Cybersecurity regulation in Seychelles (2026)

The Cybercrimes and Other Related Crimes Act 2021 (Act 59 of 2021) repealed the Computer Misuse Act and criminalises offences against computer systems and data, addresses electronic evidence and international cooperation, aligned with the Budapest Convention.

The Cybercrime and other Related Crimes (Amendment) Bill, 2025 (Bill No. 22 of 2025) is before the National Assembly to update the 2021 Act.

The Data Protection Act 2023 (Act 24 of 2023, in force 22 Dec 2023) mandates prompt reporting of personal-data breaches to the Information Commission and to affected individuals, plus DPIAs for high-risk processing and DPO appointments.

The Information Commission implements, monitors and enforces the Data Protection Act 2023, receiving breach reports and overseeing personal-data processing across public and private sectors.

The National Cybersecurity Coordination Committee (NCCC), which held its inaugural meeting on 3 September 2024, coordinates protection of national critical information infrastructure and incident response across public and private sectors; it is a coordination body rather than a statutory regulator imposing mandatory operator security duties.

CERT-SC, operating under the Department of ICT, leads cyber threat monitoring, incident tracking and awareness; activity is framed by the National Cybersecurity Strategy 2019–2024, which set goals including a stronger legal framework and infrastructure protection.