Cybersecurity · New Caledonia

Cybersecurity regulation in New Caledonia (2026)

Sectoral rulesNo single comprehensive horizontal cyber law in force; obligations derive from French national rules (ANSSI; critical-infrastructure/OIV regime; GDPR breach-notification via the CNIL) plus New Caledonia's own administrative security framework (RGSNC). The NIS2-style 'Résilience des infrastructures critiques et cybersécurité' bill, which would extend to New Caledonia, is still pending.Country index 71 · B

New Caledonia shaded by its cybersecurity status

New Caledonia is a sui generis French collectivity, so its cybersecurity obligations are a mix of directly applicable French national rules and locally adopted measures rather than one comprehensive law. Today the in-force regime is sectoral: ANSSI/CERT-FR oversight, the French critical-infrastructure (OIV) regime, GDPR-based breach notification, and a territorial security reference framework (RGSNC) for public administrations. A comprehensive NIS2-transposing law is proposed and expected to extend to New Caledonia but is not yet in force.

Key points

National authority (ANSSI/CERT-FR)

France's national cybersecurity agency ANSSI, with CERT-FR, provides policy, incident response and oversight that extends to overseas territories including New Caledonia; ANSSI can carry out controls on regulated entities.

source 1 ↗source 2 ↗

Local administrative framework (RGSNC)

New Caledonia adopted its own Référentiel général de sécurité de la Nouvelle-Calédonie (RGSNC) under articles 12 ff. of deliberation No. 140/CP of 16 April 2021, setting information-system security rules for exchanges between users and administrations.

source 1 ↗

Proposed NIS2 transposition extends to New Caledonia

The 'Résilience des infrastructures critiques et cybersécurité' bill (transposing NIS2/CER/DORA) was adopted by the Senate in March 2025 and examined in the Assemblée nationale special committee in September 2025; Article 40 extends Title II to overseas territories including New Caledonia. It is not yet enacted (timeline pointing to 2026).

source 1 ↗source 2 ↗source 3 ↗

Conseil d'État on overseas applicability

The Conseil d'État noted the bill broadly uses directive options, making the regime applicable to all overseas collectivities, including those to which the EU directive itself does not apply (New Caledonia among them).

source 1 ↗

Breach notification via GDPR / Loi Informatique et Libertés

Since 1 June 2019 the GDPR-aligned French data-protection law applies to overseas collectivities including New Caledonia, with the CNIL competent; this brings GDPR Article 33/34 personal-data breach notification duties (to CNIL and affected individuals).

source 1 ↗

Territorial cyber capability (DINUM, SOC, Pacific Cyber Centre)

The New Caledonian government, via its Direction du numérique et de la modernisation (DINUM), created a Security Operation Centre in June 2021 and a Pacific Cyber Centre to structure the local cybersecurity ecosystem.

source 1 ↗source 2 ↗

New Caledonia - other topics

Crypto & Digital Assets Artificial Intelligence Data & Privacy Digital Payments & Fintech Digital Nomad & Residency Internet & Online Safety Starting a Business

Read in:Spanish French German Portuguese Hindi

Last verified 5/24/2026 · Orientation, not legal advice - verify against the primary sources linked above. Explore the full world map →