Cybersecurity regulation in Nauru (2026)

Enacted to prevent, investigate, and suppress computer-related offences. Criminalises illegal access, illegal interception, data/system interference, computer fraud and forgery, production of hacking tools, child exploitation material, and spam, but creates no proactive security or reporting obligations on industry.

No law or regulation requires private or public entities to notify authorities or affected persons of data breaches or cyber incidents. The ITU cyberwellness profile and Council of Europe Octopus country-wiki confirm the absence of such obligations.

Nauru has no formal national CERT or cybersecurity regulatory agency. A government cybersecurity awareness team was created around 2019 and the Nauru Police Force has a Cyber Crime Unit, but neither constitutes a statutory regulatory body with supervisory powers.

The Nauru National Digital Transformation Strategy 2025–2030, published by the Government of Nauru, explicitly lists developing cybersecurity legislation and a National Cybersecurity Framework as priority actions, signalling that comprehensive obligations remain prospective, not current law.

Nauru is a member of the Pacific Cyber Security Operational Network (PaCSON, est. 2017) and a beneficiary of the Council of Europe GLACY+ programme, which provided legislative support on cybercrime. These are capacity-building arrangements, not binding treaty obligations imposing domestic cybersecurity duties.

A Cybersecurity Roadmap for Nauru was developed under regional assistance programmes to inform the government's priorities for a national cybersecurity strategy, supporting policies, and laws across a six-year implementation horizon. It is a planning document, not enacted law.