Internet & Online Safety · Andorra
Online safety & content laws in Andorra (2026)
Andorra shaded by its internet & online safety status
Online safety rules in Andorra: partial, under Llei 29/2021 (LQPD, GDPR-aligned data protection); Llei 42/2022 (Digital Economy, Entrepreneurship and Innovation); 2026 bill amending the Qualified Law on Rights of Children and Adolescents (social media/minors); Agència Andorrana de Protecció de Dades (APDA).
Andorra, a non-EU/EEA microstate, has no comprehensive online safety law equivalent to the EU DSA or UK OSA. Its online regulatory framework is partial: a GDPR-aligned data-protection law (LQPD, 2021) covers personal data and cookie consent; a Digital Economy Law (2022) frames e-commerce activity; and a 2025-2026 legislative initiative specifically restricts social media access for under-16s with mandatory age verification and content filtering. The EU DSA does not apply directly, though a pending EU-Andorra Association Agreement may eventually extend single-market digital obligations.
Key points
Andorra is neither an EU nor EEA member, so the EU Digital Services Act does not bind Andorran-established entities or apply domestically. A negotiated EU-Andorra Association Agreement (Council Decision (EU) 2025/2610) is advancing but requires ratification by all EU member states and an Andorran referendum before single-market digital rules would become binding.
Llei 29/2021 del 28 d'octubre, Qualificada de Protecció de Dades Personals, in force since May 2022, closely mirrors the EU GDPR. It grants data-subject rights, imposes controller obligations, and regulates cookie consent. The APDA supervises compliance and may impose fines up to €100,000 for very serious violations.
Llei 42/2022 of 1 December 2022, on digital economy, entrepreneurship and innovation, establishes Andorra's framework for e-commerce and information-society services. It is primarily economic in orientation and does not impose DSA-style content-moderation, algorithmic-transparency, or platform-liability obligations.
The Andorran government approved a bill in early 2026 amending the Qualified Law on the Rights of Children and Adolescents, prohibiting minors under 16 from accessing social networks deemed harmful to their development, requiring robust age verification, mandating parental authorisation for non-banned platforms, and setting age-specific daily screen time limits. Andorra Telecom must configure SIM cards for minors with default content filters. Data protection experts and Andorra Telecom have flagged feasibility and privacy concerns.
In February 2025 the ITU published a National Child Online Protection Assessment for Andorra, evaluating legal, technical, and institutional safeguards for minors online. Andorra has also participated in Council of Europe child online protection forums and joined the international INHOPE network for combating child sexual abuse material.
Andorra has no domestic law imposing DSA-style obligations on online platforms regarding content moderation, algorithmic transparency, or illegal-content removal. Platform liability for third-party content is addressed only indirectly through general civil and penal law; a sector-specific regime does not yet exist.
Timeline - major decisions & events
The Andorran Data Protection Agency formally delivered legislative observations to the General Council proposing amendments to the Penal Code, including extending identity-usurpation offences to synthetic media and fake digital profiles, introducing AI as an aggravating factor, and strengthening corporate liability for online privacy violations. The submission marks a shift from reactive enforcement to proactive legislative shaping by the regulator.
Alto (Andorra) ↗Andorra hosted the second edition of the Andorra Forum, with 30 October dedicated to child online protection in partnership with the International Telecommunication Union (ITU); the Council of Europe's Deputy Secretary General underlined that AI-driven harms to children require cross-border cooperation with no room for jurisdictional gaps. The forum is a standing platform launched in 2024 within Andorra's Digital Transformation Programme 2024-2027.
Council of Europe ↗At the informal Council of Europe Ministers of Justice conference in Vilnius, Andorra signed the Framework Convention on Artificial Intelligence and Human Rights, Democracy, and the Rule of Law, the first legally binding international AI treaty. Signatories must ensure AI systems respect fundamental rights and democratic processes, with direct implications for algorithmic content moderation and automated online decision-making.
Council of Europe ↗New cookie guidelines issued by the Andorran Data Protection Agency took effect, requiring freely given, specific, and unambiguous consent before activating non-essential cookies across websites, mobile applications, IoT devices, smart TVs, and connected vehicles. The rules operationalise the LQPD's consent requirements for the full ecosystem of online tracking.
APDA – Andorran Data Protection Agency ↗The General Council approved Law 22/2022 on measures for the security of networks and information systems, modelled on EU Directive 2016/1148 (NIS). The law created mandatory security obligations for critical operators, mandated incident reporting to authorities, and established the National Cybersecurity Agency (ANC) and CSIRT-AD as the country's national cyber-incident response infrastructure.
Andorra Digital ↗At the Council of Europe Ministerial meeting in Turin, Andorra became the 23rd signatory to the Second Additional Protocol to the Budapest Convention on Cybercrime, which establishes common cross-border rules for disclosure of electronic evidence and direct cooperation with service providers in criminal investigations. Ratification will make cross-border cybercrime investigations significantly more efficient.
Council of Europe – Cybercrime ↗The General Council enacted the Qualified Personal Data Protection Law, a comprehensive overhaul aligning Andorra with EU GDPR principles and Directive 2016/680 for law enforcement data. The law granted data subjects rights of access, rectification, erasure, portability, and objection to automated decision-making, and repositioned the APDA as a fully independent supervisory authority.
Cuatrecasas (citing official text) ↗Andorra enacted Law 31/2018 establishing a comprehensive framework for information society services and e-commerce, mandating transparency in online transactions, codifying liability rules for intermediary service providers, and strengthening consumer protection in digital markets. It superseded earlier piecemeal provisions on digital operators.
Andorra Telecom ↗Three years after signing, Andorra formally ratified the Council of Europe Budapest Convention on Cybercrime, binding itself to criminalise illegal access, data interference, computer fraud, and online child sexual abuse material, and to provide mutual legal assistance to other parties in cybercrime investigations.
Council of Europe – Treaty Office ↗Andorra enacted its foundational personal data protection statute, Law 15/2003, creating basic rules for data processing and establishing initial supervisory oversight. Though eventually superseded by the 2021 LQPD, it provided the country's first legal basis for online privacy rights and laid the institutional groundwork for what would become the APDA.
Council of Europe – Data Protection ↗Andorra - other topics
Internet & Online Safety in other countries
Last verified 5/24/2026 · Orientation, not legal advice - verify against the primary sources linked above. Methodology & how to cite · Explore the full world map →