Cybersecurity regulation in Belize (2026)

Act No. 32 of 2020 criminalises illegal system access, data and system interference, computer-related fraud and forgery, identity theft, child luring, and publication of private images. It also mandates service-provider data-retention obligations and includes procedural powers (search, seizure, preservation orders) aligned with the Budapest Convention.

Act No. 45 of 2021, assented to on 29 November 2021, requires controllers to notify the Data Protection Commissioner and affected individuals of a personal-data breach without undue delay and, where feasible, within 72 hours of becoming aware of it. The Data Protection Commissioner oversees compliance and may investigate complaints and impose sanctions.

Belize's first national cybersecurity strategy, developed with OAS-CICTE support and coordinated by the National Security Council Secretariat and PUC, set out goals including establishing a national CIRT, defining critical-infrastructure minimum standards, and drafting sector-specific incident-reporting protocols. The strategy's 2023 end-date has passed and no formal successor has been enacted.

In February 2026, the Ministry of E-Governance convened a National Cybersecurity Maturity Consultation Review with the World Bank, covering digital government, telecom, banking, energy, health, and transport sectors. The World Bank presented a five-year plan and five priority recommendations, including strengthening the legal framework and building incident-response capacity; a formal successor strategy has not yet been published.

The Public Utilities Commission (PUC), established under the Belize Telecommunications Act, regulates the telecom sector and has served as the primary institutional anchor for national cybersecurity coordination, hosting Belize's first National Cyber Security Symposium and co-authoring the national strategy.

The Cybercrime Act 2020 was drafted in alignment with the Council of Europe Budapest Convention on Cybercrime (substantive offences, procedural powers, and international cooperation provisions), and Belize is tracked by the CoE Octopus Community, though it is not a formal signatory party to the Convention.