Cybersecurity - Honduras

Sectoral rulesCNBS Circular No. 025/2022 (Normas para la Gestión de Tecnologías de Información, Ciberseguridad y Continuidad del Negocio) for the financial sector; Penal Code cybercrime provisions (Decree 130-2017, updated 2019); CERT-HN as national incident-response body

Honduras lacks a comprehensive cross-sectoral cybersecurity law. Its primary binding cybersecurity rules are sector-specific: CNBS Circular 025/2022 imposes IT-security governance, risk management, and incident-notification duties on supervised financial institutions, while the 2019 Penal Code update criminalises a range of cyber offences. A standalone 'Ley de Ciberseguridad' has been debated in Congress but remained unenacted as of mid-2026, with civil society and the UN Human Rights Office raising free-expression concerns.

Financial-sector cybersecurity rule

CNBS Circular No. 025/2022 (issued December 2022) binds all CNBS-supervised financial institutions to mandatory IT governance, cybersecurity risk management, outsourcing controls, business-continuity planning, and IT audit requirements. Institutions must notify CNBS at least 30 days before engaging a significant third-party IT provider.

source 1 ↗source 2 ↗

Cybercrime in the Penal Code

Decree 130-2017 introduced Title XXII into the Penal Code, criminalising illegal access, illegal interception, system/data interference, misuse of devices, computer fraud, and online child-exploitation offences. The updated Penal Code entered force in 2019 and remains the primary criminal-law instrument for cyber offences.

source 1 ↗source 2 ↗

Draft cybersecurity bill — not yet enacted

Multiple draft bills have circulated in the National Congress, including a proposal by Deputy José Sabillón for a 'Ley Básica del Sistema Nacional de Ciberseguridad' targeting extortion, hacking, and digital crimes. An earlier draft also addressed hate-speech online. As of mid-2026, no standalone cybersecurity law has been approved; the UN Human Rights Office (OACNUDH) flagged that a prior draft lacked adequate free-expression safeguards.

source 1 ↗source 2 ↗

CERT-HN — national incident response

The Honduras Cyber Security Center (CERT-HN) is the national body responsible for preventing and mitigating cybersecurity threats, conducting vulnerability analysis, and providing continuous monitoring of public internet infrastructure. It serves both government entities and the broader critical-infrastructure ecosystem.

source 1 ↗source 2 ↗

Digital Government Plan 2023–2026

The Honduran government's Plan Nacional de Gobierno Digital 2023–2026, administered by DIGER, designates cybersecurity as one of ten strategic programs. It commits to adopting a national cloud strategy, modernising data centres, and enacting new cybersecurity and data-protection legislation — acknowledging that these laws remain pending.

source 1 ↗source 2 ↗

No general breach-notification obligation

Outside the CNBS-regulated financial sector, Honduras has no enacted law mandating breach notification to authorities or data subjects. The Council of Europe Octopus review notes Honduras also lacks a formal national cybercrime strategy and has not ratified the Budapest Convention.

source 1 ↗source 2 ↗

Machine-assisted translation · verified 5/24/2026 · orientation, not legal advice. English version →