Cybersecurity - Guatemala

Guatemala has no enacted, standalone cybersecurity statute. Decree 39-2022 (Law on Prevention and Protection against Cybercrime) was approved by Congress in August 2022 but was never forwarded to the Executive for promulgation and was subsequently archived.

Initiative 6347, filed in early 2024, received a favorable opinion from the Commission on National Security Affairs on 26 August 2025 and moved to plenary debate. As of April 2026, passage remained stalled due to expert concerns about structural inconsistencies and potential unconstitutionality.

Initiative 6347 would create the Centro de Respuesta a Incidentes de Seguridad Informática de Guatemala (CSIRT-GT) as the national incident-coordination body, and would require all state institutions to designate information security officers and report incidents — but these obligations are not yet law.

The Ministerio de Gobernación operates GT-CERT Guatemala, which issues monthly cybersecurity bulletins and coordinates national cyber-incident response. It functions without a statutory legal basis and imposes no mandatory reporting duties on the private sector.

Initiative 6347 would codify eleven cybercrime offences in the Penal Code — including unlawful system access, data interception, computer fraud, and identity theft — with penalties of 6 to 30 years. No dedicated cybercrime chapter currently exists in Guatemalan criminal law.

Guatemala received an official Council of Europe invitation to accede to the Budapest Convention on Cybercrime and has worked with the CoE's GLACY-e programme to align domestic legislation, but had not ratified or acceded as of mid-2025; accession is contingent on passage of domestic legislation such as Initiative 6347.