Cybersecurity regulation in Dominica (2026)

The Electronic Transactions Act 2013 (Act 19 of 2013) is the principal instrument governing electronic offences including unauthorised system access and electronic fraud. It also provides the legal basis for electronic signatures and records.

Dominica has no NIS2-style or standalone national cybersecurity statute. A 2014 legislative review workshop assessed compliance with the Budapest Convention on Cybercrime and initiated steps toward a national cybercrime strategy, but no comprehensive law has been enacted as of 2026.

Under CARDTP (World Bank-funded), Dominica hosted CSIRTAMERICA Week training (September 2024) to build capacity for a National Cybersecurity Incident Response Team. The CIRT is not yet fully operational; a roadmap was developed by NRD Cyber Security (Lithuania) contracted through the OECS Commission.

The Eastern Caribbean Telecommunications Authority (ECTEL), of which Dominica is a contracting state, provides regional regulatory oversight of electronic communications including cybersecurity aspects. A governance and legislative framework review for ECTEL member states is ongoing.

Dominica's legislation does not yet contain standalone mandatory breach-notification or incident-reporting obligations for the private sector or critical infrastructure operators. The Data Protection Act 2011 provides general data handling rules but lacks explicit breach-notification timelines.

The Government of Dominica issued a Request for Expression of Interest for consultancy services to develop a public awareness campaign on cybercrime and cybersecurity, indicating strategy-building is still at an early institutional stage.