Cybersecurity regulation in Palau (2026)

Senate Bill No. 12-9, SD1 — Palau's first comprehensive Cybersecurity Act — was unanimously passed by the Senate on or around 24 October 2025, creating a Bureau of Cybersecurity under the Ministry of Public Infrastructure and a CISO role, but as of May 2026 it had not been confirmed as enacted after referral to the House of Delegates.

Computer crime offenses — unauthorized access, illegal interception, data and system interference, device misuse, and computer-related fraud — are codified at Title 17 PNC Chapter 31. No breach-notification or incident-reporting duty is attached to these criminal provisions; there is no dedicated cybercrime enforcement unit.

President Surangel S. Whipps Jr. signed the National Cybersecurity Strategy and Policy 2026–2030, developed with ITU Regional Office for Asia-Pacific technical assistance via national co-creation workshops in September 2025. The strategy is a policy framework (not binding legislation) focused on critical infrastructure resilience and digital governance.

In April 2026, President Whipps signed an executive order establishing the Office of Applied Technology and Strategy within the Office of the President, headed by a Chief Technology Officer. The office is tasked with cybersecurity risk assessment, government-wide standards, and supporting the National Cybersecurity Strategy — a direct response to cyberattacks on the national hospital, police station, and financial institutions.

Palau has no in-force law mandating breach notification to regulators or affected individuals, and no formal incident-reporting obligations for operators of critical infrastructure. The pending Cybersecurity Act is expected to introduce such duties once enacted.

Under a bilateral security agreement, the United States committed to deploying a cybersecurity advisor to Palau to help protect critical communications infrastructure, reflecting Palau's reliance on partner-nation support to fill near-term capability gaps.