Kyrgyzstan - Internet & Online Safety: Heavy restriction. Law on Protection from False Information (2021); Law on Protection of Children from Information Harmful to their Health and Development (2023); Digital Code (adopted June 2025, in force December 2025); Mass Media Law (adopted June 2025); Presidential Decree on State Monopoly over International Internet Traffic (August 2025); State Committee for National Security (GKNB) blocking authority
Lesotho - Internet & Online Safety: Partial. Lesotho Communications Authority (LCA) under Communications Act No. 4 of 2012; Data Protection Act No. 5 of 2011; Computer Crime and Cyber Security Bill 2024 (tabled, not yet enacted)
Liberia - Internet & Online Safety: Partial. Cybercrime Act 2025 (passed legislature Jan 2026, awaiting presidential assent); Liberia Telecommunications Authority (LTA); Electronic Transactions Law; draft Data Protection Bill under legislative review
Libya - Internet & Online Safety: Heavy restriction. Law No. 5 of 2022 (Anti-Cybercrime Law); National Information Security and Safety Authority (NISSA); Presidential Council Decree No. 14 of 2024 (Public Morality Protection Agency)
Madagascar - Internet & Online Safety: Partial. Law No. 2014-006 on Combating Cybercrime (as amended by Law No. 2016-031); Law No. 2014-038 on Personal Data Protection; regulated by ARTEC (telecom) and CMIL (data protection)
Malawi - Internet & Online Safety: Partial. Electronic Transactions and Cyber Security Act 2016 (Act No. 33 of 2016); Communications Act 2016; Data Protection Act 2024 — all administered by the Malawi Communications Regulatory Authority (MACRA)
Maldives - Internet & Online Safety: Partial. Maldives Media and Broadcasting Regulation Act (Act No. 16/2025); Communications Authority of Maldives (CAM) administrative blocking powers; Computer Crimes Act; draft Cybersecurity Bill (pending Parliament, 2026)
Mali - Internet & Online Safety: Heavy restriction. Law No. 2019-056 on the Suppression of Cybercrime (December 2019); Law No. 2013-015 on Personal Data Protection; Haute Autorité de la Communication (HAC) broadcast regulator; National Cybersecurity Strategy 2026–2030 (approved December 2025)
Mauritania - Internet & Online Safety: Partial. Cybercrime Law No. 007-2016; Law No. 020-2017 on Personal Data Protection; Law No. 2020-015 on Combating Information Manipulation; Ministry of Islamic Affairs website-blocking authority
Montenegro - Internet & Online Safety: Partial. Sectoral regime: Law on Audiovisual Media Services (54/24) and Media Law (54/24), enforced by the Agency for Audiovisual Media Services (AMU); EU Digital Services Act/Digital Markets Act alignment pending as part of accession but not yet transposed.
New Caledonia - Internet & Online Safety: Comprehensive law. French digital law as the State retains competence over communications: the Loi n° 2024-449 du 21 mai 2024 (SREN), the older Loi pour la confiance dans l'économie numérique (LCEN, 2004-575), and parts of the EU Digital Services Act (Reg. 2022/2065) — all extended and adapted to New Caledonia by Ordonnance n° 2024-1019 du 13 novembre 2024. Regulators: ARCOM, CNIL, ARCEP.
Nicaragua - Internet & Online Safety: Heavy restriction. Special Cybercrime Law (Ley 1042, 2020; reformed by Ley 1219, 2024) plus the new General Law on Convergent Telecommunications (Ley 1223, in force 6 Nov 2025), administered/enforced by the regulator TELCOR, courts, and the Ortega-Murillo government.
Niger - Internet & Online Safety: Heavy restriction. Law No. 2019-33 of 3 July 2019 on the repression of cybercrime, as amended by Ordinance No. 2024-28 of 7 June 2024; Law No. 2018-45 of 12 July 2018 on electronic communications. Telecom sector overseen by ARCEP; the country has been under military rule (CNSP) since the July 2023 coup.
North Korea - Internet & Online Safety: Heavy restriction. Internet access in North Korea (DPRK) is controlled by the state as a matter of policy and security practice rather than by a single 'online safety' statute. The global internet is barred for the general public; control rests on the Korea Computer Center–curated national intranet (Kwangmyong), state telecom monopolies, and information-control laws led by the 2020 Law on Rejecting Reactionary Ideology and Culture (revised 2022).
Palestine - Internet & Online Safety: Heavy restriction. Law by Decree No. 10 of 2018 on Cybercrime (amended by Law by Decree No. 28 of 2020); enforced by the Public Prosecution/Attorney General and a specialized Cybercrime Unit. Telecommunications infrastructure and spectrum remain under Israeli control per the Oslo Accords.
Puerto Rico - Internet & Online Safety: Partial. U.S. federal law governs platform liability and online safety (Section 230 of the Communications Act / 47 U.S.C. §230, COPPA, FOSTA-SESTA), supplemented by Puerto Rico's own minor-protection statute (Act 185-2024, Children and Youth Cyber-Privacy Protection Act) and data-privacy/cybersecurity laws. There is no comprehensive online-safety/content-moderation regime comparable to the EU DSA or UK OSA.
Seychelles - Internet & Online Safety: Partial. No dedicated online-safety statute. Online content is governed indirectly by a cluster of sectoral laws: the Seychelles Media Commission Act 2010 (and its Code of Conduct, which extends to 'publishers of online publications'), the Broadcasting and Telecommunication Act 2000 / Communications Act 2023, the Data Protection Act 2023, and the Computer Misuse and Cybercrime Act.
Sierra Leone - Internet & Online Safety: Partial. Cyber Security and Crime Act, 2021 (enforced via the National Cybersecurity Coordination Centre / Ministry of Information & Civic Education); media regulated by the Independent Media Commission. No comprehensive DSA/OSA-style platform-safety law; a Data Protection and Right to Access Information Bill 2025 is pending.
Solomon Islands - Internet & Online Safety: No framework. No dedicated online-safety or content-moderation law. The Telecommunications Act 2009 (administered by the Telecommunications Commission of Solomon Islands, TCSI) governs the sector and contains some computer/communications offences; a National Cybersecurity Policy (2024) and draft cybercrime and data-protection bills are in development but not yet enacted.
Somalia - Internet & Online Safety: Heavy restriction. No comprehensive online-safety/content-moderation statute. Online content is governed mainly through ad-hoc executive directives and ISP-level blocking ordered by the Ministry of Communications & Technology and enforced via the National Communications Authority (NCA), established under the Communications Act 2017. Adjacent laws (Data Protection Act 2023; Cybersecurity Law passed by Parliament Jan 2026) address privacy and critical-infrastructure security, not platform content liability or user-safety duties.
South Sudan - Internet & Online Safety: Heavy restriction. National Communication Act, 2012 (establishing the National Communication Authority/NCA as ICT-telecom regulator) combined with the Cybercrimes and Computer Misuse Act, 2026 (signed 18 Feb 2026, replacing the 2021 Provisional Order); no comprehensive online-safety/platform-moderation statute exists.
Sudan - Internet & Online Safety: Heavy restriction. Law on Combating Cybercrimes 2018 (amended 2020; further repressive amendments approved by the Cabinet on 13 Oct 2025) plus telecom regulation by the Telecommunications and Post Regulatory Authority (TPRA); website blocking authority vested in the Prosecutor General. No comprehensive online-safety/platform-moderation statute (no DSA/OSA equivalent).
Suriname - Internet & Online Safety: No framework. No dedicated online-content/online-safety statute. Telecom infrastructure is regulated by the Telecommunicatie Autoriteit Suriname (TAS); online expression is governed indirectly by general criminal/defamation law. A data-protection bill and an electronic-transactions/cybercrime bill remain unenacted.
Syria - Internet & Online Safety: Heavy restriction. No comprehensive online-safety statute. The online environment is governed by the still-in-force Cybercrime Law No. 20 of 2022 (criminalizing online speech and mandating ISP data retention) and by Ministry of Information media-licensing rules now extended to digital platforms, administered alongside continued network-level controls (filtering, recurring shutdowns) inherited from the Assad era.
Tajikistan - Internet & Online Safety: Heavy restriction. State control via the Communication Service under the Government of the Republic of Tajikistan and the state-owned Single Electronic Communications Switching Center (EKTs), through which all internet traffic is routed and filtered by Tojiktelecom; there is no dedicated 'online safety' statute, but extensive censorship is exercised under telecom regulation and anti-extremism/security powers.
Timor-Leste - Internet & Online Safety: Proposed. No comprehensive online-safety or content-moderation law in force. The Press Law (Law No. 5/2014) governs journalism; a draft Cybercrime Law and proposed Penal/Press Code amendments on online defamation are pending but not enacted. There is no dedicated platform-liability or age-verification regime.
Togo - Internet & Online Safety: Heavy restriction. No comprehensive online-safety/platform-liability law (no DSA/OSA equivalent). Online content is governed by speech-restrictive criminal provisions — Law No. 2018-026 (cybersecurity & cybercrime, esp. Art. 25 on 'false information'), the 2020 Press and Communication Code, and the Penal Code — enforced alongside recurrent state-ordered internet/social-media shutdowns. Institutions: ANCy (cybersecurity), ARCEP (telecoms), HAAC (media), IPDCP (data protection).
Turkmenistan - Internet & Online Safety: Heavy restriction. State-controlled internet via the Law on Legal Regulation of Internet Development and Internet Services (2014, amended 2020) and media legislation, enforced through the state telecom monopoly Turkmentelecom and the Ministry of National Security's cyber-security department; no DSA/OSA-style content-moderation or online-safety regime exists.
Vanuatu - Internet & Online Safety: Comprehensive law. Harmful Digital Communications Act No. 14 of 2024 and Digital Safety Authority Act No. 15 of 2024 (establishing the Digital Safety Authority/Commission and a Commissioner of Harmful Digital Communications), supported by the Cybercrime Act No. 22 of 2021 and Data Protection and Privacy Act No. 13 of 2024.
Yemen - Internet & Online Safety: Heavy restriction. No comprehensive online-safety or platform-liability statute. The de facto Houthi authorities in Sana'a control national telecom/internet infrastructure (Ministry of Telecommunications, YemenNet/TeleYemen) and use it for website blocking, app shutdowns and surveillance; the internationally recognized government in Aden controls separate infrastructure. There is no DSA/OSA-style content-moderation regime — only ad hoc state restriction enforced via control of ISPs, the penal code, and emerging specialized 'electronic crimes' prosecution units.
Antigua and Barbuda - Internet & Online Safety: Partial. Electronic Crimes Act 2013 (No. 14 of 2013), as amended by the Electronic Crimes (Amendment) Act 2018 (No. 25 of 2018); Data Protection Act 2013 (No. 10 of 2013); Libel and Slander Act
Cape Verde - Internet & Online Safety: Partial. Cybercrime Law (Law n°8/IX/2017); Cybersecurity Legal Regime (Decree-Law 9/2021); Data Protection Law (Law 133-V/2001, amended 2021); ARME (Agência de Regulação Multissectorial da Economia) as telecom regulator; CNPD (Comissão Nacional de Proteção de Dados) as data-protection authority
Comoros - Internet & Online Safety: Partial. Law 21-012/AU on Cybersecurity and the Fight against Cybercrime (2021); Personal Data Protection Law (2019); 2014 Communications Act; regulated by ANRTIC (telecoms) and ANADEN (cybersecurity)
Dominica - Internet & Online Safety: Partial. Telecommunications Act No. 8 of 2000 (NTRC); Electronic Evidence Act 2010; unenacted Electronic Crimes Bill 2013; no dedicated online safety or platform-liability law
Grenada - Internet & Online Safety: Partial. Electronic Crimes Act 2013 (Act No. 23 of 2013, amended Act No. 10 of 2014); Data Protection Act 2023 (Act No. 1 of 2023); Council of Europe Budapest Convention (acceded 2024)
Kiribati - Internet & Online Safety: Partial. Cybercrime Act 2021 (primary); Data Protection Bill 2025 (pending enactment); National Cybersecurity Strategy 2020; Ministry of Information, Communications & Transport (MICT)
Marshall Islands - Internet & Online Safety: Partial. Cybercrimes Act 2025 (PL 2025-40); Cybersecurity Act 2025 (PL 2025-27); Personal Data Protection Act 2025 (PL 2025-43, public-sector only); Ministry of Transportation and Communication (national cybersecurity authority)
Micronesia - Internet & Online Safety: No framework. No dedicated online safety, content-moderation, or platform-liability law is in force. Sector regulation is handled by the FSM Telecommunication Regulation Authority (TRA), established under the 2014 Telecom Act, which governs market entry and competition rather than online content.
Nauru - Internet & Online Safety: Partial. Cybercrime Act 2015; Communications and Broadcasting Act 2018 (Nauru Communications Authority); Crimes Act (s.244A harassment/distress amendment)
Palau - Internet & Online Safety: Partial. Computer Crime provisions in Title 17 PNCA Chapter 31 (Palau National Code); Palau Privacy Act 2019; scattered Penal Code provisions; no dedicated online-safety or platform-liability statute
Saint Kitts and Nevis - Internet & Online Safety: Partial. Electronic Crimes Act 2009 (amended 2012, 2017); Data Protection Act 2018 (not yet commenced); no dedicated online safety or platform-liability law
Saint Lucia - Internet & Online Safety: Partial. Computer Misuse Act 2011; Data Protection Act 2011 (Cap 8.18); Electronic Transactions Act; Telecommunications Act 2000 (NTRC regulator)
Saint Vincent and the Grenadines - Internet & Online Safety: Partial. Cybercrime Act 2016; Electronic Transactions Act 2015; Data Protection Act 2021; regulated at telecom level by the Eastern Caribbean Telecommunications Authority (ECTEL)
Samoa - Internet & Online Safety: Partial. Crimes Act 2013 (cyber offences provisions) and Telecommunications Act 2005, regulated by the Office of the Regulator; no dedicated online safety or content-moderation law
Sao Tome and Principe - Internet & Online Safety: Partial. Cybercrime Law (Law 15/2017); Personal Data Guarantee and Protection Law (Law 03/2016); Criminal Code (Law 6/2012); regulated by AGER (Autoridade Geral de Regulação) and ANPDP (National Data Protection Agency)
Tonga - Internet & Online Safety: Partial. Computer Crimes Act 2003; Electronic Communication Abuse Offences Act 2020 (Act 23 of 2020, in force July 2021); Cybersecurity Act 2025 (Act 14 of 2025); Tonga CERT (CERT.to); Ministry of Meteorology, Energy, Information, Disaster Management, Climate Change and Communications
Tuvalu - Internet & Online Safety: Partial. Tuvalu Telecommunications Corporation Act 1993 (s.33 online offences); National ICT Policy 2023–2028 (cybersecurity pillar); Cybercrime Bill under development; no dedicated online safety or content-moderation law in force
Argentina - Cybersecurity: Sectoral rules. No single comprehensive cybersecurity statute. Argentina's regime is built on executive decrees, administrative provisions and sector-specific rules, coordinated by the National Cybersecurity Center (Centro Nacional de Ciberseguridad, Decree 941/2025) and the National Cybersecurity Directorate / CERT.ar within the Chief of Cabinet's office, alongside the Central Bank (BCRA) for finance and Law 25.326 for personal data.
Australia - Cybersecurity: Comprehensive law. Cyber Security Act 2024 (Cth) — Australia's first standalone cyber security law — operating alongside the Security of Critical Infrastructure Act 2018 (SOCI Act) and the Notifiable Data Breaches scheme under the Privacy Act 1988, within the 2023–2030 Australian Cyber Security Strategy. Administered by the Department of Home Affairs / Cyber and Infrastructure Security Centre (CISC), the Australian Cyber Security Centre (ACSC/ASD), the National Cyber Security Coordinator, and the OAIC.
Austria - Cybersecurity: Comprehensive law. Netz- und Informationssystemsicherheitsgesetz 2026 (NISG 2026), BGBl. I Nr. 94/2025 — Austria's transposition of the EU NIS2 Directive (2022/2555); supervised by the newly created Bundesamt für Cybersicherheit (Federal Office for Cybersecurity) under the Ministry of the Interior, with CERT.at as national CSIRT.
Bahrain - Cybersecurity: Sectoral rules. National Cyber Security Center (NCSC) — established/empowered by Royal Order No. 17 of 2025 — as central authority, operating alongside sector-specific regimes (Central Bank of Bahrain Rulebook, CNI cybersecurity controls, Personal Data Protection Law No. 30 of 2018, and IT Crimes Law No. 60 of 2014). No single horizontal NIS2-style statute imposing uniform obligations on all entities.
Belgium - Cybersecurity: Comprehensive law. Law of 26 April 2024 establishing a framework for the cybersecurity of networks and information systems of general interest for public security (the 'NIS2 Law'), with implementing Royal Decree of 9 June 2024; supervised by the Centre for Cybersecurity Belgium (CCB).
Bermuda - Cybersecurity: Sectoral rules. Bermuda Monetary Authority (BMA) sector codes (e.g. Insurance Sector Operational Cyber Risk Management Code of Conduct) plus PIPA breach-notification duties; a comprehensive Cybersecurity Act 2024 has been passed but is not yet in force.
Brazil - Cybersecurity: Sectoral rules. No single comprehensive horizontal cybersecurity statute in force. Obligations arise from a patchwork: the National Cybersecurity Policy (PNCiber, Decree No. 11.856/2023) and the E-Ciber strategy set government-wide guidelines; sector-specific binding rules apply to finance (CMN/BCB Resolution No. 4.893/2021) and personal data (LGPD + ANPD Resolution No. 15/2024 breach rules). A comprehensive Cybersecurity Legal Framework (Bill No. 4752/2025) creating a National Cybersecurity Authority (ANCiber) is pending in Congress.
Canada - Cybersecurity: Sectoral rules. No comprehensive cross-sector cyber law is yet in force; obligations are sectoral — PIPEDA mandatory breach reporting (Office of the Privacy Commissioner), OSFI Guideline B-13 for federally regulated financial institutions, and telecom rules — while the comprehensive Critical Cyber Systems Protection Act (CCSPA) advances as Bill C-8.
Cayman Islands - Cybersecurity: Sectoral rules. No comprehensive national cybersecurity statute. Sector-specific regime led by the Cayman Islands Monetary Authority (CIMA) Rule and Statement of Guidance on Cybersecurity for Regulated Entities (financial sector), alongside personal-data breach duties under the Data Protection Act administered by the Ombudsman and criminal offences under the Computer Misuse Act.
China - Cybersecurity: Comprehensive law. Cybersecurity Law of the PRC (2017, amended effective 1 Jan 2026), supported by the Data Security Law (2021) and Personal Information Protection Law (2021), administered by the Cyberspace Administration of China (CAC)
Denmark - Cybersecurity: Comprehensive law. Act on measures to ensure a high level of cybersecurity ('NIS2-loven', in force 1 July 2025), transposing the EU NIS2 Directive, supplemented by sector-specific statutes (energy, telecoms) implementing NIS2 and the CER Directive. Coordinated by the Danish Agency for Societal Security (Styrelsen for Samfundssikkerhed / SAMSIK).
Egypt - Cybersecurity: Sectoral rules. No single comprehensive cybersecurity law. Obligations are spread across the Anti-Cyber and Information Technology Crimes Law No. 175 of 2018 (NTRA/EG-CERT), the Personal Data Protection Law No. 151 of 2020 and its 2025 Executive Regulations (PDPC), the NTRA Regulatory Framework for Cybersecurity Services (2025), and sector regulators such as the Central Bank of Egypt (Financial Cybersecurity Framework). Strategic coordination sits with the Egyptian Supreme Cybersecurity Council (ESCC).
Finland - Cybersecurity: Comprehensive law. Cybersecurity Act (Kyberturvallisuuslaki 124/2025), transposing EU NIS2 Directive; National Cyber Security Centre Finland (NCSC-FI) within the Finnish Transport and Communications Agency (Traficom) as coordinator and single point of contact
France - Cybersecurity: Comprehensive law. Multi-layered horizontal regime overseen by ANSSI (national cybersecurity authority): NIS1 transposed by Law No. 2018-133 of 26 Feb 2018 (Operators of Essential Services / Digital Service Providers), the Military Programming Law (LPM) SAIV regime for vital-importance operators (OIV/SIIV), GDPR breach rules enforced by the CNIL, and the directly-applicable EU DORA Regulation for finance. A 'Résilience' law transposing NIS2, REC and DORA is pending final adoption.
Germany - Cybersecurity: Comprehensive law. BSI Act (BSI-Gesetz / BSIG) as recast by the NIS-2 Implementation Act (NIS2UmsuCG), in force 6 December 2025, transposing EU Directive (EU) 2022/2555 (NIS2); enforced by the Federal Office for Information Security (BSI). Complemented by the KRITIS-Dachgesetz (CER Directive), sector rules and EU DORA for finance.
Gibraltar - Cybersecurity: Comprehensive law. Part 7 of the Civil Contingencies Act 2007 (transposing the EU NIS Directive), administered by the Gibraltar Regulatory Authority (GRA) Cyber Security Compliance Division as the designated Competent Authority and single point of contact.
Hong Kong - Cybersecurity: Sectoral rules. Protection of Critical Infrastructures (Computer Systems) Ordinance (Cap. 653), administered by the Office of the Commissioner of Critical Infrastructure (Computer-system Security) (OCCICS); supplemented by sector regulators (HKMA, SFC) and the Personal Data (Privacy) Ordinance (Cap. 486)
India - Cybersecurity: Sectoral rules. Information Technology Act, 2000 (esp. ss. 70/70A/70B) with CERT-In and NCIIPC; CERT-In Directions of 28 April 2022; sector regulators (RBI, SEBI, IRDAI). No single NIS2-style comprehensive cybersecurity statute is in force; the National Cyber Security Strategy remains unfinalized.
Indonesia - Cybersecurity: Sectoral rules. No single comprehensive cybersecurity statute. Cybersecurity is governed by a patchwork: Badan Siber dan Sandi Negara (BSSN) as central authority (Presidential Regulation 28/2021), Government Regulation 71/2019 on Electronic Systems and Transactions, BSSN Regulations 1/2024 (cyber incident management) and 2/2024 (cyber crisis management), Law No. 27/2022 on Personal Data Protection (breach notification), and sector rules such as OJK financial-sector regulations. A comprehensive Cybersecurity and Cyber Resilience Bill (RUU KKS) is proposed but not enacted.
Ireland - Cybersecurity: Sectoral rules. Network and Information Systems regime led by the National Cyber Security Centre (NCSC). Current in-force obligations are instrument/sector-specific: the NIS1 Regulations (S.I. No. 360/2018), the EU DORA Regulation for financial entities, and GDPR breach rules. The comprehensive NIS2-style National Cyber Security Bill 2024 is still pending enactment.
Israel - Cybersecurity: Sectoral rules. Israel National Cyber Directorate (INCD) operating mainly via government resolutions (No. 2443/2444, 2015) plus sector-specific rules — Bank of Israel/financial-regulator cyber directives, critical-infrastructure protection, and the Protection of Privacy Law (Amendment 13, 2025) for data-breach duties. A comprehensive National Cyber Protection Law is at draft/public-comment stage (Jan 2026), not yet in force.
Italy - Cybersecurity: Comprehensive law. Legislative Decree No. 138/2024 (NIS2 transposition) and Law No. 90/2024, administered by the Agenzia per la Cybersicurezza Nazionale (ACN) via CSIRT Italia, layered on the National Cybersecurity Perimeter (Decree-Law 105/2019)
Japan - Cybersecurity: Comprehensive law. Basic Act on Cybersecurity (Act No. 104 of 2014), supplemented by the Active Cyber Defense Act (enacted May 2025); coordinated by the National Cybersecurity Office (NCO) under the National Cyber Director. Personal-data breach duties sit in the Act on the Protection of Personal Information (APPI), enforced by the Personal Information Protection Commission (PPC).
Kenya - Cybersecurity: Comprehensive law. Computer Misuse and Cybercrimes Act, No. 5 of 2018 (CMCA), operationalised by the Critical Information Infrastructure and Cybercrime Management Regulations, 2024; coordinated by the National Computer and Cybercrimes Co-ordination Committee (NC4) and the National KE-CIRT/CC, with breach-notification duties under the Data Protection Act, 2019.
Liechtenstein - Cybersecurity: Comprehensive law. Cyber-Security Act (Cyber-Sicherheitsgesetz, CSG, LR 784.13) and Cyber-Security Ordinance (CSV), administered by the National Cyber Security Unit (Stabsstelle Cyber-Sicherheit) — transposing EU NIS2 Directive 2022/2555; complemented by DORA in the financial sector.
Luxembourg - Cybersecurity: Comprehensive law. Law of 5 May 2026 on measures to ensure a high level of cybersecurity (transposing EU Directive 2022/2555, 'NIS2'); supervised by the Institut Luxembourgeois de Régulation (ILR), with the CSSF as competent authority for the financial sector and the Haut-Commissariat à la Protection nationale (HCPN) as strategic coordinator and single point of contact.
Malaysia - Cybersecurity: Comprehensive law. Cyber Security Act 2024 (Act 854), administered by the National Cyber Security Agency (NACSA), supplemented by sector-specific rules and the Personal Data Protection Act (PDPA) for personal-data breaches.
Mexico - Cybersecurity: Sectoral rules. No single comprehensive cybersecurity statute. Obligations are distributed across sectoral and cross-cutting rules: financial-sector information-security/cyber requirements issued by the CNBV and Banco de México; breach/security-vulnerability duties under the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP, 2025); the Penal Code's computer-crime provisions; and the binding National Cybersecurity Plan 2025–2030 / General Cybersecurity Policy for the Federal Public Administration (ATDT). A comprehensive 'Ley General/Federal de Ciberseguridad' is proposed but not yet enacted.
Netherlands - Cybersecurity: Comprehensive law. Wet beveiliging netwerk- en informatiesystemen (Wbni) — currently in force (implements EU NIS1); being replaced by the Cyberbeveiligingswet (Cbw, NIS2 implementation), pending in the Senate with entry into force targeted for Q2 2026. Supervision/incident response led by NCSC-NL and sector regulators (RDI, ILT).
New Zealand - Cybersecurity: Sectoral rules. No single comprehensive cybersecurity statute. Obligations are sector-specific: the Privacy Act 2020 (breach notification, Office of the Privacy Commissioner), Reserve Bank of New Zealand (RBNZ) and Financial Markets Authority (FMA) reporting rules for regulated financial entities, NCSC/GCSB minimum standards for public-sector agencies, and a proposed mandatory critical-infrastructure regime (consultation closed April 2026).
Nigeria - Cybersecurity: Comprehensive law. Cybercrimes (Prohibition, Prevention, etc.) Act 2015, as amended by the Cybercrimes (Amendment) Act 2024 — operationalized through the National Cybersecurity Policy and Strategy 2021, the Office of the National Security Adviser (ONSA) Directorate of Cybersecurity, and the Nigerian Computer Emergency Response Team (ngCERT). Sector-specific rules supplement it, notably the Central Bank of Nigeria's risk-based cybersecurity framework and breach-notification duties under the Nigeria Data Protection Act 2023.
Norway - Cybersecurity: Comprehensive law. Lov om digital sikkerhet (digitalsikkerhetsloven, Act 2023-12-20-108) and its implementing regulation (digitalsikkerhetsforskriften), supervised by the National Security Authority (Nasjonal sikkerhetsmyndighet, NSM); complemented by the national Security Act (sikkerhetsloven) for national-security functions.
Philippines - Cybersecurity: Sectoral rules. No single comprehensive cybersecurity statute is yet in force. The regime is a patchwork: the Cybercrime Prevention Act (RA 10175), the Data Privacy Act (RA 10173) administered by the National Privacy Commission, sector-specific rules from the Bangko Sentral ng Pilipinas (BSP) for financial institutions, and the policy-level National Cybersecurity Plan 2023-2028 (adopted by Executive Order No. 58), coordinated by the Department of Information and Communications Technology (DICT). A comprehensive Cybersecurity Act bill remains pending in Congress.
Poland - Cybersecurity: Comprehensive law. Act on the National Cybersecurity System (Ustawa o krajowym systemie cyberbezpieczeństwa, KSC), originally of 5 July 2018 implementing NIS1, as amended in 2026 to transpose the EU NIS2 Directive (2022/2555). Supervision led by the Minister of Digital Affairs, with national CSIRTs (CSIRT NASK, CSIRT GOV, CSIRT MON).
Portugal - Cybersecurity: Comprehensive law. Regime Jurídico da Cibersegurança (Decree-Law no. 125/2025, de 4 de dezembro), transposing EU NIS2 Directive (EU) 2022/2555; supervised by the Centro Nacional de Cibersegurança (CNCS) as national competent authority and single point of contact, with CERT.PT as national CSIRT.
Qatar - Cybersecurity: Sectoral rules. National Cyber Security Agency (NCSA), established by Emiri Decree No. 1 of 2021, governing through mandatory standards/frameworks rather than a single horizontal cybersecurity statute — anchored by the National Information Assurance (NIA) Standard, the National Information Security Compliance Framework (NISCF), the National Cybersecurity Strategy 2024–2030, plus the Personal Data Privacy Protection Law (Law No. 13 of 2016) and the Cybercrime Prevention Law (Law No. 14 of 2014).
Russia - Cybersecurity: Comprehensive law. Federal Law No. 187-FZ 'On the Security of Critical Information Infrastructure of the Russian Federation' (2017, in force 2018), supplemented by Federal Law No. 152-FZ on Personal Data and the GosSOPKA/NKTsKI state incident-response system, with sector rules from the Bank of Russia (FinCERT) and oversight by FSTEC, the FSB and Roskomnadzor.
Saudi Arabia - Cybersecurity: Comprehensive law. National Cybersecurity Authority (NCA) — the supreme national cyber authority (established by Royal Order in 2017) issuing binding controls including the Essential Cybersecurity Controls (ECC); complemented by the Anti-Cyber Crime Law (Royal Decree M/17, 2007) and sectoral/data-protection regimes (SAMA, SDAIA/PDPL).
Singapore - Cybersecurity: Comprehensive law. Cybersecurity Act 2018 (amended by the Cybersecurity (Amendment) Act 2024), administered by the Cyber Security Agency of Singapore (CSA); complemented by PDPA breach-notification rules (PDPC) and sectoral regimes such as MAS Technology Risk Management requirements.
South Africa - Cybersecurity: Sectoral rules. No single comprehensive cybersecurity law. Obligations arise from a patchwork: the Cybercrimes Act 19 of 2020 (offences), POPIA (data-breach/security-compromise notification, overseen by the Information Regulator), the Critical Infrastructure Protection Act 8 of 2019, and the FSCA/Prudential Authority Joint Standard 2 of 2024 for financial institutions, sitting under the policy-level National Cybersecurity Policy Framework (NCPF, 2015).
South Korea - Cybersecurity: Sectoral rules. A patchwork of sector-specific statutes — the Act on Promotion of Information and Communications Network Utilization and Information Protection ('Network Act'), the Act on the Protection of Information and Communications Infrastructure ('PICIA', critical infrastructure), the Personal Information Protection Act ('PIPA'), and the Electronic Financial Transactions Act (finance) — overseen by MSIT/KISA, the NIS, the PIPC and the FSC, rather than a single comprehensive cybersecurity law.
Spain - Cybersecurity: Comprehensive law. Real Decreto-ley 12/2018 (transposing the NIS Directive) and its implementing Real Decreto 43/2021, plus the Esquema Nacional de Seguridad (Real Decreto 311/2022) for the public sector; partial NIS2 transposition via Real Decreto-ley 7/2025. Competent authorities: INCIBE-CERT (private sector), CCN-CERT (public sector/National Cryptologic Centre, CNI), and ESPDEF-CERT (defence). The full NIS2 law (Ley de Coordinación y Gobernanza de la Ciberseguridad) is still in the legislative process.
Sweden - Cybersecurity: Comprehensive law. Cybersecurity Act (Cybersäkerhetslagen, SFS 2025:1506), implementing EU NIS2 Directive (2022/2555), in force 15 January 2026; national coordinator and EU single point of contact: MCF (Myndigheten för civilt försvar, formerly MSB); sector-specific supervisory authorities for respective sectors; NCSC coordinated under FRA (Försvarets radioanstalt)
Switzerland - Cybersecurity: Comprehensive law. Federal Act on Information Security in the Confederation (ISG/ISA), SR 128, in force 1 January 2024; amended with mandatory cyber incident reporting for critical infrastructure from 1 April 2025; administered by the Federal Office for Cybersecurity (BACS), formerly NCSC
Taiwan - Cybersecurity: Comprehensive law. Cyber Security Management Act (CSMA), administered by the Administration for Cyber Security (ACS) under the Ministry of Digital Affairs (MODA); National Institute of Cyber Security (NICS) for R&D and technical support
Thailand - Cybersecurity: Comprehensive law. Cybersecurity Act B.E. 2562 (2019), administered by the National Cyber Security Committee (NCSC) and National Cyber Security Agency (NCSA); complemented by the Personal Data Protection Act B.E. 2562 (2019) for data-breach duties and sector regulators (e.g. Bank of Thailand) for financial services.
Turkey - Cybersecurity: Comprehensive law. Cybersecurity Law No. 7545 (in force 19 March 2025); Cybersecurity Presidency (Siber Güvenlik Başkanlığı, est. Presidential Decree No. 177, 8 January 2025); Personal Data Protection Law No. 6698 (KVKK)
UAE - Cybersecurity: Comprehensive law. UAE Cybersecurity Council + Federal Decree-Law No. 34/2021 (Cybercrime Law) + Federal Decree-Law No. 45/2021 (PDPL) + Signals Intelligence Agency (formerly NESA) Information Assurance Standards + National Cybersecurity Strategy 2025–2031
United Kingdom - Cybersecurity: Sectoral rules. Network and Information Systems (NIS) Regulations 2018 (SI 2018/506), enforced by the ICO (for digital service providers) and sector competent authorities; supplemented by the Telecommunications Security Act 2021 and sector-specific FCA/PRA operational resilience rules. The Cyber Security and Resilience (Network and Information Systems) Bill, introduced 12 November 2025, is progressing through Parliament and would deliver the most significant overhaul since 2018.
United States - Cybersecurity: Sectoral rules. Sector-specific rules (SEC, FTC, HIPAA) plus CISA as lead civilian cyber agency; CIRCIA (2022) cross-sector incident-reporting rule pending final adoption
Vietnam - Cybersecurity: Comprehensive law. Law on Cybersecurity No. 116/2025/QH15 (effective 1 July 2026, replacing Law No. 24/2018/QH14); Decree 53/2022/ND-CP; Decree 13/2023/ND-CP on Personal Data Protection; enforced by the Ministry of Public Security (A05 — Department of Cybersecurity and Prevention of High-Tech Crimes)
Albania - Cybersecurity: Comprehensive law. Law No. 25/2024 'On Cybersecurity' (in force April 2024), enforced by the National Cybersecurity Authority (AKSK/NCSA)
Algeria - Cybersecurity: Sectoral rules. Presidential Decree No. 20-05 (2020, amended 2025) establishing CNSSI/ANSSI; Law No. 09-04 (2009, amended 2016) on cybercrime; Law No. 18-07 (2018, amended by Law 25-11, 2025) on personal data protection; Presidential Decree No. 26-07 (2026) on cybersecurity units; National Cybersecurity Strategy 2025-2029 (Decree 25-321)
Andorra - Cybersecurity: Comprehensive law. Law 22/2022 on Measures for the Security of Networks and Information Systems; National Cybersecurity Agency (ANC-AD); CSIRT-AD
Angola - Cybersecurity: Sectoral rules. Law No. 7/17 of 16 February 2017 (Computer Security); Law No. 22/11 of 17 June 2011 (Personal Data Protection / LPDP); Law No. 23/11 of 20 June 2011 (Electronic Communications); supervised by Agência de Protecção de Dados (APD) and INACOM; National Cybersecurity Strategy enacted by Presidential Decree No. 256/25 (December 2025); standalone Cybersecurity Bill in parliamentary process since January 2026
Armenia - Cybersecurity: Comprehensive law. Law of the Republic of Armenia 'On Cybersecurity' (entered into force 4 January 2026), administered by the Ministry of High-Tech Industry and a newly mandated Information Systems Regulatory Authority; Government CERT operates under the Information Systems Agency of Armenia (ISAA)
Azerbaijan - Cybersecurity: Sectoral rules. Law on Information, Informatization and Protection of Information (as amended by Law No. 539-VIQD, 27 May 2022); Cabinet of Ministers Decision No. 229 (17 July 2023) on CII Security Requirements; Information Security and Cybersecurity Strategy 2023–2027 (Presidential Decree, August 2023); State Service for Special Communication and Information Security (SCIS)
Bahamas - Cybersecurity: Sectoral rules. Computer Misuse Act 2003 (cybercrime); Data Protection Act 2003 (data security); Electronic Communications and Transactions Act 2003 (digital transactions); National Cybersecurity Strategy launched December 2024 (policy); Data Protection Bill 2025 (proposed)
Bangladesh - Cybersecurity: Comprehensive law. Cyber Security Ordinance, 2025 (Ordinance No. 25 of 2025), administered by the National Cyber Security Agency (NCSA) under a National Cyber Security Council (NCSC); operational response by BGD e-GOV CIRT
Belarus - Cybersecurity: Sectoral rules. Law on Information Security (2016); Presidential Decree No. 40 'On Cyber Security' (2023); Law on Personal Data Protection No. 99-Z (2021); supervised by the Operational and Analytical Center (OAC) under the President of the Republic of Belarus
Bolivia - Cybersecurity: Sectoral rules. Law No. 164 on Telecommunications (2011) and Supreme Decree No. 2514 (2015) establishing AGETIC and the CGII; Electronic Government Implementation Plan 2025–2028 (Supreme Decree No. 5468, 1 October 2025)
Botswana - Cybersecurity: Comprehensive law. Cybersecurity Act, 2025 (Act 21 of 2025), administered by the Botswana Communications Regulatory Authority (BOCRA) with BwCIRT as the national CSIRT
Brunei - Cybersecurity: Comprehensive law. Cybersecurity Act, Chapter 272 (S 20/2023, Revised Edition 2024), administered by Cyber Security Brunei (CSB); complemented by the Computer Misuse Act (Chapter 194, 2007) and Personal Data Protection Order (PDPO) 2025
Bulgaria - Cybersecurity: Comprehensive law. Bulgarian Cybersecurity Act (Закон за киберсигурността), as amended 5 February 2026 (State Gazette 13 February 2026), transposing EU Directive 2022/2555 (NIS2); competent authority: Ministry of Electronic Governance (Министерство на електронното управление)
Cambodia - Cybersecurity: Sectoral rules. Law on Cybercrime (2015); Law on Combating Technology-based Fraud (promulgated 7 April 2026); Telecommunications Law (2015); Ministry of Post and Telecommunications (MPTC) / Telecommunications Regulator of Cambodia (TRC)
Cameroon - Cybersecurity: Comprehensive law. Law No. 2010/012 of 21 December 2010 on Cybersecurity and Cybercriminality; regulated by ANTIC (National Agency for Information and Communication Technologies) with an in-house CIRT
Chile - Cybersecurity: Comprehensive law. Ley Marco de Ciberseguridad No. 21.663 (April 8, 2024), enforced by the Agencia Nacional de Ciberseguridad (ANCI)
Colombia - Cybersecurity: Sectoral rules. CONPES 3995 (2020) – National Digital Trust and Security Policy; Decree 338 of 2022 – Digital Security Governance and Critical Infrastructure; Law 1581 of 2012 – Personal Data Protection with breach notification; MinTIC / ColCERT as primary governance bodies; National Digital Security Strategy 2025–2027
Costa Rica - Cybersecurity: Proposed. Ley sobre Delitos Informáticos (Law 9048, 2012) + MICITT National Cybersecurity Strategy 2023–2027 + proposed Ley de Ciberseguridad (Expediente 23292, pending)
Côte d'Ivoire - Cybersecurity: Comprehensive law. Ordonnance No. 2024-950 of October 30, 2024 on securing the digital space (ratified as law April 24, 2025); Law No. 2013-451 on cybercrime (amended 2023); National Cybersecurity Strategy 2021-2025; administered by ANSSI-CI (Agence Nationale de la Sécurité des Systèmes d'Information) created by Decree No. 2024-958
Croatia - Cybersecurity: Comprehensive law. Zakon o kibernetičkoj sigurnosti (Cybersecurity Act, Official Gazette No. 14/2024, in force 15 Feb 2024) + Uredba o kibernetičkoj sigurnosti (Regulation on Cybersecurity, Official Gazette No. 135/2024, in force 30 Nov 2024); national competent authority: SOA / National Cyber Security Center (NCSC-HR)
Cuba - Cybersecurity: Sectoral rules. Decreto 360/2019 (ICT Security and Defense of National Cyberspace); Decreto-Ley 35/2021 (Telecommunications, ICT and Radio-Electric Spectrum); Resolution 105/2021 (National Action Model for Cybersecurity Incident Response); overseen by MINCOM and OSRI (Oficina de Seguridad para las Redes Informáticas)
Cyprus - Cybersecurity: Comprehensive law. Network and Information Systems Security (Amendment) Law of 2025 — Law 60(I)/2025 (amending Law 89(I)/2020); supervised by the Digital Security Authority (DSA) and CSIRT-CY under EU NIS2 Directive 2022/2555
Czechia - Cybersecurity: Comprehensive law. Act No. 264/2025 Coll. on Cybersecurity (Zákon o kybernetické bezpečnosti), in force 1 November 2025, transposing EU NIS2 Directive (2022/2555); supervised by NÚKIB (National Cyber and Information Security Agency)
Dominican Republic - Cybersecurity: Sectoral rules. Patchwork led by Decree 230-18/313-22 (National Cybersecurity Strategy & National Cybersecurity Center–CNCS, CSIRT-RD), Decree 685-22 (mandatory incident notification for public entities), Law 53-07 (high-tech crimes), and the Monetary Authority's Cybersecurity and Information Security Regulation for the financial sector. A comprehensive 'Ley de Gestión de la Ciberseguridad' bill remains pending in Congress.
Ecuador - Cybersecurity: Comprehensive law. Ley Orgánica para el Fortalecimiento de la Ciberseguridad (Registro Oficial, Quinto Suplemento No. 290, 22 May 2026); supplemented by the Ley Orgánica de Protección de Datos Personales (LOPDP, 2021) and the National Cybersecurity Strategy (2022). Primary regulator: Ministerio de Telecomunicaciones y de la Sociedad de la Información (MINTEL) / CSIRT Ecuador.
El Salvador - Cybersecurity: Comprehensive law. Ley de Ciberseguridad y Seguridad de la Información (Decreto Legislativo No. 143, November 2024); complemented by Ley para la Protección de Datos Personales (Decreto No. 144, November 2024); administered by the Agencia de Ciberseguridad del Estado (ACE)
Estonia - Cybersecurity: Comprehensive law. Cybersecurity Act (Küberturvalisuse seadus, 2018, amended January 2026 for NIS2 transposition); supervised by the Information System Authority (RIA) / CERT-EE as national competent authority
Ethiopia - Cybersecurity: Sectoral rules. Computer Crime Proclamation No. 958/2016; Personal Data Protection Proclamation No. 1321/2024; Information Network Security Administration (INSA) oversight — with a Draft Critical Infrastructure Cybersecurity Proclamation currently under parliamentary review
Fiji - Cybersecurity: Sectoral rules. Cybercrime Act 2021 (in force 14 November 2022); Online Safety Act 2018; Reserve Bank of Fiji Prudential Supervision Policy Statement No. 2 (Cybersecurity Risk); National Cybersecurity & Resilience Strategy 2026–2031
Georgia - Cybersecurity: Comprehensive law. Law of Georgia on Information Security (2012, as amended through 2025); National Cybersecurity Strategy 2021–2024; CERT-GOV-GE under the Data Exchange Agency of the Ministry of Justice; Department of Information and Cybersecurity of the National Security Council
Ghana - Cybersecurity: Comprehensive law. Cybersecurity Act, 2020 (Act 1038), administered by the Cyber Security Authority (CSA)
Greece - Cybersecurity: Comprehensive law. Law 5160/2024 (Government Gazette A'/195/27-11-2024) transposing EU NIS2 Directive (2022/2555); supervised by the National Cybersecurity Authority (NCSA / cyber.gov.gr)
Guatemala - Cybersecurity: Proposed. No comprehensive cybersecurity law in force; Initiative 6347 (Ley de Ciberseguridad) pending in Congress; GT-CERT operated informally by the Ministerio de Gobernación
Honduras - Cybersecurity: Sectoral rules. CNBS Circular No. 025/2022 (Normas para la Gestión de Tecnologías de Información, Ciberseguridad y Continuidad del Negocio) for the financial sector; Penal Code cybercrime provisions (Decree 130-2017, updated 2019); CERT-HN as national incident-response body
Hungary - Cybersecurity: Comprehensive law. Act LXIX of 2024 on Cybersecurity in Hungary (in force 1 January 2025), transposing EU NIS2 Directive (2022/2555); implemented by Government Decree 418/2024 (XII.23.); supervised by SZTFH (private sector) and NBSZ/national CERT (public sector)
Iceland - Cybersecurity: Comprehensive law. Cyber-Security Act No. 78/2019 (Öryggi net- og upplýsingakerfa mikilvægra innviða), administered by the Electronic Communications Office of Iceland (ECOI/Fjarskiptastofa) and national CSIRT CERT-IS; NIS2 transposition amendment pending
Iran - Cybersecurity: Sectoral rules. Computer Crimes Law (Law No. 71063, 2009); Supreme Council of Cyberspace (est. 2012 by Supreme Leader decree); FETA (Cyber Police of the Islamic Republic of Iran)
Iraq - Cybersecurity: Proposed. No dedicated cybersecurity or cybercrime law in force; obligations derived from Iraqi Penal Code No. 111 of 1969 and Civil Code No. 40 of 1951, supplemented by sector-specific rules (Banking Law No. 94/2004; CPA Order 65/2004 for communications/CMC); National Cybersecurity Strategy 2022–2025 and Ministry of Interior Cybersecurity Directorate (established 2025) constitute the institutional framework
Jamaica - Cybersecurity: Sectoral rules. Cybercrimes Act 2015 (as amended 2026) + Data Protection Act 2020 + Jamaica Cyber Incident Response Team (JaCIRT) / National Cybersecurity Strategy 2015
Jordan - Cybersecurity: Comprehensive law. Cybersecurity Law No. 16 of 2019 (establishing the National Cybersecurity Center); National Cybersecurity Framework (mandatory for public sector and critical infrastructure); Cybercrime Law No. 17 of 2023; Personal Data Protection Law No. 24 of 2023
Kazakhstan - Cybersecurity: Comprehensive law. Law on Informatization No. 418-V ZRK (24 November 2015); Law on Personal Data and its Protection No. 94-V (21 May 2013, as amended); Law No. 44-VIII ZRK on Amendments to Legislative Acts on Information Security, Informatization and Digital Assets (11 December 2023, effective 11 February 2024 / 1 July 2024); Concept for Digital Transformation, ICT Development and Cybersecurity 2023-2029 (Government Resolution No. 269, 28 March 2023); supervised by the Committee for Information Security, Ministry of Digital Development, Innovations and Aerospace Industry (MDDI), and KZ-CERT / National Coordination Centre for Information Security (NCCIS)
Kuwait - Cybersecurity: Comprehensive law. NCSC Decision No. 2/2026 (National Basic Cybersecurity Controls – NBCC/KNBCC); Law No. 63/2015 on Combating Information Technology Crimes; CITRA established under Law No. 37/2014; National Cybersecurity Strategy (CITRA/NCSC)
Laos - Cybersecurity: Comprehensive law. Law on Cybersecurity (published Lao Official Gazette 20 March 2026); supplemented by Law on Prevention and Combating Cyber Crime (2015) and Law on Electronic Data Protection No. 25/NA (2017); primary regulator: Ministry of Technology and Communications (MTC) with LaoCERT as national CSIRT
Latvia - Cybersecurity: Comprehensive law. National Cyber Security Law (Nacionālās kiberdrošības likums), in force 1 September 2024; implementing NIS2 (EU Directive 2022/2555); competent authority: National Cyber Security Centre (NCSC) under the Ministry of Defence, supported by CERT.LV
Lebanon - Cybersecurity: Sectoral rules. Law No. 81/2018 on Electronic Transactions and Personal Data; 2019 National Cybersecurity Strategy; Telecommunications Regulatory Authority (TRA); National Cybersecurity Committee (Resolution 173)
Lithuania - Cybersecurity: Comprehensive law. Law on Cybersecurity of the Republic of Lithuania (amended 11 July 2024, in force 18 October 2024), transposing EU NIS2 Directive (2022/2555); supplemented by Government Resolution on Implementation (in force 12 November 2024). Competent authority and national CSIRT: National Cyber Security Centre (NKSC/NCSC) under the Ministry of National Defence.
Malta - Cybersecurity: Comprehensive law. Measures for a High Common Level of Cybersecurity across the European Union (Malta) Order, 2025 (S.L. 460.41 / Legal Notice 71 of 2025), transposing EU Directive 2022/2555 (NIS2); supervised by the CIP Department (Malta Critical Infrastructure Protection) as national competent authority and CSIRT; MDIA as National Cybersecurity Certification Authority under the EU Cybersecurity Act
Mauritius - Cybersecurity: Comprehensive law. Cybersecurity and Cybercrime Act 2021 (Act No. 16 of 2021), supplemented by the Data Protection Act 2017 (Act No. 20 of 2017); administered by ICTA, CERT-MU, and the Data Protection Commissioner
Moldova - Cybersecurity: Comprehensive law. Law No. 48/2023 on Cybersecurity (Legea nr. 48/2023 privind securitatea cibernetică), in force 1 January 2025; supplemented by Government Decision No. 1028/2023 (Cybersecurity Agency), Government Decision No. 860/2024 (service-provider identification), and Government Decision No. 562/2025 (sector-specific obligations). Supervised by the Cybersecurity Agency (Agenția pentru Securitate Cibernetică – ASC/NCSC-MD).
Monaco - Cybersecurity: Sectoral rules. Law No. 1.435 of 8 November 2016 on combating technological crime (OIV security obligations), as strengthened by Law No. 1.578 of 1 July 2025; Agence Monégasque de Sécurité Numérique (AMSN) as national cybersecurity authority; data-breach notification under Law No. 1.565 of 3 December 2024
Mongolia - Cybersecurity: Comprehensive law. Law on Cyber Security of Mongolia (adopted 17 December 2021, State Great Khural); implemented by the Ministry of Digital Development, Innovation and Communications (MDDIC) and the General Intelligence Agency (GIA)
Morocco - Cybersecurity: Comprehensive law. Law No. 05-20 on Cybersecurity (2020), implemented by Decree 2-21-406 (2021), enforced by the General Directorate of Information Systems Security (DGSSI) under the Ministry of National Defence
Mozambique - Cybersecurity: Proposed. Cyber Security Act & Cybercrimes Act (approved first reading by Parliament April 2026, not yet promulgated); National Cybersecurity Strategy 2021; INTIC as primary regulatory body
Myanmar - Cybersecurity: Comprehensive law. Cybersecurity Law (State Administration Council Law No. 1/2025), enacted 1 January 2025, in force 30 July 2025; administered by a Central Cybersecurity Committee under the SAC and overseen by the Ministry of Transport and Communications
Namibia - Cybersecurity: Proposed. Cybercrime Bill, 2026 (pending Parliament); Electronic Transactions Act 4 of 2019 (in force); NAM-CSIRT under the Communications Regulatory Authority of Namibia (CRAN)
Nepal - Cybersecurity: Proposed. Electronic Transactions Act 2063 (2008); National Cyber Security Policy 2080 (2023); Nepal Rastra Bank Cyber Resilience Guidelines (2023); Information Technology and Cyber Security Bill 2082 (passed lower house August 2025, enactment pending)
North Macedonia - Cybersecurity: Comprehensive law. Law on Security of Network and Information Systems (Official Gazette No. 135, 04.07.2025), in force 1 January 2026; aligned with EU NIS2 Directive (2022/2555). Administered by the Ministry of Digital Transformation and MKD-CIRT (National Centre for Computer Incident Response) under the Agency for Electronic Communications.
Oman - Cybersecurity: Comprehensive law. Royal Decree No. 52/2017 (Cybersecurity Law) and Royal Decree No. 64/2020 (Cyber Defence Centre), administered by the Ministry of Transport, Communications and Information Technology (MTCIT) and the Cyber Defence Centre (CDC) under the Internal Security Service
Pakistan - Cybersecurity: Sectoral rules. Patchwork: Prevention of Electronic Crimes Act (PECA) 2016 (as amended 2025) for cybercrime; National Cyber Security Policy 2021 (non-binding) and CERT Rules 2023 administered by the Ministry of IT & Telecommunication (MoITT); plus sector-specific rules (e.g. State Bank of Pakistan ETGRM Framework for financial institutions). No single comprehensive cybersecurity-obligations law; the Personal Data Protection Bill remains a draft.
Panama - Cybersecurity: Sectoral rules. Law 478 of 2025 (cybercrime amendments to Penal Code), Law 81 of 2019 (data protection / breach notification), National Cybersecurity Strategy 2021–2024, AIG / CSIRT-Panama
Papua New Guinea - Cybersecurity: Sectoral rules. Cybercrime Code Act 2016 (No. 35 of 2016); National Cybersecurity Policy 2021; National Cybersecurity Strategy 2024 — administered by DICT and NICTA
Paraguay - Cybersecurity: Proposed. Fragmented sectoral instruments (criminal law, Budapest Convention via Law 5994, MITIC Organic Law 6207/2018, CERT-PY) plus National Cybersecurity Strategy 2025-2028 (Decree 3900/25); dedicated comprehensive cybersecurity law still in legislative pipeline
Peru - Cybersecurity: Sectoral rules. Decreto de Urgencia N° 007-2020 (Digital Trust Framework / Marco de Confianza Digital); Ley N° 30999 (Ley de Ciberdefensa); Decreto Supremo N° 016-2024-JUS (Personal Data Protection Regulation); National Center for Digital Security / PECERT (CSIRT)
Romania - Cybersecurity: Comprehensive law. Government Emergency Ordinance No. 155/2024 (GEO 155/2024), as approved and amended by Law No. 124/2025 — transposing EU NIS2 Directive (2022/2555); supervised by the Directoratul Național de Securitate Cibernetică (DNSC)
Rwanda - Cybersecurity: Comprehensive law. Law No. 26/2017 (NCSA Establishment), Law No. 60/2018 (Prevention and Punishment of Cyber Crimes), Law No. 058/2021 (Personal Data and Privacy Protection), RURA Cybersecurity Regulation No. 010, and National Cybersecurity Strategy 2024–2029 — administered by the National Cyber Security Authority (NCSA)
San Marino - Cybersecurity: Sectoral rules. Law No. 114/2016 (Penal Code cybercrime amendments), Law No. 171/2018 (data protection and breach notification), Delegated Decree No. 204/2020 (Autorità ICT mandate), enforced by the Autorità ICT and the independent Garante Privacy
Senegal - Cybersecurity: Sectoral rules. Law No. 2008-11 on Cybercrime; Law No. 2008-12 on Personal Data Protection; Laws No. 2016-29 and 2016-30 amending the Penal Code and Code of Criminal Procedure; National Cybersecurity Strategy SNC2022; supervised by DCSSI (Direction générale du Chiffre et de la Sécurité des Systèmes d'information) and the CDP (Commission de Protection des Données Personnelles)
Serbia - Cybersecurity: Comprehensive law. Law on Information Security (Zakon o informacionoj bezbednosti), Official Gazette RS No. 91/2025, adopted 22 October 2025, in force 31 October 2025; NIS2-aligned successor to the 2016 Information Security Law; supervised by RATEL/National CERT (current) and the forthcoming Office for Information Security (operational 1 January 2027)
Slovakia - Cybersecurity: Comprehensive law. Act No. 69/2018 Coll. on Cybersecurity (as amended by Act No. 366/2024 Coll.), supervised by the National Security Authority (NBÚ — Národný bezpečnostný úrad) and its national CSIRT SK-CERT
Slovenia - Cybersecurity: Comprehensive law. Zakon o informacijski varnosti (ZInfV-1), in force 19 June 2025, transposing EU NIS2 Directive 2022/2555; competent authority: URSIV (Government Information Security Office); national CSIRT: SI-CERT
Sri Lanka - Cybersecurity: Proposed. Computer Crimes Act No. 24 of 2007 (primary operative cybercrime law); Personal Data Protection Act No. 9 of 2022 (breach notification); Sri Lanka CERT / National Cyber Security Operations Center (NCSOC) for operational response; Cyber Security Bill (pending enactment as of mid-2026)
Tanzania - Cybersecurity: Sectoral rules. Cybercrimes Act No. 14 of 2015; Electronic and Postal Communications Act No. 3 of 2010 and CERT Regulations 2018 (amended 2023); Personal Data Protection Act No. 11 of 2022 — enforced by TCRA/TZ-CERT and the Personal Data Protection Commission (PDPC)
Trinidad and Tobago - Cybersecurity: Sectoral rules. Computer Misuse Act (Chap. 11:17); Data Protection Act (Chap. 22:04, 2011, partially proclaimed); TATT Guidelines for Cybersecurity of Public Telecommunications Networks (2024–2026); TT-CSIRT under Ministry of Homeland Security
Tunisia - Cybersecurity: Comprehensive law. Law No. 2018-5 of 23 January 2018 on Cybersecurity, as expanded by Decree-Law No. 2023-17 of 11 March 2023, enforced by the Agence Nationale de la Cybersécurité (ANCS, formerly ANSI)
Uganda - Cybersecurity: Sectoral rules. Computer Misuse Act 2011 (amended 2022/2023) + Data Protection and Privacy Act 2019, with sector-specific rules from Bank of Uganda (Dec 2024) and Uganda Communications Commission (June 2025); NITA-U administers the National Information Security Framework and National Cybersecurity Strategy 2022–2026
Ukraine - Cybersecurity: Comprehensive law. Law of Ukraine No. 2163-VIII 'On the Basic Principles of Ensuring Cyber Security of Ukraine' (2017), substantially reformed by Law No. 4336-IX (in force 20 April 2025); supervised by the State Service of Special Communications and Information Protection (SSSCIP) with CERT-UA as the national incident response authority
Uruguay - Cybersecurity: Sectoral rules. Decree 66/025 (February 2025) + AGESIC Cybersecurity Framework (MCU) + Law 20,327 on Cybercrime (August 2024) + National Cybersecurity Strategy 2024–2030, administered by AGESIC/CERTuy with sector-specific oversight by BCU and URSEC
Uzbekistan - Cybersecurity: Comprehensive law. Law of the Republic of Uzbekistan 'On Cybersecurity' (April 2022, ZRU-764); administered by the State Security Service (SSS) as authorised cybersecurity body and UZCERT as the national CERT
Venezuela - Cybersecurity: Sectoral rules. Ley Especial contra los Delitos Informáticos (G.O. No. 37.313, 2001); Ley de Infogobierno (G.O. No. 42.011, 2014); Decree No. 4.975 / Consejo Nacional de Ciberseguridad (G.O. No. 42.939, August 12, 2024); supervised by CONATEL and SUSCERTE
Zambia - Cybersecurity: Comprehensive law. Cyber Security Act, 2025 (Act No. 3 of 2025) and Cyber Crimes Act, 2025 (Act No. 4 of 2025), signed into law 8 April 2025; regulated by the Zambia Cyber Security Agency (ZCSA) and the Zambia Information and Communications Technology Authority (ZICTA)
Zimbabwe - Cybersecurity: Comprehensive law. Cyber and Data Protection Act, 2021 (No. 5 of 2021, Chapter 12:07), enforced by the Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ) acting as Data Protection Authority and housing the Cyber Security Centre; supplemented by SI 155 of 2024 (Licensing of Data Controllers and Appointment of Data Protection Officers Regulations)
Afghanistan - Cybersecurity: Sectoral rules. Cybercrime Code (2017, part of the Penal Code); National Cybersecurity Strategy (2014); Information Systems Security Directorate (ISSD) under Ministry of Communications and Information Technology (MCIT); Afghanistan CERT (AFCERT); Afghanistan Telecom Regulatory Authority (ATRA)
Barbados - Cybersecurity: Sectoral rules. Computer Misuse Act 2005 (primary cybercrime statute); Data Protection Act 2019 No. 29 (breach notification); Cybercrime Bill 2024 (pending Senate enactment to replace CMA); National CIRT established via ITU agreement
Belize - Cybersecurity: Sectoral rules. Cybercrime Act 2020 (Act No. 32 of 2020) and Data Protection Act 2021 (Act No. 45 of 2021), coordinated by the Public Utilities Commission (PUC) and Data Protection Commissioner
Benin - Cybersecurity: Sectoral rules. Loi No. 2017-20 du 20 avril 2018 portant Code du Numérique en République du Bénin (amended by Law No. 2020-35 of 6 January 2021), administered by ANSSI-Bénin and APDP
Bhutan - Cybersecurity: Sectoral rules. Information, Communications and Media Act (ICMA) 2018 (enforced by BICMA); Penal Code cyber-offence provisions; National Cybersecurity Strategy 2024–2029 (GovTech/BtCIRT)
Bosnia & Herzegovina - Cybersecurity: Sectoral rules. Fragmented sectoral rules: new Law on Personal Data Protection (Official Gazette BiH, February 2025); Criminal Code cybercrime provisions; no dedicated national cybersecurity law, no national CERT, no national cybersecurity strategy
British Virgin Islands - Cybersecurity: Sectoral rules. Computer Misuse and Cybercrime Act 2014 (as amended 2019, 2024/25 amendment pending enactment); Data Protection Act 2021; BVI Financial Services Commission (FSC) supervisory oversight
Burkina Faso - Cybersecurity: Comprehensive law. Loi n° 014-2024/ALT portant sécurité des systèmes d'information (9 July 2024), enforced by the Agence Nationale de Sécurité des Systèmes d'Information (ANSSI), under the Ministry of Digital Transition, Posts and Electronic Communications
Burundi - Cybersecurity: Sectoral rules. Law N°1/10 of 16 March 2022 on Prevention and Repression of Cybercriminality; Law N°1/03 of 10 March 2026 on Personal Data Protection; Law N°1/22 of 22 August 2024 (Electronic Communications Code) — all regulated by ARCT (Agence de Régulation et de Contrôle des Télécommunications)
Central African Republic - Cybersecurity: Sectoral rules. Loi No. 24/001 on Personal Data Protection (January 2024); Law creating the National Cybersecurity Agency (ANCY, 2024); ECCAS Brazzaville Declaration 2016 regional framework
Chad - Cybersecurity: Comprehensive law. Ordinance No. 008/PCMT/2022 on Cybersecurity; Ordinance No. 007/PCMT/2022 on Cybercrime and Cyber Defence; National Agency for Information Security and Electronic Certification (ANSICE)
Congo - Cybersecurity: Comprehensive law. Ordinance-Law No. 23/010 of 13 March 2023 (Code du Numérique / Digital Code); National Cybersecurity Strategy 2022; ARPTIC (Autorité de Régulation des Postes, Télécommunications et Technologies de l'Information et de la Communication, est. Decree 23/13 of 3 March 2023)
Djibouti - Cybersecurity: Comprehensive law. Digital Code (Code du Numérique, June 2025); National Cybersecurity Authority (ANC, est. December 2025); National Cybersecurity Strategy 2024-2030; supervised by Commission Nationale de Protection des Données Personnelles (CNDP)
DR Congo - Cybersecurity: Comprehensive law. Ordinance-Law No. 23/010 of 13 March 2023 (Digital Code / Code du Numérique); National Cybersecurity Strategy 2022–2025; Agence Nationale de Cybersécurité (ANCS) under the Presidency; ARPTC telecom regulator
Equatorial Guinea - Cybersecurity: Proposed. Personal Data Protection Law No. 1/2016; draft Cybercrimes Law under parliamentary review (April 2024); supplementary provisions in the Penal Code and Telecommunications Law
Eritrea - Cybersecurity: Sectoral rules. Communications Proclamation No. 102/1998; Eritrean Telecommunications Services Corporation Proclamation No. 134/2003; reported Cybercrime Proclamation No. 125/2019 — no comprehensive cybersecurity law or data protection statute
eSwatini - Cybersecurity: Comprehensive law. Computer Crime and Cybercrime Act, 2022; Data Protection Act, 2022; Electronic Communications and Transactions Act, 2022 — administered by the Eswatini Communications Commission (ESCCOM)
Gabon - Cybersecurity: Comprehensive law. Loi No. 027/2023 du 11 juillet 2023 portant réglementation de la cybersécurité et la lutte contre la cybercriminalité; complemented by Loi No. 025/2023 on personal data protection and supervised by the APDPVP
Gambia - Cybersecurity: Sectoral rules. Information and Communications Act 2009 (cybercrime provisions); Personal Data Protection and Privacy Act 2025; National Cybersecurity Policy & Strategy 2022–2026; PURA/gmCSIRT as operational authority
Greenland - Cybersecurity: Sectoral rules. Greenland Agency for Digitisation (Digitaliseringskontoret) for cyber defence governance; Greenland Personal Data Act (modeled on Danish law) for data-security and breach-notification obligations; bilateral 2022 Greenland–Denmark Cyber Security Cooperation Agreement with Denmark's Centre for Cyber Security (CFCS/Center for Cybersikkerhed)
Guinea - Cybersecurity: Comprehensive law. Loi N° L/2016/037/AN relative à la Cybersécurité et la protection des données à caractère personnel (2016), supplemented by Décret D-2026/159/PRG/SGG (May 2026); administered by ANSSI and ARPT
Guinea-Bissau - Cybersecurity: No framework. No dedicated cybersecurity law; basic ICT regulation under Law No. 5/2010 (ARN/TIC) and 1993 Penal Code with no cybercrime provisions
Guyana - Cybersecurity: Sectoral rules. Cybercrime Act 2018 (Act No. 16 of 2018); Data Protection Act 2023 (Act No. 18 of 2023); National Cybersecurity Policy Framework (NDMA, 2024); National CIRT (cirt.gy) under the National Data Management Authority
Haiti - Cybersecurity: Sectoral rules. 2025 Penal Code (cybercrime provisions, Arts. 587–593 & 437–442); CONATEL (Conseil National des Télécommunications) telecom/ICT oversight; no dedicated comprehensive cybersecurity law
Isle of Man - Cybersecurity: Sectoral rules. Data Protection Act 2018 (Applied GDPR) administered by the Isle of Man Information Commissioner (inforights.im); supplemented by OCSIA (Office of Cyber Security and Information Assurance) Council of Ministers Directive 2017 and IOMFSA sector-specific guidance
Jersey - Cybersecurity: Comprehensive law. Cyber Security (Jersey) Law 202- (passed by States Assembly 22 January 2026, pending Privy Council assent, commencement expected summer 2026); Jersey Cyber Security Centre (JCSC) as national authority; Jersey Financial Services Commission (JFSC) Codes of Practice for registered financial-services firms
Kyrgyzstan - Cybersecurity: Comprehensive law. Law on Cybersecurity of the Kyrgyz Republic (No. 121, July 17, 2024); Digital Code of the Kyrgyz Republic (2025); enforced by the State Committee for National Security (SCNS) / Coordination Centre on Cybersecurity (cert.gov.kg)
Lesotho - Cybersecurity: Proposed. Computer Crime and Cyber Security Bill, 2024 (pending enactment); Data Protection Act, 2013; Lesotho Communications Authority Act, 2000
Liberia - Cybersecurity: Proposed. Cybercrime Act 2025 (passed both legislative chambers, pending presidential assent as of January 2026); Liberia Telecommunications Authority (LTA) cybersecurity mandate; National Cybersecurity Strategy 2025–2029 (Ministry of Posts and Telecommunications)
Libya - Cybersecurity: Sectoral rules. Law No. 5 of 2022 on Combating Cybercrimes; Law No. 6 of 2022 on Electronic Transactions; Decision No. 150 of 2024 on Cybersecurity Services; National Information Security and Safety Authority (NISSA, est. 2013)
Madagascar - Cybersecurity: Sectoral rules. Law No. 2014-006 on the Fight Against Cybercrime (amended 2016 by Law No. 2016-031); Law No. 2014-038 on Personal Data Protection (enforced by CMIL); ARTEC as telecommunications regulator; national cybersecurity strategy under development (2025)
Malawi - Cybersecurity: Comprehensive law. Electronic Transactions and Cyber Security Act 2016 (Act No. 33 of 2016), supplemented by the Data Protection Act 2024, both administered by the Malawi Communications Regulatory Authority (MACRA) and the Malawi Computer Emergency Response Team (mwCERT)
Maldives - Cybersecurity: Sectoral rules. ICT Act 2017 (Law No. 16/2017); Penal Code cybercrime provisions; Presidential Directive 07/2024 establishing the National Cyber Security Agency (NCSA); National Cyber Security Strategy 2024–2029
Mali - Cybersecurity: Sectoral rules. Law No. 2019-056 of 5 December 2019 on the Suppression of Cybercrime; Law No. 2013-015 of 21 May 2013 on the Protection of Personal Data; regulators: APDP (data protection), AMRTP (telecoms/ICT regulation), AGETIC (government ICT agency); National Cybersecurity Strategy 2026–2030 adopted December 2025
Mauritania - Cybersecurity: Sectoral rules. Cybercrime Law No. 007-2016; Law No. 2018-014 on Personal Data Protection; National Digital Security Strategy 2022–2025; National Agency for Cybersecurity and Electronic Certification (ANCCE, established by decree April 2024) under Ministry of Digital Transformation
Montenegro - Cybersecurity: Comprehensive law. Law on Information Security (Zakon o informacionoj bezbjednosti), Official Gazette No. 113/2024, in force December 5, 2024; aligned with EU NIS2 Directive (2022/2555); supervised by the newly established Cybersecurity Agency and CIRT.ME
New Caledonia - Cybersecurity: Sectoral rules. No single comprehensive horizontal cyber law in force; obligations derive from French national rules (ANSSI; critical-infrastructure/OIV regime; GDPR breach-notification via the CNIL) plus New Caledonia's own administrative security framework (RGSNC). The NIS2-style 'Résilience des infrastructures critiques et cybersécurité' bill, which would extend to New Caledonia, is still pending.
Nicaragua - Cybersecurity: Sectoral rules. No comprehensive NIS2-style cybersecurity-obligations law. Cyber matters are governed by a mix: the criminal Ley Especial de Ciberdelitos (Law 1042/2020, reformed by Law 1219/2024), the policy-level National Cybersecurity Strategy 2020-2025 (Decree 24-2020), and binding sector rules — notably the SIBOIF Norma sobre Gestión de Riesgo Tecnológico for supervised financial institutions.
Niger - Cybersecurity: Sectoral rules. No single comprehensive cybersecurity (NIS2-style) act. The regime is a patchwork: Law No. 2019-33 of 3 July 2019 on cybercrime repression (amended by Ordinance in June 2024); personal-data protection law (Law 2022-59 of 16 Dec 2022, as amended, enforced by the HAPDP); Law 2019-03 of 30 April 2019 on electronic transactions; and telecom/electronic-communications regulation. A National Cybersecurity Strategy 2023-2027 and a National Cybersecurity Centre (CNAC, created by decree Oct 2025) provide the institutional layer.
North Korea - Cybersecurity: Sectoral rules. Information Technology Law (amended 2022) and related statutes (e.g., Software Industry Law, 2004), administered by DPRK state organs; there is no comprehensive, dedicated cybersecurity statute or independent data-protection authority. Cyber-related rules are embedded in broader state-control IT legislation.
Palestine - Cybersecurity: Sectoral rules. Law by Decree No. 10 of 2018 on Cybercrime (amended by Law by Decree No. 28 of 2020), issued by presidential decree; no comprehensive (NIS2-style) cybersecurity law or general personal-data-protection law is yet in force.
Puerto Rico - Cybersecurity: Comprehensive law. Act 40-2024 ("Cybersecurity Act of the Commonwealth of Puerto Rico," approved Jan 18, 2024), administered by the Puerto Rico Innovation and Technology Service (PRITS); complemented by Act 111-2005 breach-notification law (DACO), sectoral rules, and applicable U.S. federal cybersecurity law (PR is a U.S. territory).
Seychelles - Cybersecurity: Sectoral rules. No single comprehensive cybersecurity law. Obligations arise from the Cybercrimes and Other Related Crimes Act 2021 (Act 59 of 2021), the Data Protection Act 2023 (breach notification, enforced by the Information Commission), and institutional bodies (National Cybersecurity Coordination Committee; CERT-SC under the Department of ICT), guided by the National Cybersecurity Strategy 2019–2024.
Sierra Leone - Cybersecurity: Comprehensive law. Cyber Security and Crime Act, 2021 (No. 7 of 2021), implemented by the National Cybersecurity Coordination Centre (NC3); complemented by the National Cybersecurity Strategy and the National Communications Authority (NatCA).
Solomon Islands - Cybersecurity: Sectoral rules. No comprehensive cybersecurity or cybercrime statute. Binding obligations exist only through the sector-specific Telecommunications Act 2009 (Part 19 offences; ss.72-73 confidentiality), backed by the non-binding National Cybersecurity Policy (Aug 2024) and the SICERT incident-response body (2025), with dedicated cybercrime and data-protection bills still under development.
Somalia - Cybersecurity: Proposed. National Cybersecurity Law (passed by the House of the People on 26 Jan 2026), administered by the National Communications Authority (NCA) and SOM-CIRT; complemented by the in-force Data Protection Act No. 005 of 2023 (breach-notification duties) overseen by the Somali Data Protection Authority.
South Sudan - Cybersecurity: Comprehensive law. Cybercrime and Computer Misuse Act, 2026 (signed by President Salva Kiir on 18 February 2026); the National Communication Authority (NCA) is the lead cybersecurity/CIRT body and the National Cybercrime Prosecution Unit sits under the Ministry of Justice and Constitutional Affairs.
Sudan - Cybersecurity: Sectoral rules. Law on Combating Cybercrimes 2018 (amended 2020), administered alongside the Telecommunication and Post Regulatory Authority (TPRA) and Sudan CERT; no comprehensive NIS2-style cybersecurity law and no general data-protection statute.
Suriname - Cybersecurity: Proposed. No comprehensive cybersecurity statute in force. Substantive cybercrime offences sit in the Criminal Code (Wetboek van Strafrecht) 2015; a Privacy/Personal Data Protection Bill is pending in the National Assembly and a national cybersecurity strategy is anticipated under the CARICOM action plan. Lead body: Centrale Inlichtingen- en Veiligheidsdienst (CIVD).
Syria - Cybersecurity: Sectoral rules. A patchwork of instruments rather than a single comprehensive cybersecurity statute: Cybercrime Law No. 20 of 2022, Electronic Personal Data Protection Law No. 12 of 2024, and telecom/internet data-retention duties, overseen by the National Agency for Network Services (NANS) and its national CERT (CERT Syria).
Tajikistan - Cybersecurity: Sectoral rules. No single comprehensive cybersecurity statute. Information/cyber security is governed by a patchwork of sector- and topic-specific instruments: the Law on Informatization (No. 40, 6 Aug 2001), the Law on Protection of Information (No. 631, 15 May 2002), the Law on Personal Data Protection (No. 1537, 3 Aug 2018), cybercrime provisions in the Criminal Code (Section XII, Chapter 28), and the presidentially-approved Concept/National Strategy on Information Security and ICT for Development. Oversight is split between the Communication Service (Service for Communications) regulator and individual state bodies in their sectors.
Timor-Leste - Cybersecurity: Proposed. Draft Cybercrime/Cyber Law (Ministry of Justice, 2025) plus a National Cyber(security) Strategy under development; no comprehensive cybersecurity statute in force. Constitutional privacy rights (Arts. 36–38) and the 2017 National ICT Policy / Timor Digital 2032 provide the policy backdrop.
Togo - Cybersecurity: Comprehensive law. Loi n°2018-026 du 7 décembre 2018 sur la cybersécurité et la lutte contre la cybercriminalité, administered by the Agence Nationale de la Cybersécurité (ANCy); complemented by Loi n°2019-014 (personal data protection) and the cybersecurity rules adopted by Arrêté n°2022-040/PMRT.
Turkmenistan - Cybersecurity: Comprehensive law. Law of Turkmenistan 'On Cybersecurity' (adopted 2019), implemented via State Cybersecurity Programs (2017–2021, 2022–2025) and the State Cybersecurity Service under the Agency of Transport and Communications (Turkmenaragatnashyk).
Vanuatu - Cybersecurity: Sectoral rules. Vanuatu has no single NIS2-style comprehensive cybersecurity statute. Obligations are spread across the Cybercrime Act No. 22 of 2021 (criminal), the Data Protection and Privacy Act No. 13 of 2024 (security and breach-notification duties for personal data), and the National Cyber Security Strategy 2030, with CERT VU (under OGCIO) as the operational incident-response hub.
Yemen - Cybersecurity: Proposed. No comprehensive cybersecurity or cybercrime statute is in force. Cyber matters are handled through a patchwork of general laws (Penal Code 1994, Press and Publications Law 1990, Constitution Art. 52) and the telecom/e-transactions regime overseen by the Ministry of Telecommunications and Information Technology (MTIT); a comprehensive cybercrime framework is being drafted by the Ministry of Legal Affairs (2026).
Antigua and Barbuda - Cybersecurity: Sectoral rules. Electronic Crimes Act 2013 (No. 14 of 2013) and Data Protection Act 2013 (No. 10 of 2013), with oversight by the Information Commissioner
Cape Verde - Cybersecurity: Comprehensive law. Decreto-Lei n.º 9/2021 of 29 January 2021 (General Legal Regime for Cybersecurity in Cabo Verde), complemented by Law n.º 8/IX/2017 (Cybercrime Law), Law n.º 121/IX/2021 (Data Protection), and overseen by the Centro Nacional de Cibersegurança (CNCS) and CSIRT.CV
Comoros - Cybersecurity: Comprehensive law. Law No. 21-012/AU on Cybersecurity and the Fight Against Cybercrime (Union of Comoros), promulgated by Decree No. 22-003/PR (18 January 2022); supplemented by the Personal Data Protection Law (2021) and Penal Code Chapter IV (Articles 449–505 on cybercriminality); administered by ANADEN (National Agency for Digital Development)
Dominica - Cybersecurity: Sectoral rules. Electronic Transactions Act 2013 (Act 19 of 2013); Electronic Evidence Act; Data Protection Act 2011; regional ECTEL framework
Grenada - Cybersecurity: Sectoral rules. Electronic Crimes Act No. 23 of 2013 (amended by Act No. 10 of 2014, in force 2016) and Data Protection Act No. 1 of 2023; operationally supported by the National Cybersecurity Incident Response Team (CSIRT) established May 2022
Kiribati - Cybersecurity: Sectoral rules. Cybercrime Act 2021; National Cybersecurity Strategy 2020; Data Protection Act 2025 — administered by the Ministry of Information, Communications & Transport (MICT) and the Digital Transformation Office (DTO)
Marshall Islands - Cybersecurity: Comprehensive law. Cybersecurity Act 2025 (PL 2025-27); Cybercrimes Act 2025 (PL 2025-40); Ministry of Transportation and Communication (national cybersecurity authority)
Micronesia - Cybersecurity: Proposed. No comprehensive cybersecurity or cybercrime law enacted; three bills pending before FSM Congress (Cybersecurity Bill, Cybercrime Bill, Personal Data Protection Bill); 2021 Cybersecurity Roadmap (non-binding) guides phased legislative development
Nauru - Cybersecurity: Sectoral rules. Cybercrime Act 2015 (Republic of Nauru); Nauru National Digital Transformation Strategy 2025–2030 (proposes dedicated cybersecurity legislation and National Cybersecurity Framework)
Palau - Cybersecurity: Proposed. Senate Bill No. 12-9 (Cybersecurity Act, Senate-passed Oct 2025, pending House of Delegates); existing computer crime provisions under 17 PNC Chapter 31; National Cybersecurity Strategy and Policy 2026–2030 (signed by President Whipps, ITU-supported); Executive Order creating Office of Applied Technology and Strategy (April 2026)
Saint Kitts and Nevis - Cybersecurity: Sectoral rules. Electronic Crimes Act 2009 (amended 2012, 2017); Data Protection Act 2018 (not yet commenced); ECCB sectoral guidance for financial institutions
Saint Lucia - Cybersecurity: Sectoral rules. Computer Misuse Act 2011 (Cap 13.17) and Privacy and Data Protection Act (Cap 8.18), overseen by the Data Protection Commissioner and the National Telecommunications Regulatory Commission (NTRC)
Saint Vincent and the Grenadines - Cybersecurity: Sectoral rules. Cybercrime Act No. 20 of 2016; Data Protection Act 2021; CARICOM Cyber Security and Cybercrime Action Plan (CCSCAP) 2017
Samoa - Cybersecurity: Sectoral rules. Crimes Act 2013 (cybercrime provisions) + Information Security Policy 2024 (MCIT) + SamCERT; no standalone comprehensive cybersecurity law
Sao Tome and Principe - Cybersecurity: Sectoral rules. Cybercrime Law No. 15/2017; Personal Data Protection Law No. 03/2016; National Cybersecurity Strategy 2024–2028 (non-binding); AGER (Autoridade Geral de Regulação) as sectoral regulator
Tonga - Cybersecurity: Comprehensive law. Cybersecurity Act 2025 (Act 14 of 2025), supported by Computer Crimes Act 2003, National Cybersecurity Framework 2022, and CERT Tonga
Tuvalu - Cybersecurity: Proposed. No dedicated cybersecurity or cybercrime law in force; Cybercrime Bill pending; National ICT Policy 2024 (cybersecurity pillar); Data Protection and Privacy Act 2020; scattered provisions in Tuvalu Telecommunications Corporation Act
Argentina - Starting a Business: Moderate. Foreign Investment Law No. 21.382 (national treatment for foreign investors); General Companies Law No. 19.550; SAS regime under Entrepreneurs Law No. 27.349; corporate registration via Inspección General de Justicia (IGJ) in CABA and provincial public registries; tax registration (CUIT) via ARCA (ex-AFIP).
Australia - Starting a Business: Moderate. Corporations Act 2001 (administered by ASIC); company/business registration via the Business Registration Service (business.gov.au) and ABRS (Director ID); foreign direct investment screened under the Foreign Acquisitions and Takeovers Act 1975 by the Foreign Investment Review Board (FIRB)/Treasury
Austria - Starting a Business: Moderate. Austrian Limited Liability Company Act (GmbH-Gesetz) and Flexible Company Act (FlexKapGG, in force since 1 Jan 2024); Trade Act (Gewerbeordnung) for trade licensing; Commercial Register (Firmenbuch) administered by the regional courts; foreign non-EU/EEA/Swiss investors additionally subject to the Investment Control Act (Investitionskontrollgesetz, InvKG). Competent business portal: Unternehmensserviceportal (USP).
Bahrain - Starting a Business: Easy. Companies are formed under Bahrain's Commercial Companies Law (Legislative Decree No. 21/2001, as amended) and registered/licensed by the Ministry of Industry and Commerce (MOIC) through the SIJILAT electronic portal; the Bahrain Economic Development Board (EDB) provides free facilitation to foreign investors.
Belgium - Starting a Business: Moderate. Belgian Companies and Associations Code (CCA/WVV) with mandatory registration in the Crossroads Bank for Enterprises (CBE/KBO); FPS Economy and accredited business counters administer setup; professional cards for non-EEA nationals are governed at regional level (Brussels Economy & Employment, Flanders, Wallonia).
Bermuda - Starting a Business: Moderate. Companies Act 1981 (and amendments), administered by the Registrar of Companies — now a division of the Bermuda Monetary Authority (BMA), which must approve all incorporations; Minister of Finance consent for regulated sectors.
Brazil - Starting a Business: Moderate. Company formation governed by the Civil Code (Lei 10.406/2002, sociedade limitada/LTDA) and Lei 6.404/1976 (S.A.); registration via state Boards of Trade (Juntas Comerciais) coordinated by DREI and the integrated REDESIM network; foreign capital registered with the Banco Central do Brasil (SCE-IED) and tax IDs issued by Receita Federal (CPF/CNPJ).
Canada - Starting a Business: Moderate. Canada Business Corporations Act (CBCA, RSC 1985, c. C-44), administered by Corporations Canada (ISED); provincial business corporations acts for provincial incorporation.
Cayman Islands - Starting a Business: Easy. Companies Act (As Revised), administered by the Cayman Islands General Registry; the Local Companies (Control) Act (As Revised) and Trade & Business Licensing Act govern businesses operating locally.
China - Starting a Business: Moderate. Foreign Investment Law of the PRC (in force 1 Jan 2020) and its Implementing Regulations, the Special Administrative Measures (Negative List) for Foreign Investment Access (2024 Edition, effective 1 Nov 2024), and the revised PRC Company Law (effective 1 Jul 2024). Administered by NDRC, MOFCOM and the State Administration for Market Regulation (SAMR).
Denmark - Starting a Business: Moderate. Danish Companies Act (Selskabsloven), administered by the Danish Business Authority (Erhvervsstyrelsen) via the virk.dk registration portal; immigration for non-EU founders governed by the Aliens Act and the Start-up Denmark scheme (SIRI / nyidanmark.dk).
Egypt - Starting a Business: Moderate. Companies Law No. 159 of 1981 and Investment Law No. 72 of 2017, administered by the General Authority for Investment and Free Zones (GAFI) as a one-stop shop; Importers' Registry Law No. 121 of 1982 (as amended) governs trading/import activities.
Finland - Starting a Business: Easy. Finnish Limited Liability Companies Act (Osakeyhtiölaki 624/2006) and Trade Register Act, administered by the Finnish Patent and Registration Office (PRH) jointly with the Tax Administration via the YTJ/Business Information System (ytj.fi).
France - Starting a Business: Moderate. French Commercial Code (Code de commerce); company registration via the Guichet unique des formalités d'entreprises operated by INPI (mandatory single online portal since 1 Jan 2023). Foreign-national rules under CESEDA; residence permits issued by préfectures. EU/EEA/Swiss nationals enjoy freedom of establishment.
Germany - Starting a Business: Moderate. Company formation governed by the German Commercial Code (HGB) and form-specific statutes (GmbH-Gesetz for the GmbH/UG); business registration via the Gewerbeordnung (Gewerbeanmeldung at the local Gewerbeamt). Foreign investors face no general ownership ban but are subject to FDI screening under the Außenwirtschaftsgesetz (AWG) / Außenwirtschaftsverordnung (AWV), administered by the BMWE. Non-EU founders also need a residence permit for self-employment under Section 21 AufenthG.
Gibraltar - Starting a Business: Easy. Companies Act 2014 (Gibraltar); incorporation administered by HM Companies House Gibraltar under the Government of Gibraltar.
Hong Kong - Starting a Business: Easy. Companies Ordinance (Cap. 622) administered by the Companies Registry, with concurrent Business Registration under the Business Registration Ordinance (Cap. 310) administered by the Inland Revenue Department; promotion via InvestHK.
India - Starting a Business: Moderate. Companies Act, 2013 (incorporation via MCA SPICe+); FDI governed by FEMA and the DPIIT Consolidated FDI Policy administered by the Reserve Bank of India and the Department for Promotion of Industry and Internal Trade (DPIIT).
Indonesia - Starting a Business: Moderate. Law No. 25/2007 on Investment as amended by Law No. 11/2020 (Job Creation/Omnibus Law); Presidential Regulation No. 10/2021 as amended by No. 49/2021 (Positive Investment List); company formation under Law No. 40/2007 on Limited Liability Companies via the OSS-RBA system administered by the Ministry of Investment/BKPM (Government Regulation No. 24/2018).
Ireland - Starting a Business: Easy. Companies Act 2014, administered by the Companies Registration Office (CRO) via the online CORE portal; foreign investment in sensitive sectors is subject to the Screening of Third Country Transactions Act 2023 (in force 6 January 2025), administered by the Minister for Enterprise, Trade and Employment.
Israel - Starting a Business: Easy. Companies Law 5759-1999, administered by the Israeli Corporations Authority / Registrar of Companies (Ministry of Justice). Sectoral foreign-investment oversight under the Ministry of Defense and a national-security screening advisory committee at the Ministry of Finance.
Italy - Starting a Business: Moderate. Italian Civil Code (società forms, esp. S.r.l. under art. 2463 and S.r.l.s. under art. 2463-bis); company registration via the Business Register (Registro delle Imprese) of the Chamber of Commerce using the mandatory digital Single Business Communication (Comunicazione Unica/ComUnica). EU baseline (freedom of establishment); non-EU access governed by the reciprocity principle and immigration rules.
Japan - Starting a Business: Moderate. Companies Act (Kaisha-hō) governs company formation (Kabushiki-Kaisha / Godo-Kaisha), administered via the Legal Affairs Bureau; foreign investment screening is under the Foreign Exchange and Foreign Trade Act (FEFTA) administered by the Ministry of Finance; long-term operation by a foreign founder requires a 'Business Manager' residence status under the Immigration Control Act (Ministry of Justice / Immigration Services Agency).
Kenya - Starting a Business: Moderate. Companies Act, 2015 (as amended by the Finance Act, 2016), administered by the Business Registration Service (BRS) via the eCitizen portal; investor entry governed by the Immigration (Class G permit) regime and the Investment Promotion Act administered by the Kenya Investment Authority (KenInvest).
Liechtenstein - Starting a Business: Moderate. Liechtenstein Persons and Companies Act (PGR) governs legal entities; the Trade Act (Gewerbegesetz) governs business licensing, administered by the Office of Economic Affairs (Amt für Volkswirtschaft) and the Commercial Register (Handelsregister).
Luxembourg - Starting a Business: Moderate. Law of 2 September 2011 on the right of establishment (autorisation d'établissement), administered by the Ministry of the Economy (General Directorate for SMEs); company forms governed by the amended Law of 10 August 1915 on commercial companies; registration with the Luxembourg Trade and Companies Register (RCS / Luxembourg Business Registers).
Malaysia - Starting a Business: Moderate. Companies Act 2016 (administered by the Companies Commission of Malaysia, SSM); foreign-equity policy overseen by MIDA; sector licences such as the Wholesale, Retail & Trade (WRT) licence governed by the Ministry of Domestic Trade and Cost of Living (KPDN) under the Guidelines on Foreign Participation in Distributive Trade Services 2020.
Mexico - Starting a Business: Moderate. Ley de Inversión Extranjera (Foreign Investment Law) and Ley General de Sociedades Mercantiles, administered by the Secretaría de Economía; foreign capital recorded in the Registro Nacional de Inversiones Extranjeras (RNIE). Electronic incorporation of a Sociedad por Acciones Simplificada (SAS) is offered via gob.mx/tuempresa.
Netherlands - Starting a Business: Easy. Dutch Civil Code (Book 2, on legal persons / the 'Flex-BV' rules) and the Trade Register Act (Handelsregisterwet), administered by the Netherlands Chamber of Commerce (KVK) and a civil-law notary; tax registration via the Belastingdienst. EU member state baseline applies.
New Zealand - Starting a Business: Easy. Companies Act 1993, administered by the New Zealand Companies Office (Ministry of Business, Innovation and Employment); foreign investment in sensitive land/significant business assets screened under the Overseas Investment Act 2005 (Land Information New Zealand / Treasury).
Nigeria - Starting a Business: Moderate. Companies and Allied Matters Act (CAMA) 2020 administered by the Corporate Affairs Commission (CAC); foreign-investment overlay under the Nigerian Investment Promotion Commission (NIPC) Act and the Immigration Act (business permit / expatriate quota via the Ministry of Interior).
Norway - Starting a Business: Moderate. Norwegian Private Limited Liability Companies Act (Aksjeloven); company registration via the Brønnøysund Register Centre (Register of Business Enterprises / Foretaksregisteret) and the Altinn portal; residence/work permits administered by UDI for non-EU/EEA nationals.
Philippines - Starting a Business: Moderate. Foreign Investments Act of 1991 (RA 7042, as amended by RA 8179 and RA 11647), implemented via the Foreign Investment Negative List — currently the 13th FINL under Executive Order No. 113 (2026); company registration under the Revised Corporation Code (RA 11232) administered by the Securities and Exchange Commission (SEC).
Poland - Starting a Business: Easy. Act of 6 March 2018 on the Rules for Participation by Foreign Undertakings and Other Foreign Persons in Trade in the Republic of Poland, together with the Entrepreneurs' Law (Prawo przedsiębiorców) and the Commercial Companies Code; company registration via the National Court Register (KRS)/S24 system administered through biznes.gov.pl.
Portugal - Starting a Business: Easy. Código das Sociedades Comerciais and Código do Registo Comercial, administered via the 'Empresa na Hora' (on-the-spot) and 'Empresa Online' regimes run by IRN/Ministry of Justice; tax registration through Autoridade Tributária (AT). EU-baseline (Services Directive single point of contact) applies.
Qatar - Starting a Business: Moderate. Foreign Investment Law No. 1 of 2019 (regulating investment of non-Qatari capital) and Executive Regulations No. 44 of 2020, administered by the Ministry of Commerce and Industry (MOCI) / Invest in Qatar Center; company forms under the Commercial Companies Law.
Russia - Starting a Business: Restricted. Civil Code & Federal Law No. 14-FZ 'On Limited Liability Companies'; Federal Law No. 160-FZ 'On Foreign Investments'; Federal Law No. 57-FZ on strategic-sector FDI screening; and 2022 Presidential Decrees (incl. No. 618) imposing Government Commission approval on transactions involving 'unfriendly-country' persons. Registration is administered by the Federal Tax Service (FNS).
Saudi Arabia - Starting a Business: Moderate. Investment Law (Royal Decree, 1446H/2024, in force 2025) administered by the Ministry of Investment of Saudi Arabia (MISA); company incorporation and Commercial Registration via the Ministry of Commerce / Saudi Business Center (business.sa).
Singapore - Starting a Business: Easy. Companies Act 1967, administered by the Accounting and Corporate Regulatory Authority (ACRA) via the Bizfile online portal; work passes for relocating founders administered by the Ministry of Manpower (MOM).
South Africa - Starting a Business: Moderate. Companies Act 71 of 2008, administered by the Companies and Intellectual Property Commission (CIPC); foreign founders also engage the Immigration Act 13 of 2002 (business visa) and South African Reserve Bank exchange-control rules.
South Korea - Starting a Business: Easy. Foreign Investment Promotion Act (FIPA) and its Enforcement Decree, administered by the Ministry of Trade, Industry and Energy (MOTIE) and facilitated by KOTRA/InvestKOREA; company formation governed by the Commercial Act.
Spain - Starting a Business: Easy. Ley de Sociedades de Capital (RDL 1/2010); Ley 18/2022 'Crea y Crece' (minimum capital reform); Ley 28/2022 (Startup Law); Royal Decree 571/2023 (FDI screening); CIRCE/PAE digital registration system — supervised by Registro Mercantil, Agencia Tributaria, and ICEX/Invest in Spain
Sweden - Starting a Business: Easy. Aktiebolagslagen (Companies Act, SFS 2005:551); competent authority: Bolagsverket (Swedish Companies Registration Office) and Skatteverket (Swedish Tax Agency)
Switzerland - Starting a Business: Moderate. Swiss Code of Obligations (OR/CO, SR 220); Commercial Register Ordinance (HRegV); Federal Act on Foreign Nationals and Integration (AIG/FNA, SR 142.20)
Taiwan - Starting a Business: Moderate. Statute for Investment by Foreign Nationals; Company Act (ROC); administered by the Department of Investment Review (DIR), Ministry of Economic Affairs (MOEA)
Thailand - Starting a Business: Moderate. Foreign Business Act B.E. 2542 (1999) (Ministry of Commerce); Civil and Commercial Code (company formation); administered by the Department of Business Development (DBD), Ministry of Commerce
Turkey - Starting a Business: Easy. Foreign Direct Investment Law No. 4875 (2003) and Turkish Commercial Code No. 6102 (TCC), administered via MERSIS (Central Registry Record System) under the Ministry of Trade
UAE - Starting a Business: Easy. Federal Decree-Law No. 32 of 2021 (Commercial Companies Law), amended by Federal Decree-Law No. 26 of 2020 (100% foreign ownership) and Federal Decree-Law No. 20 of 2025; administered by emirate-level Departments of Economic Development (DED) and individual Free Zone Authorities
United Kingdom - Starting a Business: Easy. Companies Act 2006 (as amended by the Economic Crime and Corporate Transparency Act 2023), administered by Companies House
United States - Starting a Business: Moderate. State-level business formation statutes (e.g., Delaware General Corporation Law, state LLC Acts); federal oversight via IRS (EIN issuance), SBA (loan programs), and CFIUS/FIRRMA (foreign investment review in sensitive sectors)
Vietnam - Starting a Business: Moderate. Law on Investment 2020 (No. 61/2020/QH14), Law on Enterprises 2020 (No. 59/2020/QH14), Decree 31/2021/ND-CP, and Law on Investment 2025 (No. 143/2025/QH15, effective 1 March 2026)
Albania - Starting a Business: Easy. Law No. 9901 of 14.04.2008 'On Entrepreneurs and Commercial Companies' (as amended) and Law No. 7764 of 02.11.1993 'On Foreign Investments', administered by the National Business Center (Qendra Kombëtare e Biznesit, QKB) via the e-Albania digital portal
Algeria - Starting a Business: Moderate. Law No. 22-18 of 24 July 2022 (Algerian Investment Code) and its implementing decrees; administered by AAPI (Agence Algérienne de Promotion de l'Investissement) and CNRC (Centre National du Registre du Commerce)
Andorra - Starting a Business: Moderate. Law 5/2025 (Llei Òmnibus, in force April 2025), which repealed and replaced Law 10/2012 on foreign investment; administered by the Department of Legal and Economic Registers, Ministry of Presidency, Economy and Enterprise (Govern d'Andorra)
Angola - Starting a Business: Moderate. Private Investment Law No. 10/18 of 26 June 2018 (as amended by Law No. 10/21 of 22 April 2021); Lei das Sociedades Comerciais (Lei No. 1/04 of 13 February 2004); Lei de Simplificação No. 11/15; administered by AIPEX (investment certificates) and Guichet Único de Empresa – GUE (company registration)
Armenia - Starting a Business: Easy. Law of the Republic of Armenia on State Registration of Legal Entities, administered by the State Register Agency of Legal Entities under the Ministry of Justice; electronic portal: e-register.am
Azerbaijan - Starting a Business: Easy. Civil Code of the Republic of Azerbaijan (Chapter on LLC); Law of the Republic of Azerbaijan 'On State Registration of Legal Entities and State Registry'; registration authority: State Tax Service under the Ministry of Economy (taxes.gov.az)
Bahamas - Starting a Business: Moderate. International Business Companies Act (Ch. 309); Companies Act 1992 (Ch. 308); Bahamas Investment Authority Act — administered by the Registrar General's Department and the Bahamas Investment Authority (BIA)
Bangladesh - Starting a Business: Moderate. Companies Act 1994 (Act XVIII of 1994), administered by the Registrar of Joint Stock Companies and Firms (RJSC) under the Ministry of Commerce; Bangladesh Investment Development Authority (BIDA) for industrial investment registration
Belarus - Starting a Business: Moderate. Civil Code of the Republic of Belarus; Law on Business Entities; Decree No. 1 of 16 January 2009 on State Registration; Unified State Register (USR/EGR) administered by the Ministry of Justice (egr.gov.by)
Bolivia - Starting a Business: Moderate. Ley de Promoción de Inversiones No. 516 (2014); Código de Comercio; SEPREC (Servicio Plurinacional de Registro de Comercio) — replaced FUNDEMPRESA as the commercial registry authority in 2022
Botswana - Starting a Business: Moderate. Companies Act (CAP 42:01, 2019 revision), administered by the Companies and Intellectual Property Authority (CIPA); Trade Act (local council trade licensing); Immigration Act (investor/director permits via Department of Immigration and Citizenship)
Brunei - Starting a Business: Moderate. Companies Act (Cap. 39, 1956, as amended 2021), administered by the Registry of Companies and Business Names (ROCBN) under the Ministry of Finance and Economy (MOFE); online registration via the One Common Portal (OCP)
Bulgaria - Starting a Business: Easy. Commerce Act (Търговски закон); Registry Agency / EPZEU Commercial Register; Ministry of Economy and Industry; Point of Single Contact (PSC) portal — psc.egov.bg
Cambodia - Starting a Business: Moderate. Law on Commercial Enterprises (2005, amended), Law on Investment (2021), and Ministry of Commerce Prakas No. 117 on Simplification of Business Registration (9 December 2025, effective 8 January 2026)
Cameroon - Starting a Business: Moderate. OHADA Uniform Act on Commercial Companies and Economic Interest Groupings (AUDSC); Cameroon Investment Charter Law No. 2002/004; Investment Promotion Law No. 2013/004; CFCE (Centre de Formalités de Création des Entreprises) one-stop-shop regime
Chile - Starting a Business: Easy. Ley 20.659 (2013) — Simplified Business Registry (Registro de Empresas y Sociedades), administered by Chile's Ministry of Economy, Promotion and Tourism; InvestChile serves as the official foreign investment promotion agency under the Ministry
Colombia - Starting a Business: Easy. Law 1258 of 2008 (SAS regime); Decree 1068 of 2015 as amended by Decree 119 of 2017 (foreign investment regime); Banco de la República foreign exchange regulations; Cámara de Comercio commercial registry
Costa Rica - Starting a Business: Easy. Código de Comercio (Commercial Code); Registro Nacional (National Registry); PROCOMER Ventanilla Única de Inversión (VUI); Law 10729 (2025 registry reform)
Côte d'Ivoire - Starting a Business: Moderate. OHADA Uniform Act on Commercial Companies (AUSCGIE); Investment Code as amended by Ordinance No. 2024-857 of 30 September 2024; administered by CEPICI (Centre de Promotion des Investissements en Côte d'Ivoire)
Croatia - Starting a Business: Easy. Companies Act (Zakon o trgovačkim društvima, OG 111/93 as amended); Foreign Investment Screening Act (OG 136/25, in force Nov 2025); HITRO.HR one-stop-shop; Commercial Court Registry (Sudski registar)
Cuba - Starting a Business: Restricted. Law 118 on Foreign Investment (2014); Decree-Law 46/2021 on MIPYMEs (private SMEs) as amended by Decree-Law 88/2024 and Decree 107/2024
Cyprus - Starting a Business: Easy. Companies Law, Cap. 113 (Cyprus); Department of Registrar of Companies and Intellectual Property (companies.gov.cy); Business Facilitation Unit (BFU) under Ministry of Commerce, Industry and Tourism for foreign-interest companies
Czechia - Starting a Business: Easy. Act on Business Corporations No. 90/2012 Coll. & Public Registers Act No. 304/2013 Coll.; Commercial Register administered by Ministry of Justice (or.justice.cz); trade licensing by Ministry of Industry and Trade (businessinfo.cz)
Dominican Republic - Starting a Business: Moderate. Law No. 479-08 on Commercial Companies and Individual Limited Liability Enterprises (as amended by Law 31-11); Law No. 16-95 on Foreign Investment; Law No. 3-02 on Commercial Registration
Ecuador - Starting a Business: Easy. Ley de Compañías (codified, last updated 2022) and Ley Orgánica de Emprendimiento e Innovación (2020), administered by the Superintendencia de Compañías, Valores y Seguros (SCVS/SUPERCIAS); tax registration governed by the Servicio de Rentas Internas (SRI)
El Salvador - Starting a Business: Easy. Ley de Inversiones (Legislative Decree 732, 1999); Código de Comercio; Ley de Sociedad por Acciones Simplificadas (Legislative Decree 905, December 2023); supervised by the Centro Nacional de Registros (CNR) and Ministerio de Hacienda
Estonia - Starting a Business: Easy. Estonian Commercial Code (Äriseadustik, RT I 1995, 26, 355, consolidated 2023); e-Business Register operated by RIK (Centre of Registers and Information Systems); e-Residency programme (Police and Border Guard Board)
Ethiopia - Starting a Business: Moderate. Investment Proclamation No. 1180/2020; Commercial Registration and Business Licensing Proclamation No. 980/2016 (as amended by No. 1150/2019); Commercial Code 2021; administered by the Ethiopian Investment Commission (EIC)
Fiji - Starting a Business: Moderate. Companies Act 2015 (No. 3 of 2015) and Investment Act 2021 (No. 5 of 2021), administered by the Registrar of Companies (ROC) under the Ministry of Justice, Fiji Revenue & Customs Service (FRCS), and Investment Fiji
Georgia - Starting a Business: Easy. Law of Georgia on Entrepreneurs (enacted 2 August 2021, in force 1 January 2022); Law of Georgia on Promotion and Guarantees of Investment Activity; registration authority: National Agency of Public Registry (NAPR) under the Ministry of Justice of Georgia
Ghana - Starting a Business: Moderate. Companies Act 2019 (Act 992) governing incorporation; Ghana Investment Promotion Centre Act 2013 (Act 865) governing foreign participation and minimum capital; Office of the Registrar of Companies (ORC) as the registration authority
Greece - Starting a Business: Moderate. Law 4919/2022 (transposing EU Directive 2019/1151); General Commercial Registry (GEMI) under Ministry of Development & Investments; digital One-Stop-Shop (e-YMS); competent authority: GEMI Directorate
Guatemala - Starting a Business: Moderate. Código de Comercio (Decreto 2-70); Ley de Inversión Extranjera (Decreto 9-98); Ley de Fomento de Inversión de Capital Extranjero (Decreto 46-2022); administered by the Registro Mercantil General de la República and the Superintendencia de Administración Tributaria (SAT)
Honduras - Starting a Business: Moderate. Código de Comercio (Decreto No. 73-50, 1950, as amended) and Ley para la Promoción y Protección de Inversiones (Decreto 51-2011); administered by the Registro Mercantil and Servicio de Administración de Rentas (SAR)
Hungary - Starting a Business: Easy. Act V of 2013 (Hungarian Civil Code, Polgári Törvénykönyv) governs KFT (Kft.) formation; Act V of 2006 governs company registration procedure; FDI national-security screening under Act LVII of 2018; administered by Company Registry Courts (Cégbíróság) via birosag.hu
Iceland - Starting a Business: Moderate. Act on Private Limited Companies No. 138/1994 (Lög um einkahlutafélög); Act on Investment by Non-residents in Business Enterprises No. 34/1991; administered by Iceland Revenue and Customs (Skatturinn) via the Register of Enterprises (Fyrirtækjaskrá)
Iran - Starting a Business: Restricted. Foreign Investment Promotion and Protection Act (FIPPA, 2002) administered by the Organization for Investment, Economic and Technical Assistance of Iran (OIETAI) under the Ministry of Economic Affairs and Finance; company formation governed by the Iranian Commercial Code
Iraq - Starting a Business: Restricted. Companies Law No. 21 of 1997 (as amended by Amendment No. 17 of 2019); Investment Law No. 13 of 2006 administered by the National Investment Commission (NIC)
Jamaica - Starting a Business: Easy. Companies Act (Jamaica), administered by the Office of the Registrar of Companies (ORC) / Companies Office of Jamaica (COJ), under the Ministry of Industry, Investment & Commerce (MIIC)
Jordan - Starting a Business: Moderate. Investment Environment Law No. 21 of 2022 (Jordan); Investment Environment Bylaw No. 7 of 2023; Companies Law No. 22 of 1997 (as amended); administered by the Companies Control Department (CCD) under the Ministry of Industry, Trade and Supply
Kazakhstan - Starting a Business: Easy. Entrepreneurial Code of the Republic of Kazakhstan (No. 375-V, 2015, as amended); Law on State Registration of Legal Entities, Branches and Representative Offices (No. 562-IV, 2012); Law on Investments (No. 373-II, 2003, as amended)
Kuwait - Starting a Business: Moderate. Kuwait Companies Law (Law No. 1 of 2016) and Foreign Direct Investment Promotion Law (Law No. 116 of 2013), administered by the Ministry of Commerce and Industry (MOCI) and the Kuwait Direct Investment Promotion Authority (KDIPA)
Laos - Starting a Business: Moderate. Investment Promotion Law No. 62/NA (28 June 2024, effective 16 December 2024); Law on Enterprise; administered by the Ministry of Industry and Commerce (MOIC) / Department of Enterprise Registration and Management (DERM) for general enterprises, and the Ministry of Finance (absorbing the former Ministry of Planning and Investment from July 2025) for concession investments
Latvia - Starting a Business: Easy. Latvian Commercial Law (Komerclikums, likumi.lv/ta/en/en/id/5490); registration authority: Enterprise Register of Latvia (Uzņēmumu reģistrs, ur.gov.lv)
Lebanon - Starting a Business: Moderate. Lebanese Commercial Code (Code de Commerce), as amended by Law No. 126/2019; Investment Development Authority of Lebanon (IDAL) under Law No. 360/2001; Ministry of Economy and Trade for branch registration; Commercial Registry at the Ministry of Justice
Lithuania - Starting a Business: Easy. Law on Companies of the Republic of Lithuania (No. VIII-1835); administered by VĮ Registrų centras (State Enterprise Centre of Registers) under the Ministry of Justice
Malta - Starting a Business: Easy. Companies Act (Cap. 386, Laws of Malta); Malta Business Registry (MBR) as registrar; Malta Financial Services Authority (MFSA) for regulated-activity licensing
Mauritius - Starting a Business: Easy. Companies Act 2001 and Business Registration Act 2002, administered by the Corporate and Business Registration Department (CBRD); foreign investment facilitated by the Economic Development Board (EDB) under EDB Act 2017
Moldova - Starting a Business: Easy. Law No. 220/2007 on State Registration of Legal Entities and Individual Entrepreneurs; Public Services Agency (ASP) is the sole registering authority
Monaco - Starting a Business: Moderate. Law No. 1.573 of 8 April 2025 on the Modernisation of Company Law; business permit regime under existing Monegasque commercial law; administered by the Direction du Développement Économique (DDE) under the Ministry of Finance and Economy
Mongolia - Starting a Business: Moderate. Law of Mongolia on Investment (3 October 2013, as amended); Law on State Registration of Legal Entities; Law on Business Entities (Companies Act); General Authority for State Registration (GASR/LERO)
Morocco - Starting a Business: Moderate. Law 03-22 (Investment Charter, December 2022); Law No. 5-96 on commercial companies as amended (SARL/SA); OMPIC and Regional Investment Centers (CRIs) under Law No. 47-18 as amended by Law No. 22-24
Mozambique - Starting a Business: Moderate. Commercial Code (Decreto-Lei No. 1/2022 of 25 May 2022); Investment Law No. 8/2023 of 9 June 2023; Investment Regulations (Decree No. 8/2024 of 7 March 2024); administered by APIEX (Agency for Promotion of Investments and Exports) and Commercial Registry Offices (Conservatórias do Registo Comercial)
Myanmar - Starting a Business: Restricted. Myanmar Companies Law 2017 (MCL) and Myanmar Investment Law 2016, administered by the Directorate of Investment and Company Registration (DICA) and the Myanmar Investment Commission (MIC) under the Ministry of Investment and Foreign Economic Relations (MIFER)
Namibia - Starting a Business: Moderate. Companies Act 28 of 2004 (administered by BIPA — Business and Intellectual Property Authority); Foreign Investment Act of 1993 (still operative governing FDI); Namibia Investment Promotion Act 9 of 2016 (gazetted but withdrawn for revision in 2021, not yet in force)
Nepal - Starting a Business: Moderate. Foreign Investment and Technology Transfer Act 2075 (2019) (FITTA); Companies Act 2063 (2006); Industrial Enterprise Act 2076 (2019) — administered by the Department of Industry (DOI) and Office of Company Registrar (OCR)
North Macedonia - Starting a Business: Easy. Law on Trade Companies (Закон за трговски друштва), administered by the Central Registry of North Macedonia (CRM); foreign investment governed by the Law on Foreign Investment and Constitution guaranteeing equal treatment
Oman - Starting a Business: Moderate. Foreign Capital Investment Law (Royal Decree 50/2019) and Commercial Companies Law (Royal Decree 18/2019), administered by the Ministry of Commerce, Industry and Investment Promotion (MOCIIP) via the Invest Easy e-portal (business.gov.om)
Pakistan - Starting a Business: Moderate. Companies Act 2017 (administered by SECP); Foreign Private Investment (Promotion & Protection) Act 1976; Board of Investment (BOI) Ordinance 2001
Panama - Starting a Business: Easy. Law 32 of February 26, 1927 (General Corporation Law — Sociedad Anónima); Panama Commercial Code (S.R.L.); supervised by the Registro Público de Panamá and the Ministerio de Comercio e Industrias (MICI)
Papua New Guinea - Starting a Business: Moderate. Companies Act 1997 and Investment Promotion Act (Cap. 390), administered by the Investment Promotion Authority (IPA)
Paraguay - Starting a Business: Easy. Law 1034/1983 (Merchant Code / Código del Comerciante), Law 6480/2020 (Empresa por Acciones Simplificadas – EAS), Foreign Investment Law 5542/2015; administered via the SUACE unified registration portal (suace.gov.py), overseen by the Ministry of Industry and Commerce (MIC) and National Tax Authority (SET)
Peru - Starting a Business: Moderate. Ley General de Sociedades (Ley 26887); Decreto Legislativo 757 (Ley Marco para el Crecimiento de la Inversión Privada); Decreto Legislativo 662 (Ley de Fomento y Garantías a la Inversión Extranjera); administered by SUNARP, SUNAT, and ProInversión
Romania - Starting a Business: Easy. Law 31/1990 on Companies (as amended), Law 239/2025 (in force 18 Dec 2025); registration authority: Oficiul Național al Registrului Comerțului (ONRC)
Rwanda - Starting a Business: Easy. Companies Act No. 17/2018 and Investment Code No. 06/2021, administered by the Rwanda Development Board (RDB) / Office of the Registrar General (ORG)
San Marino - Starting a Business: Moderate. Legge 23 febbraio 2006 n. 47 (Legge sulle Società / Companies Act), as amended through 2024; administered by the Office of Economic Activities (Ufficio Attività Economiche) and the Court Registry (Registro delle Società), with licensing through the Ufficio Industria, Artigianato e Commercio
Senegal - Starting a Business: Moderate. OHADA Uniform Act on Commercial Companies and Economic Interest Groups (AUSCGIE) + Senegal Investment Code (2025 revision, adopted 19 September 2025, replacing Law No. 2004-06 of 6 February 2004); administered by APIX (Agence pour la Promotion des Investissements et Grands Travaux) and the CFE/RCCM
Serbia - Starting a Business: Easy. Law on Companies (Zakon o privrednim društvima, Official Gazette RS 36/2011, as amended) and Law on Investments (Official Gazette RS 89/2015, as amended), administered by the Serbian Business Registers Agency (APR – Agencija za privredne registre)
Slovakia - Starting a Business: Easy. Slovak Commercial Code (Act No. 513/1991 Coll.); Act on the Commercial Register No. 530/2003 Coll. (new Act effective 1 March 2026); Trade Licensing Act No. 455/1991 Coll.; administered by Ministry of Justice via Obchodný register (orsr.sk)
Slovenia - Starting a Business: Easy. Companies Act (Zakon o gospodarskih družbah – ZGD-1); SPOT one-stop-shop portal (spot.gov.si) operated by AJPES (Agency of the Republic of Slovenia for Public Legal Records and Related Services); Investment Promotion Act (Zakon o spodbujanju investicij – ZSInv) for FDI screening
Sri Lanka - Starting a Business: Moderate. Companies Act No. 7 of 2007, administered by the Department of the Registrar of Companies (DRC); foreign investment governed by the Board of Investment of Sri Lanka Act No. 4 of 1978 (as amended), overseen by BOI Sri Lanka
Tanzania - Starting a Business: Moderate. Tanzania Investment Act 2022 (Act No. 14 of 2022); Companies Act (Cap. 212 R.E. 2002); Business Licensing (Prohibition of Business Activities for Non-Citizens) Order G.N. No. 487A of 2025; administered by TISEZA (Tanzania Investment and Special Economic Zones Authority, operational 1 July 2025)
Trinidad and Tobago - Starting a Business: Moderate. Companies Act, Chapter 81:01 (1995); Foreign Investment Act, Chapter 70:07 (1990); administered by the Companies Registry / Registrar General's Department, Ministry of Legal Affairs
Tunisia - Starting a Business: Moderate. Investment Law No. 2016-71 of 30 September 2016 (promulgating the Investment Code); Companies Code (Code des sociétés commerciales); RNE (Registre National des Entreprises) for company registration; APII (Agency for Promotion of Industry and Innovation) one-stop shop
Uganda - Starting a Business: Moderate. Companies Act 2012 (Cap. 110); Uganda Investment Code Act 2019; Uganda Registration Services Bureau Act 1998 — administered by the Uganda Registration Services Bureau (URSB) and the Uganda Investment Authority (UIA)
Ukraine - Starting a Business: Moderate. Law of Ukraine No. 2275-VIII 'On Limited Liability and Additional Liability Companies' (2018); state registration administered by the Ministry of Justice via state registrars and notaries; National Bank of Ukraine (NBU) governs wartime currency controls
Uruguay - Starting a Business: Easy. Ley 16.060 (Ley de Sociedades Comerciales); Ley 19.820/2019 (Sociedad por Acciones Simplificada — SAS); Dirección General Impositiva (DGI); Registro Nacional de Comercio (Auditoría Interna de la Nación — AIN); Banco de Previsión Social (BPS); Uruguay XXI (official investment promotion agency)
Uzbekistan - Starting a Business: Easy. Law on Investments and Investment Activity (No. ЗРУ-598, 25 December 2019); Law on Limited Liability Companies; Civil Code of Uzbekistan — administered by the Ministry of Justice and the Agency for Public Services
Venezuela - Starting a Business: Restricted. Venezuelan Commercial Code (Código de Comercio); Ley Constitucional de Inversión Extranjera Productiva (LCIEP, 2020); administered by SAREN (Servicio Autónomo de Registros y Notarías) for commercial registration and BANCOEX (Banco de Comercio Exterior) for foreign investment registry
Zambia - Starting a Business: Moderate. Companies Act No. 10 of 2017 (PACRA); Investment, Trade and Business Development Act No. 18 of 2022 (as amended by Act No. 3 of 2024); Zambia Development Agency (ZDA) as investment promoter/licensor
Zimbabwe - Starting a Business: Moderate. Zimbabwe Investment and Development Agency Act [Chapter 14:34] (2020); Companies and Other Business Entities Act [Chapter 24:31]; Indigenisation and Economic Empowerment Act [Chapter 14:33] and SI 215 of 2025
Afghanistan - Starting a Business: Restricted. Afghanistan Investment Law 2016 (as amended); Companies Law; Afghanistan Central Business Registry (ACBR) under the Ministry of Commerce and Industries (MoCI); AISA (Afghanistan Investment Support Agency, now integrated into MoCI). Taliban de-facto government has maintained legacy registration structures but operates under international sanctions.
Barbados - Starting a Business: Moderate. Companies Act (Cap. 308) administered by the Corporate Affairs and Intellectual Property Office (CAIPO); foreign investment overseen by Invest Barbados, with the Exchange Control Act (Cap. 71) administered by the Central Bank of Barbados and the Foreign Currency Permits Act 2025-5.
Belize - Starting a Business: Easy. Belize Companies Act No. 11 of 2022 (Cap. 250), administered by the Belize Companies and Corporate Affairs Registry (BCCAR) via the Online Business Registry System (OBRS)
Benin - Starting a Business: Moderate. OHADA Uniform Act on Commercial Companies and Economic Interest Groups (AUSCGIE); Benin Investment Code (Law No. 2020-36 of 5 October 2020); administered by the Agence de Promotion des Investissements et des Exportations (APIEx) via the GUFE one-stop shop and MonEntreprise.bj platform
Bhutan - Starting a Business: Moderate. Foreign Direct Investment Rules and Regulations 2025 (effective 18 July 2025), Companies Act of Bhutan 2016; administered by the Ministry of Industry, Commerce & Employment (MoICE) and InvestBhutan (investbhutan.gov.bt)
Bosnia & Herzegovina - Starting a Business: Moderate. Law on the Policy of Foreign Direct Investment in Bosnia and Herzegovina (1998, state-level); Company Law of the Federation of BiH; Law on Business Companies of Republika Srpska; administered by FIPA (state), cantonal/municipal courts (FBiH), and APIF (RS)
British Virgin Islands - Starting a Business: Easy. BVI Business Companies Act 2004 (as amended by Act No. 15 of 2024, in force 2 January 2025), administered by the BVI Financial Services Commission Registry of Corporate Affairs
Burkina Faso - Starting a Business: Moderate. Loi N°038-2018/AN portant Code des Investissements du Burkina Faso; OHADA Uniform Act on Commercial Companies (AUDSCGIE); CEFORE one-stop registration centres
Burundi - Starting a Business: Moderate. Investment Code of 2021 (Law No. 1/14 of 17 June 2021); one-stop shop administered by the Agence de Promotion des Investissements (API) / Burundi Development Agency (ADB) under the Ministry of Trade
Central African Republic - Starting a Business: Moderate. OHADA Uniform Act on Commercial Companies and Economic Interest Groups (CAR is an OHADA member state); Investment Charter 2018 (Charte des Investissements de la République Centrafricaine); administered via the Guichet Unique des Formalités des Entreprises (GUFE-RCA)
Chad - Starting a Business: Moderate. OHADA Uniform Act on Commercial Companies and Economic Interest Groups (AUSCGIE); Chad National Investment Charter (2008); ANIE (Agence Nationale des Investissements et des Exportations) one-stop shop
Congo - Starting a Business: Moderate. OHADA Uniform Act on Commercial Companies (revised 2014); Law n°16-2017 of 30 March 2017 establishing the Agence Congolaise pour la Création des Entreprises (ACPCE); Law 19-2005 reserving certain activities for Congolese nationals
Djibouti - Starting a Business: Moderate. Djibouti Investment Code (1984, as amended); Commercial Code (OHADA-aligned); Startup Act Djibouti (April 2025); administered by NIPA (National Investment Promotion Agency) via the Guichet Unique one-stop shop
DR Congo - Starting a Business: Moderate. OHADA Uniform Act on Commercial Companies (AUDSCGIE); DRC Investment Code (Loi n° 004/2002, as amended); administered via Guichet Unique de Création d'Entreprise (GUCE) and Agence Nationale pour la Promotion des Investissements (ANAPI)
Equatorial Guinea - Starting a Business: Moderate. OHADA Uniform Act on Commercial Companies and Economic Interest Groups; Equatorial Guinea Investment Law (Decree 72/2018); Ventanilla Única Empresarial (VUE) one-stop shop (Malabo 2019, Bata 2021)
Eritrea - Starting a Business: Restricted. Investment Proclamation No. 59/1994 and amendments; Ministry of Trade, Industry and Tourism; Eritrea Investment Center (under Ministry of Finance)
eSwatini - Starting a Business: Moderate. Companies Act 2009 (Act No. 8 of 2009), administered by the Registrar of Companies under the Ministry of Commerce, Industry and Trade; supported by the Eswatini Investment Promotion Authority (EIPA) as a one-stop facilitation body
Gabon - Starting a Business: Moderate. OHADA Uniform Act on Commercial Companies (Acte Uniforme OHADA relatif aux sociétés commerciales); Gabon Investment Charter (Loi N°15/1998); ANPI-Gabon single-window GNI digital platform; draft new Investment Code adopted by Council of Ministers March 2025
Gambia - Starting a Business: Moderate. Companies Act 2013 and Single Window Business Registration Act 2013, administered by the Registrar of Companies under the Ministry of Justice; Gambia Investment and Export Promotion Agency Act 2010 (GIEPA)
Greenland - Starting a Business: Moderate. Danish Companies Act (adopted in Greenland from 1 January 2018); registration via Danish Business Authority (Erhvervsstyrelsen/CVR) through virk.dk; Greenlandic Tax Authority (AKA) for tax/employer registration; proposed Greenlandic Foreign Investment Screening Act introduced October 2025, withdrawn for revision, not yet enacted as of May 2026
Guinea - Starting a Business: Moderate. OHADA Uniform Act on Commercial Companies (AUDSC); Guinea's national Investment Code (Code des Investissements); administered by APIP – Agence de Promotion des Investissements Privés (guichet unique)
Guinea-Bissau - Starting a Business: Moderate. OHADA Uniform Act on Commercial Companies and Economic Interest Groups; Guinea-Bissau Investment Code (Decree-Law No. 03/2009 of 31 December); Centre de Formalização de Empresas (CFE) as one-stop registration authority under the Ministry of Commerce
Guyana - Starting a Business: Easy. Guyana Investment Act 2004 (Act No. 1 of 2004); Companies Act Cap. 89:01; administered by the Deeds and Commercial Registries Authority (DCRA) and the Guyana Office for Investment (GO-Invest)
Haiti - Starting a Business: Moderate. Haiti Investment Code (Decree of October 30, 1989, as amended 2002); Code de Commerce haïtien; Loi sur les Sociétés Commerciales; administered by the Ministère du Commerce et de l'Industrie (MCI) and the Centre de Facilitation des Investissements (CFI)
Isle of Man - Starting a Business: Easy. Companies Act 2006 (Isle of Man); Companies Act 1931 (legacy regime); Foreign Companies Act 2014; Financial Services Act 2008 (registered agent licensing); Beneficial Ownership Act 2017
Jersey - Starting a Business: Easy. Companies (Jersey) Law 1991, administered by the Jersey Financial Services Commission (JFSC); supported by Control of Housing and Work (Jersey) Law 2012; Control of Borrowing (Jersey) Order 1958 (being phased out under 2026 amendments)
Kyrgyzstan - Starting a Business: Easy. Law on State Registration of Legal Entities and Individual Entrepreneurs (Kyrgyz Republic); Ministry of Justice of the Kyrgyz Republic (primary registrar); National Investment Agency (invest.gov.kg)
Lesotho - Starting a Business: Moderate. Companies Act No. 18 of 2011; Business Licensing and Registration Act 2019 and Business Licensing and Registration Regulations 2020; administered by the One-Stop Business Facilitation Centre (OBFC) under the Ministry of Trade, Industry, Cooperatives and Marketing
Liberia - Starting a Business: Moderate. Liberia Investment Act 2010; National Investment Commission Act 2010; Liberia Business Registry (LBR) under the Ministry of Commerce and Industry (MoCI)
Libya - Starting a Business: Restricted. Law No. 9 of 2010 on Investment Promotion (primary FDI law); Ministry of Economy and Trade Decree No. 207 of 2012 (foreign branch registration); Libya's Commercial Code (LLC and general company rules); administered by the Privatisation and Investment Board (PIB) / General Authority for Investment Promotion and Privatisation Affairs (GAIPPA)
Madagascar - Starting a Business: Moderate. Madagascar Investment Law 2023 (Loi sur l'Investissement); OHADA Uniform Acts for company law; Economic Development Board of Madagascar (EDBM) as statutory one-stop-shop
Malawi - Starting a Business: Moderate. Companies Act No. 15 of 2013 (Chapter 46:03), administered by the Department of Registrar General via the Malawi Business Registration System (MBRS); investment facilitation governed by the Investment and Export Promotion Act through the Malawi Investment and Trade Centre (MITC)
Maldives - Starting a Business: Moderate. Foreign Investment Act 1979 (Law No. 25/79), Business Registration Act 2014 (Law No. 18/2014), Companies Act 1996 (Law No. 10/96), and the Foreign Direct Investment Policy 2020 (as amended), administered by the Ministry of Economic Development & Trade (Registrar of Companies).
Mali - Starting a Business: Moderate. OHADA Uniform Act on Commercial Companies and Economic Interest Groups (2014 revision); Mali Investment Code – Law No. 2012-016 of 27 February 2012; API-Mali (Agence pour la Promotion des Investissements) one-stop shop (Guichet Unique)
Mauritania - Starting a Business: Moderate. Investment Code 2025 (Law No. 2025-006/PR, enacted 19 February 2025), Commercial Code, administered by the Agence de Promotion des Investissements en Mauritanie (APIM)
Montenegro - Starting a Business: Easy. Law on Business Companies (new Act in force January 1, 2026), administered by the Central Registry of Business Entities (CRPS) and the Montenegro Investment Agency (MIA)
New Caledonia - Starting a Business: Moderate. New Caledonia is a French sui generis overseas collectivity where French commercial company law (Code de commerce, applicable via specific extension texts) governs company forms (SARL, SAS, SA, EURL). Formation formalities run through the Centre de Formalités des Entreprises (CFE) of the relevant consular chamber (CCI for commerce/industry/services, CMA for crafts, CAP-NC for agriculture/fisheries) and the online Guichet-entreprises service, with registration in the RIDET (held by ISEE) and the Registre du Commerce et des Sociétés (RCS) at the greffe of the Tribunal Mixte de Commerce de Nouméa. Foreign investment in sensitive sectors is screened under Article L151-3 of the French Monetary and Financial Code, which applies of right in New Caledonia.
Nicaragua - Starting a Business: Moderate. Foreign Investment Law No. 1240 (in force 24 May 2025, replacing Law No. 344) administered by MIFIC; company incorporation under the Commercial Code via the Investment One-Stop Shop (Ventanilla Única de Inversiones, VUI), with registration at the Public Mercantile Registry (CSJ), the Tax Directorate (DGI) and the municipality.
Niger - Starting a Business: Moderate. OHADA Uniform Acts (commercial company law) and Niger's national Investment Code, administered through the Centre de Formalités des Entreprises (CFE) / Maison de l'Entreprise one-stop shop and the Registre du Commerce et du Crédit Mobilier (RCCM).
North Korea - Starting a Business: Restricted. DPRK Foreign Investment Law and related statutes (Equity Joint Venture Law, Contractual Joint Venture Law, Foreign Enterprises Law) administered by state economic bodies — but overridden in practice by UN Security Council sanctions (notably Resolution 2375, 2017) and national sanctions regimes (e.g. US EO 13722).
Palestine - Starting a Business: Moderate. Companies Law No. 42 of 2021 (in force April 2022), administered by the Companies Controller/Comptroller (Companies Control Department) at the Ministry of National Economy (MoNE); investment incentives under the Investment Promotion Law via the Palestinian Investment Promotion Agency (PIPA).
Puerto Rico - Starting a Business: Easy. Puerto Rico General Corporations Act (Act No. 164 of 2009), administered by the Puerto Rico Department of State (Registro de Corporaciones); as a U.S. territory, federal law (IRS, immigration) also applies.
Seychelles - Starting a Business: Easy. International Business Companies Act, 2016 (offshore companies), administered by the Financial Services Authority (FSA) Seychelles and the Registrar of Companies; the Seychelles Investment Act and Seychelles Investment (Economic Activities) Regulations 2022 govern foreign participation in domestic/local-market activities (Seychelles Investment Board).
Sierra Leone - Starting a Business: Moderate. Companies Act, 2009 (as amended); registration administered by the Office of the Administrator and Registrar General (OARG) / Corporate Affairs Commission, with facilitation by the Sierra Leone Investment and Export Promotion Agency (SLIEPA) and tax registration via the National Revenue Authority (NRA).
Solomon Islands - Starting a Business: Moderate. Foreign Investment Act 2005 and Companies Act 2009, administered by the Foreign Investment Division and the Companies Registry ("Company Haus") of the Ministry of Commerce, Industry, Labour & Immigration (MCILI), via the online Solomon Islands Business Registry / InvestSolomons portal.
Somalia - Starting a Business: Moderate. Companies Law No. 18 of 26 December 2019 (and its Regulations) administered by the Office of the Company Registrar at the Federal Ministry of Commerce & Industry, via the eBusiness.gov.so portal; Foreign Investment Law No. 13 of 21 January 2016 (foreign investor registration, administered with the Somalia Investment Promotion Office, SOMINVEST).
South Sudan - Starting a Business: Restricted. Companies Act, 2012 (administered by the Business Registry, Ministry of Justice and Constitutional Affairs) and the Investment Promotion Act, 2009 (South Sudan Investment Authority).
Sudan - Starting a Business: Restricted. Investment (Encouragement) Act 2021 administered by the Ministry of Investment; company formation under the Companies Act 1925 and related registration statutes via the Commercial Registrar (Department of Commercial Affairs). Note: an active SAF–RSF civil war since April 2023 has rendered normal company formation largely non-functional in much of the country.
Suriname - Starting a Business: Moderate. Company registration is governed by Suriname's Commercial Code and the Wetboek van Koophandel, administered by the Chamber of Commerce and Industry (Kamer van Koophandel en Fabrieken, KKF). Foreign investment is generally treated equally to domestic investment, with no overarching foreign-investment screening law in force.
Syria - Starting a Business: Moderate. Investment Law No. 18 of 2021 as amended by Presidential Decree No. 114 of 2025, administered by the Syrian Investment Agency/Authority (SIA) under the Supreme Council for Economic Development; company incorporation under Syrian commercial/companies law.
Tajikistan - Starting a Business: Moderate. Law of the Republic of Tajikistan 'On State Registration of Legal Entities and Individual Entrepreneurs' and the Law 'On Investment'; state registration administered by the Tax Committee under the Government (Department of Registration of Legal Entities and Individual Entrepreneurs) via a single-window system.
Timor-Leste - Starting a Business: Moderate. Company registration is administered by SERVE, I.P. (Serviço de Registo e Verificação Empresarial), a government one-stop shop, under the Commercial Companies regime; foreign investment incentives are governed by the Private Investment Law (Law 15/2017) and Government Decree 2/2018, administered by TradeInvest Timor-Leste, I.P.
Togo - Starting a Business: Easy. OHADA Uniform Act on Commercial Companies (AUSCGIE) as adapted by Togolese national reforms, with company registration centralized at the Centre de Formalités des Entreprises (CFE, cfetogo.tg), which delivers RCCM, tax ID (NIF) and social-security (CNSS) numbers in one step.
Turkmenistan - Starting a Business: Restricted. Law of Turkmenistan 'On Foreign Investments' and Law 'On Enterprises'; state registration administered via the Agency for Protection against Economic Risks (Ministry of Finance and Economy) and the Interdepartmental Commission for the Protection of the Economy from Risks.
Vanuatu - Starting a Business: Moderate. Foreign Investment Act No. 25 of 2019, administered by the Vanuatu Foreign Investment Promotion Agency (VFIPA); company incorporation under the Companies Act administered by the Vanuatu Financial Services Commission (VFSC).
Yemen - Starting a Business: Restricted. Investment Law No. 15 of 2010 (administered by the General Investment Authority, GIA) together with the Commercial Companies Law; company registration via the Ministry of Industry and Trade. Operations are heavily constrained by ongoing conflict and a split between Sana'a- and Aden-based institutions.
Antigua and Barbuda - Starting a Business: Easy. Companies Act 1995 (domestic companies) and International Business Corporations Act Cap. 222 (offshore IBCs), administered by the Antigua and Barbuda Intellectual Property and Commerce Office (ABIPCO); foreign direct investment facilitated by the Antigua and Barbuda Investment Authority (ABIA).
Cape Verde - Starting a Business: Moderate. Investment Law No. 13/VIII/2012 (Lei do Investimento), Commercial Companies Code (Código das Sociedades Comerciais), administered via the Janela Única dos Negócios (JUN / Casa do Cidadão) and Cabo Verde TradeInvest
Comoros - Starting a Business: Moderate. Investment Code 2020 (adopted 28 December 2020, superseding Law N°07-0010/AU of 2007), administered by the National Agency for Investment Promotion (ANPI) via a Guichet Unique (one-stop shop); company law follows OHADA commercial law principles
Dominica - Starting a Business: Easy. Companies Act No. 21 of 1994 (domestic companies); International Business Companies Act 1996 (IBCs); administered by the Companies & Intellectual Properties Office (CIPO) under the Ministry of Trade
Grenada - Starting a Business: Easy. Grenada Companies Act (Cap. 241), administered by the Corporate Affairs and Intellectual Property Office (CAIPO); investment facilitation by the Grenada Investment Development Corporation (GIDC)
Kiribati - Starting a Business: Moderate. Foreign Investment Act 2018; Companies Act 2021; Business Names Act 2021 — administered by the Investment Promotion Division and Business and Companies Regulatory Division (BCRD) under the Ministry of Commerce, Industry and Cooperatives (MCIC)
Marshall Islands - Starting a Business: Easy. Business Corporations Act 1990 (IBCs/LLCs, non-resident entities); Foreign Investment Business License Act 1990 as amended 2000 (domestic foreign investment); administered by IRI/RMI Corporate Registry and the Registrar of Foreign Investment (Attorney General's Office)
Micronesia - Starting a Business: Restricted. FSM Foreign Investment Act (Title 32, FSM Code) and Foreign Investment Regulations; administered by the FSM Department of Administrative Services and state-level authorities in each of the four states (Chuuk, Kosrae, Pohnpei, Yap)
Nauru - Starting a Business: Moderate. Corporations Act 1972; Business Licences Act 2017; Business Names Registration Regulations 2018; Partnership Act 2018; Beneficial Ownership Act 2017 — administered by the Department of Justice & Border Control, Yaren District
Palau - Starting a Business: Restricted. Foreign Investment Act, Palau National Code Title 28, Chapter 1 (as amended 2014); administered by the Foreign Investment Board (FIB) under the Office of the Attorney General
Saint Kitts and Nevis - Starting a Business: Easy. Companies Act, 1996 (Chapter 21.03) — St. Kitts island; Nevis Business Corporation Ordinance (Cap. 7.01) — Nevis island; supervised by the Financial Services Regulatory Commission (FSRC)
Saint Lucia - Starting a Business: Easy. Companies Act (Cap. 13.01) and International Business Companies Act (Cap. 12.14), administered by the Saint Lucia Commercial Registry and Invest Saint Lucia
Saint Vincent and the Grenadines - Starting a Business: Easy. Business Companies Act (2007, as amended) and Limited Liability Companies Act (2008) — regulated by the Financial Services Authority (FSA); domestic companies and business names registered via the Commerce and Intellectual Property Office (CIPO)
Samoa - Starting a Business: Moderate. Foreign Investment Act 2000 (as amended by Foreign Investment Amendment Act 2011), Companies Act 2001; administered by the Ministry of Commerce, Industry & Labour (MCIL) via the Online Samoa Company Registry (businessregistries.gov.ws)
Sao Tome and Principe - Starting a Business: Moderate. Investment Code (Decree-Law No. 19/2016 of 17 November 2016) and its Regulation (Decree No. 18/2017 of 28 December 2017), administered by the Agência de Promoção de Comércio e Investimento (APCI) and the Guiché Único Empresarial (GUE) one-stop shop
Tonga - Starting a Business: Moderate. Foreign Investment Act 2020 (Act 7 of 2020) and Foreign Investment Regulations 2021, administered by the Business Registries Office under the Ministry of Trade and Economic Development (MTED)
Tuvalu - Starting a Business: Moderate. Companies and Business Registration Act (Cap 40.12, revised 2008); International Companies Act 2009 (Cap 40.34, 2022 revision); Foreign Direct Investment Act 1996 — administered by Tuvalu Ministry of Finance and Economic Development