Skip to content
World Watch/Costa Rica/Internet & Online Safety

Internet & Online Safety · Costa Rica

Online safety & content laws in Costa Rica (2026)

PartialDigital Services and E-Commerce Governance Law (Law 23,184, approved April 2026, not yet in force); Data Protection Law No. 8968 (2011); Cybercrime Law; SUTEL (telecom regulator) and MICITT (Ministry of Science, Innovation, Technology and Telecommunications)Country index 66 · B

Costa Rica shaded by its internet & online safety status

Online safety rules in Costa Rica: partial, under Digital Services and E-Commerce Governance Law (Law 23,184, approved April 2026, not yet in force); Data Protection Law No. 8968 (2011); Cybercrime Law; SUTEL (telecom regulator) and MICITT (Ministry of Science, Innovation, Technology and Telecommunications).

Costa Rica currently operates under sector-specific rules, a 2011 data-protection law, cybercrime statutes, and consumer-protection provisions, rather than a comprehensive online-safety regime. In April 2026 the Legislative Assembly approved a DSA-inspired Digital Services and E-Commerce Governance Law (23,184) in its second (final) debate, which will enter into force 12 months after publication in the Official Gazette; a separate bill (25,336) to ban children under 14 from social media is advancing in committee. Freedom House scored the country 86/100 in its 2025 Freedom on the Net report, placing it among the world's most open online environments with no government censorship or blocking.

Key points

Internet freedom benchmark

Freedom House rated Costa Rica 86/100 in Freedom on the Net 2025, ranking it the top country for internet freedom in Latin America and among the top four globally. No government-imposed website blocks or connectivity restrictions have been recorded.

DSA-inspired digital services law enacted (pending entry into force)

Draft Law 23,184, modelled closely on the EU Digital Services Act, was approved by the Legislative Assembly in its second and final debate on 16 April 2026. It requires hosting providers, search engines and online platforms to implement illegal-content reporting mechanisms, bans dark patterns, and mandates transparency obligations; it covers any provider offering digital services in the Costa Rican market. It enters into force 12 months after publication in La Gaceta.

Children's social-media ban bill (proposed)

Bill 25,336, advanced unanimously by the Legislative Assembly's Youth, Children and Adolescents Committee in April 2026, would prohibit children under 14 from creating or using social-media accounts. SUTEL would enforce compliance with fines of 15-50 base salaries, rising to 30-50 for repeat violations; platforms could also face operational restrictions and mandatory remediation plans.

Minors online-safety bill (criminal law)

Bill 24,063, also active in the legislature, would introduce criminal offences of electronic sexual harassment of minors, sexual disturbance and sexual extortion specifically targeting online conduct, extending protections for children against digital exploitation.

Data-protection baseline (Law 8968)

The 2011 Law on the Protection of Individuals Against the Processing of Their Personal Data (Law No. 8968), regulated by Executive Decree 37554-JP, is the primary horizontal privacy instrument and applies to online data processing. The PRODHAB agency supervises enforcement. Three reform bills were active as of early 2026, including regulation of biometric-data consent.

Electoral-content and platform-liability proposals

The Supreme Electoral Tribunal proposed reforms to the electoral code that would prohibit anonymous/inauthentic accounts for campaign propaganda, require platforms to designate a legal representative in Costa Rica, and empower the TSE to order removal of electoral misinformation during campaign periods. These proposals had not been enacted as of May 2026.

Timeline - major decisions & events

Apr 15, 2026lawofficial
Costa Rica Ratifies Second Additional Protocol to Budapest Convention

Costa Rica deposited its instrument of ratification for CETS No. 224 on enhanced co-operation and disclosure of electronic evidence, becoming the fourth country globally to ratify. The protocol expands cross-border access to electronic evidence and direct cooperation with service providers for cybercrime investigations.

Council of Europe – Cybercrime Division
Apr 1, 2026law
Legislature Advances Bill to Ban Social Media for Children Under 14

The Costa Rican legislature advanced a bill prohibiting children under 14 from accessing mainstream social platforms and requiring platforms to disable addictive design features (infinite scroll, autoplay, dark patterns) for all users under 18. SUTEL would oversee enforcement with fines of 15–50 base salaries for non-compliant platforms.

Tico Times
Jun 1, 2023guidanceofficial
MICITT Publishes National Cybersecurity Strategy 2023–2027

The Ministry of Science, Innovation, Technology and Telecommunications published Costa Rica's second national cybersecurity strategy, building directly on lessons from the 2022 ransomware crisis. The five-pillar framework covers governance, legal reform, risk management, a national security culture, and international cooperation.

MICITT – Costa Rica
Jun 13, 2022decisionofficial
Costa Rica Signs Second Additional Protocol to Budapest Convention

In the immediate aftermath of the 2022 ransomware crisis, Costa Rica's representative signed the Second Additional Protocol on enhanced co-operation and disclosure of electronic evidence, signalling commitment to stronger cross-border law enforcement cooperation on cybercrime.

Council of Europe
May 31, 2022incidentofficial
HIVE Ransomware Group Attacks CCSS Healthcare Systems

The Hive ransomware group struck the Costa Rican Social Security Fund (CCSS) on May 31, 2022, compromising 759 servers and more than 10,400 computers and forcing cancellation of over 30,000 medical appointments. The attack on critical public health infrastructure came just weeks after the Conti emergency and demonstrated systemic vulnerability across state institutions.

CCDCOE – International Cyber Law Interactive Toolkit
Oct 3, 2017lawofficial
Costa Rica Ratifies Budapest Convention on Cybercrime

Costa Rica deposited its instrument of accession to the Council of Europe's Budapest Convention on Cybercrime, becoming one of only three Central American states party to the treaty. Ratification gave law enforcement access to the T-CY network for real-time cross-border cooperation and aligned domestic law with international cybercrime standards.

Council of Europe – Cybercrime Division
Jul 1, 2012lawofficial
Law 9048: Major Expansion of Cybercrime Offences in Penal Code

President Laura Chinchilla signed Law 9048, overhauling the Penal Code's cybercrime section to criminalise system intrusion, malware deployment, cyber-espionage, disclosure of government secrets via ICT, and social-media impersonation, with sentences of five to ten years. The law raised controversy over potential restrictions on press freedom but was ultimately upheld.

SCIJ – Procuraduría General de la República
Sep 5, 2011lawofficial
Law 8968: Personal Data Protection Law Enacted; PRODHAB Created

Published in La Gaceta on 5 September 2011, Law 8968 established Costa Rica's first comprehensive personal data protection framework and created the independent Agency for the Protection of Personal Data of the Inhabitants (PRODHAB) as enforcement authority, empowered to investigate complaints, impose fines of $3,000–$18,000, and suspend non-compliant databases.

PRODHAB – Agencia de Protección de Datos de los Habitantes
Apr 27, 2011lawofficial
Law 8934: Protection of Minors from Harmful Internet and Electronic Content

Law 8934 required operators of public internet access facilities to install content-filtering software blocking pornography, drug content, and other material harmful to children and adolescents, with SUTEL assigned oversight responsibilities. It became the foundational child-safety internet law and a direct precursor to later social-media regulation proposals.

SUTEL – Superintendencia de Telecomunicaciones
Sep 1, 2010decisionofficial
Sala IV Constitutional Court Ruling: Internet Access Is a Fundamental Right

In ruling 2010-012790, Costa Rica's Constitutional Chamber declared internet access a constitutionally protected fundamental right, holding that the State must promote and guarantee universal ICT access as essential to free expression, education, and democratic participation. It was the first such ruling in Latin America and legally obligated the government to expand connectivity.

Poder Judicial – Sala Constitucional

Costa Rica - other topics

Internet & Online Safety in other countries

Last verified 5/24/2026 · Orientation, not legal advice - verify against the primary sources linked above. Methodology & how to cite · Explore the full world map →