Skip to content
World Watch/Jamaica/Cybersecurity

Cybersecurity ยท Jamaica

Cybersecurity law & regulation in Jamaica (2026)

Sectoral rulesCybercrimes Act 2015 (as amended 2026) + Data Protection Act 2020 + Jamaica Cyber Incident Response Team (JaCIRT) / National Cybersecurity Strategy 2015Country index 67 ยท B

Jamaica shaded by its cybersecurity status

Cybersecurity in Jamaica: sectoral rules, anchored by Cybercrimes Act 2015 (as amended 2026) + Data Protection Act 2020 + Jamaica Cyber Incident Response Team (JaCIRT) / National Cybersecurity Strategy 2015.

Jamaica addresses cybersecurity through a combination of criminal law (the Cybercrimes Act 2015, substantively amended in 2026) and data-protection-based breach notification (the Data Protection Act 2020, fully enforced from December 2023). There is no single comprehensive NIS2-style cybersecurity statute imposing mandatory security requirements across all sectors; instead, obligations arise from the criminal code and data-protection regime, supported by the Jamaica Cyber Incident Response Team (JaCIRT) as the national coordination authority under the 2015 National Cybersecurity Strategy.

Key points

Cybercrimes Act 2015 (as amended 2026)

The foundational legislation criminalises unauthorised access, modification, and interception of computer systems, cyberstalking, fraud, malware distribution, and denial-of-service attacks. The Cybercrimes (Amendment) Act 2026, passed by both Houses of Parliament by May 2026, introduced harsher penalties for offences targeting minors (up to 20 years imprisonment), criminalised the manufacture/distribution of cyberattack tools, and expanded victim-compensation provisions.

Data Protection Act 2020, breach notification duty

The Data Protection Act 2020 became fully enforceable on 1 December 2023. Data controllers must notify the Office of the Information Commissioner (OIC) within 72 hours of becoming aware of a security breach that affects or may affect personal data, and must also notify affected data subjects without undue delay. Technical and organisational safeguards against unauthorised or unlawful processing are mandatory.

Office of the Information Commissioner (OIC)

Established in December 2021 as the independent supervisory authority under the DPA, the OIC receives data-breach notifications from data controllers and oversees compliance with data-protection and security obligations. It is the primary enforcement body for the breach-notification regime.

Jamaica Cyber Incident Response Team (JaCIRT)

JaCIRT, a division of the Ministry of Science, Energy and Technology, is the national cybersecurity coordination authority established under the 2015 National Cybersecurity Strategy. It coordinates responses to cyber threats across public and private sectors, develops cybersecurity standards and policies especially for government agencies and critical national infrastructure, and monitors compliance with those standards.

National Cybersecurity Strategy 2015 and IDB-funded upgrade

The 2015 National Cybersecurity Strategy remains the overarching policy framework, and Jamaica marked a decade of progress in 2025. The Inter-American Development Bank approved a US$6.5 million loan (plus US$3.5 million counterpart, total US$10 million) to modernise cybersecurity governance, enhance incident-response capabilities, and expand specialised professionals, pointing toward a potential future uplift of the legal framework.

No comprehensive cybersecurity law (NIS2-equivalent)

Jamaica does not yet have a dedicated, comprehensive cybersecurity statute imposing sector-wide security obligations, mandatory incident reporting to a cyber authority, or baseline resilience requirements comparable to the EU's NIS2 Directive. Security obligations for non-personal-data incidents and for critical-infrastructure operators rely on JaCIRT guidance rather than binding statutory requirements.

Timeline - major decisions & events

Jun 3, 2026guidance
49 Million Attacks Prompt Announcement of New Comprehensive Cybersecurity Law

Minister Andrew Wheatley announced in the House of Representatives that Jamaica will draft a new standalone cybersecurity law after recording over 49 million attempted attacks in 2025. The planned legislation will codify a National Cybersecurity Directorate, mandate minimum sector standards, require incident reporting, regulate cybersecurity service providers, and formally designate critical information infrastructure, obligations not currently in statute.

Jamaica Observer โ†—
May 1, 2026law
Senate Passes Cybercrimes (Amendment) Act 2026

The Senate passed amendments to the Cybercrimes Act 2015, with Senator Tavares-Finson declaring they confront 'real and growing dangers' of digital crime and are essential for building societal trust in digital systems. Amendments expand child-online protections and broaden prosecutorial tools for law enforcement.

Jamaica Gleaner โ†—
Feb 4, 2026lawofficial
House of Representatives Passes Cybercrimes (Amendment) Act

Parliament's lower house passed amendments strengthening child-protection provisions, expanding law-enforcement investigative tools, and introducing liability for persons who knowingly allow their property to be used for cybercriminal activity, with penalties up to 15 years' imprisonment. Definitions were modernised to reflect digital-platform harm.

Jamaica Information Service โ†—
Sep 1, 2025decisionofficial
IDB/USAID US$10 Million 'Strengthening Cybersecurity in Jamaica' Project Commences

The Inter-American Development Bank-financed project (JA-L1093), co-funded with USAID, commenced a six-year programme to implement a national critical-infrastructure protection strategy, bolster JaCIRT's incident-response capacity, and integrate cybersecurity education from primary school through university accreditation standards.

Inter-American Development Bank โ†—
Jun 1, 2024decisionofficial
Office of the Information Commissioner Opens Data Controller Registration

The OIC began accepting registration applications from data controllers under the Data Protection Act 2020, completing the law's phased rollout and enabling active supervisory enforcement. Organisations processing personal data in Jamaica are now required to be registered.

Office of the Information Commissioner Jamaica โ†—
Dec 1, 2023lawofficial
Data Protection Act 2020 Fully Enters Force, Full Compliance Mandatory

The remaining provisions of the Data Protection Act 2020 commenced, making full compliance mandatory for all organisations handling personal data in Jamaica. All data controllers were required to register with the OIC by 30 November 2023, creating Jamaica's first enforceable data-security obligations tied to cybersecurity standards.

Laws of Jamaica โ€” Ministry of Justice โ†—
Nov 1, 2023incident
Financial Services Commission Hit by Ransomware Attack

Jamaica's Financial Services Commission, the non-bank financial-sector regulator, suffered a ransomware attack in late 2023, one of the most prominent breaches of a public regulatory body. The incident underscored the absence of mandatory incident-reporting requirements and drove calls to accelerate cybersecurity legislation.

Jamaica Observer โ†—
Jun 27, 2023incidentofficial
Government Confirms JamaicaEye Surveillance Portal Breach

Minister Chang issued an official press release confirming a breach of the government's JamaicaEye platform and simultaneous attacks on at least one financial institution, and outlined active mitigation measures. This was the first high-profile public confirmation of a successful cyberattack against a national government platform.

Ministry of National Security Jamaica โ†—
Jun 1, 2020lawofficial
Data Protection Act 2020 Enacted

Parliament enacted Jamaica's first comprehensive data-protection statute, establishing data-subject rights, controller and processor obligations, and the Office of the Information Commissioner as an independent supervisory authority. The Act broadly aligned Jamaica with GDPR-era international standards and introduced the first cybersecurity-adjacent data-handling obligations.

Jamaica Parliament โ†—
Jan 1, 2016decisionofficial
Jamaica Cyber Incident Response Team (JaCIRT) Declared Fully Operational

JaCIRT was declared fully equipped and operational in January 2016, having operated remotely since August 2015. Established with ITU and OAS/CICTE technical assistance, it became Jamaica's lead national agency for coordinating cyber-incident response, issuing government-wide threat advisories, and monitoring threats to government IT resources.

Jamaica Information Service โ†—
Oct 13, 2015lawofficial
Cybercrimes Act 2015 Passed, Replaces 2010 Legislation

Parliament passed the Cybercrimes Act 2015 (Act No. 31 of 2015), repealing and replacing the 2010 Act. The new law added offences for computer-related fraud and forgery, malicious communications, and unauthorised disclosure of investigations, and mandated a legislative review by 2018. It remains Jamaica's principal cybercrime statute.

Laws of Jamaica โ€” Ministry of Justice โ†—
Jan 28, 2015guidanceofficial
National Cyber Security Strategy 2015 Launched

Jamaica launched its first National Cyber Security Strategy at the Jamaica Pegasus Hotel, co-hosted with the OAS, establishing five strategic pillars, Protect, Deter, Build, Partner, Govern. The strategy directed creation of JaCIRT, a national governance framework, and a legislative modernisation agenda, forming the policy backbone of all subsequent cybersecurity activity.

Organization of American States โ†—
Jan 1, 2010lawofficial
Cybercrimes Act 2010 Enacted, Jamaica's First Cybercrime Statute

Jamaica enacted its inaugural cybercrime law, creating criminal sanctions for misuse of computer systems and electronic transactions. Though subsequently replaced by the 2015 Act, the 2010 legislation established Jamaica as one of the first Caribbean nations with a dedicated cybercrime framework and provided the prosecutorial foundation for early enforcement actions.

Council of Europe Octopus Cybercrime Community โ†—

Jamaica - other topics

Cybersecurity in other countries

Last verified 5/24/2026 ยท Orientation, not legal advice - verify against the primary sources linked above. Methodology & how to cite ยท Explore the full world map โ†’