Cybersecurity regulation in Micronesia (2026)

FSM has no standalone Cybercrime Act, Cybersecurity Act, or Data Protection Act in force. DLA Piper's global tracker confirms there is currently no national data protection or privacy legislation applicable beyond a narrow telecom provision.

A Cybersecurity Bill, a Cybercrime Bill, and a Personal Data Protection Bill of 2025 are pending before the FSM Congress. The 2025 Symposium outcome statement urged Congress to hold timely public hearings and pass all three bills.

A non-binding Cybersecurity Roadmap published in December 2021 (developed with Asia-Pacific Telecommunity support) set out a six-year, three-stage plan: Stage 1 — governance foundations; Stage 2 — critical infrastructure protection; Stage 3 — personal data protection and e-commerce legal framework.

Sections 349 and 350 of Title 21 of the FSM Code require telecommunications providers to protect the confidentiality of customer information and apply appropriate security safeguards. This is the only operative data-security obligation in FSM law.

FSM has no mandatory breach-notification or cyber incident-reporting requirement in force. DLA Piper's breach-notification tracker records no applicable law for FSM.

FSM is a member of the Pacific Cyber Security Operational Network (PaCSON), a regional information-sharing and capacity-building body, providing some operational cybersecurity cooperation even in the absence of domestic legislation.