World Watch/Dominican Republic/Cybersecurity
Language:EnglishSpanishFrenchGermanPortugueseHindi

Cybersecurity · Dominican Republic

Cybersecurity - Dominican Republic

Sectoral rulesPatchwork led by Decree 230-18/313-22 (National Cybersecurity Strategy & National Cybersecurity Center–CNCS, CSIRT-RD), Decree 685-22 (mandatory incident notification for public entities), Law 53-07 (high-tech crimes), and the Monetary Authority's Cybersecurity and Information Security Regulation for the financial sector. A comprehensive 'Ley de Gestión de la Ciberseguridad' bill remains pending in Congress.

The Dominican Republic has no comprehensive, in-force cybersecurity statute; obligations arise from a combination of executive decrees, a national strategy, the high-tech crime law, and a sector-specific financial regulation. A dedicated Cybersecurity Management Law was approved in first reading in the Senate (April 2024) but, as of 2025, remains under study and is not yet enacted. Mandatory incident-reporting duties currently apply to public-administration entities (via decree) and to regulated financial institutions (via the Monetary Authority's regulation).

No comprehensive law yet — bill pending

A 'Proyecto de Ley sobre Gestión de la Ciberseguridad' was approved in first reading by the Senate in April 2024 and would create a statutory National Cybersecurity Center covering public administration and critical infrastructure, but it remained under committee study in September 2025 and is not in force.

source 1source 2
National strategy & CNCS created by decree

Decree 230-18 adopted the first National Cybersecurity Strategy and created the National Cybersecurity Center (CNCS) under the Ministry of the Presidency; Decree 313-22 updated and extended the strategy to 2030. The framework is executive/policy-based rather than a comprehensive statute.

source 1source 2
Public-sector incident reporting — 24-hour duty

Decree 685-22 (Dec 2022) requires public-administration entities to report cybersecurity incidents in their technological infrastructure to the CSIRT-RD/CNCS within 24 hours of detection, and to notify affected individuals when data is compromised.

source 1source 2
Financial-sector cyber regulation

Since 2018 the Monetary Authority (Central Bank + Superintendency of Banks) imposes a binding 'Reglamento de Seguridad Cibernética y de la Información' on financial-intermediation entities, including risk management and incident notification to the payment-system response center (SPRICS).

source 1source 2
Cybercrime criminalization

Law 53-07 on High-Technology Crimes and Offenses (2007) criminalizes unauthorized system access, electronic fraud, and related conduct, providing the country's core penal framework for cyber offenses — distinct from operational cybersecurity obligations.

source 1
National CSIRT operational

The CSIRT-RD, housed within the CNCS, handles incident response for the State's critical and IT infrastructure, runs a security operations/monitoring function, and operates platforms for incident reporting and vulnerability disclosure.

source 1source 2

Machine-assisted translation · verified 5/25/2026 · orientation, not legal advice. English version →