Cybersecurity · Guatemala
Cybersecurity regulation in Guatemala (2026)
Guatemala shaded by its cybersecurity status
Guatemala lacks a comprehensive, enacted cybersecurity law as of May 2026. A draft Cybersecurity Law (Initiative 6347) received a favorable committee opinion from the Commission on National Security Affairs in August 2025 and was still advancing through congressional plenary debate as of April 2026, with passage delayed by expert concerns over legal gaps and constitutional risks. The only operational cybersecurity body is the GT-CERT under the Ministry of Government, which functions without a statutory mandate.
Key points
Guatemala has no enacted, standalone cybersecurity statute. Decree 39-2022 (Law on Prevention and Protection against Cybercrime) was approved by Congress in August 2022 but was never forwarded to the Executive for promulgation and was subsequently archived.
Initiative 6347, filed in early 2024, received a favorable opinion from the Commission on National Security Affairs on 26 August 2025 and moved to plenary debate. As of April 2026, passage remained stalled due to expert concerns about structural inconsistencies and potential unconstitutionality.
Initiative 6347 would create the Centro de Respuesta a Incidentes de Seguridad Informática de Guatemala (CSIRT-GT) as the national incident-coordination body, and would require all state institutions to designate information security officers and report incidents — but these obligations are not yet law.
The Ministerio de Gobernación operates GT-CERT Guatemala, which issues monthly cybersecurity bulletins and coordinates national cyber-incident response. It functions without a statutory legal basis and imposes no mandatory reporting duties on the private sector.
Initiative 6347 would codify eleven cybercrime offences in the Penal Code — including unlawful system access, data interception, computer fraud, and identity theft — with penalties of 6 to 30 years. No dedicated cybercrime chapter currently exists in Guatemalan criminal law.
Guatemala received an official Council of Europe invitation to accede to the Budapest Convention on Cybercrime and has worked with the CoE's GLACY-e programme to align domestic legislation, but had not ratified or acceded as of mid-2025; accession is contingent on passage of domestic legislation such as Initiative 6347.
Timeline - major decisions & events
The Congressional Commission on National Security Affairs issued a favourable opinion on Initiative 6347 after 18 months of analysis, clearing it for full plenary debate. The bill typifies eight new cyber offences, establishes CSIRT-GT as a national incident-response centre, and aligns Guatemala with the Budapest Convention framework.
Congreso de la República de Guatemala ↗The Ministry of Governance organised Guatemala's inaugural multi-institution cyber defence tabletop exercise to test inter-agency coordination for major cyber incidents, reflecting growing institutional capacity building supported by the OAS and UNODC.
GT-CERT / Ministerio de Gobernación ↗Deputies from the CREO caucus submitted Initiative 6347, Guatemala's first comprehensive cybersecurity bill, proposing codified cyber offences, a formal legal framework for digital security obligations, and the statutory creation of a national CSIRT-GT under the National Security Council.
Congreso de la República de Guatemala ↗Hacktivists affiliated with Anonymous took down numerous Guatemalan government webpages for several days via distributed denial-of-service attacks in solidarity with indigenous-led pro-democracy protests; the incident exposed institutional gaps in cyber resilience with no dedicated cybercrime law in force.
JURIST Legal News ↗Just 20 days after passing it, Congress voted 112-to-archive Decree 39-2022 following mass protests from journalists, civil-society organisations, and human rights groups who argued it criminalised free expression and enabled state censorship; Guatemala was left again without a dedicated cybercrime statute.
IPANDETEC ↗With 100 votes in favour, the Guatemalan Congress approved the Law on Prevention and Protection against Cybercrime — the country's first standalone cybercrime statute — creating criminal sanctions for unauthorised system access, data breaches, and malware distribution; it never entered into force.
Congreso de la República de Guatemala ↗The regional hacktivist group Guacamaya breached Compañía Guatemalteca de Níquel (CGN), leaking documents alleging police payments to suppress anti-mining activists in El Estor; the incident was the opening strike of a broader Latin American campaign exposing government-corporate cyber vulnerabilities.
The Record / Recorded Future News ↗The Executive created CONCIBER via Government Agreement 200-2021, formalising an advisory body to the National Security Council tasked with overseeing implementation of the National Cybersecurity Strategy; the committee held a four-year mandate running to late 2025.
Secretaría Técnica del Consejo Nacional de Seguridad ↗The Ministry of Governance officially launched Guatemala's National Cybersecurity Strategy, structured around four pillars — legal frameworks, technical capabilities, education and culture, and international cooperation — and calling for the creation of a national CSIRT-GT in alignment with the OAS AG/RES. 2004 inter-American cybersecurity mandate.
Ministerio de Gobernación de Guatemala ↗Congress enacted the Law for the Recognition of Electronic Communications and Electronic Signatures, establishing the legal validity and security requirements for digital transactions and e-signatures; it became the foundational instrument for digital-economy cybersecurity obligations and was supplemented by Acuerdo Gubernativo 135-2009.
Congreso de la República de Guatemala ↗Guatemala - other topics
Last verified 5/24/2026 · Orientation, not legal advice - verify against the primary sources linked above. Explore the full world map →